Permission overrides auth parameter of service

> Hello team,
>
> I noticed that in any service definition if auth is set to false and
> permission service is also the service definition, it overrides the auth
> parameter to true by itself.
>
> For quick reference, it is written at *createPermission* method of
> *ModelServiceReader* class.
> Can someone please elaborate this behavior. IMO, this should not happen.
>
> --
> Thanks and Regards,
> *Suraj Khurana* | Sr. Enterprise Software Engineer
> *HotWax* *Commerce* by  *HotWax Systems*
> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>

> Le 03/11/2017 à 05:35, Suraj Khurana a écrit :
>> Hello team,
>>
>> I noticed that in any service definition if auth is set to false and
>> permission service is also the service definition, it overrides the auth
>> parameter to true by itself.
>>
>> For quick reference, it is written at *createPermission* method of
>> *ModelServiceReader* class.
>> Can someone please elaborate this behavior. IMO, this should not happen.
>>
>> --
>> Thanks and Regards,
>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>> *HotWax* *Commerce* by  *HotWax Systems*
>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>
> Hi Suraj,
>
> I guess you mean "permission service is also *IN* the service definition", right?
>
> If yes this is indeed a weird behaviour, fortunately it's not reverse (I mean it does not change from true to false) but still
>
> Jacques
>
>

> Hello team,
>
> I noticed that in any service definition if auth is set to false and
> permission service is also the service definition, it overrides the auth
> parameter to true by itself.
>
> For quick reference, it is written at *createPermission* method of
> *ModelServiceReader* class.
> Can someone please elaborate this behavior. IMO, this should not happen.
>
> --
> Thanks and Regards,
> *Suraj Khurana* | Sr. Enterprise Software Engineer
> *HotWax* *Commerce* by  *HotWax Systems*
> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>

> auth="false" and a permission service are completely incompatible
> scenarios.  In what situation could you possibly have no userLogin and
> successfully run a permission service?
>
> What would you expect to happen instead of the current behavior?
>
> Regards
> Scott
>
> On 3 November 2017 at 17:35, Suraj Khurana <suraj.khurana@hotwaxsystems.
> com>
> wrote:
>
> > Hello team,
> >
> > I noticed that in any service definition if auth is set to false and
> > permission service is also the service definition, it overrides the auth
> > parameter to true by itself.
> >
> > For quick reference, it is written at *createPermission* method of
> > *ModelServiceReader* class.
> > Can someone please elaborate this behavior. IMO, this should not happen.
> >
> > --
> > Thanks and Regards,
> > *Suraj Khurana* | Sr. Enterprise Software Engineer
> > *HotWax* *Commerce* by  *HotWax Systems*
> > Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
> >
>

> If an service implements and  do checks for the permissions then it must
> have the auth set as true. If any occurrences found then it should be by
> mistake and service definition should be fix to match.
>
> So I think the behavior we have is correct, whenever we want to check the
> permission it should have the user in context.
>
> Suraj, Any scenario you have in mind where we only require permission
> service without user?
>
>
> Rishi Solanki
> Sr Manager, Enterprise Software Development
> HotWax Systems Pvt. Ltd.
> Direct: +91-9893287847
> http://www.hotwaxsystems.com
> www.hotwax.co
>
> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <[hidden email]>
> wrote:
>
> > auth="false" and a permission service are completely incompatible
> > scenarios.  In what situation could you possibly have no userLogin and
> > successfully run a permission service?
> >
> > What would you expect to happen instead of the current behavior?
> >
> > Regards
> > Scott
> >
> > On 3 November 2017 at 17:35, Suraj Khurana <suraj.khurana@hotwaxsystems.
> > com>
> > wrote:
> >
> > > Hello team,
> > >
> > > I noticed that in any service definition if auth is set to false and
> > > permission service is also the service definition, it overrides the
> auth
> > > parameter to true by itself.
> > >
> > > For quick reference, it is written at *createPermission* method of
> > > *ModelServiceReader* class.
