You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by "joelfradkin@gmail.com" <jo...@gmail.com> on 2014/09/30 23:03:23 UTC
adding a user login to a security group
I am adding logic to create ofbiz users.
I do auth based on our other project and once I confirm a good user I want
to add a user that has purchase/ receiving rights.
I could find the add group user java and the add userlogin java.
The add userlogin to security group evaded me? I could find it was in a
security_service.xml in service def.
It did not have java or a location. I am still new to all this. I thought
that would mean it was in the script path but I did grep and could not find
the code that actualy added the userlogin to the security group.
I copied the java being used to create the group and userlogin and am able
to create my record to allow the user login the appropriate security group.
I just was curious if any of you are familuar with the where ofbiz does the
job? I normally just call the service in the original component, but since
this was pretty cusomized I decided to pull it out and just do it in my auth
program i wrote in java. Works great can even tell what level the user is in
our other app and based on that give permissions, or a page that says no
permissions etc. Still not 100% sure how to deal with session time outs as
the users don officially have a login and password. I am just displaying
ples access via other application menu for now. I did have it going to
login, but I might try to keep the credentials in hidden variables so if the
session times out they can re-auth with the other app.
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by "joelfradkin@gmail.com" <jo...@gmail.com>.
Thanks again for the URL, I just went and read it. I believe I have read it
in the past, but it looks updated with many examples and much clearer (or
maybe I just dont remember it clearly).
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656323.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
It is not used very often but there is an effort going on at the moment to convert existing services into entity-auto services when applicable: I guess this is why you didn't see them before.
Jacopo
On Oct 1, 2014, at 5:26 PM, joelfradkin@gmail.com wrote:
> Thank you for the clarity. I might have guessed that sooner, but I had not
> seen a implementation in the service def before. Is that used pretty often
> and this is the first I ran into it?
>
>
>
>
>
> -----
> Joel Fradkin
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656343.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by "joelfradkin@gmail.com" <jo...@gmail.com>.
Thank you for the clarity. I might have guessed that sooner, but I had not
seen a implementation in the service def before. Is that used pretty often
and this is the first I ran into it?
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656343.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by "joelfradkin@gmail.com" <jo...@gmail.com>.
True I believe that is why new users get confused by the odd messages often
displayed.
The front end does allow to do validation, so in theory you could keep the
user from seeing the raw errors, but I agree that as a new user it was
pretty common to see java type errors I normally only would see in log from
tomcat. After a few months I appreciate seeing the errors so I know exactly
what my issue is, but for a finished users interface it is important to add
appropriate validation. To a large part that has been what I have been
doing. I am also removing many of the complexities that allow flexibility,
but we do not want at this time. I appreciate that ofbiz gives you the more
complex interface, so you can see how to have links and information. I would
rather have it and remove what is not deemed needed by my boss, than have to
figure out new stuff. I was a bit surprised that there was not a account
number, for a supplier. Some times the flexibility is mind blowing. I found
the ability to add multiple ID numbers, I am guessing that is why it did not
have a simple account number field. I used the external ID I think as I did
not want to hook up to a relationship ID table. I also hijacked another
field (office name I think) to store my EDI config name. I think the
purchase side of the fence is a bit under developed. I am still fighting the
buy it this way, sell it that way. I liked the idea of using a MRP process
and two products, but my boss did not. I could of made it invisible to the
user, but I am going to look at doing a conversion in creating the P.O.
(Product UOM to Supplier UOM) and again when doing the receiving (supplier
UOM to Product UOM).
I will need to have the P.O. and the EDI output file use the supplier UOM.
It leaves me questioning what do I need to store, change in reporting, etc.
It would be better to change the entity to add the fields I need and ensure
everything works correctly. Price would be @ supplier UOM I guess. Its still
in analysis at the moment, but been one item that was not as easy to solve.
I would like to use the conversion table if needed, but since product and
supplier use different UOM types it is a bit perplexing (I agree the UOM
types for the supplier need to be a different list, but it might need a UOM
field that matches the choices in Product). For example supplier UOM has
Other Box. with a qty. I am guessing the qty is x of the product which then
has a x of product UOM. So maybe I have everything I need, but going to be
fun.
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656346.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by Pierre Smits <pi...@gmail.com>.
The drawback of such services with engine="entity-auto" is that you expose
the users to crude error messages, when some of the required parameters
aren't incorporated in the POST action.
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
On Wed, Oct 1, 2014 at 3:50 PM, Jacopo Cappellato <
jacopo.cappellato@hotwaxmedia.com> wrote:
>
> On Oct 1, 2014, at 3:37 PM, joelfradkin@gmail.com wrote:
>
> > I am just guessing, but maybe this does the actual work?
> > engine="entity-auto" invoke="create"
> > default-entity-name="UserLoginSecurityGroup"
>
> This can actually look mysterious! When you see a service with
> engine="entity-auto" then it means that there is no implementation for it
> because it is handled by the framework as a CRUD service.
> In the above example:
>
> engine="entity-auto"
> invoke="create"
> default-entity-name="UserLoginSecurityGroup"
>
> means that a "create" operation is performed on the UserLoginSecurityGroup
> entity.
