Bug #1610: Restrict access through manual entry points to projects without permissions

An additional check is introduced to limit access to planning perspective of a project
to which the user doesn't have permissions. The MessageBox modal operation might be moved
out to show nicely the error information.

FEA: ItEr77S04BugFixing

libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderCRUDController.java

@@ -1066,6 +1066,12 @@ public class OrderCRUDController extends GenericForwardComposer {
     }
 
     public void initEdit(Order order) {
+        checkUserCanRead(order);
+        orderModel.initEdit(order, getDesktop());
+        prepareEditWindow(_("Edit project"));
+    }
+
+    public void checkUserCanRead(Order order) {
         if (!orderModel.userCanRead(order, SecurityUtils.getSessionUserLoginName())) {
             try {
                 Messagebox.show(_("Sorry, you do not have permissions to access this project"),
@@ -1074,9 +1080,6 @@ public class OrderCRUDController extends GenericForwardComposer {
                 throw new RuntimeException(e);
             }
         }
-
-        orderModel.initEdit(order, getDesktop());
-        prepareEditWindow(_("Edit project"));
     }
 
     public IOrderModel getOrderModel() {

libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/PlanningTabCreator.java

@@ -273,6 +273,8 @@ public class PlanningTabCreator {
                 breadcrumbs.appendChild(new Label(_("Project Scheduling")));
                 if (mode.isOf(ModeType.ORDER)) {
 
+                    orderPlanningController.getOrderCRUDController()
+                            .checkUserCanRead(order);
                     Label nameLabel = new Label(order.getName());
                     nameLabel.setTooltiptext(order.getName() + "."
                             + order.getDescription());