Author: byersa
Date: Thu Feb 8 00:17:33 2007
New Revision: 504818
URL: http://svn.apache.org/viewvc?view=rev&rev=504818
Log:
All commits related to adding a special permission requirement for Categories
that are of the prodCatalogCategoryTypeId = PCCT_VIEW_ALLW and PCCT_PURCH_ALLW.
Two fields, viewAllowPermReqd and purchaseAllowPermReqd were added to
ProdCatalog entity and corresponding changes to the admin form.
The "permission-service" approach to security was used for several services in
CategoryServices.xml - addProductToCategory, updateProductToCategory,
removeProductToCategory
and addProductToCategories.
A permission service, checkCategoryRelatedPermissionService, was added to
CategoryServices.xml and the internal calls to the
checkCategoryRelatedPermission method were taken
out of those services.
Modified:
ofbiz/trunk/applications/product/config/ProductUiLabels.properties
ofbiz/trunk/applications/product/data/ProductSecurityData.xml
ofbiz/trunk/applications/product/entitydef/entitymodel.xml
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
ofbiz/trunk/applications/product/servicedef/services.xml
ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml
Modified: ofbiz/trunk/applications/product/config/ProductUiLabels.properties
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/config/ProductUiLabels.properties?view=diff&rev=504818&r1=504817&r2=504818
==============================================================================
--- ofbiz/trunk/applications/product/config/ProductUiLabels.properties
(original)
+++ ofbiz/trunk/applications/product/config/ProductUiLabels.properties Thu Feb
8 00:17:33 2007
@@ -370,6 +370,8 @@
ProductCategoryRollupChildCategories=Category Rollup : Child Categories
ProductCategoryRollupParentCategories=Category Rollup : Parent Categories
ProductCategorySelectCategoryAndEnterFromDate=Category (select Category and
enter fromDate)
+ProductCategoryViewAllowPermReqd=Permission required to add product to
"ViewAllow" category
+ProductCategoryPurchaseAllowPermReqd=Permission required to add product to
"PurchaseAllow" category
ProductCategoryWithNoParent=Categories With No Parent Categories
ProductCategory_Id=Category [ID]
ProductChangeWithoutProductCatalog=This cannot be changed without re-creating
the Product Catalog.
Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=504818&r1=504817&r2=504818
==============================================================================
--- ofbiz/trunk/applications/product/data/ProductSecurityData.xml (original)
+++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Thu Feb 8
00:17:33 2007
@@ -29,6 +29,8 @@
<SecurityPermission description="Limited Update operations in the Catalog
Manager." permissionId="CATALOG_ROLE_UPDATE"/>
<SecurityPermission description="Limited Delete operations in the Catalog
Manager." permissionId="CATALOG_ROLE_DELETE"/>
<SecurityPermission description="Permission required, in addition to other
applicable permissions, to maintain product price information including prices,
promotions, and price rules." permissionId="CATALOG_PRICE_MAINT"/>
+ <SecurityPermission description="Allow create/update of 'View Allow' in
the Catalog Manager." permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityPermission description="Allow create/update of 'Purchase Allow'
in the Catalog Manager." permissionId="CATALOG_PURCHASE_ALLOW"/>
<SecurityGroup description="Limited Catalog Admin group, has limited
catalog permissions." groupId="CATALOGADMIN_LTD"/>
<SecurityGroupPermission groupId="CATALOGADMIN_LTD"
permissionId="CATALOG_VIEW"/>
@@ -36,13 +38,21 @@
<SecurityGroupPermission groupId="CATALOGADMIN_LTD"
permissionId="CATALOG_ROLE_UPDATE"/>
<SecurityGroupPermission groupId="CATALOGADMIN_LTD"
permissionId="CATALOG_ROLE_DELETE"/>
<SecurityGroupPermission groupId="CATALOGADMIN_LTD"
permissionId="OFBTOOLS_VIEW"/>
+ <SecurityGroupPermission groupId="CATALOGADMIN_LTD"
permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityGroupPermission groupId="CATALOGADMIN_LTD"
permissionId="CATALOG_PURCHASE_ALLOW"/>
<SecurityGroup description="Catalog Admin group, has all catalog
permissions." groupId="CATALOGADMIN"/>
<SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="CATALOG_ADMIN"/>
<SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="OFBTOOLS_VIEW"/>
