╰☆把酒言欢
                               聪明出于勤奋,天才在于积累.
<!-- TASK -->
        <if-compare field="sec_object" value="TASK" operator="equals">
            <set field="taskId" from-field="parameters.taskId" default-value="${parameters.workEffortId}"/>
            <if-empty field="taskId">
                <set field="phaseId" from-field="parameters.workEffortParentId"/>
            </if-empty>
            <set field="partyId" from-field="parameters.userLogin.partyId"/>
            <!--call-simple-method method-name="checkProjectMembership"/-->
            <set field="isMember" value="true" type="Boolean"/>
            <!--log level="info" message="======ProjectMGR Security=====  action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.taskId} PhaseId:  ${parameters.workEffortParentId} resourceDescription: ${parameters.resourceDescription} isMember: ${isMember}"/-->
            <entity-and list="custRequests" entity-name="WorkEffortCustRequestView">
                <field-map field-name="workEffortId" from-field="taskId"/>
            </entity-and>
            <first-from-list list="custRequests" entry="custRequest"/>
            <entity-and entity-name="PartyRelationship" list="accounts">
                <field-map field-name="roleTypeIdFrom" value="ACCOUNT"/>
                <field-map field-name="roleTypeIdTo" value="CONTACT"/>
                <field-map field-name="partyIdTo" from-field="custRequest.fromPartyId"/>
            </entity-and>
            <first-from-list list="accounts" entry="accountCustReq"/>
            <entity-and entity-name="PartyRelationship" list="accounts">
                <field-map field-name="roleTypeIdFrom" value="ACCOUNT"/>
                <field-map field-name="roleTypeIdTo" value="CONTACT"/>
                <field-map field-name="partyIdTo" from-field="parameters.userLogin.partyId"/>
            </entity-and>
            <first-from-list list="accounts" entry="accountLogin"/>
            <if>
                <condition>
                    <or>
                        <and>
                            <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
                            <or>
                                <!-- allow a customer to look at his own tasks related to his own customer requests -->
                                <if-compare operator="equals" value="${parameters.userLogin.partyId}" field="custRequest.fromPartyId"/>
                                <!-- allow to view if the logged on party is a contact of the same account as the customer requester -->
                                <if-compare operator="equals" value="${accountLogin.partyIdFrom}" field="accountCustReq.partyIdFrom"/>
                            </or>
                        </and>
                        <and>
                            <!-- view a task with a null id is a null operation, so ok... -->
                            <if-empty field="parameters.taskId"/>
                            <if-empty field="parameters.workEffortId"/>
                            <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
                        </and>
                        <and>
                            <if-has-permission permission="PROJECTMGR_ADMIN"/>
                            <not><if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/></not>
                        </and>
                        <and>
                            <if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/>
                            <if-compare field="isMember" value="true" operator="equals"/>
                        </and>
                        <and>
                            <if-has-permission permission="PROJECTMGR_VIEW"/>
                            <not><if-has-permission permission="PROJECTMGR_ROLE_VIEW"/></not>
                            <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
                        </and>
                        <and>
                            <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/>
                            <if-compare field="isMember" value="true" operator="equals"/>
                            <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/>
                        </and>
                        <and>
                            <if-has-permission permission="PROJECTMGR_ROLE_TASK_CREATE"/>
                            <!-- if-compare field="isMember" value="true" operator="equals"/--><!-- currently disabled because the workEffortParentId is supplied but is empty here -->
                            <or>
                                <if-compare field="parameters.mainAction" value="CREATE" operator="equals"/>
                                <if-compare field="parameters.mainAction" value="UPDATE" operator="equals"/>
                            </or>
                        </and>
                    </or>
                </condition>
                <then>
                    <field-to-result field="hasPermission"/>
                    <return/>
                </then>
                <else>
                    <property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToTask" field="failMessage"/>
                    <field-to-result field="hasNoPermission" result-name="hasPermission"/>
                    <field-to-result field="failMessage"/>
                    <field-to-result field="hasNoPermission" result-name="hasPermission"/>
                    <return/>
                </else>
            </if>
        </if-compare>
posted on 2012-12-02 23:00  把酒言欢  阅读(1440)  评论(0编辑  收藏  举报