[ofbiz-framework] branch trunk updated: Improved: Request Roles - VIEW permissions (OFBIZ-12495) (#448)

Thu, 20 Jan 2022 04:25:49 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new f3775bd  Improved: Request Roles - VIEW permissions (OFBIZ-12495) 
(#448)
f3775bd is described below

commit f3775bde2d9f2a245dc0bf64c09d0de72812fde5
Author: Pierre Smits <pierre.sm...@orrtiz.com>
AuthorDate: Thu Jan 20 13:25:36 2022 +0100

    Improved: Request Roles - VIEW permissions (OFBIZ-12495) (#448)
    
    Currently, a user with only 'VIEW' permissions, as demonstrated in trunk 
demo with userId = auditor, accessing the Request Roles screen, sees editable 
fields and/or triggers (to requests) reserved for users with 'CREATE' or 
'UPDATE' permissions.
    https://localhost:8443/ordermgr/control/requestroles?custRequestId=9000
    
    Modified: CustRequestScreens.xml
    - screen RequestRoles, restructured to work with permissions.
---
 .../order/widget/ordermgr/CustRequestScreens.xml   | 27 ++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/applications/order/widget/ordermgr/CustRequestScreens.xml 
b/applications/order/widget/ordermgr/CustRequestScreens.xml
index 021ce6d..48ac533 100644
--- a/applications/order/widget/ordermgr/CustRequestScreens.xml
+++ b/applications/order/widget/ordermgr/CustRequestScreens.xml
@@ -238,10 +238,29 @@ under the License.
             <widgets>
                 <decorator-screen name="CommonRequestDecorator" 
location="${parameters.mainDecoratorLocation}">
                     <decorator-section name="body">
-                        <screenlet id="EditRequestRolePanel" 
title="${uiLabelMap.PageTitleEditRequestRoles}" collapsible="true">
-                            <include-form name="EditRequestRole" 
location="component://order/widget/ordermgr/CustRequestForms.xml"/>
-                        </screenlet>
-                        <include-form name="ListRequestRoles" 
location="component://order/widget/ordermgr/CustRequestForms.xml"/>
+                        <section>
+                            <condition>
+                                <and>
+                                    <or>
+                                        <if-has-permission 
permission="ORDERMGR" action="_CREATE"/>
+                                        <if-has-permission 
permission="ORDERMGR" action="_UPDATE"/>
+                                    </or>
+                                </and>
+                            </condition>
+                            <widgets>
+                                <screenlet id="EditRequestRolePanel" 
title="${uiLabelMap.PageTitleEditRequestRoles}" collapsible="true">
+                                    <include-form name="EditRequestRole" 
location="component://order/widget/ordermgr/CustRequestForms.xml"/>
+                                </screenlet>
+                                <screenlet id="RequestRoles">
+                                    <include-form name="ListRequestRoles" 
location="component://order/widget/ordermgr/CustRequestForms.xml"/>
+                                </screenlet>
+                            </widgets>
+                            <fail-widgets>
+                                <screenlet id="RequestRoles">
+                                    <include-form name="ViewRequestRoles" 
location="component://order/widget/ordermgr/CustRequestForms.xml"/>
+                                </screenlet>
+                            </fail-widgets>
+                        </section>
                     </decorator-section>
                 </decorator-screen>
             </widgets>

Reply via email to