From bdb4b3d5ba00d155e84963a0a0c6bc9e78a7c231 Mon Sep 17 00:00:00 2001 From: Loc Nguyen <121596218+ntloc-axonivy@users.noreply.github.com> Date: Mon, 9 Dec 2024 13:35:02 +0700 Subject: [PATCH] IVYPORTAL-18054 Iframe task template: Missing permission check for Case information (#1291) * feature/IVYPORTAL-18054-Iframe-task-template-Missing-permission-check-for-Case-information-LE - Fix case not found * feature/IVYPORTAL-18054-Iframe-task-template-Missing-permission-check-for-Case-information-LE - Fix case not have permission * feature/IVYPORTAL-18054-Iframe-task-template-Missing-permission-check-for-Case-information-LE --- AxonIvyPortal/portal/cms/cms.yaml | 2 +- AxonIvyPortal/portal/cms/cms_de.yaml | 2 +- AxonIvyPortal/portal/cms/cms_en.yaml | 2 +- AxonIvyPortal/portal/cms/cms_es.yaml | 2 +- AxonIvyPortal/portal/cms/cms_fr.yaml | 2 +- .../portal/generic/bean/AbstractTaskTemplateBean.java | 2 +- .../ch/ivy/addon/portalkit/bean/CaseWidgetBean.java | 11 ++++++++++- .../layouts/restricted/AbstractTaskTemplate.xhtml | 8 ++++---- .../portal/webContent/resources/css/module.css | 5 +++++ 9 files changed, 25 insertions(+), 11 deletions(-) diff --git a/AxonIvyPortal/portal/cms/cms.yaml b/AxonIvyPortal/portal/cms/cms.yaml index 896f00b7270..865c4f9a304 100644 --- a/AxonIvyPortal/portal/cms/cms.yaml +++ b/AxonIvyPortal/portal/cms/cms.yaml @@ -1,6 +1,6 @@ ch.ivy.addon.portal.generic: CaseDetailsTemplate: - noCaseId: No case-Id specified + noCaseFound: Case not found or you don't have permission to view this case. requestTabTitle: Request statusTabTitle: Case Information OpenTaskTemplate: diff --git a/AxonIvyPortal/portal/cms/cms_de.yaml b/AxonIvyPortal/portal/cms/cms_de.yaml index d1f85cba9f2..dd66e122eea 100644 --- a/AxonIvyPortal/portal/cms/cms_de.yaml +++ b/AxonIvyPortal/portal/cms/cms_de.yaml @@ -1,6 +1,6 @@ ch.ivy.addon.portal.generic: CaseDetailsTemplate: - noCaseId: Keine Vorgangs-ID spezifiziert + noCaseFound: Vorgang nicht gefunden oder Sie haben keine Berechtigung, diesen Vorgang zu sehen. requestTabTitle: Anfrage statusTabTitle: Vorgangsinformationen OpenTaskTemplate: diff --git a/AxonIvyPortal/portal/cms/cms_en.yaml b/AxonIvyPortal/portal/cms/cms_en.yaml index edcfc633ea7..aee201428bf 100644 --- a/AxonIvyPortal/portal/cms/cms_en.yaml +++ b/AxonIvyPortal/portal/cms/cms_en.yaml @@ -1,6 +1,6 @@ ch.ivy.addon.portal.generic: CaseDetailsTemplate: - noCaseId: No case-Id specified + noCaseFound: Case not found or you don't have permission to view this case. requestTabTitle: Request statusTabTitle: Case Information OpenTaskTemplate: diff --git a/AxonIvyPortal/portal/cms/cms_es.yaml b/AxonIvyPortal/portal/cms/cms_es.yaml index 5f54bd19892..f74b3738de8 100644 --- a/AxonIvyPortal/portal/cms/cms_es.yaml +++ b/AxonIvyPortal/portal/cms/cms_es.yaml @@ -1,6 +1,6 @@ ch.ivy.addon.portal.generic: CaseDetailsTemplate: - noCaseId: No hay ID de caso especificado + noCaseFound: Caso no encontrado o no tienes permiso para ver este caso. requestTabTitle: Solicitud statusTabTitle: Información del caso OpenTaskTemplate: diff --git a/AxonIvyPortal/portal/cms/cms_fr.yaml b/AxonIvyPortal/portal/cms/cms_fr.yaml index cad0ec2d686..53419436396 100644 --- a/AxonIvyPortal/portal/cms/cms_fr.yaml +++ b/AxonIvyPortal/portal/cms/cms_fr.yaml @@ -1,6 +1,6 @@ ch.ivy.addon.portal.generic: CaseDetailsTemplate: - noCaseId: Aucun numéro de dossier n'a été indiqué + noCaseFound: Cas non trouvé ou vous n'avez pas la permission de voir ce cas. requestTabTitle: Demande statusTabTitle: Informations sur le dossier OpenTaskTemplate: diff --git a/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/AbstractTaskTemplateBean.java b/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/AbstractTaskTemplateBean.java index 5fbf065d0b5..a5a43fcce15 100644 --- a/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/AbstractTaskTemplateBean.java +++ b/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/AbstractTaskTemplateBean.java @@ -159,7 +159,7 @@ private int getFirstTerminatingStageIndex(List stages) { } public void generateCaseDetailInFrame(ICase currentCase) { - setCaseDetailsLink(PortalNavigator.buildPortalCaseDetailInFrameUrl(currentCase.uuid())); + setCaseDetailsLink(PortalNavigator.buildPortalCaseDetailInFrameUrl(currentCase != null ? currentCase.uuid() : "")); } public Long getIntervalForPollingWhenOpenCaseDetails() { diff --git a/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/bean/CaseWidgetBean.java b/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/bean/CaseWidgetBean.java index 0c303aff69d..b8338487372 100644 --- a/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/bean/CaseWidgetBean.java +++ b/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/bean/CaseWidgetBean.java @@ -11,6 +11,7 @@ import javax.faces.bean.ViewScoped; import org.apache.commons.collections4.CollectionUtils; + import com.axonivy.portal.enums.SearchScopeCaseField; import com.axonivy.portal.service.GlobalSearchService; @@ -25,6 +26,7 @@ import ch.ivy.addon.portalkit.enums.SessionAttribute; import ch.ivy.addon.portalkit.enums.TaskSortField; import ch.ivy.addon.portalkit.exporter.Exporter; +import ch.ivy.addon.portalkit.ivydata.service.impl.CaseService; import ch.ivy.addon.portalkit.service.CaseFilterService; import ch.ivy.addon.portalkit.support.HtmlParser; import ch.ivy.addon.portalkit.util.CaseUtils; @@ -221,8 +223,15 @@ public String getGlobalSearchText(CaseLazyDataModel model) { } return result; } - + public boolean isShowGlobalSearchScope() { return GlobalSearchService.getInstance().isShowGlobalSearchByCases(); } + + public boolean isCaseFound(ICase caze) { + if (caze != null) { + return CaseService.newInstance().isCaseAccessible(caze.uuid()); + } + return false; + } } diff --git a/AxonIvyPortal/portal/webContent/layouts/restricted/AbstractTaskTemplate.xhtml b/AxonIvyPortal/portal/webContent/layouts/restricted/AbstractTaskTemplate.xhtml index 21f9cc4a85a..5747c09e45c 100644 --- a/AxonIvyPortal/portal/webContent/layouts/restricted/AbstractTaskTemplate.xhtml +++ b/AxonIvyPortal/portal/webContent/layouts/restricted/AbstractTaskTemplate.xhtml @@ -160,14 +160,14 @@ - - +