This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 456df81 Improved: PaymentGroup Payments - VIEW permissions
(OFBIZ-12502) (#457)
456df81 is described below
commit 456df81cfeb8679561479b5d72a4cbb8fb5b4acc
Author: Pierre Smits <pierre.sm...@orrtiz.com>
AuthorDate: Thu Jan 20 12:02:44 2022 +0100
Improved: PaymentGroup Payments - VIEW permissions (OFBIZ-12502) (#457)
Currently, a user with only 'VIEW' permissions, as
demonstrated in trunk demo with userId = auditor,
accessing the Payment Group Payments screen, sees
editable fields and/or triggers (to requests)
reserved for users with 'CREATE' or 'UPDATE' permissions.
To see/test:
https://localhost:8443/accounting/control/EditPaymentGroupMember?paymentGroupId=9000
Modified: PaymentGroupScreens.xml
restructured screen ditPaymentGroupMember to work with permissions
---
.../accounting/widget/PaymentGroupScreens.xml | 30 +++++++++++++++++-----
1 file changed, 24 insertions(+), 6 deletions(-)
diff --git a/applications/accounting/widget/PaymentGroupScreens.xml
b/applications/accounting/widget/PaymentGroupScreens.xml
index c35f83f..e3c1475 100644
--- a/applications/accounting/widget/PaymentGroupScreens.xml
+++ b/applications/accounting/widget/PaymentGroupScreens.xml
@@ -93,12 +93,30 @@ under the License.
<widgets>
<decorator-screen name="CommonPaymentGroupDecorator"
location="${parameters.mainDecoratorLocation}">
<decorator-section name="body">
- <screenlet name="listPaymentGroupMember"
title="${uiLabelMap.AccountingPaymentGroupMembers}" collapsible="true">
- <include-form name="ListPaymentGroupMember"
location="component://accounting/widget/PaymentGroupForms.xml"/>
- </screenlet>
- <screenlet name="addPaymentGroupMember"
title="${uiLabelMap.AccountingAddPaymentGroupMember}" collapsible="true">
- <include-form name="AddPaymentGroupMember"
location="component://accounting/widget/PaymentGroupForms.xml"/>
- </screenlet>
+ <section>
+ <condition>
+ <and>
+ <or>
+ <if-has-permission
permission="ACCOUNTING" action="_CREATE"/>
+ <if-has-permission
permission="ACCOUNTING" action="_UPDATE"/>
+ </or>
+ <not><if-empty
field="paymentGroupId"/></not>
+ </and>
+ </condition>
+ <widgets>
+ <screenlet name="listPaymentGroupMember"
title="${uiLabelMap.CommonPayments}" collapsible="true">
+ <include-form
name="ListPaymentGroupMember"
location="component://accounting/widget/PaymentGroupForms.xml"/>
+ </screenlet>
+ <screenlet name="addPaymentGroupMember"
title="${uiLabelMap.AccountingAddPaymentGroupMember}" collapsible="true">
+ <include-form name="AddPaymentGroupMember"
location="component://accounting/widget/PaymentGroupForms.xml"/>
+ </screenlet>
+ </widgets>
+ <fail-widgets>
+ <screenlet name="listPaymentGroupMember"
title="${uiLabelMap.CommonPayments}" collapsible="true">
+ <include-form name="PaymentGroupMembers"
location="component://accounting/widget/PaymentGroupForms.xml"/>
+ </screenlet>
+ </fail-widgets>
+ </section>
</decorator-section>
</decorator-screen>
</widgets>
