Hi Jacques:
IMHO, it would be really useful to have a way to assign OFBiz "assets"
to some type of protection group much like you can now do with users
(though the use of the UserLogin.) By "assets", I mean things like a
specific product, a file (as pointed to by a contentId or
dataResourceId) or business process (maybe as defined using workflow).
In my strategy, you could assign the "asset" to this "group" as well as
a UserLogin. Then you could check to see if both are in the same group.
If they are, the permission to access is granted. You could even do
groups of groups as a hierarchy of levels of protection.
IMHO the OFBiz way of using SecurityPermissions, SecurityGroups etc. is
much too complex (and error prone) to achieve what is effectively role
based access control.
But this gets away from the original question and answer(s) - to which I
might add the following for everyone's consideration:
Just because you restrict access to catalogs and categories does NOT
mean that products have restricted access. Since all that catalogs and
categories bring to the table is an elegant and convenient mechanism for
organizing products, this strategy does not directly address the
requirement to restrict access to individual products. In other words,
just because a catalog or specific categories are protected, (without
further logic to protect products), a savvy browser can still see any
product in the Product table.
Regards,
Ruth
On 7/14/12 8:19 AM, Jacques Le Roux wrote:
Roles are a part of it, see this page for rights organisation
https://demo-trunk.ofbiz.apache.org/partymgr/control/ProfileEditUserLoginSecurityGroups?partyId=admin&userLoginId=admin
You get there from the user profil, look for Security Groups. From
them follow the code and data. Looking into OOTB related demo data is
very good way to understand stuff, often quicker than tracing code
Jacques
From: "MMA" <[email protected]>
Hi Jacques,
thanks for your fast response.
Im not sure if this is exactly what i was searching for...
My intention is to restrict the access to certain catalogues on the
front
end (in the ecommerce shop).
For instance, i want a un-registered user to see just our empty front
page,
without any catalogues/products.
Signed-in users should see different catalogues based on new defined
roles
e.g.
user 1
"role 1"
catalogue 1
catalogue 3
user 2
"role 2"
catalogue 1
catalogue 2
i hope that there is a possibility to do this in the backend, because
i want
to generate rules as dynamic as
possible, it would be much more effort to edit all template (or similar)
files.
Is there any hint you could give me, where to start to achieve this? i
already found the possibility to bind
certain parties with a defined role to a catalogue, but i don't see
where
to define concrete rights for these
roles...
nevertheless, thank you and best regards,
Markus
--
View this message in context:
http://ofbiz.135035.n4.nabble.com/Catalog-category-privilegs-per-user-tp4634786p4634815.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
