[ofbiz-framework] branch trunk updated: Improved: Convert PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch trunk updated: Improved: Convert PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)

nmalin
This is an automated email from the ASF dual-hosted git repository.

nmalin pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new ae686c3  Improved: Convert PartyPermissionServices.xml from mini lang to groovy (OFBIZ-11433)
ae686c3 is described below

commit ae686c3ff6f724742a075e3085dc0ab517423fb2
Author: Harutyun Farajyan <[hidden email]>
AuthorDate: Tue Mar 17 16:44:35 2020 +0100

    Improved: Convert PartyPermissionServices.xml from mini lang to groovy
    (OFBIZ-11433)
   
    Thanks to Harutyun Farajyan for providing the patch
---
 .../party/PartyPermissionServices.groovy           | 280 ++++++++++++++++++++
 .../minilang/party/PartyPermissionServices.xml     | 284 ---------------------
 applications/party/servicedef/services.xml         |  51 ++--
 3 files changed, 309 insertions(+), 306 deletions(-)

diff --git a/applications/party/groovyScripts/party/PartyPermissionServices.groovy b/applications/party/groovyScripts/party/PartyPermissionServices.groovy
new file mode 100644
index 0000000..c004ddd
--- /dev/null
+++ b/applications/party/groovyScripts/party/PartyPermissionServices.groovy
@@ -0,0 +1,280 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.ofbiz.base.util.UtilProperties
+import org.apache.ofbiz.entity.GenericValue
+
+// ============== Basic Permission Checking =============
+
+//Returns hasPermission=true if user has one of the base PARTYMGR CRUD+ADMIN permissions
+/**
+ * Party Manager base permission logic
+ */
+def basePermissionCheck() {
+    parameters.primaryPermission = "PARTYMGR"
+    Map serviceResult = run service: "genericBasePermissionCheck", with: parameters
+    return serviceResult
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter
+/**
+ * Party ID Permission Check
+ */
+def partyIdPermissionCheck(Map parameters) {
+    Map result = success()
+    Boolean hasPermission
+    String partyId = parameters.partyId
+
+    if (partyId && userLogin.partyId && partyId == userLogin.partyId) {
+        hasPermission = true
+    } else {
+        String resourceDescription = parameters.resourceDescription
+        if (!resourceDescription) {
+            resourceDescription = UtilProperties.getPropertyValue("CommonUiLabels", "CommonPermissionThisOperation")
+        }
+        String failMessage = UtilProperties.getMessage("PartyUiLabels",
+                "PartyPermissionErrorPartyId", [resourceDescription: resourceDescription], parameters.locale)
+        hasPermission = false
+        result.failMessage = failMessage
+    }
+    result.hasPermission = hasPermission
+    return result
+}
+
+//Returns hasPermission=true if userLogin party equals partyId parameter OR
+//      user has one of the base PARTYMGR CRUD+ADMIN permissions
+/**
+ * Base Permission Plus Party ID Permission Check
+ */
+def basePlusPartyIdPermissionCheck() {
+    Map result = run service: "basePermissionCheck", with: parameters
+    if (!result.hasPermission) {
+        result = partyIdPermissionCheck(parameters)
+    }
+    return result
+}
+
+// ============== Additional Permission Checking =============
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+//       user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions
+/**
+ * Party status permission logic
+ */
+def partyStatusPermissionCheck() {
+    Map result = success()
+    Boolean hasPermission = false
+    if (parameters.partyId && parameters.partyId == userLogin.partyId) {
+        hasPermission = true
+        result.hasPermission = hasPermission
+    }
+    if (!hasPermission) {
+        parameters.altPermission = "PARTYMGR_STS"
+        result = run service: "basePermissionCheck", with: parameters
+    }
+    return result
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+//       user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions
+/**
+ * Party group permission logic
+ */
+def partyGroupPermissionCheck() {
+    parameters.altPermission = "PARTYMGR_GRP"
+    Map result = run service: "partyStatusPermissionCheck", with: parameters
+    return result
+}
+
+//Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_SRC CRUD+ADMIN permissions
+/**
+ * Party datasource permission logic
+ */
+def partyDatasourcePermissionCheck() {
+    parameters.altPermission = "PARTYMGR_SRC"
+    Map result = run service: "basePermissionCheck", with: parameters
