You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by nm...@apache.org on 2020/03/27 10:19:09 UTC
[ofbiz-framework] branch trunk updated: Improved: Convert
PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)
This is an automated email from the ASF dual-hosted git repository.
nmalin pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new ae686c3 Improved: Convert PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)
ae686c3 is described below
commit ae686c3ff6f724742a075e3085dc0ab517423fb2
Author: Harutyun Farajyan <ha...@ecomify.de>
AuthorDate: Tue Mar 17 16:44:35 2020 +0100
Improved: Convert PartyPermissionServices.xml from mini lang to groovy
(OFBIZ-11433)
Thanks to Harutyun Farajyan for providing the patch
---
.../party/PartyPermissionServices.groovy | 280 ++++++++++++++++++++
.../minilang/party/PartyPermissionServices.xml | 284 ---------------------
applications/party/servicedef/services.xml | 51 ++--
3 files changed, 309 insertions(+), 306 deletions(-)
diff --git a/applications/party/groovyScripts/party/PartyPermissionServices.groovy b/applications/party/groovyScripts/party/PartyPermissionServices.groovy
new file mode 100644
index 0000000..c004ddd
--- /dev/null
+++ b/applications/party/groovyScripts/party/PartyPermissionServices.groovy
@@ -0,0 +1,280 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.ofbiz.base.util.UtilProperties
+import org.apache.ofbiz.entity.GenericValue
+
+// ============== Basic Permission Checking =============
+
+//Returns hasPermission=true if user has one of the base PARTYMGR CRUD+ADMIN permissions
+/**
+ * Party Manager base permission logic
+ */
+def basePermissionCheck() {
+ parameters.primaryPermission = "PARTYMGR"
+ Map serviceResult = run service: "genericBasePermissionCheck", with: parameters
+ return serviceResult
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter
+/**
+ * Party ID Permission Check
+ */
+def partyIdPermissionCheck(Map parameters) {
+ Map result = success()
+ Boolean hasPermission
+ String partyId = parameters.partyId
+
+ if (partyId && userLogin.partyId && partyId == userLogin.partyId) {
+ hasPermission = true
+ } else {
+ String resourceDescription = parameters.resourceDescription
+ if (!resourceDescription) {
+ resourceDescription = UtilProperties.getPropertyValue("CommonUiLabels", "CommonPermissionThisOperation")
+ }
+ String failMessage = UtilProperties.getMessage("PartyUiLabels",
+ "PartyPermissionErrorPartyId", [resourceDescription: resourceDescription], parameters.locale)
+ hasPermission = false
+ result.failMessage = failMessage
+ }
+ result.hasPermission = hasPermission
+ return result
+}
+
+//Returns hasPermission=true if userLogin party equals partyId parameter OR
+// user has one of the base PARTYMGR CRUD+ADMIN permissions
+/**
+ * Base Permission Plus Party ID Permission Check
+ */
+def basePlusPartyIdPermissionCheck() {
+ Map result = run service: "basePermissionCheck", with: parameters
+ if (!result.hasPermission) {
+ result = partyIdPermissionCheck(parameters)
+ }
+ return result
+}
+
+// ============== Additional Permission Checking =============
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+// user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions
+/**
+ * Party status permission logic
+ */
+def partyStatusPermissionCheck() {
+ Map result = success()
+ Boolean hasPermission = false
+ if (parameters.partyId && parameters.partyId == userLogin.partyId) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ if (!hasPermission) {
+ parameters.altPermission = "PARTYMGR_STS"
+ result = run service: "basePermissionCheck", with: parameters
+ }
+ return result
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+// user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions
+/**
+ * Party group permission logic
+ */
+def partyGroupPermissionCheck() {
+ parameters.altPermission = "PARTYMGR_GRP"
+ Map result = run service: "partyStatusPermissionCheck", with: parameters
+ return result
+}
+
+//Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_SRC CRUD+ADMIN permissions
+/**
+ * Party datasource permission logic
+ */
+def partyDatasourcePermissionCheck() {
+ parameters.altPermission = "PARTYMGR_SRC"
+ Map result = run service: "basePermissionCheck", with: parameters
+ return result
+}
