OFBiz › OFBiz - Dev

Roadmap - Living Document Complete the migration of older bsh/ftl files to widgets

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

Nicolas Malin-2

Roadmap - Living Document Complete the migration of older bsh/ftl files to widgets

Jacopo, we are both on the subject : Complete the migration of older bsh/ftl files to widgets

But I don't understand the description :
===
Change the Entity Engine to be user aware for security, logging

This would be a change to require that a userLogin be passed to all Entity Engine calls. The Entity Engine could then check permissions to see if the user can modify or view that entity, or that record. The Entity Engine could also auto-populate fields like created by and updated by.

There are big downsides to this in that it is a real pain to ALWAYS have to know which user is doing stuff, and lots of our services don't know who the user is or use the "system" user to get around security constraints. The same thing would have to happen if we did this for the EE. This would also require major API refactoring, which we would probably want to precede with a big reduction in API size, as has been started but isn't yet finished.

Maybe the API refactoring wouldn't be necessary if we created a user-aware decorator for the GenericDelegator.
===

Which report with migration of older bsh/ftl files to widgets and the Entity Engine. I have a big doubt now ;) .

Nicolas

Nicolas Malin - Consultant - 06 17 66 40 06 -- http://nereide.fr

La société Néréide participe aux Salons Solutions sur le Stand E18bis

Adrian Crum-3

Re: Roadmap - Living Document Complete the migration of older bsh/ftl files to widgets

That appears to be a C&P from a dev mailing list discussion, and oddly
it has nothing to do with the subject - "Complete the migration of older
bsh/ftl files to widgets"

Adrian Crum
Sandglass Software
www.sandglass-software.com

On 10/2/2014 8:00 PM, Nicolas Malin wrote:

> Jacopo, we are both on the subject : Complete the migration of older
> bsh/ftl files to widgets
>
> But I don't understand the description :
> ===
> Change the Entity Engine to be user aware for security, logging
>
> This would be a change to require that a userLogin be passed to all
> Entity Engine calls. The Entity Engine could then check permissions to
> see if the user can modify or view that entity, or that record. The
> Entity Engine could also auto-populate fields like created by and
> updated by.
>
> There are big downsides to this in that it is a real pain to ALWAYS have
> to know which user is doing stuff, and lots of our services don't know
> who the user is or use the "system" user to get around security
> constraints. The same thing would have to happen if we did this for the
> EE. This would also require major API refactoring, which we would
> probably want to precede with a big reduction in API size, as has been
> started but isn't yet finished.
>
> Maybe the API refactoring wouldn't be necessary if we created a
> user-aware decorator for the GenericDelegator.
> ===
>
> Which report with migration of older bsh/ftl files to widgets and the
> Entity Engine. I have a big doubt now ;) .
>
> Nicolas
>
> --
>
> Nicolas Malin - Consultant - 06 17 66 40 06 -- http://nereide.fr
>
> La société Néréide participe aux Salons Solutions sur le Stand E18bis
> <http://www.salons-solutions.com>
> <http://www.salons-solutions.com>