You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ho...@apache.org on 2020/10/02 16:25:07 UTC
[ofbiz-framework] branch release17.12 updated (f1e8ea7 -> 85db312)
This is an automated email from the ASF dual-hosted git repository.
holivier pushed a change to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.
from f1e8ea7 Fixed: Incorrect data issue for InvoiceItemTypeMap and ReturnItemTypeMap. (OFBIZ-11971) As we have returnItemTypeId as RET_MISC_ADJ, same should be used in ReturnItemTypeMap and corresponding InvoiceItemTypeMap. Thanks Amit Gadaley for reporting and providing the patch.
new 744fa72 Improvement: Error messages when generating HTML and PDF file from AsciiDoc files (OFBIZ-11893)
new 85db312 Improvement: Error messages when generating HTML and PDF file from AsciiDoc files (OFBIZ-11893)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../docs/asciidoc/_include/sy-CSRF-defense.adoc | 2 +-
.../docs/asciidoc/_include/sy-impersonation.adoc | 127 ---------------------
framework/security/src/docs/asciidoc/security.adoc | 1 -
3 files changed, 1 insertion(+), 129 deletions(-)
delete mode 100644 framework/security/src/docs/asciidoc/_include/sy-impersonation.adoc
[ofbiz-framework] 02/02: Improvement: Error messages when
generating HTML and PDF file from AsciiDoc files (OFBIZ-11893)
Posted by ho...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
holivier pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 85db312077ceeade6b9fa585f8d3eb7d77579ca0
Author: holivier <ho...@apache.org>
AuthorDate: Fri Oct 2 18:05:28 2020 +0200
Improvement: Error messages when generating HTML and PDF file from AsciiDoc files (OFBIZ-11893)
minor correction, title level
---
framework/security/src/docs/asciidoc/_include/sy-CSRF-defense.adoc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/security/src/docs/asciidoc/_include/sy-CSRF-defense.adoc b/framework/security/src/docs/asciidoc/_include/sy-CSRF-defense.adoc
index 4c380ff..07c6fee 100644
--- a/framework/security/src/docs/asciidoc/_include/sy-CSRF-defense.adoc
+++ b/framework/security/src/docs/asciidoc/_include/sy-CSRF-defense.adoc
@@ -38,7 +38,7 @@ ____
By default OOTB the SameSiteFilter property sets the same-site attribute value to 'strict. SameSiteFilter allows to change to 'lax' if needed
-===== Properties
+==== Properties
The _security.properties_ file contains related properties:
[ofbiz-framework] 01/02: Improvement: Error messages when
generating HTML and PDF file from AsciiDoc files (OFBIZ-11893)
Posted by ho...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
holivier pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
commit 744fa72316b9da6adfab621a9c77699b1ea57c6c
Author: holivier <ho...@apache.org>
AuthorDate: Fri Oct 2 18:04:39 2020 +0200
Improvement: Error messages when generating HTML and PDF file from AsciiDoc files (OFBIZ-11893)
remove sy-impersonation.adoc because impersonation is not implemented in 17.12
---
.../docs/asciidoc/_include/sy-impersonation.adoc | 127 ---------------------
framework/security/src/docs/asciidoc/security.adoc | 1 -
2 files changed, 128 deletions(-)
diff --git a/framework/security/src/docs/asciidoc/_include/sy-impersonation.adoc b/framework/security/src/docs/asciidoc/_include/sy-impersonation.adoc
deleted file mode 100644
index e0b1bb4..0000000
--- a/framework/security/src/docs/asciidoc/_include/sy-impersonation.adoc
+++ /dev/null
@@ -1,127 +0,0 @@
-////
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
-////
-
-= Impersonation
-== What is Impersonation in Apache OFBiz
-The Apache OFBiz Project
-Release 17.12
-
-:imagesdir: ../../themes/common-theme/webapp/images/img/
-ifdef::backend-pdf[]
-:title-logo-image: image::OFBiz-Logo.svg[Apache OFBiz Logo, pdfwidth=4.25in, align=center]
-:source-highlighter: rouge
-endif::[]
-
-=== Introduction to User impersonation
-
-User Impersonation is a feature that offer a way to select a user login and impersonate it, i.e. see what the user could
-see navigating through the application in his name.
