[
https://issues.apache.org/jira/browse/OFBIZ-9763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chinmay Patidar updated OFBIZ-9763:
-----------------------------------
Attachment: OFBIZ-9763.patch
Provided the patch for the issue. Done the following:
* Removed all of the security related checks present inline.
* Converted simple-methods "checkShoppingListSecurity" and
"checkShoppingListItemSecurity" into services which will be called as a
permission service from the CRUD services.
* Added hasPermission flag to result of "checkShoppingListSecurity" and
"checkShoppingListItemSecurity" services which are required for these services
as they implement 'permissionInterface' service.
> Create separate Permission Services for CRUD services of ShoppingList and
> ShoppingListItem
> ------------------------------------------------------------------------------------------
>
> Key: OFBIZ-9763
> URL: https://issues.apache.org/jira/browse/OFBIZ-9763
> Project: OFBiz
> Issue Type: Improvement
> Components: ecommerce, party
> Affects Versions: Trunk, Release Branch 16.11
> Reporter: Chinmay Patidar
> Assignee: Chinmay Patidar
> Fix For: Trunk
>
> Attachments: OFBIZ-9763.patch
>
>
> In CRUD services for ShoppingList and ShoppingListItem entities, the security
> related checks are present inline in the services. This implementation
> violates the best practice of keeping security implementation different from
> the business logic.
> We need to implement security services for such operations and to call them
> as a permission-service from the CRUD operation services definition
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
