Hi Dennis,
That's a good question! I just saw that you also put a comment in the current
OFBIZ-10031 patch:
// login-required tag?
If we refer to the available documentation we have
"Require a user login to run this method. Defaults to "true". Optional. Attribute
type: constant."
and
"If auth=false when you hit the request, even if you're not logged in, it will allow you to go through. If auth=true, when you hit the request if
you're not logged in it will forward you over to the login page"
The later comes from an old David's E. Jones document: the "Apache OFBiz Advanced
Framework - Training Video Transcription"
Here we have 2 options
1. We consider it simply as a service and then login-required is not needed.
This is for instance what has been done for
getPartyAccountingPreferences in
http://svn.apache.org/viewvc?view=revision&revision=1796731 There the default
(login-required=true) was used
2. It seems redundant if you look at it from a service POV. But a simple method
can also be used in another context and I guess that's why we have
this apparent redundancy. So we can do only 1 if it's only used as a service
(I guess for a service implementation much of the time, if not
always) else we need to change the call (in other simple-method/s) to
service call/s and then do 1.
About
>Where does this get checked and when?
It's checked in SimpleMethod.exec(MethodContext methodContext) But given my
proposition above it should not be needed to port this part.
About auth=true when you are not in the context of an UI (jobs):
runShoppingListAutoReorder shows that's then userLogin is supposed to be in
context.
I did not check but I guess, if auth=true, at this stage the service engine
would have already rejected the call if the userLogin is not in the context.
More thoughts are welcome.
Jacques
Le 05/01/2018 à 14:06, Dennis Balkir a écrit :
Hi Devs,
at the moment I am doing some Minilang to Groovy conversions (CategoryServices
to be precise) and I found a simple method (getAssociatedProductsList), which
set the tag „login-required“ to false.
I then checked the service-definition of this method (which it had), and there
it also sets the „auth“ tag to false.
I tried to find, where these tags get checked in the Engine-Codes, specifically
the serviceengine.xml, SimpleServiceEngine.java, ServiceEngine.java and
SimpleMethod.java, but I cannot find for sure, where the authentication gets
checked.
The question for me is now: Is it necessary for the simple method to have the
„login-required“ tag set to false, if the service definition set "auth" to
false already?
Where does this get checked and when?
And of course: When the set of the „login-required“ tag in the simple-method is
necessary, as well as the set „auth“ tag, how do I implement the
„login-required=false“ in Groovy?
Thanks in advance for your help
Kind regards
