ok, I will take a look, can you please point to one of them, if you have any in mind.
Also, I didn't get what you meant by "change the permission check to allow the placing party authorization", can you please explain a bit more ? On Mon, Oct 26, 2009 at 1:50 PM, Scott Gray <[email protected]>wrote: > Why do we need to use the system userlogin? If we change the permission > check to allow the placing party authorization then we shouldn't need to > switch anything. This type of situation is handled in a few places around > OFBiz, I would suggest that you find and take a look at them (which is what > I would have to do to answer any more questions :-) > > Regards > Scott > > > On 26/10/2009, at 9:05 PM, Abdullah Shaikh wrote: > > Hi Scott, >> >> Yes, I too thought of improving the already implemented service, I always >> have that as a first preference, and all should, to make more better code. >> >> Now coming back to the issue, below is what I have already comment in >> previous post. >> >> This error is because the party (customer) doesn't have the >> ORDERMGR_CREATE >> or ORDERMGR_ADMIN permission, but we can't give this permission to a >> customer, further as the common service is called from ecommerce and order >> manager for cancel, the solution will be to check the party's role, if its >> a >> CUSTOMER, then I guess we can use the SYSTEM user in place of the >> PARTY(CUSTOMER), for this we need to give ORDERMGR permission to the >> SYSTEM >> user. But then it will seem as if the SYSTEM user has cancelled the order >> and >> not the CUSTOMER ? >> >> The only thought that came to my mind to improve the permission check >> service is as above, but then I guess it will lead to some other issues. >> >> - Abdullah >> >> On Mon, Oct 26, 2009 at 1:20 PM, Scott Gray <[email protected] >> >wrote: >> >> My first thought without looking at it is that the permission checking >>> service should be improved to allow the order placing party to invoke the >>> service. I don't personally think a separate service definition is the >>> way >>> to go. >>> >>> Regards >>> Scott >>> >>> HotWax Media >>> http://www.hotwaxmedia.com >>> >>> >>> On 26/10/2009, at 8:43 PM, Abdullah Shaikh wrote: >>> >>> Hi All, >>> >>>> >>>> Any thoughts on this ? >>>> >>>> Jacques, should I proceed with the overriding service patch ? >>>> >>>> On Fri, Oct 23, 2009 at 6:21 PM, Abdullah Shaikh < >>>> [email protected]> wrote: >>>> >>>> Yes, I guess maybe this is the only solution for this, should I submit >>>> >>>>> the >>>>> overriding service patch for this or should I wait for some more ideas >>>>> to >>>>> pour in for this ? >>>>> >>>>> >>>>> On Fri, Oct 23, 2009 at 6:09 PM, Jacques Le Roux < >>>>> [email protected]> wrote: >>>>> >>>>> Abdullah, >>>>> >>>>>> >>>>>> Yes, overriding the service without permission check only for >>>>>> ecommerce >>>>>> use seems the better choise IMO >>>>>> >>>>>> Jacques >>>>>> >>>>>> From: "Abdullah Shaikh" <[email protected]> >>>>>> >>>>>> If I cancel an order item from ecommerce. I get, the below error >>>>>> displayed >>>>>> on the page. >>>>>> >>>>>> The Following Errors Occurred: >>>>>> Unable to cancel order line : WSCO11640 / 00001 / null >>>>>> >>>>>> Note to test this you need to take the latest update of apply this >>>>>> patch >>>>>> https://issues.apache.org/jira/browse/OFBIZ-2408. >>>>>> >>>>>> Below is the error trace from console, this error is because the party >>>>>> (customer) doesn't have the ORDERMGR_CREATE or ORDERMGR_ADMIN >>>>>> permission, >>>>>> but we can't give this permission to a customer, further as the common >>>>>> service is called from ecommerce and order manager for cancel, the >>>>>> solution >>>>>> will be to check the party's role, if its a CUSTOMER, then I guess we >>>>>> can >>>>>> use the SYSTEM user in place of the PARTY(CUSTOMER), for this we need >>>>>> to >>>>>> give ORDERMGR permission to the SYSTEM user. >>>>>> >>>>>> But then it will seem as if the SYSTEM user has cancelled the order >>>>>> and >>>>>> not >>>>>> the CUSTOMER ? >>>>>> >>>>>> Another solution will be to override the service without permission >>>>>> check >>>>>> only for ecommerce use. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>> >
