This is an automated email from the ASF dual-hosted git repository.
danwatford pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 524b80ca2d Improved: Convert Inventory Services permission checks to
groovy (OFBIZ-12174)
524b80ca2d is described below
commit 524b80ca2d678bfc8d0a188d7705565988c37eae
Author: Daniel Watford <dan...@watfordconsulting.com>
AuthorDate: Tue Feb 7 07:37:53 2023 +0000
Improved: Convert Inventory Services permission checks to groovy
(OFBIZ-12174)
Changes made as part of porting InventoryServices implementation from
minilang to groovy.
Thanks: Sebastian Berg for implementation
Co-authored-by: Sebastian Berg <sebastian.b...@ecomify.de>
---
.../product/inventory/InventoryServices.groovy | 99 ++++++++++++++++++++++
.../product/inventory/InventoryServices.xml | 87 -------------------
.../product/servicedef/services_facility.xml | 8 +-
3 files changed, 103 insertions(+), 91 deletions(-)
diff --git
a/applications/product/groovyScripts/product/inventory/InventoryServices.groovy
b/applications/product/groovyScripts/product/inventory/InventoryServices.groovy
new file mode 100644
index 0000000000..9905610a28
--- /dev/null
+++
b/applications/product/groovyScripts/product/inventory/InventoryServices.groovy
@@ -0,0 +1,99 @@
+import org.apache.ofbiz.base.util.UtilProperties
+import org.apache.ofbiz.service.ServiceUtil
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Check Facility Related Permission
+ *
+ * A method to centralize facility security code, meant to be called in-line
with
+ * call-simple-method, and the checkAction and callingMethodName attributes
should be in the method context
+ *
+ * @param callingMethodName
+ * @param checkAction The permission action to test for.
+ * @return Success response if permission is granted, error response otherwise
with the error message describing
+ * the missing permission.
+ */
+def checkFacilityRelatedPermission(String callingMethodName, String
checkAction, String alternatePermissionRoot) {
+ if (!callingMethodName) {
+ callingMethodName = UtilProperties.getMessage("CommonUiLabels",
"CommonPermissionThisOperation", parameters.locale)
+ }
+ if (!checkAction) {
+ checkAction = "UPDATE"
+ }
+ if (!security.hasEntityPermission("CATALOG", "_${checkAction}",
parameters.userLogin)
+ && (!security.hasEntityPermission("FACILITY", "_${checkAction}",
parameters.userLogin))
+ && ((!alternatePermissionRoot) ||
!security.hasEntityPermission("${alternatePermissionRoot}", "_${checkAction}",
parameters.userLogin))) {
+ return error(UtilProperties.getMessage("ProductUiLabels",
"ProductCatalogCreatePermissionError", parameters.locale))
+ }
+ return success();
+}
+
+
+/**
+ * Main permission logic
+ * @return
+ */
+def facilityGenericPermission() {
+ String mainAction = parameters.mainAction
+ if (!mainAction) {
+ return error(UtilProperties.getMessage("ProductUiLabels",
"ProductMissingMainActionInPermissionService", parameters.locale))
+ }
+ String callingMethodName = parameters.resourceDescription
+ Map permissionResult = checkFacilityRelatedPermission(callingMethodName,
mainAction, null)
+ if (ServiceUtil.isSuccess(permissionResult)) {
+ Map result = success()
+ result.hasPermission = true
+ return result
+ } else {
+ Map result = failure()
+ result.hasPermission = false
+ result.failMessage = UtilProperties.getMessage("ProductUiLabels",
"ProductFacilityPermissionError", binding.variables, parameters.locale)
+ return result
+ }
+}
+
+/**
+ * ProductFacility Permission Checking Logic
+ * @return
+ */
+def checkProductFacilityRelatedPermission() {
+ String mainAction = parameters.mainAction
+ if (!mainAction) {
+ return error(UtilProperties.getMessage("CommonUiLabels",
"CommonPermissionMainActionAttributeMissing", parameters.locale))
+ }
+ String resourceDescription = parameters.resourceDescription
+ if (!resourceDescription) {
+ resourceDescription = UtilProperties.getMessage("CommonUiLabels",
"CommonPermissionThisOperation", parameters.locale)
+ }
+ parameters.altPermission = "FACILITY"
+ Map serviceResult = run service: "checkProductRelatedPermission", with:
parameters
+ if (!ServiceUtil.isSuccess(serviceResult)) {
+ Map result = failure()
+ result.hasPermission = false
+ result.failMessage = UtilProperties.getMessage("ProductUiLabels",
"ProductFacilityPermissionError", binding.variables, parameters.locale)
+ return result
+ } else {
+ Map result = success()
+ result.hasPermission = true
+ return result
+ }
+}
+
diff --git
a/applications/product/minilang/product/inventory/InventoryServices.xml
b/applications/product/minilang/product/inventory/InventoryServices.xml
index 6a2164401c..2faa942cbc 100644
--- a/applications/product/minilang/product/inventory/InventoryServices.xml
+++ b/applications/product/minilang/product/inventory/InventoryServices.xml
@@ -21,93 +21,6 @@ under the License.
