OFBiz OFBiz - User

How to know what roles allow for which services?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Patrick-4
Reply | Threaded
Open this post in threaded view
|

How to know what roles allow for which services?

Patrick-4
I need to invoke the service [safeAddProductToCategory], but how do I
know which role to add?  Is there a list somewhere? Thanks Patrick
Ashish Vijaywargiya
Reply | Threaded
Open this post in threaded view
|

Re: How to know what roles allow for which services?

Ashish Vijaywargiya
What are you trying to achieve?

For more details on services you can refer following documents:
Beginner Guide: http://cwiki.apache.org/confluence/x/cQFk
Service Engine: http://cwiki.apache.org/confluence/x/M4Br

Role Based implementation can be done in Service Implementation itself.
For more details please refer following code present in
ProductServices.xml line # 841:

    <simple-method method-name="checkProductRelatedPermission"
short-description="Check Product Related Permission">
        <if-empty field="callingMethodName">
            <set value="this operation" field="callingMethodName"/>
        </if-empty>
        <if-empty field="checkAction">
            <set value="UPDATE" field="checkAction"/>
        </if-empty>

        <!-- find all role-categories that this product is a member of -->
        <if>
            <condition>
                <not><if-has-permission permission="CATALOG"
action="_${checkAction}"/></not>
            </condition>
            <then>
                <set from-field="parameters.productId"
field="lookupRoleCategoriesMap.productId"/>
                <set from-field="userLogin.partyId"
field="lookupRoleCategoriesMap.partyId"/>
                <set value="LTD_ADMIN"
field="lookupRoleCategoriesMap.roleTypeId"/>
                <find-by-and
entity-name="ProductCategoryMemberAndRole"
map="lookupRoleCategoriesMap" list="roleCategories"/>
                <filter-list-by-date list="roleCategories"/>
                <filter-list-by-date list="roleCategories"
from-field-name="roleFromDate" thru-field-name="roleThruDate"/>
            </then>
        </if>
        <if>
            <condition>
                <not>
                    <or>
                        <if-has-permission permission="CATALOG"
action="_${checkAction}"/>
                        <and>
                            <if-has-permission
permission="CATALOG_ROLE" action="_${checkAction}"/>
                            <not><if-empty field="roleCategories"/></not>
                        </and>
                        <and>
                            <not><if-empty
field="alternatePermissionRoot"/></not>
                            <if-has-permission
permission="${alternatePermissionRoot}" action="_${checkAction}"/>
                        </and>
                    </or>
                </not>
            </condition>
            <then>
                <add-error><fail-message message="Security Error: to
run ${callingMethodName} you must have the CATALOG_${checkAction} or
CATALOG_ADMIN permission or have the CATALOG_ROLE_${checkAction}
permission and be associated with a category containing this
product."/></add-error>
            </then>
        </if>
    </simple-method>

HTH!

--
Ashish


On Sat, Jan 30, 2010 at 3:08 AM, Patrick <[hidden email]> wrote:
> I need to invoke the service [safeAddProductToCategory], but how do I
> know which role to add?  Is there a list somewhere? Thanks Patrick
>
Free forum by Nabble Edit this page