+
+//Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_ROLE CRUD+ADMIN permissions
+/**
+ * Party role permission logic
+ */
+def partyRolePermissionCheck() {
+ parameters.altPermission = "PARTYMGR_ROLE"
+ Map result = run service: "partyStatusPermissionCheck", with: parameters
+ return result
+}
+
+//Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_REL CRUD+ADMIN permissions
+/**
+ * Party relationship permission logic
+ */
+def partyRelationshipPermissionCheck() {
+ Map result = success()
+ if (!parameters.partyIdFrom) {
+ parameters.partyIdFrom = userLogin.partyId
+ result.hasPermission = true
+ } else {
+ parameters.altPermission = "PARTYMGR_REL"
+ result = run service: "basePermissionCheck", with: parameters
+ }
+ return result
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+// user has one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions
+/**
+ * Party contact mech permission logic
+ */
+def partyContactMechPermissionCheck() {
+ Map result = success()
+ if (!parameters.partyId || userLogin.partyId == parameters.partyId) {
+ Boolean hasPermission = true
+ result.hasPermission = hasPermission
+ } else {
+ parameters.altPermission = "PARTYMGR_PCM"
+ result = run service: "basePermissionCheck", with: parameters
+ }
+ return result
+}
+
+//Accept/Decline PartyInvitation Permission Checks
+/**
+ * Accept and Decline PartyInvitation Permission Logic
+ */
+def accAndDecPartyInvitationPermissionCheck() {
+ Map result = success()
+ Boolean hasPermission = false
+ if (security.hasEntityPermission("PARTYMGR_UPDATE", "_UPDATE", parameters.userLogin)) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ if (!hasPermission) {
+ GenericValue partyInvitation = from("PartyInvitation").where(parameters).queryOne()
+ if (!partyInvitation?.partyId) {
+ if (!partyInvitation?.emailAddress) {
+ return error(UtilProperties.getMessage("PartyUiLabels",
+ "PartyInvitationNotValidError", parameters.locale))
+ } else {
+ Map serviceResult = run service: "findPartyFromEmailAddress", with: [address: partyInvitation.emailAddress]
+ String partyId = serviceResult.partyId
+ if (partyId && partyId == userLogin.partyId) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ } else {
+ return error(UtilProperties.getMessage("PartyUiLabels",
+ "PartyInvitationNotValidError", parameters.locale))
+ }
+ }
+ } else {
+ if (partyInvitation.partyId == userLogin.partyId) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ }
+ }
+ if (!hasPermission) {
+ String failMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationAccAndDecPermissionError", parameters.locale)
+ logWarning(failMessage)
+ result.failMessage = failMessage
+ result.hasPermission = hasPermission
+ }
+ return result
+}
+
+//Cancel PartyInvitation Permission Checks
+/**
+ * Cancel PartyInvitation Permission Logic
+ */
+def cancelPartyInvitationPermissionCheck() {
+ Map result = success()
+ Boolean hasPermission = false
+ if (security.hasEntityPermission("PARTYMGR_UPDATE", "_UPDATE", parameters.userLogin)) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ if (!hasPermission) {
+ GenericValue partyInvitation = from("PartyInvitation").where(parameters).queryOne()
+ if (partyInvitation?.partyIdFrom
+ && partyInvitation.partyIdFrom == userLogin.partyId) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ if (!hasPermission) {
+ if (!partyInvitation?.partyId) {
+ if (!partyInvitation?.emailAddress) {
+ String errorMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationNotValidError", parameters.locale)
+ logError(errorMessage)
+ return error(errorMessage)
+ } else {
+ Map findPartyCtx = [address: partyInvitation.emailAddress]
+ Map serviceResult = run service: "findPartyFromEmailAddress", with: findPartyCtx
+ String partyId = serviceResult.partyId
+ if (partyId) {
+ if (partyId == userLogin.partyId) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ } else {
+ String errorMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationNotValidError", parameters.locale)
+ logError(errorMessage)
+ return error(errorMessage)
+ }
+ }
+ } else {
+ if (partyInvitation?.partyId == userLogin.partyId) {
+ hasPermission = true
+ result.hasPermission = hasPermission
+ }
+ }
+ }
+ }
+ if (!hasPermission) {
