There are two options when creating/editing a Product Catalog:
- Permission required to add product to "ViewAllow" category - Permission required to add product to "PurchaseAllow" category What do these options actually do? Many thanks, Chris |
the permission are programmed in to widgets, ftl and services. there are two parts to a permission XXXX is the permission YYYY is that action XXXX_YYYY XXXX_VIEW for permission. _VIEW should only allow seeing data. note the _ preceding it. if you want to granularize something more then created a new section or Permission XXXX_ here are the permission groups https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 and add the following _CREATE _UPDATE _DELETE _VIEW _ADMIN https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 like !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) <if-has-permission permission="ORDERMGR" action="_VIEW"/> If you find others that are different they are not following the best practices. ======================= BJ Freeman http://bjfreeman.elance.com Strategic Power Office with Supplier Automation <http://www.businessesnetwork.com/automation/viewforum.php?f=93> Specialtymarket.com <http://www.specialtymarket.com/> Systems Integrator-- Glad to Assist Chat Y! messenger: bjfr33man <http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro> Christopher Snow sent the following on 5/15/2010 2:28 PM: > There are two options when creating/editing a Product Catalog: > > - Permission required to add product to "ViewAllow" category > - Permission required to add product to "PurchaseAllow" category > > What do these options actually do? > > Many thanks, > > Chris > |
Hi BJ,
I know how the security system works - but I still don't understand the meaning of the fields on the form: https://localhost:8443/catalog/control/EditProdCatalog I am trying to write the help text for these fields from an catalog administrators perspective, for example: Permission required to add product to "ViewAllow" category: "if this is Y, catalog administrators can only add products to 'View Allow' categories if the have the permission CATALOG_VIEW_ALLOW" Question: is this description correct? when would you want to set this to Y? Permission required to add product to "PurchaseAllow" category: "if this is Y, catalog administrators can only add products to 'Purchase Allow' categories if the have the permission CATALOG_VIEW_ALLOW" Question: is this description correct? when would you want to set this to Y? Many thanks, Chris On Sat, May 15, 2010 at 11:21 PM, BJ Freeman <[hidden email]> wrote: > > the permission are programmed in to widgets, ftl and services. > there are two parts to a permission > XXXX is the permission > YYYY is that action > XXXX_YYYY > XXXX_VIEW for permission. > _VIEW should only allow seeing data. note the _ preceding it. > if you want to granularize something more then created a new section or > Permission XXXX_ > here are the permission groups > > https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 > and add the following > _CREATE > _UPDATE > _DELETE > _VIEW > _ADMIN > > https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 > like > > !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) > <if-has-permission permission="ORDERMGR" action="_VIEW"/> > > > > If you find others that are different they are not following the best > practices. > > ======================= > > BJ Freeman > http://bjfreeman.elance.com > Strategic Power Office with Supplier Automation < > http://www.businessesnetwork.com/automation/viewforum.php?f=93> > Specialtymarket.com <http://www.specialtymarket.com/> > > Systems Integrator-- Glad to Assist > > Chat Y! messenger: bjfr33man > < > http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro > > > > > Christopher Snow sent the following on 5/15/2010 2:28 PM: > > There are two options when creating/editing a Product Catalog: > > > > - Permission required to add product to "ViewAllow" category > > - Permission required to add product to "PurchaseAllow" category > > > > What do these options actually do? > > > > Many thanks, > > > > Chris > > > > > |
Administrator
|
Chris,
