You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by MKishore <mv...@gmail.com> on 2008/07/08 18:52:30 UTC
Security.hasRolePermission or DataDrivenSecurity
Hi,
How does Security.hasRolePermission has been used in ofbiz secrity and
whats the use of this.
i noticed that ofbiz supports DataDrivenSecurity, would like to know how it
has been handled in ofbiz and how to achieve this.
Thanks,
Kish
--
View this message in context: http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18343814.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by BJ Freeman <bj...@free-man.net>.
I think you have a misconception and are looking at this from a database
point of view.
it would be best if you start with
http://docs.ofbiz.org/display/OFBTECH/Framework+Introduction+Videos+and+Diagrams
also use
https://demo.hotwaxmedia.com/webtools/control/ArtifactInfo
and put security or Security.hasRolePermission to search
MKishore sent the following on 7/9/2008 9:42 AM:
>
> Any information about Role tables specified in each application/component.
> and how these tables have been used in Ofbiz
> Ex: OrderRole, ProductRole, ProductCategoryRole
>
>
>
> MKishore wrote:
>> Hi,
>>
>> How does Security.hasRolePermission has been used in ofbiz secrity and
>> whats the use of this.
>>
>> i noticed that ofbiz supports DataDrivenSecurity, would like to know how
>> it has been handled in ofbiz and how to achieve this.
>>
>> Thanks,
>> Kish
>>
>
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by Jacques Le Roux <ja...@les7arts.com>.
You are welcome Ashish,
It's a way for me to learn, there are much corners in there ;o)
Jacques
From: "Ashish Vijaywargiya" <vi...@gmail.com>
> Thanks Jacques for your valuable reply.
> I truly appreciate your efforts.
>
> --
> Ashish
>
> On Thu, Jul 10, 2008 at 4:08 PM, Jacques Le Roux <
> jacques.le.roux@les7arts.com> wrote:
>
>> From: "Ashish Vijaywargiya" <vi...@gmail.com>
>>
>>> *Role entities are used to check the role based security in ofbiz. For eg.
>>> ProductStoreRole, OrderRole, AgreementRole etc.
>>> For taking the advantage of Role Based security you can go through the
>>> method "hasRolePermission" of class OFBizSecurity.java.
>>>
>>> This kind of permission is used when you have written code in FTL file or
>>> Java files and your would like to provide security check on the basis of
>>> his/her "role" to display some content or proceed with next block of code.
>>> There are few example present in Ofbiz for this.Please check it out.
>>>
>>> Role based security in Simple Method is handled in pretty different way.
>>> I didn't remember the place where role based security is implemented in
>>> Mini
>>> Lang so
>>> will ask Community members for their help.
>>>
>>
>> Ashish,
>>
>> I had a look into simple-method.xsd file as I was not aware of a role
>> permission tag in minilang. There is nothing like check-role-member and for
>> me this kind of permission is only checked at the service level.
>> I found also related-role-getter at the widget level (screen, menu, tree)
>> but there are any use of it in OFBiz yet. related-role-getter seems to be
>> intended to be used in the content compenent...
>>
>> So Kish, if you are interested by DataDrivenSecurity you should check code
>> in EntityPermissionChecker.java
>>
>> Here is the comment from Al Byers who introduced this in pre Apache era
>> (Revision: 4029 : 08 Dec 2004)
>>
>> <<I upgrade EntityPermissionChecker to use three inner classes of
>> ContentPermissionServices,
>> PermissionConditionGetter, RelatedRoleGetter and AuxiliaryValueGetter (for
>> ContentPurposes).
>> Though I had coded ContentPermissionServices.checkPermissionMethod with the
>> idea of having
>> it work for non-Content permission checking, it would not do it, so I added
>> another
>> checkPermissionMethod using the three classes above.
>>
>> This does not break any widget forms. If none of the three subelements of
>> if-entity-permission
>> are defined, it will use defaults that make it work like it did before.
>>
>> With this upgrade I should be able to work with PartyRelationship and
>> WorkEffortAndPartyAssign
>> to create substantial websites using use the widget framework.>>
>>
>> HTH
>>
>> Jacques
>>
>>
>>
>> Thanks.
>>>
>>> --
>>> Ashish
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jul 9, 2008 at 12:42 PM, MKishore <mv...@gmail.com> wrote:
>>>
>>>
>>>>
>>>> Any information about Role tables specified in each
>>>> application/component.
>>>> and how these tables have been used in Ofbiz
>>>> Ex: OrderRole, ProductRole, ProductCategoryRole
>>>>
>>>>
>>>>
>>>> MKishore wrote:
>>>> >
>>>> > Hi,
>>>> >
>>>> > How does Security.hasRolePermission has been used in ofbiz secrity
>>>> and
>>>> > whats the use of this.
>>>> >
>>>> > i noticed that ofbiz supports DataDrivenSecurity, would like to know
>>>> how
>>>> > it has been handled in ofbiz and how to achieve this.
