Merge branch 'master' of https://git.bukova.info/repos/git/isspst

pom.xml

@@ -80,6 +80,11 @@
     		<artifactId>spring-security-ldap</artifactId>
     		<version>${org.springframework-version}</version>
   		</dependency>
+  		<dependency>
+        	<groupId>org.springframework.security</groupId>
+        	<artifactId>spring-security-openid</artifactId>
+        	<version>${org.springframework-version}</version>
+    	</dependency>
   		<dependency>
     		<groupId>org.springframework</groupId>
     		<artifactId>spring-test</artifactId>

src/main/java/info/bukova/isspst/Constants.java

@@ -11,8 +11,9 @@ import info.bukova.isspst.services.buildings.BuildingService;
 import info.bukova.isspst.services.munits.MUnitService;
 import info.bukova.isspst.services.reqsubjects.MaterialService;
 import info.bukova.isspst.services.reqsubjects.ServiceItemService;
-import info.bukova.isspst.services.requirement.RequirementBaseService;
+import info.bukova.isspst.services.requirement.RequirementService;
 import info.bukova.isspst.services.requirement.RequirementTypeService;
+import info.bukova.isspst.services.requirement.TripRequirementService;
 import info.bukova.isspst.services.tripbill.TripBillService;
 import info.bukova.isspst.services.users.RoleService;
 import info.bukova.isspst.services.users.UserService;
@@ -63,6 +64,7 @@ public class Constants {
 	public final static String MOD_SERVICES = "SERVICES";
 	public final static String MOD_WORKGROUPS = "WORKGROUPS";
 	public final static String MOD_REQUIREMENTS = "REQUIREMENTS";
+	public final static String MOD_TRIPREQUIREMENTS = "TRIPREQUIREMENTS";
 	public final static String MOD_WORKFLOW = "WORKFLOW";
 	public final static String MOD_TRIPBILL = "TRIPBILL";
 	public final static Module MODULES[] = {
@@ -74,7 +76,8 @@ public class Constants {
 		new Module(MOD_MATERIAL, "Materiál", MaterialService.class),
 		new Module(MOD_SERVICES, "Služby", ServiceItemService.class),
 		new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class),
-		new Module(MOD_REQUIREMENTS, "Požadavky", RequirementBaseService.class),
+		new Module(MOD_REQUIREMENTS, "Požadavky na nákupy", RequirementService.class),
+		new Module(MOD_TRIPREQUIREMENTS, "Pžadavky na služební cesty", TripRequirementService.class),
 		new Module(MOD_WORKFLOW, "Procesy schválení", RequirementTypeService.class),
 		new Module(MOD_TRIPBILL, "Cestovní příkazy", TripBillService.class)
 		};
@@ -89,6 +92,11 @@ public class Constants {
 		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE),
 		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL),
 		new Permission(PERM_APPROVE, "Schválení", MOD_REQUIREMENTS, PermissionType.WORKGROUP),
+		
+		new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_TRIPREQUIREMENTS, PermissionType.WORKGROUP),
+		new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_TRIPREQUIREMENTS, PermissionType.CENTRE),
+		new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_TRIPREQUIREMENTS, PermissionType.GLOBAL),
+		new Permission(PERM_APPROVE, "Schválení", MOD_TRIPREQUIREMENTS, PermissionType.WORKGROUP),
 	};
 	
 	public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava";

src/main/java/info/bukova/isspst/data/TripRequirement.java

@@ -1,5 +1,6 @@
 package info.bukova.isspst.data;
 
+import java.math.BigDecimal;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -35,6 +36,10 @@ public class TripRequirement extends RequirementBase {
 	private List<User> passengers;
 	@Embedded
 	private Vehicle vehicle;
+	@Column(name = "REQUIRE_DOWN_PAYMENT")
+	private Boolean requireDownPayment;
+	@Column(name = "DOWN_PAYMENT", precision = 15, scale = 4)
+	private BigDecimal downPayment;
 
 	public TripRequirement() {
 		this.setOwnedBy(new User());
@@ -97,4 +102,20 @@ public class TripRequirement extends RequirementBase {
 		this.vehicle = vehicle;
 	}
 
+	public Boolean getRequireDownPayment() {
+		return requireDownPayment;
+	}
+
+	public void setRequireDownPayment(Boolean requireDownPayment) {
+		this.requireDownPayment = requireDownPayment;
+	}
+
+	public BigDecimal getDownPayment() {
+		return downPayment;
+	}
+
+	public void setDownPayment(BigDecimal downPayment) {
+		this.downPayment = downPayment;
+	}
+
 }

src/main/java/info/bukova/isspst/reporting/PredefinedGenerator.java

@@ -4,6 +4,9 @@ import java.io.File;
 
 import javax.servlet.ServletContext;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import net.sf.jasperreports.engine.JRException;
 import net.sf.jasperreports.engine.JasperReport;
 import net.sf.jasperreports.engine.JasperRunManager;
@@ -16,6 +19,7 @@ public class PredefinedGenerator implements Generator {
 	
 	private ReportDefinition definition;
 	private ServletContext ctx;
+	private final static Logger logger = LoggerFactory.getLogger(PredefinedGenerator.class);
 	
 	public PredefinedGenerator(ReportDefinition definition, ServletContext ctx) {
 		this.definition = definition;
@@ -30,8 +34,10 @@ public class PredefinedGenerator implements Generator {
 			JasperReport report = (JasperReport) JRLoader.loadObject(getReportFile());
 			JRProperties.setProperty("net.sf.jasperreports.default.pdf.encoding", "Cp1250");
 			loadLazyData();
+			definition.setParam("SUBREPORT_DIR", ctx.getRealPath("WEB-INF/reports") + "/");
 			bytes = JasperRunManager.runReportToPdf(report, definition.getParams(), new JRBeanCollectionDataSource(definition.getDataSet()));;
 		} catch (JRException e) {
+			logger.error("Generator error: " + e.getMessage());
 			throw new ReportException(e);
 		}
 		

src/main/java/info/bukova/isspst/security/Evaluator.java

@@ -0,0 +1,10 @@
+package info.bukova.isspst.security;
+
+import org.springframework.security.core.Authentication;
+
+public interface Evaluator {
+	
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission);
+
+}

