Not sure where Si got his notes, but I think what you are writing is correct Adrian.
If I remember right from the initial discussions around this the point was to be able to add on other applications and have more control over which a user can see, the common scenario being that you would want to be able to setup a user that could see the add-on application (even though it does have a security permission), but not the base ofbiz applications. With that you could just not include the OFBTOOLS permission in your add-on application and off you go...
-David On Oct 17, 2007, at 10:44 AM, Adrian Crum wrote:
Jacopo, Doing a Google search, I found these notes from Si: http://www.opensourcestrategies.com/ofbiz/security.phpAccording to Si, the list of base permissions should be ANDed, not ORed. I don't know the reasoning for that, however.-Adrian Jacopo Cappellato wrote:Adrian, I think that you could be right.I'm not sure I understand the meaning of the OFBTOOLS permission, but I don't think it was intended as the base permission for the Webtools application... but I could be wrong.Any hints from others? Jacopo Adrian Crum wrote:Jacopo, How was the original logic incorrect? The original logic was this: For each application: Permission to use the application defaults to falseIf the user has one of the permissions in the application's base-permission list, OR if the base-permission list contains "NONE", then permission to usethe application is trueThe reason all of the applications became visible to a user with the OFBTOOLS permission is because all of the applications have the OFBTOOLS permission in their base-permission list.My understanding is that the OFBTOOLS permission was intended to grant access to the Webtools application. I don't know why it has been included in every other application.-Adrian
smime.p7s
Description: S/MIME cryptographic signature