+ <SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
<SecurityGroupPermission groupId="FULLADMIN" permissionId="CATALOG_ADMIN"/>
<SecurityGroupPermission groupId="FULLADMIN"
permissionId="CATALOG_PRICE_MAINT"/>
+ <SecurityGroupPermission groupId="FULLADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityGroupPermission groupId="FULLADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_CREATE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_DELETE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_UPDATE"/>
Modified: ofbiz/trunk/applications/product/entitydef/entitymodel.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/entitydef/entitymodel.xml?view=diff&rev=504818&r1=504817&r2=504818
==============================================================================
--- ofbiz/trunk/applications/product/entitydef/entitymodel.xml (original)
+++ ofbiz/trunk/applications/product/entitydef/entitymodel.xml Thu Feb 8
00:17:33 2007
@@ -63,6 +63,8 @@
<field name="headerLogo" type="url"></field>
<field name="contentPathPrefix" type="long-varchar"></field>
<field name="templatePathPrefix" type="long-varchar"></field>
+ <field name="viewAllowPermReqd" type="indicator"></field>
+ <field name="purchaseAllowPermReqd" type="indicator"></field>
<prim-key field="prodCatalogId"/>
</entity>
<entity entity-name="ProdCatalogCategory"
Modified:
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml?view=diff&rev=504818&r1=504817&r2=504818
==============================================================================
---
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
(original)
+++
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
Thu Feb 8 00:17:33 2007
@@ -109,11 +109,12 @@
<simple-method method-name="addProductToCategory" short-description="Add
Product to Category">
<!-- note that the security semantics require the user to have the
general admin permission,
or the role limited permission and association with the category,
not the product -->
+ <!--
<set value="addProductToCategory" field="callingMethodName"/>
<set value="CREATE" field="checkAction"/>
<call-simple-method method-name="checkCategoryRelatedPermission"/>
<check-errors/>
-
+ -->
<make-value value-name="newEntity"
entity-name="ProductCategoryMember"/>
<set-pk-fields map-name="parameters" value-name="newEntity"/>
<set-nonpk-fields map-name="parameters" value-name="newEntity"/>
@@ -130,11 +131,13 @@
<iterate entry-name="category" list-name="parameters.categories">
<!-- note that the security semantics require the user to have
the general admin permission,
or the role limited permission and association with the
category, not the product -->
+ <!--
<set field="productCategoryIdToCheck" from-field="category"/>
<set field="callingMethodName" value="addProductToCategories"/>
<set field="checkAction" value="CREATE"/>
<call-simple-method
method-name="checkCategoryRelatedPermission"/>
<check-errors/>
+ -->
<make-value value-name="newEntity"
entity-name="ProductCategoryMember"/>
<set field="newEntity.productCategoryId"
from-field="category"/>
@@ -173,10 +176,12 @@
<simple-method method-name="updateProductToCategory"
short-description="Update Product to Category Application">
<!-- note that the security semantics require the user to have the
general admin permission,
or the role limited permission and association with the category,
not the product -->
+ <!--
<set value="updateProductToCategory" field="callingMethodName"/>
<set value="UPDATE" field="checkAction"/>
<call-simple-method method-name="checkCategoryRelatedPermission"/>
<check-errors/>
+ -->
<make-value value-name="lookupPKMap"
entity-name="ProductCategoryMember"/>
<set-pk-fields map-name="parameters" value-name="lookupPKMap"/>
@@ -187,10 +192,12 @@
<simple-method method-name="removeProductFromCategory"
short-description="Remove Product From Category">
<!-- note that the security semantics require the user to have the
general admin permission,
or the role limited permission and association with the category,
not the product -->
+ <!--
<set value="removeProductFromCategory" field="callingMethodName"/>
<set value="DELETE" field="checkAction"/>
<call-simple-method method-name="checkCategoryRelatedPermission"/>
<check-errors/>
+ -->
