You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2007/02/14 16:58:18 UTC
svn commit: r507591 - in /ofbiz/trunk/applications/content:
script/org/ofbiz/content/permission/ContentPermissionServices.xml
servicedef/services.xml
Author: jaz
Date: Wed Feb 14 07:58:17 2007
New Revision: 507591
URL: http://svn.apache.org/viewvc?view=rev&rev=507591
Log:
updated content permission services; add more documentation; fixed variables so they do not conflict
Modified:
ofbiz/trunk/applications/content/script/org/ofbiz/content/permission/ContentPermissionServices.xml
ofbiz/trunk/applications/content/servicedef/services.xml
Modified: ofbiz/trunk/applications/content/script/org/ofbiz/content/permission/ContentPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/script/org/ofbiz/content/permission/ContentPermissionServices.xml?view=diff&rev=507591&r1=507590&r2=507591
==============================================================================
--- ofbiz/trunk/applications/content/script/org/ofbiz/content/permission/ContentPermissionServices.xml (original)
+++ ofbiz/trunk/applications/content/script/org/ofbiz/content/permission/ContentPermissionServices.xml Wed Feb 14 07:58:17 2007
@@ -114,6 +114,21 @@
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
</if-empty>
+ <!-- ownerContentId can be set from a calling method -->
+ <if-empty field-name="ownerContentId">
+ <set field="ownerContentId" from-field="parameters.ownerContentId"/>
+ </if-empty>
+
+ <!-- operation ID can be set from the calling method -->
+ <if-empty field-name="contentOperationId">
+ <set field="contentOperationId" from-field="parameters.contentOperationId"/>
+ </if-empty>
+
+ <!-- statusId can be set from the calling method -->
+ <if-empty field-name="statusId">
+ <set field="statusId" from-field="parameters.statusId"/>
+ </if-empty>
+
<!-- check role permission? -->
<set field="primaryPermission" value="CONTENTMGR_ROLE"/>
<call-simple-method method-name="genericBasePermissionCheck"
@@ -129,12 +144,10 @@
<if>
<condition>
<not>
- <if-empty field-name="parameters.contentOperationId"/>
+ <if-empty field-name="contentOperationId"/>
</not>
</condition>
- <then>
- <set field="contentOperationId" from-field="parameters.contentOperationId"/>
- <set field="statusId" from-field="parameters.statusId"/>
+ <then>
<call-simple-method method-name="checkContentOperationSecurity"/>
</then>
@@ -143,27 +156,31 @@
<if>
<condition>
<not>
- <if-empty field-name="parameters.ownerContentId"/>
+ <if-empty field-name="ownerContentId"/>
</not>
</condition>
<then>
- <set field="contentId" from-field="parameters.ownerContentId"/>
+ <set field="checkContentId" from-field="ownerContentId"/>
<call-simple-method method-name="checkContentOwnership"/>
<if>
<condition>
<if-compare field-name="hasPermission" value="false" type="Boolean" operator="equals"/>
</condition>
<then>
- <!-- check parent(s) -->
+ <!-- no permission on this parent; check the parent's parent(s) -->
<while>
<condition>
- <not>
- <if-empty field-name="contentId"/>
- </not>
+ <!-- iterate until either we have permission or there are no more parents -->
+ <and>
+ <if-compare field-name="hasPermission" value="false" type="Boolean" operator="equals"/>
+ <not>
+ <if-empty field-name="checkContentId"/>
+ </not>
+ </and>
</condition>
<then>
<entity-one entity-name="Content" value-name="currentContent">
- <field-map field-name="contentId"/>
+ <field-map field-name="contentId" env-name="checkContentId"/>
</entity-one>
<if>
<condition>
@@ -172,13 +189,13 @@
</not>
</condition>
<then>
- <set field="contentId" from-field="currentContent.ownerContentId"/>
+ <set field="checkContentId" from-field="currentContent.ownerContentId"/>
<call-simple-method method-name="checkContentOwnership"/>
</then>
<!-- no parent record found; time to stop recursion -->
<else>
- <clear-field field-name="contentId"/>
+ <clear-field field-name="checkContentId"/>
</else>
</if>
</then>
@@ -202,6 +219,30 @@
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
</if-empty>
+ <!-- contentId is required for update checking -->
+ <if>
+ <condition>
+ <and>
+ <if-empty field-name="parameters.contentId"/>
+ <if-empty field-name="contentId"/>
+ </and>
+ </condition>
+ <then>
+ <add-error><fail-message message="Content Permission Service UPDATE requires a contentId!"/></add-error>
+ </then>
+ </if>
+ <check-errors/>
+
