Dev - Party Application

> hi list!
> I've sent one email to the list yesterday about not using the applications
> shipped with ofbiz framework and tryied to do some research on it.
> I figured out that the framework disposes a simple userlogin data model,
> in the security directory inside framework/ that is used as the base
> authentication for the framework. But further research pointed me
> that this model (and others too) is someway linked with the party
> application. I dont know about the other modules but the link in the
> user login data model is required, and very simple to change. The problem
> is: I dont know how deep is the link between the party application and the
> framework itself. I'm asking this cause I want to use the framework to develop
> my own set of application. I really liked this framework, it seems that I can
> develop stuffs much quickier, but I dont want to use the applications
> shipped with it, and I really dont know if this task is just as simples as
> remove the link between party and the framework from the datamodels inside the
> framework directory, or if the framework (CODE) is linked with this app.
>
> any one can point me some directioin on how to do this?
> best regards
>
> Carlos Barros
>
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
>

> hi list!
> I've sent one email to the list yesterday about not using the applications
> shipped with ofbiz framework and tryied to do some research on it.
> I figured out that the framework disposes a simple userlogin data model,
> in the security directory inside framework/ that is used as the base
> authentication for the framework. But further research pointed me
> that this model (and others too) is someway linked with the party
> application. I dont know about the other modules but the link in the
> user login data model is required, and very simple to change. The problem
> is: I dont know how deep is the link between the party application and the
> framework itself. I'm asking this cause I want to use the framework to develop
> my own set of application. I really liked this framework, it seems that I can
> develop stuffs much quickier, but I dont want to use the applications
> shipped with it, and I really dont know if this task is just as simples as
> remove the link between party and the framework from the datamodels inside the
> framework directory, or if the framework (CODE) is linked with this app.
>
> any one can point me some directioin on how to do this?
> best regards
>
> Carlos Barros
>
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

> hi list!
> I've sent one email to the list yesterday about not using the applications
> shipped with ofbiz framework and tryied to do some research on it.
> I figured out that the framework disposes a simple userlogin data model,
> in the security directory inside framework/ that is used as the base
> authentication for the framework. But further research pointed me
> that this model (and others too) is someway linked with the party
> application. I dont know about the other modules but the link in the
> user login data model is required, and very simple to change. The problem
> is: I dont know how deep is the link between the party application and the
> framework itself. I'm asking this cause I want to use the framework to develop
> my own set of application. I really liked this framework, it seems that I can
> develop stuffs much quickier, but I dont want to use the applications
> shipped with it, and I really dont know if this task is just as simples as
> remove the link between party and the framework from the datamodels inside the
> framework directory, or if the framework (CODE) is linked with this app.
>
> any one can point me some directioin on how to do this?
> best regards
>
> Carlos Barros
>
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

>
> Again this hasn't been thoroughly tested, but should work fine. If you do find any dependencies as you try it please let us know (perhaps with a Jira issue submission, but even a mailing list message, preferably on the users list as this is concerned more with the use of OFBiz than development of OFBiz).
>
> -David
>
>
> Carlos Barros wrote:
> > hi list!
> > I've sent one email to the list yesterday about not using the applications
> > shipped with ofbiz framework and tryied to do some research on it.
> > I figured out that the framework disposes a simple userlogin data model,
> > in the security directory inside framework/ that is used as the base
> > authentication for the framework. But further research pointed me
> > that this model (and others too) is someway linked with the party
> > application. I dont know about the other modules but the link in the
> > user login data model is required, and very simple to change. The problem
> > is: I dont know how deep is the link between the party application and the
> > framework itself. I'm asking this cause I want to use the framework to develop
> > my own set of application. I really liked this framework, it seems that I can
> > develop stuffs much quickier, but I dont want to use the applications
> > shipped with it, and I really dont know if this task is just as simples as
> > remove the link between party and the framework from the datamodels inside the
> > framework directory, or if the framework (CODE) is linked with this app.
> >
> > any one can point me some directioin on how to do this?
> > best regards
> >
> > Carlos Barros
> >
> >
> >  
> > _______________________________________________
> > Dev mailing list
> > [hidden email]
> > http://lists.ofbiz.org/mailman/listinfo/dev
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

> It should be possible to use everything in OFBiz except the applications by
> simply removing the applications directory and perhaps the reference to it
> in the component-load.xml file. We would like to make it possible to use
> the framework independently and so have reorganized things and made changes
> in this direction over the years, but I'm not aware of any extensive
> testing having been done on it for using it this way.
>
> The security data model only has one link to the party data model and that
> is the UserLogin.partyId field and the corresponding foreign key. If you
> comment out the relation tag to define it then it should work fine, and the
> partyId can be left null.
>
> Again this hasn't been thoroughly tested, but should work fine. If you do
> find any dependencies as you try it please let us know (perhaps with a Jira
> issue submission, but even a mailing list message, preferably on the users
> list as this is concerned more with the use of OFBiz than development of
> OFBiz).

