Index: /trunk/grails-app/controllers/AppCoreController.groovy =================================================================== --- /trunk/grails-app/controllers/AppCoreController.groovy (revision 297) +++ /trunk/grails-app/controllers/AppCoreController.groovy (revision 298) @@ -100,5 +100,5 @@ * Render the manager view for manager or admin roles. */ - @Secured(['ROLE_Manager','ROLE_AppAdmin']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager']) def manager = { } Index: /trunk/grails-app/controllers/AssetDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/AssetDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/AssetDetailedController.groovy (revision 298) @@ -2,4 +2,5 @@ import org.codehaus.groovy.grails.commons.ConfigurationHolder +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class AssetDetailedController extends BaseController { @@ -9,17 +10,17 @@ def assetService - def index = { redirect(action:overview,params:params) } - // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST', saveCopy:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) + def index = { redirect(action:overview,params:params) } + + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def overview = { } - @Secured(['ROLE_Manager','ROLE_AppAdmin']) def importAssetTree = { } - @Secured(['ROLE_Manager','ROLE_AppAdmin']) def importAssetTreeSave = { def result = csvService.importAssetTree(request) @@ -38,4 +39,5 @@ * This does not appear to be a problem once deployed to Tomcat. */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def exportAssetTreeTemplate = { response.contentType = ConfigurationHolder.config.grails.mime.types["csv"] @@ -45,4 +47,8 @@ } + /** + * Export the entire asset tree. + */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def exportAssetTree = { @@ -55,4 +61,8 @@ } + /** + * List action. + */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -60,4 +70,8 @@ } + /** + * Search action. + */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def search = { @@ -158,4 +172,8 @@ } // end search() + /** + * Show action. + */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def show = { @@ -173,4 +191,7 @@ } + /** + * Delete action. + */ def delete = { def assetInstance = Asset.get( params.id ) @@ -192,4 +213,7 @@ } + /** + * Edit action. + */ def edit = { @@ -209,4 +233,7 @@ } + /** + * Update action. + */ def update = { def assetInstance = Asset.get( params.id ) @@ -240,4 +267,7 @@ } + /** + * Create action. + */ def create = { def result = assetService.create(params) @@ -250,4 +280,7 @@ } + /** + * Copy action. + */ def copy = { def result = assetService.copy(params) @@ -260,4 +293,7 @@ } + /** + * Save action. + */ def save = { def result = assetService.save(params) @@ -272,5 +308,7 @@ } - + /** + * Copy save action. + */ def saveCopy = { def result = assetService.saveCopy(params) Index: /trunk/grails-app/controllers/AssetExtendedAttributeDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/AssetExtendedAttributeDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/AssetExtendedAttributeDetailedController.groovy (revision 298) @@ -1,10 +1,11 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class AssetExtendedAttributeDetailedController extends BaseController { - - def index = { redirect(controller: "assetDetailed", action: "search", params:params) } // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + + def index = { redirect(controller: "assetDetailed", action: "search", params:params) } def show = { Index: /trunk/grails-app/controllers/AssetSubItemDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/AssetSubItemDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/AssetSubItemDetailedController.groovy (revision 298) @@ -1,13 +1,16 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class AssetSubItemDetailedController extends BaseController { def assetSubItemService - def index = { redirect(controller: "assetDetailed", params:params) } - // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) + def index = { redirect(controller: "assetDetailed", params:params) } + + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def show = { def assetSubItemInstance = AssetSubItem.get( params.id ) Index: /trunk/grails-app/controllers/AssetSubItemExtendedAttributeDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/AssetSubItemExtendedAttributeDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/AssetSubItemExtendedAttributeDetailedController.groovy (revision 298) @@ -1,10 +1,11 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class AssetSubItemExtendedAttributeDetailedController extends BaseController { - - def index = { redirect(controller: "assetDetailed", action: "search", params:params) } // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + + def index = { redirect(controller: "assetDetailed", action: "search", params:params) } def show = { Index: /trunk/grails-app/controllers/AssignedGroupDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/AssignedGroupDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/AssignedGroupDetailedController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager']) class AssignedGroupDetailedController extends BaseController { Index: /trunk/grails-app/controllers/AssignedPersonDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/AssignedPersonDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/AssignedPersonDetailedController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager']) class AssignedPersonDetailedController extends BaseController { Index: /trunk/grails-app/controllers/BaseController.groovy =================================================================== --- /trunk/grails-app/controllers/BaseController.groovy (revision 297) +++ /trunk/grails-app/controllers/BaseController.groovy (revision 298) @@ -1,5 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured -@Secured(['ROLE_AppUser', 'ROLE_AppAdmin']) +@Secured(['ROLE_AppAdmin', 'ROLE_AppUser']) abstract class BaseController { Index: /trunk/grails-app/controllers/EntryDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/EntryDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/EntryDetailedController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) class EntryDetailedController extends BaseController { Index: /trunk/grails-app/controllers/InventoryItemDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/InventoryItemDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/InventoryItemDetailedController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager']) class InventoryItemDetailedController extends BaseController { @@ -7,9 +8,11 @@ def inventoryMovementService - def index = { redirect(action:search, params:params) } - // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST', useInventoryItem:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) + def index = { redirect(action:search, params:params) } + + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -17,4 +20,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def search = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -34,4 +38,5 @@ * Simply assigns a passed in task id to a session variable and redirects to search. */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def findInventoryItemForMovement = { if(!params.task?.id) { @@ -46,4 +51,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def show = { @@ -164,4 +170,5 @@ * Handles the use inventory item form submit in the show view. */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def useInventoryItem = { Index: /trunk/grails-app/controllers/InventoryLocationDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/InventoryLocationDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/InventoryLocationDetailedController.groovy (revision 298) @@ -1,11 +1,14 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager']) class InventoryLocationDetailedController extends BaseController { - - def index = { redirect(action:list,params:params) } // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) + def index = { redirect(action:list,params:params) } + + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -13,4 +16,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def show = { def inventoryLocationInstance = InventoryLocation.get( params.id ) Index: /trunk/grails-app/controllers/InventoryMovementDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/InventoryMovementDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/InventoryMovementDetailedController.groovy (revision 298) @@ -1,12 +1,13 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager']) class InventoryMovementDetailedController extends BaseController { def inventoryMovementService - def index = { redirect(action:list,params:params) } - // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST'] + + def index = { redirect(action:list,params:params) } def list = { @@ -15,4 +16,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def show = { def inventoryMovementInstance = InventoryMovement.get( params.id ) @@ -29,4 +31,5 @@ * @param params.inventoryItem.id The id of an existing inventory item. */ + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) def listInventoryMovements = { def inventoryItemInstance = InventoryItem.get(params.inventoryItem.id) Index: /trunk/grails-app/controllers/MaintenanceActionDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/MaintenanceActionDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/MaintenanceActionDetailedController.groovy (revision 298) @@ -1,11 +1,14 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class MaintenanceActionDetailedController extends BaseController { - - def index = { redirect(action:list,params:params) } // the delete, save and update actions only accept POST requests static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) + def index = { redirect(action:list,params:params) } + + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -13,4 +16,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def show = { def maintenanceActionInstance = MaintenanceAction.get( params.id ) Index: /trunk/grails-app/controllers/MaintenancePolicyController.groovy =================================================================== --- /trunk/grails-app/controllers/MaintenancePolicyController.groovy (revision 297) +++ /trunk/grails-app/controllers/MaintenancePolicyController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_Manager','ROLE_AppAdmin']) class MaintenancePolicyController extends BaseAppAdminController { Index: /trunk/grails-app/controllers/PictureDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/PictureDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/PictureDetailedController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_InventoryManager', 'ROLE_InventoryUser']) class PictureDetailedController extends BaseController { Index: /trunk/grails-app/controllers/SectionDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/SectionDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/SectionDetailedController.groovy (revision 298) @@ -1,5 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured -@Secured(['ROLE_Manager','ROLE_AppAdmin']) +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class SectionDetailedController extends BaseController { @@ -7,8 +7,8 @@ static allowedMethods = [delete:'POST', save:'POST', update:'POST'] - @Secured(['ROLE_AppAdmin','ROLE_Manager','ROLE_AppUser']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def index = { redirect(action:list,params:params) } - @Secured(['ROLE_AppAdmin','ROLE_Manager','ROLE_AppUser']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -16,5 +16,5 @@ } - @Secured(['ROLE_AppAdmin','ROLE_Manager','ROLE_AppUser']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def show = { def sectionInstance = Section.get( params.id ) Index: /trunk/grails-app/controllers/SectionExtendedAttributeDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/SectionExtendedAttributeDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/SectionExtendedAttributeDetailedController.groovy (revision 298) @@ -1,5 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured -@Secured(['ROLE_Manager','ROLE_AppAdmin']) +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class SectionExtendedAttributeDetailedController extends BaseController { Index: /trunk/grails-app/controllers/SiteDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/SiteDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/SiteDetailedController.groovy (revision 298) @@ -1,5 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured -@Secured(['ROLE_Manager','ROLE_AppAdmin']) +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class SiteDetailedController extends BaseController { @@ -7,8 +7,8 @@ static allowedMethods = [delete:'POST', save:'POST', update:'POST'] - @Secured(['ROLE_AppAdmin','ROLE_Manager','ROLE_AppUser']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def index = { redirect(action:list,params:params) } - @Secured(['ROLE_AppAdmin','ROLE_Manager','ROLE_AppUser']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -16,5 +16,5 @@ } - @Secured(['ROLE_AppAdmin','ROLE_Manager','ROLE_AppUser']) + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager', 'ROLE_AssetUser']) def show = { def siteInstance = Site.get( params.id ) Index: /trunk/grails-app/controllers/SiteExtendedAttributeDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/SiteExtendedAttributeDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/SiteExtendedAttributeDetailedController.groovy (revision 298) @@ -1,5 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured -@Secured(['ROLE_Manager','ROLE_AppAdmin']) +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_AssetManager']) class SiteExtendedAttributeDetailedController extends BaseController { Index: /trunk/grails-app/controllers/TaskDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/TaskDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/TaskDetailedController.groovy (revision 298) @@ -3,4 +3,5 @@ import com.zeddware.grails.plugins.filterpane.FilterUtils +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager']) class TaskDetailedController extends BaseController { @@ -15,6 +16,8 @@ static allowedMethods = [save:'POST', update:'POST', restore:'POST', trash:'POST', approve:'POST', renegeApproval:'POST', complete:'POST', reopen:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def index = { redirect(action: 'search', params: params) } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100 ) @@ -22,4 +25,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def setTaskSearchParamsMax = { def max = 1000 @@ -34,4 +38,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def search = { @@ -119,4 +124,5 @@ } // end search() + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def searchCalendar = { params.max = 30 @@ -164,4 +170,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def budget = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100 ) @@ -210,4 +217,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def show = { @@ -400,4 +408,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def complete = { @@ -425,4 +434,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def reopen = { @@ -450,4 +460,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def edit = { @@ -474,4 +485,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def update = { @@ -493,4 +505,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def create = { def taskInstance = new Task() @@ -506,4 +519,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def save = { def result = taskService.create(params) @@ -525,4 +539,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def listSubTasks = { def parentTaskInstance = Task.get(params.id) @@ -543,4 +558,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def createSubTask = { def parentTaskInstance = Task.get(params.id) Index: /trunk/grails-app/controllers/TaskProcedureDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/TaskProcedureDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/TaskProcedureDetailedController.groovy (revision 298) @@ -1,4 +1,5 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager']) class TaskProcedureDetailedController extends BaseController { @@ -10,4 +11,5 @@ static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -23,8 +25,10 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def search = { redirect(action:list) } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def show = { Index: /trunk/grails-app/controllers/TaskRecurringScheduleDetailedController.groovy =================================================================== --- /trunk/grails-app/controllers/TaskRecurringScheduleDetailedController.groovy (revision 297) +++ /trunk/grails-app/controllers/TaskRecurringScheduleDetailedController.groovy (revision 298) @@ -1,8 +1,10 @@ import org.codehaus.groovy.grails.plugins.springsecurity.Secured +@Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager']) class TaskRecurringScheduleDetailedController extends BaseController { def taskRecurringScheduleService + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def index = { redirect(action:list,params:params) } @@ -10,4 +12,5 @@ static allowedMethods = [delete:'POST', save:'POST', update:'POST'] + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def list = { params.max = Math.min( params.max ? params.max.toInteger() : 10, 100) @@ -15,4 +18,5 @@ } + @Secured(['ROLE_AppAdmin', 'ROLE_Manager', 'ROLE_TaskManager', 'ROLE_TaskUser']) def show = { def taskRecurringScheduleInstance = TaskRecurringSchedule.get( params.id ) Index: /trunk/grails-app/services/CreateDataService.groovy =================================================================== --- /trunk/grails-app/services/CreateDataService.groovy (revision 297) +++ /trunk/grails-app/services/CreateDataService.groovy (revision 298) @@ -180,5 +180,5 @@ // Authority #7 authInstance = new Authority(description:"Inventory User", - authority:"ROLE_InvetoryUser") + authority:"ROLE_InventoryUser") saveAndTest(authInstance)