+    return result
+}
+
+//Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_ROLE CRUD+ADMIN permissions
+/**
+ * Party role permission logic
+ */
+def partyRolePermissionCheck() {
+    parameters.altPermission = "PARTYMGR_ROLE"
+    Map result = run service: "partyStatusPermissionCheck", with: parameters
+    return result
+}
+
+//Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_REL CRUD+ADMIN permissions
+/**
+ * Party relationship permission logic
+ */
+def partyRelationshipPermissionCheck() {
+    Map result = success()
+    if (!parameters.partyIdFrom) {
+        parameters.partyIdFrom = userLogin.partyId
+        result.hasPermission = true
+    } else {
+        parameters.altPermission = "PARTYMGR_REL"
+        result = run service: "basePermissionCheck", with: parameters
+    }
+    return result
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+//       user has one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions
+/**
+ * Party contact mech permission logic
+ */
+def partyContactMechPermissionCheck() {
+    Map result = success()
+    if (!parameters.partyId || userLogin.partyId == parameters.partyId) {
+        Boolean hasPermission = true
+        result.hasPermission = hasPermission
+    } else {
+        parameters.altPermission = "PARTYMGR_PCM"
+        result = run service: "basePermissionCheck", with: parameters
+    }
+    return result
+}
+
+//Accept/Decline PartyInvitation Permission Checks
+/**
+ * Accept and Decline PartyInvitation Permission Logic
+ */
+def accAndDecPartyInvitationPermissionCheck() {
+    Map result = success()
+    Boolean hasPermission = false
+    if (security.hasEntityPermission("PARTYMGR_UPDATE", "_UPDATE", parameters.userLogin)) {
+        hasPermission = true
+        result.hasPermission = hasPermission
+    }
+    if (!hasPermission) {
+        GenericValue partyInvitation = from("PartyInvitation").where(parameters).queryOne()
+        if (!partyInvitation?.partyId) {
+            if (!partyInvitation?.emailAddress) {
+                return error(UtilProperties.getMessage("PartyUiLabels",
+                        "PartyInvitationNotValidError", parameters.locale))
+            } else {
+                Map serviceResult = run service: "findPartyFromEmailAddress", with: [address: partyInvitation.emailAddress]
+                String partyId = serviceResult.partyId
+                if (partyId && partyId == userLogin.partyId) {
+                    hasPermission = true
+                    result.hasPermission = hasPermission
+                } else {
+                    return error(UtilProperties.getMessage("PartyUiLabels",
+                            "PartyInvitationNotValidError", parameters.locale))
+                }
+            }
+        } else {
+            if (partyInvitation.partyId == userLogin.partyId) {
+                hasPermission = true
+                result.hasPermission = hasPermission
+            }
+        }
+    }
+    if (!hasPermission) {
+        String failMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationAccAndDecPermissionError", parameters.locale)
+        logWarning(failMessage)
+        result.failMessage = failMessage
+        result.hasPermission = hasPermission
+    }
+    return result
+}
+
+//Cancel PartyInvitation Permission Checks
+/**
+ * Cancel PartyInvitation Permission Logic
+ */
+def cancelPartyInvitationPermissionCheck() {
+    Map result = success()
+    Boolean hasPermission = false
+    if (security.hasEntityPermission("PARTYMGR_UPDATE", "_UPDATE", parameters.userLogin)) {
+        hasPermission = true
+        result.hasPermission = hasPermission
+    }
+    if (!hasPermission) {
+        GenericValue partyInvitation = from("PartyInvitation").where(parameters).queryOne()
+        if (partyInvitation?.partyIdFrom
+                && partyInvitation.partyIdFrom == userLogin.partyId) {
+            hasPermission = true
+            result.hasPermission = hasPermission
+        }
+        if (!hasPermission) {
+            if (!partyInvitation?.partyId) {
+                if (!partyInvitation?.emailAddress) {
+                    String errorMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationNotValidError", parameters.locale)
+                    logError(errorMessage)
+                    return error(errorMessage)
+                } else {
+                    Map findPartyCtx = [address: partyInvitation.emailAddress]
+                    Map serviceResult = run service: "findPartyFromEmailAddress", with: findPartyCtx
+                    String partyId = serviceResult.partyId
+                    if (partyId) {
+                        if (partyId == userLogin.partyId) {
+                            hasPermission = true
+                            result.hasPermission = hasPermission
+                        }
+                    } else {
+                        String errorMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationNotValidError", parameters.locale)
+                        logError(errorMessage)
+                        return error(errorMessage)
+                    }
+                }
+            } else {
+                if (partyInvitation?.partyId == userLogin.partyId) {
+                    hasPermission = true
+                    result.hasPermission = hasPermission
+                }
+            }
+        }
+    }
+    if (!hasPermission) {
+        String failMessage = UtilProperties.getMessage("PartyUiLabels", "PartyInvitationCancelPermissionError", parameters.locale)
+        logWarning(failMessage)
+        result.failMessage = failMessage
+        result.hasPermission = hasPermission
+    }
+    return result
+}
+
+//Returns hasPermission=true if userLogin partyId equals partyIdFrom parameter OR
+//       partyIdTo parameter OR user has one of the base PARTYMGR or PARTYMGR_CME CRUD+ADMIN permissions
+/**
+ * Communication Event permission logic
+ */
+def partyCommunicationEventPermissionCheck() {
+    Map result = success()
+    if (parameters.communicationEventTypeId == "EMAIL_COMMUNICATION" && parameters.mainAction == "CREATE") {
+        parameters.altPermission = "PARTYMGR_CME-EMAIL"
+    } else if (parameters.communicationEventTypeId == "COMMENT_NOTE" && parameters.mainAction == "CREATE") {
+        parameters.altPermission = "PARTYMGR_CME-NOTE"
+    } else if (parameters.partyIdFrom != userLogin.partyId
+            && parameters.partyIdTo != userLogin.partyId
+            && parameters.partyId != userLogin.partyId) { // <- update role
+        parameters.altPermission = "PARTYMGR_CME"
+    } else {
+        result.hasPermission = true
+    }
+    if (!result.hasPermission) {
+        result = run service: "basePermissionCheck", with: parameters
+    }
+    return result
+}
\ No newline at end of file
diff --git a/applications/party/minilang/party/PartyPermissionServices.xml b/applications/party/minilang/party/PartyPermissionServices.xml
deleted file mode 100644
index a11321d..0000000
--- a/applications/party/minilang/party/PartyPermissionServices.xml
+++ /dev/null
@@ -1,284 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-        xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd">
-
-    <!-- ============== Basic Permission Checking ============= -->
-
-    <!-- Returns hasPermission=true if user has one of the base PARTYMGR CRUD+ADMIN permissions -->
-    <simple-method method-name="basePermissionCheck" short-description="Party Manager base permission logic">
-        <set field="primaryPermission" value="PARTYMGR"/>
-        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter -->
-    <simple-method method-name="partyIdPermissionCheck" short-description="Party ID Permission Check">
-        <if-empty field="partyId">
-            <set field="partyId" from-field="parameters.partyId"/>
-        </if-empty>
-        <if>
-            <condition>
-                <and>
-                    <not><if-empty field="partyId"/></not>
-                    <not><if-empty field="userLogin.partyId"/></not>
-                    <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals"/>
-                </and>
-            </condition>
-            <then>
-                <set field="hasPermission" type="Boolean" value="true"/>
-            </then>
-            <else>
-                <set field="resourceDescription" from-field="parameters.resourceDescription"/>
-                <if-empty field="resourceDescription">
-                    <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="resourceDescription"/>
-                </if-empty>
-                <property-to-field resource="PartyUiLabels" property="PartyPermissionErrorPartyId" field="failMessage"/>
-                <set field="hasPermission" type="Boolean" value="false"/>
-                <field-to-result field="failMessage"/>
-            </else>
-        </if>
-        <field-to-result field="hasPermission"/>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if userLogin party equals partyId parameter OR
