[
https://issues.apache.org/jira/browse/OFBIZ-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466386
]
Anil K Patel commented on OFBIZ-615:
------------------------------------
Andrew,
I thought I took care of navigation up in Parent Chain. I am going to paste the
code from the patch here for reference so I can be sure I understand you
right.
The code format for Else part of If is aligned with then part of if, I have
seen two kind of code alignment I am not sure which you link
<If>
<else>
</else>
>/if>
>This is starting to look really good! The only thing I see off hand right now
>is that permissions can be recursive. So, >when creating a new workeffort, I
>may NOT be a assigned to the parent workeffort, but I MAY be assigned to its
>parent >or the parent's parent. That said, we will want to walk through and
>look at the parent workefforts and their parent has >well.
<!-- if workEffortParentId not exists then permission to create new
WorkEffort -->
<set field="workEffortId" from-field="parameters.workEffortParentId"/>
<if-empty field-name="workEffortId">
<log level="info" message="Create new WorkEffort . If
workEffortParentId Not Exists"/>
<set field="hasPermission" type="Boolean" value="true"/>
<field-to-result field-name="hasPermission"/>
<else>
<!-- if workEffortParentId exists then check role for parent
workEffort -->
<log level="info" message="check for parent Role with Parent
Workeffort"/>
<while><condition><not><if-empty
field-name="workEffortId"></if-empty></not></condition>
<then>
<log level="info" message="validate permission on
Parent ${workEffortId}"/>
<!-- if the case is of new workEffort with Parent
workEffort Id,
then lookup the parent workEffort and check if user
is in any role with WorkEffort -->
<set from-field="workEffortId"
field="lookupRoleWorkEffortMap.workEffortId"/>
<set from-field="userLogin.partyId"
field="lookupRoleWorkEffortMap.partyId"/>
<find-by-and entity-name="WorkEffortPartyAssignByRole"
map-name="lookupRoleWorkEffortMap" list-name="roleParties"/>
<filter-list-by-date list-name="roleParties"
valid-date-name="nowTimestamp"/>
<if-not-empty field-name="roleParties">
<set field="hasPermission" type="Boolean"
value="true"/>
<field-to-result field-name="hasPermission"/>
<log level="info" message="Party
${userLogin.partyId} is in role with workEffort: ${workEffortId}"/>
<clear-field field-name="workEffortId"/>
<else>
<log level="info" message="Party
${userLogin.partyId} is not in role with workEffort: ${workEffortId}"/>
<property-to-field
resource="WorkEffortUiLabels" property="WorkEffortNotInRolePermissionError"
field-name="failMessage"/>
<set field="hasPermission" type="Boolean"
value="false"/>
<field-to-result field-name="hasPermission"/>
<field-to-result field-name="failMessage"/>
<set field="workEffortLookUpMap.workEffortId"
from-field="workEffortId"/>
<find-by-primary-key entity-name="WorkEffort"
map-name="workEffortLookUpMap" value-name="workEffortParent"/>
<if-empty
field-name="workEffortParent.workEffortParentId">
<clear-field field-name="workEffortId"/>
</if-empty>
</else>
</if-not-empty>
</then>
</while>
</else>
</if-empty>
> Re-Factor WorkEffort permissions to follow new patterns
> -------------------------------------------------------
>
> Key: OFBIZ-615
> URL: https://issues.apache.org/jira/browse/OFBIZ-615
> Project: Apache OFBiz (The Open for Business Project)
> Issue Type: Sub-task
> Components: workeffort
> Reporter: Andrew Zeneski
> Attachments: WorkEffortSecurity.patch
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
