Closed GoogleCodeExporter closed 8 years ago
bel nesba lel reviewer? (A)
Original comment by mahmoudsakr87
on 17 Jun 2010 at 8:57
Original comment by menna.gh...@gmail.com
on 17 Jun 2010 at 9:11
aho 3shan matez3alsh :$ lamo2a7`za asly naset :D
Original comment by menna.gh...@gmail.com
on 17 Jun 2010 at 9:12
Original comment by menna.gh...@gmail.com
on 22 Jun 2010 at 9:35
Original comment by menna.gh...@gmail.com
on 25 Jun 2010 at 1:44
Which stories are these permissions applied for? All C4 stories wala eh? I've
noticed Hadeer had an apply new permissions task, so that doesn't sound right.
Original comment by mahmoudsakr87
on 26 Jun 2010 at 10:03
no these permissions are for my stories, no one can edit sprint backlog unless
he's a scrum master or he is the owner of the story or the reviewer of the
story.
Also in a reviewlog, no one can edit notes except he;s a scrum master
Original comment by menna.gh...@gmail.com
on 27 Jun 2010 at 3:56
In ProductBacklogs.index I see this:
Project project1 = Project.findById(id);
Security.check(project1.users.contains(Security.getConnected()));
Why is this checking for the project to contain the connected user if this
might be showing a component instead?
Shouldn't this check be inside the if clause, to check for if the project OR
component based on isComp?
Original comment by mahmoudsakr87
on 27 Jun 2010 at 5:44
well as a matter of fact, anyone in the project can see the component backlog,
since he can basically c it in the product backlog so why not c it through
component? Or should it be other wise?
Original comment by menna.gh...@gmail.com
on 27 Jun 2010 at 5:49
la2 da mesh not my concern. I was rather thinking of variable: id
if isComp == true, you should be querying Components, not Projects. You could
still apply your logic.
Imagine isComp == true, and id = 10 (referencing component 10) You're
accordingly checking if the user is in project 10, NOT in the project of the
component 10. fahma asdy?
Original comment by mahmoudsakr87
on 27 Jun 2010 at 5:57
ahhhhhhhhhh. okay, yes u are right, will be fixed right away :D
Original comment by menna.gh...@gmail.com
on 27 Jun 2010 at 6:01
You still need to handle that a system admin could see the backlog. You'll need
to || Security.getConnected().isAdmin on both these checks.
Original comment by mahmoudsakr87
on 27 Jun 2010 at 7:19
Also, howa how can I edit elbacklog?
Original comment by mahmoudsakr87
on 27 Jun 2010 at 7:20
system admin handled.
we how can u edit ezay? i kinda dont get the question
Original comment by menna.gh...@gmail.com
on 27 Jun 2010 at 7:30
elbacklog, aren't the tasks editable? shouldn't I be able to edit these stories
from the backlog w keda?
+ Could you make sure you have a @With(Secure.class) on ALL the controllers
that require a logged in user, to make sure the user sees a login page if he's
not.
Original comment by mahmoudsakr87
on 27 Jun 2010 at 8:29
well yes, in the product backlog u can edit the stories, and in the sprint
backlog u can edit the tasks, but u cant edit the story in a sprint backlog if
ur asking abt that.
BUT for a product backlog, u cant edit if there is a sprint running, and for a
sprint backlog, u cant edit if ur not the scrum master, or assignee or
reviewer, or admin of course.
for the @with(Secure.class) it is done.
Original comment by menna.gh...@gmail.com
on 27 Jun 2010 at 11:40
I'm getting this exception when accessing elbacklog now (find attached)
In views, use connected to fetch the connected user. #{if connected.isAdmin}
masalan w keda
Original comment by mahmoudsakr87
on 28 Jun 2010 at 6:45
Attachments:
Just a heads up:
#{if Security.getConnected().in(project).can('editBacklog') || Security.getConnected().isAdmin}
<span style="display:none"> ${flag=true}</span>
#{/if}
#{ifnot flag}
<div id="NOTE"style="padding: 10px 10px 10px 10px" class="ui-state-highlight ui-corner-all">
<span style="float: left; margin-right: 0.3em;" class="ui-icon ui-icon-info"></span>
<strong>NOTE: </strong>Editing is not allowed.
<br/><a href="#" onclick="$('#NOTE').css('display','none');">hide me?</a></div>
#{/ifnot}
Could have been refactored to:
#{ifnot connected.in(project).can('editBacklog') || connected.isAdmin}
<div id="NOTE"style="padding: 10px 10px 10px 10px" class="ui-state-highlight
ui-corner-all">
<span style="float: left; margin-right: 0.3em;" class="ui-icon
ui-icon-info"></span>
<strong>NOTE: </strong>Editing is not allowed.
<br/><a href="#" onclick="$('#NOTE').css('display','none');">hide me?</a></div>
#{/ifnot}
Original comment by mahmoudsakr87
on 28 Jun 2010 at 6:48
well sometimes it fascinates how dumb i can sometimes be!! i was doing it
connected then kararet en ana bafaty we 7`aletha security.connected :X!! anyway
right now i dont have my laptop but ill fix it first thing when i go home
(e7m..which will be kinda late :$ m3lsh)
bs y3ny 3la fkra, i need the flag fi another part to, so ill have to right it
brdo fi el ifnot :P
Original comment by menna.gh...@gmail.com
on 28 Jun 2010 at 8:43
Oh, okay. You're right then :D
You still don't need the span hidden,
#{if Security.getConnected().in(project).can('editBacklog') ||
Security.getConnected().isAdmin}
<span style="display:none"> ${flag=true}</span>
#{/if}
could be refactored to:
#{set flag:Security.getConnected().in(project).can('editBacklog') ||
Security.getConnected().isAdmin /}
Take your time. :)
Original comment by mahmoudsakr87
on 28 Jun 2010 at 9:16
foll :D
Original comment by menna.gh...@gmail.com
on 28 Jun 2010 at 9:28
Done :D
Original comment by menna.gh...@gmail.com
on 28 Jun 2010 at 4:54
mabrook elbara2a =D
Original comment by mahmoudsakr87
on 28 Jun 2010 at 7:23
Original issue reported on code.google.com by
menna.gh...@gmail.com
on 17 Jun 2010 at 8:51