From 66133dce1ad626fb76c867b55506316b512ce174 Mon Sep 17 00:00:00 2001
From: Josef Rokos <pepa@bukova.info>
Date: Tue, 13 Jan 2015 13:57:43 +0100
Subject: [PATCH] =?UTF-8?q?Opravena=20kontrola=20pr=C3=A1v=20p=C5=99i=20?=
 =?UTF-8?q?=C3=BAprav=C4=9B=20objedn=C3=A1vky.=20Opraveno=20vyhodnocen?=
 =?UTF-8?q?=C3=AD=20pr=C3=A1v=20pro=20zobrazen=C3=AD=20po=C5=BEadavk=C5=AF?=
 =?UTF-8?q?=20st=C5=99ediska/komise.=20closes=20#187?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../WorkgroupAwareServiceEvaluator.java         | 17 +++++++++++++++--
 .../services/orders/OrderServiceImpl.java       |  1 +
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java b/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java
index b03f8738..a5bd2e8d 100644
--- a/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java
+++ b/src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java
@@ -1,6 +1,7 @@
 package info.bukova.isspst.security;
 
 import info.bukova.isspst.Constants;
+import info.bukova.isspst.Module;
 import info.bukova.isspst.data.Permission;
 import info.bukova.isspst.data.PermissionType;
 import info.bukova.isspst.data.Role;
@@ -39,11 +40,22 @@ public class WorkgroupAwareServiceEvaluator implements Evaluator {
 		}
 		
 		User user = (User)authentication.getPrincipal();
+		String moduleId = "";
+		
+		// TODO - v master větvi je na toto pomocná třída
+		for (Module m : Constants.MODULES) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
+				moduleId = m.getId();
+				break;
+			}
+		}
 		
 		Permission appPermission = null;
 		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
-			if (p.getAuthority().equals(permission)) {
+			if (p.getAuthority().equals(permission) 
+					&& p.getModule().equals(moduleId)) {
 				appPermission = p;
+				break;
 			}
 		}
 
@@ -66,7 +78,8 @@ public class WorkgroupAwareServiceEvaluator implements Evaluator {
 			
 			for (Role r : wgRoles) {
 				for (Permission p : r.getPermissions()) {
-					if (p.getAuthority().equals(appPermission.getAuthority())) {
+					if (p.getAuthority().equals(appPermission.getAuthority())
+							&& p.getModule().equals(appPermission.getModule())) {
 						return true;
 					}
 				}
diff --git a/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java b/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java
index 52a37706..42f5ab84 100644
--- a/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java
+++ b/src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java
@@ -181,6 +181,7 @@ public class OrderServiceImpl extends AbstractOwnedService<Order> implements
 	}
 
 	@Transactional
+	@PreAuthorize("hasPermission(this, 'PERM_EDIT') or hasPermission(#entity, this.getUpdateEntityPermission())")
 	public void updateApprovedItems(Order order, boolean orderedChanged)
 	{
 		if (orderedChanged)