You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ar...@apache.org on 2017/10/28 12:41:46 UTC
svn commit: r1813619 - in /ofbiz/ofbiz-framework/trunk/applications/order:
minilang/shoppinglist/ShoppingListServices.xml
servicedef/services_shoppinglist.xml
Author: arunpatidar
Date: Sat Oct 28 12:41:46 2017
New Revision: 1813619
URL: http://svn.apache.org/viewvc?rev=1813619&view=rev
Log:
IMPROVED: Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem. (OFBIZ-9763)
Thanks Chinmay Patidar for your contribution.
Modified:
ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
Modified: ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml?rev=1813619&r1=1813618&r2=1813619&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml (original)
+++ ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml Sat Oct 28 12:41:46 2017
@@ -21,22 +21,6 @@ under the License.
<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd">
<simple-method method-name="createShoppingList" short-description="Create a ShoppingList" login-required="false">
- <if>
- <condition>
- <and>
- <not><if-empty field="userLogin"/></not>
- <not><if-compare field="userLogin.userLoginId" operator="equals" value="anonymous"/></not>
- <not><if-empty field="parameters.partyId"/></not>
- <not><if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"/></not>
- <not><if-has-permission permission="PARTYMGR" action="_CREATE"/></not>
- </and>
- </condition>
- <then>
- <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateShoppingListForAnotherParty"/></add-error>
- </then>
- </if>
- <check-errors/>
-
<make-value entity-name="ShoppingList" value-field="newEntity"/>
<set-nonpk-fields map="parameters" value-field="newEntity"/>
@@ -74,11 +58,6 @@ under the License.
<simple-method method-name="updateShoppingList" short-description="Update a ShoppingList">
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
- <set field="parentMethodName" value="updateShoppingList"/>
- <set field="permissionAction" value="UPDATE"/>
- <call-simple-method method-name="checkShoppingListSecurity"/>
- <check-errors/>
-
<set-nonpk-fields map="parameters" value-field="shoppingList"/>
<!-- don't let auto-reorders be active unless there is some recurrence info -->
@@ -105,11 +84,6 @@ under the License.
<simple-method method-name="removeShoppingList" short-description="Remove a ShoppingList">
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
- <set field="parentMethodName" value="removeShoppingList"/>
- <set field="permissionAction" value="DELETE"/>
- <call-simple-method method-name="checkShoppingListSecurity"/>
- <check-errors/>
-
<remove-value value-field="shoppingList"/>
</simple-method>
@@ -122,19 +96,6 @@ under the License.
<set field="parentMethodName" value="createShoppingListItem"/>
<set field="permissionAction" value="CREATE"/>
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
- <if>
- <condition>
- <and>
- <not><if-empty field="shoppingList.partyId"/></not>
- <not><if-compare-field field="userLogin.partyId" to-field="shoppingList.partyId" operator="equals"/></not>
- <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not>
- </and>
- </condition>
- <then>
- <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
- </then>
- </if>
- <check-errors/>
<entity-one entity-name="Product" value-field="product"/>
<if-empty field="product">
@@ -169,11 +130,6 @@ under the License.
</simple-method>
<simple-method method-name="updateShoppingListItem" short-description="Update a ShoppingListItem">
- <set field="parentMethodName" value="updateShoppingListItem"/>
- <set field="permissionAction" value="UPDATE"/>
- <call-simple-method method-name="checkShoppingListItemSecurity"/>
- <check-errors/>
-
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
<entity-one entity-name="ShoppingListItem" value-field="shoppingListItem"/>
<set-nonpk-fields map="parameters" value-field="shoppingListItem"/>
@@ -186,11 +142,6 @@ under the License.
</simple-method>
<simple-method method-name="removeShoppingListItem" short-description="Remove a ShoppingListItem">
- <set field="parentMethodName" value="removeShoppingListItem"/>
- <set field="permissionAction" value="DELETE"/>
- <call-simple-method method-name="checkShoppingListItemSecurity"/>
- <check-errors/>
-
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
<entity-one entity-name="ShoppingListItem" value-field="shoppingListItem"/>
<remove-value value-field="shoppingListItem"/>
@@ -219,9 +170,13 @@ under the License.
</simple-method>
<simple-method method-name="calculateShoppingListDeepTotalPrice" short-description="Calculate Deep Total Price for a ShoppingList">
- <set field="parentMethodName" value="calculateShoppingListDeepTotalPrice"/>
- <set field="permissionAction" value="VIEW"/>
- <call-simple-method method-name="checkShoppingListItemSecurity"/>
+ <set-service-fields service-name="checkShoppingListItemSecurity" map="parameters" to-map="serviceInMap"/>
+ <call-service service-name="checkShoppingListItemSecurity" in-map-name="serviceInMap">
+ <result-to-field result-name="hasPermission" field="hasPermission"/>
+ </call-service>
+ <if-compare field="hasPermission" operator="equals" value="false" type="Boolean">
+ <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
+ </if-compare>
<check-errors/>
<set from-field="parameters.prodCatalogId" field="calcPriceInBaseMap.prodCatalogId"/>
@@ -282,23 +237,33 @@ under the License.
