This is an automated email from the ASF dual-hosted git repository. danwatford pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push: new 524b80ca2d Improved: Convert Inventory Services permission checks to groovy (OFBIZ-12174) 524b80ca2d is described below commit 524b80ca2d678bfc8d0a188d7705565988c37eae Author: Daniel Watford <dan...@watfordconsulting.com> AuthorDate: Tue Feb 7 07:37:53 2023 +0000 Improved: Convert Inventory Services permission checks to groovy (OFBIZ-12174) Changes made as part of porting InventoryServices implementation from minilang to groovy. Thanks: Sebastian Berg for implementation Co-authored-by: Sebastian Berg <sebastian.b...@ecomify.de> --- .../product/inventory/InventoryServices.groovy | 99 ++++++++++++++++++++++ .../product/inventory/InventoryServices.xml | 87 ------------------- .../product/servicedef/services_facility.xml | 8 +- 3 files changed, 103 insertions(+), 91 deletions(-) diff --git a/applications/product/groovyScripts/product/inventory/InventoryServices.groovy b/applications/product/groovyScripts/product/inventory/InventoryServices.groovy new file mode 100644 index 0000000000..9905610a28 --- /dev/null +++ b/applications/product/groovyScripts/product/inventory/InventoryServices.groovy @@ -0,0 +1,99 @@ +import org.apache.ofbiz.base.util.UtilProperties +import org.apache.ofbiz.service.ServiceUtil + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Check Facility Related Permission + * + * A method to centralize facility security code, meant to be called in-line with + * call-simple-method, and the checkAction and callingMethodName attributes should be in the method context + * + * @param callingMethodName + * @param checkAction The permission action to test for. + * @return Success response if permission is granted, error response otherwise with the error message describing + * the missing permission. + */ +def checkFacilityRelatedPermission(String callingMethodName, String checkAction, String alternatePermissionRoot) { + if (!callingMethodName) { + callingMethodName = UtilProperties.getMessage("CommonUiLabels", "CommonPermissionThisOperation", parameters.locale) + } + if (!checkAction) { + checkAction = "UPDATE" + } + if (!security.hasEntityPermission("CATALOG", "_${checkAction}", parameters.userLogin) + && (!security.hasEntityPermission("FACILITY", "_${checkAction}", parameters.userLogin)) + && ((!alternatePermissionRoot) || !security.hasEntityPermission("${alternatePermissionRoot}", "_${checkAction}", parameters.userLogin))) { + return error(UtilProperties.getMessage("ProductUiLabels", "ProductCatalogCreatePermissionError", parameters.locale)) + } + return success(); +} + + +/** + * Main permission logic + * @return + */ +def facilityGenericPermission() { + String mainAction = parameters.mainAction + if (!mainAction) { + return error(UtilProperties.getMessage("ProductUiLabels", "ProductMissingMainActionInPermissionService", parameters.locale)) + } + String callingMethodName = parameters.resourceDescription + Map permissionResult = checkFacilityRelatedPermission(callingMethodName, mainAction, null) + if (ServiceUtil.isSuccess(permissionResult)) { + Map result = success() + result.hasPermission = true + return result + } else { + Map result = failure() + result.hasPermission = false + result.failMessage = UtilProperties.getMessage("ProductUiLabels", "ProductFacilityPermissionError", binding.variables, parameters.locale) + return result + } +} + +/** + * ProductFacility Permission Checking Logic + * @return + */ +def checkProductFacilityRelatedPermission() { + String mainAction = parameters.mainAction + if (!mainAction) { + return error(UtilProperties.getMessage("CommonUiLabels", "CommonPermissionMainActionAttributeMissing", parameters.locale)) + } + String resourceDescription = parameters.resourceDescription + if (!resourceDescription) { + resourceDescription = UtilProperties.getMessage("CommonUiLabels", "CommonPermissionThisOperation", parameters.locale) + } + parameters.altPermission = "FACILITY" + Map serviceResult = run service: "checkProductRelatedPermission", with: parameters + if (!ServiceUtil.isSuccess(serviceResult)) { + Map result = failure() + result.hasPermission = false + result.failMessage = UtilProperties.getMessage("ProductUiLabels", "ProductFacilityPermissionError", binding.variables, parameters.locale) + return result + } else { + Map result = success() + result.hasPermission = true + return result + } +} + diff --git a/applications/product/minilang/product/inventory/InventoryServices.xml b/applications/product/minilang/product/inventory/InventoryServices.xml index 6a2164401c..2faa942cbc 100644 --- a/applications/product/minilang/product/inventory/InventoryServices.xml +++ b/applications/product/minilang/product/inventory/InventoryServices.xml @@ -21,93 +21,6 @@ under the License. <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd"> - <!