OFBiz OFBiz - Dev

[OFBiz] Dev - System accounts

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
cjhowe
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Dev - System accounts

cjhowe
I'm not sure that I'm following where your issues are
but I'll take a stab at it none the less.

First, assuming this is a webapp,
Your custom application has a mount point (/myapp)
myapp will only respond to requests in the form of
/myapp/control/uri
All of the possible uri are listed in the
controller.xml file.  If you don't want one of the uri
to be called take it out of the uri.  

If it's not the uri that is the problem, but rather
the  name-value pairs can get you in trouble by giving
someone access to say a catalog that they should have
access to, then in the uri have it run a service to
validate they should have access to it.

Let me know if I've totally missed the crux of your
problem

========Ashish wrote:
Thanks Si for explaining this to me.

But, my problem arises from the fact that I need to
keep the core as-is & build a bunch of apps
around it. For instance, I have an order entry app
that will let users enter sales orders & create
customers. Now in this app, if I end up using OfBiz
services I have to give the corresponding
permissions for the services used to whoever is logged
in. This would mean that I end up giving
permissions to cretain other areas aswell which we
don't want these users to have. Also, the custom apps
we're developing are entirely differnt apps(from OFBiz
prespective).

One possible solution(from a post long ago) was to
restrict the links/forms/data available to a user
based on roles, but that in effect was not enough,
cause then somebody could type a URL & possibly
get to a restricted part or we'd have to make sure
that all our pages had some level of
security/role-authorization in the ftl. This part I
came across seems very interesting cause it makes
it possible for me to push in a login for services
only, which makes it possible to build my own
security defs using the existing framework & yet be
able to use the existing services.

Appreciate any thoughts or feedback
Ashish Hareet
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Free forum by Nabble Edit this page