Security.hasRolePermission or DataDrivenSecurity
Locked
 
|
Hi,
How does Security.hasRolePermission has been used in ofbiz secrity and whats the use of this. i noticed that ofbiz supports DataDrivenSecurity, would like to know how it has been handled in ofbiz and how to achieve this. Thanks, Kish |
Re: Security.hasRolePermission or DataDrivenSecurity
|
|
not sure what you define as DataDrivenSecurity
but security is based on the UI, in most cases unless it is a minilang or service engine related. MKishore sent the following on 7/8/2008 9:52 AM: > Hi, > > How does Security.hasRolePermission has been used in ofbiz secrity and > whats the use of this. > > i noticed that ofbiz supports DataDrivenSecurity, would like to know how it > has been handled in ofbiz and how to achieve this. > > Thanks, > Kish |
Re: Security.hasRolePermission or DataDrivenSecurity
|
|
If I am right by DataDrivenSecurity you are saying the data created in the
files that exists in "data" folder. For example AccountingSecurityData.xml file. Please read the document available on http://docs.ofbiz.org/display/OFBTECH/OFBiz+security. After reading the above document if you still have some questions then please let us know. -- Ashish On Tue, Jul 8, 2008 at 1:41 PM, BJ Freeman <[hidden email]> wrote: > not sure what you define as DataDrivenSecurity > but security is based on the UI, in most cases unless it is a minilang > or service engine related. > > MKishore sent the following on 7/8/2008 9:52 AM: > > Hi, > > > > How does Security.hasRolePermission has been used in ofbiz secrity and > > whats the use of this. > > > > i noticed that ofbiz supports DataDrivenSecurity, would like to know how > it > > has been handled in ofbiz and how to achieve this. > > > > Thanks, > > Kish > > |
|
|
In reply to this post by MKishore
Any information about Role tables specified in each application/component. and how these tables have been used in Ofbiz Ex: OrderRole, ProductRole, ProductCategoryRole
|
Re: Security.hasRolePermission or DataDrivenSecurity
|
|
*Role entities are used to check the role based security in ofbiz. For eg.
ProductStoreRole, OrderRole, AgreementRole etc. For taking the advantage of Role Based security you can go through the method "hasRolePermission" of class OFBizSecurity.java. This kind of permission is used when you have written code in FTL file or Java files and your would like to provide security check on the basis of his/her "role" to display some content or proceed with next block of code. There are few example present in Ofbiz for this.Please check it out. Role based security in Simple Method is handled in pretty different way. I didn't remember the place where role based security is implemented in Mini Lang so will ask Community members for their help. Thanks. -- Ashish On Wed, Jul 9, 2008 at 12:42 PM, MKishore <[hidden email]> wrote: > > > Any information about Role tables specified in each application/component. > and how these tables have been used in Ofbiz > Ex: OrderRole, ProductRole, ProductCategoryRole > > > > MKishore wrote: > > > > Hi, > > > > How does Security.hasRolePermission has been used in ofbiz secrity and > > whats the use of this. > > > > i noticed that ofbiz supports DataDrivenSecurity, would like to know how > > it has been handled in ofbiz and how to achieve this. > > > > Thanks, > > Kish > > > > -- > View this message in context: > http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html > Sent from the OFBiz - User mailing list archive at Nabble.com. > > |
Re: Security.hasRolePermission or DataDrivenSecurity
|
|
In reply to this post by MKishore
I think you have a misconception and are looking at this from a database
point of view. it would be best if you start with http://docs.ofbiz.org/display/OFBTECH/Framework+Introduction+Videos+and+Diagrams also use https://demo.hotwaxmedia.com/webtools/control/ArtifactInfo and put security or Security.hasRolePermission to search MKishore sent the following on 7/9/2008 9:42 AM: > > Any information about Role tables specified in each application/component. > and how these tables have been used in Ofbiz > Ex: OrderRole, ProductRole, ProductCategoryRole > > > > MKishore wrote: >> Hi, >> >> How does Security.hasRolePermission has been used in ofbiz secrity and >> whats the use of this. >> >> i noticed that ofbiz supports DataDrivenSecurity, would like to know how >> it has been handled in ofbiz and how to achieve this. >> >> Thanks, >> Kish >> > |
Re: Security.hasRolePermission or DataDrivenSecurity
Administrator
|
In reply to this post by Ashish Vijaywargiya
From: "Ashish Vijaywargiya" <[hidden email]>
