[
https://issues.apache.org/jira/browse/OFBIZ-3632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12852727#action_12852727
]
Vikas Mayur commented on OFBIZ-3632:
------------------------------------
I am fine with either way whether we define the custom permissions since they
would be very few (as mentioned by David) or use a declarative syntax (as
mentioned by Adam.)
If the patch is fine, please let me know if this can be committed. If not I
will now work on defining two custom permission services _createORupdate
facilty permission_ and
_createANDupdate faciliy permission_.
> Extending the service model to specify more complex permissions using
> permission service
> ----------------------------------------------------------------------------------------
>
> Key: OFBIZ-3632
> URL: https://issues.apache.org/jira/browse/OFBIZ-3632
> Project: OFBiz
> Issue Type: Improvement
> Components: framework, product
> Reporter: Vikas Mayur
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: permission.patch, permission.patch
>
>
> At present <permission-service> in the service definition allows only one
> permission service. I have extended the <required-permissions> tag to
> specify more then one permission services by doing an AND/OR operation.
> For instance the following code in service definition
> {code}
> <required-permissions join-type="AND">
> <permission-service service-name="facilityGenericPermission"
> main-action="CREATE"/>
> <permission-service service-name="facilityGenericPermission"
> main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace the following code in service implementation.
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
> <fail-message message="Security Error: to run
> setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or
> FACILITY_ADMIN permission"/>
> </check-permission>
> <check-permission permission="FACILITY" action="_UPDATE">
> <fail-message message="Security Error: to run
> setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or
> FACILITY_ADMIN permission"/>
> </check-permission>
> {code}
> Similarly the code
> {code}
> <required-permissions join-type="OR">
> <permission-service service-name="facilityGenericPermission"
> main-action="CREATE"/>
> <permission-service service-name="facilityGenericPermission"
> main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
> <alt-permission permission="FACILITY" action="_UPDATE"/>
> <fail-message message="Security Error: to run createShipmentItem you must
> have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-errors/>
> {code}
> The patch also contains additional changes where the permission service is
> defined in the service definition.
> EDITS: Added missing ending \{code\} tag for the last code snippet
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
