[
https://issues.apache.org/jira/browse/OFBIZ-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466372
]
Andrew Zeneski commented on OFBIZ-615:
--------------------------------------
Anil,
This is starting to look really good! The only thing I see off hand right now
is that permissions can be recursive. So, when creating a new workeffort, I may
NOT be a assigned to the parent workeffort, but I MAY be assigned to its parent
or the parent's parent. That said, we will want to walk through and look at the
parent workefforts and their parent has well.
Logic:
If this workeffort has a parent, check its parent. If that does not pass, and
the parent has a parent check that parent. Do this until the parent ID == null
(walk the tree).
This will also apply to updating the parentWorkeffortId. I must be allowed to
edit the current workeffort to change its parent. I must also be allowed to
edit the new parent OR any of the parent workefforts up the tree.
Also just FYI, the tag permission-service has an attribute main-action which
gets passed to the permission services as a parameter. This CAN be used if you
make a generic service and decide what to do based on the main-action. This
doesn't have to be this way, but if it can keep things cleaner it would make a
good practice. If things are too complex, that is fine as well.
Also, ECAs can be used to do AND/OR on permissions. One example of this would
be:
createWorkEffort:
- Permission service (genericWorkEffortCreatePermission) check; do I have
WORKEFFORTMGR_CREATE permission?
- ECA condition -> hasPermission == false Call check role permission.
The ECA would trigger on the 'genericWorkEffortCreatePermission' service
pre-commit and would be OR (by using hasPermission == false). You can AND these
together as well but using hasPermission == true as the condition of the ECA.
This will be the best practice pattern for overriding default permissions. I'm
not sure that WorkEffort needs this, but I thought I would bring it up in case
you found it useful.
> Re-Factor WorkEffort permissions to follow new patterns
> -------------------------------------------------------
>
> Key: OFBIZ-615
> URL: https://issues.apache.org/jira/browse/OFBIZ-615
> Project: Apache OFBiz (The Open for Business Project)
> Issue Type: Sub-task
> Components: workeffort
> Reporter: Andrew Zeneski
> Attachments: WorkEffortSecurity.patch
>
>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