> > > Can someone please elaborate this behavior. IMO, this should not
> happen.
> > >
> > > --
> > > Thanks and Regards,
> > > *Suraj Khurana* | Sr. Enterprise Software Engineer
> > > *HotWax* *Commerce* by  *HotWax Systems*
> > > Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
> > >
> >
>

> Thanks everyone for your inputs.
>
> Yes, there are similar occurrences where permission service is defined and
> service is used in case of an anonymous user as well.
> Example: *CreateShoppingList* and related services
>
> I was presuming we can execute any service as permission service
> irrespective of taking *userLogin *into consideration. Please correct me if
> I am wrong or missing something.
>
> --
> Thanks and Regards,
> *Suraj Khurana* | Sr. Enterprise Software Engineer
> *HotWax Commerce*  by  *HotWax Systems*
> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>
>
> On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[hidden email]>
> wrote:
>
>> If an service implements and  do checks for the permissions then it must
>> have the auth set as true. If any occurrences found then it should be by
>> mistake and service definition should be fix to match.
>>
>> So I think the behavior we have is correct, whenever we want to check the
>> permission it should have the user in context.
>>
>> Suraj, Any scenario you have in mind where we only require permission
>> service without user?
>>
>>
>> Rishi Solanki
>> Sr Manager, Enterprise Software Development
>> HotWax Systems Pvt. Ltd.
>> Direct: +91-9893287847
>> http://www.hotwaxsystems.com
>> www.hotwax.co
>>
>> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <[hidden email]>
>> wrote:
>>
>>> auth="false" and a permission service are completely incompatible
>>> scenarios.  In what situation could you possibly have no userLogin and
>>> successfully run a permission service?
>>>
>>> What would you expect to happen instead of the current behavior?
>>>
>>> Regards
>>> Scott
>>>
>>> On 3 November 2017 at 17:35, Suraj Khurana <suraj.khurana@hotwaxsystems.
>>> com>
>>> wrote:
>>>
>>>> Hello team,
>>>>
>>>> I noticed that in any service definition if auth is set to false and
>>>> permission service is also the service definition, it overrides the
>> auth
>>>> parameter to true by itself.
>>>>
>>>> For quick reference, it is written at *createPermission* method of
>>>> *ModelServiceReader* class.
>>>> Can someone please elaborate this behavior. IMO, this should not
>> happen.
>>>> --
>>>> Thanks and Regards,
>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>>>> *HotWax* *Commerce* by  *HotWax Systems*
>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>>>

> Hi Suraj,
>
> I don't see how you could check permissions for an anonymous user.
> Maybe by giving anonymous users specific permissions in the context of
> ecommerce?
>
> But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we
> should fix services like CreateShoppingList
> BTW did you cross any issues with anonymous users or is that only you
> thinking?
>
> Jacques
>
>
>
> Le 01/12/2017 à 09:41, Suraj Khurana a écrit :
>
>> Thanks everyone for your inputs.
>>
>> Yes, there are similar occurrences where permission service is defined and
>> service is used in case of an anonymous user as well.
>> Example: *CreateShoppingList* and related services
>>
>> I was presuming we can execute any service as permission service
>> irrespective of taking *userLogin *into consideration. Please correct me
>> if
>> I am wrong or missing something.
>>
>> --
>> Thanks and Regards,
>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>> *HotWax Commerce*  by  *HotWax Systems*
>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>
>>
>> On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[hidden email]>
>> wrote:
>>
>> If an service implements and  do checks for the permissions then it must
>>> have the auth set as true. If any occurrences found then it should be by
>>> mistake and service definition should be fix to match.
>>>
>>> So I think the behavior we have is correct, whenever we want to check the
>>> permission it should have the user in context.
>>>
>>> Suraj, Any scenario you have in mind where we only require permission
>>> service without user?
>>>
>>>
>>> Rishi Solanki
>>> Sr Manager, Enterprise Software Development
>>> HotWax Systems Pvt. Ltd.
