Author: jonesde
Date: Wed Feb 14 20:12:07 2007
New Revision: 507809
URL: http://svn.apache.org/viewvc?view=rev&rev=507809
Log:
Some fixed for the view and purchase allow category product add permission
code; major cleanup, changed name to better represent and distinguish what it
does; also changed OOTB security group setup to better represent how this is
intended to be used; now appears to work properly
Modified:
ofbiz/trunk/applications/product/data/ProductSecurityData.xml
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
ofbiz/trunk/applications/product/servicedef/services.xml
ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml
Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=507809&r1=507808&r2=507809
==============================================================================
--- ofbiz/trunk/applications/product/data/ProductSecurityData.xml (original)
+++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Wed Feb 14
20:12:07 2007
@@ -42,21 +42,24 @@
<SecurityGroup description="Catalog Admin group, has all catalog
permissions." groupId="CATALOGADMIN"/>
<SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="CATALOG_ADMIN"/>
<SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="OFBTOOLS_VIEW"/>
- <SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
- <SecurityGroupPermission groupId="CATALOGADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
+
+ <SecurityGroup description="Catalog Admin View and Purchase Allow
Products" groupId="CATALOGADMIN"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
<SecurityGroupPermission groupId="FULLADMIN" permissionId="CATALOG_ADMIN"/>
<SecurityGroupPermission groupId="FULLADMIN"
permissionId="CATALOG_PRICE_MAINT"/>
<SecurityGroupPermission groupId="FULLADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
<SecurityGroupPermission groupId="FULLADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
- <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
- <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
+
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_CREATE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_DELETE"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_UPDATE"/>
<SecurityGroupPermission groupId="FLEXADMIN" permissionId="CATALOG_VIEW"/>
<SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_PRICE_MAINT"/>
-
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_VIEW_ALLOW"/>
+ <SecurityGroupPermission groupId="FLEXADMIN"
permissionId="CATALOG_PURCHASE_ALLOW"/>
+
<SecurityGroupPermission groupId="VIEWADMIN" permissionId="CATALOG_VIEW"/>
<SecurityGroupPermission groupId="BIZADMIN" permissionId="CATALOG_ADMIN"/>
<SecurityGroupPermission groupId="BIZADMIN"
permissionId="CATALOG_PRICE_MAINT"/>
Modified:
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml?view=diff&rev=507809&r1=507808&r2=507809
==============================================================================
---
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
(original)
+++
ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml
Wed Feb 14 20:12:07 2007
@@ -551,154 +551,6 @@
</if-compare>
</simple-method>
- <!-- a methods to centralize product security code, meant to be called
in-line with
- call-simple-method, and the checkAction and callingMethodName
attributes should be in the method context -->
- <simple-method method-name="checkCategoryRelatedPermission"
short-description="Check Product Category Related Permission">
- <if-empty field-name="callingMethodName">
- <set field="callingMethodName" value="this operation"/>
- </if-empty>
- <if-empty field-name="checkAction">
- <set field="checkAction" value="UPDATE"/>
- </if-empty>
- <if-empty field-name="productCategoryIdName">
- <set field="productCategoryIdName" value="productCategoryId"/>
- </if-empty>
- <if-empty field-name="productCategoryIdToCheck">
- <set field="productCategoryIdToCheck"
from-field="parameters.${productCategoryIdName}"/>
- </if-empty>
-
- <!-- find all role-categories that this category is a member of -->