> *Role entities are used to check the role based security in ofbiz. For eg. > ProductStoreRole, OrderRole, AgreementRole etc. > For taking the advantage of Role Based security you can go through the > method "hasRolePermission" of class OFBizSecurity.java. > > This kind of permission is used when you have written code in FTL file or > Java files and your would like to provide security check on the basis of > his/her "role" to display some content or proceed with next block of code. > There are few example present in Ofbiz for this.Please check it out. > > Role based security in Simple Method is handled in pretty different way. > I didn't remember the place where role based security is implemented in Mini > Lang so > will ask Community members for their help. Ashish, I had a look into simple-method.xsd file as I was not aware of a role permission tag in minilang. There is nothing like check-role-member and for me this kind of permission is only checked at the service level. I found also related-role-getter at the widget level (screen, menu, tree) but there are any use of it in OFBiz yet. related-role-getter seems to be intended to be used in the content compenent... So Kish, if you are interested by DataDrivenSecurity you should check code in EntityPermissionChecker.java Here is the comment from Al Byers who introduced this in pre Apache era (Revision: 4029 : 08 Dec 2004) <<I upgrade EntityPermissionChecker to use three inner classes of ContentPermissionServices, PermissionConditionGetter, RelatedRoleGetter and AuxiliaryValueGetter (for ContentPurposes). Though I had coded ContentPermissionServices.checkPermissionMethod with the idea of having it work for non-Content permission checking, it would not do it, so I added another checkPermissionMethod using the three classes above. This does not break any widget forms. If none of the three subelements of if-entity-permission are defined, it will use defaults that make it work like it did before. With this upgrade I should be able to work with PartyRelationship and WorkEffortAndPartyAssign to create substantial websites using use the widget framework.>> HTH Jacques > Thanks. > > -- > Ashish > > > > > > On Wed, Jul 9, 2008 at 12:42 PM, MKishore <[hidden email]> wrote: > >> >> >> Any information about Role tables specified in each application/component. >> and how these tables have been used in Ofbiz >> Ex: OrderRole, ProductRole, ProductCategoryRole >> >> >> >> MKishore wrote: >> > >> > Hi, >> > >> > How does Security.hasRolePermission has been used in ofbiz secrity and >> > whats the use of this. >> > >> > i noticed that ofbiz supports DataDrivenSecurity, would like to know how >> > it has been handled in ofbiz and how to achieve this. >> > >> > Thanks, >> > Kish >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html >> Sent from the OFBiz - User mailing list archive at Nabble.com. >> >> > |
Re: Security.hasRolePermission or DataDrivenSecurity
|
|
Thanks Jacques for your valuable reply.
I truly appreciate your efforts. -- Ashish On Thu, Jul 10, 2008 at 4:08 PM, Jacques Le Roux < [hidden email]> wrote: > From: "Ashish Vijaywargiya" <[hidden email]> > >> *Role entities are used to check the role based security in ofbiz. For eg. >> ProductStoreRole, OrderRole, AgreementRole etc. >> For taking the advantage of Role Based security you can go through the >> method "hasRolePermission" of class OFBizSecurity.java. >> >> This kind of permission is used when you have written code in FTL file or >> Java files and your would like to provide security check on the basis of >> his/her "role" to display some content or proceed with next block of code. >> There are few example present in Ofbiz for this.Please check it out. >> >> Role based security in Simple Method is handled in pretty different way. >> I didn't remember the place where role based security is implemented in >> Mini >> Lang so >> will ask Community members for their help. >> > > Ashish, > > I had a look into simple-method.xsd file as I was not aware of a role > permission tag in minilang. There is nothing like check-role-member and for > me this kind of permission is only checked at the service level. > I found also related-role-getter at the widget level (screen, menu, tree) > but there are any use of it in OFBiz yet. related-role-getter seems to be > intended to be used in the content compenent... > > So Kish, if you are interested by DataDrivenSecurity you should check code > in EntityPermissionChecker.java > > Here is the comment from Al Byers who introduced this in pre Apache era > (Revision: 4029 : 08 Dec 2004) > > <<I upgrade EntityPermissionChecker to use three inner classes of > ContentPermissionServices, > PermissionConditionGetter, RelatedRoleGetter and AuxiliaryValueGetter (for > ContentPurposes). > Though I had coded ContentPermissionServices.checkPermissionMethod with the > idea of having > it work for non-Content permission checking, it would not do it, so I added > another > checkPermissionMethod using the three classes above. > > This does not break any widget forms. If none of the three subelements of > if-entity-permission > are defined, it will use defaults that make it work like it did before. > > With this upgrade I should be able to work with PartyRelationship and > WorkEffortAndPartyAssign > to create substantial websites using use the widget framework.