[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012941#comment-17012941 ] James Yong commented on OFBIZ-11306: Hi Jacques, Thanks for the info on ajaxPrefilter and ajaxSetup. Will use ajaxPrefilter, as ajaxSetup can be overriden. Patches updated. > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] James Yong updated OFBIZ-11306: --- Attachment: OFBIZ-11306.patch OFBIZ-11306_Plugins.patch > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-10577) New Feature: Inventory Cycle Count
[ https://issues.apache.org/jira/browse/OFBIZ-10577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012882#comment-17012882 ] Yashwant Dhakad commented on OFBIZ-10577: - Hello Guys, I have uploaded the patch for this new feature. Please have a look and provide your valuable feedback or suggestions. I am working on its inbound and outbound transactions and will provide a new patch for these transactions. > New Feature: Inventory Cycle Count > -- > > Key: OFBIZ-10577 > URL: https://issues.apache.org/jira/browse/OFBIZ-10577 > Project: OFBiz > Issue Type: New Feature > Components: hhfacility >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Yashwant Dhakad >Priority: Major > Attachments: OFBIZ-10577-Database-Changes.patch, OFBIZ-10577.patch > > > *Here are the design notes for cycle count workflow:* > *Find Session Screen:* In this screen, we will show all the sessions created > in the system with respect to the facility, locations, inventory count item, > current status, and created date. We have a search field to filter the > records on the basis of the facility, status. > *Find Pending Locations:* In this screen, we have a table listing all the > pending locations whose countings are pending and we can create a session for > them. All details regarding the pending locations are listed here with the > location, next count date, last count date and days extended for the count, > total inventory item and product for this location. We have facets for > filtering the records on the basis of the facility, not scanned since and > scheduled for next scan. Also, we have a global search at the top of the > screen. In Pending Locations screen, we have a Create Session button. To > create a session we can either select one or more records from the below list > or create a new session by yourself. > In Create Session screen, the basic overview is shown in the "Overview" > section and the items are listed in the "Items" section. We can create a new > line item by clicking on the 'Add' button and we can also update the item > quantity. After completing this, we can proceed with this session and mark it > with 'Pending for Review' status from the 'Status' button at the top of the > screen or we can simply 'Reject'. 'Reject' status button is available at the > top of the screen. > *Find Review Screen:* In this screen, we have a table listing all the > locations pending for the review. All the details regarding the review > sessions are listed with the facility, locations and counted inventory item. > We have facets for filtering records on the basis of the facility. By > clicking any session we can go to its detail screen, where basic details > regarding this session are listed in the 'Overview' section and items are > listed in the 'Items' section. We can select any number of rows and mark them > as 'Accept' or 'Reject'. When these items are marked as 'Accepted' then the > variance is created and these are added in the Count Progress report. Only > authorized persons can accept or reject the sessions and once the session is > accepted it is marked as 'Completed'. > *Count Progress Report:* In this screen, User can view the advanced counting > related analytics with respect to all the 'Completed' status session from > Reports Screen. We can filter the records on the basis of the facility and > within the date range. We can also see the percentage of the total locations, > inventory items counted and errors occurred during the process. Item variance > details are listed in the below section in tabular form. > Following changes to the existing data model to support end to end counting > process flow: > *New entities:* > *InventoryCount* > inventoryCountId > uploadedByUserLogin > facilityId > statusId > createdDatetime > *InventoryCountItem* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > itemStatusId > locationSeqId > productId > productIdentifier > quantity > *InventoryCountVariance* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > productId > productIdentifier > locationSeqId > systemQuantityOnHand > actualQuantityOnHand > varianceQuantityOnHand > totalCost > actualCost > costVariance > actualValue > totalValue > valueVariance > unitCost > ***Extended entity:* > *FacilityLocation* > locked > lastCountDate > nextCountDate > **We will prevent the following inbound and outbound transactions within the > application if the location is locked for counting: > Inventory Transfer > Issuance against Sales Order > Sales Return receiving > Inventory receive > Issuance and return inventory in manufacturing Job > Kit breakup >
[jira] [Updated] (OFBIZ-10577) New Feature: Inventory Cycle Count