src/main/java/info/bukova/isspst/security/EvaluatorsHolder.java

@@ -0,0 +1,41 @@
+package info.bukova.isspst.security;
+
+import java.util.Map;
+
+public class EvaluatorsHolder {
+
+	private Map<Class<?>, Evaluator> globalEvaluators;
+	private Map<Class<?>, Evaluator> specialEvaluators;
+
+	public void setGlobalEvaluators(Map<Class<?>, Evaluator> globalEvaluators) {
+		this.globalEvaluators = globalEvaluators;
+	}
+
+	public void setSpecialEvaluators(Map<Class<?>, Evaluator> specialEvaluators) {
+		this.specialEvaluators = specialEvaluators;
+	}
+	
+	public Evaluator getForObject(Object object, boolean special) {
+		Map<Class<?>, Evaluator> evals;
+		
+		if (special) {
+			evals = specialEvaluators;
+		} else {
+			evals = globalEvaluators;
+		}
+		
+		for (Class<?> key : evals.keySet()) {
+			if (key.equals(object.getClass())) {
+				return evals.get(key);
+			}
+		}
+		
+		for (Class<?> key : evals.keySet()) {
+			if (key.isAssignableFrom(object.getClass())) {
+				return evals.get(key);
+			}
+		}
+		
+		return null;
+	}
+}

src/main/java/info/bukova/isspst/security/IsPermissionEvaluator.java

@@ -0,0 +1,44 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
+
+import java.io.Serializable;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.PermissionEvaluator;
+import org.springframework.security.core.Authentication;
+
+public class IsPermissionEvaluator implements PermissionEvaluator {
+	
+	@Autowired
+	private EvaluatorsHolder evalHolder;
+
+	@Override
+	public boolean hasPermission(Authentication authentication,
+			Object targetDomainObject, Object permission) {
+		
+		Permission appPermission = null;
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (p.getAuthority().equals(permission)) {
+				appPermission = p;
+			}
+		}
+
+		Evaluator eval = evalHolder.getForObject(targetDomainObject, appPermission != null && appPermission.getType() != PermissionType.GLOBAL);
+		
+		if (eval != null) {
+			return eval.evaluate(authentication, targetDomainObject, (String)permission);
+		}
+		
+		return false;
+	}
+
+	@Override
+	public boolean hasPermission(Authentication authentication,
+			Serializable targetId, String targetType, Object permission) {
+		return false;
+	}
+
+}

src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java

@@ -17,9 +17,8 @@ import java.util.List;
 
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.core.Authentication;
-import org.springframework.transaction.annotation.Transactional;
 
-@Transactional
+@Deprecated
 public class IsspstPermissionEvaluator implements PermissionEvaluator {
 	
 	private WorkgroupService wgService;

src/main/java/info/bukova/isspst/security/RequirementFilterEvaluator.java

@@ -0,0 +1,68 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
+import info.bukova.isspst.data.RequirementBase;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.Workgroup;
+import info.bukova.isspst.services.workgroups.WorkgroupService;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public class RequirementFilterEvaluator implements Evaluator {
+	
+	private WorkgroupService wgService;
+	
+	public RequirementFilterEvaluator(WorkgroupService wgService) {
+		this.wgService = wgService;
+	}
+
+	@Override
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission) {
+		
+		RequirementBase req = (RequirementBase) targetDomainObject;
+		Workgroup reqWg;
+		
+		if (!(authentication.getPrincipal() instanceof User)) {
+			return false;
+		}
+		
+		User user = (User)authentication.getPrincipal();
+		
+		Permission appPermission = null;
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (p.getAuthority().equals(permission)) {
+				appPermission = p;
+			}
+		}
+		
+		if (appPermission == null) {
+			return false;
+		}
+		
+		if (appPermission.getType() == PermissionType.CENTRE) {
+			reqWg = req.getCentre();
+		} else {
+			reqWg = req.getWorkgroup();
+		}
+		
+		if (wgService.isMember(reqWg, user)) {
+			List<Role> roles = wgService.getUserWorkgroupRoles(reqWg, user);
+			for (Role r : roles) {
+				for (Permission p : r.getPermissions()) {
+					if (p.getAuthority().equals(appPermission.getAuthority())) {
+						return true;
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+
+}

src/main/java/info/bukova/isspst/security/ServiceEvaluator.java

@@ -0,0 +1,46 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.Module;
+import info.bukova.isspst.data.Role;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public class ServiceEvaluator implements Evaluator {
+
+	@SuppressWarnings("unchecked")
+	@Override
+	public boolean evaluate(Authentication authentication,
+		Object targetDomainObject, String permission) {
+
+		List<Role> roles = (List<Role>) authentication.getAuthorities();
+		String moduleId = "";
+		String perm = permission;
+		
+		for (Module m : Constants.MODULES) {
+			if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) {
+				moduleId = m.getId();
+				break;
+			}
+		}
+		
+		perm += "_" + moduleId;
+		
+		for (int i = 0; i < roles.size(); i++) {
+			if (!(roles.get(i) instanceof Role)) {
+				return false;
+			}
+			if (roles.get(i).getAuthority().equals(perm)) {
+				return true;
+			}
+			if (roles.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) {
+				return true;
+			}
+		}
+		
+		return false;
+	}
+
+}

src/main/java/info/bukova/isspst/security/WorkgroupAwareServiceEvaluator.java

@@ -0,0 +1,71 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Permission;
+import info.bukova.isspst.data.PermissionType;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.Workgroup;
+import info.bukova.isspst.services.workgroups.WorkgroupService;
+
+import java.util.List;
+
+import org.springframework.security.core.Authentication;
+
+public class WorkgroupAwareServiceEvaluator implements Evaluator {
+
+	private WorkgroupService wgService;
+	
+	public WorkgroupAwareServiceEvaluator(WorkgroupService wgService) {
+		this.wgService = wgService;
+	}
+	
+	@Override
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission) {
+		
+		List<Workgroup> userWorkgroups;
+		
+		if (!(authentication.getPrincipal() instanceof User)) {
+			return false;
+		}
+		
+		User user = (User)authentication.getPrincipal();
+		
+		Permission appPermission = null;
+		for (Permission p : Constants.SPECIAL_PERMISSIONS) {
+			if (p.getAuthority().equals(permission)) {
+				appPermission = p;
+			}
+		}
+
+		if (appPermission == null) {
+			return false;
+		}
+		
+		if (appPermission.getType() == PermissionType.CENTRE) {
+			userWorkgroups = wgService.getUserCentres(user);
+		} else {
+			userWorkgroups = wgService.getUserWorkgroups(user);
+		}
+		
+		for (Workgroup wg : userWorkgroups) {
+			List<Role> wgRoles = wgService.getUserWorkgroupRoles(wg, user);
+			
+			if (wgRoles == null) {
+				continue;
+			}
+			
+			for (Role r : wgRoles) {
+				for (Permission p : r.getPermissions()) {
+					if (p.getAuthority().equals(appPermission.getAuthority())) {
+						return true;
+					}
+				}
+			}
+		}
+		
+		return false;
+	}
+
+}

src/main/java/info/bukova/isspst/services/requirement/TripRequirementServiceImpl.java

