[
https://issues.apache.org/jira/browse/OFBIZ-9763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chinmay Patidar updated OFBIZ-9763:
-----------------------------------
Attachment: OFBIZ-9763.patch
Provided the patch for the issue. Done the following:
* Removed all of the security related checks present inline.
* Converted simple-methods "checkShoppingListSecurity" and "checkShoppingListItemSecurity" into services which will be called as a permission service from the CRUD services.
* Added hasPermission flag to result of "checkShoppingListSecurity" and "checkShoppingListItemSecurity" services which are required for these services as they implement 'permissionInterface' service.
> Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem
> ------------------------------------------------------------------------------------------
>
> Key: OFBIZ-9763
> URL:
https://issues.apache.org/jira/browse/OFBIZ-9763> Project: OFBiz
> Issue Type: Improvement
> Components: ecommerce, party
> Affects Versions: Trunk, Release Branch 16.11
> Reporter: Chinmay Patidar
> Assignee: Chinmay Patidar
> Fix For: Trunk
>
> Attachments: OFBIZ-9763.patch
>
>
> In CRUD services for ShoppingList and ShoppingListItem entities, the security related checks are present inline in the services. This implementation violates the best practice of keeping security implementation different from the business logic.
> We need to implement security services for such operations and to call them as a permission-service from the CRUD operation services definition
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