-- a method to centralize facility security code, meant to be called in-line with - call-simple-method, and the checkAction and callingMethodName attributes should be in the method context --> - <simple-method method-name="checkFacilityRelatedPermission" short-description="Check Facility Related Permission"> - <if-empty field="callingMethodName"> - <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="callingMethodName"/> - </if-empty> - <if-empty field="checkAction"> - <set value="UPDATE" field="checkAction"/> - </if-empty> - - <if> - <condition> - <not> - <or> - <if-has-permission permission="CATALOG" action="_${checkAction}"/> - <if-has-permission permission="FACILITY" action="_${checkAction}"/> - <and> - <not><if-empty field="alternatePermissionRoot"/></not> - <if-has-permission permission="${alternatePermissionRoot}" action="_${checkAction}"/> - </and> - </or> - </not> - </condition> - <then> - <add-error> - <fail-property resource="ProductUiLabels" property="ProductCatalogCreatePermissionError"/> - </add-error> - </then> - </if> - </simple-method> - <simple-method method-name="facilityGenericPermission" short-description="Main permission logic"> - <set field="mainAction" from-field="parameters.mainAction"/> - <if-empty field="mainAction"> - <add-error> - <fail-property resource="ProductUiLabels" property="ProductMissingMainActionInPermissionService"/> - </add-error> - <check-errors/> - </if-empty> - - <set field="callingMethodName" from-field="parameters.resourceDescription"/> - <set field="checkAction" from-field="parameters.mainAction"/> - <call-simple-method method-name="checkFacilityRelatedPermission"/> - - <if-empty field="error_list"> - <set field="hasPermission" type="Boolean" value="true"/> - <field-to-result field="hasPermission"/> - - <else> - <property-to-field resource="ProductUiLabels" property="ProductFacilityPermissionError" field="failMessage"/> - <set field="hasPermission" type="Boolean" value="false"/> - <field-to-result field="hasPermission"/> - <field-to-result field="failMessage"/> - </else> - </if-empty> - </simple-method> - <simple-method method-name="checkProductFacilityRelatedPermission" short-description="ProductFacility Permission Checking Logic"> - <if-empty field="mainAction"> - <set field="mainAction" from-field="parameters.mainAction"/> - <if-empty field="mainAction"> - <add-error> - <fail-property resource="CommonUiLabels" property="CommonPermissionMainActionAttributeMissing"/> - </add-error> - </if-empty> - </if-empty> - <check-errors/> - <set field="resourceDescription" from-field="parameters.resourceDescription"/> - <if-empty field="resourceDescription"> - <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="resourceDescription"/> - </if-empty> - <set field="parameters.altPermission" value="FACILITY"/> - <call-service service-name="checkProductRelatedPermission" in-map-name="parameters"> - <result-to-result result-name="hasPermission"/> - </call-service> - <check-errors/> - <if-empty field="error_list"> - <set field="hasPermission" type="Boolean" value="true"/> - <field-to-result field="hasPermission"/> - - <else> - <property-to-field resource="ProductUiLabels" property="ProductFacilityPermissionError" field="failMessage"/> - <set field="hasPermission" type="Boolean" value="false"/> - <field-to-result field="hasPermission"/> - <field-to-result field="failMessage"/> - </else> - </if-empty> - </simple-method> - <!-- InventoryItem methods --> <simple-method method-name="createInventoryItem" short-description="Create an InventoryItem"> diff --git a/applications/product/servicedef/services_facility.xml b/applications/product/servicedef/services_facility.xml index 9470b6dc1e..d97e2eabaf 100644 --- a/applications/product/servicedef/services_facility.xml +++ b/applications/product/servicedef/services_facility.xml @@ -25,12 +25,12 @@ under the License. <version>1.0</version> <!-- Permission Services --> - <service name="facilityGenericPermission" engine="simple" - location="component://product/minilang/product/inventory/InventoryServices.xml" invoke="facilityGenericPermission"> + <service name="facilityGenericPermission" engine="groovy" + location="component://product/groovyScripts/product/inventory/InventoryServices.groovy" invoke="facilityGenericPermission"> <implements service="permissionInterface"/> </service> - <service name="checkProductFacilityRelatedPermission" engine="simple" - location="component://product/minilang/product/inventory/InventoryServices.xml" invoke="checkProductFacilityRelatedPermission"> + <service name="checkProductFacilityRelatedPermission" engine="groovy" + location="component://product/groovyScripts/product/inventory/InventoryServices.groovy" invoke="checkProductFacilityRelatedPermission"> <description>ProductFacility Permission Checking Logic</description> <implements service="permissionInterface"/> </service>