adding a user login to a security group

I am adding logic to create ofbiz users.
I do auth based on our other project and once I confirm a good user I want to add a user that has purchase/ receiving rights.
I could find the add group user java and the add userlogin java.
The add userlogin to security group evaded me? I could find it was in a security_service.xml in service def.
It did not have java or a location. I am still new to all this. I thought that would mean it was in the script path but I did grep and could not find the code that actualy added the userlogin to the security group.
I copied the java being used to create the group and userlogin and am able to create my record to allow the user login the appropriate security group. I just was curious if any of you are familuar with the  where ofbiz does the job? I normally just call the service in the original component, but since this was pretty cusomized I decided to pull it out and just do it in my auth program i wrote in java. Works great can even tell what level the user is in our other app and based on that give permissions, or a page that says no permissions etc. Still not 100% sure how to deal with session time outs as the users don officially have a login and password. I am just displaying ples access via other application menu for now. I did have it going to login, but I might try to keep the credentials in hidden variables so if the session times out they can re-auth with the other app.

Hi Joel,

To understand OFBiz Security you can go through this document https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

The other thing(The add userlogin to security group evaded me?) I think you couldn’t find can be tracked through request ProfileAddUserLoginToSecurityGroup in Party. (I checked this on trunk and release 13.07)
Here is what I could find service in services_security.xml
    <!-- UserLogin to SecurityGroup services -->
    <service name="addUserLoginToSecurityGroup" engine="entity-auto" invoke="create" default-entity-name="UserLoginSecurityGroup" auth="true">
        <description>Add a UserLogin to a SecurityGroup</description>
        <permission-service service-name="securityPermissionCheck" main-action="CREATE"/>
        <attribute name="userLoginId" type="String" mode="IN" optional="false"/>
        <attribute name="groupId" type="String" mode="IN" optional="false"/>
        <attribute name="fromDate" type="Timestamp" mode="IN" optional="true"/>
        <attribute name="thruDate" type="Timestamp" mode="IN" optional="true"/>
    </service>


I found it in both i.e. trunk and 13.07 code. Are you using any other release then please mention.

HTH.

Pranay Pandey
HotWax Media
http://www.hotwaxmedia.com
ApacheCon US 2014 Silver Sponsor
http://na.apachecon.com/sponsor/our-sponsors


On Oct 1, 2014, at 2:33 AM, [hidden email] wrote:

I did see that. I appreciate your help and the URL, I guess I don't understand.
I thought the service def folder had xml saying what services are available, but I do not understand looking at this XML where the actual service is, or maybe the xml actually does the work?
I found that in the service def folder, not the script.
I do not understand how that bit there adds a record to the table.

I ended up doing my own java function (hard coded to add the group to fulladmin):

        public static String addUserLoginToSecurityGroup(HttpServletRequest request,String partyId) {
                GenericDelegator delegator = (GenericDelegator) request
                                .getAttribute("delegator");
        boolean useEncryption = true;
        String userLoginId = partyId;
        String currentPassword = partyId;
        String groupId = "FULLADMIN";
        Timestamp now = UtilDateTime.nowTimestamp();
        GenericValue userLoginSecurityGroupToCreate = delegator.makeValue("UserLoginSecurityGroup", UtilMisc.toMap("userLoginId", userLoginId,"groupId",groupId, "fromDate",now));
        try {
            EntityCondition condition = EntityCondition.makeCondition(EntityFunction.UPPER_FIELD("userLoginId"), EntityOperator.EQUALS, EntityFunction.UPPER(userLoginId));
            if (UtilValidate.isNotEmpty(delegator.findList("UserLoginSecurityGroup", condition, null, null, null, false))) {
                Map<String, String> messageMap = UtilMisc.toMap("userLoginId", userLoginId);
              return "found security group for user";
            }
        } catch (GenericEntityException e) {
            return "user login already in security group";
        }
        //not there so create security group for userlogin
        try {
            userLoginSecurityGroupToCreate.create();
        } catch (GenericEntityException e) {
            Debug.logWarning(e, "", module);
            Map<String, String> messageMap = UtilMisc.toMap("errorMessage", e.getMessage());
              return "error";
        }
        return "created security group for login user :"+partyId;
    }// addUserLoginToSecurityGroup

Joel,

Definitions in xml files in the servicedef folder can point to either:

   - simple methods (in xml) in the scripts subdirectories (OFBiz
   development methodology)
   - elaborate functions (in java) in the scr subdirectories (OFBiz
   development methodology
   - others in other directories (NON OFBiz development methodology)

Regards,


Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com

On Wed, Oct 1, 2014 at 2:39 PM, [hidden email] <[hidden email]
> wrote:

Thank you for the clarity.
I was aware of that, but looking at the xml definition for  <service name="addUserLoginToSecurityGroup" engine="entity-auto" invoke="create" default-entity-name="UserLoginSecurityGroup" auth="true"> 
Where is the actual code that adds the record to the table?

