Author: adrianc
Date: Thu Jan 8 08:18:54 2009
New Revision: 732744
URL: http://svn.apache.org/viewvc?rev=732744&view=rev
Log:
Fixed a design flaw in the user preference services. The services accepted an
optional parameter - userLoginId - so that admins could perform CRUD operations
on other user's preferences. This parameter caused a name clash with screens
and services that also had a userLoginId parameter. The preference services
userLoginId parameter has been renamed to userPrefLoginId.
Modified:
ofbiz/trunk/framework/common/servicedef/services.xml
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceServices.java
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceWorker.java
Modified: ofbiz/trunk/framework/common/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/servicedef/services.xml?rev=732744&r1=732743&r2=732744&view=diff
==============================================================================
--- ofbiz/trunk/framework/common/servicedef/services.xml (original)
+++ ofbiz/trunk/framework/common/servicedef/services.xml Thu Jan 8 08:18:54
2009
@@ -426,7 +426,7 @@
<permission-service service-name="preferenceCopyPermission"/>
<attribute name="fromUserLoginId" type="String" mode="IN"
optional="false"/>
<attribute name="userPrefGroupTypeId" type="String" mode="IN"
optional="false"/>
- <attribute name="userLoginId" type="String" mode="IN" optional="true"/>
+ <attribute name="userPrefLoginId" type="String" mode="IN"
optional="true"/>
</service>
<service name="getUserPreference" engine="java"
@@ -443,7 +443,7 @@
location="org.ofbiz.common.preferences.PreferenceServices"
invoke="getUserPreferenceGroup">
<description>Gets a group of user preferences.</description>
<attribute name="userPrefGroupTypeId" type="String" mode="IN"
optional="false"/>
- <attribute name="userLoginId" type="String" mode="IN" optional="true"/>
+ <attribute name="userPrefLoginId" type="String" mode="IN"
optional="true"/>
<attribute name="userPrefMap" type="Map" mode="OUT" optional="true"/>
</service>
@@ -454,7 +454,7 @@
<attribute name="userPrefTypeId" type="String" mode="IN"
optional="false"/>
<attribute name="userPrefValue" type="String" mode="IN"
optional="false"/>
<attribute name="userPrefGroupTypeId" type="String" mode="IN"
optional="true"/>
- <attribute name="userLoginId" type="String" mode="IN" optional="true"/>
+ <attribute name="userPrefLoginId" type="String" mode="IN"
optional="true"/>
</service>
<service name="setUserPreferenceGroup" engine="java"
@@ -463,14 +463,14 @@
<permission-service service-name="preferenceGetSetPermission"
main-action="CREATE"/>
<attribute name="userPrefMap" type="Map" mode="IN" optional="false"/>
<attribute name="userPrefGroupTypeId" type="String" mode="IN"
optional="false"/>
- <attribute name="userLoginId" type="String" mode="IN" optional="true"/>
+ <attribute name="userPrefLoginId" type="String" mode="IN"
optional="true"/>
</service>
<service name="preferenceGetSetPermission" engine="java"
location="org.ofbiz.common.preferences.PreferenceWorker"
invoke="checkPermission">
<description>User preference get/set permission checking.</description>
<implements service="permissionInterface"/>
- <attribute name="userLoginId" type="String" mode="IN" optional="true"/>
+ <attribute name="userPrefLoginId" type="String" mode="IN"
optional="true"/>
</service>
<service name="preferenceCopyPermission" engine="java"
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceServices.java?rev=732744&r1=732743&r2=732744&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceServices.java
(original)
+++
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceServices.java
Thu Jan 8 08:18:54 2009
@@ -53,7 +53,7 @@
/**
* Retrieves a single user preference from persistent storage. Call with
- * userPrefTypeId and optional userLoginId. If userLoginId isn't
+ * userPrefTypeId and optional userPrefLoginId. If userPrefLoginId isn't
* specified, then the currently logged-in user's userLoginId will be
* used. The retrieved preference is contained in the <b>userPrefMap</b>
element.
* @param ctx The DispatchContext that this service is operating in.
@@ -106,7 +106,7 @@
/**
* Retrieves a group of user preferences from persistent storage. Call with
- * userPrefGroupTypeId and optional userLoginId. If userLoginId isn't
+ * userPrefGroupTypeId and optional userPrefLoginId. If userPrefLoginId
isn't
* specified, then the currently logged-in user's userLoginId will be
* used. The retrieved preferences group is contained in the
<b>userPrefMap</b> element.
* @param ctx The DispatchContext that this service is operating in.
@@ -147,8 +147,8 @@
/**
* Stores a single user preference in persistent storage. Call with
- * userPrefTypeId, userPrefGroupTypeId, userPrefValue and optional
userLoginId.
- * If userLoginId isn't specified, then the currently logged-in user's
+ * userPrefTypeId, userPrefGroupTypeId, userPrefValue and optional
userPrefLoginId.
+ * If userPrefLoginId isn't specified, then the currently logged-in user's
* userLoginId will be used.
* @param ctx The DispatchContext that this service is operating in.
* @param context Map containing the input arguments.
@@ -186,7 +186,7 @@
/**
* Stores a user preference group in persistent storage. Call with
- * userPrefMap, userPrefGroupTypeId and optional userLoginId. If
userLoginId
+ * userPrefMap, userPrefGroupTypeId and optional userPrefLoginId. If
userPrefLoginId
* isn't specified, then the currently logged-in user's userLoginId will be
* used.
* @param ctx The DispatchContext that this service is operating in.
