JasperServer Deny ROLE_USER 创建和修改调度
JasperServer Deny ROLE_USER create and modify scheduling
我需要防止普通用户在 JasperServer 中安排报告,甚至修改之前由 ROLE_ADMINISTRATOR 制定的计划。只能调度ROLE_ADMINISTRATOR.
我已遵循本指南 http://community.jaspersoft.com/wiki/how-customize-navigation-resource-menu-right-click-resource and this one Control Scheduling in JasperReports Server 以防止使用计划操作,它仅部分起作用,用户无法使用上下文菜单(右键单击)创建计划,但他们可以修改、删除以前的计划日程。如何?通过在具有先前计划的报告列表中使用 link(时钟图标)。
有人知道防止这种情况的解决方案吗?
我按照以下指南找到了解决方案:http://community.jaspersoft.com/documentation/jasperreports-server-ultimate-guide/v561/restricting-access-role
我在页面中使用了 "Restricting a Section of a JSP File by Role":
".../WEB-INF/jsp/modules/reportScheduling/main.jsp"
要限制按钮("Create Schedule"、"Run Now"和"Refresh List")为ROLE_USERS,需要用标签authz封装此代码:授权
<li class="node open">
<ul class="list buttonSet">
<li class="leaf">
<button class="button capsule text first up scheduleJob">
<span class="wrap"><spring:message code="report.scheduling.list.button.new"/></span>
<span class="icon"></span>
</button>
</li>
<li class="leaf">
<button class="button capsule text last up runJob">
<span class="wrap"><spring:message code="report.scheduling.list.button.now"/></span>
<span class="icon"></span>
</button>
</li>
</ul>
</li>
<li class="node open">
<ul class="list buttonSet">
<li class="leaf">
<button class="button capsule text up refreshList">
<span class="wrap"><spring:message code="report.scheduling.list.button.refresh"/></span>
<span class="icon"></span>
</button>
</li>
</ul>
</li>
这样:
<authz:authorize ifAllGranted="ROLE_ADMINISTRATOR">
<li class="node open">
...
</li>
</authz:authorize>
最后,限制作业的计划结果列表:
<!-- body of jobs list -->
<authz:authorize ifAllGranted="ROLE_ADMINISTRATOR">
<div id="resultsContainer" class="body">
<ul id="resultsList" class="list collapsible tabular jobs sixColumn"></ul>
</div>
</authz:authorize>
<!-- end of body of jobs list -->
我需要防止普通用户在 JasperServer 中安排报告,甚至修改之前由 ROLE_ADMINISTRATOR 制定的计划。只能调度ROLE_ADMINISTRATOR.
我已遵循本指南 http://community.jaspersoft.com/wiki/how-customize-navigation-resource-menu-right-click-resource and this one Control Scheduling in JasperReports Server 以防止使用计划操作,它仅部分起作用,用户无法使用上下文菜单(右键单击)创建计划,但他们可以修改、删除以前的计划日程。如何?通过在具有先前计划的报告列表中使用 link(时钟图标)。
有人知道防止这种情况的解决方案吗?
我按照以下指南找到了解决方案:http://community.jaspersoft.com/documentation/jasperreports-server-ultimate-guide/v561/restricting-access-role
我在页面中使用了 "Restricting a Section of a JSP File by Role":
".../WEB-INF/jsp/modules/reportScheduling/main.jsp"
要限制按钮("Create Schedule"、"Run Now"和"Refresh List")为ROLE_USERS,需要用标签authz封装此代码:授权
<li class="node open">
<ul class="list buttonSet">
<li class="leaf">
<button class="button capsule text first up scheduleJob">
<span class="wrap"><spring:message code="report.scheduling.list.button.new"/></span>
<span class="icon"></span>
</button>
</li>
<li class="leaf">
<button class="button capsule text last up runJob">
<span class="wrap"><spring:message code="report.scheduling.list.button.now"/></span>
<span class="icon"></span>
</button>
</li>
</ul>
</li>
<li class="node open">
<ul class="list buttonSet">
<li class="leaf">
<button class="button capsule text up refreshList">
<span class="wrap"><spring:message code="report.scheduling.list.button.refresh"/></span>
<span class="icon"></span>
</button>
</li>
</ul>
</li>
这样:
<authz:authorize ifAllGranted="ROLE_ADMINISTRATOR">
<li class="node open">
...
</li>
</authz:authorize>
最后,限制作业的计划结果列表:
<!-- body of jobs list -->
<authz:authorize ifAllGranted="ROLE_ADMINISTRATOR">
<div id="resultsContainer" class="body">
<ul id="resultsList" class="list collapsible tabular jobs sixColumn"></ul>
</div>
</authz:authorize>
<!-- end of body of jobs list -->