-        user has one of the base PARTYMGR CRUD+ADMIN permissions -->
-    <simple-method method-name="basePlusPartyIdPermissionCheck" short-description="Base Permission Plus Party ID Permission Check">
-        <call-simple-method method-name="basePermissionCheck"/>
-        <if-compare field="hasPermission" operator="not-equals" value="true">
-            <call-simple-method method-name="partyIdPermissionCheck"/>
-        </if-compare>
-    </simple-method>
-
-    <!-- ============== Additional Permission Checking ============= -->
-
-    <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
-         user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions -->
-    <simple-method method-name="partyStatusPermissionCheck" short-description="Party status permission logic">
-        <set field="hasPermission" type="Boolean" value="false"/>
-        <if-not-empty field="parameters.partyId">
-            <if-compare-field field="parameters.partyId" to-field="userLogin.partyId" operator="equals">
-                <set field="hasPermission" type="Boolean" value="true"/>
-                <field-to-result field="hasPermission"/>
-            </if-compare-field>
-        </if-not-empty>
-        <if-compare field="hasPermission" operator="not-equals" value="true">
-            <set field="altPermission" value="PARTYMGR_STS"/>
-            <call-simple-method method-name="basePermissionCheck"/>
-        </if-compare>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
-         user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions -->
-    <simple-method method-name="partyGroupPermissionCheck" short-description="Party group permission logic">
-        <set field="altPermission" value="PARTYMGR_GRP"/>
-        <call-simple-method method-name="basePlusPartyIdPermissionCheck"/>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_SRC CRUD+ADMIN permissions -->
-    <simple-method method-name="partyDatasourcePermissionCheck" short-description="Party datasource permission logic">
-        <set field="altPermission" value="PARTYMGR_SRC"/>
-        <call-simple-method method-name="basePermissionCheck"/>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_ROLE CRUD+ADMIN permissions -->
-    <simple-method method-name="partyRolePermissionCheck" short-description="Party role permission logic">
-        <set field="altPermission" value="PARTYMGR_ROLE"/>
-        <call-simple-method method-name="basePlusPartyIdPermissionCheck"/>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_REL CRUD+ADMIN permissions -->
-    <simple-method method-name="partyRelationshipPermissionCheck" short-description="Party relationship permission logic">
-        <if-empty field="parameters.partyIdFrom">
-            <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/>
-            <set field="hasPermission" type="Boolean" value="true"/>
-            <field-to-result field="hasPermission"/>
-            <else>
-                <set field="altPermission" value="PARTYMGR_REL"/>
-                <call-simple-method method-name="basePermissionCheck"/>
-            </else>
-        </if-empty>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
-         user has one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions -->
-    <simple-method method-name="partyContactMechPermissionCheck" short-description="Party contact mech permission logic">
-        <if-empty field="parameters.partyId">
-            <set field="parameters.partyId" from-field="userLogin.partyId"/>
-        </if-empty>
-        <if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals">
-            <set field="hasPermission" type="Boolean" value="true"/>
-            <field-to-result field="hasPermission"/>
-
-            <else>
-                <set field="altPermission" value="PARTYMGR_PCM"/>
-                <call-simple-method method-name="basePermissionCheck"/>
-            </else>
-        </if-compare-field>
-    </simple-method>
-
-    <!-- Accept/Decline/Cancel PartyInvitation Permission Checks -->
-    <simple-method method-name="accAndDecPartyInvitationPermissionCheck" short-description="Accept and Decline PartyInvitation Permission Logic">
-        <set field="hasPermission" type="Boolean" value="false"/>
-        <if-has-permission permission="PARTYMGR_UPDATE" action="_UPDATE">
-            <set field="hasPermission" type="Boolean" value="true"/>
-            <field-to-result field="hasPermission"/>
