I understand. But that wouldn't explain things like <html-template location="component://learning/webapp/ learning/entityaccess/displaydataretrieved.ftl"/>
or <include-form name="ScriptNameForm" location="component://learning/widget/ learning/LearningForms.xml"/> or <script location="component://learning/webapp/learning/ WEB-INF/actions/entityaccess/processEntityAccessBSF.bsh"/> or <xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/ simple-methods.xsd"> Anyways, as I said, not a problem for me. I just thought I'd let you guys know in case you wanted to pursue it or not. I am onto Chapter 12 now. Thanks for helping me over the hump! On 22 June 2015 at 13:03, Jacques Le Roux <[email protected]> wrote: > Le 21/06/2015 17:26, Brad Smith a écrit : > >> OK, thanks Jacques. I will continue on with examples I can do. >> >> The Safari version doesn't have page numbers because each chapter has it's >> own entire page, but the example I gave was in Chapter 8, under section >> "The Generic Screen". But as I said, it's just one example. On the Safari >> version it crops up in almost every example where there's a URI or URL, so >> maybe there's an issue with the conversion from original format to Safari >> format. Anyway, just thought I'd raise it. >> > > It seems that when Packt published the book they (could be an author's > decision) decided to put an empty space after a parameter when used in an > URL like in > {OFBizInstallFolder} \runtime\logs > But plain URLs have not this. > > Jacques > > > >> On 21 June 2015 at 16:58, Jacques Le Roux <[email protected]> >> wrote: >> >> Le 20/06/2015 12:04, Brad Smith a écrit : >>> >>> Gentlemen, >>>> >>>> Good news. I made the recommended underscore change and both the >>>> >>>> <check-permission permission="LEARN" action="_VIEW"/> and >>>> <check-permission >>>> permission="LEARN" action="_ADMIN"/> >>>> >>>> examples worked. Thanks for that! >>>> >>>> However, in the next example under the Role Checks section, I hit a new >>>> problem. >>>> >>>> I changed my service definition to look like >>>> >>>> <service name="learningCallingServiceOneWithPermission" >>>> engine="java" >>>> location="org.ofbiz.learning.learning.LearningServices" >>>> invoke="callingServiceOne"> >>>> <description>First Service Called From The >>>> Controller</description> >>>> <required-permissions join-type="OR"> >>>> <check-role-member role-type="CUSTOMER"/> >>>> </required-permissions> >>>> <implements service="learningInterface"/> >>>> </service> >>>> >>>> In ModelPermission.java I also commented out >>>> >>>> partyRoles = EntityUtil.filterByDate(partyRoles); >>>> >>>> which is now on line 109, and rebuilt. >>>> >>>> I tried with line 109 both commented and uncommented, but in neither >>>> case >>>> was either 'allowed' or 'denied' able to invoke the service. >>>> >>>> Any suggestions? >>>> >>>> Forget about check-role-member, it's deprecated, see >>> http://ofbiz.apache.org/dtds/services.xsd >>> >>> Regarding the bug bush, we are currently reviewing a couple of >>> different >>> >>>> frameworks, so if we decide to go with OFBiz, I'll let you know. >>>> >>>> PS. I should point out that I am reading the online version of the book >>>> at >>>> Safari Books. I'm not sure how the books get on there so maybe the >>>> underscore was some sort of OCR error? >>>> >>>> No, it's indeed in the printed