ItEr45S20RFControlesRelacionadosPermismos: Implemented the method OrderDAO.getOrdersByWriteAuthorization and renamed getOrdersByAuthorization

getOrdersByAuthorization was renamed to getOrdersByReadAuthorization to avoid misunderstandings with the new method.

navalplanner-business/src/main/java/org/navalplanner/business/orders/daos/IOrderDAO.java

@@ -59,11 +59,20 @@ public interface IOrderDAO extends IGenericDAO<Order, Long> {
     List<Task> getTasksByOrder(Order order);
 
     /**
-     * Returns a list of orders filtered by the authorizations of the indicated
+     * Returns a list of orders filtered by the read authorizations of the indicated
+     * user. Write authorizations are also counted, because they implicitly suppose
+     * read access.
+     * @param user User.
+     * @return Filtered list of orders.
+     */
+    List<Order> getOrdersByReadAuthorization(User user);
+
+    /**
+     * Returns a list of orders filtered by the write authorizations of the indicated
      * user.
      * @param user User.
      * @return Filtered list of orders.
      */
-    List<Order> getOrdersByAuthorization(User user);
+    List<Order> getOrdersByWriteAuthorization(User user);
 
 }

navalplanner-business/src/main/java/org/navalplanner/business/orders/daos/OrderDAO.java

@@ -186,7 +186,7 @@ public class OrderDAO extends GenericDAOHibernate<Order, Long> implements
     }
 
     @Override
-    public List<Order> getOrdersByAuthorization(User user) {
+    public List<Order> getOrdersByReadAuthorization(User user) {
         if (user.getRoles().contains(UserRole.ROLE_READ_ALL_ORDERS) ||
             user.getRoles().contains(UserRole.ROLE_EDIT_ALL_ORDERS)) {
             return getOrders();
@@ -209,4 +209,25 @@ public class OrderDAO extends GenericDAOHibernate<Order, Long> implements
         }
     }
 
+    @Override
+    public List<Order> getOrdersByWriteAuthorization(User user) {
+        if (user.getRoles().contains(UserRole.ROLE_EDIT_ALL_ORDERS)) {
+            return getOrders();
+        }
+        else {
+            List<Order> orders = new ArrayList<Order>();
+            List<OrderAuthorization> authorizations = orderAuthorizationDAO.listByUserAndItsProfiles(user);
+            for(OrderAuthorization authorization : authorizations) {
+                if (authorization.getAuthorizationType() == OrderAuthorizationType.WRITE_AUTHORIZATION) {
+                    Order order = authorization.getOrder();
+                    if(!orders.contains(order)) {
+                        order.getName(); //this lines forces the load of the basic attributes of the order
+                        orders.add(order);
+                    }
+                }
+            }
+            return orders;
+        }
+    }
+
 }

navalplanner-webapp/src/main/java/org/navalplanner/web/orders/OrderModel.java

@@ -197,7 +197,7 @@ public class OrderModel implements IOrderModel {
             //anyway, if it happenned we return an empty list
             return new ArrayList<Order>();
         }
-        List<Order> orders = orderDAO.getOrdersByAuthorization(user);
+        List<Order> orders = orderDAO.getOrdersByReadAuthorization(user);
         initializeOrders(orders);
         return orders;
     }

navalplanner-webapp/src/main/java/org/navalplanner/web/planner/company/CompanyPlanningModel.java

@@ -533,7 +533,7 @@ public abstract class CompanyPlanningModel implements ICompanyPlanningModel {
             //anyway, if it happenned we return an empty list
             return result;
         }
-        List<Order> list = orderDAO.getOrdersByAuthorization(user);
+        List<Order> list = orderDAO.getOrdersByReadAuthorization(user);
         for (Order order : list) {
             TaskGroup associatedTaskElement = order.getAssociatedTaskElement();
             if (associatedTaskElement != null) {