Re: svn commit: r1142908 - in /ofbiz/trunk: applications/party/src/org/ofbiz/party/party/PartyServices.java framework/common/src/org/ofbiz/common/login/LoginServices.java

> Author: hansbak
> Date: Tue Jul  5 07:18:54 2011
> New Revision: 1142908
>
> URL: http://svn.apache.org/viewvc?rev=1142908&view=rev
> Log:
> currently it is pretty difficult to disable a userlogin by setting the deleted date to a date in the future and enable=N, further
> when disable a party tries to disable related userlogins but does not set that future date. This change will allow to nullify the
> deleted date so it is now clear the userlogin will never be enabled. The deleted date is still available in the last modified
> date.
>
> Modified:
>    ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java
>    ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
>
> Modified: ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java
> URL:
> http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java?rev=1142908&r1=1142907&r2=1142908&view=diff
> ==============================================================================
> --- ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java (original)
> +++ ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java Tue Jul  5 07:18:54 2011
> @@ -249,7 +249,6 @@ public class PartyServices {
>                     for(GenericValue userLogin : userLogins) {
>                         if (!"N".equals(userLogin.getString("enabled"))) {
>                             userLogin.set("enabled", "N");
> -                            userLogin.set("disabledDateTime", UtilDateTime.nowTimestamp());
>                             userLogin.store();
>                         }
>                     }
>
> Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
> URL:
> http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1142908&r1=1142907&r2=1142908&view=diff
> ==============================================================================
> --- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original)
> +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Tue Jul  5 07:18:54 2011
> @@ -888,11 +888,6 @@ public class LoginServices {
>             userLoginToUpdate.set("disabledDateTime", null);
>         }
>
> -        // if was enabled and we are disabling it, and no disabledDateTime was passed, set it to now
> -        if (wasEnabled && "N".equals(context.get("enabled")) && context.get("disabledDateTime") == null) {
> -            userLoginToUpdate.set("disabledDateTime", UtilDateTime.nowTimestamp());
> -        }
> -
>         try {
>             userLoginToUpdate.store();
>         } catch (GenericEntityException e) {
>
>

> Hi Hans,
>
>
>  This change will allow to nullify the deleted date so it is now clear the
>> userlogin will never be enabled.
>>
> I dont get it, you can still enable an UserLogin again after setting to N
> with a null date. Could you please explain how it works at the UI level in
> 2 words or maybe I missing the whole idea?
> I mean
>
>  it is now clear the userlogin will never be enabled.
>>
> does maybe not mean that it can't be enabled again, but is only an
> indication it should not be enabled again?
>
> My need: disable forever an admin login used so far in a prod env (with
> another pwd though ;o), to be replaced by another login with another pwd,
> ie left as less as possible chances to have the admin party hacked... (new
> credential with long login and pwd strings...)
>
> Thanks
>
> Jacques
>
> From: <[hidden email]>
>
>  Author: hansbak
>> Date: Tue Jul  5 07:18:54 2011
>> New Revision: 1142908
>>
>> URL: http://svn.apache.org/viewvc?**rev=1142908&view=rev<http://svn.apache.org/viewvc?rev=1142908&view=rev>
>> Log:
>> currently it is pretty difficult to disable a userlogin by setting the
>> deleted date to a date in the future and enable=N, further when disable a
>> party tries to disable related userlogins but does not set that future
>> date. This change will allow to nullify the deleted date so it is now clear
>> the userlogin will never be enabled. The deleted date is still available in
>> the last modified date.
>>
>> Modified:
>>   ofbiz/trunk/applications/**party/src/org/ofbiz/party/**
>> party/PartyServices.java
>>   ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**
>> LoginServices.java
>>
>> Modified: ofbiz/trunk/applications/**party/src/org/ofbiz/party/**
>> party/PartyServices.java
>> URL: http://svn.apache.org/viewvc/**ofbiz/trunk/applications/**
>> party/src/org/ofbiz/party/**party/PartyServices.java?rev=**
>> 1142908&r1=1142907&r2=1142908&**view=diff<http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java?rev=1142908&r1=1142907&r2=1142908&view=diff>
>> ==============================**==============================**
>> ==================
>> --- ofbiz/trunk/applications/**party/src/org/ofbiz/party/**party/PartyServices.java
>> (original)
>> +++ ofbiz/trunk/applications/**party/src/org/ofbiz/party/**party/PartyServices.java
>> Tue Jul  5 07:18:54 2011
>> @@ -249,7 +249,6 @@ public class PartyServices {
>>                    for(GenericValue userLogin : userLogins) {
>>                        if (!"N".equals(userLogin.**getString("enabled")))
>> {
>>                            userLogin.set("enabled", "N");
>> -                            userLogin.set("**disabledDateTime",
>> UtilDateTime.nowTimestamp());
>>                            userLogin.store();
>>                        }
>>                    }
>>
>> Modified: ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**
>> LoginServices.java
>> URL: http://svn.apache.org/viewvc/**ofbiz/trunk/framework/common/**
>> src/org/ofbiz/common/login/**LoginServices.java?rev=**
>> 1142908&r1=1142907&r2=1142908&**view=diff<http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1142908&r1=1142907&r2=1142908&view=diff>
>> ==============================**==============================**
>> ==================
>> --- ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**LoginServices.java
>> (original)
>> +++ ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**LoginServices.java
>> Tue Jul  5 07:18:54 2011
>> @@ -888,11 +888,6 @@ public class LoginServices {
>>            userLoginToUpdate.set("**disabledDateTime", null);
>>        }
>>
>> -        // if was enabled and we are disabling it, and no
>> disabledDateTime was passed, set it to now
>> -        if (wasEnabled && "N".equals(context.get("**enabled")) &&
>> context.get("disabledDateTime"**) == null) {
>> -            userLoginToUpdate.set("**disabledDateTime",
>> UtilDateTime.nowTimestamp());
>> -        }
>> -
>>        try {
>>            userLoginToUpdate.store();
>>        } catch (GenericEntityException e) {
>>
>>
>>
>
>

