OFBiz OFBiz - Dev

[OFBiz] Dev - data based permissions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Alexandre Gomes-8
Reply | Threaded
Open this post in threaded view
|

[OFBiz] Dev - data based permissions

Alexandre Gomes-8
Hello Ofbiz community,

I need to give viewing permission to a page using data based permission not
funcionality based permission.
For instance instead of the following code :

<if-has-permission action="_VIEW"  permission="PARTYMGR"/>

I would like to have something like :

<if-has-permission action="_VIEW"  permission="PARTYMGR" entity="Party" role="member"/>

Does anyone have any sugestion?


Thank you,
Alexandre Gomes
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
David E. Jones
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Dev - data based permissions

David E. Jones

Alexandre,

What would this do:

<if-has-permission action="_VIEW"  permission="PARTYMGR"  
entity="Party" role="member"/>

when you say role="member" do you mean that the PartyRole entity  
should be considered somehow?

Usually data-level (as opposed to functionality level) security is  
handled through some sort of chain of entities, preferably  
represented by a view entity, that must have record(s) in place that  
link to user to whatever is being accessed. There are example of this  
for the Product and ProductCategory administration in the Catalog  
Manager (see the ProductServices.xml file).

-David


On Sep 8, 2005, at 11:11 AM, Alexandre Gomes wrote:

> Hello Ofbiz community,
>
> I need to give viewing permission to a page using data based  
> permission not
> funcionality based permission.
> For instance instead of the following code :
>
> <if-has-permission action="_VIEW"  permission="PARTYMGR"/>
>
> I would like to have something like :
>
> <if-has-permission action="_VIEW"  permission="PARTYMGR"  
> entity="Party" role="member"/>
>
> Does anyone have any sugestion?
>
>
> Thank you,
> Alexandre Gomes
>
> _______________________________________________
> Dev mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/dev
>

 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev

smime.p7s (3K) Download Attachment
Alexandre Gomes-8
Reply | Threaded
Open this post in threaded view
|

Re: [OFBiz] Dev - data based permissions

Alexandre Gomes-8
David,

Thank you for your reply.
It's amazing to see your energy even working tottaly over-booked.

I'll study the Catalog Stuff as you recommended.

What I  meant with this:

 <if-has-permission action="_VIEW"  permission="PARTYMGR"  
entity="Party" entity-value-id="1000" party-role="member"/>

was to give access to the data row with id '1000' in the 'Party' table to which the logged in user
has a relationship in the role of 'member'.
This way we could catch the Id in the screen widget and allow (or not allow)
the user to view the data based on its relationship with it.

(if this doesn't make sense to you it's probably because it's a bad idea),


Alex




Em Quinta, 8 de Setembro de 2005 18:49, o David E. Jones escreveu:

>
> Alexandre,
>
> What would this do:
>
> <if-has-permission action="_VIEW"  permission="PARTYMGR"  
> entity="Party" role="member"/>
>
> when you say role="member" do you mean that the PartyRole entity  
> should be considered somehow?
>
> Usually data-level (as opposed to functionality level) security is  
> handled through some sort of chain of entities, preferably  
> represented by a view entity, that must have record(s) in place that  
> link to user to whatever is being accessed. There are example of this  
> for the Product and ProductCategory administration in the Catalog  
> Manager (see the ProductServices.xml file).
>
> -David
>
>
> On Sep 8, 2005, at 11:11 AM, Alexandre Gomes wrote:
>
> > Hello Ofbiz community,
> >
> > I need to give viewing permission to a page using data based  
> > permission not
> > funcionality based permission.
> > For instance instead of the following code :
> >
> > <if-has-permission action="_VIEW"  permission="PARTYMGR"/>
> >
> > I would like to have something like :
> >
> > <if-has-permission action="_VIEW"  permission="PARTYMGR"  
> > entity="Party" role="member"/>
> >
> > Does anyone have any sugestion?
> >
> >
> > Thank you,
> > Alexandre Gomes
> >
> > _______________________________________________
> > Dev mailing list
> > [hidden email]
> > http://lists.ofbiz.org/mailman/listinfo/dev
> >
>
>
 
_______________________________________________
Dev mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/dev
Free forum by Nabble Edit this page