(ofbiz-framework) branch trunk updated: Remove redundant partyId equality check Removed unnecessary partyId comparison logic where both values were derived from the logged-in userLogin context.

Mon, 25 May 2026 03:37:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

dixitdeepak pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 08fda8b58b Remove redundant partyId equality check Removed unnecessary 
partyId comparison logic where both values were derived from the logged-in 
userLogin context.
08fda8b58b is described below

commit 08fda8b58b31240c9160f2366e98437d95873ab6
Author: Deepak Dixit <[email protected]>
AuthorDate: Mon May 25 16:05:23 2026 +0530

    Remove redundant partyId equality check
    Removed unnecessary partyId comparison logic where both values were derived 
from the logged-in userLogin context.
---
 .../org/apache/ofbiz/common/login/LoginServices.java     | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git 
a/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
 
b/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
index 6599592fd6..c828feab45 100644
--- 
a/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
+++ 
b/framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java
@@ -930,19 +930,9 @@ public class LoginServices {
         String password = loggedInUserLogin.getString("currentPassword");
         String passwordHint = loggedInUserLogin.getString("passwordHint");
 
-        // security: don't create a user login if the specified partyId (if 
not empty) already exists
-        // unless the logged in user has permission to do so (same partyId or 
PARTYMGR_CREATE)
-        if (UtilValidate.isNotEmpty(partyId)) {
-            if (!loggedInUserLogin.isEmpty()) {
-                // security check: userLogin partyId must equal partyId, or 
must have PARTYMGR_CREATE permission
-                if (!partyId.equals(loggedInUserLogin.getString("partyId"))) {
-                    errMsg = UtilProperties.getMessage(RESOURCE, 
"loginservices.party_with_party_id_exists_not_permission_create_user_login", 
locale);
-                    errorMessageList.add(errMsg);
-                }
-            } else {
-                errMsg = UtilProperties.getMessage(RESOURCE, 
"loginservices.must_logged_in_have_permission_create_user_login_exists", 
locale);
-                errorMessageList.add(errMsg);
-            }
+        if (loggedInUserLogin.isEmpty()) {
+            errMsg = UtilProperties.getMessage(RESOURCE, 
"loginservices.must_logged_in_have_permission_create_user_login_exists", 
locale);
+            errorMessageList.add(errMsg);
         }
 
         GenericValue newUserLogin = null;

Reply via email to