Hi,
in the https://localhost:8443/webtools/control/EditSecurityGroupPermissionsscreen, using the Add Permission (manually) to Security Group form, it is possible to add a non existent SecurityPermission to a SecurityPermissionGroup. Is this correct? Shouldn't any permission always be defined properly in the SecurityPermission entity before being referenced in a SecurityPermissionGroup? Thank you, Bruno |
http://ofbiz.135035.n4.nabble.com/security-permission-td154203.html#a154208
Regards Scott HotWax Media http://www.hotwaxmedia.com On 12/04/2011, at 10:38 PM, Bruno Busco wrote: > Hi, > in the https://localhost:8443/webtools/control/EditSecurityGroupPermissionsscreen, > using the Add Permission (manually) to Security Group form, it is > possible to add a non existent SecurityPermission to a > SecurityPermissionGroup. > Is this correct? > > Shouldn't any permission always be defined properly in the > SecurityPermission entity before being referenced in a > SecurityPermissionGroup? > > Thank you, > Bruno smime.p7s (3K) Download Attachment |
Hi Scott,
many thanks for the pointer. This was definitively a well discussed topic. Personally I do not agree with how it it designed right now (with the no-fk) for this two reasons: 1) If a SecurityPermission has not its own entity record there will never be a description field where the user can understand (or remember) what that permission is supposed to be used for. 2) There is no check that an already defined PermissionId is not used again for a different purpose in a different part of the code. Thank you, Bruno 2011/4/13 Scott Gray <[hidden email]> > http://ofbiz.135035.n4.nabble.com/security-permission-td154203.html#a154208 > > Regards > Scott > > HotWax Media > http://www.hotwaxmedia.com > > On 12/04/2011, at 10:38 PM, Bruno Busco wrote: > > > Hi, > > in the > https://localhost:8443/webtools/control/EditSecurityGroupPermissionsscreen > , > > using the Add Permission (manually) to Security Group form, it is > > possible to add a non existent SecurityPermission to a > > SecurityPermissionGroup. > > Is this correct? > > > > Shouldn't any permission always be defined properly in the > > SecurityPermission entity before being referenced in a > > SecurityPermissionGroup? > > > > Thank you, > > Bruno > > |
Administrator
|
Yes, but how would you handle the thousand possible entities for entity permissions as outlined David?
Jacques From: "Bruno Busco" <[hidden email]> > Hi Scott, > many thanks for the pointer. This was definitively a well discussed topic. > > Personally I do not agree with how it it designed right now (with the no-fk) > for this two reasons: > 1) If a SecurityPermission has not its own entity record there will never be > a description field where the user can understand (or remember) what that > permission is supposed to be used for. > 2) There is no check that an already defined PermissionId is not used again > for a different purpose in a different part of the code. > > Thank you, > Bruno > > 2011/4/13 Scott Gray <[hidden email]> > >> http://ofbiz.135035.n4.nabble.com/security-permission-td154203.html#a154208 >> >> Regards >> Scott >> >> HotWax Media >> http://www.hotwaxmedia.com >> >> On 12/04/2011, at 10:38 PM, Bruno Busco wrote: >> >> > Hi, >> > in the >> https://localhost:8443/webtools/control/EditSecurityGroupPermissionsscreen >> , >> > using the Add Permission (manually) to Security Group form, it is >> > possible to add a non existent SecurityPermission to a >> > SecurityPermissionGroup. >> > Is this correct? >> > >> > Shouldn't any permission always be defined properly in the >> > SecurityPermission entity before being referenced in a >> > SecurityPermissionGroup? >> > >> > Thank you, >> > Bruno >> >> > |
Free forum by Nabble | Edit this page |