I think your answer is here https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide#ApacheOFBizBusinessSetupGuide-CatalogSetup Jacques From: "chris snow" <[hidden email]> > Hi BJ, > > I know how the security system works - but I still don't understand the > meaning of the fields on the form: > > https://localhost:8443/catalog/control/EditProdCatalog > > I am trying to write the help text for these fields from an catalog > administrators perspective, for example: > > Permission required to add product to "ViewAllow" category: > > "if this is Y, catalog administrators can only add products to 'View > Allow' categories if the have the permission CATALOG_VIEW_ALLOW" > > Question: is this description correct? when would you want to set this to Y? > > Permission required to add product to "PurchaseAllow" category: > > "if this is Y, catalog administrators can only add products to 'Purchase > Allow' categories if the have the permission CATALOG_VIEW_ALLOW" > > Question: is this description correct? when would you want to set this to Y? > > Many thanks, > > Chris > > On Sat, May 15, 2010 at 11:21 PM, BJ Freeman <[hidden email]> wrote: > >> >> the permission are programmed in to widgets, ftl and services. >> there are two parts to a permission >> XXXX is the permission >> YYYY is that action >> XXXX_YYYY >> XXXX_VIEW for permission. >> _VIEW should only allow seeing data. note the _ preceding it. >> if you want to granularize something more then created a new section or >> Permission XXXX_ >> here are the permission groups >> >> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >> and add the following >> _CREATE >> _UPDATE >> _DELETE >> _VIEW >> _ADMIN >> >> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >> like >> >> !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) >> <if-has-permission permission="ORDERMGR" action="_VIEW"/> >> >> >> >> If you find others that are different they are not following the best >> practices. >> >> ======================= >> >> BJ Freeman >> http://bjfreeman.elance.com >> Strategic Power Office with Supplier Automation < >> http://www.businessesnetwork.com/automation/viewforum.php?f=93> >> Specialtymarket.com <http://www.specialtymarket.com/> >> >> Systems Integrator-- Glad to Assist >> >> Chat Y! messenger: bjfr33man >> < >> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >> > >> >> >> Christopher Snow sent the following on 5/15/2010 2:28 PM: >> > There are two options when creating/editing a Product Catalog: >> > >> > - Permission required to add product to "ViewAllow" category >> > - Permission required to add product to "PurchaseAllow" category >> > >> > What do these options actually do? >> > >> > Many thanks, >> > >> > Chris >> > >> >> >> > |
Thanks Jacques!
On 16/05/10 09:13, Jacques Le Roux wrote: > Chris, > > I think your answer is here > https://cwiki.apache.org/confluence/display/OFBENDUSER/Apache+OFBiz+Business+Setup+Guide#ApacheOFBizBusinessSetupGuide-CatalogSetup > > > Jacques > > From: "chris snow" <[hidden email]> >> Hi BJ, >> >> I know how the security system works - but I still don't understand the >> meaning of the fields on the form: >> >> https://localhost:8443/catalog/control/EditProdCatalog >> >> I am trying to write the help text for these fields from an catalog >> administrators perspective, for example: >> >> Permission required to add product to "ViewAllow" category: >> >> "if this is Y, catalog administrators can only add products to 'View >> Allow' categories if the have the permission CATALOG_VIEW_ALLOW" >> >> Question: is this description correct? when would you want to set >> this to Y? >> >> Permission required to add product to "PurchaseAllow" category: >> >> "if this is Y, catalog administrators can only add products to >> 'Purchase >> Allow' categories if the have the permission CATALOG_VIEW_ALLOW" >> >> Question: is this description correct? when would you want to set >> this to Y? >> >> Many thanks, >> >> Chris >> >> On Sat, May 15, 2010 at 11:21 PM, BJ Freeman <[hidden email]> >> wrote: >> >>> >>> the permission are programmed in to widgets, ftl and services. >>> there are two parts to a permission >>> XXXX is the permission >>> YYYY is that action >>> XXXX_YYYY >>> XXXX_VIEW for permission. >>> _VIEW should only allow seeing data. note the _ preceding it. >>> if you want to granularize something more then created a new section or >>> Permission XXXX_ >>> here are the permission groups >>> >>> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >>> >>> and add the following >>> _CREATE >>> _UPDATE >>> _DELETE >>> _VIEW >>> _ADMIN >>> >>> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >>> >>> like >>> >>> !