You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Vikas Mayur (JIRA)" <ji...@apache.org> on 2010/04/01 14:22:27 UTC

[jira] Updated: (OFBIZ-3632) Extending the service model to specify more complex permissions using permission service

     [ https://issues.apache.org/jira/browse/OFBIZ-3632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vikas Mayur updated OFBIZ-3632:
-------------------------------

    Description: 
At present <permission-service> in the service definition allows only one permission service. I have extended the  <required-permissions> tag to specify more then one permission services by doing an AND/OR operation.

For instance the following code in service definition 
{code}
<required-permissions join-type="AND">
    <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
    <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}

will replace the following code in service implementation.

{code}
<check-permission permission="FACILITY" action="_CREATE">
    <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-permission permission="FACILITY" action="_UPDATE">
    <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
{code}

Similarly the code

{code}
<required-permissions join-type="OR">
    <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
    <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}

will replace

{code}
<check-permission permission="FACILITY" action="_CREATE">
    <alt-permission permission="FACILITY" action="_UPDATE"/>
    <fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-errors/>
{code}

The patch also contains additional changes where the permission service is defined in the service definition.

EDITS: Added missing ending \{code\} tag for the last code snippet


  was:
At present <permission-service> in the service definition allows only one permission service. I have extended the  <required-permissions> tag to specify more then one permission services by doing an AND/OR operation.

For instance the following code in service definition 
{code}
<required-permissions join-type="AND">
    <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
    <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}

will replace the following code in service implementation.

{code}
<check-permission permission="FACILITY" action="_CREATE">
    <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-permission permission="FACILITY" action="_UPDATE">
    <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
{code}

Similarly the code

{code}
<required-permissions join-type="OR">
    <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
    <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
</required-permissions>
{code}

will replace

{code}
<check-permission permission="FACILITY" action="_CREATE">
    <alt-permission permission="FACILITY" action="_UPDATE"/>
    <fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
</check-permission>
<check-errors/>

The patch also contains additional changes where the permission service is defined in the service definition.



> Extending the service model to specify more complex permissions using permission service
> ----------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-3632
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3632
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework, product
>            Reporter: Vikas Mayur
>            Priority: Minor
>             Fix For: SVN trunk
>
>         Attachments: permission.patch
>
>
> At present <permission-service> in the service definition allows only one permission service. I have extended the  <required-permissions> tag to specify more then one permission services by doing an AND/OR operation.
> For instance the following code in service definition 
> {code}
> <required-permissions join-type="AND">
>     <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
>     <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace the following code in service implementation.
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
>     <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-permission permission="FACILITY" action="_UPDATE">
>     <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> {code}
> Similarly the code
> {code}
> <required-permissions join-type="OR">
>     <permission-service service-name="facilityGenericPermission" main-action="CREATE"/>
>     <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
>     <alt-permission permission="FACILITY" action="_UPDATE"/>
>     <fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-errors/>
> {code}
> The patch also contains additional changes where the permission service is defined in the service definition.
> EDITS: Added missing ending \{code\} tag for the last code snippet

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.