Author: arunpatidar
Date: Sat Oct 28 12:41:46 2017
New Revision: 1813619
URL: http://svn.apache.org/viewvc?rev=1813619&view=rev
Log:
IMPROVED: Create separate Permission Services for CRUD services of ShoppingList
and ShoppingListItem. (OFBIZ-9763)
Thanks Chinmay Patidar for your contribution.
Modified:
ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
Modified:
ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml?rev=1813619&r1=1813618&r2=1813619&view=diff
==============================================================================
---
ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
(original)
+++
ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
Sat Oct 28 12:41:46 2017
@@ -21,22 +21,6 @@ under the License.
<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://ofbiz.apache.org/Simple-Method";
xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method
http://ofbiz.apache.org/dtds/simple-methods.xsd";>
<simple-method method-name="createShoppingList" short-description="Create
a ShoppingList" login-required="false">
- <if>
- <condition>
- <and>
- <not><if-empty field="userLogin"/></not>
- <not><if-compare field="userLogin.userLoginId"
operator="equals" value="anonymous"/></not>
- <not><if-empty field="parameters.partyId"/></not>
- <not><if-compare-field to-field="userLogin.partyId"
field="parameters.partyId" operator="equals"/></not>
- <not><if-has-permission permission="PARTYMGR"
action="_CREATE"/></not>
- </and>
- </condition>
- <then>
- <add-error><fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunCreateShoppingListForAnotherParty"/></add-error>
- </then>
- </if>
- <check-errors/>
-
<make-value entity-name="ShoppingList" value-field="newEntity"/>
<set-nonpk-fields map="parameters" value-field="newEntity"/>
@@ -74,11 +58,6 @@ under the License.
<simple-method method-name="updateShoppingList" short-description="Update
a ShoppingList">
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
- <set field="parentMethodName" value="updateShoppingList"/>
- <set field="permissionAction" value="UPDATE"/>
- <call-simple-method method-name="checkShoppingListSecurity"/>
- <check-errors/>
-
<set-nonpk-fields map="parameters" value-field="shoppingList"/>
<!-- don't let auto-reorders be active unless there is some recurrence
info -->
@@ -105,11 +84,6 @@ under the License.
<simple-method method-name="removeShoppingList" short-description="Remove
a ShoppingList">
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
- <set field="parentMethodName" value="removeShoppingList"/>
- <set field="permissionAction" value="DELETE"/>
- <call-simple-method method-name="checkShoppingListSecurity"/>
- <check-errors/>
-
<remove-value value-field="shoppingList"/>
</simple-method>
@@ -122,19 +96,6 @@ under the License.
<set field="parentMethodName" value="createShoppingListItem"/>
<set field="permissionAction" value="CREATE"/>
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
- <if>
- <condition>
- <and>
- <not><if-empty field="shoppingList.partyId"/></not>
- <not><if-compare-field field="userLogin.partyId"
to-field="shoppingList.partyId" operator="equals"/></not>
- <not><if-has-permission permission="PARTYMGR"
action="_${permissionAction}"/></not>
- </and>
- </condition>
- <then>
- <add-error><fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
- </then>
- </if>
- <check-errors/>
<entity-one entity-name="Product" value-field="product"/>
<if-empty field="product">
@@ -169,11 +130,6 @@ under the License.
</simple-method>
<simple-method method-name="updateShoppingListItem"
short-description="Update a ShoppingListItem">
- <set field="parentMethodName" value="updateShoppingListItem"/>
- <set field="permissionAction" value="UPDATE"/>
- <call-simple-method method-name="checkShoppingListItemSecurity"/>
- <check-errors/>
-
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
<entity-one entity-name="ShoppingListItem"
value-field="shoppingListItem"/>
<set-nonpk-fields map="parameters" value-field="shoppingListItem"/>
@@ -186,11 +142,6 @@ under the License.
</simple-method>
<simple-method method-name="removeShoppingListItem"
short-description="Remove a ShoppingListItem">
- <set field="parentMethodName" value="removeShoppingListItem"/>
- <set field="permissionAction" value="DELETE"/>
- <call-simple-method method-name="checkShoppingListItemSecurity"/>
- <check-errors/>
-
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
<entity-one entity-name="ShoppingListItem"
value-field="shoppingListItem"/>
<remove-value value-field="shoppingListItem"/>
@@ -219,9 +170,13 @@ under the License.
</simple-method>
<simple-method method-name="calculateShoppingListDeepTotalPrice"
short-description="Calculate Deep Total Price for a ShoppingList">
- <set field="parentMethodName"
value="calculateShoppingListDeepTotalPrice"/>
- <set field="permissionAction" value="VIEW"/>
- <call-simple-method method-name="checkShoppingListItemSecurity"/>
+ <set-service-fields service-name="checkShoppingListItemSecurity"
map="parameters" to-map="serviceInMap"/>
+ <call-service service-name="checkShoppingListItemSecurity"
in-map-name="serviceInMap">
+ <result-to-field result-name="hasPermission"
field="hasPermission"/>
+ </call-service>
+ <if-compare field="hasPermission" operator="equals" value="false"
type="Boolean">
+ <add-error><fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
+ </if-compare>
<check-errors/>
<set from-field="parameters.prodCatalogId"
field="calcPriceInBaseMap.prodCatalogId"/>
@@ -282,23 +237,33 @@ under the License.
