[OFBiz] Dev - Problems with permissions calling order services from the ecommerce application

>
> Jacopo,
>
> Generally the best practice is to allow the operation if the passed  in
> UserLogin's partyId matches a partyId associated with the  operation.
> This is the case for customer facing things in general.
>
> I just looked at the CustRequest entity and there is no partyId on  it,
> so I added a fromPartyId which is easier than trying to figure  out
> which role in the CustRequestRole entity would be the "From" Party.
>
> For the Quote entity there is a partyId on it that should be the  
> customer's partyId.
>
> Checking these would apply to at least the create operations for  these
> services. I don't know that any update is needed from a  customer
> perspective at this point, probably best to leave that as an  
> administrative thing for now.
>
> -David
>
>
> On Sep 27, 2005, at 11:07 PM, Jacopo Cappellato wrote:
>
>> Hi all,
>>
>> I'm adding to the ecommerce application the links to create, from a  
>> cart or a shopping list, a new "request for quote".
>> The problem I'm facing is that these actions (internally) invoke  many
>> services defined in the order component (for example  "createQuote")
>> that require ORDER_CREATE permissions...
>> What is the best practice in this circumstance?
>>
>> Thanks for your help,
>>
>> Jacopo
>> _______________________________________________
>> Dev mailing list
>> [hidden email]
>> http://lists.ofbiz.org/mailman/listinfo/dev
>>
>
>
> ------------------------------------------------------------------------
>
>  
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev