[ofbiz-framework] branch trunk updated: Improved: Move permission checks to service definitions via permission service.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ofbiz-framework] branch trunk updated: Improved: Move permission checks to service definitions via permission service.

mbrohl
This is an automated email from the ASF dual-hosted git repository.

mbrohl pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 59f05e6  Improved: Move permission checks to service definitions via permission service.
59f05e6 is described below

commit 59f05e6df119f527aba0d7c1125e86a3c2f3074f
Author: Michael Brohl <[hidden email]>
AuthorDate: Tue Feb 25 12:05:34 2020 +0100

    Improved: Move permission checks to service definitions via permission
    service.
   
    (OFBIZ-11357)
   
    Thanks Pawan Verma for the suggestion and Wiebke Pätzold for providing
    the patch.
---
 framework/common/groovyScripts/CommonServices.groovy | 7 -------
 framework/common/servicedef/services.xml             | 4 +++-
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/framework/common/groovyScripts/CommonServices.groovy b/framework/common/groovyScripts/CommonServices.groovy
index 64d5fef..0740f4c 100644
--- a/framework/common/groovyScripts/CommonServices.groovy
+++ b/framework/common/groovyScripts/CommonServices.groovy
@@ -28,9 +28,6 @@ import org.apache.ofbiz.entity.GenericValue
  */
 
 def createKeywordThesaurus() {
-    if(!(security.hasEntityPermission("CATALOG", "_CREATE", parameters.userLogin))) {
-        return error(UtilProperties.getMessage("CommonUiLabels", "CommonGenericPermissionError", parameters.locale))
-    }
 
     GenericValue newEntity = makeValue("KeywordThesaurus", parameters)
     newEntity.enteredKeyword = newEntity.enteredKeyword.toLowerCase()
@@ -46,10 +43,6 @@ def createKeywordThesaurus() {
 
 def deleteKeywordThesaurus() {
 
-    if(!(security.hasEntityPermission("CATALOG", "_DELETE", parameters.userLogin))) {
-        return error(UtilProperties.getMessage("CommonUiLabels", "CommonGenericPermissionError", parameters.locale))
-    }
-
     GenericValue newEntity = makeValue("KeywordThesaurus")
     newEntity.enteredKeyword = parameters.enteredKeyword
     if (UtilValidate.isNotEmpty(parameters.alternateKeyword)) {
diff --git a/framework/common/servicedef/services.xml b/framework/common/servicedef/services.xml
index 8ce7197..f99fa64 100644
--- a/framework/common/servicedef/services.xml
+++ b/framework/common/servicedef/services.xml
@@ -283,19 +283,21 @@ under the License.
     <service name="createKeywordThesaurus" default-entity-name="KeywordThesaurus" engine="groovy"
             location="component://common/groovyScripts/CommonServices.groovy" invoke="createKeywordThesaurus" auth="true">
         <description>Create a Keyword Thesaurus</description>
+        <permission-service service-name="catalogPermissionCheck" main-action="CREATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="false"/>
     </service>
     <service name="updateKeywordThesaurus" default-entity-name="KeywordThesaurus" engine="entity-auto"
             invoke="update" auth="true">
         <description>Update a Keyword Thesaurus</description>
-        <permission-service service-name="commonGenericPermission" main-action="UPDATE"/>
+        <permission-service service-name="catalogPermissionCheck" main-action="UPDATE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <auto-attributes include="nonpk" mode="IN" optional="false"/>
     </service>
     <service name="deleteKeywordThesaurus" default-entity-name="KeywordThesaurus" engine="groovy"
             location="component://common/groovyScripts/CommonServices.groovy" invoke="deleteKeywordThesaurus" auth="true">
         <description>Delete a Keyword Thesaurus</description>
+        <permission-service service-name="catalogPermissionCheck" main-action="DELETE"/>
         <auto-attributes include="pk" mode="IN" optional="false"/>
         <override name="alternateKeyword" optional="true"/>
     </service>