@@ -1,6 +1,7 @@
 package info.bukova.isspst.services.requirement;
 
 import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.NumberSeries;
 import info.bukova.isspst.data.RequirementState;
 import info.bukova.isspst.data.TripBill;
 import info.bukova.isspst.data.TripRequirement;
@@ -66,4 +67,22 @@ public class TripRequirementServiceImpl extends RequirementBaseServiceImpl<TripR
 		}
 	}
 
+	@Override
+	protected String getNumberSerie() {
+		String currentNumber = "";
+		
+		if (getNumberSeriesService() != null)
+		{
+			NumberSeries ns = getNumberSeriesService().getNumberSerie(Constants.MOD_REQUIREMENTS);
+			
+			if (ns != null)
+			{
+				currentNumber = ns.getCurrentNumber();
+				getNumberSeriesService().increase(ns);
+			}
+		}
+		
+		return currentNumber;
+	}
+
 }

src/main/java/info/bukova/isspst/services/tripbill/TripBillServiceImpl.java

@@ -92,6 +92,10 @@ public class TripBillServiceImpl extends AbstractOwnedService<TripBill> implemen
 			calculateItem(item);
 			bill.setTotal(bill.getTotal().add(item.getTotal()));
 		}
+		
+		if (bill.getRequirement().getDownPayment() != null) {
+			bill.setTotal(bill.getTotal().subtract(bill.getRequirement().getDownPayment()));
+		}
 	}
 	
 	private void calculateItem(TripBillItem item) {

src/main/java/info/bukova/isspst/services/users/GmailUserService.java

@@ -0,0 +1,93 @@
+package info.bukova.isspst.services.users;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.Role;
+import info.bukova.isspst.data.User;
+
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.openid.OpenIDAttribute;
+import org.springframework.security.openid.OpenIDAuthenticationToken;
+
+public class GmailUserService implements AuthenticationUserDetailsService<OpenIDAuthenticationToken> {
+
+	private static final Logger logger = LoggerFactory.getLogger(GmailUserService.class); 
+	
+	private UserService userService;
+	private RoleService roleService;
+	private String restrictDomain;
+	
+	public GmailUserService(UserService userService, RoleService roleService) {
+		this.userService = userService;
+		this.roleService = roleService;
+	}
+	
+	@Override
+	public UserDetails loadUserDetails(OpenIDAuthenticationToken token)
+			throws UsernameNotFoundException {
+		
+		String email = null;
+		String firstName = null;
+		String lastName = null;
+		List<OpenIDAttribute> attributes = token.getAttributes();
+
+		for (OpenIDAttribute attribute : attributes) {
+			if (attribute.getName().equals("email")) {
+				email = attribute.getValues().get(0);
+			}
+			if (attribute.getName().equals("firstName")) {
+				firstName = attribute.getValues().get(0);
+			}
+			if (attribute.getName().equals("lastName")) {
+				lastName = attribute.getValues().get(0);
+			}
+		}
+		
+		String userAndDomain[] = email.split("@");
+		String username = userAndDomain[0];
+		String domain = userAndDomain[1];
+		
+		if (restrictDomain != null && !restrictDomain.isEmpty() && !restrictDomain.equals(domain)) {
+			logger.warn("Try to login from foreign domain");
+			
+			throw new UsernameNotFoundException("Email from foreign domain");
+		}
+		
+		UserDetails user;
+		
+		try {
+			user = userService.loadUserByUsername(username);
+		} catch (UsernameNotFoundException e) {
+			logger.info("Username not found in database. Creating one");
+			
+			User usr = new User();
+			usr.setUsername(username);
+			usr.setFirstName(firstName);
+			usr.setLastName(lastName);
+			usr.setEmail(email);
+			usr.setEnabled(true);
+			usr.setNotify(true);
+			
+			Role role = roleService.getRoleByAuthority(Constants.ROLE_USER);
+			usr.addAuthority(role);
+			
+			userService.grantAdmin();
+			userService.add(usr);
+			userService.removeAccess();
+			
+			user = userService.loadUserByUsername(username);
+		}
+		
+		return user;
+	}
+
+	public void setRestrictDomain(String restrictDomain) {
+		this.restrictDomain = restrictDomain;
+	}
+
+}

src/main/java/info/bukova/isspst/services/users/RoleService.java

@@ -12,8 +12,8 @@ public interface RoleService extends Service<Role> {
 	public Role getRoleByAuthority(String authority);
 	public List<Role> getWorkgroupRoles();
 	public List<Role> getCentreRoles();
-	public List<Role> getRolesWithPermission(Permission perm, boolean centre);
+	public List<Role> getRolesWithPermission(Permission perm, String modileId, boolean centre);
-	public List<Role> getRolesWithPermission(String authority, boolean centre);
+	public List<Role> getRolesWithPermission(String authority, String modileId, boolean centre);
 	public boolean canChangeCenter(Role role);
 	public boolean canChangeWorkgroup(Role role);
 	public boolean isInWorkflow(Role role);

src/main/java/info/bukova/isspst/services/users/RoleServiceImpl.java

@@ -35,7 +35,7 @@ public class RoleServiceImpl extends AbstractService<Role> implements RoleServic
 	@SuppressWarnings("unchecked")
 	@Override
 	@Transactional
-	public List<Role> getRolesWithPermission(Permission perm, boolean centre) {
+	public List<Role> getRolesWithPermission(Permission perm, String moduleId, boolean centre) {
 		String wgClausule;
 		if (centre) {
 			wgClausule = "centre";
@@ -44,17 +44,18 @@ public class RoleServiceImpl extends AbstractService<Role> implements RoleServic
 		}
 		Set<Permission> perms = new HashSet<Permission>();
 		perms.add(perm);
-		Query q = dao.getQuery("select r from Role r join r.permissions p where r." + wgClausule + " = true and p in (:perms)");
+		Query q = dao.getQuery("select r from Role r join r.permissions p where r." + wgClausule + " = true and p.module = :module and p in (:perms)");
 		q.setParameterList("perms", perms);
+		q.setParameter("module", moduleId);
 		return q.list();
 	}
 