>>> Direct: +91-9893287847
>>> http://www.hotwaxsystems.com
>>> www.hotwax.co
>>>
>>> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <
>>> [hidden email]>
>>> wrote:
>>>
>>> auth="false" and a permission service are completely incompatible
>>>> scenarios.  In what situation could you possibly have no userLogin and
>>>> successfully run a permission service?
>>>>
>>>> What would you expect to happen instead of the current behavior?
>>>>
>>>> Regards
>>>> Scott
>>>>
>>>> On 3 November 2017 at 17:35, Suraj Khurana <suraj.khurana@hotwaxsystems.
>>>> com>
>>>> wrote:
>>>>
>>>> Hello team,
>>>>>
>>>>> I noticed that in any service definition if auth is set to false and
>>>>> permission service is also the service definition, it overrides the
>>>>>
>>>> auth
>>>
>>>> parameter to true by itself.
>>>>>
>>>>> For quick reference, it is written at *createPermission* method of
>>>>> *ModelServiceReader* class.
>>>>> Can someone please elaborate this behavior. IMO, this should not
>>>>>
>>>> happen.
>>>
>>>> --
>>>>> Thanks and Regards,
>>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>>>>> *HotWax* *Commerce* by  *HotWax Systems*
>>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>>>>
>>>>>
>

> Hello All,
>
> Adding to the Suraj's example of CreateShoppingList, I would like to
> elaborate more on the same.
>
> In current implementation, 'checkShoppingListSecurity' service is a
> permission-service for 'createShoppingList' service. The system creates a
> shopping list for an anonymous user on the ecommerce when adding an item to
> the cart (try in incognito window so it doesn't pick party from the cache).
> But with the current implementation, checkShoppingListSecurity returns an
> error saying that "You must be logged in to complete the process". In
> simple words, the 'createShoppingList' service gets called for an anonymous
> user which eventually triggers 'checkShoppingListSecurity' service.
>
> The above explanation gives an example of a use case where one could
> possibly have no userLogin but has a permission service implemented(for
> covering use cases of userLogin).
>
> Also, it seems that one can't use a permission-service when no
> userLogin would be present.
>
> Also, for now, to fix the issue we can call the
> "checkShoppingListSecurity" service from the service
> declaration/implementation to overcome the error of no userLogin. Although,
> it creates confusion to me that the same service when called internally
> works fine but when called as a permission service, returns an error.
>
> Please let me know if calling the security service internally would be the
> proper approach.
>
> Thanks,
> *Chinmay Patidar* | Sr. Enterprise Software Engineer
> HotWax Commerce by HotWax Systems
> Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center,
> Indore, M.P, India - 452010
> Cell phone: +91-9713978795
>
> On Mon, Dec 11, 2017 at 5:43 PM, Jacques Le Roux <
> [hidden email]> wrote:
>
>> Hi Suraj,
>>
>> I don't see how you could check permissions for an anonymous user.
>> Maybe by giving anonymous users specific permissions in the context of
>> ecommerce?
>>
>> But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we
>> should fix services like CreateShoppingList
>> BTW did you cross any issues with anonymous users or is that only you
>> thinking?
>>
>> Jacques
>>
>>
>>
>> Le 01/12/2017 à 09:41, Suraj Khurana a écrit :
>>
>>> Thanks everyone for your inputs.
>>>
>>> Yes, there are similar occurrences where permission service is defined
>>> and
>>> service is used in case of an anonymous user as well.
>>> Example: *CreateShoppingList* and related services
>>>
>>> I was presuming we can execute any service as permission service
>>> irrespective of taking *userLogin *into consideration. Please correct me
>>> if
>>> I am wrong or missing something.
>>>
>>> --
>>> Thanks and Regards,
>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>>> *HotWax Commerce*  by  *HotWax Systems*
>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>>
>>>
>>> On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[hidden email]>
>>> wrote:
>>>
>>> If an service implements and  do checks for the permissions then it must
>>>> have the auth set as true. If any occurrences found then it should be by
>>>> mistake and service definition should be fix to match.