+ String failMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationCancelPermissionError", parameters.locale)
+ logWarning(failMessage)
+ result.failMessage = failMessage
+ result.hasPermission = hasPermission
+ }
+ return result
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyIdFrom parameter OR
+// partyIdTo parameter OR user has one of the base PARTYMGR or PARTYMGR_CME CRUD+ADMIN permissions
+/**
+ * Communication Event permission logic
+ */
+def partyCommunicationEventPermissionCheck() {
+ Map result = success()
+ if (parameters.communicationEventTypeId == "EMAIL_COMMUNICATION" && parameters.mainAction == "CREATE") {
+ parameters.altPermission = "PARTYMGR_CME-EMAIL"
+ } else if (parameters.communicationEventTypeId == "COMMENT_NOTE" && parameters.mainAction == "CREATE") {
+ parameters.altPermission = "PARTYMGR_CME-NOTE"
+ } else if (parameters.partyIdFrom != userLogin.partyId
+ && parameters.partyIdTo != userLogin.partyId
+ && parameters.partyId != userLogin.partyId) { // <- update role
+ parameters.altPermission = "PARTYMGR_CME"
+ } else {
+ result.hasPermission = true
+ }
+ if (!result.hasPermission) {
+ result = run service: "basePermissionCheck", with: parameters
+ }
+ return result
+}
\ No newline at end of file
diff --git a/applications/party/minilang/party/PartyPermissionServices.xml b/applications/party/minilang/party/PartyPermissionServices.xml
deleted file mode 100644
index a11321d..0000000
--- a/applications/party/minilang/party/PartyPermissionServices.xml
+++ /dev/null
@@ -1,284 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd">
-
- <!-- ============== Basic Permission Checking ============= -->
-
- <!-- Returns hasPermission=true if user has one of the base PARTYMGR CRUD+ADMIN permissions -->
- <simple-method method-name="basePermissionCheck" short-description="Party Manager base permission logic">
- <set field="primaryPermission" value="PARTYMGR"/>
- <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
- </simple-method>
-
- <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter -->
- <simple-method method-name="partyIdPermissionCheck" short-description="Party ID Permission Check">
- <if-empty field="partyId">
- <set field="partyId" from-field="parameters.partyId"/>
- </if-empty>
- <if>
- <condition>
- <and>
- <not><if-empty field="partyId"/></not>
- <not><if-empty field="userLogin.partyId"/></not>
- <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals"/>
- </and>
- </condition>
- <then>
- <set field="hasPermission" type="Boolean" value="true"/>
- </then>
- <else>
- <set field="resourceDescription" from-field="parameters.resourceDescription"/>
- <if-empty field="resourceDescription">
- <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="resourceDescription"/>
- </if-empty>
- <property-to-field resource="PartyUiLabels" property="PartyPermissionErrorPartyId" field="failMessage"/>
- <set field="hasPermission" type="Boolean" value="false"/>
- <field-to-result field="failMessage"/>
- </else>
- </if>
- <field-to-result field="hasPermission"/>
- </simple-method>
-
- <!-- Returns hasPermission=true if userLogin party equals partyId parameter OR
- user has one of the base PARTYMGR CRUD+ADMIN permissions -->
- <simple-method method-name="basePlusPartyIdPermissionCheck" short-description="Base Permission Plus Party ID Permission Check">
- <call-simple-method method-name="basePermissionCheck"/>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <call-simple-method method-name="partyIdPermissionCheck"/>
- </if-compare>
- </simple-method>
-
- <!-- ============== Additional Permission Checking ============= -->
-
- <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
- user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions -->
- <simple-method method-name="partyStatusPermissionCheck" short-description="Party status permission logic">
- <set field="hasPermission" type="Boolean" value="false"/>
- <if-not-empty field="parameters.partyId">
- <if-compare-field field="parameters.partyId" to-field="userLogin.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-compare-field>
- </if-not-empty>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <set field="altPermission" value="PARTYMGR_STS"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </if-compare>
- </simple-method>
-
- <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
- user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions -->
- <simple-method method-name="partyGroupPermissionCheck" short-description="Party group permission logic">
- <set field="altPermission" value="PARTYMGR_GRP"/>
- <call-simple-method method-name="basePlusPartyIdPermissionCheck"/>
- </simple-method>
-
- <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_SRC CRUD+ADMIN permissions -->
- <simple-method method-name="partyDatasourcePermissionCheck" short-description="Party datasource permission logic">
- <set field="altPermission" value="PARTYMGR_SRC"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </simple-method>
-
- <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_ROLE CRUD+ADMIN permissions -->
- <simple-method method-name="partyRolePermissionCheck" short-description="Party role permission logic">
- <set field="altPermission" value="PARTYMGR_ROLE"/>
- <call-simple-method method-name="basePlusPartyIdPermissionCheck"/>
- </simple-method>
-
- <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_REL CRUD+ADMIN permissions -->
- <simple-method method-name="partyRelationshipPermissionCheck" short-description="Party relationship permission logic">
- <if-empty field="parameters.partyIdFrom">
- <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/>
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- <else>
- <set field="altPermission" value="PARTYMGR_REL"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </else>
- </if-empty>
- </simple-method>
-
- <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
- user has one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions -->
- <simple-method method-name="partyContactMechPermissionCheck" short-description="Party contact mech permission logic">
- <if-empty field="parameters.partyId">
- <set field="parameters.partyId" from-field="userLogin.partyId"/>
- </if-empty>
- <if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
-
- <else>
- <set field="altPermission" value="PARTYMGR_PCM"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </else>
- </if-compare-field>
- </simple-method>
-
- <!-- Accept/Decline/Cancel PartyInvitation Permission Checks -->
- <simple-method method-name="accAndDecPartyInvitationPermissionCheck" short-description="Accept and Decline PartyInvitation Permission Logic">
- <set field="hasPermission" type="Boolean" value="false"/>
- <if-has-permission permission="PARTYMGR_UPDATE" action="_UPDATE">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-has-permission>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <entity-one entity-name="PartyInvitation" value-field="partyInvitation"/>
- <if-empty field="partyInvitation.partyId">
- <if-empty field="partyInvitation.emailAddress">
- <add-error>
- <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
- </add-error>
- <else>
- <set field="findPartyCtx.address" from-field="partyInvitation.emailAddress"/>
- <call-service service-name="findPartyFromEmailAddress" in-map-name="findPartyCtx">
- <result-to-field result-name="partyId" field="partyId"/>
- </call-service>
- <if-not-empty field="partyId">
- <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-compare-field>
- <else>
- <add-error>
- <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
- </add-error>
- </else>
- </if-not-empty>
- </else>
- </if-empty>
- <else>
- <if-compare-field field="partyInvitation.partyId" to-field="userLogin.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-compare-field>
- </else>
- </if-empty>
- <check-errors/>
- </if-compare>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <property-to-field property="PartyInvitationAccAndDecPermissionError" field="failMessage" resource="PartyUiLabels"/>
- <field-to-result field="hasPermission"/>
- <field-to-result field="failMessage"/>
- </if-compare>
- </simple-method>
- <simple-method method-name="cancelPartyInvitationPermissionCheck" short-description="Cancel PartyInvitation Permission Logic">
- <set field="hasPermission" type="Boolean" value="false"/>
- <if-has-permission permission="PARTYMGR_UPDATE" action="_UPDATE">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-has-permission>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <entity-one entity-name="PartyInvitation" value-field="partyInvitation"/>