 	@Override
 	@Transactional
-	public List<Role> getRolesWithPermission(String authority, boolean centre) {
+	public List<Role> getRolesWithPermission(String authority, String moduleId, boolean centre) {
-		Query q = dao.getQuery("from Permission where authority = '" + authority + "'");
+		Query q = dao.getQuery("from Permission where authority = '" + authority + "' and module = '" + moduleId + "'");
 		Permission p = (Permission) q.uniqueResult(); 
-		return getRolesWithPermission(p, centre);
+		return getRolesWithPermission(p, moduleId, centre);
 	}
 
 	@Override

src/main/java/info/bukova/isspst/ui/ListViewModel.java

@@ -191,6 +191,7 @@ public class ListViewModel<T extends DataModel> {
 										ListViewModel.this, "dataList");
 								BindUtils.postNotifyChange(null, null,
 										ListViewModel.this, "dataBean");
+								BindUtils.postGlobalCommand(null, null, "reloadRelated", null);
 							} catch (DataIntegrityViolationException e) {
 								Messagebox.show(StringUtils.localize("DbCannotDelete"), StringUtils.localize("Error"), Messagebox.OK, Messagebox.ERROR);
 							} catch (AccessDeniedException e) {
@@ -237,9 +238,8 @@ public class ListViewModel<T extends DataModel> {
 			dataList.set(selIndex, editBean);
 		}
 		
-		if (newRec) {
+		BindUtils.postGlobalCommand(null, null, "reloadRelated", null);
-			BindUtils.postGlobalCommand(null, null, "reloadRelated", null);
+		
-		}
 	}
 
 	@GlobalCommand

src/main/java/info/bukova/isspst/ui/requirement/RequirementTypesVM.java

@@ -44,8 +44,21 @@ public class RequirementTypesVM {
 	}
 	
 	private void initRoles() {
-		centreRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, true));
+		String moduleId;
-		workgroupRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, false));
+		
+		if (selected != null) {
+			if (selected.getType().equals(Constants.REQTYPE_BUSINESSTRIP)) {
+				moduleId = Constants.MOD_TRIPREQUIREMENTS;
+			} else {
+				moduleId = Constants.MOD_REQUIREMENTS;
+			}
+			
+			centreRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, moduleId, true));
+			workgroupRoles = new ArrayList<Role>(roleService.getRolesWithPermission(Constants.PERM_APPROVE, moduleId, false));
+		} else {
+			centreRoles = null;
+			workgroupRoles = null;
+		}
 	}
 	
 	@Command
@@ -196,6 +209,8 @@ public class RequirementTypesVM {
 			return;
 		}
 		
+		this.selected = selected;
+		
 		initRoles();
 		
 		for (Workflow w : selected.getWorkflow()) {
@@ -205,8 +220,6 @@ public class RequirementTypesVM {
 				workgroupRoles.remove(w.getRole());
 			}
 		}
-		
-		this.selected = selected;
 	}
 	
 	@Command

src/main/webapp/WEB-INF/gmail.properties

@@ -0,0 +1 @@
+gmail.restrictDomain=

src/main/webapp/WEB-INF/locales/zk-label.properties

@@ -274,6 +274,7 @@ Login=Přihlásit
 Loggingin=Přihlášení
 Logout=Odhlásit
 WrongNameOrPassword=Špatné jméno nebo heslo
+LoginViaGoogle=Přihlásit účtem Google
 
 
 DateFormat=dd. MM. yyyy

src/main/webapp/WEB-INF/reports/tripBill.jrxml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <jasperReport xmlns="http://jasperreports.sourceforge.net/jasperreports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jasperreports.sourceforge.net/jasperreports http://jasperreports.sourceforge.net/xsd/jasperreport.xsd" name="tripBill" pageWidth="612" pageHeight="792" columnWidth="555" leftMargin="20" rightMargin="20" topMargin="20" bottomMargin="20" uuid="f59e8277-a431-4cdc-abaa-c82c1cf193af">
 	<property name="ireport.zoom" value="2.0"/>
-	<property name="ireport.x" value="0"/>
+	<property name="ireport.x" value="593"/>
-	<property name="ireport.y" value="518"/>
+	<property name="ireport.y" value="432"/>
 	<parameter name="SUBREPORT_DIR" class="java.lang.String" isForPrompting="false">
 		<defaultValueExpression><![CDATA["/home/pepa/Dokumenty/dev/java/isspst/"]]></defaultValueExpression>
 	</parameter>
@@ -39,6 +39,7 @@
 	<field name="total" class="java.math.BigDecimal">
 		<fieldDescription><![CDATA[total]]></fieldDescription>
 	</field>
+	<field name="requirement.downPayment" class="java.math.BigDecimal"/>
 	<background>
 		<band splitType="Stretch"/>
 	</background>
@@ -328,8 +329,8 @@ tuzemské pracovní cesty]]></text>
 				<text><![CDATA[K vyúčtování pracovní cesty připojuji  počet příloh]]></text>
 			</staticText>
 			<staticText>
-				<reportElement uuid="c83e0050-7bac-43fa-8182-728243f702c2" x="243" y="107" width="328" height="15"/>
+				<reportElement uuid="c83e0050-7bac-43fa-8182-728243f702c2" x="1" y="107" width="570" height="15"/>
-				<textElement>
+				<textElement textAlignment="Center">
 					<font isBold="true" pdfFontName="Helvetica-Bold"/>
 				</textElement>
 				<text><![CDATA[Prohlašuji, že jsem všechny údaje uvedl úplně a správně.]]></text>
@@ -354,6 +355,11 @@ tuzemské pracovní cesty]]></text>
 			<line>
 				<reportElement uuid="452bba4b-d293-4253-92c3-5fa58f58ea53" x="-1" y="168" width="572" height="1"/>
 			</line>
+			<textField pattern="###0.00;-###0.00" isBlankWhenNull="true">
+				<reportElement uuid="d5aa48e6-f801-4633-b18b-ccc7358da1e3" x="477" y="3" width="56" height="43"/>
+				<textElement textAlignment="Right" verticalAlignment="Middle"/>
+				<textFieldExpression><![CDATA[$F{requirement.downPayment}]]></textFieldExpression>
+			</textField>
 		</band>
 	</summary>
 </jasperReport>

src/main/webapp/WEB-INF/reports/tripRequirement.jrxml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <jasperReport xmlns="http://jasperreports.sourceforge.net/jasperreports" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://jasperreports.sourceforge.net/jasperreports http://jasperreports.sourceforge.net/xsd/jasperreport.xsd" name="tripRequirement" pageWidth="612" pageHeight="792" columnWidth="572" leftMargin="20" rightMargin="20" topMargin="20" bottomMargin="20" uuid="0b7fa2d2-d452-4a1f-b1c0-2d8e16a22525">
-	<property name="ireport.zoom" value="0.75"/>
+	<property name="ireport.zoom" value="1.5"/>
 	<property name="ireport.x" value="0"/>
-	<property name="ireport.y" value="0"/>
+	<property name="ireport.y" value="96"/>
 	<style name="table">
 		<box>
 			<pen lineWidth="1.0" lineColor="#000000"/>
@@ -44,6 +44,8 @@
 	<field name="requirement.passengers" class="java.util.Collection"/>
 	<field name="requirement.vehicle" class="info.bukova.isspst.data.Vehicle"/>
 	<field name="requirement.vehicle.code" class="java.lang.String"/>
+	<field name="requirement.requireDownPayment" class="java.lang.Boolean"/>
+	<field name="requirement.downPayment" class="java.math.BigDecimal"/>
 	<background>
 		<band splitType="Stretch"/>
 	</background>
@@ -52,14 +54,14 @@
 			<staticText>
 				<reportElement uuid="50f96189-2183-4afd-915d-b5342375e988" x="0" y="30" width="572" height="20"/>
 				<textElement textAlignment="Center">
-					<font size="16" isBold="true" isPdfEmbedded="true"/>
+					<font size="16" isBold="true" pdfFontName="Helvetica-Bold" isPdfEmbedded="true"/>
 				</textElement>
 				<text><![CDATA[Cestovní příkaz]]></text>
 			</staticText>
 			<staticText>
 				<reportElement uuid="5b2dc2ca-188e-4636-b617-dd5c1132246b" x="0" y="50" width="572" height="20"/>
 				<textElement textAlignment="Center">
-					<font size="16" isBold="true"/>
+					<font size="16" isBold="true" pdfFontName="Helvetica-Bold"/>
 				</textElement>
 				<text><![CDATA[k tuzemské pracovní cestě]]></text>
 			</staticText>
@@ -80,7 +82,7 @@
 			<staticText>
 				<reportElement uuid="a3e2a5d3-ea50-48bd-94ea-4530f6624b52" x="0" y="51" width="572" height="20"/>
 				<textElement textAlignment="Center">
-					<font size="12"/>
+					<font size="12" pdfFontName="Helvetica-Bold"/>
 				</textElement>
 				<text><![CDATA[Souhlasím s vysláním na pracovní cestu]]></text>
 			</staticText>
@@ -105,7 +107,7 @@
 			<staticText>
 				<reportElement uuid="a2912fef-ae4a-4c7e-b08c-3f5f6b92a534" x="0" y="157" width="572" height="20"/>
 				<textElement textAlignment="Center">
-					<font size="16" isBold="true" isPdfEmbedded="true"/>
+					<font size="16" isBold="true" pdfFontName="Helvetica-Bold" isPdfEmbedded="true"/>
 				</textElement>
 				<text><![CDATA[PODMÍNKY PRACOVNÍ CESTY]]></text>
 			</staticText>
@@ -286,6 +288,25 @@ L - letadlo, P - pěšky, T - taxi]]></text>
 			<line>
 				<reportElement uuid="0e93a41e-d13e-4f12-83cb-70d69bb3c0fb" x="0" y="442" width="572" height="1"/>
 			</line>
+			<staticText>
+				<reportElement uuid="548c1550-c12d-42b3-a297-c9be96dbb2e8" x="144" y="76" width="31" height="20">
+					<printWhenExpression><![CDATA[$F{requirement.requireDownPayment}]]></printWhenExpression>
+				</reportElement>
+				<textElement/>
+				<text><![CDATA[Ano]]></text>
+			</staticText>
+			<staticText>
+				<reportElement uuid="e06aba6d-b74d-4ab1-9737-1134a6ac6519" x="144" y="76" width="32" height="20">
+					<printWhenExpression><![CDATA[$F{requirement}.getRequireDownPayment() == null || $F{requirement}.getRequireDownPayment() == false]]></printWhenExpression>
+				</reportElement>
+				<textElement/>
+				<text><![CDATA[Ne]]></text>
+			</staticText>
+			<textField pattern="###0.00;-###0.00" isBlankWhenNull="true">
+				<reportElement uuid="ac95738d-56c8-4ee2-8721-cad00e1b06e4" x="144" y="398" width="57" height="20"/>
+				<textElement textAlignment="Right"/>
+				<textFieldExpression><![CDATA[$F{requirement.downPayment}]]></textFieldExpression>
+			</textField>
 		</band>
 	</detail>
 </jasperReport>

src/main/webapp/WEB-INF/spring/gmail-auth.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:security="http://www.springframework.org/schema/security"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+	<bean id="gmailUserService" class="info.bukova.isspst.services.users.GmailUserService">
+		<constructor-arg ref="userService"/>
+		<constructor-arg ref="roleService"/>
+		<property name="restrictDomain" value="${gmail.restrictDomain}"/>
+	</bean>
+
+</beans>

src/main/webapp/WEB-INF/spring/ldap-auth.xml

@@ -19,12 +19,8 @@
 	</bean>
 	
 	<bean id="authenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
-	            <constructor-arg ref="contextSource"/>
+		<constructor-arg ref="contextSource"/>
-	            <property name="userDnPatterns">
+		<property name="userDnPatterns" value="#{'${ldap.userDNPattern}'.split(';')}"/>
-	                <list>
-	                    <value>${ldap.userDNPattern}</value>
-	                </list>
-	            </property>
 	</bean>
 
