You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by da...@apache.org on 2023/01/10 10:15:36 UTC

[ofbiz-framework] branch release22.01 updated: Fixed: Permission check when creating a Product Facility (OFBIZ-12739)

This is an automated email from the ASF dual-hosted git repository.

danwatford pushed a commit to branch release22.01
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release22.01 by this push:
     new 372d9fca2c Fixed: Permission check when creating a Product Facility (OFBIZ-12739)
372d9fca2c is described below

commit 372d9fca2ce14ddbd93d8642cada96959f334d92
Author: Daniel Watford <da...@watfordconsulting.com>
AuthorDate: Tue Jan 10 10:13:48 2023 +0000

    Fixed: Permission check when creating a Product Facility (OFBIZ-12739)
    
    Typo in the action being checked when creating a product facility
    prevented users with the FACILITY_CREATE permission, but not the
    CATALOG_CREATE permission, from creating Product Facilities.
---
 .../product/groovyScripts/product/product/ProductServices.groovy        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/applications/product/groovyScripts/product/product/ProductServices.groovy b/applications/product/groovyScripts/product/product/ProductServices.groovy
index afbeb18096..eef0cd8a8a 100644
--- a/applications/product/groovyScripts/product/product/ProductServices.groovy
+++ b/applications/product/groovyScripts/product/product/ProductServices.groovy
@@ -552,7 +552,7 @@ def checkProductRelatedPermission(String callingMethodName, String checkAction)
     if (!(security.hasEntityPermission("CATALOG", "_${checkAction}", parameters.userLogin)
             || (roleCategories && security.hasEntityPermission("CATALOG_ROLE", "_${checkAction}", parameters.userLogin))
             || (parameters.alternatePermissionRoot &&
-            security.hasEntityPermission(parameters.alternatePermissionRoot, checkAction, parameters.userLogin)))) {
+            security.hasEntityPermission(parameters.alternatePermissionRoot, "_${checkAction}", parameters.userLogin)))) {
         String checkActionLabel = "ProductCatalog${checkAction.charAt(0)}${checkAction.substring(1).toLowerCase()}PermissionError"
         return error(UtilProperties.getMessage("ProductUiLabels", checkActionLabel,
                 [resourceDescription: callingMethodName, mainAction: checkAction], parameters.locale))