It would be best to convert the existing service to use the permission
service feature, and then submit the patch to Jira. Service permission
refactorings of that type are welcome and they will likely get
committed fairly quickly. But, they will be applied to the trunk only,
so maybe you could have a R12 version of the patch also - so other R12
users can apply it.
-Adrian
Quoting JS <
[hidden email]>:
> Hi,
>
> I have a question related to OFBiz security best practices. I have a custom
> application which I would like to use pieces of out of box functionality
> that fit the requirement. Ideally, I would like to expose this functionality
> to my custom app without giving users permissions for the framework apps
> which ship with OFBiz.
>
> I found the article written by HotWax here:
>
http://www.hotwaxmedia.com/ofbiz-tutorial-how-to-use-ecas-to-extend-service-permission/> and it's a concept that I would like to try out.
>
> They use the Catalog app as an example, which uses the
> "catalogCheckPermission" service for checking permissions. However, in the
> Order app, for example, in some places (such as CreateOrder), there is a
> hasPermission() method in the OrderService class itself, which then makes
> calls to OFBizSecurity, and never calls another service that could be
> extended using a SECA.
>
> I'm wondering if there's a way, perhaps one that I'm not realizing, to
> extend the security of Order permissions in the same was as the example I
> posted above? Failing this, what would some other options be short of
> explicitly assigning the users the role required?
>
> For reference, I'm running OFBiz 12.04.01
>
> Thanks!
> Johnny
>
>
>
> --
> View this message in context:
>
http://ofbiz.135035.n4.nabble.com/OFBiz-Security-Extension-and-Best-Practice-tp4646412.html> Sent from the OFBiz - User mailing list archive at Nabble.com.
>
Locked