<!-- If the associated category was the primary category for the
product, clear that field -->
<entity-one entity-name="Product" value-name="product"
auto-field-map="true"/>
@@ -591,8 +598,106 @@
<then>
<log level="verbose" message="Permission check failed, user
does not have permission"/>
<add-error><fail-message message="Security Error: to run
${callingMethodName} you must have the CATALOG_${checkAction} or CATALOG_ADMIN
permission or have the CATALOG_ROLE_${checkAction} permission and be associated
with a category containing this category."/></add-error>
+ <set field="hasPermission" type="Boolean" value="false"/>
</then>
</if>
+ </simple-method>
+
+ <!-- a service verion of checkCategoryRelatedPermission, only with
purchase/viewAllowPermReqd taken into account -->
+ <simple-method method-name="checkCategoryRelatedPermissionService"
short-description="Check Product Category Related Permission">
+ <set field="hasPermission" type="Boolean" value="true"/>
+
+ <!-- Set up for a call to checkCategoryRelatedPermission below, but
callingMethodName is needed sooner -->
+ <if-empty field-name="parameters.resourceDescription">
+ <set field="callingMethodName" value="this operation"/>
+ <else>
+ <set field="callingMethodName"
value="parameters.resourceDescription"/>
+ </else>
+ </if-empty>
+ <if-empty field-name="parameters.mainAction">
+ <set field="checkAction" value="UPDATE"/>
+ <else>
+ <set field="checkAction" value="parameters.mainAction"/>
+ </else>
+ </if-empty>
+
+ <!-- This service is set up to handle lists of categories or one
category -->
+ <set field="productCategoryIdList" from-field="parameters.categories"/>
+ <if-empty field-name="productCategoryIdList" >
+ <set field="productCategoryIdList[]"
from-field="parameters.productCategoryId"/>
+ </if-empty>
+
+ <!-- Foreach category iterate thru its possible ProdCatalogCategory
records -->
+ <iterate entry-name="productCategoryId"
list-name="productCategoryIdList">
+ <entity-and list-name="prodCatalogCategoryListRaw"
entity-name="ProdCatalogCategory">
+ <field-map field-name="productCategoryId"/>
+ </entity-and>
+ <filter-list-by-date list-name="prodCatalogCategoryListRaw"
to-list-name="prodCatalogCategoryList"/>
+ <iterate entry-name="prodCatalogCategory"
list-name="prodCatalogCategoryList">
+ <!-- Only check for View/Purchase Allow instances -->
+ <if>
+ <condition>
+ <or>
+ <if-compare operator="equals"
field-name="prodCatalogCategory.prodCatalogCategoryTypeId"
value="PCCT_VIEW_ALLW"/>
+ <if-compare operator="equals"
field-name="prodCatalogCategory.prodCatalogCategoryTypeId"
value="PCCT_PURCH_ALLW"/>
+ </or>
+ </condition>
+ <then>
+ <set field="globalViewAllowPermReqd" value="N"/>
+ <set field="globalPurchaseAllowPermReqd"
value="N"/>
+
+ <!-- Do not do a permission check unless the
ProdCatalog requires it -->
+ <entity-one entity-name="ProdCatalog"
value-name="prodCatalog">
+ <field-map field-name="prodCatalogId"
env-name="prodCatalogCategory.prodCatalogId"/>
+ </entity-one>
+ <if-not-empty field-name="prodCatalog">
+ <if-compare operator="equals"
field-name="prodCatalog.viewAllowPermReqd" value="Y">
+ <set field="globalViewAllowPermReqd"
value="Y"/>
+ </if-compare>
+ <if-compare operator="equals"
field-name="prodCatalog.purchaseAllowPermReqd" value="Y">
+ <set
field="globalPurchaseAllowPermReqd" value="Y"/>
+ </if-compare>
+ </if-not-empty>
+ <if-compare operator="equals"
field-name="globalViewAllowPermReqd" value="Y" >
+ <if>
+ <condition>
+ <not>
+ <if-has-permission
permission="CATALOG" action="_VIEW_ALLOW"/>
+ </not>
+ </condition>
+ <then>
+ <log level="verbose"
message="Permission check failed, user does not have permission"/>
+ <set field="failMessage"
value="Security Error: to run ${callingMethodName} you must have the
CATALOG_VIEW_ALLOW permission."/>
+ <set field="hasPermission"
type="Boolean" value="false"/>
+ </then>
+ </if>
+ </if-compare>
+ <if-compare operator="equals"
field-name="globalPurchaseAllowPermReqd" value="Y" >
+ <if>
+ <condition>
+ <not>
+ <if-has-permission
permission="CATALOG" action="_PURCHASE_ALLOW"/>
+ </not>
+ </condition>
+ <then>
+ <log level="verbose"
message="Permission check failed, user does not have permission"/>
+ <set field="failMessage"
value="Security Error: to run ${callingMethodName} you must have the
CATALOG_PURCHASE_ALLOW permission."/>
