<!-- TASK --> <if-compare field="sec_object" value="TASK" operator="equals"> <set field="taskId" from-field="parameters.taskId" default-value="${parameters.workEffortId}"/> <if-empty field="taskId"> <set field="phaseId" from-field="parameters.workEffortParentId"/> </if-empty> <set field="partyId" from-field="parameters.userLogin.partyId"/> <!--call-simple-method method-name="checkProjectMembership"/--> <set field="isMember" value="true" type="Boolean"/> <!--log level="info" message="======ProjectMGR Security===== action: ${parameters.mainAction} object: ${sec_object} Id: ${parameters.taskId} PhaseId: ${parameters.workEffortParentId} resourceDescription: ${parameters.resourceDescription} isMember: ${isMember}"/--> <entity-and list="custRequests" entity-name="WorkEffortCustRequestView"> <field-map field-name="workEffortId" from-field="taskId"/> </entity-and> <first-from-list list="custRequests" entry="custRequest"/> <entity-and entity-name="PartyRelationship" list="accounts"> <field-map field-name="roleTypeIdFrom" value="ACCOUNT"/> <field-map field-name="roleTypeIdTo" value="CONTACT"/> <field-map field-name="partyIdTo" from-field="custRequest.fromPartyId"/> </entity-and> <first-from-list list="accounts" entry="accountCustReq"/> <entity-and entity-name="PartyRelationship" list="accounts"> <field-map field-name="roleTypeIdFrom" value="ACCOUNT"/> <field-map field-name="roleTypeIdTo" value="CONTACT"/> <field-map field-name="partyIdTo" from-field="parameters.userLogin.partyId"/> </entity-and> <first-from-list list="accounts" entry="accountLogin"/> <if> <condition> <or> <and> <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> <or> <!-- allow a customer to look at his own tasks related to his own customer requests --> <if-compare operator="equals" value="${parameters.userLogin.partyId}" field="custRequest.fromPartyId"/> <!-- allow to view if the logged on party is a contact of the same account as the customer requester --> <if-compare operator="equals" value="${accountLogin.partyIdFrom}" field="accountCustReq.partyIdFrom"/> </or> </and> <and> <!-- view a task with a null id is a null operation, so ok... --> <if-empty field="parameters.taskId"/> <if-empty field="parameters.workEffortId"/> <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> </and> <and> <if-has-permission permission="PROJECTMGR_ADMIN"/> <not><if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/></not> </and> <and> <if-has-permission permission="PROJECTMGR_ROLE_ADMIN"/> <if-compare field="isMember" value="true" operator="equals"/> </and> <and> <if-has-permission permission="PROJECTMGR_VIEW"/> <not><if-has-permission permission="PROJECTMGR_ROLE_VIEW"/></not> <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> </and> <and> <if-has-permission permission="PROJECTMGR_ROLE_VIEW"/> <if-compare field="isMember" value="true" operator="equals"/> <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> </and> <and> <if-has-permission permission="PROJECTMGR_ROLE_TASK_CREATE"/> <!-- if-compare field="isMember" value="true" operator="equals"/--><!-- currently disabled because the workEffortParentId is supplied but is empty here --> <or> <if-compare field="parameters.mainAction" value="CREATE" operator="equals"/> <if-compare field="parameters.mainAction" value="UPDATE" operator="equals"/> </or> </and> </or> </condition> <then> <field-to-result field="hasPermission"/> <return/> </then> <else> <property-to-field resource="ProjectMgrUiLabels" property="ProjectMgrNoAccessToTask" field="failMessage"/> <field-to-result field="hasNoPermission" result-name="hasPermission"/> <field-to-result field="failMessage"/> <field-to-result field="hasNoPermission" result-name="hasPermission"/> <return/> </else> </if> </if-compare>