 	<bean id="populator" class="info.bukova.isspst.security.AuthPopulator">

src/main/webapp/WEB-INF/spring/root-context.xml

@@ -27,6 +27,7 @@
 				<value>/WEB-INF/jdbc.properties</value>
 				<value>/WEB-INF/ldap.properties</value>
 				<value>/WEB-INF/mail.properties</value>
+				<value>/WEB-INF/gmail.properties</value>
 			</list>
 		</property>
 	</bean>
@@ -36,7 +37,10 @@
         class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
         p:driverClassName="${jdbc.driverClassName}"
         p:url="${jdbc.databaseurl}" p:username="${jdbc.username}"
-        p:password="${jdbc.password}"></bean>
+        p:password="${jdbc.password}">
+        	<property name="validationQuery" value="SELECT 1"/>
+        	<property name="testOnBorrow" value="true"/>
+        </bean>
         
 	<bean id="sessionFactory"
         class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
@@ -71,8 +75,32 @@
 		<property name="permissionEvaluator" ref="permissionEvaluator" />
 	</bean>
 	
-	<bean id="permissionEvaluator" class="info.bukova.isspst.security.IsspstPermissionEvaluator">
+	<bean id="permissionEvaluator" class="info.bukova.isspst.security.IsPermissionEvaluator">
-		<property name="workgroupService" ref="workgroupServiceNoTx"/>
+		<!-- <property name="workgroupService" ref="workgroupServiceNoTx"/> -->
+	</bean>
+	
+	<bean id="serviceEval" class="info.bukova.isspst.security.ServiceEvaluator"/>
+	
+	<bean id="wgServiceEval" class="info.bukova.isspst.security.WorkgroupAwareServiceEvaluator">
+		<constructor-arg ref="workgroupServiceNoTx"/>
+	</bean>
+	
+	<bean id="requirementEval" class="info.bukova.isspst.security.RequirementFilterEvaluator">
+		<constructor-arg ref="workgroupServiceNoTx"/>
+	</bean>
+	
+	<bean id="evalHolder" class="info.bukova.isspst.security.EvaluatorsHolder">
+		<property name="globalEvaluators">
+			<map>
+				<entry key="#{T(info.bukova.isspst.services.Service)}" value-ref="serviceEval"/>
+			</map>
+		</property>
+		<property name="specialEvaluators">
+			<map>
+				<entry key="#{T(info.bukova.isspst.services.Service)}" value-ref="wgServiceEval"/>
+				<entry key="#{T(info.bukova.isspst.data.RequirementBase)}" value-ref="requirementEval"/>
+			</map>
+		</property>
 	</bean>
     
 	<security:http auto-config="true" use-expressions="true">
@@ -85,12 +113,24 @@
 			authentication-failure-handler-ref="loginFail"
 			authentication-success-handler-ref="loginSuccess"/>
 		<security:http-basic/>
+		
+		<security:openid-login authentication-failure-handler-ref="loginFail"
+			authentication-success-handler-ref="loginSuccess" 
+			user-service-ref="gmailUserService">
+			<security:attribute-exchange identifier-match="https://www.google.com/.*">
+                <security:openid-attribute name="email" type="http://schema.openid.net/contact/email" required="true" />
+                <security:openid-attribute name="firstName" type="http://axschema.org/namePerson/first" required="true" />
+                <security:openid-attribute name="lastName" type="http://axschema.org/namePerson/last" required="true" />
+            </security:attribute-exchange>
+		</security:openid-login>
+		
 		<security:logout invalidate-session="true"/>
 	</security:http>
 
 	<import resource="database-auth.xml"/>
+	<import resource="gmail-auth.xml"/>
 	<!-- <import resource="ldap-auth.xml"/> --> 
-	
+		
 	<import resource="mail-services.xml"/>
 
 	<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">

src/main/webapp/admin/permissions/permForm.zul

@@ -1,7 +1,11 @@
 <?page title="${labels.RightsFormTitle}" contentType="text/html;charset=UTF-8"?>
 <zk>
-<window id="editWin" border="normal" closable="true" width="750px" apply="org.zkoss.bind.BindComposer"
+<window id="editWin" border="normal" 
-	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')">
+	closable="true" 
+	width="750px" 
+	apply="org.zkoss.bind.BindComposer"
+	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionForm')"
+	height="100%">
 	<caption zclass="form-caption" label="${labels.AgendaRights}" />
 	<label value="@load(vm.dataBean.description)" style="font-weight: bold;"/>
 	<hbox>
@@ -26,18 +30,22 @@
 		</vbox>
 	</popup>
 	
-	<vbox children="@load(vm.modules)" width="730px">
+	<panel vflex="1">
-		<template name="children" var="module">
+		<panelchildren style="overflow:auto;">
-			<groupbox closable="false" mold="3d" width="730px">
+			<vbox children="@load(vm.modules)" width="705px">
-				<caption label="@load(module.name)"/>
+				<template name="children" var="module">
-				<hbox children="@load(vm.rolePerms.permissionChecks)">
+					<groupbox closable="false" mold="3d" width="705px">
-					<template name="children" var="perm">
+						<caption label="@load(module.name)"/>
-						<checkbox label="@load(perm.permission.description)"  checked="@bind(perm.checked)" visible="@load(perm.permission.module eq module.id)" disabled="@load(vm.dataBean.authority eq 'ROLE_ADMIN')" />
+						<hbox children="@load(vm.rolePerms.permissionChecks)">
-					</template>
+							<template name="children" var="perm">
-				</hbox>
+								<checkbox label="@load(perm.permission.description)"  checked="@bind(perm.checked)" visible="@load(perm.permission.module eq module.id)" disabled="@load(vm.dataBean.authority eq 'ROLE_ADMIN')" />
-			</groupbox>
+							</template>
-		</template>
+						</hbox>
-	</vbox>
+					</groupbox>
+				</template>
+			</vbox>	
+		</panelchildren>
+	</panel>
 	