-        </if-has-permission>
-        <if-compare field="hasPermission" operator="not-equals" value="true">
-            <entity-one entity-name="PartyInvitation" value-field="partyInvitation"/>
-            <if-empty field="partyInvitation.partyId">
-                <if-empty field="partyInvitation.emailAddress">
-                    <add-error>
-                        <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
-                    </add-error>
-                <else>
-                    <set field="findPartyCtx.address" from-field="partyInvitation.emailAddress"/>
-                    <call-service service-name="findPartyFromEmailAddress" in-map-name="findPartyCtx">
-                        <result-to-field result-name="partyId" field="partyId"/>
-                    </call-service>
-                    <if-not-empty field="partyId">
-                        <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals">
-                            <set field="hasPermission" type="Boolean" value="true"/>
-                            <field-to-result field="hasPermission"/>
-                        </if-compare-field>
-                    <else>
-                        <add-error>
-                            <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
-                        </add-error>
-                    </else>
-                    </if-not-empty>
-                </else>
-                </if-empty>
-            <else>
-                <if-compare-field field="partyInvitation.partyId" to-field="userLogin.partyId" operator="equals">
-                    <set field="hasPermission" type="Boolean" value="true"/>
-                    <field-to-result field="hasPermission"/>
-                </if-compare-field>
-            </else>
-            </if-empty>
-            <check-errors/>
-        </if-compare>
-        <if-compare field="hasPermission" operator="not-equals" value="true">
-            <property-to-field property="PartyInvitationAccAndDecPermissionError" field="failMessage" resource="PartyUiLabels"/>
-            <field-to-result field="hasPermission"/>
-            <field-to-result field="failMessage"/>
-        </if-compare>
-    </simple-method>
-    <simple-method method-name="cancelPartyInvitationPermissionCheck" short-description="Cancel PartyInvitation Permission Logic">
-        <set field="hasPermission" type="Boolean" value="false"/>
-        <if-has-permission permission="PARTYMGR_UPDATE" action="_UPDATE">
-            <set field="hasPermission" type="Boolean" value="true"/>
-            <field-to-result field="hasPermission"/>
-        </if-has-permission>
-        <if-compare field="hasPermission" operator="not-equals" value="true">
-            <entity-one entity-name="PartyInvitation" value-field="partyInvitation"/>
-            <if-not-empty field="partyInvitation.partyIdFrom">
-                <if-compare-field field="partyInvitation.partyIdFrom" to-field="userLogin.partyId" operator="equals">
-                    <set field="hasPermission" type="Boolean" value="true"/>
-                    <field-to-result field="hasPermission"/>
-                </if-compare-field>
-            </if-not-empty>
-            <if-compare field="hasPermission" operator="not-equals" value="true">
-                <if-empty field="partyInvitation.partyId">
-                    <if-empty field="partyInvitation.emailAddress">
-                        <add-error>
-                            <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
-                        </add-error>
-                    <else>
-                        <set field="findPartyCtx.address" from-field="partyInvitation.emailAddress"/>
-                        <call-service service-name="findPartyFromEmailAddress" in-map-name="findPartyCtx">
-                            <result-to-field result-name="partyId" field="partyId"/>
-                        </call-service>
-                        <if-not-empty field="partyId">
-                            <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals">
-                                <set field="hasPermission" type="Boolean" value="true"/>
-                                <field-to-result field="hasPermission"/>
-                            </if-compare-field>
-                        <else>
-                            <add-error>
-                                <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/>
-                            </add-error>