- <if-not-empty field="partyInvitation.partyIdFrom">
- <if-compare-field field="partyInvitation.partyIdFrom" to-field="userLogin.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-compare-field>
- </if-not-empty>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <if-empty field="partyInvitation.partyId">
- <if-empty field="partyInvitation.emailAddress">
- <add-error>
- <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
- </add-error>
- <else>
- <set field="findPartyCtx.address" from-field="partyInvitation.emailAddress"/>
- <call-service service-name="findPartyFromEmailAddress" in-map-name="findPartyCtx">
- <result-to-field result-name="partyId" field="partyId"/>
- </call-service>
- <if-not-empty field="partyId">
- <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-compare-field>
- <else>
- <add-error>
- <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
- </add-error>
- </else>
- </if-not-empty>
- </else>
- </if-empty>
- <else>
- <if-compare-field field="partyInvitation.partyId" to-field="userLogin.partyId" operator="equals">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </if-compare-field>
- </else>
- </if-empty>
- <check-errors/>
- </if-compare>
- </if-compare>
- <if-compare field="hasPermission" operator="not-equals" value="true">
- <property-to-field property="PartyInvitationCancelPermissionError" field="failMessage" resource="PartyUiLabels"/>
- <field-to-result field="hasPermission"/>
- <field-to-result field="failMessage"/>
- </if-compare>
- </simple-method>
-
- <!-- Returns hasPermission=true if userLogin partyId equals partyIdFrom parameter OR
- partyIdTo parameter OR user has one of the base PARTYMGR or PARTYMGR_CME CRUD+ADMIN permissions -->
- <simple-method method-name="partyCommunicationEventPermissionCheck" short-description="Communication Event permission logic">
- <if>
- <condition>
- <and>
- <if-compare operator="equals" value="EMAIL_COMMUNICATION" field="parameters.communicationEventTypeId"/>
- <if-compare operator="equals" value="CREATE" field="action"/>
- </and>
- </condition>
- <then>
- <set field="altPermission" value="PARTYMGR_CME-EMAIL"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </then>
- <else-if>
- <condition>
- <and>
- <if-compare operator="equals" value="COMMENT_NOTE" field="parameters.communicationEventTypeId"/>
- <if-compare operator="equals" value="CREATE" field="action"/>
- </and>
- </condition>
- <then>
- <set field="altPermission" value="PARTYMGR_CME-NOTE"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </then>
- </else-if>
- <else-if>
- <condition>
- <and>
- <if-compare-field field="parameters.partyIdFrom" to-field="userLogin.partyId" operator="not-equals"/>
- <if-compare-field field="parameters.partyIdTo" to-field="userLogin.partyId" operator="not-equals"/>
- <if-compare-field field="parameters.partyId" to-field="userLogin.partyId" operator="not-equals"/><!-- update role -->
- </and>
- </condition>
- <then>
- <set field="altPermission" value="PARTYMGR_CME"/>
- <call-simple-method method-name="basePermissionCheck"/>
- </then>
- </else-if>
- <else>
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
- </else>
- </if>
- </simple-method>
-</simple-methods>
diff --git a/applications/party/servicedef/services.xml b/applications/party/servicedef/services.xml
index 00b7109..b26dcfc 100644
--- a/applications/party/servicedef/services.xml
+++ b/applications/party/servicedef/services.xml
@@ -1102,16 +1102,23 @@ under the License.
</service>
<!-- Permission checking services-->
- <service name="partyBasePermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="basePermissionCheck">
+ <service name="partyBasePermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="basePermissionCheck">
<description>
Performs a basic Party Manager security check. The user must have one of the base PARTYMGR
CRUD+ADMIN permissions.
</description>
<implements service="permissionInterface"/>
</service>
- <service name="partyIdPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="basePlusPartyIdPermissionCheck">
+ <service name="basePermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="basePermissionCheck">
+ <description>
+ Performs a basic security check. The user must have the base PARTYMGR permission.