>
> I hope it helps,
>
> Jacopo
>
>
> >
> > As I said I am still new and learning, so if this does add the record I
> am
> > sorry for asking a dumb question.
> > I know the whole XML auto stuff confuses me. I see screens using it to
> get
> > field data (or more precicly screens created using it). It seems very
> clean
> > and simple, but not completely understanding it it seems mystical. i
> usually
> > end up adding the fields and saying hidden etc to get the screen the way
> I
> > want. SO far I have not ran into an actual service in the xml in service
> > def, so I guess maybe that threw me off. In any case the java I create
> does
> > the job. I was just more curious than anything.
> >
> >
> >
> > -----
> > Joel Fradkin
> > --
> > View this message in context:
> http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656324.html
> > Sent from the OFBiz - User mailing list archive at Nabble.com.
>
>
Re: adding a user login to a security group
Posted by Jacopo Cappellato <ja...@hotwaxmedia.com>.
On Oct 1, 2014, at 3:37 PM, joelfradkin@gmail.com wrote:
> I am just guessing, but maybe this does the actual work?
> engine="entity-auto" invoke="create"
> default-entity-name="UserLoginSecurityGroup"
This can actually look mysterious! When you see a service with engine="entity-auto" then it means that there is no implementation for it because it is handled by the framework as a CRUD service.
In the above example:
engine="entity-auto"
invoke="create"
default-entity-name="UserLoginSecurityGroup"
means that a "create" operation is performed on the UserLoginSecurityGroup entity.
I hope it helps,
Jacopo
>
> As I said I am still new and learning, so if this does add the record I am
> sorry for asking a dumb question.
> I know the whole XML auto stuff confuses me. I see screens using it to get
> field data (or more precicly screens created using it). It seems very clean
> and simple, but not completely understanding it it seems mystical. i usually
> end up adding the fields and saying hidden etc to get the screen the way I
> want. SO far I have not ran into an actual service in the xml in service
> def, so I guess maybe that threw me off. In any case the java I create does
> the job. I was just more curious than anything.
>
>
>
> -----
> Joel Fradkin
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656324.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by "joelfradkin@gmail.com" <jo...@gmail.com>.
I am just guessing, but maybe this does the actual work?
engine="entity-auto" invoke="create"
default-entity-name="UserLoginSecurityGroup"
As I said I am still new and learning, so if this does add the record I am
sorry for asking a dumb question.
I know the whole XML auto stuff confuses me. I see screens using it to get
field data (or more precicly screens created using it). It seems very clean
and simple, but not completely understanding it it seems mystical. i usually
end up adding the fields and saying hidden etc to get the screen the way I
want. SO far I have not ran into an actual service in the xml in service
def, so I guess maybe that threw me off. In any case the java I create does
the job. I was just more curious than anything.
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656324.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by "joelfradkin@gmail.com" <jo...@gmail.com>.
Thank you for the clarity.
I was aware of that, but looking at the xml definition for <service
name="addUserLoginToSecurityGroup" engine="entity-auto" invoke="create"
default-entity-name="UserLoginSecurityGroup" auth="true">
Where is the actual code that adds the record to the table?
I did a grep for addUserLoginToSecurityGroup, and that is how I found the
reference in servicedef.
I was looking for the actual code (java or mini etc). I ended up making my
own, but dont like to do that.
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656322.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by Pierre Smits <pi...@gmail.com>.
Joel,
Definitions in xml files in the servicedef folder can point to either:
- simple methods (in xml) in the scripts subdirectories (OFBiz
development methodology)
- elaborate functions (in java) in the scr subdirectories (OFBiz
development methodology
- others in other directories (NON OFBiz development methodology)
Regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
On Wed, Oct 1, 2014 at 2:39 PM, joelfradkin@gmail.com <joelfradkin@gmail.com
> wrote:
> I did see that. I appreciate your help and the URL, I guess I don't
> understand.
> I thought the service def folder had xml saying what services are
> available,
> but I do not understand looking at this XML where the actual service is, or
> maybe the xml actually does the work?
> I found that in the service def folder, not the script.
> I do not understand how that bit there adds a record to the table.
>
> I ended up doing my own java function (hard coded to add the group to
> fulladmin):
>
> public static String addUserLoginToSecurityGroup(HttpServletRequest
> request,String partyId) {
> GenericDelegator delegator = (GenericDelegator) request
> .getAttribute("delegator");
> boolean useEncryption = true;
> String userLoginId = partyId;
> String currentPassword = partyId;
> String groupId = "FULLADMIN";
> Timestamp now = UtilDateTime.nowTimestamp();
> GenericValue userLoginSecurityGroupToCreate =
> delegator.makeValue("UserLoginSecurityGroup", UtilMisc.toMap("userLoginId",
> userLoginId,"groupId",groupId, "fromDate",now));
> try {
> EntityCondition condition =
> EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"),
> EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
> if
> (UtilValidate.isNotEmpty(delegator.findList("UserLoginSecurityGroup",
> condition, null, null, null, false))) {
> Map<String, String> messageMap =
> UtilMisc.toMap("userLoginId", userLoginId);
> return "found security group for user";
> }
> } catch (GenericEntityException e) {
> return "user login already in security group";
> }
> //not there so create security group for userlogin
> try {
> userLoginSecurityGroupToCreate.create();
> } catch (GenericEntityException e) {
> Debug.logWarning(e, "", module);
> Map<String, String> messageMap = UtilMisc.toMap("errorMessage",
> e.getMessage());
> return "error";
> }
> return "created security group for login user :"+partyId;
> }// addUserLoginToSecurityGroup
>
>
>
>
> -----
> Joel Fradkin
> --
> View this message in context:
> http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656310.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Re: adding a user login to a security group
Posted by "joelfradkin@gmail.com" <jo...@gmail.com>.
