role permission checking using Security.hasRolePermission

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

role permission checking using Security.hasRolePermission

Anil Patel
Hi
The method defined in Security.hasRolePermission and its implementation in
OfBizSecutiry class provides useful service that we can use in
implementation of new Service Security implementation. Like we have
if-has-permission tag mini-lang, I am wondering if it be useful to have
if-has-role-permission tag, or its recommended to just call Java method from
mini-land code.

Any Ideas?

Regards
Anil Patel
Reply | Threaded
Open this post in threaded view
|

Re: role permission checking using Security.hasRolePermission

David E Jones

Anil,

My opinion on those methods is not good. My take on them is that they  
were a bit of an over-simplification of what usually ends up being a  
lot more complex. So, no, I'd rather not perpetuate this.

I recommend starting with the pattern used in the  
ProductServices.xml#checkProductRelatedPermission method, and then  
perhaps based on that and preferably a number of other examples of  
"real-world" use design an operation that will be certain to slim  
down the code and make our lives easier and happier.

-David


On Jan 14, 2007, at 11:49 PM, Anil Patel wrote:

> Hi
> The method defined in Security.hasRolePermission and its  
> implementation in
> OfBizSecutiry class provides useful service that we can use in
> implementation of new Service Security implementation. Like we have
> if-has-permission tag mini-lang, I am wondering if it be useful to  
> have
> if-has-role-permission tag, or its recommended to just call Java  
> method from
> mini-land code.
>
> Any Ideas?
>
> Regards
> Anil Patel


smime.p7s (3K) Download Attachment