</simple-method>
<simple-method method-name="checkShoppingListSecurity"
short-description="Checks security on a ShoppingList">
+ <set field="hasPermission" value="false" type="Boolean"/>
<if>
<condition>
<and>
- <not><if-compare-field to-field="shoppingList.partyId"
field="userLogin.partyId" operator="equals"/></not>
+ <not><if-empty field="userLogin"/></not>
+ <not><if-compare field="userLogin.userLoginId"
operator="equals" value="anonymous"/></not>
+ <not><if-empty field="parameters.partyId"/></not>
+ <not><if-compare-field to-field="userLogin.partyId"
field="parameters.partyId" operator="equals"/></not>
<not><if-has-permission permission="PARTYMGR"
action="_${permissionAction}"/></not>
</and>
</condition>
<then>
<add-error><fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
</then>
+ <else>
+ <set field="hasPermission" value="true" type="Boolean"/>
+ </else>
</if>
+ <field-to-result field="hasPermission"/>
</simple-method>
<simple-method method-name="checkShoppingListItemSecurity"
short-description="Checks security on a ShoppingListItem">
+ <set field="hasPermission" value="false" type="Boolean"/>
<entity-one entity-name="ShoppingList" value-field="shoppingList"/>
<if>
<condition>
<and>
+ <not><if-empty field="shoppingList.partyId"/></not>
<not><if-compare-field field="userLogin.partyId"
to-field="shoppingList.partyId" operator="equals"/></not>
<not><if-has-permission permission="PARTYMGR"
action="_${permissionAction}"/></not>
</and>
@@ -306,7 +271,11 @@ under the License.
<then>
<add-error><fail-property resource="OrderErrorUiLabels"
property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
</then>
+ <else>
+ <set field="hasPermission" value="true" type="Boolean"/>
+ </else>
</if>
+ <field-to-result field="hasPermission"/>
</simple-method>
<simple-method method-name="addSuggestionsToShoppingList"
short-description="Add suggestions to a shopping list">
<!-- first check the ProductStore.enableAutoSuggestionList indicator
-->
Modified:
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
URL:
http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml?rev=1813619&r1=1813618&r2=1813619&view=diff
==============================================================================
---
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
(original)
+++
ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
Sat Oct 28 12:41:46 2017
@@ -35,6 +35,7 @@ under the License.
<description>Create a shopping list entity</description>
<implements service="createShoppingListRecurrence"/>
<implements service="shoppingListInterface"/>
+ <permission-service service-name="checkShoppingListSecurity"
main-action="CREATE"/>
<attribute name="shoppingListId" type="String" mode="OUT"
optional="false"/>
</service>
<service name="updateShoppingList" engine="simple" auth="true"
@@ -42,13 +43,21 @@ under the License.
<description>Update a shopping list entity</description>
<implements service="createShoppingListRecurrence"/>
<implements service="shoppingListInterface"/>
+ <permission-service service-name="checkShoppingListSecurity"
main-action="UPDATE"/>
<attribute name="shoppingListId" type="String" mode="IN"
optional="false"/>
</service>
<service name="removeShoppingList" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="removeShoppingList">
<description>Remove a shopping list entity</description>
+ <permission-service service-name="checkShoppingListSecurity"
main-action="DELETE"/>
<attribute name="shoppingListId" type="String" mode="IN"
optional="false"/>
</service>
+ <service name="checkShoppingListSecurity" engine="simple" auth="false"
+
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="checkShoppingListSecurity">
+ <description>Checks security on a ShoppingList</description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
+ </service>
<service name="calculateShoppingListDeepTotalPrice" engine="simple"
auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="calculateShoppingListDeepTotalPrice">
<description>Remove a shopping list entity</description>
@@ -112,6 +121,7 @@ under the License.
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="createShoppingListItem">
<description>Create a shopping list item</description>
<implements service="shoppingListItemInterface"/>
+ <permission-service service-name="checkShoppingListItemSecurity"
main-action="CREATE"/>
<attribute name="shoppingListId" type="String" mode="IN"
optional="true"/>
<attribute name="productStoreId" type="String" mode="INOUT"
optional="true"/>
<attribute name="productId" type="String" mode="IN" optional="false"/>
@@ -121,14 +131,23 @@ under the License.
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="updateShoppingListItem">
<description>Update a shopping list item</description>
<implements service="shoppingListItemInterface"/>
+ <permission-service service-name="checkShoppingListItemSecurity"
main-action="UPDATE"/>
<attribute name="shoppingListItemSeqId" type="String" mode="IN"
optional="false"/>
</service>
<service name="removeShoppingListItem" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="removeShoppingListItem">
<description>Remove a shopping list item</description>
+ <permission-service service-name="checkShoppingListItemSecurity"
main-action="DELETE"/>
<attribute name="shoppingListId" type="String" mode="IN"
optional="false"/>
<attribute name="shoppingListItemSeqId" type="String" mode="IN"
optional="false"/>
</service>
+ <service name="checkShoppingListItemSecurity" engine="simple" auth="false"
+
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="checkShoppingListItemSecurity">
+ <description>Checks security on a ShoppingListItem</description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
+ <attribute name="shoppingListId" type="String" mode="IN"
optional="true"/>
+ </service>
<service name="addSuggestionsToShoppingList" engine="simple" auth="true"
location="component://order/minilang/shoppinglist/ShoppingListServices.xml"
invoke="addSuggestionsToShoppingList">
<description>Add suggestions to a shopping list</description>