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) >>> >>> <if-has-permission permission="ORDERMGR" action="_VIEW"/> >>> >>> >>> >>> If you find others that are different they are not following the best >>> practices. >>> >>> ======================= >>> >>> BJ Freeman >>> http://bjfreeman.elance.com >>> Strategic Power Office with Supplier Automation < >>> http://www.businessesnetwork.com/automation/viewforum.php?f=93> >>> Specialtymarket.com <http://www.specialtymarket.com/> >>> >>> Systems Integrator-- Glad to Assist >>> >>> Chat Y! messenger: bjfr33man >>> < >>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >>> >>> > >>> >>> >>> Christopher Snow sent the following on 5/15/2010 2:28 PM: >>> > There are two options when creating/editing a Product Catalog: >>> > >>> > - Permission required to add product to "ViewAllow" category >>> > - Permission required to add product to "PurchaseAllow" category >>> > >>> > What do these options actually do? >>> > >>> > Many thanks, >>> > >>> > Chris >>> > >>> >>> >>> >> > > |
In reply to this post by chris snow-2
Hi Chris:
The permissions you are talking about are the "runtime" checks (not really permissions) that OFBiz will perform if configured. So, these aren't applicable to the catalog admin, but rather the products and the categories the products are part of. This is how the catalog admin or product manager may keep a product in the catalog, but not allow viewing and/or purchase of the product (depending on the situation.) Hope that makes sense. Regards, Ruth ---------------------------------------------------- Find me on the web at http://www.myofbiz.com or Google keyword "myofbiz" [hidden email] chris snow wrote: > Hi BJ, > > I know how the security system works - but I still don't understand the > meaning of the fields on the form: > > https://localhost:8443/catalog/control/EditProdCatalog > > I am trying to write the help text for these fields from an catalog > administrators perspective, for example: > > Permission required to add product to "ViewAllow" category: > > "if this is Y, catalog administrators can only add products to 'View > Allow' categories if the have the permission CATALOG_VIEW_ALLOW" > > Question: is this description correct? when would you want to set this to Y? > > Permission required to add product to "PurchaseAllow" category: > > "if this is Y, catalog administrators can only add products to 'Purchase > Allow' categories if the have the permission CATALOG_VIEW_ALLOW" > > Question: is this description correct? when would you want to set this to Y? > > Many thanks, > > Chris > > On Sat, May 15, 2010 at 11:21 PM, BJ Freeman <[hidden email]> wrote: > > >> the permission are programmed in to widgets, ftl and services. >> there are two parts to a permission >> XXXX is the permission >> YYYY is that action >> XXXX_YYYY >> XXXX_VIEW for permission. >> _VIEW should only allow seeing data. note the _ preceding it. >> if you want to granularize something more then created a new section or >> Permission XXXX_ >> here are the permission groups >> >> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >> and add the following >> _CREATE >> _UPDATE >> _DELETE >> _VIEW >> _ADMIN >> >> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >> like >> >> !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) >> <if-has-permission permission="ORDERMGR" action="_VIEW"/> >> >> >> >> If you find others that are different they are not following the best >> practices. >> >> ======================= >> >> BJ Freeman >> http://bjfreeman.elance.com >> Strategic Power Office with Supplier Automation < >> http://www.businessesnetwork.com/automation/viewforum.php?f=93> >> Specialtymarket.com <http://www.specialtymarket.com/> >> >> Systems Integrator-- Glad to Assist >> >> Chat Y! messenger: bjfr33man >> < >> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >> >> Christopher Snow sent the following on 5/15/2010 2:28 PM: >> >>> There are two options when creating/editing a Product Catalog: >>> >>> - Permission required to add product to "ViewAllow" category >>> - Permission required to add product to "PurchaseAllow" category >>> >>> What do these options actually do? >>> >>> Many thanks, >>> >>> Chris >>> >>> >> >> > > |