> On Wednesday 26 April 2006 12:23, David E Jones
> wrote:
> > It should be possible to use everything in OFBiz
> except the applications by
> > simply removing the applications directory and
> perhaps the reference to it
> > in the component-load.xml file. We would like to
> make it possible to use
> > the framework independently and so have
> reorganized things and made changes
> > in this direction over the years, but I'm not
> aware of any extensive
> > testing having been done on it for using it this
> way.
> >
> > The security data model only has one link to the
> party data model and that
> > is the UserLogin.partyId field and the
> corresponding foreign key. If you
> > comment out the relation tag to define it then it
> should work fine, and the
> > partyId can be left null.
> >
> > Again this hasn't been thoroughly tested, but
> should work fine. If you do
> > find any dependencies as you try it please let us
> know (perhaps with a Jira
> > issue submission, but even a mailing list message,
> preferably on the users
> > list as this is concerned more with the use of
> OFBiz than development of
> > OFBiz).
>
> There seems to be a little schizophernia in the
> OFBiz applications when it
> comes to separating parties from user logins. I find
> myself needing role
> oriented security for many applications that our
> clients are developing and
> the framework tends to favor parties as the
> connection point for that to
> happen. For instance, websites in the content system
> and stores in the
> catalog system both grant roles to users through
> associations to parties
> (typically with time filtering). That's fine but it
> would seem that if the
> recommended approach is through UserLogins then we
> should see those roles
> associated with that entity instead of a Party. I'm
> fine with either approach
> and even like/prefer the idea of those things using
> UserLogins instead of
> Parties but that isn't the current methodology.
>
> --
> Ean Schuessler, CTO
> [hidden email]
> 214-720-0700 x 315
> Brainfood, Inc.
> http://www.brainfood.com
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
>

> Take for example the
> scenario that a sales rep has.  Having the current
> setup allows a sales rep to use one user name and see
> his cost for the product when he is in private.  Then
> have him use a different user name when he is infront
> of his client where he certainly doesn't want to
> reveal his cost, but rather his client's cost.  This
> allows the salesrep to learn only one application.  In
> addition if a username is abandoned, it doesn't
> abandon the record of the person.

> I think the link to party instead of userlogin is to
> allow the same party to limit their permissions by how
> they're logged in (since one party may have multiple
> user names) but still be able to track all the actions
> of that person as one person.  Take for example the
> scenario that a sales rep has.  Having the current
> setup allows a sales rep to use one user name and see
> his cost for the product when he is in private.  Then
> have him use a different user name when he is infront
> of his client where he certainly doesn't want to
> reveal his cost, but rather his client's cost.  This
> allows the salesrep to learn only one application.  In
> addition if a username is abandoned, it doesn't
> abandon the record of the person.
>
> --- Ean Schuessler <[hidden email]> wrote:
>
>
>>On Wednesday 26 April 2006 12:23, David E Jones
>>wrote:
>>
>>>It should be possible to use everything in OFBiz
>>
>>except the applications by
>>
>>>simply removing the applications directory and
>>
>>perhaps the reference to it
>>
>>>in the component-load.xml file. We would like to
>>
>>make it possible to use
>>
>>>the framework independently and so have
>>
>>reorganized things and made changes
>>
>>>in this direction over the years, but I'm not
>>
>>aware of any extensive
>>
>>>testing having been done on it for using it this
>>
>>way.
>>
>>>The security data model only has one link to the
>>
>>party data model and that
>>
>>>is the UserLogin.partyId field and the
>>
>>corresponding foreign key. If you
>>
>>>comment out the relation tag to define it then it
>>
>>should work fine, and the
>>
>>>partyId can be left null.
>>>
>>>Again this hasn't been thoroughly tested, but
>>
>>should work fine. If you do
>>
>>>find any dependencies as you try it please let us
>>
>>know (perhaps with a Jira
>>
>>>issue submission, but even a mailing list message,
>>
>>preferably on the users
>>
>>>list as this is concerned more with the use of
>>
>>OFBiz than development of
>>
>>>OFBiz).
>>
>>There seems to be a little schizophernia in the
>>OFBiz applications when it
>>comes to separating parties from user logins. I find
>>myself needing role
>>oriented security for many applications that our
>>clients are developing and
>>the framework tends to favor parties as the
>>connection point for that to
>>happen. For instance, websites in the content system
>>and stores in the
>>catalog system both grant roles to users through
>>associations to parties
>>(typically with time filtering). That's fine but it
>>would seem that if the
>>recommended approach is through UserLogins then we
>>should see those roles
>>associated with that entity instead of a Party. I'm
>>fine with either approach
>>and even like/prefer the idea of those things using
>>UserLogins instead of
>>Parties but that isn't the current methodology.
>>
>>--
>>Ean Schuessler, CTO
>>[hidden email]
>>214-720-0700 x 315
>>Brainfood, Inc.
>>http://www.brainfood.com
>>
>>_______________________________________________
>>Dev mailing list
>>[hidden email]
>>http://lists.ofbiz.org/mailman/listinfo/dev
>>
>
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
>

