<!-- TASK -->
<if-compare field="sec_object" value="TASK" operator="equals">
<set field="taskId" from-field="parameters.taskId" default-value="${parameters.workEffortId}"/>
<if-empty field="taskId">
<set field="phaseId" from-field="parameters.workEffortParentId"/>
</if-empty>
<set field="partyId" from-field="parameters.userLogin.partyId"/>
<!--call-simple-method method-name="checkProjectMembership"/-->
<set field="isMember" value="true" type="Boolean"/>
<!--log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.taskId} PhaseId: ${parameters.workEffortParentId} resourceDescription: ${parameters.resourceDescription} isMember: ${isMember}"/-->
<entity-and list="custRequests" entity-name="WorkEffortCustRequestView">
<field-map field-name="workEffortId" from-field="taskId"/>
</entity-and>
<first-from-list list="custRequests" entry="custRequest"/>
<entity-and entity-name="PartyRelationship" list="accounts">
<field-map field-name="roleTypeIdFrom" value="ACCOUNT"/>
<field-map field-name="roleTypeIdTo" value="CONTACT"/>
<field-map field-name="partyIdTo" from-field="custRequest.fromPartyId"/>
</entity-and>
<first-from-list list="accounts" entry="accountCustReq"/>
<entity-and entity-name="PartyRelationship" list="accounts">
<field-map field-name="roleTypeIdFrom" value="ACCOUNT"/>
<field-map field-name="roleTypeIdTo" value="CONTACT"/>
<field-map field-name="partyIdTo" from-field="parameters.userLogin.partyId"/>
</entity-and>
<first-from-list list="accounts" entry="accountLogin"/>
<if>
<condition>
<or>
<and>
<if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
<or>
<!-- allow a customer to look at his own tasks related to his own customer requests -->
<if-compare operator="equals" value="${parameters.userLogin.partyId}" field="custRequest.fromPartyId"/>
<!-- allow to view if the logged on party is a contact of the same account as the customer requester -->
<if-compare operator="equals" value="${accountLogin.partyIdFrom}" field="accountCustReq.partyIdFrom"/>
</or>
</and>
<and>
<!-- view a task with a null id is a null operation, so ok... -->
<if-empty field="parameters.taskId"/>
<if-empty field="parameters.workEffortId"/>
<if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
</and>
<and>
<if-has-permission permission="PROJECTMGR_ADMIN"/>
<not><if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/></not>
</and>
<and>
<if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/>
<if-compare field="isMember" value="true" operator="equals"/>
</and>
<and>
<if-has-permission permission="PROJECTMGR_VIEW"/>
<not><if-has-permission permission="PROJECTMGR_ROLE_VIEW"/></not>
<if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
</and>
<and>
<if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
<if-compare field="isMember" value="true" operator="equals"/>
<if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
</and>
<and>
<if-has-permission permission="PROJECTMGR_ROLE_TASK_CREATE"/>
<!-- if-compare field="isMember" value="true" operator="equals"/--><!-- currently disabled because the workEffortParentId is supplied but is empty here -->
<or>
<if-compare field="parameters.mainAction" value="CREATE" operator="equals"/>
<if-compare field="parameters.mainAction" value="UPDATE" operator="equals"/>
</or>
</and>
</or>
</condition>
<then>
<field-to-result field="hasPermission"/>
<return/>
</then>
<else>
<property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToTask" field="failMessage"/>
<field-to-result field="hasNoPermission" result-name="hasPermission"/>
<field-to-result field="failMessage"/>
<field-to-result field="hasNoPermission" result-name="hasPermission"/>
<return/>
</else>
</if>
</if-compare>
管理