>>>> >
>>>> > Thanks,
>>>> > Kish
>>>> >
>>>>
>>>> --
>>>> View this message in context:
>>>>
>>>> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html
>>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>>
>>>
>>
>
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by Ashish Vijaywargiya <vi...@gmail.com>.
Thanks Jacques for your valuable reply.
I truly appreciate your efforts.
--
Ashish
On Thu, Jul 10, 2008 at 4:08 PM, Jacques Le Roux <
jacques.le.roux@les7arts.com> wrote:
> From: "Ashish Vijaywargiya" <vi...@gmail.com>
>
>> *Role entities are used to check the role based security in ofbiz. For eg.
>> ProductStoreRole, OrderRole, AgreementRole etc.
>> For taking the advantage of Role Based security you can go through the
>> method "hasRolePermission" of class OFBizSecurity.java.
>>
>> This kind of permission is used when you have written code in FTL file or
>> Java files and your would like to provide security check on the basis of
>> his/her "role" to display some content or proceed with next block of code.
>> There are few example present in Ofbiz for this.Please check it out.
>>
>> Role based security in Simple Method is handled in pretty different way.
>> I didn't remember the place where role based security is implemented in
>> Mini
>> Lang so
>> will ask Community members for their help.
>>
>
> Ashish,
>
> I had a look into simple-method.xsd file as I was not aware of a role
> permission tag in minilang. There is nothing like check-role-member and for
> me this kind of permission is only checked at the service level.
> I found also related-role-getter at the widget level (screen, menu, tree)
> but there are any use of it in OFBiz yet. related-role-getter seems to be
> intended to be used in the content compenent...
>
> So Kish, if you are interested by DataDrivenSecurity you should check code
> in EntityPermissionChecker.java
>
> Here is the comment from Al Byers who introduced this in pre Apache era
> (Revision: 4029 : 08 Dec 2004)
>
> <<I upgrade EntityPermissionChecker to use three inner classes of
> ContentPermissionServices,
> PermissionConditionGetter, RelatedRoleGetter and AuxiliaryValueGetter (for
> ContentPurposes).
> Though I had coded ContentPermissionServices.checkPermissionMethod with the
> idea of having
> it work for non-Content permission checking, it would not do it, so I added
> another
> checkPermissionMethod using the three classes above.
>
> This does not break any widget forms. If none of the three subelements of
> if-entity-permission
> are defined, it will use defaults that make it work like it did before.
>
> With this upgrade I should be able to work with PartyRelationship and
> WorkEffortAndPartyAssign
> to create substantial websites using use the widget framework.>>
>
> HTH
>
> Jacques
>
>
>
> Thanks.
>>
>> --
>> Ashish
>>
>>
>>
>>
>>
>> On Wed, Jul 9, 2008 at 12:42 PM, MKishore <mv...@gmail.com> wrote:
>>
>>
>>>
>>> Any information about Role tables specified in each
>>> application/component.
>>> and how these tables have been used in Ofbiz
>>> Ex: OrderRole, ProductRole, ProductCategoryRole
>>>
>>>
>>>
>>> MKishore wrote:
>>> >
>>> > Hi,
>>> >
>>> > How does Security.hasRolePermission has been used in ofbiz secrity
>>> and
>>> > whats the use of this.
>>> >
>>> > i noticed that ofbiz supports DataDrivenSecurity, would like to know
>>> how
>>> > it has been handled in ofbiz and how to achieve this.
>>> >
>>> > Thanks,
>>> > Kish
>>> >
>>>
>>> --
>>> View this message in context:
>>>
>>> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html
>>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>>
>>>
>>>
>>
>
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by Jacques Le Roux <ja...@les7arts.com>.
From: "Ashish Vijaywargiya" <vi...@gmail.com>
> *Role entities are used to check the role based security in ofbiz. For eg.
> ProductStoreRole, OrderRole, AgreementRole etc.
> For taking the advantage of Role Based security you can go through the
> method "hasRolePermission" of class OFBizSecurity.java.
>
> This kind of permission is used when you have written code in FTL file or
> Java files and your would like to provide security check on the basis of
> his/her "role" to display some content or proceed with next block of code.
> There are few example present in Ofbiz for this.Please check it out.
>
> Role based security in Simple Method is handled in pretty different way.
> I didn't remember the place where role based security is implemented in Mini
> Lang so
> will ask Community members for their help.
Ashish,
I had a look into simple-method.xsd file as I was not aware of a role permission tag in minilang. There is nothing like
check-role-member and for me this kind of permission is only checked at the service level.
I found also related-role-getter at the widget level (screen, menu, tree) but there are any use of it in OFBiz yet.
related-role-getter seems to be intended to be used in the content compenent...
So Kish, if you are interested by DataDrivenSecurity you should check code in EntityPermissionChecker.java
Here is the comment from Al Byers who introduced this in pre Apache era (Revision: 4029 : 08 Dec 2004)
<<I upgrade EntityPermissionChecker to use three inner classes of ContentPermissionServices,
PermissionConditionGetter, RelatedRoleGetter and AuxiliaryValueGetter (for ContentPurposes).