>>>>
>>>> So I think the behavior we have is correct, whenever we want to check
>>>> the
>>>> permission it should have the user in context.
>>>>
>>>> Suraj, Any scenario you have in mind where we only require permission
>>>> service without user?
>>>>
>>>>
>>>> Rishi Solanki
>>>> Sr Manager, Enterprise Software Development
>>>> HotWax Systems Pvt. Ltd.
>>>> Direct: +91-9893287847
>>>> http://www.hotwaxsystems.com
>>>> www.hotwax.co
>>>>
>>>> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <
>>>> [hidden email]>
>>>> wrote:
>>>>
>>>> auth="false" and a permission service are completely incompatible
>>>>> scenarios.  In what situation could you possibly have no userLogin and
>>>>> successfully run a permission service?
>>>>>
>>>>> What would you expect to happen instead of the current behavior?
>>>>>
>>>>> Regards
>>>>> Scott
>>>>>
>>>>> On 3 November 2017 at 17:35, Suraj Khurana
>>>>> <suraj.khurana@hotwaxsystems.
>>>>> com>
>>>>> wrote:
>>>>>
>>>>> Hello team,
>>>>>>
>>>>>> I noticed that in any service definition if auth is set to false and
>>>>>> permission service is also the service definition, it overrides the
>>>>>>
>>>>> auth
>>>>
>>>>> parameter to true by itself.
>>>>>>
>>>>>> For quick reference, it is written at *createPermission* method of
>>>>>> *ModelServiceReader* class.
>>>>>> Can someone please elaborate this behavior. IMO, this should not
>>>>>>
>>>>> happen.
>>>>
>>>>> --
>>>>>> Thanks and Regards,
>>>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>>>>>> *HotWax* *Commerce* by  *HotWax Systems*
>>>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>>>>>
>>>>>>
>>
>

> Just missed a point. To regenerate the issue one has to update the 'Auto
> Save Cart' to 'Y' for the e-commerce product store record.
>
> Thanks,
> *Chinmay Patidar* | Sr. Enterprise Software Engineer
> HotWax Commerce by HotWax Systems
> Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, Indore,
> M.P, India - 452010
> Cell phone: +91-9713978795
>
> On Sat, Dec 23, 2017 at 5:08 PM, Chinmay Patidar <
> [hidden email]> wrote:
>
>> Hello All,
>>
>> Adding to the Suraj's example of CreateShoppingList, I would like to
>> elaborate more on the same.
>>
>> In current implementation, 'checkShoppingListSecurity' service is a
>> permission-service for 'createShoppingList' service. The system creates a
>> shopping list for an anonymous user on the ecommerce when adding an item to
>> the cart (try in incognito window so it doesn't pick party from the cache).
>> But with the current implementation, checkShoppingListSecurity returns an
>> error saying that "You must be logged in to complete the process". In
>> simple words, the 'createShoppingList' service gets called for an anonymous
>> user which eventually triggers 'checkShoppingListSecurity' service.
>>
>> The above explanation gives an example of a use case where one could
>> possibly have no userLogin but has a permission service implemented(for
>> covering use cases of userLogin).
>>
>> Also, it seems that one can't use a permission-service when no
>> userLogin would be present.
>>
>> Also, for now, to fix the issue we can call the
>> "checkShoppingListSecurity" service from the service
>> declaration/implementation to overcome the error of no userLogin. Although,
>> it creates confusion to me that the same service when called internally
>> works fine but when called as a permission service, returns an error.
>>
>> Please let me know if calling the security service internally would be the
>> proper approach.
>>
>> Thanks,
>> *Chinmay Patidar* | Sr. Enterprise Software Engineer
>> HotWax Commerce by HotWax Systems
>> Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center,
>> Indore, M.P, India - 452010
>> Cell phone: +91-9713978795
>>
>> On Mon, Dec 11, 2017 at 5:43 PM, Jacques Le Roux <
>> [hidden email]> wrote:
>>
>>> Hi Suraj,
>>>
>>> I don't see how you could check permissions for an anonymous user.