@@ -223,7 +223,7 @@
/**
* Copies a user preference group. Call with
- * fromUserLoginId, userPrefGroupTypeId and optional userLoginId. If
userLoginId
+ * fromUserLoginId, userPrefGroupTypeId and optional userPrefLoginId. If
userPrefLoginId
* isn't specified, then the currently logged-in user's userLoginId will be
* used.
* @param ctx The DispatchContext that this service is operating in.
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceWorker.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceWorker.java?rev=732744&r1=732743&r2=732744&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceWorker.java
(original)
+++
ofbiz/trunk/framework/common/src/org/ofbiz/common/preferences/PreferenceWorker.java
Thu Jan 8 08:18:54 2009
@@ -41,6 +41,11 @@
* User preference administrator permission. Currently set to
"USERPREF_ADMIN".
*/
public static final String ADMIN_PERMISSION = "USERPREF_ADMIN";
+ /** User login ID parameter name. Currently set to "userPrefLoginId". This
+ * parameter name is used in preference service definitions to specify a
user login ID
+ * that is different than the currently logged in user.
+ */
+ public static final String LOGINID_PARAMETER_NAME = "userPrefLoginId";
/** Default userLoginId. Currently set to "_NA_". This userLoginId is used
to
* retrieve default preferences when the user is not logged in.
@@ -80,7 +85,7 @@
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (userLogin != null) {
String userLoginId = userLogin.getString("userLoginId");
- String userLoginIdArg = (String) context.get("userLoginId"); // is
an optional parameters which defaults to the logged on user
+ String userLoginIdArg = (String)
context.get(LOGINID_PARAMETER_NAME); // is an optional parameters which
defaults to the logged on user
if (userLoginIdArg == null || (userLoginIdArg != null &&
userLoginId.equals(userLoginIdArg))) {
hasPermission = true; // users can copy to their own
preferences
} else {
@@ -105,7 +110,7 @@
boolean hasPermission = false;
String mainAction = (String) context.get("mainAction");
if ("VIEW".equals(mainAction)) {
- if (DEFAULT_UID.equals(context.get("userLoginId"))) {
+ if (DEFAULT_UID.equals(context.get(LOGINID_PARAMETER_NAME))) {
hasPermission = true;
} else {
hasPermission = isValidGetId(ctx, context);
@@ -148,7 +153,7 @@
/**
* Gets a valid userLoginId parameter from the context Map.
- * <p>This method searches the context Map for a userLoginId key. If none
is
+ * <p>This method searches the context Map for a userPrefLoginId key. If
none is
* found, the method attempts to get the current user's userLoginId. If
the user
* isn't logged in, then the method returns <a
href="#DEFAULT_UID">DEFAULT_UID</a>
* if returnDefault is set to true, otherwise the method returns a null or
empty string.</p>
@@ -158,7 +163,7 @@
* @return userLoginId String
*/
public static String getUserLoginId(Map<String, ?> context, boolean
returnDefault) {
- String userLoginId = (String) context.get("userLoginId");
+ String userLoginId = (String) context.get(LOGINID_PARAMETER_NAME);
if (UtilValidate.isEmpty(userLoginId)) {
GenericValue userLogin = (GenericValue) context.get("userLogin");
if (userLogin != null) {
@@ -177,9 +182,9 @@
* can be retrieved by the current user:
* <ul>
* <li>If the user isn't logged in, then the method returns true</li>
- * <li>If the user is logged in and the userLoginId specified in the
context Map
+ * <li>If the user is logged in and the userPrefLoginId specified in the
context Map
* matches the user's userLoginId, then the method returns true.</li>
- * <li>If the user is logged in and the userLoginId specified in the
context Map
+ * <li>If the user is logged in and the userPrefLoginId specified in the
context Map
* is different than the user's userLoginId, then a security permission
check is performed.
* If the user has the <a href="#ADMIN_PERMISSION">ADMIN_PERMISSION</a>
permission then the
* method returns true.</li>
@@ -197,7 +202,7 @@
} else {
currentUserLoginId = userLogin.getString("userLoginId");
}
- String userLoginIdArg = (String) context.get("userLoginId");
+ String userLoginIdArg = (String) context.get(LOGINID_PARAMETER_NAME);
if (!currentUserLoginId.equals(DEFAULT_UID) &&
!currentUserLoginId.equals(userLoginIdArg)
&& userLoginIdArg != null) {
Security security = ctx.getSecurity();
@@ -212,9 +217,9 @@
* can be set by the current user:
* <ul>
* <li>If the user isn't logged in, then the method returns false</li>
- * <li>If the user is logged in and the userLoginId specified in the
context Map
+ * <li>If the user is logged in and the userPrefLoginId specified in the
context Map
* matches the user's userLoginId, then the method returns true.</li>
- * <li>If the user is logged in and the userLoginId specified in the
context Map
+ * <li>If the user is logged in and the userPrefLoginId specified in the
context Map
* is different than the user's userLoginId, then a security permission
check is performed.
* If the user has the <a href="#ADMIN_PERMISSION">ADMIN_PERMISSION</a>
* permission then the method returns true.</li>
@@ -229,7 +234,7 @@
return false;
}
String currentUserLoginId = userLogin.getString("userLoginId");
- String userLoginIdArg = (String) context.get("userLoginId");
+ String userLoginIdArg = (String) context.get(LOGINID_PARAMETER_NAME);
if (!currentUserLoginId.equals(userLoginIdArg) && userLoginIdArg !=
null) {
Security security = ctx.getSecurity();
return security.hasPermission(ADMIN_PERMISSION, userLogin);
