OFBiz OFBiz - Dev

[jira] Commented: (OFBIZ-615) Re-Factor WorkEffort permissions to follow new patterns

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-615) Re-Factor WorkEffort permissions to follow new patterns

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-615?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466372 ]

Andrew Zeneski commented on OFBIZ-615:
--------------------------------------

Anil,

This is starting to look really good! The only thing I see off hand right now is that permissions can be recursive. So, when creating a new workeffort, I may NOT be a assigned to the parent workeffort, but I MAY be assigned to its parent or the parent's parent. That said, we will want to walk through and look at the parent workefforts and their parent has well.

Logic:

If this workeffort has a parent, check its parent. If that does not pass, and the parent has a parent check that parent. Do this until the parent ID == null (walk the tree).

This will also apply to updating the parentWorkeffortId. I must be allowed to edit the current workeffort to change its parent. I must also be allowed to edit the new parent OR any of the parent workefforts up the tree.

Also just FYI, the tag permission-service has an attribute main-action which gets passed to the permission services as a parameter. This CAN be used if you make a generic service and decide what to do based on the main-action. This doesn't have to be this way, but if it can keep things cleaner it would make a good practice. If things are too complex, that is fine as well.

Also, ECAs can be used to do AND/OR on permissions. One example of this would be:

createWorkEffort:
- Permission service (genericWorkEffortCreatePermission) check; do I have WORKEFFORTMGR_CREATE permission?
- ECA condition -> hasPermission == false Call check role permission.

The ECA would trigger on the 'genericWorkEffortCreatePermission' service pre-commit and would be OR (by using hasPermission == false). You can AND these together as well but using hasPermission == true as the condition of the ECA.

This will be the best practice pattern for overriding default permissions. I'm not sure that WorkEffort needs this, but I thought I would bring it up in case you found it useful.


> Re-Factor WorkEffort permissions to follow new patterns
> -------------------------------------------------------
>
>                 Key: OFBIZ-615
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-615
>             Project: Apache OFBiz (The Open for Business Project)
>          Issue Type: Sub-task
>          Components: workeffort
>            Reporter: Andrew Zeneski
>         Attachments: WorkEffortSecurity.patch
>
>


--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       
Free forum by Nabble Edit this page