 	<include src="/app/formButtons.zul"/>
 </window>

src/main/webapp/admin/permissions/permissions.zul

@@ -1,15 +1,19 @@
 <?page title="${labels.AgendaRights}" contentType="text/html;charset=UTF-8"?>
 <zk>
 <?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
-<window border="normal" apply="org.zkoss.bind.BindComposer"
+<window border="normal" 
-	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionsList')" height="570px">
+	apply="org.zkoss.bind.BindComposer"
+	viewModel="@id('vm') @init('info.bukova.isspst.ui.users.PermissionsList')" 
+	vflex="1">
 	<caption zclass="form-caption" label="${labels.AgendaRights}" />
 	<toolbar>
 		<toolbarbutton image="/img/edit.png" tooltiptext="${labels.ToolbarRecEdit}" id="btnEdit" onClick="@command('edit')" disabled="@load(empty vm.dataBean ? 'true' : 'false')"/>
 	</toolbar>
 	
-	<hbox width="100%">	
+	<hbox width="100%" vflex="1">	
-	<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)" width="300px">
+	<listbox model="@load(vm.dataList)" 
+		selectedItem="@bind(vm.dataBean)" 
+		width="300px">
 		<listhead>
 			<listheader label="${labels.RightsGridRole}" />
 		</listhead>
@@ -19,7 +23,7 @@
 			</listitem>
 		</template>
 	</listbox>
-	<panel hflex="1" height="480px">
+	<panel hflex="1" vflex="1">
 		<panelchildren style="overflow:auto;">
 			<label value="${labels.RightsGridModules}:" style="font-weight: bold;"/>
 			<vbox children="@load(vm.modules)" hflex="1">

src/main/webapp/admin/users/users.zul

@@ -1,12 +1,18 @@
 <?page title="${labels.AgendaUsers}" contentType="text/html;charset=UTF-8"?>
 <zk>
 	<?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
-	<window border="normal" apply="org.zkoss.bind.BindComposer" viewModel="@id('vm') @init('info.bukova.isspst.ui.users.UsersList')" height="570px">
+	<window border="normal" 
+		apply="org.zkoss.bind.BindComposer" 
+		viewModel="@id('vm') @init('info.bukova.isspst.ui.users.UsersList')" 
+		vflex="1">
 		<caption zclass="form-caption" label="${labels.AgendaUsers}" />
 		<include src="/app/toolbar.zul" />
 
-		<hbox width="100%" height="500px">
+		<hbox width="100%" vflex="1">
-			<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)" width="650px" height="480px">
+			<listbox model="@load(vm.dataList)" 
+				selectedItem="@bind(vm.dataBean)" 
+				width="650px" 
+				vflex="1">
 				<listhead menupopup="auto">
 					<listheader label="${labels.UsersGridColumnLogin}" sort="czech(username)" />
 					<listheader label="${labels.UsersGridColumnPersonalID}" sort="czech(personalNumber)" />
@@ -66,7 +72,7 @@
 					</listitem>
 				</template>
 			</listbox>
-			<panel hflex="1" height="480px" width="70%">
+			<panel hflex="1" vflex="1" width="70%">
 				<panelchildren style="overflow:auto;">
 					<label value="Efektivní práva:" style="font-weight: bold;" />
 					<vbox children="@load(vm.modules)" hflex="1">

src/main/webapp/admin/workgroups/workgroups.zul

@@ -2,13 +2,17 @@
 <zk>
 	<?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
 	<window border="normal" apply="org.zkoss.bind.BindComposer" 
-	viewModel="@id('vm') @init('info.bukova.isspst.ui.workgroups.WorkgroupList')">
+		viewModel="@id('vm') @init('info.bukova.isspst.ui.workgroups.WorkgroupList')"
+		vflex="1">
 		<caption zclass="form-caption" label="${labels.AgendaWorkgroups}" />
 		<include src="/app/toolbar.zul" />
 
-		<hbox width="100%" height="500px">
+		<hbox width="100%" vflex="1">
 		
-			<listbox model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)"  width="680px" height="480px">
+			<listbox model="@load(vm.dataList)" 
+				selectedItem="@bind(vm.dataBean)"  
+				width="680px" 
+				vflex="1">
 				<listhead menupopup="auto">
 					<listheader label="${labels.code}" sort="czech(code)" width="10%" />
 					<listheader label="${labels.name}" sort="czech(name)" width="30%" />
@@ -57,40 +61,45 @@
 				</template>
 			</listbox>
 			
-			<vbox>
+			<panel vflex="1">
-				<vbox children="@load(vm.workgroupRoles)">
+				<panelchildren style="overflow:auto;">
-					<template name="children">
+					<vbox>
-						<grid model="@load(vm.dataBean.members)" visible="@load(each.authority ne 'ROLE_USER')">
+						<vbox children="@load(vm.workgroupRoles)">
-							<columns>
+							<template name="children">
-								<column label="@load(each.description)"/>
+								<grid model="@load(vm.dataBean.members)" visible="@load(each.authority ne 'ROLE_USER')">
-							</columns>
+									<columns>
-							<rows>
+										<column label="@load(each.description)"/>
-								<template name="model" var="member">
+									</columns>
-									<row visible="@load(member.role eq each)">
+									<rows>
-										<hbox><image src="/img/user-small-red.png"/><label value="@load(member.member.fullName)"/></hbox>
+										<template name="model" var="member">
-									</row>
+											<row visible="@load(member.role eq each)">
+												<hbox><image src="/img/user-small-red.png"/><label value="@load(member.member.fullName)"/></hbox>
+											</row>
+										</template>
+									</rows>
+								</grid>					
+							</template>			
+						</vbox>
+						
+						<groupbox mold="3d" closable="false">
+							<caption label="členové"/>
+							<tree hflex="1" model="@load(vm.workgroupTreeModel)">
+								<treecols>
+									<treecol/>
+								</treecols>
+								<template name="model">
+									<treeitem>
+									<treerow>
+										<treecell image="@load(each.data.person ? '/img/user-small.png' : '/img/commission-small.png')" label="@load(each.data.fullName)"/>
+									</treerow>
+									</treeitem>
 								</template>
-							</rows>
+							</tree>
-						</grid>					
+						</groupbox>
-					</template>			
+					</vbox>
-				</vbox>
+				</panelchildren>
-				
+			</panel>
-				<groupbox mold="3d" closable="false">
+			
-					<caption label="členové"/>
-					<tree hflex="1" model="@load(vm.workgroupTreeModel)">
-						<treecols>
-							<treecol/>
-						</treecols>
-						<template name="model">
-							<treeitem>
-							<treerow>
-								<treecell image="@load(each.data.person ? '/img/user-small.png' : '/img/commission-small.png')" label="@load(each.data.fullName)"/>
-							</treerow>
-							</treeitem>
-						</template>
-					</tree>
-				</groupbox>
-			</vbox>
 		</hbox>
 	</window>
 </zk>

