Configure basic permissions for each page in Spring Security file

Only ROLE_SUPERUSER and role of the page will have access.

FEA: ItEr76S30PermissionsEnhancements

libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java

@@ -312,7 +312,7 @@ public class CustomMenuController extends Div implements IMenuItemsRegister {
         resourcesItems.add(subItem(_("Materials"), "/materials/materials.zul",
                 "11-materiales.html#administraci-n-de-materiais"));
         resourcesItems.add(subItem(_("Material Units"),
-                "/materials/unitTypes.zul",
+                "/unittypes/unitTypes.zul",
                 "11-materiales.html#administraci-n-de-materiais"));
         resourcesItems
                 .add(subItem(_("Quality Forms"),
@@ -332,7 +332,7 @@ public class CustomMenuController extends Div implements IMenuItemsRegister {
                 "/costcategories/costCategory.zul",
                 "14-custos.html#categor-as-de-custo"));
         costItems.add(subItem(_("Hours Types"),
-                "/costcategories/typeOfWorkHours.zul",
+                "/typeofworkhours/typeOfWorkHours.zul",
                 "14-custos.html#administraci-n-de-horas-traballadas"));
         topItem(_("Cost"), "/workreports/workReport.zul", "",
                 costItems);
@@ -342,7 +342,7 @@ public class CustomMenuController extends Div implements IMenuItemsRegister {
                 "/common/configuration.zul", "16-ldap-authentication.html"));
         configurationItems.add(subItem(_("User Accounts"), "/users/users.zul",
                 "13-usuarios.html#administraci-n-de-usuarios"));
-        configurationItems.add(subItem(_("Profiles"), "/users/profiles.zul",
+        configurationItems.add(subItem(_("Profiles"), "/profiles/profiles.zul",
                 "13-usuarios.html#administraci-n-de-perfiles"));
         topItem(_("Configuration"), "/common/configuration.zul", "",
                 configurationItems);

libreplan-webapp/src/main/java/org/libreplan/web/costcategories/TypeOfWorkHoursModel.java

@@ -49,7 +49,7 @@ import org.springframework.transaction.annotation.Transactional;
  */
 @Service
 @Scope(BeanDefinition.SCOPE_PROTOTYPE)
-@OnConcurrentModification(goToPage = "/costcategories/typeOfWorkHours.zul")
+@OnConcurrentModification(goToPage = "/typeofworkhours/typeOfWorkHours.zul")
 public class TypeOfWorkHoursModel extends IntegrationEntityModel implements
         ITypeOfWorkHoursModel {
 

libreplan-webapp/src/main/java/org/libreplan/web/materials/UnitTypeModel.java

@@ -48,7 +48,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 @Service
 @Scope(BeanDefinition.SCOPE_PROTOTYPE)
-@OnConcurrentModification(goToPage = "/materials/unitTypes.zul")
+@OnConcurrentModification(goToPage = "/unittypes/unitTypes.zul")
 public class UnitTypeModel extends IntegrationEntityModel implements
         IUnitTypeModel {
 

libreplan-webapp/src/main/java/org/libreplan/web/users/ProfileModel.java

@@ -46,7 +46,7 @@ import org.springframework.transaction.annotation.Transactional;
  */
 @Service
 @Scope(BeanDefinition.SCOPE_PROTOTYPE)
-@OnConcurrentModification(goToPage = "/users/profiles.zul")
+@OnConcurrentModification(goToPage = "/profiles/profiles.zul")
 public class ProfileModel implements IProfileModel {
 
     private Profile profile;

libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml

@@ -13,13 +13,17 @@
         entry-point-ref="customAuthenticationEntryPoint">
 
         <!-- Web services -->
-        <intercept-url pattern="/ws/rest/subcontracting/**" access="ROLE_WS_SUBCONTRACTING"
+        <intercept-url pattern="/ws/rest/subcontracting/**"
+            access="ROLE_WS_SUBCONTRACTING"
             method="GET" />
-        <intercept-url pattern="/ws/rest/subcontracting/**" access="ROLE_WS_SUBCONTRACTING"
+        <intercept-url pattern="/ws/rest/subcontracting/**"
+            access="ROLE_WS_SUBCONTRACTING"
             method="POST" />
-        <intercept-url pattern="/ws/rest/**" access="ROLE_WS_READER"
+        <intercept-url pattern="/ws/rest/**"
+            access="ROLE_WS_READER"
             method="GET" />
-        <intercept-url pattern="/ws/rest/**" access="ROLE_WS_WRITER"
+        <intercept-url pattern="/ws/rest/**"
+            access="ROLE_WS_WRITER"
             method="POST" />
 
         <!-- Web application -->
@@ -40,22 +44,76 @@
         <intercept-url pattern="/common/layout/timeout.zul"
             access="IS_AUTHENTICATED_ANONYMOUSLY" />
 