I did see that. I appreciate your help and the URL, I guess I don't
understand.
I thought the service def folder had xml saying what services are available,
but I do not understand looking at this XML where the actual service is, or
maybe the xml actually does the work?
I found that in the service def folder, not the script.
I do not understand how that bit there adds a record to the table.
I ended up doing my own java function (hard coded to add the group to
fulladmin):
public static String addUserLoginToSecurityGroup(HttpServletRequest
request,String partyId) {
GenericDelegator delegator = (GenericDelegator) request
.getAttribute("delegator");
boolean useEncryption = true;
String userLoginId = partyId;
String currentPassword = partyId;
String groupId = "FULLADMIN";
Timestamp now = UtilDateTime.nowTimestamp();
GenericValue userLoginSecurityGroupToCreate =
delegator.makeValue("UserLoginSecurityGroup", UtilMisc.toMap("userLoginId",
userLoginId,"groupId",groupId, "fromDate",now));
try {
EntityCondition condition =
EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"),
EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
if
(UtilValidate.isNotEmpty(delegator.findList("UserLoginSecurityGroup",
condition, null, null, null, false))) {
Map<String, String> messageMap =
UtilMisc.toMap("userLoginId", userLoginId);
return "found security group for user";
}
} catch (GenericEntityException e) {
return "user login already in security group";
}
//not there so create security group for userlogin
try {
userLoginSecurityGroupToCreate.create();
} catch (GenericEntityException e) {
Debug.logWarning(e, "", module);
Map<String, String> messageMap = UtilMisc.toMap("errorMessage",
e.getMessage());
return "error";
}
return "created security group for login user :"+partyId;
}// addUserLoginToSecurityGroup
-----
Joel Fradkin
--
View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265p4656310.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: adding a user login to a security group
Posted by Pranay Pandey <pr...@hotwaxmedia.com>.
Hi Joel,
To understand OFBiz Security you can go through this document https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security
The other thing(The add userlogin to security group evaded me?) I think you couldn’t find can be tracked through request ProfileAddUserLoginToSecurityGroup in Party. (I checked this on trunk and release 13.07)
Here is what I could find service in services_security.xml
<!-- UserLogin to SecurityGroup services -->
<service name="addUserLoginToSecurityGroup" engine="entity-auto" invoke="create" default-entity-name="UserLoginSecurityGroup" auth="true">
<description>Add a UserLogin to a SecurityGroup</description>
<permission-service service-name="securityPermissionCheck" main-action="CREATE"/>
<attribute name="userLoginId" type="String" mode="IN" optional="false"/>
<attribute name="groupId" type="String" mode="IN" optional="false"/>
<attribute name="fromDate" type="Timestamp" mode="IN" optional="true"/>
<attribute name="thruDate" type="Timestamp" mode="IN" optional="true"/>
</service>
I found it in both i.e. trunk and 13.07 code. Are you using any other release then please mention.
HTH.
Pranay Pandey
HotWax Media
http://www.hotwaxmedia.com
ApacheCon US 2014 Silver Sponsor
http://na.apachecon.com/sponsor/our-sponsors
On Oct 1, 2014, at 2:33 AM, joelfradkin@gmail.com wrote:
> I am adding logic to create ofbiz users.
> I do auth based on our other project and once I confirm a good user I want
> to add a user that has purchase/ receiving rights.
> I could find the add group user java and the add userlogin java.
> The add userlogin to security group evaded me? I could find it was in a
> security_service.xml in service def.
> It did not have java or a location. I am still new to all this. I thought
> that would mean it was in the script path but I did grep and could not find
> the code that actualy added the userlogin to the security group.
> I copied the java being used to create the group and userlogin and am able
> to create my record to allow the user login the appropriate security group.
> I just was curious if any of you are familuar with the where ofbiz does the
> job? I normally just call the service in the original component, but since
> this was pretty cusomized I decided to pull it out and just do it in my auth
> program i wrote in java. Works great can even tell what level the user is in
> our other app and based on that give permissions, or a page that says no
> permissions etc. Still not 100% sure how to deal with session time outs as
> the users don officially have a login and password. I am just displaying
> ples access via other application menu for now. I did have it going to
> login, but I might try to keep the credentials in hidden variables so if the
> session times out they can re-auth with the other app.
>
>
>
> -----
> Joel Fradkin
> --
> View this message in context: http://ofbiz.135035.n4.nabble.com/adding-a-user-login-to-a-security-group-tp4656265.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.