You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2008/09/04 13:06:06 UTC
svn commit: r691962 - in /ofbiz/trunk/applications/order:
script/org/ofbiz/order/request/CustRequestServices.xml
servicedef/services_request.xml
Author: jacopoc
Date: Thu Sep 4 04:06:05 2008
New Revision: 691962
URL: http://svn.apache.org/viewvc?rev=691962&view=rev
Log:
Migrated permission control for cust request creation to the new permission framework based on services.
Modified:
ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml
ofbiz/trunk/applications/order/servicedef/services_request.xml
Modified: ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml?rev=691962&r1=691961&r2=691962&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml (original)
+++ ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml Thu Sep 4 04:06:05 2008
@@ -20,20 +20,35 @@
<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
- <simple-method method-name="createCustRequest" short-description="Create Customer Request">
+ <simple-method method-name="custRequestPermissionCheck" short-description="Cust Request Permission Check">
<if>
<condition>
<and>
<not><if-empty field="parameters.fromPartyId"/></not>
<not><if-compare-field field="parameters.fromPartyId" to-field="userLogin.partyId" operator="equals"/></not>
- <not><if-has-permission permission="ORDERMGR" action="_CRQ_CREATE"/></not>
</and>
</condition>
<then>
- <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateCustRequest"/></add-error>
+ <set field="primaryPermission" value="ORDERMGR_CRQ"/>
+ <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+ <if-compare field="hasPermission" operator="not-equals" value="true">
+ <set field="resourceDescription" from-field="parameters.resourceDescription"/>
+ <if-empty field="resourceDescription">
+ <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field-name="resourceDescription"/>
+ </if-empty>
+ <property-to-field resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateCustRequest" field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ <field-to-result field-name="failMessage"/>
+ </if-compare>
</then>
+ <else>
+ <set field="hasPermission" type="Boolean" value="true"/>
+ </else>
</if>
- <check-errors/>
+ <field-to-result field-name="hasPermission"/>
+ </simple-method>
+
+ <simple-method method-name="createCustRequest" short-description="Create Customer Request">
<make-value value-name="newEntity" entity-name="CustRequest"/>
<set-nonpk-fields map-name="parameters" value-name="newEntity"/>
@@ -47,7 +62,6 @@
<set field="newEntity.custRequestDate" from-field="nowTimestamp"/>
</if-empty>
-
<if-empty field="parameters.statusId">
<set value="CRQ_SUBMITTED" field="newEntity.statusId"/>
</if-empty>
Modified: ofbiz/trunk/applications/order/servicedef/services_request.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=691962&r1=691961&r2=691962&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/servicedef/services_request.xml (original)
+++ ofbiz/trunk/applications/order/servicedef/services_request.xml Thu Sep 4 04:06:05 2008
@@ -25,9 +25,18 @@
<version>1.0</version>
<!-- Customer Request Services -->
+ <service name="custRequestPermissionCheck" engine="simple"
+ location="org/ofbiz/order/request/CustRequestServices.xml" invoke="custRequestPermissionCheck">
+ <description>
+ Performs a security check for CustRequest. The user, if enters a request for someone else,
+ must have one of the base ORDERMGR_CRQ CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ </service>
<service name="createCustRequest" engine="simple" default-entity-name="CustRequest"
location="org/ofbiz/order/request/CustRequestServices.xml" invoke="createCustRequest" auth="true">
<description>Create a custRequest record and optionally create a custRequest item.</description>
+ <permission-service service-name="custRequestPermissionCheck" main-action="CREATE"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<auto-attributes include="pk" mode="INOUT" optional="true"/>
<auto-attributes include="all" mode="IN" entity-name="CustRequestItem" optional="true"/>