>>> Maybe by giving anonymous users specific permissions in the context of
>>> ecommerce?
>>>
>>> But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we
>>> should fix services like CreateShoppingList
>>> BTW did you cross any issues with anonymous users or is that only you
>>> thinking?
>>>
>>> Jacques
>>>
>>>
>>>
>>> Le 01/12/2017 à 09:41, Suraj Khurana a écrit :
>>>
>>>> Thanks everyone for your inputs.
>>>>
>>>> Yes, there are similar occurrences where permission service is defined
>>>> and
>>>> service is used in case of an anonymous user as well.
>>>> Example: *CreateShoppingList* and related services
>>>>
>>>> I was presuming we can execute any service as permission service
>>>> irrespective of taking *userLogin *into consideration. Please correct me
>>>> if
>>>> I am wrong or missing something.
>>>>
>>>> --
>>>> Thanks and Regards,
>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>>>> *HotWax Commerce*  by  *HotWax Systems*
>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>>>
>>>>
>>>> On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[hidden email]>
>>>> wrote:
>>>>
>>>> If an service implements and  do checks for the permissions then it must
>>>>> have the auth set as true. If any occurrences found then it should be by
>>>>> mistake and service definition should be fix to match.
>>>>>
>>>>> So I think the behavior we have is correct, whenever we want to check
>>>>> the
>>>>> permission it should have the user in context.
>>>>>
>>>>> Suraj, Any scenario you have in mind where we only require permission
>>>>> service without user?
>>>>>
>>>>>
>>>>> Rishi Solanki
>>>>> Sr Manager, Enterprise Software Development
>>>>> HotWax Systems Pvt. Ltd.
>>>>> Direct: +91-9893287847
>>>>> http://www.hotwaxsystems.com
>>>>> www.hotwax.co
>>>>>
>>>>> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <
>>>>> [hidden email]>
>>>>> wrote:
>>>>>
>>>>> auth="false" and a permission service are completely incompatible
>>>>>> scenarios.  In what situation could you possibly have no userLogin and
>>>>>> successfully run a permission service?
>>>>>>
>>>>>> What would you expect to happen instead of the current behavior?
>>>>>>
>>>>>> Regards
>>>>>> Scott
>>>>>>
>>>>>> On 3 November 2017 at 17:35, Suraj Khurana
>>>>>> <suraj.khurana@hotwaxsystems.
>>>>>> com>
>>>>>> wrote:
>>>>>>
>>>>>> Hello team,
>>>>>>> I noticed that in any service definition if auth is set to false and
>>>>>>> permission service is also the service definition, it overrides the
>>>>>>>
>>>>>> auth
>>>>>> parameter to true by itself.
>>>>>>> For quick reference, it is written at *createPermission* method of
>>>>>>> *ModelServiceReader* class.
>>>>>>> Can someone please elaborate this behavior. IMO, this should not
>>>>>>>
>>>>>> happen.
>>>>>> --
>>>>>>> Thanks and Regards,
>>>>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
>>>>>>> *HotWax* *Commerce* by  *HotWax Systems*
>>>>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
>>>>>>>
>>>>>>>

> Hello All,
>
> Adding to the Suraj's example of CreateShoppingList, I would like to
> elaborate more on the same.
>
> In current implementation, 'checkShoppingListSecurity' service is a
> permission-service for 'createShoppingList' service. The system creates a
> shopping list for an anonymous user on the ecommerce when adding an item to
> the cart (try in incognito window so it doesn't pick party from the cache).
> But with the current implementation, checkShoppingListSecurity returns an
> error saying that "You must be logged in to complete the process". In
> simple words, the 'createShoppingList' service gets called for an anonymous
> user which eventually triggers 'checkShoppingListSecurity' service.
>
> The above explanation gives an example of a use case where one could
> possibly have no userLogin but has a permission service implemented(for
> covering use cases of userLogin).
