Ok I see, so there is a need for permission services to be able to run
without a userLogin value in some cases. Specifically in situations where
the other parameters provided can determine whether an anonymous user is
authorized to execute the given service.
Thanks for providing the additional in
Hi Chinmay, Suraj,
Thanks for the tip, https://issues.apache.org/jira/browse/OFBIZ-5157 is related
Jacques
Le 23/12/2017 à 12:46, Chinmay Patidar a écrit :
Just missed a point. To regenerate the issue one has to update the 'Auto
Save Cart' to 'Y' for the e-commerce product store record.
Than
Just missed a point. To regenerate the issue one has to update the 'Auto
Save Cart' to 'Y' for the e-commerce product store record.
Thanks,
*Chinmay Patidar* | Sr. Enterprise Software Engineer
HotWax Commerce by HotWax Systems
Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, In
Hello All,
Adding to the Suraj's example of CreateShoppingList, I would like to
elaborate more on the same.
In current implementation, 'checkShoppingListSecurity' service is a
permission-service for 'createShoppingList' service. The system creates a
shopping list for an anonymous user on the ecom
Hi Suraj,
I don't see how you could check permissions for an anonymous user.
Maybe by giving anonymous users specific permissions in the context of
ecommerce?
But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we should
fix services like CreateShoppingList
BTW did you cross a
Thanks everyone for your inputs.
Yes, there are similar occurrences where permission service is defined and
service is used in case of an anonymous user as well.
Example: *CreateShoppingList* and related services
I was presuming we can execute any service as permission service
irrespective of tak
If an service implements and do checks for the permissions then it must
have the auth set as true. If any occurrences found then it should be by
mistake and service definition should be fix to match.
So I think the behavior we have is correct, whenever we want to check the
permission it should ha
auth="false" and a permission service are completely incompatible
scenarios. In what situation could you possibly have no userLogin and
successfully run a permission service?
What would you expect to happen instead of the current behavior?
Regards
Scott
On 3 November 2017 at 17:35, Suraj Khuran
Le 17/11/2017 à 09:20, Jacques Le Roux a écrit :
Le 03/11/2017 à 05:35, Suraj Khurana a écrit :
Hello team,
I noticed that in any service definition if auth is set to false and
permission service is also the service definition, it overrides the auth
parameter to true by itself.
For quick refer
Le 03/11/2017 à 05:35, Suraj Khurana a écrit :
Hello team,
I noticed that in any service definition if auth is set to false and
permission service is also the service definition, it overrides the auth
parameter to true by itself.
For quick reference, it is written at *createPermission* method o
Hello team,
I noticed that in any service definition if auth is set to false and
permission service is also the service definition, it overrides the auth
parameter to true by itself.
For quick reference, it is written at *createPermission* method of
*ModelServiceReader* class.
Can someone please
11 matches
Mail list logo