Hi Ruth,
So are the following tooltip help popups incorrect?: https://demo-trunk.ofbiz.apache.org/catalog/control/EditProdCatalog?prodCatalogId=DemoCatalog (to see the tooltips, hover your mouse over the field labels) Do you agree with these tooltips?: https://demo-trunk.ofbiz.apache.org/catalog/control/EditProductStore?productStoreId=9000 There is a JIRA setup for tooltip help descriptions: https://issues.apache.org/jira/browse/OFBIZ-3743 Many thanks, Chris On Sun, May 16, 2010 at 10:37 PM, Ruth Hoffman <[hidden email]>wrote: > Hi Chris: > The permissions you are talking about are the "runtime" checks (not really > permissions) that OFBiz will perform if configured. So, these aren't > applicable to the catalog admin, but rather the products and the categories > the products are part of. This is how the catalog admin or product manager > may keep a product in the catalog, but not allow viewing and/or purchase of > the product (depending on the situation.) > > Hope that makes sense. > > Regards, > Ruth > ---------------------------------------------------- > Find me on the web at http://www.myofbiz.com or Google keyword "myofbiz" > [hidden email] > > chris snow wrote: > >> Hi BJ, >> >> I know how the security system works - but I still don't understand the >> meaning of the fields on the form: >> >> https://localhost:8443/catalog/control/EditProdCatalog >> >> I am trying to write the help text for these fields from an catalog >> administrators perspective, for example: >> >> Permission required to add product to "ViewAllow" category: >> >> "if this is Y, catalog administrators can only add products to 'View >> Allow' categories if the have the permission CATALOG_VIEW_ALLOW" >> >> Question: is this description correct? when would you want to set this to >> Y? >> >> Permission required to add product to "PurchaseAllow" category: >> >> "if this is Y, catalog administrators can only add products to 'Purchase >> Allow' categories if the have the permission CATALOG_VIEW_ALLOW" >> >> Question: is this description correct? when would you want to set this to >> Y? >> >> Many thanks, >> >> Chris >> >> On Sat, May 15, 2010 at 11:21 PM, BJ Freeman <[hidden email]> wrote: >> >> >> >>> the permission are programmed in to widgets, ftl and services. >>> there are two parts to a permission >>> XXXX is the permission >>> YYYY is that action >>> XXXX_YYYY >>> XXXX_VIEW for permission. >>> _VIEW should only allow seeing data. note the _ preceding it. >>> if you want to granularize something more then created a new section or >>> Permission XXXX_ >>> here are the permission groups >>> >>> >>> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=UserLoginSecurityGroup&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >>> and add the following >>> _CREATE >>> _UPDATE >>> _DELETE >>> _VIEW >>> _ADMIN >>> >>> >>> https://demo-trunk.ofbiz.apache.org/webtools/control/FindGeneric?entityName=SecurityGroupPermission&find=true&VIEW_SIZE=50&VIEW_INDEX=0 >>> like >>> >>> >>> !security.hasPermission("LEARN_VIEW",(GenericValue)context.get("userLogin"))) >>> <if-has-permission permission="ORDERMGR" action="_VIEW"/> >>> >>> >>> >>> If you find others that are different they are not following the best >>> practices. >>> >>> ======================= >>> >>> BJ Freeman >>> http://bjfreeman.elance.com >>> Strategic Power Office with Supplier Automation < >>> http://www.businessesnetwork.com/automation/viewforum.php?f=93> >>> Specialtymarket.com <http://www.specialtymarket.com/> >>> >>> Systems Integrator-- Glad to Assist >>> >>> Chat Y! messenger: bjfr33man >>> < >>> >>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >>> Christopher Snow sent the following on 5/15/2010 2:28 PM: >>> >>> >>>> There are two options when creating/editing a Product Catalog: >>>> >>>> - Permission required to add product to "ViewAllow" category >>>> - Permission required to add product to "PurchaseAllow" category >>>> >>>> What do these options actually do? >>>> >>>> Many thanks, >>>> >>>> Chris >>>> >>>> >>>> >>> >>> >>> >> >> >> > |
Free forum by Nabble | Edit this page |