- <if>
- <condition>
- <not><if-has-permission permission="CATALOG"
action="_${checkAction}"/></not>
- </condition>
- <then>
- <entity-and entity-name="ProductCategoryRollupAndRole"
list-name="roleCategories">
- <field-map field-name="productCategoryId"
env-name="productCategoryIdToCheck"/>
- <field-map field-name="partyId"
env-name="userLogin.partyId"/>
- <field-map field-name="roleTypeId" value="LTD_ADMIN"/>
- </entity-and>
- <filter-list-by-date list-name="roleCategories"
valid-date-name="nowTimestamp"/>
- <filter-list-by-date list-name="roleCategories"
valid-date-name="nowTimestamp" from-field-name="roleFromDate"
thru-field-name="roleThruDate"/>
- </then>
- </if>
- <log level="info" message="Checking category permission,
roleCategories=${roleCategories}"/>
- <if>
- <condition>
- <not>
- <or>
- <if-has-permission permission="CATALOG"
action="_${checkAction}"/>
- <and>
- <if-has-permission permission="CATALOG_ROLE"
action="_${checkAction}"/>
- <not><if-empty field-name="roleCategories"/></not>
- </and>
- </or>
- </not>
- </condition>
- <then>
- <log level="verbose" message="Permission check failed, user
does not have permission"/>
- <add-error><fail-message message="Security Error: to run
${callingMethodName} you must have the CATALOG_${checkAction} or CATALOG_ADMIN
permission or have the CATALOG_ROLE_${checkAction} permission and be associated
with a category containing this category."/></add-error>
- <set field="hasPermission" type="Boolean" value="false"/>
- </then>
- </if>
- </simple-method>
-
- <!-- a service verion of checkCategoryRelatedPermission, only with
purchase/viewAllowPermReqd taken into account -->
- <simple-method method-name="checkCategoryRelatedPermissionService"
short-description="Check Product Category Related Permission">
- <set field="hasPermission" type="Boolean" value="true"/>
-
- <!-- Set up for a call to checkCategoryRelatedPermission below, but
callingMethodName is needed sooner -->
- <if-empty field-name="parameters.resourceDescription">
- <set field="callingMethodName" value="this operation"/>
- <else>
- <set field="callingMethodName"
value="parameters.resourceDescription"/>
- </else>
- </if-empty>
- <if-empty field-name="parameters.mainAction">
- <set field="checkAction" value="UPDATE"/>
- <else>
- <set field="checkAction" value="parameters.mainAction"/>
- </else>
- </if-empty>
-
- <!-- This service is set up to handle lists of categories or one
category -->
- <set field="productCategoryIdList" from-field="parameters.categories"/>
- <if-empty field-name="productCategoryIdList" >
- <set field="productCategoryIdList[]"
from-field="parameters.productCategoryId"/>
- </if-empty>
-
- <!-- Foreach category iterate thru its possible ProdCatalogCategory
records -->
- <iterate entry-name="productCategoryId"
list-name="productCategoryIdList">
- <entity-and list-name="prodCatalogCategoryListRaw"
entity-name="ProdCatalogCategory">
- <field-map field-name="productCategoryId"/>
- </entity-and>
- <filter-list-by-date list-name="prodCatalogCategoryListRaw"
to-list-name="prodCatalogCategoryList"/>
- <iterate entry-name="prodCatalogCategory"
list-name="prodCatalogCategoryList">
- <!-- Only check for View/Purchase Allow instances -->
- <if>
- <condition>
- <or>
- <if-compare operator="equals"
field-name="prodCatalogCategory.prodCatalogCategoryTypeId"
value="PCCT_VIEW_ALLW"/>
- <if-compare operator="equals"
field-name="prodCatalogCategory.prodCatalogCategoryTypeId"
value="PCCT_PURCH_ALLW"/>
- </or>
- </condition>
- <then>
- <set field="globalViewAllowPermReqd" value="N"/>
- <set field="globalPurchaseAllowPermReqd"
value="N"/>
-
- <!-- Do not do a permission check unless the
ProdCatalog requires it -->
- <entity-one entity-name="ProdCatalog"
value-name="prodCatalog">
- <field-map field-name="prodCatalogId"
env-name="prodCatalogCategory.prodCatalogId"/>
- </entity-one>
- <if-not-empty field-name="prodCatalog">
- <if-compare operator="equals"
field-name="prodCatalog.viewAllowPermReqd" value="Y">
- <set field="globalViewAllowPermReqd"
value="Y"/>
- </if-compare>
- <if-compare operator="equals"
field-name="prodCatalog.purchaseAllowPermReqd" value="Y">
- <set
field="globalPurchaseAllowPermReqd" value="Y"/>
- </if-compare>
- </if-not-empty>
- <if-compare operator="equals"
field-name="globalViewAllowPermReqd" value="Y" >
- <if>
- <condition>
- <not>
- <if-has-permission
permission="CATALOG" action="_VIEW_ALLOW"/>
- </not>
- </condition>
- <then>
- <log level="verbose"
message="Permission check failed, user does not have permission"/>
- <set field="failMessage"
value="Security Error: to run ${callingMethodName} you must have the
CATALOG_VIEW_ALLOW permission."/>
- <set field="hasPermission"
type="Boolean" value="false"/>
- </then>
- </if>
- </if-compare>
- <if-compare operator="equals"
field-name="globalPurchaseAllowPermReqd" value="Y" >
- <if>
- <condition>
- <not>
- <if-has-permission
permission="CATALOG" action="_PURCHASE_ALLOW"/>
- </not>
- </condition>
- <then>
- <log level="verbose"
message="Permission check failed, user does not have permission"/>
- <set field="failMessage"
value="Security Error: to run ${callingMethodName} you must have the
CATALOG_PURCHASE_ALLOW permission."/>
- <set field="hasPermission"
type="Boolean" value="false"/>
- </then>
- </if>
- </if-compare>
- </then>
- </if>
- </iterate>
- <!-- Do the "standard" permission checkq -->
- <if-compare operator="equals" field-name="hasPermission"
value="true" type="Boolean">
- <set field="productCategoryIdToCheck"
from-field="productCategoryId"/>
- <call-simple-method
method-name="checkCategoryRelatedPermission"/>
- </if-compare>
- </iterate>
- <field-to-result field-name="hasPermission"/>
- <field-to-result field-name="failMessage"/>
- </simple-method>
-
<simple-method method-name="duplicateProductCategory"
short-description="Duplicate a ProductCategory">
<set value="duplicateProductCategory" field="callingMethodName"/>
<check-permission permission="CATALOG" action="_CREATE">
@@ -837,5 +689,151 @@
<entity-one entity-name="ProductCategoryLink"
value-name="lookedUpValue"/>
<remove-value value-name="lookedUpValue"/>
</simple-method>
+
+ <!-- ============================= -->
+ <!-- Permission Methods -->
+ <!-- ============================= -->
+
+ <!-- a methods to centralize product security code, meant to be called
in-line with
+ call-simple-method, and the checkAction and callingMethodName
attributes should be in the method context -->
+ <simple-method method-name="checkCategoryRelatedPermission"
short-description="Check Product Category Related Permission">
+ <if-empty field-name="callingMethodName">
+ <set field="callingMethodName" value="this operation"/>
+ </if-empty>
+ <if-empty field-name="checkAction">
+ <set field="checkAction" value="UPDATE"/>
+ </if-empty>
+ <if-empty field-name="productCategoryIdName">
+ <set field="productCategoryIdName" value="productCategoryId"/>
+ </if-empty>
+ <if-empty field-name="productCategoryIdToCheck">
+ <set field="productCategoryIdToCheck"
from-field="parameters.${productCategoryIdName}"/>
+ </if-empty>
+
+ <!-- find all role-categories that this category is a member of -->
+ <if>
+ <condition>
+ <not><if-has-permission permission="CATALOG"
action="_${checkAction}"/></not>
+ </condition>
+ <then>
+ <entity-and entity-name="ProductCategoryRollupAndRole"
list-name="roleCategories">
+ <field-map field-name="productCategoryId"
env-name="productCategoryIdToCheck"/>
+ <field-map field-name="partyId"
env-name="userLogin.partyId"/>
+ <field-map field-name="roleTypeId" value="LTD_ADMIN"/>
+ </entity-and>
+ <filter-list-by-date list-name="roleCategories"
valid-date-name="nowTimestamp"/>
+ <filter-list-by-date list-name="roleCategories"
valid-date-name="nowTimestamp" from-field-name="roleFromDate"
thru-field-name="roleThruDate"/>
+ </then>
+ </if>
+ <log level="info" message="Checking category permission,
roleCategories=${roleCategories}"/>
+ <if>
+ <condition>
+ <not>
+ <or>
+ <if-has-permission permission="CATALOG"
action="_${checkAction}"/>
+ <and>
+ <if-has-permission permission="CATALOG_ROLE"
action="_${checkAction}"/>
+ <not><if-empty field-name="roleCategories"/></not>
+ </and>
+ </or>
+ </not>
+ </condition>
+ <then>
+ <log level="verbose" message="Permission check failed, user
does not have permission"/>
+ <add-error><fail-message message="Security Error: to run
${callingMethodName} you must have the CATALOG_${checkAction} or CATALOG_ADMIN
permission or have the CATALOG_ROLE_${checkAction} permission and be associated
with a category containing this category."/></add-error>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ </then>
+ </if>
+ </simple-method>
+ <simple-method method-name="productCategoryGenericPermission"
short-description="Main permission logic">
+ <set field="mainAction" from-field="parameters.mainAction"/>
+ <if-empty field-name="mainAction">
+ <add-error><fail-message message="In the permission-service
element for the productGenericPermission service the main-action attribute was
missing but is required"/></add-error>
+ <check-errors/>
+ </if-empty>
+
+ <set field="callingMethodName"
from-field="parameters.resourceDescription"/>
+ <set field="checkAction" from-field="parameters.mainAction"/>
+ <call-simple-method method-name="checkCategoryRelatedPermission"/>
+
+ <if-empty field-name="error_list">
+ <set field="hasPermission" type="Boolean" value="true"/>
+ <field-to-result field-name="hasPermission"/>
+
+ <else>
+ <property-to-field resource="ProductUiLabels"
property="ProductPermissionError" field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+ </else>
+ </if-empty>
+ </simple-method>
+
+ <!-- a service verion of checkCategoryRelatedPermission, only with
purchase/viewAllowPermReqd taken into account -->
+ <simple-method method-name="checkCategoryPermissionWithViewPurchaseAllow"
short-description="Check Product Category Permission With View and Purchase
Allow">
+ <set-service-fields service-name="productCategoryGenericPermission"
map-name="parameters" to-map-name="productCategoryGenericPermissionMap"/>
+ <call-service service-name="productCategoryGenericPermission"
in-map-name="productCategoryGenericPermissionMap">
+ <results-to-map map-name="genericResult"/>
+ </call-service>
+ <log level="info"
message="checkCategoryPermissionWithViewPurchaseAllow genericResult:
${genericResult}"/>
+ <if-compare field-name="genericResult.hasPermission" operator="equals"
value="false" type="Boolean">
+ <field-to-result field-name="genericResult.hasPermission"
result-name="hasPermission"/>
+ <field-to-result field-name="genericResult.failMessage"
map-name="failMessage"/>
+ <return/>
+ </if-compare>
+
+ <!-- if the generic permission test passed, carry on -->
+ <log level="info"
message="checkCategoryPermissionWithViewPurchaseAllow got here 1;
parameters.productCategoryId=${parameters.productCategoryId}"/>
+ <!-- Set up for a call to checkCategoryRelatedPermission below, but
callingMethodName is needed sooner -->
+ <set field="callingMethodName"
from-field="parameters.resourceDescription" default-value="this operation"/>
+ <set field="checkAction" from-field="parameters.mainAction"
default-value="UPDATE"/>
+
+ <entity-condition list-name="prodCatalogCategoryList"
entity-name="ProdCatalogCategory" filter-by-date="true">
+ <condition-list combine="and">
+ <condition-expr field-name="productCategoryId"
env-name="parameters.productCategoryId"/>
+ <condition-list combine="or">
+ <condition-expr field-name="prodCatalogCategoryTypeId"
value="PCCT_VIEW_ALLW"/>
+ <condition-expr field-name="prodCatalogCategoryTypeId"
value="PCCT_PURCH_ALLW"/>
+ </condition-list>
+ </condition-list>
+ </entity-condition>
+ <iterate entry-name="prodCatalogCategory"
list-name="prodCatalogCategoryList">
+ <!-- Do not do a permission check unless the ProdCatalog requires
it -->
+ <entity-one entity-name="ProdCatalog" value-name="prodCatalog"
auto-field-map="false">
+ <field-map field-name="prodCatalogId"
env-name="prodCatalogCategory.prodCatalogId"/>
+ </entity-one>
+ <log level="info"
message="checkCategoryPermissionWithViewPurchaseAllow prodCatalogCategory:
${prodCatalogCategory}"/>
+ <log level="info"
message="checkCategoryPermissionWithViewPurchaseAllow prodCatalog:
${prodCatalog}"/>
+ <if>
+ <condition>
+ <and>
+ <if-compare field-name="prodCatalog.viewAllowPermReqd"
operator="equals" value="Y"/>
+ <not><if-has-permission
permission="CATALOG_VIEW_ALLOW"/></not>
+ </and>
+ </condition>
+ <then>
+ <log level="verbose" message="Permission check failed,
user does not have permission"/>
+ <set field="failMessage" value="Security Error: to run
${callingMethodName} you must have the CATALOG_VIEW_ALLOW permission."/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ </then>
+ </if>
+ <if>
+ <condition>
+ <and>
+ <if-compare
field-name="prodCatalog.purchaseAllowPermReqd" operator="equals" value="Y"/>
+ <not><if-has-permission
permission="CATALOG_PURCHASE_ALLOW"/></not>
+ </and>
+ </condition>
+ <then>
+ <log level="verbose" message="Permission check failed,
user does not have permission"/>
+ <set field="failMessage" value="Security Error: to run
${callingMethodName} you must have the CATALOG_PURCHASE_ALLOW permission."/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ </then>
+ </if>
+ </iterate>
+
+ <field-to-result field-name="hasPermission"/>
+ <field-to-result field-name="failMessage"/>
+ </simple-method>
</simple-methods>
Modified: ofbiz/trunk/applications/product/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/servicedef/services.xml?view=diff&rev=507809&r1=507808&r2=507809
==============================================================================
--- ofbiz/trunk/applications/product/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/product/servicedef/services.xml Wed Feb 14
20:12:07 2007
@@ -578,7 +578,7 @@
<service name="safeAddProductToCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="addProductToCategory" auth="true">
<description>Add Product To Category</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/>
+ <permission-service
service-name="checkCategoryPermissionWithViewPurchaseAllow"
main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
@@ -586,7 +586,7 @@
<service name="addProductToCategories"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="addProductToCategories" auth="true">
<description>Add Product To Multiple Categories</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/>
+ <permission-service
service-name="checkCategoryPermissionWithViewPurchaseAllow"
main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false">
<exclude field-name="productCategoryId"/>
</auto-attributes>
@@ -597,7 +597,7 @@
<service name="addProductToCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="addProductToCategory" auth="true">
<description>Add Product To Category</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/>
+ <permission-service
service-name="checkCategoryPermissionWithViewPurchaseAllow"
main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="fromDate" optional="true"/>
@@ -605,14 +605,14 @@
<service name="updateProductToCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="updateProductToCategory" auth="true">
<description>Add Product To Category</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="UPDATE"/>
+ <permission-service
service-name="checkCategoryPermissionWithViewPurchaseAllow"
main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
<service name="removeProductFromCategory"
default-entity-name="ProductCategoryMember" engine="simple"
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="removeProductFromCategory" auth="true">
<description>Remove Product From Category</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="DELETE"/>
+ <permission-service
service-name="checkCategoryPermissionWithViewPurchaseAllow"
main-action="DELETE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
</service>
@@ -727,7 +727,7 @@
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="createProductCategoryLink" auth="true">
