S12519171 # Client - Incoming Issues (raised by Client) #Standard user should…

S12519171 # Client - Incoming Issues (raised by Client) #Standard user should have read-only access to My Hiring Team

S12519171 # Client - Incoming Issues (raised by Client) #Standard user should…
S12519171 # Client - Incoming Issues (raised by Client) #Standard user should have read-only access to My Hiring Team
2473dbb3 · Nilu · d69399db · 2473dbb3 · 2473dbb3 · 2473dbb3
Commit 2473dbb3 authored Nov 19, 2018 by Nilu
6 changed files
--- a/cmsWebApp/src/performa/orm/CompanyUser.java
+++ b/cmsWebApp/src/performa/orm/CompanyUser.java
@@ -210,4 +210,9 @@ public class CompanyUser extends BaseCompanyUser
    {
        return isTrue(getConditionsAgreed());
    }
+    public RoleType getRoleForHiringTeam(HiringTeam hiringTeam)
+    {
+        return hiringTeam.pipelineHiringTeam().toUsers(CompanyUserHiringTeamLink.SearchByAll().andCompanyUser(new EqualsFilter<>(this))).val().getRole();
+    }
 }
\ No newline at end of file
--- a/cmsWebApp/src/performa/orm/HiringTeam.java
+++ b/cmsWebApp/src/performa/orm/HiringTeam.java
@@ -8,11 +8,13 @@ import oneit.logging.LoggingArea;
 import oneit.objstore.FieldWriteability;
 import oneit.objstore.ValidationContext;
 import oneit.objstore.rdbms.filters.EqualsFilter;
+import oneit.security.SecUser;
 import oneit.utils.DateDiff;
 import oneit.utils.StringUtils;
 import oneit.utils.filter.Filter;
 import oneit.utils.parsers.FieldException;
 import performa.orm.types.AssessmentType;
+import performa.orm.types.RoleType;
 import performa.utils.StripeUtils;
@@ -165,6 +167,26 @@ public class HiringTeam extends BaseHiringTeam
        return getBilledByTeam().canCreateJob();
    }
+    @Override
+    public FieldWriteability getObjectWriteability() 
+    {
+        SecUser secUser =   SecUser.getTXUser(getTransaction());
+        if(secUser != null && secUser.getExtension(CompanyUser.REFERENCE_CompanyUser) != null)
+        {
+            CompanyUser companyUser =   secUser.getExtension(CompanyUser.REFERENCE_CompanyUser);
+            if(companyUser.getRoleForHiringTeam(this) == RoleType.STANDARD)
+            {
+                return FieldWriteability.NOT_IN_GUI;
+            }
+        }
+        return super.getObjectWriteability();
+    }
    @Override
    public FieldWriteability getWriteability_ManageOwnBilling() 
    {

--- a/cmsWebApp/webroot/extensions/adminportal/inc/my_company_tabs.jsp
+++ b/cmsWebApp/webroot/extensions/adminportal/inc/my_company_tabs.jsp
@@ -31,7 +31,9 @@
                </oneit:button>
            </li>
            <%
-                if(companyUser.hasRole(RoleType.BILLING))
+                RoleType userRole   =   companyUser.getRoleForHiringTeam(hiringTeam);
+                if(userRole != RoleType.STANDARD)
                {
            %>

--- a/cmsWebApp/webroot/extensions/adminportal/my_company.jsp
+++ b/cmsWebApp/webroot/extensions/adminportal/my_company.jsp
@@ -71,12 +71,23 @@
                                            <span class="u-img-tag" style="<%= hiringTeam.getHiringTeamLogo() != null ? "" : "display: none" %>">
                                                <tagfile:img    src="<%= ThumbnailUtils.filterImage(DiskFileBinaryContent.getRelativeURL(hiringTeam.getHiringTeamLogo()), "KEEP", new ScaleWithin (0,90)) %>"
                                                                class="upload-img-w-h"  id="client-logo"/>
+                                            <%
+                                                if(hiringTeam.getObjectWriteability() != FieldWriteability.NOT_IN_GUI)
+                                                {
+                                            %>
                                                    <span class="remove-logo-btn">
                                                        <img src="images/logo-remove-btn.png" id="remove-logo">
                                                        <oneit:ormInput obj="<%= hiringTeam %>" type="text" attributeName="IsLogoDeleted"  style="display:none;" />
                                                    </span>
+                                            <%
+                                                }
+                                            %>
                                            </span>
+                                            <%
+                                                if(hiringTeam.getObjectWriteability() != FieldWriteability.NOT_IN_GUI)
+                                                {
+                                            %>
                                                    <span class="up-rep-btn">
                                                        <oneit:ormInput obj="<%= hiringTeam %>" type="file" attributeName="HiringTeamLogo"  accept="image/*"    id="upload"
                                                                        style="visibility: hidden; width: 1px; height: 1px"/>
@@ -84,6 +95,9 @@
                                                            <%= hiringTeam.getHiringTeamLogo() != null ? "Replace" : "Upload" %>
                                                        </a>
                                                    </span>
+                                            <%
+                                                }
+                                            %>
                                        </div>
                                    </div>
                                    <div class="form-group row">

--- a/cmsWebApp/webroot/extensions/adminportal/upgrades/20181117_UpdateCMSSecurity.xml
+++ b/cmsWebApp/webroot/extensions/adminportal/upgrades/20181117_UpdateCMSSecurity.xml
+<?xml version="1.0"?>
+<!-- @AutoRun -->
+<OBJECTS name="">
+    <NODE name="Script" factory="Vector">
+        <NODE name="insertOp" factory="Participant" class="oneit.sql.transfer.InsertOperation"  
+                query="select object_id as roleid from oneit_sec_role where name='TL_CompanyUser'">
+            <tableName factory="String">oneit_sec_role_priv_link</tableName>
+            <value name='object_id' factory='Participant' class="oneit.sql.transfer.DBTransferer$ObjectID"/>
+            <value name='object_last_updated_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
+            <value name='object_created_date' class="oneit.sql.transfer.DBTransferer$Timestamp"/>
+            <value name='role_id' factory='Participant' class="oneit.sql.transfer.InsertOperation$QueryColumn" column="roleid"/>
+        </NODE>
+    </NODE>
+</OBJECTS>
\ No newline at end of file
--- a/cmsWebApp/webroot/extensions/adminportal/upgrades/20181118_Update_Priv.sql
+++ b/cmsWebApp/webroot/extensions/adminportal/upgrades/20181118_Update_Priv.sql
+UPDATE oneit_sec_role_priv_link SET priv_id = (SELECT object_id FROM oneit_sec_privilege WHERE name='cms:ViewPrivilege:L81G02K5MTK0TOFUS8WCGZ42NSR06P') WHERE priv_id IS NULL;