> On Wednesday 26 April 2006 23:12, Chris Howe wrote:
> > I think the link to party instead of userlogin is
> to
> > allow the same party to limit their permissions by
> how
> > they're logged in (since one party may have
> multiple
> > user names) but still be able to track all the
> actions
> > of that person as one person.
>
> I don't think it lets you do that. Since the
> association is by party, the
> UserLogin will have no influence over the behavior
> of the application.
>
> > Take for example the
> > scenario that a sales rep has.  Having the current
> > setup allows a sales rep to use one user name and
> see
> > his cost for the product when he is in private.
> Then
> > have him use a different user name when he is
> infront
> > of his client where he certainly doesn't want to
> > reveal his cost, but rather his client's cost.
> This
> > allows the salesrep to learn only one application.
>  In
> > addition if a username is abandoned, it doesn't
> > abandon the record of the person.
>
> Association by UserLogin would not prevent pricing
> by Party. Since there is
> only one Party associated with a given UserLogin you
> can still do Party based
> operations from the UserLogin. The only negative
> side effect is that all the
> Parties in these types of roles (ie. Vendor, etc.)
> would have to have
> UserLogins and that seems a little undesirable.
>
> --
> Ean Schuessler, CTO
> [hidden email]
> 214-720-0700 x 315
> Brainfood, Inc.
> http://www.brainfood.com
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
>

> We set up what we call an Organization Context. There can be any number of
> Organization Contexts set up. Parties are related to particular
> Organization Contexts. When the user logs into OFBiz, they are required to
> select one of the Organization Contexts that they have been associated
> with. We redesigned the UI to allow the logged-in party to interact only
> with data that is somehow related to the Organization Context they are
> logged into.
>
> Using a system like this, a sales rep with a single Userlogin could log
> into one of two Organization Contexts: Retail or Wholesale.

> On Thursday 27 April 2006 10:15, Adrian Crum wrote:
>
>>We set up what we call an Organization Context. There can be any number of
>>Organization Contexts set up. Parties are related to particular
>>Organization Contexts. When the user logs into OFBiz, they are required to
>>select one of the Organization Contexts that they have been associated
>>with. We redesigned the UI to allow the logged-in party to interact only
>>with data that is somehow related to the Organization Context they are
>>logged into.
>>
>>Using a system like this, a sales rep with a single Userlogin could log
>>into one of two Organization Contexts: Retail or Wholesale.
>
>
> That sounds a little like two separate stores... one retail and one wholesale.
> Would that approach have worked as well?
>

> Security groups are associated with user login (and
> security permissions with security groups), not with
> party.  Security groups (has_permission in ftl,
> if-has-permission in screen widget) is (or should be)
> how it's controlled on the application level.  I'm not
> saying that much thought has made it into OFBiz in
> this regard thus far.  But, in the sales rep example,
> replogin1 would have the security group of say
> WHOLESALE_VIEW, so if you took the ecommerce
> application and added a bit of code to display product
> cost ie..
>
>
> <#if has_permission("WHOLESALE", "_VIEW", session)>
> ${productPrice.averageCost}
> </#if>
>
> salesrep logged in as replogin1 would see it, where
> logged in as replogin2 who does not have that security
> permission (or group that has that permission) would
> not see that line (my syntax may be slightly off in
> the example)
>
> In summary, it's my understanding that the data layer
> is what is checking the associated parties, and the
> application layer is controlling the permissions.
>
> --- Ean Schuessler <[hidden email]> wrote:
>
>> On Wednesday 26 April 2006 23:12, Chris Howe wrote:
>>> I think the link to party instead of userlogin is
>> to
>>> allow the same party to limit their permissions by
>> how
>>> they're logged in (since one party may have
>> multiple
>>> user names) but still be able to track all the
>> actions
>>> of that person as one person.
>> I don't think it lets you do that. Since the
>> association is by party, the
>> UserLogin will have no influence over the behavior
>> of the application.
>>
>>> Take for example the
>>> scenario that a sales rep has.  Having the current
>>> setup allows a sales rep to use one user name and
>> see
>>> his cost for the product when he is in private.
>> Then
>>> have him use a different user name when he is
>> infront
>>> of his client where he certainly doesn't want to
>>> reveal his cost, but rather his client's cost.
>> This
>>> allows the salesrep to learn only one application.
>>  In
>>> addition if a username is abandoned, it doesn't
>>> abandon the record of the person.
>> Association by UserLogin would not prevent pricing
>> by Party. Since there is
>> only one Party associated with a given UserLogin you
>> can still do Party based
>> operations from the UserLogin. The only negative
>> side effect is that all the
>> Parties in these types of roles (ie. Vendor, etc.)
>> would have to have
>> UserLogins and that seems a little undesirable.
>>
>> --
>> Ean Schuessler, CTO
>> [hidden email]
>> 214-720-0700 x 315
>> Brainfood, Inc.
>> http://www.brainfood.com
>>  
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev