svn commit: r1357453 - in /ofbiz/trunk/applications: accounting/script/org/ofbiz/ac
Locked
svn commit: r1357453 - in /ofbiz/trunk/applications: accounting/script/org/ofbiz/ac
 
|
Author: hansbak
Date: Thu Jul 5 03:24:57 2012 New Revision: 1357453 URL: http://svn.apache.org/viewvc?rev=1357453&view=rev Log: update revision 1353381 to use CREATE/UPDATE?DELETE instead of ADMIN, suggestion from Jacopo Modified: ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml ofbiz/trunk/applications/accounting/src/org/ofbiz/accounting/payment/PaymentMethodServices.java ofbiz/trunk/applications/accounting/widget/GlScreens.xml ofbiz/trunk/applications/order/webapp/ordermgr/order/orderpaymentinfo.ftl ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.groovy ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl Modified: ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml?rev=1357453&r1=1357452&r2=1357453&view=diff ============================================================================== --- ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml (original) +++ ofbiz/trunk/applications/accounting/script/org/ofbiz/accounting/payment/PaymentServices.xml Thu Jul 5 03:24:57 2012 @@ -24,7 +24,7 @@ under the License. <if> <condition> <and> - <not><if-has-permission permission="ACCOUNTING" action="_ADMIN"/></not> + <not><if-has-permission permission="ACCOUNTING" action="_CREATE"/></not> <not><if-has-permission permission="PAY_INFO" action="_CREATE"/></not> <not><if-compare-field field="userLogin.partyId" to-field="parameters.partyIdFrom" operator="equals"/></not> <not><if-compare-field field="userLogin.partyId" to-field="parameters.partyIdTo" operator="equals"/></not> @@ -87,7 +87,7 @@ under the License. <if> <condition> <and> - <not><if-has-permission permission="ACCOUNTING" action="_ADMIN"/></not> + <not><if-has-permission permission="ACCOUNTING" action="_UPDATE"/></not> <not><if-has-permission permission="PAY_INFO" action="_UPDATE"/></not> <not><if-compare-field field="userLogin.partyId" to-field="payment.partyIdFrom" operator="equals"/></not> <not><if-compare-field field="userLogin.partyId" to-field="payment.partyIdTo" operator="equals"/></not> Modified: ofbiz/trunk/applications/accounting/src/org/ofbiz/accounting/payment/PaymentMethodServices.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/src/org/ofbiz/accounting/payment/PaymentMethodServices.java?rev=1357453&r1=1357452&r2=1357453&view=diff ============================================================================== --- ofbiz/trunk/applications/accounting/src/org/ofbiz/accounting/payment/PaymentMethodServices.java (original) +++ ofbiz/trunk/applications/accounting/src/org/ofbiz/accounting/payment/PaymentMethodServices.java Thu Jul 5 03:24:57 2012 @@ -89,7 +89,7 @@ public class PaymentMethodServices { // <b>security check</b>: userLogin partyId must equal paymentMethod partyId, or must have PAY_INFO_DELETE permission if (paymentMethod.get("partyId") == null || !paymentMethod.getString("partyId").equals(userLogin.getString("partyId"))) { - if (!security.hasEntityPermission("PAY_INFO", "_DELETE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_ADMIN", userLogin)) { + if (!security.hasEntityPermission("PAY_INFO", "_DELETE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_DELETE", userLogin)) { return ServiceUtil.returnError(UtilProperties.getMessage(resourceError, "AccountingPaymentMethodNoPermissionToDelete", locale)); } @@ -139,7 +139,7 @@ public class PaymentMethodServices { Timestamp now = UtilDateTime.nowTimestamp(); - String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_CREATE", "ACCOUNTING", "_ADMIN"); + String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_CREATE", "ACCOUNTING", "_CREATE"); if (result.size() > 0) return result; @@ -260,7 +260,7 @@ public class PaymentMethodServices { Timestamp now = UtilDateTime.nowTimestamp(); - String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_UPDATE", "ACCOUNTING", "_ADMIN"); + String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_UPDATE", "ACCOUNTING", "_UPDATE"); if (result.size() > 0) return result; @@ -286,7 +286,7 @@ public class PaymentMethodServices { return ServiceUtil.returnError(UtilProperties.getMessage(resource, "AccountingCreditCardUpdateWithPaymentMethodId", locale) + paymentMethodId); } - if (!paymentMethod.getString("partyId").equals(partyId) && !security.hasEntityPermission("PAY_INFO", "_UPDATE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_ADMIN", userLogin)) { + if (!paymentMethod.getString("partyId").equals(partyId) && !security.hasEntityPermission("PAY_INFO", "_UPDATE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_UPDATE", userLogin)) { return ServiceUtil.returnError(UtilProperties.getMessage(resource, "AccountingCreditCardUpdateWithoutPermission", UtilMisc.toMap("partyId", partyId, "paymentMethodId", paymentMethodId), locale)); @@ -488,7 +488,7 @@ public class PaymentMethodServices { Timestamp now = UtilDateTime.nowTimestamp(); - String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_CREATE", "ACCOUNTING", "_ADMIN"); + String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_CREATE", "ACCOUNTING", "_CREATE"); if (result.size() > 0) return result; @@ -545,7 +545,7 @@ public class PaymentMethodServices { Timestamp now = UtilDateTime.nowTimestamp(); - String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_UPDATE", "ACCOUNTING", "_ADMIN"); + String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_UPDATE", "ACCOUNTING", "_UPDATE"); if (result.size() > 0) return result; @@ -574,7 +574,7 @@ public class PaymentMethodServices { "AccountingGiftCardCannotBeUpdated", UtilMisc.toMap("errorString", paymentMethodId), locale)); } - if (!paymentMethod.getString("partyId").equals(partyId) && !security.hasEntityPermission("PAY_INFO", "_UPDATE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_ADMIN", userLogin)) { + if (!paymentMethod.getString("partyId").equals(partyId) && !security.hasEntityPermission("PAY_INFO", "_UPDATE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_UPDATE", userLogin)) { return ServiceUtil.returnError(UtilProperties.getMessage(resourceError, "AccountingGiftCardPartyNotAuthorized", UtilMisc.toMap("partyId", partyId, "paymentMethodId", paymentMethodId), locale)); @@ -679,7 +679,7 @@ public class PaymentMethodServices { Timestamp now = UtilDateTime.nowTimestamp(); - String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_CREATE", "ACCOUNTING", "_ADMIN"); + String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_CREATE", "ACCOUNTING", "_CREATE"); if (result.size() > 0) return result; @@ -777,7 +777,7 @@ public class PaymentMethodServices { Timestamp now = UtilDateTime.nowTimestamp(); - String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_UPDATE", "ACCOUNTING", "_ADMIN"); + String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PAY_INFO", "_UPDATE", "ACCOUNTING", "_UPDATE"); if (result.size() > 0) return result; @@ -806,7 +806,7 @@ public class PaymentMethodServices { "AccountingEftAccountCannotBeUpdated", UtilMisc.toMap("errorString", paymentMethodId), locale)); } - if (!paymentMethod.getString("partyId").equals(partyId) && !security.hasEntityPermission("PAY_INFO", "_UPDATE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_ADMIN", userLogin)) { + if (!paymentMethod.getString("partyId").equals(partyId) && !security.hasEntityPermission("PAY_INFO", "_UPDATE", userLogin) && !security.hasEntityPermission("ACCOUNTING", "_UPDATE", userLogin)) { return ServiceUtil.returnError(UtilProperties.getMessage(resourceError, "AccountingEftAccountCannotBeUpdated", UtilMisc.toMap("partyId", partyId, "paymentMethodId", paymentMethodId), locale)); Modified: ofbiz/trunk/applications/accounting/widget/GlScreens.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/accounting/widget/GlScreens.xml?rev=1357453&r1=1357452&r2=1357453&view=diff ============================================================================== --- ofbiz/trunk/applications/accounting/widget/GlScreens.xml (original) +++ ofbiz/trunk/applications/accounting/widget/GlScreens.xml Thu Jul 5 03:24:57 2012 @@ -447,7 +447,7 @@ under the License. <section> <condition> <or> - <if-has-permission permission="ACCOUNTING" action="_ADMIN"/> + <if-has-permission permission="ACCOUNTING" action="_UPDATE"/> <if-has-permission permission="PAY_INFO" action="_UPDATE"/> </or> </condition> Modified: ofbiz/trunk/applications/order/webapp/ordermgr/order/orderpaymentinfo.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/webapp/ordermgr/order/orderpaymentinfo.ftl?rev=1357453&r1=1357452&r2=1357453&view=diff ============================================================================== --- ofbiz/trunk/applications/order/webapp/ordermgr/order/orderpaymentinfo.ftl (original) +++ ofbiz/trunk/applications/order/webapp/ordermgr/order/orderpaymentinfo.ftl Thu Jul 5 03:24:57 2012 @@ -54,7 +54,7 @@ under the License. <#assign statusItem = payment.getRelatedOne("StatusItem", false)> <#assign partyName = delegator.findOne("PartyNameView", {"partyId" : payment.partyIdTo}, true)> <tr> - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session)> <td><a href="/accounting/control/paymentOverview?paymentId=${payment.paymentId}">${payment.paymentId}</a></td> <#else> <td>${payment.paymentId}</td> @@ -342,7 +342,7 @@ under the License. <#if creditCard.suffixOnCard?has_content> ${creditCard.suffixOnCard}</#if> <br /> - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session)> ${creditCard.cardType} <@maskSensitiveNumber cardNumber=creditCard.cardNumber?if_exists/> ${creditCard.expireDate} @@ -469,7 +469,7 @@ under the License. <td valign="top" width="60%"> <div> <#if giftCard?has_content> - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session)> ${giftCard.cardNumber?default("N/A")} [${giftCard.pinNumber?default("N/A")}] [<#if oppStatusItem?exists>${oppStatusItem.get("description",locale)}<#else>${orderPaymentPreference.statusId}</#if>] <#else> @@ -596,7 +596,7 @@ under the License. <#if "CREDIT_CARD" == paymentMethod.paymentMethodTypeId> <#assign creditCard = paymentMethodValueMap.creditCard/> <#if (creditCard?has_content)> - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session)> ${creditCard.cardType?if_exists} <@maskSensitiveNumber cardNumber=creditCard.cardNumber?if_exists/> ${creditCard.expireDate?if_exists} <#else> ${Static["org.ofbiz.party.contact.ContactHelper"].formatCreditCard(creditCard)} Modified: ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.groovy URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.groovy?rev=1357453&r1=1357452&r2=1357453&view=diff ============================================================================== --- ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.groovy (original) +++ ofbiz/trunk/applications/party/webapp/partymgr/WEB-INF/actions/HasPartyPermissions.groovy Thu Jul 5 03:24:57 2012 @@ -23,7 +23,7 @@ context.hasCreatePermission = security.h context.hasUpdatePermission = security.hasEntityPermission("PARTYMGR", "_UPDATE", session); context.hasDeletePermission = security.hasEntityPermission("PARTYMGR", "_DELETE", session); // extended pay_info permissions -context.hasPayInfoPermission = security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session); +context.hasPayInfoPermission = security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session); // extended pcm (party contact mechanism) permissions context.hasPcmCreatePermission = security.hasEntityPermission("PARTYMGR_PCM", "_CREATE", session); context.hasPcmUpdatePermission = security.hasEntityPermission("PARTYMGR_PCM", "_UPDATE", session); Modified: ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl?rev=1357453&r1=1357452&r2=1357453&view=diff ============================================================================== --- ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl (original) +++ ofbiz/trunk/applications/party/webapp/partymgr/party/profileblocks/PaymentMethods.ftl Thu Jul 5 03:24:57 2012 @@ -38,7 +38,7 @@ under the License. <div class="screenlet-title-bar"> <ul> <li class="h3">${uiLabelMap.PartyPaymentMethodInformation}</li> - <#if security.hasEntityPermission("PAY_INFO", "_CREATE", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_CREATE", session) || security.hasEntityPermission("ACCOUNTING", "_CREATE", session)> <li><a href="<@ofbizUrl>editeftaccount?partyId=${partyId}</@ofbizUrl>">${uiLabelMap.AccountingCreateNewEftAccount}</a></li> <li><a href="<@ofbizUrl>editgiftcard?partyId=${partyId}</@ofbizUrl>">${uiLabelMap.AccountingCreateNewGiftCard}</a></li> <li><a href="<@ofbizUrl>editcreditcard?partyId=${partyId}</@ofbizUrl>">${uiLabelMap.AccountingCreateNewCreditCard}</a></li> @@ -67,7 +67,7 @@ under the License. ${creditCard.lastNameOnCard} <#if creditCard.suffixOnCard?has_content> ${creditCard.suffixOnCard}</#if> - - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session)> ${creditCard.cardType} <@maskSensitiveNumber cardNumber=creditCard.cardNumber?if_exists/> ${creditCard.expireDate} @@ -83,7 +83,7 @@ under the License. <#if security.hasEntityPermission("MANUAL", "_PAYMENT", session)> <a href="/accounting/control/manualETx?paymentMethodId=${paymentMethod.paymentMethodId}${externalKeyParam}">${uiLabelMap.PartyManualTx}</a> </#if> - <#if security.hasEntityPermission("PAY_INFO", "_UPDATE", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_UPDATE", session) || security.hasEntityPermission("ACCOUNTING", "_UPDATE", session)> <a href="<@ofbizUrl>editcreditcard?partyId=${partyId}&paymentMethodId=${paymentMethod.paymentMethodId}</@ofbizUrl>">${uiLabelMap.CommonUpdate}</a> </#if> <#-- </td> --> @@ -93,7 +93,7 @@ under the License. ${uiLabelMap.AccountingGiftCard} </td> <td> - <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_VIEW", session) || security.hasEntityPermission("ACCOUNTING", "_VIEW", session)> ${giftCard.cardNumber?default("N/A")} [${giftCard.pinNumber?default("N/A")}] <#else> <@maskSensitiveNumber cardNumber=giftCard.cardNumber?if_exists/> @@ -105,7 +105,7 @@ under the License. <#if paymentMethod.thruDate?has_content><b>(${uiLabelMap.PartyContactEffectiveThru}: ${paymentMethod.thruDate.toString()}</b></#if> </td> <td class="button-col"> - <#if security.hasEntityPermission("PAY_INFO", "_UPDATE", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_UPDATE", session) || security.hasEntityPermission("ACCOUNTING", "_UPDATE", session)> <a href="<@ofbizUrl>editgiftcard?partyId=${partyId}&paymentMethodId=${paymentMethod.paymentMethodId}</@ofbizUrl>">${uiLabelMap.CommonUpdate}</a> </#if> <#-- </td> --> @@ -121,7 +121,7 @@ under the License. <#if paymentMethod.thruDate?has_content><b>(${uiLabelMap.PartyContactEffectiveThru}: ${paymentMethod.thruDate.toString()}</#if> </td> <td class="button-col"> - <#if security.hasEntityPermission("PAY_INFO", "_UPDATE", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_UPDATE", session) || security.hasEntityPermission("ACCOUNTING", "_UPDATE", session)> <a href="<@ofbizUrl>editeftaccount?partyId=${partyId}&paymentMethodId=${paymentMethod.paymentMethodId}</@ofbizUrl>">${uiLabelMap.CommonUpdate}</a> </#if> <#-- </td> --> @@ -143,7 +143,7 @@ under the License. <td class="button-col"> </#if> - <#if security.hasEntityPermission("PAY_INFO", "_DELETE", session) || security.hasEntityPermission("ACCOUNTING", "_ADMIN", session)> + <#if security.hasEntityPermission("PAY_INFO", "_DELETE", session) || security.hasEntityPermission("ACCOUNTING", "_DELETE", session)> <a href="<@ofbizUrl>deletePaymentMethod/viewprofile?partyId=${partyId}&paymentMethodId=${paymentMethod.paymentMethodId}</@ofbizUrl>">${uiLabelMap.CommonExpire}</a> <#else> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |