Author: jleroux
Date: Sat Oct 13 06:35:05 2007
New Revision: 584399
URL: http://svn.apache.org/viewvc?rev=584399&view=rev
Log:
A patch from Adrian Crum "Improved Common Permission Checking Simple Method &
Messages" (https://issues.apache.org/jira/browse/OFBIZ-1246)
Modified:
ofbiz/trunk/framework/common/config/CommonUiLabels.properties
ofbiz/trunk/framework/common/script/org/ofbiz/common/CommonServices.xml
ofbiz/trunk/framework/common/script/org/ofbiz/common/permission/CommonPermissionServices.xml
Modified: ofbiz/trunk/framework/common/config/CommonUiLabels.properties
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/config/CommonUiLabels.properties?rev=584399&r1=584398&r2=584399&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/config/CommonUiLabels.properties (original)
+++ ofbiz/trunk/framework/common/config/CommonUiLabels.properties Sat Oct 13
06:35:05 2007
@@ -186,6 +186,7 @@
CommonFromDateNotValidDateTime=From Date is not a valid Date-Time.
CommonFromDateThruDate=From Date / Thru Date
CommonFromDateTime=From Date & Time
+CommonGenericPermissionError=Security Error\: To run ${resourceDescription}
you must have the one of the following permissions:
${primaryPermission}_${mainAction},
${primaryPermission}_ADMIN${altPermissionList}
CommonGeo=Geo
CommonGeos=Geos
CommonGetPasswordHint=Get Password Hint
@@ -300,11 +301,10 @@
CommonPassword=Password
CommonPasswordChange=Please Change Your Password
CommonPerform=Perform
-CommonPermissionErrorMessage=Security Error\: to run ${resourceDescription}
you must have the EXAMPLE_${mainAction} or EXAMPLE_ADMIN permission
CommonPermissionError=Permission Error
CommonPermissionMainActionAttributeMissing=Permission main-action parameter
missing!
CommonPermissionPrimaryPermissionMissing=Permission primaryPermission
parameter missing!
-CommonGenericPermissionError=Security Error\: To run ${resourceDescription}
you must have the ${}_${mainAction} or ${}_ADMIN permission
+CommonPermissionThisOperation=this operation
CommonPerson=Person
CommonPostedBy=Posted By
CommonPostedDate=Posted Date
Modified:
ofbiz/trunk/framework/common/script/org/ofbiz/common/CommonServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/script/org/ofbiz/common/CommonServices.xml?rev=584399&r1=584398&r2=584399&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/script/org/ofbiz/common/CommonServices.xml
(original)
+++ ofbiz/trunk/framework/common/script/org/ofbiz/common/CommonServices.xml Sat
Oct 13 06:35:05 2007
@@ -21,21 +21,8 @@
<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd";>
<simple-method method-name="commonGenericPermission"
short-description="Main permission logic">
- <set field="mainAction" from-field="parameters.mainAction"/>
- <if-empty field-name="mainAction">
- <add-error><fail-message message="In the permission-service
element for the commonGenericPermission service the main-action attribute was
missing but is required"/></add-error>
- <check-errors/>
- </if-empty>
- <if-has-permission permission="COMMON"
action="_${parameters.mainAction}">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field-name="hasPermission"/>
- <else>
- <property-to-field resource="CommonUiLabels"
property="CommonPermissionErrorMessage" field-name="failMessage"/>
- <set field="hasPermission" type="Boolean" value="false"/>
- <field-to-result field-name="hasPermission"/>
- <field-to-result field-name="failMessage"/>
- </else>
- </if-has-permission>
+ <set field="primaryPermission" value="COMMON"/>
+ <call-simple-method method-name="genericBasePermissionCheck"
xml-resource="component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml"/>
</simple-method>
<simple-method method-name="createKeywordThesaurus"
short-description="Create a KeywordThesaurus">
Modified:
ofbiz/trunk/framework/common/script/org/ofbiz/common/permission/CommonPermissionServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/script/org/ofbiz/common/permission/CommonPermissionServices.xml?rev=584399&r1=584398&r2=584399&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/script/org/ofbiz/common/permission/CommonPermissionServices.xml
(original)
+++
ofbiz/trunk/framework/common/script/org/ofbiz/common/permission/CommonPermissionServices.xml
Sat Oct 13 06:35:05 2007
@@ -21,38 +21,51 @@
xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd";>
<simple-method method-name="genericBasePermissionCheck"
short-description="Basic Permission check">
- <!-- allow primary permission to be set form outside methods or direct
to the service -->
- <if-empty field-name="primaryPermission">
- <set field="primaryPermission"
from-field="parameters.primaryPermission"/>
+ <!-- allow mainAction to be set from outside methods or direct to the
service -->
+ <if-empty field-name="mainAction">
+ <set field="mainAction" from-field="parameters.mainAction"/>
+ <if-empty field-name="mainAction">
+ <add-error><fail-property resource="CommonUiLabels"
property="CommonPermissionMainActionAttributeMissing"/></add-error>
+ </if-empty>
</if-empty>
+ <check-errors/>
+
+ <!-- allow primary permission to be set from outside methods or direct
to the service -->
<if-empty field-name="primaryPermission">
- <add-error><fail-property resource="CommonUiLabels"
property="CommonPermissionPrimaryPermissionMissing"/></add-error>
+ <set field="primaryPermission"
from-field="parameters.primaryPermission"/>
+ <if-empty field-name="primaryPermission">
+ <add-error><fail-property resource="CommonUiLabels"
property="CommonPermissionPrimaryPermissionMissing"/></add-error>
+ </if-empty>
</if-empty>
+ <check-errors/>
+ <log level="info" message="Checking for primary permission
${primaryPermission}_${mainAction}"/>
- <!-- allow alt permission to be set form outside methods or direct to
the service -->
+ <!-- allow alt permission to be set from outside methods or direct to
the service -->
<if-empty field-name="altPermission">
<set field="altPermission" from-field="parameters.altPermission"/>
</if-empty>
- <!-- altPermission is not a required field; no need to addError -->
+ <if-not-empty field-name="altPermission">
+ <log level="info" message="Checking for alternate permission
${altPermission}_${mainAction}"/>
+ <set field="altPermissionList" value=",
${altPermission}_${mainAction}, ${altPermission}_ADMIN"/>
+ </if-not-empty>
+ <!-- altPermission is not a required field; no need to add Error -->
- <!-- allow mainAction to be set from outside methods -->
- <if-empty field-name="mainAction">
- <set field="mainAction" from-field="parameters.mainAction"/>
+ <!-- set up called service name -->
+ <if-empty field-name="resourceDescription">
+ <set field="resourceDescription"
from-field="parameters.resourceDescriptionn"/>
+ <if-empty field-name="resourceDescription">
+ <property-to-field resource="CommonUiLabels"
property="CommonPermissionThisOperation" field-name="resourceDescription"/>
+ </if-empty>
</if-empty>
- <if-empty field-name="mainAction">
- <add-error><fail-property resource="CommonUiLabels"
property="CommonPermissionMainActionAttributeMissing"/></add-error>
- </if-empty>
-
- <log level="info" message="Checking for primary
${primaryPermission}_${mainAction}"/>
- <log level="info" message="Checking for alternate
${altPermission}_${mainAction}"/>
- <check-errors/>
<!-- check permission -->
<if>
<condition>
<or>
+ <if-has-permission
permission="${primaryPermission}_ADMIN"/>
<if-has-permission permission="${primaryPermission}"
action="_${parameters.mainAction}"/>
<if-has-permission permission="${altPermission}"
action="_${parameters.mainAction}"/>
+ <if-has-permission permission="${altPermission}_ADMIN"/>
</or>
</condition>
<then>