+ </description>
+ <implements service="permissionInterface"/>
+ </service>
+ <service name="partyIdPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="basePlusPartyIdPermissionCheck">
<description>
Performs a party ID security check. The userLogin partyId must equal
the partyId parameter, or the logged-in user must have the correct permission
@@ -1120,8 +1127,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyId" type="String" mode="INOUT" optional="true"/>
</service>
- <service name="partyStatusPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyStatusPermissionCheck">
+ <service name="partyStatusPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyStatusPermissionCheck">
<description>
Performs a party status security check. The userLogin partyId must equal the partyId parameter OR
the user must have one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions.
@@ -1129,8 +1136,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
</service>
- <service name="partyGroupPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyGroupPermissionCheck">
+ <service name="partyGroupPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyGroupPermissionCheck">
<description>
Performs a party group security check. The userLogin partyId must equal the partyId parameter OR
the user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions.
@@ -1138,16 +1145,16 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyId" type="String" mode="INOUT" optional="true"/>
</service>
- <service name="partyDatasourcePermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyDatasourcePermissionCheck">
+ <service name="partyDatasourcePermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyDatasourcePermissionCheck">
<description>
Performs a party datasource security check. The user must have one of the base PARTYMGR or
PARTYMGR_SRC CRUD+ADMIN permissions.
</description>
<implements service="permissionInterface"/>
</service>
- <service name="partyRolePermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyRolePermissionCheck">
+ <service name="partyRolePermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyRolePermissionCheck">
<description>
Performs a party role security check. The user must have one of the base PARTYMGR or
PARTYMGR_ROLE CRUD+ADMIN permissions.
@@ -1155,8 +1162,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyId" type="String" mode="INOUT" optional="true"/>
</service>
- <service name="partyRelationshipPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyRelationshipPermissionCheck">
+ <service name="partyRelationshipPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyRelationshipPermissionCheck">
<description>
Performs a party relationship security check. The user must have one of the base PARTYMGR or
PARTYMGR_REL CRUD+ADMIN permissions.
@@ -1164,8 +1171,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyIdFrom" type="String" mode="IN" optional="true"/>
</service>
- <service name="partyContactMechPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyContactMechPermissionCheck">
+ <service name="partyContactMechPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyContactMechPermissionCheck">
<description>
Performs a party contact mech security check. The userLogin partyId must equal the partyId parameter OR
the user must have one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions.
@@ -1173,8 +1180,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
</service>
- <service name="accAndDecPartyInvitationPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="accAndDecPartyInvitationPermissionCheck">
+ <service name="accAndDecPartyInvitationPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="accAndDecPartyInvitationPermissionCheck">
<description>
Performs accept and decline PartyInvitation security check. The userLogin partyId must equal the
partyIdTo in PartyInvitation OR partyId fetched using emailAdress in PartyInvitation.
@@ -1183,8 +1190,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyInvitationId" type="String" mode="IN" optional="false"/>
</service>
- <service name="cancelPartyInvitationPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="cancelPartyInvitationPermissionCheck">
+ <service name="cancelPartyInvitationPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="cancelPartyInvitationPermissionCheck">
<description>
Performs cancel PartyInvitation security check. The userLogin partyId must equal the
partyId/partyIdFrom in PartyInvitation OR partyId fetched using emailAdress in PartyInvitation.
@@ -1193,8 +1200,8 @@ under the License.
<implements service="permissionInterface"/>
<attribute name="partyInvitationId" type="String" mode="IN" optional="false"/>
</service>
- <service name="partyCommunicationEventPermissionCheck" engine="simple"
- location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyCommunicationEventPermissionCheck">
+ <service name="partyCommunicationEventPermissionCheck" engine="groovy"
+ location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyCommunicationEventPermissionCheck">
<description>Party CommunicationEvents Permission Checking Logic</description>
<implements service="permissionInterface"/>
<attribute name="partyIdFrom" type="String" mode="IN" optional="true"/>