> Hi Hans,
>
> We are also facing same issue that when we disabled user login from
> partymgr and try to login with that disabled user login, it gets re-enable
> because of disabledDateTime field. We are using ofbiz 10.04 and 11.04, so
> can you push this bug over these two branches as well?
>
> Thanks,
> Suprit Udawat
>
> On Sat, Sep 3, 2011 at 7:56 PM, Jacques Le Roux<
> [hidden email]>  wrote:
>
>> Hi Hans,
>>
>>
>>   This change will allow to nullify the deleted date so it is now clear the
>>> userlogin will never be enabled.
>>>
>> I dont get it, you can still enable an UserLogin again after setting to N
>> with a null date. Could you please explain how it works at the UI level in
>> 2 words or maybe I missing the whole idea?
>> I mean
>>
>>   it is now clear the userlogin will never be enabled.
>> does maybe not mean that it can't be enabled again, but is only an
>> indication it should not be enabled again?
>>
>> My need: disable forever an admin login used so far in a prod env (with
>> another pwd though ;o), to be replaced by another login with another pwd,
>> ie left as less as possible chances to have the admin party hacked... (new
>> credential with long login and pwd strings...)
>>
>> Thanks
>>
>> Jacques
>>
>> From:<[hidden email]>
>>
>>   Author: hansbak
>>> Date: Tue Jul  5 07:18:54 2011
>>> New Revision: 1142908
>>>
>>> URL: http://svn.apache.org/viewvc?**rev=1142908&view=rev<http://svn.apache.org/viewvc?rev=1142908&view=rev>
>>> Log:
>>> currently it is pretty difficult to disable a userlogin by setting the
>>> deleted date to a date in the future and enable=N, further when disable a
>>> party tries to disable related userlogins but does not set that future
>>> date. This change will allow to nullify the deleted date so it is now clear
>>> the userlogin will never be enabled. The deleted date is still available in
>>> the last modified date.
>>>
>>> Modified:
>>>    ofbiz/trunk/applications/**party/src/org/ofbiz/party/**
>>> party/PartyServices.java
>>>    ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**
>>> LoginServices.java
>>>
>>> Modified: ofbiz/trunk/applications/**party/src/org/ofbiz/party/**
>>> party/PartyServices.java
>>> URL: http://svn.apache.org/viewvc/**ofbiz/trunk/applications/**
>>> party/src/org/ofbiz/party/**party/PartyServices.java?rev=**
>>> 1142908&r1=1142907&r2=1142908&**view=diff<http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java?rev=1142908&r1=1142907&r2=1142908&view=diff>
>>> ==============================**==============================**
>>> ==================
>>> --- ofbiz/trunk/applications/**party/src/org/ofbiz/party/**party/PartyServices.java
>>> (original)
>>> +++ ofbiz/trunk/applications/**party/src/org/ofbiz/party/**party/PartyServices.java
>>> Tue Jul  5 07:18:54 2011
>>> @@ -249,7 +249,6 @@ public class PartyServices {
>>>                     for(GenericValue userLogin : userLogins) {
>>>                         if (!"N".equals(userLogin.**getString("enabled")))
>>> {
>>>                             userLogin.set("enabled", "N");
>>> -                            userLogin.set("**disabledDateTime",
>>> UtilDateTime.nowTimestamp());
>>>                             userLogin.store();
>>>                         }
>>>                     }
>>>
>>> Modified: ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**
>>> LoginServices.java
>>> URL: http://svn.apache.org/viewvc/**ofbiz/trunk/framework/common/**
>>> src/org/ofbiz/common/login/**LoginServices.java?rev=**
>>> 1142908&r1=1142907&r2=1142908&**view=diff<http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1142908&r1=1142907&r2=1142908&view=diff>
>>> ==============================**==============================**
>>> ==================
>>> --- ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**LoginServices.java
>>> (original)
>>> +++ ofbiz/trunk/framework/common/**src/org/ofbiz/common/login/**LoginServices.java
>>> Tue Jul  5 07:18:54 2011
>>> @@ -888,11 +888,6 @@ public class LoginServices {
>>>             userLoginToUpdate.set("**disabledDateTime", null);
>>>         }
>>>
>>> -        // if was enabled and we are disabling it, and no
>>> disabledDateTime was passed, set it to now
>>> -        if (wasEnabled&&  "N".equals(context.get("**enabled"))&&
>>> context.get("disabledDateTime"**) == null) {
>>> -            userLoginToUpdate.set("**disabledDateTime",
>>> UtilDateTime.nowTimestamp());
>>> -        }
>>> -
>>>         try {
>>>             userLoginToUpdate.store();
>>>         } catch (GenericEntityException e) {
>>>
>>>
>>>
>>
>