You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mo...@apache.org on 2010/04/03 19:01:30 UTC
svn commit: r930543 - in /ofbiz/trunk/applications/product:
script/org/ofbiz/shipment/issuance/IssuanceServices.xml
script/org/ofbiz/shipment/shipment/ShipmentServices.xml
servicedef/services_shipment.xml
Author: mor
Date: Sat Apr 3 17:01:29 2010
New Revision: 930543
URL: http://svn.apache.org/viewvc?rev=930543&view=rev
Log:
Moved permission checking logic to service definition. This commit also fix a bad security permission check on updateQuantityBreak and
deleteQuantityBreak services.
Modified:
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml
ofbiz/trunk/applications/product/servicedef/services_shipment.xml
Modified: ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml?rev=930543&r1=930542&r2=930543&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml (original)
+++ ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml Sat Apr 3 17:01:29 2010
@@ -430,11 +430,6 @@ under the License.
</simple-method>
<simple-method method-name="cancelOrderItemIssuanceFromSalesShipment" short-description="Cancel an ItemIssuance quantity from Sales Shipment">
- <set value="Cancel Order Item Issuance from Sales Shipment" field="operationName"/>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
-
<!-- get ItemIssuance and related entities-->
<entity-one entity-name="ItemIssuance" value-field="itemIssuance"/>
<get-related-one value-field="itemIssuance" relation-name="OrderHeader" to-value-field="orderHeader"/>
Modified: ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml?rev=930543&r1=930542&r2=930543&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml (original)
+++ ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml Sat Apr 3 17:01:29 2010
@@ -1845,13 +1845,6 @@ under the License.
</simple-method>
<simple-method method-name="removeOrderShipmentFromShipment" short-description="Delete an OrderShipment and updates the ShipmentItem">
- <set value="Delete OrderShipment entry" field="operationName"/>
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
- </check-permission>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
<make-value entity-name="OrderShipment" value-field="lookupPk"/>
<set-pk-fields value-field="lookupPk" map="parameters"/>
<find-by-primary-key entity-name="OrderShipment" map="lookupPk" value-field="orderShipment"/>
@@ -1892,14 +1885,6 @@ under the License.
<!-- for a given order item and quantity it creates (or updates if already exists) an -->
<!-- entry in the ShipmentPlan. -->
<simple-method method-name="addOrderShipmentToShipment" short-description="Add or update a ShipmentPlan entry">
- <set value="Put Ordered Quantity to Shipment Plan" field="operationName"/>
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
- </check-permission>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
-
<!-- if quantity is greater than 0 we add or update the ShipmentPlan -->
<if-compare field="parameters.quantity" operator="greater" value="0" type="BigDecimal">
@@ -1989,11 +1974,6 @@ under the License.
</simple-method>
<simple-method method-name="checkCancelItemIssuanceAndOrderShipmentFromShipment" short-description="Check Shipment Items and Cancel Item Issuance and Order Shipment">
- <set value="Cancel Item Issuance and Order Shipment from a Sales Shipment" field="operationName"/>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
-
<entity-and entity-name="OrderShipment" list="orderShipmentList">
<field-map field-name="shipmentId" from-field="parameters.shipmentId"/>
</entity-and>
@@ -2015,10 +1995,6 @@ under the License.
<!-- QuantityBreak services -->
<!-- create a new QuantityBreak -->
<simple-method method-name="createQuantityBreak" short-description="Create a QuoteAttribute">
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateQuantityBreak"/>
- </check-permission>
- <check-errors/>
<make-value value-field="quantityBreak" entity-name="QuantityBreak"/>
<set-nonpk-fields map="parameters" value-field="quantityBreak"/>
<sequenced-id sequence-name="QuantityBreak" field="quantityBreak.quantityBreakId"/>
@@ -2028,10 +2004,6 @@ under the License.
