CMS viewContentPermission

> Is there any reason why ContentPermission.viewContentPermission does not
> need the same code as updateContentPermission that sets "checkId"? Below is
> some code where I have added that code.
>
>    <simple-method method-name="viewContentPermission"
> short-description="Check user can view content">
>        <!-- if called directly check the main permission -->
>        <if-empty field-name="hasPermission">
>            <set field="primaryPermission" value="CONTENTMGR"/>
>            <set field="mainAction" value="VIEW"/>
>            <call-simple-method method-name="genericBasePermissionCheck"
>
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
>        </if-empty>
>
>        <!-- check content role permission -->
>        <set field="primaryPermission" value="CONTENTMGR_ROLE"/>
>        <call-simple-method method-name="genericBasePermissionCheck"
>
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
>
>        <!-- must have the security permission to continue -->
>        <if>
>            <condition>
>                <if-compare field-name="hasPermission" value="true"
> type="Boolean" operator="equals"/>
>            </condition>
>            <then>
>                <!-- if no operation is passed; we use the CONTENT_VIEW
> operation -->
>                <if-empty field-name="parameters.contentOperationId">
>                    <set field="parameters.contentOperationId"
> value="CONTENT_VIEW"/>
>                </if-empty>
>
>                <!-- I see a need to add this group -->
>                <!-- contentId is required for update checking -->
>                <if-empty field-name="contentId">
>                    <set field="contentId" from-field="parameters.contentId
> "/>
>                </if-empty>
>                <if-empty field-name="contentId">
>                    <add-error><fail-message message="Content Permission
> Service VIEW requires a contentId!"/></add-error>
>                </if-empty>
>                <check-errors/>
>
>                <!-- grab the current requested content record -->
>                <entity-one entity-name="Content" value-name="content">
>                    <field-map field-name="contentId" env-name="contentId"/>
>                </entity-one>
>
>                <!-- check the operation security -->
>                <set field="contentOperationId" from-field="
> parameters.contentOperationId"/>
>                <set field="content" from-field="content"/>
>                <!-- I see a need to add this line -->
>                <set field="checkId" from-field="contentId"/>
>                <call-simple-method
> method-name="checkContentOperationSecurity"/>
>            </then>
>        </if>
>    </simple-method>
>
> -Al
>

>
>
> What code have you added? Could you send a (proposed) patch to make it
> easier to track that down?
>
> -David
>
>
> Al Byers wrote:
> > Is there any reason why ContentPermission.viewContentPermission does not
> > need the same code as updateContentPermission that sets "checkId"? Below
> is
> > some code where I have added that code.
> >
> >    <simple-method method-name="viewContentPermission"
> > short-description="Check user can view content">
> >        <!-- if called directly check the main permission -->
> >        <if-empty field-name="hasPermission">
> >            <set field="primaryPermission" value="CONTENTMGR"/>
> >            <set field="mainAction" value="VIEW"/>
> >            <call-simple-method method-name="genericBasePermissionCheck"
> >
> >
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
> >        </if-empty>
> >
> >        <!-- check content role permission -->
> >        <set field="primaryPermission" value="CONTENTMGR_ROLE"/>
> >        <call-simple-method method-name="genericBasePermissionCheck"
> >
> >
> xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
> >
> >        <!-- must have the security permission to continue -->
> >        <if>
> >            <condition>
> >                <if-compare field-name="hasPermission" value="true"
> > type="Boolean" operator="equals"/>
> >            </condition>
> >            <then>
> >                <!-- if no operation is passed; we use the CONTENT_VIEW
> > operation -->
> >                <if-empty field-name="parameters.contentOperationId">
> >                    <set field="parameters.contentOperationId"
> > value="CONTENT_VIEW"/>
> >                </if-empty>
> >
> >                <!-- I see a need to add this group -->
> >                <!-- contentId is required for update checking -->
> >                <if-empty field-name="contentId">
> >                    <set field="contentId" from-field="
> parameters.contentId
> > "/>
> >                </if-empty>
> >                <if-empty field-name="contentId">
> >                    <add-error><fail-message message="Content Permission
> > Service VIEW requires a contentId!"/></add-error>
> >                </if-empty>
> >                <check-errors/>
> >
> >                <!-- grab the current requested content record -->
> >                <entity-one entity-name="Content" value-name="content">
> >                    <field-map field-name="contentId"
> env-name="contentId"/>
> >                </entity-one>
> >
> >                <!-- check the operation security -->
> >                <set field="contentOperationId" from-field="
> > parameters.contentOperationId"/>
> >                <set field="content" from-field="content"/>
> >                <!-- I see a need to add this line -->
> >                <set field="checkId" from-field="contentId"/>
> >                <call-simple-method
> > method-name="checkContentOperationSecurity"/>
> >            </then>
> >        </if>
> >    </simple-method>
> >
> > -Al
> >
>