Hi Chinmay, Suraj,
Thanks for the tip, https://issues.apache.org/jira/browse/OFBIZ-5157 is related
Jacques
Le 23/12/2017 à 12:46, Chinmay Patidar a écrit :
Just missed a point. To regenerate the issue one has to update the 'Auto
Save Cart' to 'Y' for the e-commerce product store record.
Thanks,
*Chinmay Patidar* | Sr. Enterprise Software Engineer
HotWax Commerce by HotWax Systems
Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, Indore,
M.P, India - 452010
Cell phone: +91-9713978795
On Sat, Dec 23, 2017 at 5:08 PM, Chinmay Patidar <
[email protected]> wrote:
Hello All,
Adding to the Suraj's example of CreateShoppingList, I would like to
elaborate more on the same.
In current implementation, 'checkShoppingListSecurity' service is a
permission-service for 'createShoppingList' service. The system creates a
shopping list for an anonymous user on the ecommerce when adding an item to
the cart (try in incognito window so it doesn't pick party from the cache).
But with the current implementation, checkShoppingListSecurity returns an
error saying that "You must be logged in to complete the process". In
simple words, the 'createShoppingList' service gets called for an anonymous
user which eventually triggers 'checkShoppingListSecurity' service.
The above explanation gives an example of a use case where one could
possibly have no userLogin but has a permission service implemented(for
covering use cases of userLogin).
Also, it seems that one can't use a permission-service when no
userLogin would be present.
Also, for now, to fix the issue we can call the
"checkShoppingListSecurity" service from the service
declaration/implementation to overcome the error of no userLogin. Although,
it creates confusion to me that the same service when called internally
works fine but when called as a permission service, returns an error.
Please let me know if calling the security service internally would be the
proper approach.
Thanks,
*Chinmay Patidar* | Sr. Enterprise Software Engineer
HotWax Commerce by HotWax Systems
Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center,
Indore, M.P, India - 452010
Cell phone: +91-9713978795
On Mon, Dec 11, 2017 at 5:43 PM, Jacques Le Roux <
[email protected]> wrote:
Hi Suraj,
I don't see how you could check permissions for an anonymous user.
Maybe by giving anonymous users specific permissions in the context of
ecommerce?
But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we
should fix services like CreateShoppingList
BTW did you cross any issues with anonymous users or is that only you
thinking?
Jacques
Le 01/12/2017 à 09:41, Suraj Khurana a écrit :
Thanks everyone for your inputs.
Yes, there are similar occurrences where permission service is defined
and
service is used in case of an anonymous user as well.
Example: *CreateShoppingList* and related services
I was presuming we can execute any service as permission service
irrespective of taking *userLogin *into consideration. Please correct me
if
I am wrong or missing something.
--
Thanks and Regards,
*Suraj Khurana* | Sr. Enterprise Software Engineer
*HotWax Commerce* by *HotWax Systems*
Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[email protected]>
wrote:
If an service implements and do checks for the permissions then it must
have the auth set as true. If any occurrences found then it should be by
mistake and service definition should be fix to match.
So I think the behavior we have is correct, whenever we want to check
the
permission it should have the user in context.
Suraj, Any scenario you have in mind where we only require permission
service without user?
Rishi Solanki
Sr Manager, Enterprise Software Development
HotWax Systems Pvt. Ltd.
Direct: +91-9893287847
http://www.hotwaxsystems.com
www.hotwax.co
On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <
[email protected]>
wrote:
auth="false" and a permission service are completely incompatible
scenarios. In what situation could you possibly have no userLogin and
successfully run a permission service?
What would you expect to happen instead of the current behavior?
Regards
Scott
On 3 November 2017 at 17:35, Suraj Khurana
<suraj.khurana@hotwaxsystems.
com>
wrote:
Hello team,
I noticed that in any service definition if auth is set to false and
permission service is also the service definition, it overrides the
auth
parameter to true by itself.
For quick reference, it is written at *createPermission* method of
*ModelServiceReader* class.
Can someone please elaborate this behavior. IMO, this should not
happen.
--
Thanks and Regards,
*Suraj Khurana* | Sr. Enterprise Software Engineer
*HotWax* *Commerce* by *HotWax Systems*
Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