I did a grep for addUserLoginToSecurityGroup, and that is how I found the reference in servicedef.
I was looking for the actual code (java or mini etc). I ended up making my own, but dont like to do that.

Thanks again for the URL, I just went and read it. I believe I have read it in the past, but it looks updated with many examples and much clearer (or maybe I just dont remember it clearly).

I am just guessing, but maybe this does the actual work?
engine="entity-auto" invoke="create" default-entity-name="UserLoginSecurityGroup"
As I said I am still new and learning, so if this does add the record I am sorry for asking a dumb question.
I know the whole XML auto stuff confuses me. I see screens using it to get field data (or more precicly screens created using it). It seems very clean and simple, but not completely understanding it it seems mystical. i usually end up adding the fields and saying hidden etc to get the screen the way I want. SO far I have not ran into an actual service in the xml in service def, so I guess maybe that threw me off. In any case the java I create does the job. I was just more curious than anything.

On Oct 1, 2014, at 3:37 PM, [hidden email] wrote:

> I am just guessing, but maybe this does the actual work?
> engine="entity-auto" invoke="create"
> default-entity-name="UserLoginSecurityGroup"

This can actually look mysterious! When you see a service with engine="entity-auto" then it means that there is no implementation for it because it is handled by the framework as a CRUD service.
In the above example:

engine="entity-auto"
invoke="create"
default-entity-name="UserLoginSecurityGroup"

means that a "create" operation is performed on the UserLoginSecurityGroup entity.

I hope it helps,

Jacopo

The drawback of such services with engine="entity-auto" is that you expose
the users to crude error messages, when some of the required parameters
aren't incorporated in the POST action.



Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com

On Wed, Oct 1, 2014 at 3:50 PM, Jacopo Cappellato <
[hidden email]> wrote:

Thank you for the clarity. I might have guessed that sooner, but I had not seen a implementation in the service def before. Is that used pretty often and this is the first I ran into it?

It is not used very often but there is an effort going on at the moment to convert existing services into entity-auto services when applicable: I guess this is why you didn't see them before.

Jacopo

On Oct 1, 2014, at 5:26 PM, [hidden email] wrote:

True I believe that is why new users get confused by the odd messages often displayed.
The front end does allow to do validation, so in theory you could keep the user from seeing the raw errors, but I agree that as a new user it was pretty common to see java type errors I normally only would see in log from tomcat. After a few months I appreciate seeing the errors so I know exactly what my issue is, but for a finished users interface it is important to add appropriate validation. To a large part that has been what I have been doing. I am also removing many of the complexities that allow flexibility, but we do not want at this time. I appreciate that ofbiz gives you the more complex interface, so you can see how to have links and information. I would rather have it and remove what is not deemed needed by my boss, than have to figure out new stuff. I was a bit surprised that there was not a account number, for a supplier. Some times the flexibility is mind blowing. I found the ability to add multiple ID numbers, I am guessing that is why it did not have a simple account number field. I used the external ID I think as I did not want to hook up to a relationship ID table. I also hijacked another field (office name I think) to store my EDI config name. I think the purchase side of the fence is a bit under developed. I am still fighting the buy it this way, sell it that way. I liked the idea of using a MRP process and two products, but my boss did not. I could of made it invisible to the user, but I am going to look at doing a conversion in creating the P.O. (Product UOM to Supplier UOM) and again when doing the receiving (supplier UOM to Product UOM).
I will need to have the P.O. and the EDI output file use the supplier UOM. It leaves me questioning what do I need to store, change in reporting, etc.
It would be better to change the entity to add the fields I need and ensure everything works correctly. Price would be @ supplier UOM I guess. Its still in analysis at the moment, but been one item that was not as easy to solve. I would like to use the conversion table if needed, but since product and supplier use different UOM types it is a bit perplexing (I agree the UOM types for the supplier need to be a different list, but it might need a UOM field that matches the choices in Product). For example supplier UOM has Other Box. with a qty. I am guessing the qty is x of the product which then has a x of product UOM. So maybe I have everything I need, but going to be fun.