-        <intercept-url pattern="/advance/**" access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/resources/criterions/**"
-            access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/calendars/**" access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/labels/**" access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/materials/**" access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/costcategories/**"
-            access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/common/configuration.zul"
-            access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/qualityforms/**" access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/users/**" access="ROLE_SUPERUSER" />
-        <intercept-url pattern="/externalcompanies/**"
-            access="ROLE_SUPERUSER" />
+        <!-- Pages -->
+        <intercept-url pattern="/templates/*"
+            access="ROLE_SUPERUSER,ROLE_TEMPLATES" />
+        <intercept-url pattern="/resources/worker/worker.zul"
+            access="ROLE_SUPERUSER,ROLE_WORKERS" />
+        <intercept-url pattern="/resources/machine/*"
+            access="ROLE_SUPERUSER,ROLE_MACHINES" />
+        <intercept-url pattern="/resources/worker/virtualWorkers.zul"
+            access="ROLE_SUPERUSER,ROLE_VIRTUAL_WORKERS" />
+        <intercept-url pattern="/calendars/*"
+            access="ROLE_SUPERUSER,ROLE_CALENDARS" />
+        <intercept-url pattern="/excetiondays/*"
+            access="ROLE_SUPERUSER,ROLE_CALENDAR_EXCEPTION_DAYS" />
+        <intercept-url pattern="/resources/criterions/*"
+            access="ROLE_SUPERUSER,ROLE_CRITERIA" />
+        <intercept-url pattern="/advance/*"
+            access="ROLE_SUPERUSER,ROLE_PROGRESS_TYPES" />
+        <intercept-url pattern="/labels/*"
+            access="ROLE_SUPERUSER,ROLE_LABELS" />
+        <intercept-url pattern="/materials/*"
+            access="ROLE_SUPERUSER,ROLE_MATERIALS" />
+        <intercept-url pattern="/unittypes/*"
+            access="ROLE_SUPERUSER,ROLE_MATERIAL_UNITS" />
+        <intercept-url pattern="/qualityforms/*"
+            access="ROLE_SUPERUSER,ROLE_QUALITY_FORMS" />
+        <intercept-url pattern="/workreports/workReport.zul"
+            access="ROLE_SUPERUSER,ROLE_TIMESHEETS" />
         <intercept-url pattern="/workreports/workReportTypes.zul"
-            access="ROLE_SUPERUSER" />
+            access="ROLE_SUPERUSER,ROLE_TIMESHEETS_TEMPLATES" />
+        <intercept-url pattern="/expensesheet/*"
+            access="ROLE_SUPERUSER,ROLE_EXPENSES" />
+        <intercept-url pattern="/costcategories/*"
+            access="ROLE_SUPERUSER,ROLE_COST_CATEGORIES" />
+        <intercept-url pattern="/typeofworkhours/*"
+            access="ROLE_SUPERUSER,ROLE_HOURS_TYPES" />
+        <intercept-url pattern="/common/configuration.zul"
+            access="ROLE_SUPERUSER,ROLE_MAIN_SETTINGS" />
+        <intercept-url pattern="/users/*"
+            access="ROLE_SUPERUSER,ROLE_USER_ACCOUNTS" />
+        <intercept-url pattern="/profiles/*"
+            access="ROLE_SUPERUSER,ROLE_PROFILES" />
+        <intercept-url pattern="/externalcompanies/*"
+            access="ROLE_SUPERUSER,ROLE_COMPANIES" />
+        <intercept-url pattern="/subcontract/subcontractedTasks.zul"
+            access="ROLE_SUPERUSER,ROLE_SEND_TO_SUBCONTRACTORS" />
+        <intercept-url pattern="/subcontract/subcontractorCommunications.zul"
+            access="ROLE_SUPERUSER,ROLE_RECEIVED_FROM_SUBCONTRACTORS" />
+        <intercept-url pattern="/subcontract/reportAdvances.zul"
+            access="ROLE_SUPERUSER,ROLE_SEND_TO_CUSTOMERS" />
+        <intercept-url pattern="/subcontract/customerCommunications.zul"
+            access="ROLE_SUPERUSER,ROLE_RECEIVED_FROM_CUSTOMERS" />
+        <intercept-url pattern="/workreports/workReportQuery.zul"
+            access="ROLE_SUPERUSER,ROLE_WORK_REPORT_LINES_REPORT" />
+        <intercept-url pattern="/reports/hoursWorkedPerWorkerReport.zul"
+            access="ROLE_SUPERUSER,ROLE_HOURS_WORKED_PER_RESOURCE_REPORT" />
+        <intercept-url pattern="/reports/hoursWorkedPerWorkerInAMonthReport.zul"
+            access="ROLE_SUPERUSER,ROLE_TOTAL_WORKED_HOURS_BY_RESOURCE_IN_A_MONTH_REPORT" />
+        <intercept-url pattern="/reports/schedulingProgressPerOrderReport.zul"
+            access="ROLE_SUPERUSER,ROLE_WORK_AND_PROGRESS_PER_PROJECT_REPORT" />
+        <intercept-url pattern="/reports/workingProgressPerTaskReport.zul"
+            access="ROLE_SUPERUSER,ROLE_WORK_AND_PROGRESS_PER_TASK_REPORT" />
+        <intercept-url pattern="/reports/completedEstimatedHoursPerTask.zul"
+            access="ROLE_SUPERUSER,ROLE_ESTIMATED_PLANNED_HOURS_PER_TASK_REPORT" />
+        <intercept-url pattern="/reportsorderCostsPerResource/.zul"
+            access="ROLE_SUPERUSER,ROLE_PROJECT_COSTS_REPORT" />
+        <intercept-url pattern="/reports/workingArrangementsPerOrderReport.zul"
+            access="ROLE_SUPERUSER,ROLE_TASK_SCHEDULING_STATUS_IN_PROJECT_REPORT" />
+        <intercept-url pattern="/reports/timeLineMaterialReport.zul"
+            access="ROLE_SUPERUSER,ROLE_MATERIALS_NEED_AT_DATE_REPORT" />
+
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
 
         <!-- These have been added because of auto-config is false now in order