Jacopo,
Doing a Google search, I found these notes from Si:
http://www.opensourcestrategies.com/ofbiz/security.php
According to Si, the list of base permissions should be ANDed, not ORed. I don't know the reasoning
for that, however.
-Adrian
Jacopo Cappellato wrote:
Adrian,
I think that you could be right.
I'm not sure I understand the meaning of the OFBTOOLS permission, but I
don't think it was intended as the base permission for the Webtools
application... but I could be wrong.
Any hints from others?
Jacopo
Adrian Crum wrote:
Jacopo,
How was the original logic incorrect? The original logic was this:
For each application:
Permission to use the application defaults to false
If the user has one of the permissions in the application's
base-permission list,
OR if the base-permission list contains "NONE", then permission to
use
the application is true
The reason all of the applications became visible to a user with the
OFBTOOLS permission is because all of the applications have the
OFBTOOLS permission in their base-permission list.
My understanding is that the OFBTOOLS permission was intended to grant
access to the Webtools application. I don't know why it has been
included in every other application.
-Adrian
