Merge branch 'Verze_1.0' of https://git.bukova.info/repos/git/isspst into Verze_1.0

src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java

@@ -1,6 +1,7 @@
 package info.bukova.isspst.security;
 
 import info.bukova.isspst.Constants;
+import info.bukova.isspst.Module;
 import info.bukova.isspst.data.Permission;
 import info.bukova.isspst.data.PermissionType;
 import info.bukova.isspst.data.Role;
@@ -39,11 +40,22 @@ public class WorkgroupAwareServiceEvaluator implements Evaluator {
 		}
 		
 		User user = (User)authentication.getPrincipal();
+		String moduleId = "";
+		
+		// TODO - v master větvi je na toto pomocná třída
+		for (Module m : Constants.MODULES) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
+				moduleId = m.getId();
+				break;
+			}
+		}
 		
 		Permission appPermission = null;
 		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
-			if (p.getAuthority().equals(permission)) {
+			if (p.getAuthority().equals(permission) 
+					&& p.getModule().equals(moduleId)) {
 				appPermission = p;
+				break;
 			}
 		}
 
@@ -66,7 +78,8 @@ public class WorkgroupAwareServiceEvaluator implements Evaluator {
 			
 			for (Role r : wgRoles) {
 				for (Permission p : r.getPermissions()) {
-					if (p.getAuthority().equals(appPermission.getAuthority())) {
+					if (p.getAuthority().equals(appPermission.getAuthority())
+							&& p.getModule().equals(appPermission.getModule())) {
 						return true;
 					}
 				}

src/main/java/info/bukova/isspst/services/orders/OrderServiceImpl.java

@@ -181,6 +181,7 @@ public class OrderServiceImpl extends AbstractOwnedService<Order> implements
 	}
 
 	@Transactional
+	@PreAuthorize("hasPermission(this, 'PERM_EDIT') or hasPermission(#entity, this.getUpdateEntityPermission())")
 	public void updateApprovedItems(Order order, boolean orderedChanged)
 	{
 		if (orderedChanged)