|
In the file /framework/service/src/org/ofbiz/service/ModelPermission.java taken from the trunk.
I noticed that a block of code org.ofbiz.service.ModelPermission.evalRoleMember() was disabled.
private boolean evalRoleMember(GenericValue userLogin) {
if (nameOrRole == null) {
Debug.logWarning("Null role type name passed for evaluation", module);
return false;
}
GenericDelegator delegator = userLogin.getDelegator();
List<GenericValue> partyRoles = null;
/** (jaz) THIS IS NOT SECURE AT ALL
try {
partyRoles = delegator.findByAnd("PartyRole", "roleTypeId", nameOrRole, "partyId", userLogin.get("partyId"));
} catch (GenericEntityException e) {
Debug.logError(e, "Unable to lookup PartyRole records", module);
}
**/
if (UtilValidate.isNotEmpty(partyRoles)) {
//wt;
//partyRoles = EntityUtil.filterByDate(partyRoles);
if (UtilValidate.isNotEmpty(partyRoles)) {
return true;
}
}
return false;
}
Could someone tell me why this is so?
Thanks in advance.
|