if you look in the commit mailing list for 699636 you will get the patch. http://mail-archives.apache.org/mod_mbox/ofbiz-commits/
Calum Miller sent the following on 11/19/2008 3:04 PM: > Hi > > Many thanks for this fix, which files do I need to update...is it just > CommunicationEventServices.xml? > > Calum Miller > > Jacques Le Roux wrote: >> Fixed in revision: 699636 >> >> Jacques >> >> From: "Jacques Le Roux" <[EMAIL PROTECTED]> >>> I have written something wich works without changing previous >>> behaviour for other calls (out of eCommerce). >>> But I had also to duplicate an rename >>> createCommunicationEventInterface into >>> createCommunicationEventWithoutPermission since it"s there that >>> createCommunicationEventRole, and now >>> createCommunicationEventRoleWithoutPermission, are called >>> >>> I will reffine before commiting >>> >>> Jacques >>> >>> From: "Jacques Le Roux" <[EMAIL PROTECTED]> >>>> Hi Sumit, >>>> >>>> From: "Sumit Pandit" <[EMAIL PROTECTED]> >>>>> Jacques, >>>>> >>>>> I have an idea regarding to it. It is quite similar to yours. >>>>> >>>>> Idea is to call a service via eca which return hasPermission = >>>>> true when permission check service return false. >>>>> >>>>> The code would be like this : >>>>> >>>>> >>>>> 1) Write an service (for instance: >>>>> overridePartyCommunicationEventPermissionCheck ) which return a >>>>> boolean hasPermission=true. >>>> >>>> I'd have prefered that you have explained *what* you want before *how*. >>>> So the *what* is that you want to allow access for everybody fut >>>> anonymous. >>>> Then I wonder if PartyCommunicationEventPermissionCheck is usefull >>>> at all (except in the anonymous very specific case)... >>>> That's why I suggested to have 2 types of permission and use them >>>> accordingly. >>>> It needs more work but it allows both possibilities without changing >>>> anything else. >>>> So no, I don't agree it's the same idea >>>> >>>> Jacques >>>> >>>>> Like : >>>>> <simple-method method- >>>>> name="overridePartyCommunicationEventPermissionCheck" short- >>>>> description=""> >>>>> <if-compare value="anonymous" >>>>> field="userLogin.userLoginId" operator="not-equals"> >>>>> <set field="hasPermission" type="Boolean" value="true"/> >>>>> <field-to-result field-name="hasPermission"/> >>>>> </if-compare> >>>>> </simple-method> >>>>> >>>>> 2) Call this service via an eca, with condition if >>>>> hasPermission=false : >>>>> <eca service="partyCommunicationEventPermissionCheck" >>>>> event="return" run-on-failure="true"> >>>>> <condition field-name="hasPermission" operator="equals" >>>>> value="false" type="Boolean"/> >>>>> <action >>>>> service="overridePartyCommunicationEventPermissionCheck" >>>>> mode="sync" result-to-result="true"/> >>>>> </eca> >>>>> >>>>> Suggest if you are agree with it ? >>>>> >>>>> >>>>> -- >>>>> Thanks and Regards >>>>> Sumit Pandit. >>>>> HotWaxMedia, Inc >>>>> http://www.hotwaxmedia.com >>>>> >>>>> On Sep 24, 2008, at 2:14 AM, Jacques Le Roux wrote: >>>>> >>>>>> Feel free to suggest a patch in Jira from my remarks below. >>>>>> Except if someone see a better solution ? >>>>>> >>>>>> Jacques >>>>>> >>>>>> From: "Ritesh Trivedi" <[EMAIL PROTECTED]> >>>>>>> Hi, >>>>>>> Any updates on this one? >>>>>>> I am getting multiple order confirmation emails as well due to >>>>>>> this error. I >>>>>>> think someone has also reported this issue. >>>>>>> jacques.le.roux wrote: >>>>>>>> Sumit, >>>>>>>> Sorry for the delay, I was not nuch available these last days. >>>>>>>> I would >>>>>>>> suggest to >>>>>>>> 1. Introduce a service interface definition same than >>>>>>>> createCommunicationEventRole but without the permission check, >>>>>>>> description would be "Create a Communication Event Role with or >>>>>>>> w/ o permission check." >>>>>>>> 2. To use it in createCommunicationEventRole adding the >>>>>>>> permission check. >>>>>>>> 3. To create a new service definition (say >>>>>>>> createCommunicationEventRoleWithoutPermissionCheck) with same >>>>>>>> interface, >>>>>>>> same implementation >>>>>>>> (location="org/ofbiz/party/communication/ >>>>>>>> CommunicationEventServices.xml" >>>>>>>> invoke="createCommunicationEventRole") but without permission check >>>>>>>> 4. Then to use this new services in Contact Us and everywhere >>>>>>>> the same >>>>>>>> need appears. >>>>>>>> Jacques >>>>>>>> From: "Sumit Pandit" <[EMAIL PROTECTED]> >>>>>>>>> Hello Jacques, Hans >>>>>>>>> >>>>>>>>> I have checked it by remove the permission check line from the >>>>>>>>> service definition. Here i found it works well. >>>>>>>>> >>>>>>>>> Here i requested that it is require to remove the line from >>>>>>>>> the service, >>>>>>>>> if not remove following code will block : >>>>>>>>> 1) Contact us (as already known) >>>>>>>>> 2) In new implementation of profile when we add the code for >>>>>>>>> send email >>>>>>>>> notification on create profile then it causes the same error >>>>>>>>> >>>>>>>>> and some more ... >>>>>>>>> >>>>>>>>> What is the best possible solution of it, It is needed to fix >>>>>>>>> urgently since my customized application is blocked due to it. >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Thanks and Regards >>>>>>>>> Sumit Pandit. >>>>>>>>> HotWaxMedia, Inc >>>>>>>>> http://www.hotwaxmedia.com >>>>>>>>> >>>>>>>>> On Aug 26, 2008, at 2:45 PM, Jacques Le Roux wrote: >>>>>>>>> >>>>>>>>>> There is a contradiction between definition where >>>>>>>>>> >>>>>>>>>> partyCommunicationEventPermissionCheck" >>>>>>>>>> main-action="UPDATE"/> is used >>>>>>>>>> >>>>>>>>>> <service name="createCommunicationEventRole" engine="simple" >>>>>>>>>> location="org/ofbiz/party/communication/ >>>>>>>>>> CommunicationEventServices.xml" >>>>>>>>>> invoke="createCommunicationEventRole" auth="true"> >>>>>>>>>> <description>Create a Communication Event Role</description> >>>>>>>>>> <permission-service service- >>>>>>>>>> name="partyCommunicationEventPermissionCheck" main- >>>>>>>>>> action="UPDATE"/> >>>>>>>>>> <auto-attributes entity-name="CommunicationEventRole" >>>>>>>>>> include="pk" mode="IN" optional="false"/> >>>>>>>>>> <auto-attributes entity-name="CommunicationEventRole" >>>>>>>>>> include="nonpk" >>>>>>>>>> mode="IN" optional="true"/> >>>>>>>>>> </service> >>>>>>>>>> >>>>>>>>>> And a change done (r685581) in implemtation to allow >>>>>>>>>> everybody to use >>>>>>>>>> it >>>>>>>>>> >>>>>>>>>> <entity-one entity-name="UserLogin" value-name="sysUserLogin"> >>>>>>>>>> <field-map field-name="userLoginId" value="system"/> >>>>>>>>>> </entity-one> >>>>>>>>>> >>>>>>>>>> I guess we should change the definition... >>>>>>>>>> >>>>>>>>>> Jacques >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> From: "Sneha Chaturvedi" <[EMAIL PROTECTED]> >>>>>>>>>>> Hello all, >>>>>>>>>>> >>>>>>>>>>> I visited http://demo.hotwaxmedia.com/ecommerce/ >>>>>>>>>>> >>>>>>>>>>> Created a new profile >>>>>>>>>>> Went to contact us >>>>>>>>>>> >>>>>>>>>>> but when i send the content I am getting error for permission. >>>>>>>>>>> so i think no permission is set for the user profile >>>>>>>>>>> created through >>>>>>>>>>> ecommerce. I think some implementation is missing in create >>>>>>>>>>> profile section. >>>>>>>>>>> It shows me the error : >>>>>>>>>>> >>>>>>>>>>> Security Error: To run createCommunicationEventRole you must >>>>>>>>>>> have the >>>>>>>>>>> one of the following permissions: PARTYMGR_UPDATE, >>>>>>>>>>> PARTYMGR_ADMIN, PARTYMGR_CME_UPDATE, PARTYMGR_CME_ADMIN] >>>>>>>>>>> >>>>>>>>>>> What should be done in this case. >>>>>>>>>>> >>>>>>>>>>> Thanks in advance >>>>>>>>>>> -- >>>>>>>>>>> Sneha >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>> -- >>>>>>> View this message in context: >>>>>>> http://www.nabble.com/Contact-Us-link-not-working-in-ecommerce-tp19156327p19616070.html >>>>>>> >>>>>>> Sent from the OFBiz - User mailing list archive at Nabble.com. >>>>>>> >>>>> >>>> >>> >> >> > > > >