[ https://issues.apache.org/jira/browse/OFBIZ-10577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yashwant Dhakad updated OFBIZ-10577: Attachment: OFBIZ-10577.patch > New Feature: Inventory Cycle Count > -- > > Key: OFBIZ-10577 > URL: https://issues.apache.org/jira/browse/OFBIZ-10577 > Project: OFBiz > Issue Type: New Feature > Components: hhfacility >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Yashwant Dhakad >Priority: Major > Attachments: OFBIZ-10577-Database-Changes.patch, OFBIZ-10577.patch > > > *Here are the design notes for cycle count workflow:* > *Find Session Screen:* In this screen, we will show all the sessions created > in the system with respect to the facility, locations, inventory count item, > current status, and created date. We have a search field to filter the > records on the basis of the facility, status. > *Find Pending Locations:* In this screen, we have a table listing all the > pending locations whose countings are pending and we can create a session for > them. All details regarding the pending locations are listed here with the > location, next count date, last count date and days extended for the count, > total inventory item and product for this location. We have facets for > filtering the records on the basis of the facility, not scanned since and > scheduled for next scan. Also, we have a global search at the top of the > screen. In Pending Locations screen, we have a Create Session button. To > create a session we can either select one or more records from the below list > or create a new session by yourself. > In Create Session screen, the basic overview is shown in the "Overview" > section and the items are listed in the "Items" section. We can create a new > line item by clicking on the 'Add' button and we can also update the item > quantity. After completing this, we can proceed with this session and mark it > with 'Pending for Review' status from the 'Status' button at the top of the > screen or we can simply 'Reject'. 'Reject' status button is available at the > top of the screen. > *Find Review Screen:* In this screen, we have a table listing all the > locations pending for the review. All the details regarding the review > sessions are listed with the facility, locations and counted inventory item. > We have facets for filtering records on the basis of the facility. By > clicking any session we can go to its detail screen, where basic details > regarding this session are listed in the 'Overview' section and items are > listed in the 'Items' section. We can select any number of rows and mark them > as 'Accept' or 'Reject'. When these items are marked as 'Accepted' then the > variance is created and these are added in the Count Progress report. Only > authorized persons can accept or reject the sessions and once the session is > accepted it is marked as 'Completed'. > *Count Progress Report:* In this screen, User can view the advanced counting > related analytics with respect to all the 'Completed' status session from > Reports Screen. We can filter the records on the basis of the facility and > within the date range. We can also see the percentage of the total locations, > inventory items counted and errors occurred during the process. Item variance > details are listed in the below section in tabular form. > Following changes to the existing data model to support end to end counting > process flow: > *New entities:* > *InventoryCount* > inventoryCountId > uploadedByUserLogin > facilityId > statusId > createdDatetime > *InventoryCountItem* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > itemStatusId > locationSeqId > productId > productIdentifier > quantity > *InventoryCountVariance* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > productId > productIdentifier > locationSeqId > systemQuantityOnHand > actualQuantityOnHand > varianceQuantityOnHand > totalCost > actualCost > costVariance > actualValue > totalValue > valueVariance > unitCost > ***Extended entity:* > *FacilityLocation* > locked > lastCountDate > nextCountDate > **We will prevent the following inbound and outbound transactions within the > application if the location is locked for counting: > Inventory Transfer > Issuance against Sales Order > Sales Return receiving > Inventory receive > Issuance and return inventory in manufacturing Job > Kit breakup > Update Location > Physical Variance creation > The locked locations won’t have any bearing on the transactions that are > affecting the only ATP of parts i.e. Reserving component for Jobs/Sales > Orders etc. as they don’t affect QOH in any way.
[jira] [Reopened] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Amine Azzi reopened OFBIZ-11316:
The issue was introduced by adding the following code.
Boolean isTaxIncludedInPrice =
adj.getString("orderAdjustmentTypeId").equals("VAT_TAX") &&
UtilValidate.isNotEmpty(adj.getBigDecimal("amountAlreadyIncluded")) &&
adj.getBigDecimal("amountAlreadyIncluded").signum() != 0;
+ if ((adj.getBigDecimal("amount").signum() == 0) && isTaxIncludedInPrice) {
+ adj.set("amount", adj.getBigDecimal("amountAlreadyIncluded"));
+ }
// If the absolute invoiced amount >= the abs of the adjustment amount, the
full amount has already been invoiced, so skip this adjustment
if
(adjAlreadyInvoicedAmount.abs().compareTo(adj.getBigDecimal("amount").setScale(invoiceTypeDecimals,
ROUNDING).abs()) > 0) {
continue;
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: OFBIZ-11316.patch
>
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012836#comment-17012836
]
Amine Azzi commented on OFBIZ-11316:
Jaques,
The bug seems to be introduced with the change you talked about. here is the
patch attached.
Amine.
[^OFBIZ-11316.patch]
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: OFBIZ-11316.patch
>
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Amine Azzi updated OFBIZ-11316:
---
Attachment: OFBIZ-11316.patch
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
> Attachments: OFBIZ-11316.patch
>
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012774#comment-17012774
]
Amine Azzi commented on OFBIZ-11316:
Hi Jaques,
I am using release 18.12 branch from the repo in Github.
I will check again the trunk from SVN repo and see if that's fixed. then I will
create a patch or close this ticket.
Amine.
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Closed] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux closed OFBIZ-11316.