+ <!-- ownerContentId can be set from a calling method -->
+ <if-empty field-name="ownerContentId">
+ <set field="ownerContentId" from-field="parameters.ownerContentId"/>
+ </if-empty>
+
+ <!-- operation ID can be set from the calling method -->
+ <if-empty field-name="contentOperationId">
+ <set field="contentOperationId" from-field="parameters.contentOperationId"/>
+ </if-empty>
+
<!-- check role permission -->
<set field="primaryPermission" value="CONTENTMGR_ROLE"/>
<call-simple-method method-name="genericBasePermissionCheck"
@@ -217,17 +258,16 @@
<if>
<condition>
<not>
- <if-empty field-name="parameters.contentOperationId"/>
+ <if-empty field-name="contentOperationId"/>
</not>
</condition>
<then>
- <set field="contentOperationId" from-field="parameters.contentOperationId"/>
<call-simple-method method-name="checkContentOperationSecurity"/>
</then>
<!-- if no operation is passed; check ownership for permission -->
<else>
- <set field="contentId" from-field="parameters.contentId"/>
+ <set field="checkContentId" from-field="contentId"/>
<call-simple-method method-name="checkContentOwnership"/>
<!-- we are okay to update; unless we are updating the owner content; verify ownership there -->
@@ -236,28 +276,32 @@
<and>
<if-compare field-name="hasPermission" value="true" type="Boolean" operator="equals"/>
<not>
- <if-empty field-name="parameters.ownerContentId"/>
+ <if-empty field-name="ownerContentId"/>
</not>
</and>
</condition>
<then>
- <set field="contentId" from-field="parameters.ownerContentId"/>
+ <set field="checkContentId" from-field="ownerContentId"/>
<call-simple-method method-name="checkContentOwnership"/>
<if>
<condition>
<if-compare field-name="hasPermission" value="false" type="Boolean" operator="equals"/>
</condition>
<then>
- <!-- check parent(s) -->
+ <!-- no permission on this parent; check the parent's parent(s) -->
<while>
<condition>
- <not>
- <if-empty field-name="contentId"/>
- </not>
+ <!-- iterate until either we have permission or there are no more parents -->
+ <and>
+ <if-compare field-name="hasPermission" value="false" type="Boolean" operator="equals"/>
+ <not>
+ <if-empty field-name="checkContentId"/>
+ </not>
+ </and>
</condition>
<then>
<entity-one entity-name="Content" value-name="currentContent">
- <field-map field-name="contentId"/>
+ <field-map field-name="contentId" env-name="checkContentId"/>
</entity-one>
<if>
<condition>
@@ -266,11 +310,13 @@
</not>
</condition>
<then>
- <set field="contentId" from-field="currentContent.ownerContentId"/>
+ <set field="checkContentId" from-field="currentContent.ownerContentId"/>
<call-simple-method method-name="checkContentOwnership"/>
</then>
+
+ <!-- no parent record found; time to stop recursion -->
<else>
- <clear-field field-name="contentId"/>
+ <clear-field field-name="checkContentId"/>
</else>
</if>
</then>
@@ -365,8 +411,8 @@
<simple-method method-name="checkContentOwnership" short-description="Checks the ownership of a content record">
<set field="hasPermission" type="Boolean" value="false"/>
- <if-empty field-name="contentId">
- <add-error><fail-message message="Required field 'contentId' is missing in simple method call [checkContentOwnership]"/></add-error>
+ <if-empty field-name="checkContentId">
+ <add-error><fail-message message="Required field 'checkContentId' is missing in simple method call [checkContentOwnership]"/></add-error>
</if-empty>
<if-empty field-name="partyId">
<set field="partyId" from-field="userLogin.partyId"/>
@@ -388,8 +434,8 @@
<set field="hasPermission" type="Boolean" value="false"/>
<!-- setting the env field contentId is required for this simple method -->
- <if-empty field-name="contentId">
- <add-error><fail-message message="Required field 'contentId' is missing in simple method call [checkContentRoleSecurity]"/></add-error>
+ <if-empty field-name="checkContentId">
+ <add-error><fail-message message="Required field 'checkContentId' is missing in simple method call [checkContentRoleSecurity]"/></add-error>
</if-empty>
<if-empty field-name="partyId">
<add-error><fail-message message="Required field 'partyId' is missing in simple method call [checkContentRoleSecurity]"/></add-error>
@@ -405,7 +451,7 @@
<then>
<!-- looking up a specific role -->
<entity-and entity-name="ContentRole" list-name="foundRoles">
- <field-map field-name="contentId" env-name="contentId"/>