+ <set field="hasPermission"
type="Boolean" value="false"/>
+ </then>
+ </if>
+ </if-compare>
+ </then>
+ </if>
+ </iterate>
+ <!-- Do the "standard" permission checkq -->
+ <if-compare operator="equals" field-name="hasPermission"
value="true" type="Boolean">
+ <set field="productCategoryIdToCheck"
from-field="productCategoryId"/>
+ <call-simple-method
method-name="checkCategoryRelatedPermission"/>
+ </if-compare>
+ </iterate>
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+
</simple-method>
<simple-method method-name="duplicateProductCategory"
short-description="Duplicate a ProductCategory">
Modified: ofbiz/trunk/applications/product/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/servicedef/services.xml?view=diff&rev=504818&r1=504817&r2=504818
==============================================================================
--- ofbiz/trunk/applications/product/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/product/servicedef/services.xml Thu Feb 8
00:17:33 2007
@@ -387,6 +387,7 @@
<service name="addProductToCategories"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="addProductToCategories" auth="true">
<description>Add Product To Multiple Categories</description>
+ <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false">
<exclude field-name="productCategoryId"/>
</auto-attributes>
@@ -397,6 +398,7 @@
<service name="addProductToCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="addProductToCategory" auth="true">
<description>Add Product To Category</description>
+ <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="fromDate" optional="true"/>
@@ -404,12 +406,14 @@
<service name="updateProductToCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="updateProductToCategory" auth="true">
<description>Add Product To Category</description>
+ <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
<service name="removeProductFromCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="removeProductFromCategory" auth="true">
<description>Remove Product From Category</description>
+ <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="DELETE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
</service>
@@ -991,4 +995,11 @@
<auto-attributes entity-name="CommunicationEventProduct" include="pk"
mode="IN" optional="false"/>
</service>
+ <!-- Permission Services -->
+ <service name="checkCategoryRelatedPermissionService" engine="simple"
+ location="org/ofbiz/product/category/CategoryServices.xml"
invoke="checkCategoryRelatedPermissionService">
+ <implements service="permissionInterface"/>
+ <attribute type="String" mode="IN" name="productCategoryId"
optional="true"/>
+ <attribute type="List" mode="IN" name="categories" optional="true"/>
+ </service>
</services>
Modified:
ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml?view=diff&rev=504818&r1=504817&r2=504818
==============================================================================
---
ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml
(original)
+++
ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml
Thu Feb 8 00:17:33 2007
@@ -44,6 +44,13 @@
<field name="contentPathPrefix"
title="${uiLabelMap.ProductContentPathPrefix}"
tooltip="${uiLabelMap.ProductPrependedImageContentPaths}"><text size="60"
maxlength="250"/></field>
<field name="templatePathPrefix"
title="${uiLabelMap.ProductTemplatePathPrefix}"
tooltip="${uiLabelMap.ProductPrependedTemplatePaths}"><text size="60"
maxlength="250"/></field>
+ <field name="viewAllowPermReqd"
title="${uiLabelMap.ProductCategoryViewAllowPermReqd}" widget-style="selectBox">
+ <drop-down allow-empty="false" no-current-selected-key="N"><option
key="Y" description="${uiLabelMap.CommonY}"/><option key="N"
description="${uiLabelMap.CommonN}"/></drop-down>
+ </field>
+ <field name="purchaseAllowPermReqd"
title="${uiLabelMap.ProductCategoryPurchaseAllowPermReqd}"
widget-style="selectBox">
+ <drop-down allow-empty="false" no-current-selected-key="N"><option
key="Y" description="${uiLabelMap.CommonY}"/><option key="N"
description="${uiLabelMap.CommonN}"/></drop-down>
+ </field>
+
<field name="submitButton" title="${uiLabelMap.CommonUpdate}"
widget-style="smallSubmit"><submit button-type="button"/></field>
</form>
<form name="AddProdCatalogToParty" type="single"