version I have >>> >>> >>> PPS. Also, I've found that whenever there's a URL or URI somewhere in >>> >>>> example code, it adds a whitespace character in the middle of it, e.g. >>>> below: >>>> >>>> <screen name="ProcessEntityAccessBSF"> >>>> <section> >>>> <actions> >>>> <script location="component://learning/webapp/learning/ >>>> WEB-INF/actions/entityaccess/processEntityAccessBSF.bsh"/> >>>> </actions> >>>> <widgets> >>>> <decorator-screen name="main-decorator" >>>> location="${parameters.mainDecoratorLocation}"> >>>> <decorator-section name="title"> >>>> <label text="Generic Screen for Displaying Data >>>> Retrieved"/> >>>> </decorator-section> >>>> <decorator-section name="body"> >>>> <include-form name="ScriptNameForm" >>>> location="component://learning/widget/ learning/LearningForms.xml"/> >>>> <section> >>>> <condition><not> <if-empty >>>> field-name="parameters.scriptName"/> </not></condition> >>>> <widgets> >>>> <platform-specific><html> >>>> <html-template >>>> location="component://learning/webapp/ >>>> learning/entityaccess/displaydataretrieved.ftl"/> >>>> </html></platform-specific> >>>> </widgets> >>>> </section> >>>> </decorator-section> >>>> </decorator-screen> >>>> </widgets> >>>> </section> >>>> </screen> >>>> >>>> I haven't worked out the pattern of when it appears, and it wasn't a >>>> major >>>> issue. Just mildly annoying, but it could cause confusion for novice >>>> users. >>>> >>>> If you give me the page number I could check it's also in the book >>> >>> Jacques >>> >>> >>> >>> >>> On 18 June 2015 at 14:12, Jacques Le Roux <[email protected] >>>> > >>>> wrote: >>>> >>>> Guys like you are welcome, we could even have a bug bash sometimes >>>>> >>>>> https://en.wikipedia.org/wiki/Bug_bash >>>> >>>> Jacques >>>>> >>>>> >>>>> Le 18/06/2015 12:57, Brad Smith a écrit : >>>>> >>>>> Merci! >>>>>> >>>>>> I will have a bash at it again when I get home tonight. Don't be too >>>>>> hard >>>>>> on yourself. I am notorious for being thorough and annoying because of >>>>>> >>>>>> it. >>>>> :) I am sure I pay for my sins in other ways... :p >>>>> >>>>>> Will let you know how I get on. >>>>>> >>>>>> On 18 June 2015 at 05:42, Jacques Le Roux < >>>>>> [email protected] >>>>>> wrote: >>>>>> >>>>>> Le 16/06/2015 13:49, Brad Smith a écrit : >>>>>> >>>>>>> My bad, the question should rather be, is two-part permissions >>>>>>> >>>>>>>> approach >>>>>>>> deprecated? >>>>>>>> >>>>>>>> Actually no, it's still usable, look for "check-permission" at >>>>>>>> >>>>>>> >>>>>>> >>>> https://cwiki.apache.org/confluence/display/OFBADMIN/Mini+Language+-+minilang+-+simple-method+-+Reference >>>> >>>> Note that to effectively work it needs to be followed by a >>>>> >>>>>> <check-permission> as explained here >>>>>>> http://markmail.org/message/dnlrev5pnj7brhfm >>>>>>> >>>>>>> As a reviewer of this book, I'm embarrassed to say it, but after 8 >>>>>>> years >>>>>>> you clearly found a typo, the underscore is missing. As looking for >>>>>>> examples in OFBiz shows, it should be >>>>>>> <check-permission permission="LEARN" action="_VIEW"/> >>>>>>> >>>>>>> If you are interested in more details about OFBiz Security >>>>>>> Permissions >>>>>>> >>>>>>> the >>>>>> >>>>> reference so far is >>>>> >>>>>> >>>>>>> >>>> https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Security+Permissions >>>> >>>> that I completely rewrote