You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Vikas Mayur (JIRA)" <ji...@apache.org> on 2010/04/01 14:22:27 UTC
[jira] Updated: (OFBIZ-3632) Extending the service model to specify
more complex permissions using permission service
[ https://issues.apache.org/jira/browse/OFBIZ-3632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vikas Mayur updated OFBIZ-3632:
-------------------------------
Description:
At present <permission-service> in the service definition allows only one permission service. I have extended the <required-permissions> tag to specify more then one permission services by doing an AND/OR operation.
For instance the following code in service definition
{code}
<required-permissions join-type="AND">
<permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
<permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}
will replace the following code in service implementation.
{code}
<check-permission permission="FACILITY" action="_CREATE">
<fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-permission permission="FACILITY" action="_UPDATE">
<fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
{code}
Similarly the code
{code}
<required-permissions join-type="OR">
<permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
<permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}
will replace
{code}
<check-permission permission="FACILITY" action="_CREATE">
<alt-permission permission="FACILITY" action="_UPDATE"/>
<fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-errors/>
{code}
The patch also contains additional changes where the permission service is defined in the service definition.
EDITS: Added missing ending \{code\} tag for the last code snippet
was:
At present <permission-service> in the service definition allows only one permission service. I have extended the <required-permissions> tag to specify more then one permission services by doing an AND/OR operation.
For instance the following code in service definition
{code}
<required-permissions join-type="AND">
<permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
<permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}
will replace the following code in service implementation.
{code}
<check-permission permission="FACILITY" action="_CREATE">
<fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-permission permission="FACILITY" action="_UPDATE">
<fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
{code}
Similarly the code
{code}
<required-permissions join-type="OR">
<permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
<permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}
will replace
{code}
<check-permission permission="FACILITY" action="_CREATE">
<alt-permission permission="FACILITY" action="_UPDATE"/>
<fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-errors/>
The patch also contains additional changes where the permission service is defined in the service definition.
> Extending the service model to specify more complex permissions using permission service
> ----------------------------------------------------------------------------------------
>
> Key: OFBIZ-3632
> URL: https://issues.apache.org/jira/browse/OFBIZ-3632
> Project: OFBiz
> Issue Type: Improvement
> Components: framework, product
> Reporter: Vikas Mayur
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: permission.patch
>
>
> At present <permission-service> in the service definition allows only one permission service. I have extended the <required-permissions> tag to specify more then one permission services by doing an AND/OR operation.
> For instance the following code in service definition
> {code}
> <required-permissions join-type="AND">
> <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
> <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace the following code in service implementation.
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
> <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-permission permission="FACILITY" action="_UPDATE">
> <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> {code}
> Similarly the code
> {code}
> <required-permissions join-type="OR">
> <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
> <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
> <alt-permission permission="FACILITY" action="_UPDATE"/>
> <fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-errors/>
> {code}
> The patch also contains additional changes where the permission service is defined in the service definition.
> EDITS: Added missing ending \{code\} tag for the last code snippet
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.