Though I had coded ContentPermissionServices.checkPermissionMethod with the idea of having
it work for non-Content permission checking, it would not do it, so I added another
checkPermissionMethod using the three classes above.
This does not break any widget forms. If none of the three subelements of if-entity-permission
are defined, it will use defaults that make it work like it did before.
With this upgrade I should be able to work with PartyRelationship and WorkEffortAndPartyAssign
to create substantial websites using use the widget framework.>>
HTH
Jacques
> Thanks.
>
> --
> Ashish
>
>
>
>
>
> On Wed, Jul 9, 2008 at 12:42 PM, MKishore <mv...@gmail.com> wrote:
>
>>
>>
>> Any information about Role tables specified in each application/component.
>> and how these tables have been used in Ofbiz
>> Ex: OrderRole, ProductRole, ProductCategoryRole
>>
>>
>>
>> MKishore wrote:
>> >
>> > Hi,
>> >
>> > How does Security.hasRolePermission has been used in ofbiz secrity and
>> > whats the use of this.
>> >
>> > i noticed that ofbiz supports DataDrivenSecurity, would like to know how
>> > it has been handled in ofbiz and how to achieve this.
>> >
>> > Thanks,
>> > Kish
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html
>> Sent from the OFBiz - User mailing list archive at Nabble.com.
>>
>>
>
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by Ashish Vijaywargiya <vi...@gmail.com>.
*Role entities are used to check the role based security in ofbiz. For eg.
ProductStoreRole, OrderRole, AgreementRole etc.
For taking the advantage of Role Based security you can go through the
method "hasRolePermission" of class OFBizSecurity.java.
This kind of permission is used when you have written code in FTL file or
Java files and your would like to provide security check on the basis of
his/her "role" to display some content or proceed with next block of code.
There are few example present in Ofbiz for this.Please check it out.
Role based security in Simple Method is handled in pretty different way.
I didn't remember the place where role based security is implemented in Mini
Lang so
will ask Community members for their help.
Thanks.
--
Ashish
On Wed, Jul 9, 2008 at 12:42 PM, MKishore <mv...@gmail.com> wrote:
>
>
> Any information about Role tables specified in each application/component.
> and how these tables have been used in Ofbiz
> Ex: OrderRole, ProductRole, ProductCategoryRole
>
>
>
> MKishore wrote:
> >
> > Hi,
> >
> > How does Security.hasRolePermission has been used in ofbiz secrity and
> > whats the use of this.
> >
> > i noticed that ofbiz supports DataDrivenSecurity, would like to know how
> > it has been handled in ofbiz and how to achieve this.
> >
> > Thanks,
> > Kish
> >
>
> --
> View this message in context:
> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html
> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
>
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by MKishore <mv...@gmail.com>.
Any information about Role tables specified in each application/component.
and how these tables have been used in Ofbiz
Ex: OrderRole, ProductRole, ProductCategoryRole
MKishore wrote:
>
> Hi,
>
> How does Security.hasRolePermission has been used in ofbiz secrity and
> whats the use of this.
>
> i noticed that ofbiz supports DataDrivenSecurity, would like to know how
> it has been handled in ofbiz and how to achieve this.
>
> Thanks,
> Kish
>
--
View this message in context: http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by Ashish Vijaywargiya <vi...@gmail.com>.
If I am right by DataDrivenSecurity you are saying the data created in the
files that exists in "data" folder.
For example AccountingSecurityData.xml file.
Please read the document available on
http://docs.ofbiz.org/display/OFBTECH/OFBiz+security.
After reading the above document if you still have some questions then
please let us know.
--
Ashish
On Tue, Jul 8, 2008 at 1:41 PM, BJ Freeman <bj...@free-man.net> wrote:
> not sure what you define as DataDrivenSecurity
> but security is based on the UI, in most cases unless it is a minilang
> or service engine related.
>
> MKishore sent the following on 7/8/2008 9:52 AM:
> > Hi,
> >
> > How does Security.hasRolePermission has been used in ofbiz secrity and
> > whats the use of this.
> >
> > i noticed that ofbiz supports DataDrivenSecurity, would like to know how
> it
> > has been handled in ofbiz and how to achieve this.
> >
> > Thanks,
> > Kish
>
>
Re: Security.hasRolePermission or DataDrivenSecurity
Posted by BJ Freeman <bj...@free-man.net>.
not sure what you define as DataDrivenSecurity
but security is based on the UI, in most cases unless it is a minilang
or service engine related.
MKishore sent the following on 7/8/2008 9:52 AM:
> Hi,
>
> How does Security.hasRolePermission has been used in ofbiz secrity and
> whats the use of this.
>
> i noticed that ofbiz supports DataDrivenSecurity, would like to know how it
> has been handled in ofbiz and how to achieve this.
>
> Thanks,
> Kish