<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://ofbiz.apache.org/Simple-Method";
xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method
http://ofbiz.apache.org/dtds/simple-methods.xsd";>
- <!-- a method to centralize facility security code, meant to be called
in-line with
- call-simple-method, and the checkAction and callingMethodName
attributes should be in the method context -->
- <simple-method method-name="checkFacilityRelatedPermission"
short-description="Check Facility Related Permission">
- <if-empty field="callingMethodName">
- <property-to-field resource="CommonUiLabels"
property="CommonPermissionThisOperation" field="callingMethodName"/>
- </if-empty>
- <if-empty field="checkAction">
- <set value="UPDATE" field="checkAction"/>
- </if-empty>
-
- <if>
- <condition>
- <not>
- <or>
- <if-has-permission permission="CATALOG"
action="_${checkAction}"/>
- <if-has-permission permission="FACILITY"
action="_${checkAction}"/>
- <and>
- <not><if-empty
field="alternatePermissionRoot"/></not>
- <if-has-permission
permission="${alternatePermissionRoot}" action="_${checkAction}"/>
- </and>
- </or>
- </not>
- </condition>
- <then>
- <add-error>
- <fail-property resource="ProductUiLabels"
property="ProductCatalogCreatePermissionError"/>
- </add-error>
- </then>
- </if>
- </simple-method>
- <simple-method method-name="facilityGenericPermission"
short-description="Main permission logic">
- <set field="mainAction" from-field="parameters.mainAction"/>
- <if-empty field="mainAction">
- <add-error>
- <fail-property resource="ProductUiLabels"
property="ProductMissingMainActionInPermissionService"/>
- </add-error>
- <check-errors/>
- </if-empty>
-
- <set field="callingMethodName"
from-field="parameters.resourceDescription"/>
- <set field="checkAction" from-field="parameters.mainAction"/>
- <call-simple-method method-name="checkFacilityRelatedPermission"/>
-
- <if-empty field="error_list">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
-
- <else>
- <property-to-field resource="ProductUiLabels"
property="ProductFacilityPermissionError" field="failMessage"/>
- <set field="hasPermission" type="Boolean" value="false"/>
- <field-to-result field="hasPermission"/>
- <field-to-result field="failMessage"/>
- </else>
- </if-empty>
- </simple-method>
- <simple-method method-name="checkProductFacilityRelatedPermission"
short-description="ProductFacility Permission Checking Logic">
- <if-empty field="mainAction">
- <set field="mainAction" from-field="parameters.mainAction"/>
- <if-empty field="mainAction">
- <add-error>
- <fail-property resource="CommonUiLabels"
property="CommonPermissionMainActionAttributeMissing"/>
- </add-error>
- </if-empty>
- </if-empty>
- <check-errors/>
- <set field="resourceDescription"
from-field="parameters.resourceDescription"/>
- <if-empty field="resourceDescription">
- <property-to-field resource="CommonUiLabels"
property="CommonPermissionThisOperation" field="resourceDescription"/>
- </if-empty>
- <set field="parameters.altPermission" value="FACILITY"/>
- <call-service service-name="checkProductRelatedPermission"
in-map-name="parameters">
- <result-to-result result-name="hasPermission"/>
- </call-service>
- <check-errors/>
- <if-empty field="error_list">
- <set field="hasPermission" type="Boolean" value="true"/>
- <field-to-result field="hasPermission"/>
-
- <else>
- <property-to-field resource="ProductUiLabels"
property="ProductFacilityPermissionError" field="failMessage"/>
- <set field="hasPermission" type="Boolean" value="false"/>
- <field-to-result field="hasPermission"/>
- <field-to-result field="failMessage"/>
- </else>
- </if-empty>
- </simple-method>
-
<!-- InventoryItem methods -->
<simple-method method-name="createInventoryItem" short-description="Create
an InventoryItem">
diff --git a/applications/product/servicedef/services_facility.xml
b/applications/product/servicedef/services_facility.xml
index 9470b6dc1e..d97e2eabaf 100644
--- a/applications/product/servicedef/services_facility.xml
+++ b/applications/product/servicedef/services_facility.xml
@@ -25,12 +25,12 @@ under the License.
<version>1.0</version>
<!-- Permission Services -->
- <service name="facilityGenericPermission" engine="simple"
-
location="component://product/minilang/product/inventory/InventoryServices.xml"
invoke="facilityGenericPermission">
+ <service name="facilityGenericPermission" engine="groovy"
+
location="component://product/groovyScripts/product/inventory/InventoryServices.groovy"
invoke="facilityGenericPermission">
<implements service="permissionInterface"/>
</service>
- <service name="checkProductFacilityRelatedPermission" engine="simple"
-
location="component://product/minilang/product/inventory/InventoryServices.xml"
invoke="checkProductFacilityRelatedPermission">
+ <service name="checkProductFacilityRelatedPermission" engine="groovy"
+
location="component://product/groovyScripts/product/inventory/InventoryServices.groovy"
invoke="checkProductFacilityRelatedPermission">
<description>ProductFacility Permission Checking Logic</description>
<implements service="permissionInterface"/>
</service>
