svn commit: r692863 - /ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml

[adrianc]

Author: adrianc
Date: Sun Sep  7 07:34:10 2008
New Revision: 692863

URL: http://svn.apache.org/viewvc?rev=692863&view=rev
Log:
Fixed a problem with a Content Manager ajax form - reported in 
https://issues.apache.org/jira/browse/OFBIZ-1949.

Ajax developers note: "ajaxed" screen portions MUST include the same 
permissions checking as the entire screen, otherwise a security hole is opened 
up.

Modified:
    ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml

Modified: 
ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml?rev=692863&r1=692862&r2=692863&view=diff
==============================================================================
--- ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml 
(original)
+++ ofbiz/trunk/applications/content/widget/content/DataResourceScreens.xml Sun 
Sep  7 07:34:10 2008
@@ -49,6 +49,14 @@
     </screen>
     <screen name="findDataResourceSearchResults">
         <section>
+            <condition>
+                <if-has-permission permission="CONTENTMGR" action="UPDATE"/>
+            </condition>
+            <actions>
+                <property-map resource="ContentUiLabels" map-name="uiLabelMap" 
global="true"/>
+                <property-map resource="CommonUiLabels" map-name="uiLabelMap" 
global="true"/>
+                <property-map resource="WorkEffortUiLabels" 
map-name="uiLabelMap" global="true"/>
+            </actions>
             <widgets>
                 <include-form name="ListDataResource" 
location="component://content/widget/content/DataResourceForms.xml"/>
             </widgets>