-                        </else>
-                        </if-not-empty>
-                    </else>
-                    </if-empty>
-                <else>
-                    <if-compare-field field="partyInvitation.partyId" to-field="userLogin.partyId" operator="equals">
-                        <set field="hasPermission" type="Boolean" value="true"/>
-                        <field-to-result field="hasPermission"/>
-                    </if-compare-field>
-                </else>
-                </if-empty>
-                <check-errors/>
-            </if-compare>
-        </if-compare>
-        <if-compare field="hasPermission" operator="not-equals" value="true">
-            <property-to-field property="PartyInvitationCancelPermissionError" field="failMessage" resource="PartyUiLabels"/>
-            <field-to-result field="hasPermission"/>
-            <field-to-result field="failMessage"/>
-        </if-compare>
-    </simple-method>
-
-    <!-- Returns hasPermission=true if userLogin partyId equals partyIdFrom parameter OR
-         partyIdTo parameter OR user has one of the base PARTYMGR or PARTYMGR_CME CRUD+ADMIN permissions -->
-    <simple-method method-name="partyCommunicationEventPermissionCheck" short-description="Communication Event permission logic">
-        <if>
-            <condition>
-                <and>
-                    <if-compare operator="equals" value="EMAIL_COMMUNICATION" field="parameters.communicationEventTypeId"/>
-                    <if-compare operator="equals" value="CREATE" field="action"/>
-                </and>
-            </condition>
-            <then>
-                <set field="altPermission" value="PARTYMGR_CME-EMAIL"/>
-                <call-simple-method method-name="basePermissionCheck"/>
-            </then>
-            <else-if>
-                <condition>
-                    <and>
-                        <if-compare operator="equals" value="COMMENT_NOTE" field="parameters.communicationEventTypeId"/>
-                        <if-compare operator="equals" value="CREATE" field="action"/>
-                    </and>
-                </condition>
-                <then>
-                    <set field="altPermission" value="PARTYMGR_CME-NOTE"/>
-                    <call-simple-method method-name="basePermissionCheck"/>
-                </then>
-            </else-if>
-            <else-if>
-                <condition>
-                    <and>
-                        <if-compare-field field="parameters.partyIdFrom" to-field="userLogin.partyId" operator="not-equals"/>
-                        <if-compare-field field="parameters.partyIdTo" to-field="userLogin.partyId" operator="not-equals"/>
-                        <if-compare-field field="parameters.partyId" to-field="userLogin.partyId" operator="not-equals"/><!-- update role -->
-                    </and>
-                </condition>
-                <then>
-                    <set field="altPermission" value="PARTYMGR_CME"/>
-                    <call-simple-method method-name="basePermissionCheck"/>
-                </then>
-            </else-if>
-            <else>
-                <set field="hasPermission" type="Boolean" value="true"/>
-                <field-to-result field="hasPermission"/>
-            </else>
-        </if>
-    </simple-method>
-</simple-methods>
diff --git a/applications/party/servicedef/services.xml b/applications/party/servicedef/services.xml
index 00b7109..b26dcfc 100644
--- a/applications/party/servicedef/services.xml
+++ b/applications/party/servicedef/services.xml
@@ -1102,16 +1102,23 @@ under the License.
     </service>
 
     <!-- Permission checking services-->
-    <service name="partyBasePermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="basePermissionCheck">
+    <service name="partyBasePermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="basePermissionCheck">
         <description>
             Performs a basic Party Manager security check. The user must have one of the base PARTYMGR
             CRUD+ADMIN permissions.
         </description>
         <implements service="permissionInterface"/>
     </service>
-    <service name="partyIdPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="basePlusPartyIdPermissionCheck">
+    <service name="basePermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="basePermissionCheck">
+        <description>
+            Performs a basic security check. The user must have the base PARTYMGR  permission.
