Add filter by order authorizations in project status report
If you just filter by labels/criteria and you don't choose any specific project. You were able to see tasks from projects that you are not allowed to read. Now this is fixed. FEA: ItEr77S09WBSReport
This commit is contained in:
Manuel Rego Casasnovas
parent
270aa99aee
commit
283cab8d23
1 changed files with 21 additions and 2 deletions
|
|
@ -38,6 +38,7 @@ import org.libreplan.business.requirements.entities.IndirectCriterionRequirement
|
|||
import org.libreplan.business.resources.daos.ICriterionDAO;
|
||||
import org.libreplan.business.resources.entities.Criterion;
|
||||
import org.libreplan.business.scenarios.IScenarioManager;
|
||||
import org.libreplan.business.users.daos.IOrderAuthorizationDAO;
|
||||
import org.libreplan.business.workingday.EffortDuration;
|
||||
import org.libreplan.web.security.SecurityUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
|
@ -68,6 +69,9 @@ public class ProjectStatusReportModel implements IProjectStatusReportModel {
|
|||
@Autowired
|
||||
private IOrderElementDAO orderElementDAO;
|
||||
|
||||
@Autowired
|
||||
private IOrderAuthorizationDAO orderAuthorizationDAO;
|
||||
|
||||
@Autowired
|
||||
private IScenarioManager scenarioManager;
|
||||
|
||||
|
|
@ -112,11 +116,13 @@ public class ProjectStatusReportModel implements IProjectStatusReportModel {
|
|||
each).getOrderVersionFor(
|
||||
scenarioManager.getCurrent()));
|
||||
}
|
||||
|
||||
orderElements = filterByOrderAuthorizations(orderElements);
|
||||
}
|
||||
|
||||
List<ProjectStatusReportDTO> dtos = new ArrayList<ProjectStatusReportDTO>();
|
||||
for (OrderElement child : orderElements) {
|
||||
dtos.add(calculateDTO(child, order == null));
|
||||
for (OrderElement element : orderElements) {
|
||||
dtos.add(calculateDTO(element, order == null));
|
||||
}
|
||||
|
||||
calculateTotalDTO(order, dtos);
|
||||
|
|
@ -285,6 +291,19 @@ public class ProjectStatusReportModel implements IProjectStatusReportModel {
|
|||
return result;
|
||||
}
|
||||
|
||||
private List<OrderElement> filterByOrderAuthorizations(
|
||||
List<OrderElement> orderElements) {
|
||||
List<Order> orders = getOrders();
|
||||
|
||||
List<OrderElement> result = new ArrayList<OrderElement>();
|
||||
for (OrderElement each : orderElements) {
|
||||
if (orders.contains(orderDAO.loadOrderAvoidingProxyFor(each))) {
|
||||
result.add(each);
|
||||
}
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private EffortDuration addIfNotNull(EffortDuration total,
|
||||
EffortDuration other) {
|
||||
if (other == null) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue