Hi BJ, I know how the security system works - but I still don't understand the meaning of the fields on the form:
https://localhost:8443/catalog/control/EditProdCatalog I am trying to write the help text for these fields from an catalog administrators perspective, for example: Permission required to add product to "ViewAllow" category: "if this is Y, catalog administrators can only add products to 'View Allow' categories if the have the permission CATALOG_VIEW_ALLOW" Question: is this description correct? when would you want to set this to Y? Permission required to add product to "PurchaseAllow" category: "if this is Y, catalog administrators can only add products to 'Purchase Allow' categories if the have the permission CATALOG_VIEW_ALLOW" Question: is this description correct? when would you want to set this to Y? Many thanks, Chris On Sat, May 15, 2010 at 11:21 PM, BJ Freeman <[email protected]> wrote: > > the permission are programmed in to widgets, ftl and services. > there are two parts to a permission > XXXX is the permission > YYYY is that action > XXXX_YYYY > XXXX_VIEW for permission. > _VIEW should only allow seeing data. note the _ preceding it. > if you want to granularize something more then created a new section or > Permission XXXX_ > here are the permission groups > > https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 > and add the following > _CREATE > _UPDATE > _DELETE > _VIEW > _ADMIN > > https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 > like > > !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) > <if-has-permission permission="ORDERMGR" action="_VIEW"/> > > > > If you find others that are different they are not following the best > practices. > > ======================= > > BJ Freeman > http://bjfreeman.elance.com > Strategic Power Office with Supplier Automation < > http://www.businessesnetwork.com/automation/viewforum.php?f=93> > Specialtymarket.com <http://www.specialtymarket.com/> > > Systems Integrator-- Glad to Assist > > Chat Y! messenger: bjfr33man > Linkedin > < > http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro > > > > > Christopher Snow sent the following on 5/15/2010 2:28 PM: > > There are two options when creating/editing a Product Catalog: > > > > - Permission required to add product to "ViewAllow" category > > - Permission required to add product to "PurchaseAllow" category > > > > What do these options actually do? > > > > Many thanks, > > > > Chris > > > > >