>> > > HTH > > Jacques > > > > Thanks. >> >> -- >> Ashish >> >> >> >> >> >> On Wed, Jul 9, 2008 at 12:42 PM, MKishore <[hidden email]> wrote: >> >> >>> >>> Any information about Role tables specified in each >>> application/component. >>> and how these tables have been used in Ofbiz >>> Ex: OrderRole, ProductRole, ProductCategoryRole >>> >>> >>> >>> MKishore wrote: >>> > >>> > Hi, >>> > >>> > How does Security.hasRolePermission has been used in ofbiz secrity >>> and >>> > whats the use of this. >>> > >>> > i noticed that ofbiz supports DataDrivenSecurity, would like to know >>> how >>> > it has been handled in ofbiz and how to achieve this. >>> > >>> > Thanks, >>> > Kish >>> > >>> >>> -- >>> View this message in context: >>> >>> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html >>> Sent from the OFBiz - User mailing list archive at Nabble.com. >>> >>> >>> >> > |
Re: Security.hasRolePermission or DataDrivenSecurity
|
Administrator
|
You are welcome Ashish,
It's a way for me to learn, there are much corners in there ;o) Jacques From: "Ashish Vijaywargiya" <[hidden email]> > Thanks Jacques for your valuable reply. > I truly appreciate your efforts. > > -- > Ashish > > On Thu, Jul 10, 2008 at 4:08 PM, Jacques Le Roux < > [hidden email]> wrote: > >> From: "Ashish Vijaywargiya" <[hidden email]> >> >>> *Role entities are used to check the role based security in ofbiz. For eg. >>> ProductStoreRole, OrderRole, AgreementRole etc. >>> For taking the advantage of Role Based security you can go through the >>> method "hasRolePermission" of class OFBizSecurity.java. >>> >>> This kind of permission is used when you have written code in FTL file or >>> Java files and your would like to provide security check on the basis of >>> his/her "role" to display some content or proceed with next block of code. >>> There are few example present in Ofbiz for this.Please check it out. >>> >>> Role based security in Simple Method is handled in pretty different way. >>> I didn't remember the place where role based security is implemented in >>> Mini >>> Lang so >>> will ask Community members for their help. >>> >> >> Ashish, >> >> I had a look into simple-method.xsd file as I was not aware of a role >> permission tag in minilang. There is nothing like check-role-member and for >> me this kind of permission is only checked at the service level. >> I found also related-role-getter at the widget level (screen, menu, tree) >> but there are any use of it in OFBiz yet. related-role-getter seems to be >> intended to be used in the content compenent... >> >> So Kish, if you are interested by DataDrivenSecurity you should check code >> in EntityPermissionChecker.java >> >> Here is the comment from Al Byers who introduced this in pre Apache era >> (Revision: 4029 : 08 Dec 2004) >> >> <<I upgrade EntityPermissionChecker to use three inner classes of >> ContentPermissionServices, >> PermissionConditionGetter, RelatedRoleGetter and AuxiliaryValueGetter (for >> ContentPurposes). >> Though I had coded ContentPermissionServices.checkPermissionMethod with the >> idea of having >> it work for non-Content permission checking, it would not do it, so I added >> another >> checkPermissionMethod using the three classes above. >> >> This does not break any widget forms. If none of the three subelements of >> if-entity-permission >> are defined, it will use defaults that make it work like it did before. >> >> With this upgrade I should be able to work with PartyRelationship and >> WorkEffortAndPartyAssign >> to create substantial websites using use the widget framework.>> >> >> HTH >> >> Jacques >> >> >> >> Thanks. >>> >>> -- >>> Ashish >>> >>> >>> >>> >>> >>> On Wed, Jul 9, 2008 at 12:42 PM, MKishore <[hidden email]> wrote: >>> >>> >>>> >>>> Any information about Role tables specified in each >>>> application/component. >>>> and how these tables have been used in Ofbiz >>>> Ex: OrderRole, ProductRole, ProductCategoryRole >>>> >>>> >>>> >>>> MKishore wrote: >>>> > >>>> > Hi, >>>> > >>>> > How does Security.hasRolePermission has been used in ofbiz secrity >>>> and >>>> > whats the use of this. >>>> > >>>> > i noticed that ofbiz supports DataDrivenSecurity, would like to know >>>> how >>>> > it has been handled in ofbiz and how to achieve this. >>>> > >>>> > Thanks, >>>> > Kish >>>> > >>>> >>>> -- >>>> View this message in context: >>>> >>>> http://www.nabble.com/Security.hasRolePermission-or-DataDrivenSecurity-tp18343814p18365804.html >>>> Sent from the OFBiz - User mailing list archive at Nabble.com. >>>> >>>> >>>> >>> >> > |
«
Return to OFBiz - User
|
1 view|%1 views
| Free forum by Nabble | Edit this page |