It would be best to convert the existing service to use the permission
service feature, and then submit the patch to Jira. Service permission
refactorings of that type are welcome and they will likely get
committed fairly quickly. But, they will be applied to the trunk only,
so maybe you could have a R12 version of the patch also - so other R12
users can apply it.
-Adrian
Quoting JS <[email protected]>:
Hi,
I have a question related to OFBiz security best practices. I have a custom
application which I would like to use pieces of out of box functionality
that fit the requirement. Ideally, I would like to expose this functionality
to my custom app without giving users permissions for the framework apps
which ship with OFBiz.
I found the article written by HotWax here:
http://www.hotwaxmedia.com/ofbiz-tutorial-how-to-use-ecas-to-extend-service-permission/
and it's a concept that I would like to try out.
They use the Catalog app as an example, which uses the
"catalogCheckPermission" service for checking permissions. However, in the
Order app, for example, in some places (such as CreateOrder), there is a
hasPermission() method in the OrderService class itself, which then makes
calls to OFBizSecurity, and never calls another service that could be
extended using a SECA.
I'm wondering if there's a way, perhaps one that I'm not realizing, to
extend the security of Order permissions in the same was as the example I
posted above? Failing this, what would some other options be short of
explicitly assigning the users the role required?
For reference, I'm running OFBiz 12.04.01
Thanks!
Johnny
--
View this message in context:
http://ofbiz.135035.n4.nabble.com/OFBiz-Security-Extension-and-Best-Practice-tp4646412.html
Sent from the OFBiz - User mailing list archive at Nabble.com.
