orderviewwebsecure.bsh

Sequoia ERP是一个真正的企业级开源ERP解决方案。它提供的模块包括：电子商务应用(e-commerce), POS系统(point of sales),知识管理,存货与仓库管理

/*
 *  Copyright (c) 2003-2005 The Open For Business Project - www.ofbiz.org
 *
 *  Permission is hereby granted, free of charge, to any person obtaining a
 *  copy of this software and associated documentation files (the "Software"),
 *  to deal in the Software without restriction, including without limitation
 *  the rights to use, copy, modify, merge, publish, distribute, sublicense,
 *  and/or sell copies of the Software, and to permit persons to whom the
 *  Software is furnished to do so, subject to the following conditions:
 *
 *  The above copyright notice and this permission notice shall be included
 *  in all copies or substantial portions of the Software.
 *
 *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 *  OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 *  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 *  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
 *  CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
 *  OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
 *  THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 *
 *@author     Andy Zeneski (jaz@ofbiz.org)
 *@version    $Rev: 5809 $
 *@since      2.2
 */

import java.util.*;
import org.ofbiz.base.util.*;
import org.ofbiz.base.util.collections.*;
import org.ofbiz.order.order.*;

if (orderHeader != null) {
    // set hasPermission, must always exist if the orderHeader != null
    // hasPermission if: has ORDERMGR_VIEW, ORDERMGR_ROLE_VIEW & associated with order, or is associated in the SUPPLIER_AGENT role
    hasPermission = false;
    canViewInternalDetails = false;
    if (("SALES_ORDER".equals(orderHeader.getString("orderTypeId")) && security.hasEntityPermission("ORDERMGR", "_VIEW", session))
        || ("PURCHASE_ORDER".equals(orderHeader.getString("orderTypeId")) && security.hasEntityPermission("ORDERMGR", "_PURCHASE_VIEW", session))) {
        hasPermission = true;
        canViewInternalDetails = true;
    } else if (security.hasEntityPermission("ORDERMGR_ROLE", "_VIEW", session)) {
        currentUserOrderRoles = orderHeader.getRelated("OrderRole", UtilMisc.toMap("partyId", userLogin.get("partyId")), null);
        if (currentUserOrderRoles != null && currentUserOrderRoles.size() > 0) {
            hasPermission = true;
            canViewInternalDetails = true;
        }
    } else {
        // regardless of permission, allow if this is the supplier
        currentUserSupplierOrderRoles = orderHeader.getRelated("OrderRole", UtilMisc.toMap("partyId", userLogin.get("partyId"), "roleTypeId", "SUPPLIER_AGENT"), null);
        if (currentUserSupplierOrderRoles != null && currentUserSupplierOrderRoles.size() > 0) {
            hasPermission = true;
        }
    }
    context.put("hasPermission", hasPermission);
    context.put("canViewInternalDetails", canViewInternalDetails);

    orderContentWrapper = OrderContentWrapper.makeOrderContentWrapper(orderHeader, request);
    context.put("orderContentWrapper", orderContentWrapper);
}