+ <field-map field-name="contentId" env-name="checkContentId"/>
<field-map field-name="roleTypeId" env-name="roleTypeId"/>
<field-map field-name="partyId" env-name="partyId"/>
</entity-and>
@@ -413,7 +459,7 @@
<else>
<!-- looking up any role -->
<entity-and entity-name="ContentRole" list-name="foundRoles">
- <field-map field-name="contentId" env-name="contentId"/>
+ <field-map field-name="contentId" env-name="checkContentId"/>
<field-map field-name="partyId" env-name="partyId"/>
</entity-and>
</else>
Modified: ofbiz/trunk/applications/content/servicedef/services.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/content/servicedef/services.xml?view=diff&rev=507591&r1=507590&r2=507591
==============================================================================
--- ofbiz/trunk/applications/content/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/content/servicedef/services.xml Wed Feb 14 07:58:17 2007
@@ -183,6 +183,8 @@
<attribute mode="IN" name="userLogin" optional="true" type="GenericValue"/>
<attribute mode="INOUT" name="roleTypeList" optional="true" type="List"/>
</service>
+
+ <!-- old permission service; being replaced with genericContentPermission -->
<service name="checkContentPermission"
transaction-timeout="72000"
auth="false" engine="java" invoke="checkContentPermission"
@@ -211,6 +213,7 @@
<attribute mode="OUT" name="permissionStatus" optional="true" type="String"/>
<attribute mode="OUT" name="permissionRecorder" optional="true" type="org.ofbiz.content.content.PermissionRecorder"/>
</service>
+
<service name="findRelatedContent" default-entity-name="Content" engine="java"
location="org.ofbiz.content.content.ContentServices" invoke="findRelatedContent" auth="true">
<description>Create a Content</description>
@@ -227,16 +230,13 @@
</service>
<!--Content Assoc services.-->
- <service name="checkAssocPermission"
- transaction-timeout="72000"
- auth="true" engine="java" invoke="checkAssocPermission"
- location="org.ofbiz.content.content.ContentPermissionServices" >
+ <service name="checkAssocPermission" engine="java" transaction-timeout="72000" auth="true"
+ location="org.ofbiz.content.content.ContentPermissionServices" invoke="checkAssocPermission">
<description>Check for permission to perform operation on Content</description>
<attribute mode="IN" name="targetOperationList" optional="true" type="List"/>
<attribute mode="IN" name="contentPurposeList" optional="true" type="List"/>
<attribute mode="INOUT" name="roleTypeList" optional="true" type="List"/>
- <attribute mode="IN" name="userLogin" optional="true"
- type="org.ofbiz.core.entity.GenericValue"/>
+ <attribute mode="IN" name="userLogin" optional="true" type="org.ofbiz.core.entity.GenericValue"/>
<attribute mode="IN" name="contentIdTo" optional="true" type="String"/>
<attribute mode="IN" name="contentIdFrom" optional="true" type="String"/>
<attribute mode="IN" name="fromDate" optional="true" type="String"/>
@@ -251,6 +251,7 @@
<attribute mode="OUT" name="permissionRecorderTo" optional="true" type="org.ofbiz.content.content.PermissionRecorder"/>
<attribute mode="OUT" name="permissionRecorder" optional="true" type="org.ofbiz.content.content.PermissionRecorder"/>
</service>
+
<service name="assocContent"
default-entity-name="ContentAssoc"
auth="true" engine="simple" invoke="assocContent"
@@ -1517,4 +1518,17 @@
<attribute name="ownerContentId" type="String" mode="IN" optional="false"/>
</service>
+ <!-- content permissions -->
+ <service name="genericContentPermission" engine="simple" auth="true"
+ location="org/ofbiz/content/permission/ContentPermissionServices.xml" invoke="genericContentPermission">
+ <description>Generic Content Permission Service; Takes mainAction to determine the mode.</description>
+ <implements service="permissionInterface"/>
+ <attribute name="ownerContentId" type="String" mode="IN" optional="true"/>
+ <attribute name="contentIdFrom" type="String" mode="IN" optional="true"/>
+ <attribute name="contentIdTo" type="String" mode="IN" optional="true"/>
+ <attribute name="contentId" type="String" mode="IN" optional="true"/>
+ <attribute name="statusId" type="String" mode="IN" optional="true"/>
+ <attribute name="contentPurposeTypeId" type="String" mode="IN" optional="true"/>
+ <attribute name="contentOperationId" type="String" mode="IN" optional="true"/>
+ </service>
</services>