Unfortunately, I have to implement this within the next week... I have a bsh script that will check that the loginUserId has permission for reading an entity record based on the parameter holding the entity Id (upliftId). I don't want to have to call this bsh in every service, etc. Ideally, I would like every request checked for the the upliftId parameter, and if the loginUserId doesn't have access, an error is thrown redirecting to an error page.
I was wondering whether this could be done in the controller or as an entity ECA? Many thanks, Chris jacques.le.roux wrote: > > http://markmail.org/message/3qpow4arm6tdqqp2 > Also it seems that there would be an effort soon in this area > http://docs.ofbiz.org/display/~jaz/OFBiz+Security+Refactor > > Jacques > > From: "snowch" <[email protected]> >> >> Hi forum, >> >> Some of my requests will contain a parameter (UpliftId) that holds an >> identifier for a entity record. This is to provide record level security >> checks. Is there a way of performing this check in the controller so >> that >> every (logged in) request that has the parameter UpliftId is checked to >> ensure that the userLoginId has access to the the UpliftId? >> >> Many thanks in advance, >> >> Chris >> -- >> View this message in context: >> http://www.nabble.com/Best-place-for-security-check--tp23255712p23255712.html >> Sent from the OFBiz - User mailing list archive at Nabble.com. >> > > > -- View this message in context: http://www.nabble.com/Best-place-for-security-check--tp23255712p23256866.html Sent from the OFBiz - User mailing list archive at Nabble.com.
