Hi, I have a question related to OFBiz security best practices. I have a custom application which I would like to use pieces of out of box functionality that fit the requirement. Ideally, I would like to expose this functionality to my custom app without giving users permissions for the framework apps which ship with OFBiz.
I found the article written by HotWax here: http://www.hotwaxmedia.com/ofbiz-tutorial-how-to-use-ecas-to-extend-service-permission/ and it's a concept that I would like to try out. They use the Catalog app as an example, which uses the "catalogCheckPermission" service for checking permissions. However, in the Order app, for example, in some places (such as CreateOrder), there is a hasPermission() method in the OrderService class itself, which then makes calls to OFBizSecurity, and never calls another service that could be extended using a SECA. I'm wondering if there's a way, perhaps one that I'm not realizing, to extend the security of Order permissions in the same was as the example I posted above? Failing this, what would some other options be short of explicitly assigning the users the role required? For reference, I'm running OFBiz 12.04.01 Thanks! Johnny -- View this message in context: http://ofbiz.135035.n4.nabble.com/OFBiz-Security-Extension-and-Best-Practice-tp4646412.html Sent from the OFBiz - User mailing list archive at Nabble.com.