---
Resolution: Duplicate
This has been already fixed in OFBIZ-7012, see the patch there, please check
and reopen if I missed something
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012752#comment-17012752
]
Jacques Le Roux commented on OFBIZ-11316:
-
Hi Amine,
Which version are you using? Could you provide a patch against trunk?
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Assigned] (OFBIZ-11316) Bug when order contains adjustments with NULL amount
[
https://issues.apache.org/jira/browse/OFBIZ-11316?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux reassigned OFBIZ-11316:
---
Assignee: Jacques Le Roux
> Bug when order contains adjustments with NULL amount
>
>
> Key: OFBIZ-11316
> URL: https://issues.apache.org/jira/browse/OFBIZ-11316
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
>Affects Versions: Trunk
>Reporter: Amine Azzi
>Assignee: Jacques Le Roux
>Priority: Major
>
> On org/apache/ofbiz/accounting/invoice/InvoiceServices.java:561.
> The condition evaluation gives an error when the adjustment has a null amount
> even when isTaxIncludedInPrice is FALSE.
>
> The condition should be re-written to
>
> if (isTaxIncludedInPrice && (adj.getBigDecimal("amount").signum() == 0))
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012750#comment-17012750
]
Jacques Le Roux commented on OFBIZ-11007:
-
Thanks Mathieu,
That's enough for me, +1 for this "de facto standard"
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012712#comment-17012712
]
Mathieu Lirzin commented on OFBIZ-11007:
I did not dig much, I have first found
https://stackoverflow.com/questions/8054165/using-put-method-in-html-form which
gave me the impression that there was a consensus on this convention but that
is not backed by statistics.
Regarding Java frameworks, Spring uses this convention too
https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/filter/reactive/HiddenHttpMethodFilter.html
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[ https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012606#comment-17012606 ] Jacques Le Roux commented on OFBIZ-11306: - Hi James, I began to review Java code yesterday, and it's more complicated than I thought :) Still on it... > POC for CSRF Token > -- > > Key: OFBIZ-11306 > URL: https://issues.apache.org/jira/browse/OFBIZ-11306 > Project: OFBiz > Issue Type: Improvement > Components: ALL APPLICATIONS >Affects Versions: Upcoming Branch >Reporter: James Yong >Assignee: Jacques Le Roux >Priority: Minor > Labels: CSRF > Fix For: Upcoming Branch > > Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, > OFBIZ-11306.patch, OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch, > OFBIZ-11306_Plugins.patch > > > CRSF tokens are generated using CSRF Guard library and used in: > 1) In widget form where a hidden token field is auto-generated. > 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf > token field. > 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token > to X-CSRF-Token in request header. > CSRF tokens are stored in the user sessions, and verified during POST request. > A new attribute i.e. csrf-token is added to the security tag to exempt CSRF > token check. > Certain request path, like LookupPartyName, can be exempt from CSRF token > check during Ajax POST call. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012600#comment-17012600
]
Jacques Le Roux commented on OFBIZ-11007:
-
HI Mathieu,
Is it only Laravel (PHP) or are there other Java frameworks?
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11007) REST: adding segmented URI support
[
https://issues.apache.org/jira/browse/OFBIZ-11007?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17012555#comment-17012555
]
Mathieu Lirzin commented on OFBIZ-11007:
Hello Nicolas,
A bit late, but I have forgot to suggest the use of "_method" instead of
"restMethod" for the hidden field containing the actual request method that
should be effectively used in the controller. This naming convention is not
specified in any standard but seems [used in other web
frameworks|https://laravel.com/docs/4.2/html#opening-a-form].
> REST: adding segmented URI support
> --
>
> Key: OFBIZ-11007
> URL: https://issues.apache.org/jira/browse/OFBIZ-11007
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
> Environment:
>Reporter: Artemiy Rozovyk
>Assignee: Nicolas Malin
>Priority: Minor
> Labels: REST, URI
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch,
> OFBIZ-11007_refactor-entitymaint.patch, entitymaint_example.patch,
> restful_URIs.patch
>
>
> Following the discussion on making OFBiz RESTful OFBIZ-4274 i implemented the
> support of segmented URIs without interfering with current mechanisms of URI
> resolution nor with _overrideView()_ feature.
> Combined with work on associating URIs and HTTP methods done by [~mthl] in
> OFBIZ-10438 , we are now able to provide RESTful APIs as follows:
> {code:java}
>
> ...
>
> ...
>
> ...
> {code}
> After we matched a request-map having parametrized URI as in
> {code:java}
> uri="foo/bar/{baz}"
> {code}
> the value is available inside the request attributes with the corresponding
> key (here _"baz"_)
> The *restful_URIs.patch* allows segmented URI support.
> The *entitymaint_example.patch* is a modified _entitymaint_ part that serves
> as an example of possible application of new system.
> Any questions or comments are welcomed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
