AuftragRight.ktDefines the access control rules for the order book (Auftragsbuch). Extends UserRightAccessCheck<AuftragDO?> and provides fine-grained, multi-level access control based on user group membership and user role assignment. Manages visibility for contact persons, project managers, project assistants, controlling staff, and finance group members, with special rules for fully invoiced orders and the vollstaendigFakturiert flag protection.
class AuftragRight : UserRightAccessCheck<AuftragDO?>(
UserRightId.PM_ORDER_BOOK, UserRightCategory.PM,
*UserRightServiceImpl.FALSE_READONLY_PARTLYREADWRITE_READWRITE
)
Available values: FALSE, READONLY, PARTLYREADWRITE, READWRITE.
PARTLYREADWRITE special behavior: Users who are members of FIBU_ORGA_GROUPS and PROJECT_MANAGER/PROJECT_ASSISTANT have only access to their own projects (assigned by project manager groups). Choosing READWRITE grants full access to all orders.
hasSelectAccess(user): BooleanReturns true if the user has READONLY, PARTLYREADWRITE, or READWRITE right on the PM_ORDER_BOOK right ID. This determines if the order book is visible as a module at all.
hasAccess(user, obj, oldObj, operationType): BooleanThe core access decision method with layered checks:
Members of CONTROLLING_GROUP have unconditional SELECT access. Other operation types proceed to the next layer.
vollstaendigFakturiert Flag ProtectionOnly members of FINANCE_GROUP may change the vollstaendigFakturiert flag on order positions:
vollstaendigFakturiert == true triggers AccessExceptionoldObj), any change to vollstaendigFakturiert triggers AccessExceptiondbPosition) are checked as in INSERTFor users who are NOT in FIBU_ORGA_GROUPS with READONLY/READWRITE right (i.e., project managers, project assistants, or PARTLYREADWRITE users):
contactPerson → access grantedprojektManagerGroup, is the project's headOfBusinessManager, or is the project's salesManager → access grantedisVollstaendigFakturiert), access is limited to orders whose period-of-performance end date (or quote date as fallback) is within MAX_DAYS_OF_VISIBILITY_4_PROJECT_MANGER (1800 days ≈ 5 years)init block)| Group | Default / Available Values |
|---|---|
| FIBU_ORGA_PM_GROUPS | FALSE, READONLY, PARTLYREADWRITE, READWRITE (default for project managers and organization groups) |
PROJECT_MANAGER | PARTLYREADWRITE (default set) |
PROJECT_ASSISTANT | FALSE, PARTLYREADWRITE |
| Controlling users | READONLY (via setReadOnlyForControlling()) |
| Constant | Value | Description |
|---|---|---|
MAX_DAYS_OF_VISIBILITY_4_PROJECT_MANGER | 1800 | Orders older than ~5 years are hidden from project managers when fully invoiced |
868d6abb7 2025 -> 2026 63081666f Source file headers: 2024-> 2025. 61f05ce90 Migration stuff in progress... 87dd5b87c AuftragsCache refactored, migration stuff... (all tests OK) 4efcbd0fb Migration stuff in progress... 06828f490 Migration stuff in progress... b6092df09 Copyright 2023 -> 2024 ab45d51fa Copyright 2001-2022 -> 2001-2023. 73b0be50b org.apache.commons.collections -> org.apache.commons.collections4 d628fc93f Order book: access for head of business unit and sales manager. 5f7ef41b8 Copyright 2021 -> 2022 9aefe1981 AuftragRight: visibility for project managers improved for outdated orders. 7429a0554 AuftragRight -> Kotlin