You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Al Byers <by...@automationgroups.com> on 2007/05/30 02:07:42 UTC
CMS viewContentPermission
Is there any reason why ContentPermission.viewContentPermission does not
need the same code as updateContentPermission that sets "checkId"? Below is
some code where I have added that code.
<simple-method method-name="viewContentPermission"
short-description="Check user can view content">
<!-- if called directly check the main permission -->
<if-empty field-name="hasPermission">
<set field="primaryPermission" value="CONTENTMGR"/>
<set field="mainAction" value="VIEW"/>
<call-simple-method method-name="genericBasePermissionCheck"
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
</if-empty>
<!-- check content role permission -->
<set field="primaryPermission" value="CONTENTMGR_ROLE"/>
<call-simple-method method-name="genericBasePermissionCheck"
xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
<!-- must have the security permission to continue -->
<if>
<condition>
<if-compare field-name="hasPermission" value="true"
type="Boolean" operator="equals"/>
</condition>
<then>
<!-- if no operation is passed; we use the CONTENT_VIEW
operation -->
<if-empty field-name="parameters.contentOperationId">
<set field="parameters.contentOperationId"
value="CONTENT_VIEW"/>
</if-empty>
<!-- I see a need to add this group -->
<!-- contentId is required for update checking -->
<if-empty field-name="contentId">
<set field="contentId" from-field="parameters.contentId
"/>
</if-empty>
<if-empty field-name="contentId">
<add-error><fail-message message="Content Permission
Service VIEW requires a contentId!"/></add-error>
</if-empty>
<check-errors/>
<!-- grab the current requested content record -->
<entity-one entity-name="Content" value-name="content">
<field-map field-name="contentId" env-name="contentId"/>
</entity-one>
<!-- check the operation security -->
<set field="contentOperationId" from-field="
parameters.contentOperationId"/>
<set field="content" from-field="content"/>
<!-- I see a need to add this line -->
<set field="checkId" from-field="contentId"/>
<call-simple-method
method-name="checkContentOperationSecurity"/>
</then>
</if>
</simple-method>
-Al
Re: CMS viewContentPermission
Posted by Al Byers <by...@automationgroups.com>.
Yeah, I guess a patch would have been clearer than my annotation. I created
a JIRA issue to hold the patch file:
https://issues.apache.org/jira/browse/OFBIZ-1043
-Al
On 5/29/07, David E Jones <jo...@hotwaxmedia.com> wrote:
>
>
> What code have you added? Could you send a (proposed) patch to make it
> easier to track that down?
>
> -David
>
>
> Al Byers wrote:
> > Is there any reason why ContentPermission.viewContentPermission does not
> > need the same code as updateContentPermission that sets "checkId"? Below
> is
> > some code where I have added that code.
> >
> > <simple-method method-name="viewContentPermission"
> > short-description="Check user can view content">
> > <!-- if called directly check the main permission -->
> > <if-empty field-name="hasPermission">
> > <set field="primaryPermission" value="CONTENTMGR"/>
> > <set field="mainAction" value="VIEW"/>
> > <call-simple-method method-name="genericBasePermissionCheck"
> >
> >
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
> > </if-empty>
> >
> > <!-- check content role permission -->
> > <set field="primaryPermission" value="CONTENTMGR_ROLE"/>
> > <call-simple-method method-name="genericBasePermissionCheck"
> >
> >
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
> >
> > <!-- must have the security permission to continue -->
> > <if>
> > <condition>
> > <if-compare field-name="hasPermission" value="true"
> > type="Boolean" operator="equals"/>
> > </condition>
> > <then>
> > <!-- if no operation is passed; we use the CONTENT_VIEW
> > operation -->
> > <if-empty field-name="parameters.contentOperationId">
> > <set field="parameters.contentOperationId"
> > value="CONTENT_VIEW"/>
> > </if-empty>
> >
> > <!-- I see a need to add this group -->
> > <!-- contentId is required for update checking -->
> > <if-empty field-name="contentId">
> > <set field="contentId" from-field="
> parameters.contentId
> > "/>
> > </if-empty>
> > <if-empty field-name="contentId">
> > <add-error><fail-message message="Content Permission
> > Service VIEW requires a contentId!"/></add-error>
> > </if-empty>
> > <check-errors/>
> >
> > <!-- grab the current requested content record -->
> > <entity-one entity-name="Content" value-name="content">
> > <field-map field-name="contentId"
> env-name="contentId"/>
> > </entity-one>
> >
> > <!-- check the operation security -->
> > <set field="contentOperationId" from-field="
> > parameters.contentOperationId"/>
> > <set field="content" from-field="content"/>
> > <!-- I see a need to add this line -->
> > <set field="checkId" from-field="contentId"/>
> > <call-simple-method
> > method-name="checkContentOperationSecurity"/>
> > </then>
> > </if>
> > </simple-method>
> >
> > -Al
> >
>
Re: CMS viewContentPermission
Posted by David E Jones <jo...@hotwaxmedia.com>.
What code have you added? Could you send a (proposed) patch to make it easier to track that down?
-David
Al Byers wrote:
> Is there any reason why ContentPermission.viewContentPermission does not
> need the same code as updateContentPermission that sets "checkId"? Below is
> some code where I have added that code.
>
> <simple-method method-name="viewContentPermission"
> short-description="Check user can view content">
> <!-- if called directly check the main permission -->
> <if-empty field-name="hasPermission">
> <set field="primaryPermission" value="CONTENTMGR"/>
> <set field="mainAction" value="VIEW"/>
> <call-simple-method method-name="genericBasePermissionCheck"
>
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
> </if-empty>
>
> <!-- check content role permission -->
> <set field="primaryPermission" value="CONTENTMGR_ROLE"/>
> <call-simple-method method-name="genericBasePermissionCheck"
>
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
>
> <!-- must have the security permission to continue -->
> <if>
> <condition>
> <if-compare field-name="hasPermission" value="true"
> type="Boolean" operator="equals"/>
> </condition>
> <then>
> <!-- if no operation is passed; we use the CONTENT_VIEW
> operation -->
> <if-empty field-name="parameters.contentOperationId">
> <set field="parameters.contentOperationId"
> value="CONTENT_VIEW"/>
> </if-empty>
>
> <!-- I see a need to add this group -->
> <!-- contentId is required for update checking -->
> <if-empty field-name="contentId">
> <set field="contentId" from-field="parameters.contentId
> "/>
> </if-empty>
> <if-empty field-name="contentId">
> <add-error><fail-message message="Content Permission
> Service VIEW requires a contentId!"/></add-error>
> </if-empty>
> <check-errors/>
>
> <!-- grab the current requested content record -->
> <entity-one entity-name="Content" value-name="content">
> <field-map field-name="contentId" env-name="contentId"/>
> </entity-one>
>
> <!-- check the operation security -->
> <set field="contentOperationId" from-field="
> parameters.contentOperationId"/>
> <set field="content" from-field="content"/>
> <!-- I see a need to add this line -->
> <set field="checkId" from-field="contentId"/>
> <call-simple-method
> method-name="checkContentOperationSecurity"/>
> </then>
> </if>
> </simple-method>
>
> -Al
>