Okay I did the search :-)Check out partyContactMechPermissionCheck and note it's usage in the service defs with the permission-service element.
Regards Scott On 26/10/2009, at 9:31 PM, Abdullah Shaikh wrote:
ok, I will take a look, can you please point to one of them, if you have anyin mind.Also, I didn't get what you meant by "change the permission check to allowthe placing party authorization", can you please explain a bit more ?On Mon, Oct 26, 2009 at 1:50 PM, Scott Gray <[email protected] >wrote:Why do we need to use the system userlogin? If we change the permission check to allow the placing party authorization then we shouldn't need to switch anything. This type of situation is handled in a few places around OFBiz, I would suggest that you find and take a look at them (which is whatI would have to do to answer any more questions :-) Regards Scott On 26/10/2009, at 9:05 PM, Abdullah Shaikh wrote: Hi Scott,Yes, I too thought of improving the already implemented service, I always have that as a first preference, and all should, to make more better code.Now coming back to the issue, below is what I have already comment inprevious post. This error is because the party (customer) doesn't have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission, but we can't give this permission to acustomer, further as the common service is called from ecommerce and order manager for cancel, the solution will be to check the party's role, if itsa CUSTOMER, then I guess we can use the SYSTEM user in place of the PARTY(CUSTOMER), for this we need to give ORDERMGR permission to the SYSTEMuser. But then it will seem as if the SYSTEM user has cancelled the orderand not the CUSTOMER ?The only thought that came to my mind to improve the permission check service is as above, but then I guess it will lead to some other issues.- Abdullah On Mon, Oct 26, 2009 at 1:20 PM, Scott Gray <[email protected]wrote:My first thought without looking at it is that the permission checkingservice should be improved to allow the order placing party to invoke the service. I don't personally think a separate service definition is theway to go. Regards Scott HotWax Media http://www.hotwaxmedia.com On 26/10/2009, at 8:43 PM, Abdullah Shaikh wrote: Hi All,Any thoughts on this ? Jacques, should I proceed with the overriding service patch ? On Fri, Oct 23, 2009 at 6:21 PM, Abdullah Shaikh < [email protected]> wrote:Yes, I guess maybe this is the only solution for this, should I submittheoverriding service patch for this or should I wait for some more ideasto pour in for this ? On Fri, Oct 23, 2009 at 6:09 PM, Jacques Le Roux < [email protected]> wrote: Abdullah,Yes, overriding the service without permission check only for ecommerce use seems the better choise IMO Jacques From: "Abdullah Shaikh" <[email protected]> If I cancel an order item from ecommerce. I get, the below error displayed on the page. The Following Errors Occurred: Unable to cancel order line : WSCO11640 / 00001 / nullNote to test this you need to take the latest update of apply thispatch https://issues.apache.org/jira/browse/OFBIZ-2408.Below is the error trace from console, this error is because the party(customer) doesn't have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission,but we can't give this permission to a customer, further as the common service is called from ecommerce and order manager for cancel, thesolutionwill be to check the party's role, if its a CUSTOMER, then I guess wecanuse the SYSTEM user in place of the PARTY(CUSTOMER), for this we needto give ORDERMGR permission to the SYSTEM user.But then it will seem as if the SYSTEM user has cancelled the orderand not the CUSTOMER ?Another solution will be to override the service without permissioncheck only for ecommerce use.
smime.p7s
Description: S/MIME cryptographic signature