+        </description>
+        <implements service="permissionInterface"/>
+    </service>
+    <service name="partyIdPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="basePlusPartyIdPermissionCheck">
         <description>
             Performs a party ID security check. The userLogin partyId must equal
             the partyId parameter, or the logged-in user must have the correct permission
@@ -1120,8 +1127,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
     </service>
-    <service name="partyStatusPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyStatusPermissionCheck">
+    <service name="partyStatusPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyStatusPermissionCheck">
         <description>
             Performs a party status security check. The userLogin partyId must equal the partyId parameter OR
             the user must have one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions.
@@ -1129,8 +1136,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyId" type="String" mode="IN" optional="true"/>
     </service>
-    <service name="partyGroupPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyGroupPermissionCheck">
+    <service name="partyGroupPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyGroupPermissionCheck">
         <description>
             Performs a party group security check. The userLogin partyId must equal the partyId parameter OR
             the user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions.
@@ -1138,16 +1145,16 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
     </service>
-    <service name="partyDatasourcePermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyDatasourcePermissionCheck">
+    <service name="partyDatasourcePermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyDatasourcePermissionCheck">
         <description>
             Performs a party datasource security check. The user must have one of the base PARTYMGR or
             PARTYMGR_SRC CRUD+ADMIN permissions.
         </description>
         <implements service="permissionInterface"/>
     </service>
-    <service name="partyRolePermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyRolePermissionCheck">
+    <service name="partyRolePermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyRolePermissionCheck">
         <description>
             Performs a party role security check. The user must have one of the base PARTYMGR or
             PARTYMGR_ROLE CRUD+ADMIN permissions.
@@ -1155,8 +1162,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
     </service>
-    <service name="partyRelationshipPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyRelationshipPermissionCheck">
+    <service name="partyRelationshipPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyRelationshipPermissionCheck">
         <description>
             Performs a party relationship security check. The user must have one of the base PARTYMGR or
             PARTYMGR_REL CRUD+ADMIN permissions.
@@ -1164,8 +1171,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyIdFrom" type="String" mode="IN" optional="true"/>
     </service>
-    <service name="partyContactMechPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyContactMechPermissionCheck">
+    <service name="partyContactMechPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyContactMechPermissionCheck">
         <description>
             Performs a party contact mech security check. The userLogin partyId must equal the partyId parameter OR
             the user must have one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions.
@@ -1173,8 +1180,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyId" type="String" mode="IN" optional="true"/>
     </service>
-    <service name="accAndDecPartyInvitationPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="accAndDecPartyInvitationPermissionCheck">
+    <service name="accAndDecPartyInvitationPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="accAndDecPartyInvitationPermissionCheck">
         <description>
             Performs accept and decline PartyInvitation security check. The userLogin partyId must equal the
             partyIdTo in PartyInvitation OR partyId fetched using emailAdress in PartyInvitation.
@@ -1183,8 +1190,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyInvitationId" type="String" mode="IN" optional="false"/>
     </service>
-    <service name="cancelPartyInvitationPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="cancelPartyInvitationPermissionCheck">
+    <service name="cancelPartyInvitationPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="cancelPartyInvitationPermissionCheck">
         <description>
             Performs cancel PartyInvitation security check. The userLogin partyId must equal the
             partyId/partyIdFrom in PartyInvitation OR partyId fetched using emailAdress in PartyInvitation.
@@ -1193,8 +1200,8 @@ under the License.
         <implements service="permissionInterface"/>
         <attribute name="partyInvitationId" type="String" mode="IN" optional="false"/>
     </service>
-    <service name="partyCommunicationEventPermissionCheck" engine="simple"
-            location="component://party/minilang/party/PartyPermissionServices.xml" invoke="partyCommunicationEventPermissionCheck">
+    <service name="partyCommunicationEventPermissionCheck" engine="groovy"
+            location="component://party/groovyScripts/party/PartyPermissionServices.groovy" invoke="partyCommunicationEventPermissionCheck">
         <description>Party CommunicationEvents Permission Checking Logic</description>
         <implements service="permissionInterface"/>
         <attribute name="partyIdFrom" type="String" mode="IN" optional="true"/>