</simple-method>
<simple-method method-name="checkShoppingListSecurity" short-description="Checks security on a ShoppingList">
+ <set field="hasPermission" value="false" type="Boolean"/>
<if>
<condition>
<and>
- <not><if-compare-field to-field="shoppingList.partyId" field="userLogin.partyId" operator="equals"/></not>
+ <not><if-empty field="userLogin"/></not>
+ <not><if-compare field="userLogin.userLoginId" operator="equals" value="anonymous"/></not>
+ <not><if-empty field="parameters.partyId"/></not>
+ <not><if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"/></not>
<not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not>
</and>
</condition>
<then>
<add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
</then>
+ <else>
+ <set field="hasPermission" value="true" type="Boolean"/>
+ </else>
</if>
+ <field-to-result field="hasPermission"/>
</simple-method>
<simple-method method-name="checkShoppingListItemSecurity" short-description="Checks security on a ShoppingListItem">
+ <set field="hasPermission" value="false" type="Boolean"/>
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
<if>
<condition>
<and>
+ <not><if-empty field="shoppingList.partyId"/></not>
<not><if-compare-field field="userLogin.partyId" to-field="shoppingList.partyId" operator="equals"/></not>
<not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not>
</and>
@@ -306,7 +271,11 @@ under the License.
<then>
<add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
</then>
+ <else>
+ <set field="hasPermission" value="true" type="Boolean"/>
+ </else>
</if>
+ <field-to-result field="hasPermission"/>
</simple-method>
<simple-method method-name="addSuggestionsToShoppingList" short-description="Add suggestions to a shopping list">
<!-- first check the ProductStore.enableAutoSuggestionList indicator -->
Modified: ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml?rev=1813619&r1=1813618&r2=1813619&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml (original)
+++ ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml Sat Oct 28 12:41:46 2017
@@ -35,6 +35,7 @@ under the License.
<description>Create a shopping list entity</description>
<implements service="createShoppingListRecurrence"/>
<implements service="shoppingListInterface"/>
+ <permission-service service-name="checkShoppingListSecurity" main-action="CREATE"/>
<attribute name="shoppingListId" type="String" mode="OUT" optional="false"/>
</service>
<service name="updateShoppingList" engine="simple" auth="true"
@@ -42,13 +43,21 @@ under the License.
<description>Update a shopping list entity</description>
<implements service="createShoppingListRecurrence"/>
<implements service="shoppingListInterface"/>
+ <permission-service service-name="checkShoppingListSecurity" main-action="UPDATE"/>
<attribute name="shoppingListId" type="String" mode="IN" optional="false"/>
</service>
<service name="removeShoppingList" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="removeShoppingList">
<description>Remove a shopping list entity</description>
+ <permission-service service-name="checkShoppingListSecurity" main-action="DELETE"/>
<attribute name="shoppingListId" type="String" mode="IN" optional="false"/>
</service>
+ <service name="checkShoppingListSecurity" engine="simple" auth="false"
+ location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="checkShoppingListSecurity">
+ <description>Checks security on a ShoppingList</description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
+ </service>
<service name="calculateShoppingListDeepTotalPrice" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="calculateShoppingListDeepTotalPrice">
<description>Remove a shopping list entity</description>
@@ -112,6 +121,7 @@ under the License.
location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="createShoppingListItem">
<description>Create a shopping list item</description>
<implements service="shoppingListItemInterface"/>
+ <permission-service service-name="checkShoppingListItemSecurity" main-action="CREATE"/>
<attribute name="shoppingListId" type="String" mode="IN" optional="true"/>
<attribute name="productStoreId" type="String" mode="INOUT" optional="true"/>
<attribute name="productId" type="String" mode="IN" optional="false"/>
@@ -121,14 +131,23 @@ under the License.
location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="updateShoppingListItem">
<description>Update a shopping list item</description>
<implements service="shoppingListItemInterface"/>
+ <permission-service service-name="checkShoppingListItemSecurity" main-action="UPDATE"/>
<attribute name="shoppingListItemSeqId" type="String" mode="IN" optional="false"/>
</service>
<service name="removeShoppingListItem" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="removeShoppingListItem">
<description>Remove a shopping list item</description>
+ <permission-service service-name="checkShoppingListItemSecurity" main-action="DELETE"/>
<attribute name="shoppingListId" type="String" mode="IN" optional="false"/>
<attribute name="shoppingListItemSeqId" type="String" mode="IN" optional="false"/>
</service>
+ <service name="checkShoppingListItemSecurity" engine="simple" auth="false"
+ location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="checkShoppingListItemSecurity">
+ <description>Checks security on a ShoppingListItem</description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
+ <attribute name="shoppingListId" type="String" mode="IN" optional="true"/>
+ </service>
<service name="addSuggestionsToShoppingList" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="addSuggestionsToShoppingList">
<description>Add suggestions to a shopping list</description>