From b6889f7e7b95fcf4e5429b7bf0bb244a7850c438 Mon Sep 17 00:00:00 2001
From: Manuel Rego Casasnovas <rego@igalia.com>
Date: Fri, 15 Jun 2012 12:54:26 +0200
Subject: [PATCH] Configure permissions for ROLE_BOUND_USER

Only bound users will have access to page "Personal Area > Home".

Moreover bound users will have access to expenses sheet edition form, even if
they don't have access to "Cost > Expenses" page.

Finally users with role ROLE_SUERUSER, ROLE_SUERUSER or ROLE_TIMESHEETS will
have access to monthly timesheets edition page.

FEA: ItEr76S30PermissionsEnhancements
---
 .../java/org/libreplan/web/common/CustomMenuController.java | 6 ++++--
 .../resources/libreplan-webapp-spring-security-config.xml   | 6 +++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java b/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java
index 995a12110..b0b4475cf 100644
--- a/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java
+++ b/libreplan-webapp/src/main/java/org/libreplan/web/common/CustomMenuController.java
@@ -495,8 +495,10 @@ public class CustomMenuController extends Div implements IMenuItemsRegister {
         }
 
         List<CustomMenuItem> personalAreaItems = new ArrayList<CustomMenuItem>();
-        personalAreaItems.add(subItem(_("Home"),
-                "/myaccount/userDashboard.zul", ""));
+        if (SecurityUtils.isUserInRole(UserRole.ROLE_BOUND_USER)) {
+            personalAreaItems.add(subItem(_("Home"),
+                    "/myaccount/userDashboard.zul", ""));
+        }
         personalAreaItems.add(subItem(_("Preferences"),
                 "/myaccount/settings.zul", ""));
         personalAreaItems.add(subItem(_("Change Password"),
diff --git a/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml b/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
index 5839dc391..b418c21f5 100644
--- a/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
+++ b/libreplan-webapp/src/main/resources/libreplan-webapp-spring-security-config.xml
@@ -74,7 +74,7 @@
         <intercept-url pattern="/workreports/workReportTypes.zul"
             access="ROLE_SUPERUSER,ROLE_TIMESHEETS_TEMPLATES" />
         <intercept-url pattern="/expensesheet/*"
-            access="ROLE_SUPERUSER,ROLE_EXPENSES" />
+            access="ROLE_SUPERUSER,ROLE_EXPENSES,ROLE_BOUND_USER" />
         <intercept-url pattern="/costcategories/*"
             access="ROLE_SUPERUSER,ROLE_COST_CATEGORIES" />
         <intercept-url pattern="/typeofworkhours/*"
@@ -113,6 +113,10 @@
             access="ROLE_SUPERUSER,ROLE_TASK_SCHEDULING_STATUS_IN_PROJECT_REPORT" />
         <intercept-url pattern="/reports/timeLineMaterialReport.zul"
             access="ROLE_SUPERUSER,ROLE_MATERIALS_NEED_AT_DATE_REPORT" />
+        <intercept-url pattern="/myaccount/userDashboard.zul"
+            access="ROLE_BOUND_USER" />
+        <intercept-url pattern="/myaccount/monthlyTimesheet.zul"
+            access="ROLE_SUPERUSER,ROLE_TIMESHEETS,ROLE_BOUND_USER" />
 
         <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />