You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2011/05/07 18:15:25 UTC

Re: Adding a non existent SecurityPermission to a SecurityPermissionGroup

Yes, but how would you handle the thousand possible entities for entity permissions as outlined David?

Jacques

From: "Bruno Busco" <br...@gmail.com>
> Hi Scott,
> many thanks for the pointer. This was definitively a well discussed topic.
> 
> Personally I do not agree with how it it designed right now (with the no-fk)
> for this two reasons:
> 1) If a SecurityPermission has not its own entity record there will never be
> a description field where the user can understand (or remember) what that
> permission is supposed to be used for.
> 2) There is no check that an already defined PermissionId is not used again
> for a different purpose in a different part of the code.
> 
> Thank you,
> Bruno
> 
> 2011/4/13 Scott Gray <sc...@hotwaxmedia.com>
> 
>> http://ofbiz.135035.n4.nabble.com/security-permission-td154203.html#a154208
>>
>> Regards
>> Scott
>>
>> HotWax Media
>> http://www.hotwaxmedia.com
>>
>> On 12/04/2011, at 10:38 PM, Bruno Busco wrote:
>>
>> > Hi,
>> > in the
>> https://localhost:8443/webtools/control/EditSecurityGroupPermissionsscreen
>> ,
>> > using the Add Permission (manually) to Security Group form, it is
>> > possible to add a non existent SecurityPermission to a
>> > SecurityPermissionGroup.
>> > Is this correct?
>> >
>> > Shouldn't any permission always be defined properly in the
>> > SecurityPermission entity before being referenced in a
>> > SecurityPermissionGroup?
>> >
>> > Thank you,
>> > Bruno
>>
>>
>