CODEWITHSUNDEEP
jasper-reportsschedulingjasperserverrole
negracula
negracula

Reputation: 51

JasperServer Deny ROLE_USER create and modify scheduling

i need to prevent scheduling reports in JasperServer by normal users, even modify a previous schedule made by ROLE_ADMINISTRATOR. Only can scheduling the ROLE_ADMINISTRATOR.

I've follow this guide http://community.jaspersoft.com/wiki/how-customize-navigation-resource-menu-right-click-resource and this one Control Scheduling in JasperReports Server to prevent use the scheduling action and it only works partially, users can't create a schedule using context menu (right click) but they can modify,eliminate a previous schedule. how? By using a link (clock icon) in list of reports that have a previous schedule.

Anyone knows a solution to prevent this?

Upvotes: 1

Views: 772

Answers (1)

negracula
negracula

Reputation: 51

I found a solution following this guides: http://community.jaspersoft.com/documentation/jasperreports-server-ultimate-guide/v561/restricting-access-role

I've used the "Restricting a Section of a JSP File by Role" in the page:

".../WEB-INF/jsp/modules/reportScheduling/main.jsp"

To Restrict the buttons ("Create Schedule", "Run Now" and "Refresh List") to ROLE_USERS, needs to encapsule this code with the tag authz:authorize

<li class="node open">
    <ul class="list buttonSet">
        <li class="leaf">
            <button class="button capsule text first up scheduleJob">
                <span class="wrap"><spring:message code="report.scheduling.list.button.new"/></span>
                <span class="icon"></span>
            </button>
        </li>
        <li class="leaf">
            <button class="button capsule text last up runJob">
                <span class="wrap"><spring:message code="report.scheduling.list.button.now"/></span>
                <span class="icon"></span>
            </button>
        </li>
    </ul>
</li>   
<li class="node open">
    <ul class="list buttonSet">
        <li class="leaf">
            <button class="button capsule text up refreshList">
                <span class="wrap"><spring:message code="report.scheduling.list.button.refresh"/></span>
                <span class="icon"></span>
            </button>
        </li>
    </ul>
</li>

This way:

<authz:authorize ifAllGranted="ROLE_ADMINISTRATOR">
<li class="node open">      
  ...
</li>
</authz:authorize>

And last, restrict the job's schedule result list:

<!-- body of jobs list -->
<authz:authorize ifAllGranted="ROLE_ADMINISTRATOR">
        <div id="resultsContainer" class="body">
            <ul id="resultsList" class="list collapsible tabular jobs sixColumn"></ul>
        </div>
</authz:authorize>
<!-- end of body of jobs list -->

Upvotes: 2

Related Questions