last year. >>>>> >>>>>> Jacques >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 16 June 2015 at 13:43, Brad Smith <[email protected]> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> I am currently running through Apache OFBiz Development: The >>>>>>>>> >>>>>>>>> Beginner's >>>>>>>> >>>>>>> Tutorial by Howell and Wong. >>>>> >>>>>> I have my dev environment setup in IntelliJ and so far the examples >>>>>>>>> >>>>>>>>> have >>>>>>>> >>>>>>> all more-or-less worked. I am up to Chapter 11, Permissions and the >>>>> >>>>>> Service >>>>>>>>> Engine and have hit some issues. >>>>>>>>> >>>>>>>>> The example setup in the "learning" component is as follows: >>>>>>>>> >>>>>>>>> ${component:learning}\servicedef\services.xml >>>>>>>>> --------------------------------------------- >>>>>>>>> >>>>>>>>> <service name="learningCallingServiceOneWithPermission" >>>>>>>>> engine="java" >>>>>>>>> location="org.ofbiz.learning.learning.LearningServices" >>>>>>>>> invoke="callingServiceOne"> >>>>>>>>> <description>First Service Called From The Controller</description> >>>>>>>>> <required-permissions join-type="OR"> >>>>>>>>> <check-permission permission="LEARN_VIEW"/> >>>>>>>>> </required-permissions> >>>>>>>>> <implements service="learningInterface"/> >>>>>>>>> </service> >>>>>>>>> >>>>>>>>> ${webapp:learning}\WEB-INF\controller.xml >>>>>>>>> ----------------------------------------- >>>>>>>>> >>>>>>>>> <request-map uri="TestPermissions"> >>>>>>>>> <security auth="true" https="true"/> >>>>>>>>> <response name="success" type="view" >>>>>>>>> value="TestCallingServicesWithPermission"/> >>>>>>>>> <response name="error" type="view" value="login"/> >>>>>>>>> </request-map> >>>>>>>>> <request-map uri="TestCallingServicesWithPermission"> >>>>>>>>> <security auth="true" https="true"/> >>>>>>>>> <event type="service" >>>>>>>>> >>>>>>>>> invoke="learningCallingServiceOneWithPermission"/> >>>>>>>> >>>>>>> <response name="success" type="view" >>>>> >>>>>> value="TestCallingServicesWithPermission"/> >>>>>>>>> <response name="error" type="view" >>>>>>>>> value="TestCallingServicesWithPermission"/> >>>>>>>>> </request-map> >>>>>>>>> >>>>>>>>> and >>>>>>>>> >>>>>>>>> <view-map name="TestCallingServicesWithPermission" type="screen" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>> page="component://learning/widget/learning/LearningScreens.xml#TestCallingServicesWithPermission"/> >>>> >>>> ${component:learning}\widget\learning\LearningScreens.xml >>>>> >>>>>> --------------------------------------------------------- >>>>>>>>> >>>>>>>>> <screen name="TestFirstService"> >>>>>>>>> <section> >>>>>>>>> <widgets> >>>>>>>>> <section> >>>>>>>>> <condition><if-empty >>>>>>>>> field-name="formTarget"/></condition> >>>>>>>>> <actions> >>>>>>>>> <set field="formTarget" >>>>>>>>> >>>>>>>>> value="TestFirstService"/> >>>>>>>> >>>>>>> <set field="title" value="Testing Our First >>>>> >>>>>> Service"/> >>>>>>>>> </actions> >>>>>>>>> <widgets/> >>>>>>>>> </section> >>>>>>>>> <decorator-screen name="main-decorator" >>>>>>>>> location="${parameters.mainDecoratorLocation}"> >>>>>>>>> <decorator-section name="body"> >>>>>>>>> <include-form name="TestingServices" >>>>>>>>> location="component://learning/widget/learning/LearningForms.xml"/> >>>>>>>>> <label text="Full Name: >>>>>>>>> >>>>>>>>> ${parameters.fullName}"/> >>>>>>>> >>>>>>> </decorator-section> >>>>> >>>>>> </decorator-screen> >>>>>>>>> </widgets> >>>>>>>>> </section> >>>>>>>>> </screen> >>>>>>>>> ... >>>>>>>>> <screen name="TestCallingServicesWithPermission"> >>>>>>>>> <section> >>>>>>>>> <actions><set field="formTarget" >>>>>>>>> value="TestCallingServicesWithPermission"/> >>>>>>>>> </actions> >>>>>>>>> <widgets> >>>>>>>>> <include-screen name="TestFirstService"/> >>>>>>>>> </widgets> >>>>>>>>> </section> >>>>>>>>> </screen> >>>>>>>>> >>>>>>>>> ${component:learning}\widget\learning\LearningForms.xml >>>>>>>>> ------------------------------------------------------- >>>>>>>>> >>>>>>>>> <form name="TestingServices" type="single" target="${formTarget}"> >>>>>>>>> <field name="firstName"><text/></field> >>>>>>>>> <field name="lastName"><text/></field> >>>>>>>>> <field name="planetId"><text/></field> >>>>>>>>> <field name="submit"><submit/></field> >>>>>>>>> </form> >>>>>>>>> >>>>>>>>> With regards to permissions, I have them set up as follows as per >>>>>>>>> >>>>>>>>> Chapter >>>>>>>> >>>>>>> 9: >>>>> >>>>>> User Security Group SecurityPermission >>>>>>>>> User/Security Group From Date User/Security Group Thru >>>>>>>>> Date >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>> ------------------------------------------------------------------------------------------------------------------------------------- >>>> >>>> allowed LEARNSCREENS LEARN_VIEW >>>>> >>>>>> 2015-06-15 19:34:15.832 NULL >>>>>>>>> denied LEARNSCREENS LEARN_VIEW >>>>>>>>> 2015-06-13 18:57:44.724 2015-06-13 18:57:44.724 >>>>>>>>> " LEARNSCREENS LEARN_VIEW >>>>>>>>> 2015-06-13 18:57:44.000 2015-06-13 19:33:47.000 >>>>>>>>> >>>>>>>>> Under the above configuration, the permissions checks work as >>>>>>>>> >>>>>>>>> advertised, >>>>>>>> >>>>>>> and "allowed" is able to call the service while "denied" is not. >>>>> >>>>>> The next section of the chapter talks about two-part permissions, and >>>>>>>>> makes the following changes to the configuration. Apparently, OFBiz >>>>>>>>> is >>>>>>>>> supposed to interpret the underscore in permission attribute as >>>>>>>>> some >>>>>>>>> >>>>>>>>> sort >>>>>>>> >>>>>>> of tokenising character, where the first token "LEARN" becomes the >>>>> >>>>>> permission, and the second part "VIEW" becomes an action. This seems >>>>>>>>> "loose" to me but nevertheless. >>>>>>>>> >>>>>>>>> ${component:learning}\servicedef\services.xml >>>>>>>>> --------------------------------------------- >>>>>>>>> >>>>>>>>> <check-permission permission="LEARN_VIEW"/> >>>>>>>>> >>>>>>>>> becomes >>>>>>>>> >>>>>>>>> <check-permission permission="LEARN" action="VIEW"/> >>>>>>>>> >>>>>>>>> According to the text, the authorisation behaviour should remain >>>>>>>>> >>>>>>>>> exactly >>>>>>>> >>>>>>> the same. In other words, the check-permission elements are >>>>> >>>>>> equivalent. >>>>>>>> >>>>>>> But >>>>> >>>>>> this is not the case. Under the modified configuration, neither >>>>>>>>> >>>>>>>>> "allowed" >>>>>>>> >>>>>>> nor "denied" are able to call the service. I also don't see a "LEARN" >>>>> >>>>>> item >>>>>>>>> in the SecurityPermission entity anywhere, so I don't see how this >>>>>>>>> >>>>>>>>> should >>>>>>>> >>>>>>> work in the first place. >>>>> >>>>>> Is this tokenised approach deprecated? Or is there something else >>>>>>>>> >>>>>>>>> going >>>>>>>> >>>>>>> on? >>>>> >>>>>> >>>>>>>>> >>>>>>>>>