<!-- update an existing QuantityBreak -->
<simple-method method-name="updateQuantityBreak" short-description="Update an existing QuantityBreak">
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunUpdateQuantityBreak"/>
- </check-permission>
- <check-errors/>
<entity-one entity-name="QuantityBreak" value-field="quantityBreak" auto-field-map="true"/>
<check-errors/>
<set-nonpk-fields map="parameters" value-field="quantityBreak"/>
@@ -2041,10 +2013,6 @@ under the License.
<!-- remove an existing QuantityBreak -->
<simple-method method-name="deleteQuantityBreak" short-description="Remove an existing QuantityBreak">
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunRemoveQuantityBreak"/>
- </check-permission>
- <check-errors/>
<entity-one entity-name="QuantityBreak" value-field="quantityBreak" auto-field-map="true"/>
<check-errors/>
<remove-value value-field="quantityBreak"/>
Modified: ofbiz/trunk/applications/product/servicedef/services_shipment.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/servicedef/services_shipment.xml?rev=930543&r1=930542&r2=930543&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/servicedef/services_shipment.xml (original)
+++ ofbiz/trunk/applications/product/servicedef/services_shipment.xml Sat Apr 3 17:01:29 2010
@@ -211,6 +211,7 @@ under the License.
<service name="checkCancelItemIssuanceAndOrderShipmentFromShipment" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="checkCancelItemIssuanceAndOrderShipmentFromShipment" auth="true">
<description>Check Shipment Items and cancel Item Issuance and Order Shipment</description>
+ <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
<attribute name="shipmentId" type="String" mode="IN" optional="false"/>
</service>
<service name="quickDropShipOrder" engine="simple"
@@ -473,6 +474,7 @@ under the License.
<service name="cancelOrderItemIssuanceFromSalesShipment" engine="simple"
location="component://product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml" invoke="cancelOrderItemIssuanceFromSalesShipment" auth="true">
<description>Cancel an ItemIssuance from Sales Shipment</description>
+ <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
<attribute name="itemIssuanceId" type="String" mode="IN" optional="false"/>
<attribute name="cancelQuantity" type="BigDecimal" mode="IN" optional="true"/>
<attribute name="canceledQuantity" type="BigDecimal" mode="OUT" optional="false"/>
@@ -694,6 +696,10 @@ under the License.
<service name="addOrderShipmentToShipment" engine="simple" default-entity-name="OrderShipment"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="addOrderShipmentToShipment" auth="true">
<description>Add an OrderShipment and a ShipmentItem - only for sales orders</description>
+ <required-permissions join-type="AND">
+ <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
+ <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
+ </required-permissions>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="false"/>
<override name="shipmentItemSeqId" mode="IN" optional="true"/>
@@ -701,6 +707,10 @@ under the License.
<service name="removeOrderShipmentFromShipment" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="removeOrderShipmentFromShipment" auth="true">
<description>Delete an OrderShipment and updates the ShipmentItem</description>
+ <required-permissions join-type="AND">
+ <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
+ <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
+ </required-permissions>
<auto-attributes entity-name="OrderShipment" include="pk" mode="IN" optional="false"/>
</service>
<service name="getQuantityForShipment" engine="simple" default-entity-name="OrderItem"
@@ -871,17 +881,20 @@ under the License.
<service name="createQuantityBreak" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="createQuantityBreak" auth="true">
<description>Create a QuantityBreak</description>
+ <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
<auto-attributes entity-name="QuantityBreak" include="nonpk" mode="IN" optional="true"/>
</service>
<service name="updateQuantityBreak" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="updateQuantityBreak" auth="true">
<description>Update a QuantityBreak</description>
+ <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
<auto-attributes entity-name="QuantityBreak" include="pk" mode="IN" optional="false"/>
<auto-attributes entity-name="QuantityBreak" include="nonpk" mode="IN" optional="true"/>
</service>
<service name="deleteQuantityBreak" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="deleteQuantityBreak" auth="true">
<description>Delete a QuantityBreak</description>
+ <permission-service service-name="facilityGenericPermission" main-action="DELETE"/>
<auto-attributes entity-name="QuantityBreak" include="pk" mode="IN" optional="false"/>
</service>