[jira] Created: (OFBIZ-1532) Run GiftCertificateServices.createTransaction as system user

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (OFBIZ-1532) Run GiftCertificateServices.createTransaction as system user

Nicolas Malin (Jira)
Run GiftCertificateServices.createTransaction as system user
------------------------------------------------------------

                 Key: OFBIZ-1532
                 URL: https://issues.apache.org/jira/browse/OFBIZ-1532
             Project: OFBiz
          Issue Type: Bug
          Components: accounting
    Affects Versions: SVN trunk
            Reporter: Jacques Le Roux
            Assignee: Jacques Le Roux
            Priority: Blocker


To be able to run GiftCertificateServices.createTransaction (to create a Gift Certificate from eCommerce : Gift Card Activation) we have to run as system user (it needs ACCTG_ATX_CREATE)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-1532) Run GiftCertificateServices.createTransaction as system user

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-1532:
-----------------------------------

    Attachment: GiftCertificateServices.java.patch

As I'm not a specialist of the accounting component and due to recent changes I'd prefer some reviews before commiting this pacth. In case that running as system user could cause some unforeseen problems.

> Run GiftCertificateServices.createTransaction as system user
> ------------------------------------------------------------
>
>                 Key: OFBIZ-1532
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1532
>             Project: OFBiz
>          Issue Type: Bug
>          Components: accounting
>    Affects Versions: SVN trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Blocker
>         Attachments: GiftCertificateServices.java.patch
>
>
> To be able to run GiftCertificateServices.createTransaction (to create a Gift Certificate from eCommerce : Gift Card Activation) we have to run as system user (it needs ACCTG_ATX_CREATE)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (OFBIZ-1532) Run GiftCertificateServices.createTransaction as system user

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552563 ]

Adrian Crum commented on OFBIZ-1532:
------------------------------------

Jacques,

If you look at the seed data for the ACCTG_ATX_CREATE permission, you will see a suggestion on how to handle that with a permissions service SECA.

Use the Asset Maintentance permission service SECAs as an example.


> Run GiftCertificateServices.createTransaction as system user
> ------------------------------------------------------------
>
>                 Key: OFBIZ-1532
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1532
>             Project: OFBiz
>          Issue Type: Bug
>          Components: accounting
>    Affects Versions: SVN trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Blocker
>         Attachments: GiftCertificateServices.java.patch
>
>
> To be able to run GiftCertificateServices.createTransaction (to create a Gift Certificate from eCommerce : Gift Card Activation) we have to run as system user (it needs ACCTG_ATX_CREATE)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-1532) Run GiftCertificateServices.createTransaction as system user

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-1532:
-----------------------------------

    Priority: Major  (was: Blocker)

Thanks Adrian,

I will have a look tomorrow. I have also a problem thereafter to reload amount in the gift card. I already knew (at least it seems to me) that you can ignore the required PIN number by putting anything in it. But even using a correct gift card number I get this message  "The question [Gift Card Number:] requires a valid gift-card number.". It comes from createSurveyResponse... later...

BTW, Blocker was far too much. ;o)

> Run GiftCertificateServices.createTransaction as system user
> ------------------------------------------------------------
>
>                 Key: OFBIZ-1532
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1532
>             Project: OFBiz
>          Issue Type: Bug
>          Components: accounting
>    Affects Versions: SVN trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>         Attachments: GiftCertificateServices.java.patch
>
>
> To be able to run GiftCertificateServices.createTransaction (to create a Gift Certificate from eCommerce : Gift Card Activation) we have to run as system user (it needs ACCTG_ATX_CREATE)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (OFBIZ-1532) Run GiftCertificateServices.createTransaction as system user

Nicolas Malin (Jira)
In reply to this post by Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-1532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-1532.
----------------------------------

       Resolution: Fixed
    Fix Version/s: SVN trunk

Adrian,

I looked at the code and wondered why you asked me to look at it. Then I remebered that you posted a message on dev ML on this topic. Here it is :

One more thing to keep in mind with the GL posting SECAs - I changed the permissions a little in the
accounting component.

When I worked on converting permission checking to the permission service, I kept all permissions
the same except two. One of them was called ACCOUNTING_ATX_POST or something like that. There was a
note in the seed data that the permission was used to allow other applications to post GL
transactions without having to give the user full access to the accounting component. What concerned
me was, someone using OFBiz could assign this permission to a user without fully understanding the
implications. With that permission, a user could post ANY GL transaction - not just the intended
one. So I removed the permission from the seed data and updated the notes in the seed data file. I
checked to see if the permission was actually being used in the project, but I couldn't find it
anywhere - so I assumed removing it wouldn't break anything.

The best way to handle GL posting permissions (in my opinion) is to keep the GL posting services
locked down with the ACCTG_ATX_* permissions - so that only an accountant is given those
permissions. External apps that need to post to GL can have permission service SECAs that analyze
their particular transaction to see if the user is allowed to post that transaction.

Ideally, external apps posting to GL wouldn't need to assign any additional permissions to the user.
The permission SECAs decision would be based on the validity of the data in the transaction, not on
the user's permissions.

-Adrian

I understand but in my case it's much more convenient and understandable to use a system userLogin with admin right when calling the serice. So I finally commited my (slightly reformated) changes in trunk. rev. 606625

This is not the only place where a such trick is used, see also OrderServices.java[1157] and CheckOutHelper.java[627]

I will open a new issue for the "The question [Gift Card Number:] requires a valid gift-card number." problem.

> Run GiftCertificateServices.createTransaction as system user
> ------------------------------------------------------------
>
>                 Key: OFBIZ-1532
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1532
>             Project: OFBiz
>          Issue Type: Bug
>          Components: accounting
>    Affects Versions: SVN trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>             Fix For: SVN trunk
>
>         Attachments: GiftCertificateServices.java.patch
>
>
> To be able to run GiftCertificateServices.createTransaction (to create a Gift Certificate from eCommerce : Gift Card Activation) we have to run as system user (it needs ACCTG_ATX_CREATE)

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.