Ignore:
Timestamp:
Jul 14, 2010, 1:18:53 PM (14 years ago)
Author:
gav
Message:

Full authorisation review.
Add manager role to BaseController.
Remove inventory manager role from CostCode controller as per ticket #77.
Remove inventory manager role from InventoryGroup controller CUD actions.
Add all manager roles to Address and Contact controllers.
Add production and task manager roles to ProductionReference controller.

Location:
trunk/grails-app/controllers
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/AddressDetailedController.groovy

    r403 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     4                    'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager'])
    45class AddressDetailedController extends BaseController {
    56
    67    def addressService
    78
    8     @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
     9    @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     10                        'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager', 'ROLE_AppUser'])
    911    def index = { redirect(action:list,params:params) }
    1012
     
    1214    static allowedMethods = [delete:'POST', save:'POST', update:'POST']
    1315
    14     @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
     16    @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     17                        'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager', 'ROLE_AppUser'])
    1518    def list = {
    1619        params.max = Math.min( params.max ? params.max.toInteger() : 10,  100)
     
    1821    }
    1922
    20     @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
     23    @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     24                        'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager', 'ROLE_AppUser'])
    2125    def show = {
    2226        def addressInstance = Address.get( params.id )
  • trunk/grails-app/controllers/BaseController.groovy

    r298 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_AppUser'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
    44abstract class BaseController {
    55
  • trunk/grails-app/controllers/ContactDetailedController.groovy

    r402 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     4                    'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager'])
    45class ContactDetailedController extends BaseController {
    56
    67    def contactService
    78
    8     @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
     9    @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     10                        'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager', 'ROLE_AppUser'])
    911    def index = { redirect(action:list,params:params) }
    1012
     
    1214    static allowedMethods = [delete:'POST', save:'POST', update:'POST']
    1315
    14     @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
     16    @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     17                        'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager', 'ROLE_AppUser'])
    1518    def list = {
    1619        params.max = Math.min( params.max ? params.max.toInteger() : 10,  100)
     
    1821    }
    1922
    20     @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AppUser'])
     23    @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager',
     24                        'ROLE_InventoryManager', 'ROLE_AssetManager', 'ROLE_ProductionManager', 'ROLE_AppUser'])
    2125    def show = {
    2226        def contactInstance = Contact.get( params.id )
  • trunk/grails-app/controllers/CostCodeDetailedController.groovy

    r441 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
    44class CostCodeDetailedController extends BaseController {
    55   
  • trunk/grails-app/controllers/DepartmentDetailedController.groovy

    r403 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_Manager','ROLE_AppAdmin'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
    44class DepartmentDetailedController extends BaseController {
    55   
  • trunk/grails-app/controllers/DepartmentExtendedAttributeDetailedController.groovy

    r403 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_Manager','ROLE_AppAdmin'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
    44class DepartmentExtendedAttributeDetailedController extends BaseController {
    55
  • trunk/grails-app/controllers/ExtendedAttributeTypeDetailedController.groovy

    r403 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_Manager','ROLE_AppAdmin'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
    44class ExtendedAttributeTypeDetailedController extends BaseController {
    55   
  • trunk/grails-app/controllers/InventoryGroupDetailedController.groovy

    r403 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
    44class InventoryGroupDetailedController extends BaseController {
    55
  • trunk/grails-app/controllers/PersonController.groovy

    r440 r628  
    22import org.codehaus.groovy.grails.commons.ConfigurationHolder
    33
    4 @Secured(['ROLE_Manager','ROLE_AppAdmin'])
     4@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
    55class PersonController extends BaseAppAdminController {
    66
  • trunk/grails-app/controllers/ProductionReferenceDetailedController.groovy

    r431 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_ProductionManager'])
    44class ProductionReferenceDetailedController extends BaseController {
    55
  • trunk/grails-app/controllers/UnitOfMeasureDetailedController.groovy

    r559 r628  
    11import org.codehaus.groovy.grails.plugins.springsecurity.Secured
    22
    3 @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager'])
     3@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager'])
    44class UnitOfMeasureDetailedController extends BaseController {
    55   
Note: See TracChangeset for help on using the changeset viewer.