Author: mor
Date: Sat Apr 3 17:01:29 2010
New Revision: 930543
URL: http://svn.apache.org/viewvc?rev=930543&view=rev
Log:
Moved permission checking logic to service definition. This commit also fix a
bad security permission check on updateQuantityBreak and
deleteQuantityBreak services.
Modified:
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml
ofbiz/trunk/applications/product/servicedef/services_shipment.xml
Modified:
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml?rev=930543&r1=930542&r2=930543&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml
(original)
+++
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml
Sat Apr 3 17:01:29 2010
@@ -430,11 +430,6 @@ under the License.
</simple-method>
<simple-method method-name="cancelOrderItemIssuanceFromSalesShipment"
short-description="Cancel an ItemIssuance quantity from Sales Shipment">
- <set value="Cancel Order Item Issuance from Sales Shipment"
field="operationName"/>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you
must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
-
<!-- get ItemIssuance and related entities-->
<entity-one entity-name="ItemIssuance" value-field="itemIssuance"/>
<get-related-one value-field="itemIssuance"
relation-name="OrderHeader" to-value-field="orderHeader"/>
Modified:
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml?rev=930543&r1=930542&r2=930543&view=diff
==============================================================================
---
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml
(original)
+++
ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml
Sat Apr 3 17:01:29 2010
@@ -1845,13 +1845,6 @@ under the License.
</simple-method>
<simple-method method-name="removeOrderShipmentFromShipment"
short-description="Delete an OrderShipment and updates the ShipmentItem">
- <set value="Delete OrderShipment entry" field="operationName"/>
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-message message="Security Error: to run ${operationName} you
must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
- </check-permission>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you
must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
<make-value entity-name="OrderShipment" value-field="lookupPk"/>
<set-pk-fields value-field="lookupPk" map="parameters"/>
<find-by-primary-key entity-name="OrderShipment" map="lookupPk"
value-field="orderShipment"/>
@@ -1892,14 +1885,6 @@ under the License.
<!-- for a given order item and quantity it creates (or updates if already
exists) an -->
<!-- entry in the ShipmentPlan. -->
<simple-method method-name="addOrderShipmentToShipment"
short-description="Add or update a ShipmentPlan entry">
- <set value="Put Ordered Quantity to Shipment Plan"
field="operationName"/>
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-message message="Security Error: to run ${operationName} you
must have the FACILITY_CREATE or FACILITY_ADMIN permission"/>
- </check-permission>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you
must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
-
<!-- if quantity is greater than 0 we add or update the ShipmentPlan
-->
<if-compare field="parameters.quantity" operator="greater" value="0"
type="BigDecimal">
@@ -1989,11 +1974,6 @@ under the License.
</simple-method>
<simple-method
method-name="checkCancelItemIssuanceAndOrderShipmentFromShipment"
short-description="Check Shipment Items and Cancel Item Issuance and Order
Shipment">
- <set value="Cancel Item Issuance and Order Shipment from a Sales
Shipment" field="operationName"/>
- <check-permission permission="FACILITY" action="_UPDATE">
- <fail-message message="Security Error: to run ${operationName} you
must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/>
- </check-permission>
-
<entity-and entity-name="OrderShipment" list="orderShipmentList">
<field-map field-name="shipmentId"
from-field="parameters.shipmentId"/>
</entity-and>
@@ -2015,10 +1995,6 @@ under the License.
<!-- QuantityBreak services -->
<!-- create a new QuantityBreak -->
<simple-method method-name="createQuantityBreak" short-description="Create
a QuoteAttribute">
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunCreateQuantityBreak"/>
- </check-permission>
- <check-errors/>
<make-value value-field="quantityBreak" entity-name="QuantityBreak"/>
<set-nonpk-fields map="parameters" value-field="quantityBreak"/>
<sequenced-id sequence-name="QuantityBreak"
field="quantityBreak.quantityBreakId"/>
@@ -2028,10 +2004,6 @@ under the License.
<!-- update an existing QuantityBreak -->
<simple-method method-name="updateQuantityBreak" short-description="Update
an existing QuantityBreak">
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunUpdateQuantityBreak"/>
- </check-permission>
- <check-errors/>
<entity-one entity-name="QuantityBreak" value-field="quantityBreak"
auto-field-map="true"/>
<check-errors/>
<set-nonpk-fields map="parameters" value-field="quantityBreak"/>
@@ -2041,10 +2013,6 @@ under the License.