<description>Create a ProductCategoryLink</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/>
+ <permission-service service-name="productCategoryGenericPermission"
main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="fromDate" optional="true" />
@@ -737,7 +737,7 @@
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="updateProductCategoryLink" auth="true">
<description>Update a ProductCategoryLink</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="UPDATE"/>
+ <permission-service service-name="productCategoryGenericPermission"
main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
@@ -745,7 +745,7 @@
location="org/ofbiz/product/category/CategoryServices.xml"
invoke="deleteProductCategoryLink" auth="true">
<description>Delete a ProductCategoryLink</description>
- <permission-service
service-name="checkCategoryRelatedPermissionService" main-action="DELETE"/>
+ <permission-service service-name="productCategoryGenericPermission"
main-action="DELETE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
</service>
@@ -1035,10 +1035,13 @@
location="org/ofbiz/product/product/ProductServices.xml"
invoke="productGenericPermission">
<implements service="permissionInterface"/>
</service>
- <service name="checkCategoryRelatedPermissionService" engine="simple"
- location="org/ofbiz/product/category/CategoryServices.xml"
invoke="checkCategoryRelatedPermissionService">
+ <service name="productCategoryGenericPermission" engine="simple"
+ location="org/ofbiz/product/category/CategoryServices.xml"
invoke="productCategoryGenericPermission">
+ <implements service="permissionInterface"/>
+ </service>
+ <service name="checkCategoryPermissionWithViewPurchaseAllow"
engine="simple"
+ location="org/ofbiz/product/category/CategoryServices.xml"
invoke="checkCategoryPermissionWithViewPurchaseAllow">
<implements service="permissionInterface"/>
<attribute type="String" mode="IN" name="productCategoryId"
optional="true"/>
- <attribute type="List" mode="IN" name="categories" optional="true"/>
</service>
</services>
Modified: ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml?view=diff&rev=507809&r1=507808&r2=507809
==============================================================================
--- ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml
(original)
+++ ofbiz/trunk/applications/product/webapp/catalog/WEB-INF/controller.xml Wed
Feb 14 20:12:07 2007
@@ -187,7 +187,6 @@
<response name="error" type="view" value="EditCategory"/>
</request-map>
-
<!-- ================ Category Rollup Requests ================= -->
<request-map uri="EditCategoryRollup">
<security https="true" auth="true"/>
@@ -405,6 +404,54 @@
<response name="error" type="view" value="EditCategoryContent"/>
</request-map>
+ <!-- ================ Product Category Attribute Requests
================= -->
+ <request-map uri="EditCategoryAttributes">
+ <security https="true" auth="true"/>
+ <response name="success" type="view" value="EditCategoryAttributes"/>
+ </request-map>
+ <request-map uri="createProductCategoryAttribute">
+ <security https="true" auth="true"/>
+ <event type="service" path="" invoke="createProductCategoryAttribute"/>
+ <response name="success" type="view" value="EditCategoryAttributes"/>
+ <response name="error" type="view" value="EditCategoryAttributes"/>
+ </request-map>
+ <request-map uri="updateProductCategoryAttribute">
+ <security https="true" auth="true"/>
+ <event type="service" path="" invoke="updateProductCategoryAttribute"/>
+ <response name="success" type="view" value="EditCategoryAttributes"/>
+ <response name="error" type="view" value="EditCategoryAttributes"/>
+ </request-map>
+ <request-map uri="deleteProductCategoryAttribute">
+ <security https="true" auth="true"/>
+ <event type="service" path="" invoke="deleteProductCategoryAttribute"/>
+ <response name="success" type="view" value="EditCategoryAttributes"/>
+ <response name="error" type="view" value="EditCategoryAttributes"/>
+ </request-map>
+
