svn commit: r1221633 - in /ofbiz/trunk/specialpurpose/ecommerce: ./ data/ script/org/ofbiz/ecommerce/customer/ webapp/ecommerce/WEB-INF/ webapp/ecommerce/customer/

Author: hansbak
Date: Wed Dec 21 07:19:11 2011
New Revision: 1221633

URL: http://svn.apache.org/viewvc?rev=1221633&view=rev
Log:
in ecommerce a user could not update the filemanager section in the ecommerce profile. created a separate security group for that

Added:
    ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml   (with props)
Modified:
    ofbiz/trunk/specialpurpose/ecommerce/data/DemoOrderPeopleData.xml
    ofbiz/trunk/specialpurpose/ecommerce/ofbiz-component.xml
    ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
    ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
    ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl

Modified: ofbiz/trunk/specialpurpose/ecommerce/data/DemoOrderPeopleData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/data/DemoOrderPeopleData.xml?rev=1221633&r1=1221632&r2=1221633&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/data/DemoOrderPeopleData.xml (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/data/DemoOrderPeopleData.xml Wed Dec 21 07:19:11 2011
@@ -122,7 +122,7 @@ under the License.
     <PartyRole partyId="DemoCustomer" roleTypeId="BILL_TO_CUSTOMER"/>
     <PartyGeoPoint partyId="DemoCustomer" geoPointId="9000" fromDate="2009-01-09 00:00:00.000"/>
     <PartyRelationship partyIdFrom="DemoCustCompany" roleTypeIdFrom="ACCOUNT" partyIdTo="DemoCustomer" roleTypeIdTo="CONTACT" fromDate="2000-01-01 00:00:00.000" partyRelationshipTypeId="EMPLOYMENT"/>
-
+    <UserLoginSecurityGroup groupId="ECOMMERCE_CUSTOMER" userLoginId="DemoCustomer" fromDate="2000-01-01 00:00:00.0"/>
 
     <ContactMech contactMechId="9015" contactMechTypeId="POSTAL_ADDRESS"/>
     <PostalAddress contactMechId="9015" toName="Demo Customer" address1="2004 Factory Blvd" city="Orem" stateProvinceGeoId="UT" postalCode="84057" countryGeoId="USA" geoPointId="9000"/>

Added: ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml?rev=1221633&view=auto
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml (added)
+++ ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml Wed Dec 21 07:19:11 2011
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<entity-engine-xml>
+    <SecurityGroup description="Customer user of ECOMMERCE Limited access to own account" groupId="ECOMMERCE_CUSTOMER"/>
+    <SecurityGroupPermission groupId="ECOMMERCE_CUSTOMER" permissionId="CONTENTMGR_ROLE_CREATE"/>
+    <SecurityGroupPermission groupId="ECOMMERCE_CUSTOMER" permissionId="CONTENTMGR_ROLE_UPDATE"/>
+</entity-engine-xml>

Propchange: ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml
------------------------------------------------------------------------------
    svn:keywords = Date Rev Author URL Id

Propchange: ofbiz/trunk/specialpurpose/ecommerce/data/EcommerceSecurityData.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: ofbiz/trunk/specialpurpose/ecommerce/ofbiz-component.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/ofbiz-component.xml?rev=1221633&r1=1221632&r2=1221633&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/ofbiz-component.xml (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/ofbiz-component.xml Wed Dec 21 07:19:11 2011
@@ -25,6 +25,7 @@ under the License.
     <classpath type="jar" location="build/lib/*"/>
     <classpath type="dir" location="config"/>
     <entity-resource type="data" reader-name="seed" loader="main" location="data/EcommerceTypeData.xml"/>
+    <entity-resource type="data" reader-name="seed" loader="main" location="data/EcommerceSecurityData.xml"/>
     <entity-resource type="data" reader-name="demo" loader="main" location="data/DemoProduct.xml"/>
     <entity-resource type="data" reader-name="demo" loader="main" location="data/DemoProductImages.xml"/>
     <entity-resource type="data" reader-name="demo" loader="main" location="data/DemoSurvey.xml"/>

Modified: ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml?rev=1221633&r1=1221632&r2=1221633&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/script/org/ofbiz/ecommerce/customer/CustomerEvents.xml Wed Dec 21 07:19:11 2011
@@ -435,6 +435,12 @@ under the License.
                 <call-service-asynch service-name="sendMailFromScreen" in-map-name="emailParams" include-user-login="true"/>
             </if-not-empty>
         </if-not-empty>
+        
+        <!-- security for manage profile  -->
+        <set field="securityParams.userLoginId" from-field="createdUserLogin.userLoginId"/>
+        <set field="securityParams.groupId" value="ECOMMERCE_CUSTOMER"/>
+        <set field="securityParams.userLogin" from-field="userLogin"/>
+        <call-service service-name="addUserLoginToSecurityGroup" in-map-name="securityParams"/>
 
         <!-- tell the control servlet that we just logged in the user... -->
         <set value="TRUE" field="_LOGIN_PASSED_"/>

Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml?rev=1221633&r1=1221632&r2=1221633&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/WEB-INF/controller.xml Wed Dec 21 07:19:11 2011
@@ -1492,6 +1492,12 @@ under the License.
         <security https="true" auth="false"/>
         <response name="success" type="view" value="viewcontent"/>
     </request-map>
+    <request-map uri="img">
+        <security auth="false" https="false"/>
+        <event type="java" path="org.ofbiz.content.data.DataEvents" invoke="serveImage"/>
+        <response name="success" type="none"/>
+        <response name="error" type="view" value="main"/>
+    </request-map>
 
     <!-- TO BE REMOVED
     <request-map uri="createforumarticle">

Modified: ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl
URL: http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl?rev=1221633&r1=1221632&r2=1221633&view=diff
==============================================================================
--- ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl (original)
+++ ofbiz/trunk/specialpurpose/ecommerce/webapp/ecommerce/customer/viewprofile.ftl Wed Dec 21 07:19:11 2011
@@ -415,8 +415,13 @@ under the License.
             <td>${(status.get("description",locale))?if_exists}</td>
             <td>${contentRole.fromDate?if_exists}</td>
             <td align="right">
+              <form name="removeContent_${contentRole.contentId}" method="post" action="removePartyAsset">
+                <input name="partyId" type="hidden" value="${userLogin.partyId}"/>
+                <input name="contentId" type="hidden" value="${contentRole.contentId}"/>
+                <input name="roleTypeId" type="hidden" value="${contentRole.roleTypeId}"/>
+              </form>
               <a href="<@ofbizUrl>img/${content.contentName?if_exists}?imgId=${content.dataResourceId?if_exists}</@ofbizUrl>" class="button">${uiLabelMap.CommonView}</a>
-              <a href="<@ofbizUrl>removePartyAsset?contentId=${contentRole.contentId}&amp;partyId=${contentRole.partyId}&amp;roleTypeId=${contentRole.roleTypeId}</@ofbizUrl>" class="button">${uiLabelMap.CommonRemove}</a>
+              <a href="javascript:document.removeContent_${contentRole.contentId}.submit();" class="button">${uiLabelMap.CommonRemove}</a>
             </td>
           </tr>
         </#list>