<!-- remove an existing QuantityBreak -->
<simple-method method-name="deleteQuantityBreak" short-description="Remove
an existing QuantityBreak">
- <check-permission permission="FACILITY" action="_CREATE">
- <fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunRemoveQuantityBreak"/>
- </check-permission>
- <check-errors/>
<entity-one entity-name="QuantityBreak" value-field="quantityBreak"
auto-field-map="true"/>
<check-errors/>
<remove-value value-field="quantityBreak"/>
Modified: ofbiz/trunk/applications/product/servicedef/services_shipment.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/servicedef/services_shipment.xml?rev=930543&r1=930542&r2=930543&view=diff
==============================================================================
--- ofbiz/trunk/applications/product/servicedef/services_shipment.xml (original)
+++ ofbiz/trunk/applications/product/servicedef/services_shipment.xml Sat Apr
3 17:01:29 2010
@@ -211,6 +211,7 @@ under the License.
<service name="checkCancelItemIssuanceAndOrderShipmentFromShipment"
engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml"
invoke="checkCancelItemIssuanceAndOrderShipmentFromShipment" auth="true">
<description>Check Shipment Items and cancel Item Issuance and Order
Shipment</description>
+ <permission-service service-name="facilityGenericPermission"
main-action="UPDATE"/>
<attribute name="shipmentId" type="String" mode="IN" optional="false"/>
</service>
<service name="quickDropShipOrder" engine="simple"
@@ -473,6 +474,7 @@ under the License.
<service name="cancelOrderItemIssuanceFromSalesShipment" engine="simple"
location="component://product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml"
invoke="cancelOrderItemIssuanceFromSalesShipment" auth="true">
<description>Cancel an ItemIssuance from Sales Shipment</description>
+ <permission-service service-name="facilityGenericPermission"
main-action="UPDATE"/>
<attribute name="itemIssuanceId" type="String" mode="IN"
optional="false"/>
<attribute name="cancelQuantity" type="BigDecimal" mode="IN"
optional="true"/>
<attribute name="canceledQuantity" type="BigDecimal" mode="OUT"
optional="false"/>
@@ -694,6 +696,10 @@ under the License.
<service name="addOrderShipmentToShipment" engine="simple"
default-entity-name="OrderShipment"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml"
invoke="addOrderShipmentToShipment" auth="true">
<description>Add an OrderShipment and a ShipmentItem - only for sales
orders</description>
+ <required-permissions join-type="AND">
+ <permission-service service-name="facilityGenericPermission"
main-action="CREATE"/>
+ <permission-service service-name="facilityGenericPermission"
main-action="UPDATE"/>
+ </required-permissions>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="false"/>
<override name="shipmentItemSeqId" mode="IN" optional="true"/>
@@ -701,6 +707,10 @@ under the License.
<service name="removeOrderShipmentFromShipment" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml"
invoke="removeOrderShipmentFromShipment" auth="true">
<description>Delete an OrderShipment and updates the
ShipmentItem</description>
+ <required-permissions join-type="AND">
+ <permission-service service-name="facilityGenericPermission"
main-action="CREATE"/>
+ <permission-service service-name="facilityGenericPermission"
main-action="UPDATE"/>
+ </required-permissions>
<auto-attributes entity-name="OrderShipment" include="pk" mode="IN"
optional="false"/>
</service>
<service name="getQuantityForShipment" engine="simple"
default-entity-name="OrderItem"
@@ -871,17 +881,20 @@ under the License.
<service name="createQuantityBreak" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml"
invoke="createQuantityBreak" auth="true">
<description>Create a QuantityBreak</description>
+ <permission-service service-name="facilityGenericPermission"
main-action="CREATE"/>
<auto-attributes entity-name="QuantityBreak" include="nonpk" mode="IN"
optional="true"/>
</service>
<service name="updateQuantityBreak" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml"
invoke="updateQuantityBreak" auth="true">
<description>Update a QuantityBreak</description>
+ <permission-service service-name="facilityGenericPermission"
main-action="UPDATE"/>
<auto-attributes entity-name="QuantityBreak" include="pk" mode="IN"
optional="false"/>
<auto-attributes entity-name="QuantityBreak" include="nonpk" mode="IN"
optional="true"/>
</service>
<service name="deleteQuantityBreak" engine="simple"
location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml"
invoke="deleteQuantityBreak" auth="true">
<description>Delete a QuantityBreak</description>
+ <permission-service service-name="facilityGenericPermission"
main-action="DELETE"/>
<auto-attributes entity-name="QuantityBreak" include="pk" mode="IN"
optional="false"/>
</service>