+ <!-- ================ Product Category Link Requests ================= -->
+ <request-map uri="EditProductCategoryLinks">
+ <security https="true" auth="true"/>
+ <response name="success" type="view" value="EditProductCategoryLinks"/>
+ </request-map>
+ <request-map uri="createProductCategoryLink">
+ <security https="true" auth="true"/>
+ <event type="service" path="" invoke="createProductCategoryLink"/>
+ <response name="success" type="view" value="EditProductCategoryLinks"/>
+ <response name="error" type="view" value="EditProductCategoryLinks"/>
+ </request-map>
+ <request-map uri="updateProductCategoryLink">
+ <security https="true" auth="true"/>
+ <event type="service" path="" invoke="updateProductCategoryLink"/>
+ <response name="success" type="view" value="EditProductCategoryLinks"/>
+ <response name="error" type="view" value="EditProductCategoryLinks"/>
+ </request-map>
+ <request-map uri="deleteProductCategoryLink">
+ <security https="true" auth="true"/>
+ <event type="service" path="" invoke="deleteProductCategoryLink"/>
+ <response name="success" type="view" value="EditProductCategoryLinks"/>
+ <response name="error" type="view" value="EditProductCategoryLinks"/>
+ </request-map>
+
<!-- ================ Product Requests ================= -->
<request-map uri="EditProduct">
<security https="true" auth="true"/>
@@ -696,54 +743,6 @@
<response name="error" type="view" value="EditProductCategories"/>
</request-map>
- <!-- ================ Product Category Attribute Requests
================= -->
- <request-map uri="EditCategoryAttributes">
- <security https="true" auth="true"/>
- <response name="success" type="view" value="EditCategoryAttributes"/>
- </request-map>
- <request-map uri="createProductCategoryAttribute">
- <security https="true" auth="true"/>
- <event type="service" path="" invoke="createProductCategoryAttribute"/>
- <response name="success" type="view" value="EditCategoryAttributes"/>
- <response name="error" type="view" value="EditCategoryAttributes"/>
- </request-map>
- <request-map uri="updateProductCategoryAttribute">
- <security https="true" auth="true"/>
- <event type="service" path="" invoke="updateProductCategoryAttribute"/>
- <response name="success" type="view" value="EditCategoryAttributes"/>
- <response name="error" type="view" value="EditCategoryAttributes"/>
- </request-map>
- <request-map uri="deleteProductCategoryAttribute">
- <security https="true" auth="true"/>
- <event type="service" path="" invoke="deleteProductCategoryAttribute"/>
- <response name="success" type="view" value="EditCategoryAttributes"/>
- <response name="error" type="view" value="EditCategoryAttributes"/>
- </request-map>
-
- <!-- ================ Product Category Link Requests ================= -->
- <request-map uri="EditProductCategoryLinks">
- <security https="true" auth="true"/>
- <response name="success" type="view" value="EditProductCategoryLinks"/>
- </request-map>
- <request-map uri="createProductCategoryLink">
- <security https="true" auth="true"/>
- <event type="service" path="" invoke="createProductCategoryLink"/>
- <response name="success" type="view" value="EditProductCategoryLinks"/>
- <response name="error" type="view" value="EditProductCategoryLinks"/>
- </request-map>
- <request-map uri="updateProductCategoryLink">
- <security https="true" auth="true"/>
- <event type="service" path="" invoke="updateProductCategoryLink"/>
- <response name="success" type="view" value="EditProductCategoryLinks"/>
- <response name="error" type="view" value="EditProductCategoryLinks"/>
- </request-map>
- <request-map uri="deleteProductCategoryLink">
- <security https="true" auth="true"/>
- <event type="service" path="" invoke="deleteProductCategoryLink"/>
- <response name="success" type="view" value="EditProductCategoryLinks"/>
- <response name="error" type="view" value="EditProductCategoryLinks"/>
- </request-map>
-
<!-- ================ Product Keyword Requests ================= -->
<request-map uri="EditProductKeyword">
<security https="true" auth="true"/>
