ofbiz-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hans...@apache.org
Subject svn commit: r607821 - in /ofbiz/trunk/specialpurpose/projectmgr: script/org/ofbiz/project/ProjectPermissionServices.xml webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
Date Tue, 01 Jan 2008 09:47:50 GMT
Author: hansbak
Date: Tue Jan  1 01:47:50 2008
New Revision: 607821

URL: http://svn.apache.org/viewvc?rev=607821&view=rev
Log:
secure the my time option

Modified:
    ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
    ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh

Modified: ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml?rev=607821&r1=607820&r2=607821&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
(original)
+++ ofbiz/trunk/specialpurpose/projectmgr/script/org/ofbiz/project/ProjectPermissionServices.xml
Tue Jan  1 01:47:50 2008
@@ -48,7 +48,15 @@
                 </if-compare>
             </else>
         </if-compare>      
+<log level="always" message="==============security: object: ${sec_object} action: ${mainAction}"></log>
+        <if-compare field-name="sec_object" value="TIMESHEET" operator="equals">
+            <if-compare field-name="mainAction" value="CREATE" operator="equals">
+                <field-to-result field-name="hasPermission"/>
+                <return/>
+            </if-compare>
+        </if-compare>
         
+
         <if-has-permission permission="PROJECTMGR" action="_VIEW">
             <if-has-permission permission="PROJECTMGR" action="_ROLE_">
                 <!-- object dependent checks here -->

Modified: ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh?rev=607821&r1=607820&r2=607821&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
(original)
+++ ofbiz/trunk/specialpurpose/projectmgr/webapp/projectmgr/WEB-INF/actions/EditWeekTimesheet.bsh
Tue Jan  1 01:47:50 2008
@@ -53,8 +53,8 @@
         if (!UtilValidate.isEmpty(timesheets)) {
             timesheet = timesheets.get(0);
         } else {
-            if (security.hasPermission("WORKEFFORTMGR_CREATE", session) || security.hasPermission("WORKEFFORTMGR_ADMIN",
session)) {
-            	result = dispatcher.runSync("createTimesheetForThisWeek", 
+            if (security.hasPermission("PROJECTMGR_VIEW", session) || security.hasPermission("PROJECTMGR_ADMIN",
session)) {
+            	result = dispatcher.runSync("createProjectTimesheet", 
                 	UtilMisc.toMap("userLogin", userLogin, "partyId", partyId));
             } else {
             	request.setAttribute("errorMessageList", UtilMisc.toList("Unable to create timesheet,
permission error"));



Mime
View raw message