src/main/webapp/lists/addressbook/addressbook.zul

@@ -1,12 +1,18 @@
 <?page title="${labels.AgendaSuppliers}" contentType="text/html;charset=UTF-8"?>
 <zk>
 	<?variable-resolver class="org.zkoss.zkplus.spring.DelegatingVariableResolver"?>
-	<window border="normal" apply="org.zkoss.bind.BindComposer" height="570px" viewModel="@id('vm') @init('info.bukova.isspst.ui.addressbook.AddressList')">
+	<window border="normal" apply="org.zkoss.bind.BindComposer" vflex="1" viewModel="@id('vm') @init('info.bukova.isspst.ui.addressbook.AddressList')">
 		<caption zclass="form-caption" label="${labels.AgendaSuppliers}" />
 		<include src="/app/toolbar.zul" />
 
-		<hbox width="100%">
+		<hbox width="100%" vflex="1">
-			<listbox id="dataGrid" model="@load(vm.dataList)" selectedItem="@bind(vm.dataBean)" onAfterRender="@command('afterRender')" selectedIndex="@load(vm.selIndex)" hflex="6" height="480px">
+			<listbox id="dataGrid" 
+				model="@load(vm.dataList)" 
+				selectedItem="@bind(vm.dataBean)" 
+				onAfterRender="@command('afterRender')" 
+				selectedIndex="@load(vm.selIndex)" 
+				hflex="6" 
+				vflex="1">
 				<listhead vflex="true" menupopup="auto">
 					<listheader label="${labels.SuppliersGridColumnCompany}" sort="czech(company)" />
 					<listheader label="${labels.SuppliersGridColumnIC}" sort="auto(ic)" width="100px" />

src/main/webapp/login-gmail.zhtml

@@ -0,0 +1,21 @@
+<html
+	xmlns="native"
+	xmlns:u="zul"
+	xmlns:zk="zk">
+	<head>
+		<title>${labels.Loggingin}</title>
+	</head>
+	<body style="height: 100%; padding: 0 5px;">
+		<div style="height: 15%" />
+		<div align="center">
+			<u:include src="login.zul" />
+			<br/>
+			<img src="img/google.png" alt="Google"/>
+			<form action="j_spring_openid_security_check" method="post">
+				<input name="openid_identifier" type="hidden" value="https://www.google.com/accounts/o8/id"/>
+   				<input type="submit" value="${labels.LoginViaGoogle}" class="nicebutton"/>
+			</form>
+		</div>
+		
+	</body>
+</html>

src/main/webapp/main/trips/bill/tripBillForm.zul

@@ -299,8 +299,16 @@
 				</rows>
 			</grid>
 			<div hflex="1" align="end" >
-				<label value="${labels.TripBillTotal}: " style="font-size: 14px; font-weight: bold;"/> 
+				<vbox>
-				<label value="@load(vm.dataBean.total) @converter(vm.bigDecimalConverter)" style="font-size: 14px; font-weight: bold;"/>		
+					<hbox>
+						<label value="Záloha: " style="font-size: 14px;"/>
+						<label value="@load(vm.dataBean.requirement.downPayment) @converter(vm.bigDecimalConverter)" style="font-size: 14px;"/>
+					</hbox>
+					<hbox>
+						<label value="${labels.TripBillTotal}: " style="font-size: 14px; font-weight: bold;"/> 
+						<label value="@load(vm.dataBean.total) @converter(vm.bigDecimalConverter)" style="font-size: 14px; font-weight: bold;"/>
+					</hbox>
+				</vbox>		
 			</div>
 			<include src="/app/formButtons.zul" />
 		</vlayout>

src/main/webapp/main/trips/requirements/requirementsForm.zul

@@ -150,16 +150,29 @@
 						</template>
 					</rows>
 				</grid>
-				<hbox>
+				
-					<label value="${labels.RequirementsFormVehicle}"/>
+				<grid hflex="min">
-					<combobox model="@load(vm.settings.vehicles)" 
+					<columns>
-						selectedItem="@bind(fx.vehicle)"
+						<column hflex="min"/>
-						readonly="true">
+						<column hflex="min"/>
-						<template name="model">
+					</columns>
-							<comboitem label="@load(each)"/>
+					<rows>
-						</template>
+						<row>
-					</combobox>
+							<label value="${labels.RequirementsFormVehicle}"/>
-				</hbox>
+							<combobox model="@load(vm.settings.vehicles)" 
+								selectedItem="@bind(fx.vehicle)"
+								readonly="true">
+								<template name="model">
+									<comboitem label="@load(each)"/>
+								</template>
+							</combobox>	
+						</row>
+						<row>
+							<checkbox label="Požaduji zálohu" checked="@bind(vm.dataBean.requireDownPayment)"/>
+							<textbox value="@bind(vm.dataBean.downPayment)" disabled="@bind(not vm.dataBean.requireDownPayment)"/>		
+						</row>
+					</rows>
+				</grid>
 			</vbox>
 			<include src="/app/formButtons.zul" />
 		</vlayout>

src/main/webapp/settings/workflow/workflow.zul

@@ -1,7 +1,8 @@
 <?page title="${labels.AgendaWorkflow}" contentType="text/html;charset=UTF-8"?>
 <zk>
 <window border="normal" apply="org.zkoss.bind.BindComposer"
-	viewModel="@id('vm') @init('info.bukova.isspst.ui.requirement.RequirementTypesVM')">
+	viewModel="@id('vm') @init('info.bukova.isspst.ui.requirement.RequirementTypesVM')"
+	vflex="1">
 <caption zclass="form-caption" label="${labels.AgendaWorkflow}" />
 <vbox>
 	<hbox>