-
-=== How do this work ?
-
-An authorized user _(see <<Security,security>> and <<Controls,controls>> section for configuration)_, can select a user
-that will be impersonated.
-
-The impersonation start, if everything is well configured, in current application (partymgr for the demo).
-Everything appears like if we were logged in with the userLoginId and the valid password (though we know nothing about it)
-
-The only thing showing that we currently are impersonating a user is the little bottom-right image :
-
-image::impersonate-ico.png[Impersonate icon, pdfwidth=0.5in, align=left]
-
-This icon indicates, when clicking on it, the user impersonated, and offer a way to depersonate.
-
-The impersonate period is stored for audit purpose, and if the impersonator forgot to depersonate, the period
-is terminated _one hour_ after impersonation start.
-
-=== Security
-
-This feature can draw some concerns about security aspect. This paragraph will introduce every controls and properties
-that have been implemented around the impersonation feature.
-
-[CAUTION]
-These configuration steps are not to be neglected for a *production environment* since this feature offer a way to act
- in place of another user.
-
-==== Properties
-
-The _security.properties_ file introduce two properties that control impersonation feature :
-
-
-[source]
-security.disable.impersonation = true
-
-This property, set by default to *true*, controls the activation of impersonation feature. If no configuration is done
-any user trying to use impersonation will face an error message, indicating that the feature is disabled.
-
-To enable impersonation this property need to be set to *false*
-
-
-[source]
-security.login.authorised.during.impersonate = false
-
-This property controls the way impersonation occurred to the impersonated user :
-
-In default configuration, the impersonated user see nothing and can use the application without knowing that he is
-currently impersonated. Several authorized user can impersonate a same login without any issue.
-
-[NOTE]
-This configuration is intended for testing/QA environment allowing any authorized user to impersonate a login
-to validate its configuration, test the application etc.
-
-Set to *true*, this configuration improve the control of the data generated by the impersonated user. Indeed, Only one
-authorized user can impersonate a login at the same time, and during the impersonation process, the impersonated user
-is unable to act within the application.
-
-Since the impersonation period is stored in database, the actions done by the
-authorized user can be identified if there is the need to do so.
-[NOTE]
-This configuration is intended for production environment
-
-
-==== Controls
-
-The permission::
-
-First, to be able to use impersonation, a user need to possess _IMPERSONATE_ADMIN_ permissions. Demo data offer
-_IMPERSONATION_ security group for this purpose. +
-In demo data, _FULLADMIN_ security group also possess the permission.
-
-
-Permission based user restriction::
-
-An authorized user cannot impersonate any user. There are two main controls that will restrict the impersonation feature.
-
-Cannot impersonate Admin user:::
-
-It is impossible to impersonate a user that is granted any of the admin permission :
-
- "IMPERSONATE_ADMIN"
- "ARTIFACT_INFO_VIEW"
- "SERVICE_MAINT"
- "ENTITY_MAINT"
- "UTIL_CACHE_VIEW"
- "UTIL_DEBUG_VIEW"
-
-Cannot impersonate more privileged user:::
-
-It is impossible to impersonate a user that has more permission than your user. Even if the missing persmission is
-a minor one.
-
-
diff --git a/framework/security/src/docs/asciidoc/security.adoc b/framework/security/src/docs/asciidoc/security.adoc
index d8562ee..4724a70 100644
--- a/framework/security/src/docs/asciidoc/security.adoc
+++ b/framework/security/src/docs/asciidoc/security.adoc
@@ -21,4 +21,3 @@ under the License.
include::_include/sy-CSRF-defense.adoc[leveloffset=+1]
include::_include/sy-password-and-JWT.adoc[leveloffset=+1]
-include::_include/sy-impersonation.adoc[leveloffset=+1]