OFBiz OFBiz - Dev

[jira] Updated: (OFBIZ-3075) permission error on cancel order item from ecommerce

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] Updated: (OFBIZ-3075) permission error on cancel order item from ecommerce

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-3075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sascha Rodekamp updated OFBIZ-3075:
-----------------------------------

    Attachment: OFBIZ-3075_permission error on cancel order.patch

Hi Jacques, hi Abdullah,

i recreated the patch. Jacques can you check if the patch matches now your requirement. I changed Abdullahs permission service that it only check the party id and not the ORDER permission.

Cheers
Sascha

> permission error on cancel order item from ecommerce
> ----------------------------------------------------
>
>                 Key: OFBIZ-3075
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3075
>             Project: OFBiz
>          Issue Type: Bug
>          Components: specialpurpose/ecommerce
>    Affects Versions: Release Branch 4.0, Release Branch 09.04, SVN trunk
>            Reporter: Abdullah Shaikh
>         Attachments: OFBIZ-3075_permission error on cancel order.patch, OFBIZ-3075_permission error on cancel order.patch
>
>
> If I cancel an order item from ecommerce. I get, the below error displayed on the page.
> The Following Errors Occurred:
> Unable to cancel order line : WSCO11640 / 00001 / null
> Below is the error trace from console, this error is because the party (customer) doesn't have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission, but we can't be this permission to a customer, as the common service is called from ecommerce and order manager for cancel, the solution will be to check the party's role, if its a CUSTOMER, then I guess we can use the SYSTEM user, we need to give ORDERMGR permission to the SYSTEM user.
> But then it will seem as if the SYSTEM user has cancelled the order and not the CUSTOMER.
> The exception on the console is below :
>      [java] ---- exception report ----------------------------------------------------------
>      [java] [TransactionUtil.setRollbackOnly] Calling transaction setRollbackOnly; this stack trace shows where this is happening:
>      [java] Exception: java.lang.Exception
>      [java] Message: Error in simple-method [Create an OrderAdjustment [file:/home/abdullah/projects/ofbiz_ws/ofbiz/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml#createOrderAdjustment]]: ; [Security Error : to run createOrderAdjustment you must have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission]
>      [java] ---- stack trace ---------------------------------------------------------------
>      [java] java.lang.Exception: Error in simple-method [Create an OrderAdjustment [file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml#createOrderAdjustment]]: ; [Security Error : to run createOrderAdjustment you must have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission]
>      [java] org.ofbiz.entity.transaction.TransactionUtil.setRollbackOnly(TransactionUtil.java:371)
>      [java] org.ofbiz.entity.transaction.TransactionUtil.rollback(TransactionUtil.java:318)
>      [java] org.ofbiz.minilang.SimpleMethod.exec(SimpleMethod.java:833)
>      [java] org.ofbiz.minilang.SimpleMethod.runSimpleMethod(SimpleMethod.java:160)
>      [java] org.ofbiz.minilang.SimpleMethod.runSimpleService(SimpleMethod.java:142)
>      [java] org.ofbiz.minilang.SimpleServiceEngine.serviceInvoker(SimpleServiceEngine.java:78)
>      [java] org.ofbiz.minilang.SimpleServiceEngine.runSync(SimpleServiceEngine.java:53)
>      [java] org.ofbiz.service.ModelServiceReader$GenericInvokerImpl.runSync(ModelServiceReader.java:785)
>      [java] _$gen.file_58$.home.abdullah.projects.ofbiz_45$sagepay_95$ws.ofbiz.applications.order.servicedef.services_46$xml_35$createOrderAdjustment.runSync(file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/servicedef/services.xml#createOrderAdjustment:184)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:394)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:223)
>      [java] org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:159)
>      [java] org.ofbiz.order.order.OrderServices.recalcOrderTax(OrderServices.java:1600)
>      [java] sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>      [java] sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>      [java] sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>      [java] java.lang.reflect.Method.invoke(Method.java:597)
>      [java] org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:100)
>      [java] org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:57)
>      [java] org.ofbiz.service.ModelServiceReader$GenericInvokerImpl.runSync(ModelServiceReader.java:785)
>      [java] _$gen.file_58$.home.abdullah.projects.ofbiz_45$sagepay_95$ws.ofbiz.applications.order.servicedef.services_46$xml_35$recalcTaxTotal.runSync(file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/servicedef/services.xml#recalcTaxTotal:252)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:394)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:223)
>      [java] org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:159)
>      [java] org.ofbiz.service.eca.ServiceEcaAction.runAction(ServiceEcaAction.java:135)
>      [java] org.ofbiz.service.eca.ServiceEcaRule.eval(ServiceEcaRule.java:152)
>      [java] org.ofbiz.service.eca.ServiceEcaUtil.evalRules(ServiceEcaUtil.java:157)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:492)
>      [java] org.ofbiz.service.ServiceDispatcher.runSyncIgnore(ServiceDispatcher.java:236)
>      [java] org.ofbiz.service.GenericDispatcher.runSyncIgnore(GenericDispatcher.java:185)
>      [java] org.ofbiz.order.order.OrderServices.cancelOrderItem(OrderServices.java:1971)
>      [java] sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>      [java] sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>      [java] sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>      [java] java.lang.reflect.Method.invoke(Method.java:597)
>      [java] org.ofbiz.service.engine.StandardJavaEngine.serviceInvoker(StandardJavaEngine.java:100)
>      [java] org.ofbiz.service.engine.StandardJavaEngine.runSync(StandardJavaEngine.java:57)
>      [java] org.ofbiz.service.ModelServiceReader$GenericInvokerImpl.runSync(ModelServiceReader.java:785)
>      [java] _$gen.file_58$.home.abdullah.projects.ofbiz_45$sagepay_95$ws.ofbiz.applications.order.servicedef.services_46$xml_35$cancelOrderItem.runSync(file:/home/abdullah/projects/ofbiz-sagepay_ws/ofbiz/applications/order/servicedef/services.xml#cancelOrderItem:283)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:394)
>      [java] org.ofbiz.service.ServiceDispatcher.runSync(ServiceDispatcher.java:223)
>      [java] org.ofbiz.service.GenericDispatcher.runSync(GenericDispatcher.java:159)
>      [java] org.ofbiz.webapp.event.ServiceEventHandler.invoke(ServiceEventHandler.java:336)
>      [java] org.ofbiz.webapp.control.RequestHandler.runEvent(RequestHandler.java:611)
>      [java] org.ofbiz.webapp.control.RequestHandler.doRequest(RequestHandler.java:374)
>      [java] org.ofbiz.webapp.control.ControlServlet.doGet(ControlServlet.java:216)
>      [java] org.ofbiz.webapp.control.ControlServlet.doPost(ControlServlet.java:82)
>      [java] javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
>      [java] javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>      [java] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>      [java] org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>      [java] org.ofbiz.webapp.control.ContextFilter.doFilter(ContextFilter.java:265)
>      [java] org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>      [java] org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>      [java] org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>      [java] org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
>      [java] org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>      [java] org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>      [java] org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>      [java] org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568)
>      [java] org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>      [java] org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
>      [java] org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>      [java] org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>      [java] java.lang.Thread.run(Thread.java:619)
>      [java] --------------------------------------------------------------------------------
>      [java] 2009-10-23 14:36:07,313 (http-0.0.0.0-8443-1) [  ServiceDispatcher.java:532:ERROR] Error in Service [createOrderAdjustment]: Security Error : to run createOrderAdjustment you must have the ORDERMGR_CREATE or ORDERMGR_ADMIN permission

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Free forum by Nabble Edit this page