[OFBiz] Dev - Problems with permissions calling order services from the ecommerce application

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Dev - Problems with permissions calling order services from the ecommerce application

Jacopo Cappellato
Hi all,

I'm adding to the ecommerce application the links to create, from a cart
or a shopping list, a new "request for quote".
The problem I'm facing is that these actions (internally) invoke many
services defined in the order component (for example "createQuote") that
require ORDER_CREATE permissions...
What is the best practice in this circumstance?

Thanks for your help,

Jacopo
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Dev - Problems with permissions calling order services from the ecommerce application

David E. Jones

Jacopo,

Generally the best practice is to allow the operation if the passed  
in UserLogin's partyId matches a partyId associated with the  
operation. This is the case for customer facing things in general.

I just looked at the CustRequest entity and there is no partyId on  
it, so I added a fromPartyId which is easier than trying to figure  
out which role in the CustRequestRole entity would be the "From" Party.

For the Quote entity there is a partyId on it that should be the  
customer's partyId.

Checking these would apply to at least the create operations for  
these services. I don't know that any update is needed from a  
customer perspective at this point, probably best to leave that as an  
administrative thing for now.

-David


On Sep 27, 2005, at 11:07 PM, Jacopo Cappellato wrote:

> Hi all,
>
> I'm adding to the ecommerce application the links to create, from a  
> cart or a shopping list, a new "request for quote".
> The problem I'm facing is that these actions (internally) invoke  
> many services defined in the order component (for example  
> "createQuote") that require ORDER_CREATE permissions...
> What is the best practice in this circumstance?
>
> Thanks for your help,
>
> Jacopo
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
>

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev

smime.p7s (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Dev - Problems with permissions calling order services from the ecommerce application

Jacopo Cappellato
David,

thanks for your help.

I did your way,

Jacopo

David E. Jones wrote:

>
> Jacopo,
>
> Generally the best practice is to allow the operation if the passed  in
> UserLogin's partyId matches a partyId associated with the  operation.
> This is the case for customer facing things in general.
>
> I just looked at the CustRequest entity and there is no partyId on  it,
> so I added a fromPartyId which is easier than trying to figure  out
> which role in the CustRequestRole entity would be the "From" Party.
>
> For the Quote entity there is a partyId on it that should be the  
> customer's partyId.
>
> Checking these would apply to at least the create operations for  these
> services. I don't know that any update is needed from a  customer
> perspective at this point, probably best to leave that as an  
> administrative thing for now.
>
> -David
>
>
> On Sep 27, 2005, at 11:07 PM, Jacopo Cappellato wrote:
>
>> Hi all,
>>
>> I'm adding to the ecommerce application the links to create, from a  
>> cart or a shopping list, a new "request for quote".
>> The problem I'm facing is that these actions (internally) invoke  many
>> services defined in the order component (for example  "createQuote")
>> that require ORDER_CREATE permissions...
>> What is the best practice in this circumstance?
>>
>> Thanks for your help,
>>
>> Jacopo
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>
>
> ------------------------------------------------------------------------
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev