From 0cb2fb890f83480e38d93c4ecba1063d0b6af9d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lorenzo=20Tilve=20=C3=81lvaro?= <ltilve@igalia.com>
Date: Mon, 15 Apr 2013 09:55:03 +0200
Subject: [PATCH] Bug #1610: Restrict access through manual entry points to
 projects without permissions

An additional check is introduced to limit access to planning perspective of a project
to which the user doesn't have permissions. The MessageBox modal operation might be moved
out to show nicely the error information.

FEA: ItEr77S04BugFixing
---
 .../org/libreplan/web/orders/OrderCRUDController.java    | 9 ++++++---
 .../libreplan/web/planner/tabs/PlanningTabCreator.java   | 2 ++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderCRUDController.java b/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderCRUDController.java
index 17d2c08bb..125ba6e5d 100644
--- a/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderCRUDController.java
+++ b/libreplan-webapp/src/main/java/org/libreplan/web/orders/OrderCRUDController.java
@@ -1066,6 +1066,12 @@ public class OrderCRUDController extends GenericForwardComposer {
     }
 
     public void initEdit(Order order) {
+        checkUserCanRead(order);
+        orderModel.initEdit(order, getDesktop());
+        prepareEditWindow(_("Edit project"));
+    }
+
+    public void checkUserCanRead(Order order) {
         if (!orderModel.userCanRead(order, SecurityUtils.getSessionUserLoginName())) {
             try {
                 Messagebox.show(_("Sorry, you do not have permissions to access this project"),
@@ -1074,9 +1080,6 @@ public class OrderCRUDController extends GenericForwardComposer {
                 throw new RuntimeException(e);
             }
         }
-
-        orderModel.initEdit(order, getDesktop());
-        prepareEditWindow(_("Edit project"));
     }
 
     public IOrderModel getOrderModel() {
diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/PlanningTabCreator.java b/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/PlanningTabCreator.java
index 09aa3903e..793a0c1fa 100644
--- a/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/PlanningTabCreator.java
+++ b/libreplan-webapp/src/main/java/org/libreplan/web/planner/tabs/PlanningTabCreator.java
@@ -273,6 +273,8 @@ public class PlanningTabCreator {
                 breadcrumbs.appendChild(new Label(_("Project Scheduling")));
                 if (mode.isOf(ModeType.ORDER)) {
 
+                    orderPlanningController.getOrderCRUDController()
+                            .checkUserCanRead(order);
                     Label nameLabel = new Label(order.getName());
                     nameLabel.setTooltiptext(order.getName() + "."
                             + order.getDescription());