You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2009/11/27 00:04:39 UTC
[jira] Commented: (OFBIZ-3075) permission error on cancel order
item from ecommerce
[ https://issues.apache.org/jira/browse/OFBIZ-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12782989#action_12782989 ]
Jacques Le Roux commented on OFBIZ-3075:
----------------------------------------
Hi Abdullah,
There is PARTYMGR_PCM (where PCM stand for PartyContactMech) but I can't see any ORDERMGR_PCM in OFBiz and you do not provide any SecurityPermission/SecurityGroupPermission in your patch.
Anyway we don't care about other cases. Only the order owner should be able to cancel an item from Ecommerce. If an admin want to do it s/he shouls better do it from the backend and I'm not even sure it's possible to see anything else than your own orders in Ecommerce
Could you please rewrite this patch with these considerations ?
Thanks
> permission error on cancel order item from ecommerce
> ----------------------------------------------------
>
> Key: OFBIZ-3075
> URL: https://issues.apache.org/jira/browse/OFBIZ-3075
> Project: OFBiz
> Issue Type: Bug
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 4.0, Release Branch 9.04, SVN trunk
> Reporter: Abdullah Shaikh
> Attachments: OFBIZ-3075_permission error on cancel order.patch
>
>
> If I cancel an order item from ecommerce. I get, the below error displayed on the page.
> The Following Errors Occurred:
> Unable to cancel order line : WSCO11640 / 00001 / null
> Below is the error trace from console, this error is because the party (customer) doesn't have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission, but we can't be this permission to a customer, as the common service is called from ecommerce and order manager for cancel, the solution will be to check the party's role, if its a CUSTOMER, then I guess we can use the SYSTEM user, we need to give ORDERMGR permission to the SYSTEM user.
> But then it will seem as if the SYSTEM user has cancelled the order and not the CUSTOMER.
> The exception on the console is below :
> [java] ---- exception report ----------------------------------------------------------
> [java] [TransactionUtil.setRollbackOnly] Calling transaction setRollbackOnly; this stack trace shows where this is happening:
> [java] Exception: java.lang.Exception
> [java] Message: Error in simple-method [Create an OrderAdjustment [file:/home/abdullah/projects/ofbiz_ws/ofbiz/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml#createOrderAdjustment]]: ; [Security Error : to run createOrderAdjustment you must have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission]
> [java] ---- stack trace ---------------------------------------------------------------
> [java] java.lang.Exception: Error in simple-method [Create an OrderAdjustment [file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml#createOrderAdjustment]]: ; [Security Error : to run createOrderAdjustment you must have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission]
> [java] org.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:371)
> [java] org.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:318)
> [java] org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:833)
> [java] org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:160)
> [java] org.ofbiz.minilang.SimpleMethod.runSimpleService(SimpleMethod.java:142)
> [java] org.ofbiz.minilang.SimpleServiceEngine.serviceInvoker(SimpleServiceEngine.java:78)
> [java] org.ofbiz.minilang.SimpleServiceEngine.runSync(SimpleServiceEngine.java:53)
> [java] org.ofbiz.service.ModelServiceReader$GenericInvokerImpl.runSync(ModelServiceReader.java:785)
> [java] _$gen.file_58$.home.abdullah.projects.ofbiz_45$sagepay_95$ws.ofbiz.applications.order.servicedef.services_46$xml_35$createOrderAdjustment.runSync(file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/servicedef/services.xml#createOrderAdjustment:184)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:394)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:223)
> [java] org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:159)
> [java] org.ofbiz.order.order.OrderServices.recalcOrderTax(OrderServices.java:1600)
> [java] sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [java] sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> [java] sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> [java] java.lang.reflect.Method.invoke(Method.java:597)
> [java] org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:100)
> [java] org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:57)
> [java] org.ofbiz.service.ModelServiceReader$GenericInvokerImpl.runSync(ModelServiceReader.java:785)
> [java] _$gen.file_58$.home.abdullah.projects.ofbiz_45$sagepay_95$ws.ofbiz.applications.order.servicedef.services_46$xml_35$recalcTaxTotal.runSync(file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/servicedef/services.xml#recalcTaxTotal:252)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:394)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:223)
> [java] org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:159)
> [java] org.ofbiz.service.eca.ServiceEcaAction.runAction(ServiceEcaAction.java:135)
> [java] org.ofbiz.service.eca.ServiceEcaRule.eval(ServiceEcaRule.java:152)
> [java] org.ofbiz.service.eca.ServiceEcaUtil.evalRules(ServiceEcaUtil.java:157)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:492)
> [java] org.ofbiz.service.ServiceDispatcher.runSyncIgnore(ServiceDispatcher.java:236)
> [java] org.ofbiz.service.GenericDispatcher.runSyncIgnore(GenericDispatcher.java:185)
> [java] org.ofbiz.order.order.OrderServices.cancelOrderItem(OrderServices.java:1971)
> [java] sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [java] sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> [java] sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> [java] java.lang.reflect.Method.invoke(Method.java:597)
> [java] org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:100)
> [java] org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:57)
> [java] org.ofbiz.service.ModelServiceReader$GenericInvokerImpl.runSync(ModelServiceReader.java:785)
> [java] _$gen.file_58$.home.abdullah.projects.ofbiz_45$sagepay_95$ws.ofbiz.applications.order.servicedef.services_46$xml_35$cancelOrderItem.runSync(file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/servicedef/services.xml#cancelOrderItem:283)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:394)
> [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:223)
> [java] org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:159)
> [java] org.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:336)
> [java] org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:611)
> [java] org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:374)
> [java] org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:216)
> [java] org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:82)
> [java] javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
> [java] javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
> [java] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> [java] org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:265)
> [java] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> [java] org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> [java] org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> [java] org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
> [java] org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> [java] org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> [java] org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> [java] org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
> [java] org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
> [java] org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
> [java] org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
> [java] org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> [java] java.lang.Thread.run(Thread.java:619)
> [java] --------------------------------------------------------------------------------
> [java] 2009-10-23 14:36:07,313 (http-0.0.0.0-8443-1) [ ServiceDispatcher.java:532:ERROR] Error in Service [createOrderAdjustment]: Security Error : to run createOrderAdjustment you must have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.