>
> Also, it seems that one can't use a permission-service when no
> userLogin would be present.
>
> Also, for now, to fix the issue we can call the "checkShoppingListSecurity"
> service from the service declaration/implementation to overcome the error
> of no userLogin. Although, it creates confusion to me that the same service
> when called internally works fine but when called as a permission service,
> returns an error.
>
> Please let me know if calling the security service internally would be the
> proper approach.
>
> Thanks,
> *Chinmay Patidar* | Sr. Enterprise Software Engineer
> HotWax Commerce by HotWax Systems
> Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center,
> Indore,
> M.P, India - 452010
> Cell phone: +91-9713978795
>
> On Mon, Dec 11, 2017 at 5:43 PM, Jacques Le Roux <
> [hidden email]> wrote:
>
> > Hi Suraj,
> >
> > I don't see how you could check permissions for an anonymous user.
> > Maybe by giving anonymous users specific permissions in the context of
> > ecommerce?
> >
> > But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we
> > should fix services like CreateShoppingList
> > BTW did you cross any issues with anonymous users or is that only you
> > thinking?
> >
> > Jacques
> >
> >
> >
> > Le 01/12/2017 à 09:41, Suraj Khurana a écrit :
> >
> >> Thanks everyone for your inputs.
> >>
> >> Yes, there are similar occurrences where permission service is defined
> and
> >> service is used in case of an anonymous user as well.
> >> Example: *CreateShoppingList* and related services
> >>
> >> I was presuming we can execute any service as permission service
> >> irrespective of taking *userLogin *into consideration. Please correct me
> >> if
> >> I am wrong or missing something.
> >>
> >> --
> >> Thanks and Regards,
> >> *Suraj Khurana* | Sr. Enterprise Software Engineer
> >> *HotWax Commerce*  by  *HotWax Systems*
> >> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
> >>
> >>
> >> On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[hidden email]
> >
> >> wrote:
> >>
> >> If an service implements and  do checks for the permissions then it must
> >>> have the auth set as true. If any occurrences found then it should be
> by
> >>> mistake and service definition should be fix to match.
> >>>
> >>> So I think the behavior we have is correct, whenever we want to check
> the
> >>> permission it should have the user in context.
> >>>
> >>> Suraj, Any scenario you have in mind where we only require permission
> >>> service without user?
> >>>
> >>>
> >>> Rishi Solanki
> >>> Sr Manager, Enterprise Software Development
> >>> HotWax Systems Pvt. Ltd.
> >>> Direct: +91-9893287847
> >>> http://www.hotwaxsystems.com
> >>> www.hotwax.co
> >>>
> >>> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray <
> >>> [hidden email]>
> >>> wrote:
> >>>
> >>> auth="false" and a permission service are completely incompatible
> >>>> scenarios.  In what situation could you possibly have no userLogin and
> >>>> successfully run a permission service?
> >>>>
> >>>> What would you expect to happen instead of the current behavior?
> >>>>
> >>>> Regards
> >>>> Scott
> >>>>
> >>>> On 3 November 2017 at 17:35, Suraj Khurana
> <suraj.khurana@hotwaxsystems.
> >>>> com>
> >>>> wrote:
> >>>>
> >>>> Hello team,
> >>>>>
> >>>>> I noticed that in any service definition if auth is set to false and
> >>>>> permission service is also the service definition, it overrides the
> >>>>>
> >>>> auth
> >>>
> >>>> parameter to true by itself.
> >>>>>
> >>>>> For quick reference, it is written at *createPermission* method of
> >>>>> *ModelServiceReader* class.
> >>>>> Can someone please elaborate this behavior. IMO, this should not
> >>>>>
> >>>> happen.
> >>>
> >>>> --
> >>>>> Thanks and Regards,
> >>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer
> >>>>> *HotWax* *Commerce* by  *HotWax Systems*
> >>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010
> >>>>>
> >>>>>
> >
>