svn commit: r1294291 - in /ofbiz/trunk/applications/order: script/org/ofbiz/order/order/OrderSimpleMethods.xml servicedef/services.xml

Author: jacopoc
Date: Mon Feb 27 19:26:23 2012
New Revision: 1294291

URL: http://svn.apache.org/viewvc?rev=1294291&view=rev
Log:
Fixed permission service for creation/update of order adjustment that was completely wrong (probably because it has been copied from another service from the Party component and then not properly completed): the end result was that the service always granted the rights to perform the task.
As a side note, the service is still using incorrectly the _ROLE permission but this is a broader issue (a wrong pattern used everywhere in OFBiz) and for this I would like to fix it everywhere after discussion with the community.

Modified:
    ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
    ofbiz/trunk/applications/order/servicedef/services.xml

Modified: ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml?rev=1294291&r1=1294290&r2=1294291&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml (original)
+++ ofbiz/trunk/applications/order/script/org/ofbiz/order/order/OrderSimpleMethods.xml Mon Feb 27 19:26:23 2012
@@ -21,40 +21,28 @@ under the License.
 <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
 
-    <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter
-         Only the order owner should be able to cancel an item from Ecommerce
-    -->
-    <simple-method method-name="orderAdjustmentPermissionCheck" short-description="Party contact mech permission logic">
-        <if-empty field="parameters.partyId">
-            <set field="parameters.partyId" from-field="userLogin.partyId"/>
-        </if-empty>
-        <if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals">
-            <set field="hasPermission" type="Boolean" value="true"/>
-            <field-to-result field="hasPermission"/>
+    <simple-method method-name="orderAdjustmentPermissionCheck" short-description="Permission service for the creation and editing of order adjustments">
+        <set field="primaryPermission" value="ORDERMGR"/>
+        <set field="altPermission" value="ORDERMGR_ROLE"/>
+        <set field="mainAction" from-field="parameters.mainAction"/>
+        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+        <if-compare field="hasPermission" operator="not-equals" value="true">
+            <set field="resourceDescription" from-field="parameters.resourceDescription"/>
+            <if-empty field="resourceDescription">
+                <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="resourceDescription"/>
+            </if-empty>
+            <if-compare field="mainAction" value="CREATE" operator="equals">
+                <property-to-field resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateOrderAdjustement" field="failMessage"/>
+            </if-compare>
+            <if-compare field="mainAction" value="UPDATE" operator="equals">
+                <property-to-field resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunAutoCreateOrderAdjustments" field="failMessage"/>
+            </if-compare>
+            <set field="hasPermission" type="Boolean" value="false"/>
+            <field-to-result field="failMessage"/>
             <else>
-                <set field="primaryPermission" value="ORDERMGR"/>
-                <set field="altPermission" value="ORDERMGR_ROLE"/>
-                <set field="mainAction" from-field="parameters.mainAction"/>
-                <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml"/>
-                <if-compare field="hasPermission" operator="not-equals" value="true">
-                    <set field="resourceDescription" from-field="parameters.resourceDescription"/>
-                    <if-empty field="resourceDescription">
-                        <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="resourceDescription"/>
-                    </if-empty>
-                    <if-compare field="mainAction" value="CREATE" operator="equals">
-                        <property-to-field resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateOrderAdjustement" field="failMessage"/>                        
-                    </if-compare>
-                    <if-compare field="mainAction" value="UPDATE" operator="equals">
-                        <property-to-field resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunAutoCreateOrderAdjustments" field="failMessage"/>                        
-                    </if-compare>
-                    <set field="hasPermission" type="Boolean" value="false"/>
-                    <field-to-result field="failMessage"/>
-                    <else>
-                        <field-to-result field="hasPermission"/>                        
-                    </else>
-                </if-compare>
+                <field-to-result field="hasPermission"/>
             </else>
-        </if-compare-field>
+        </if-compare>
     </simple-method>
 
     <simple-method method-name="createOrderAdjustment" short-description="Create an OrderAdjustment">

Modified: ofbiz/trunk/applications/order/servicedef/services.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services.xml?rev=1294291&r1=1294290&r2=1294291&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/order/servicedef/services.xml Mon Feb 27 19:26:23 2012
@@ -184,12 +184,8 @@ under the License.
 
     <service name="orderAdjustmentPermissionCheck" engine="simple"
             location="component://order/script/org/ofbiz/order/order/OrderSimpleMethods.xml" invoke="orderAdjustmentPermissionCheck">
-        <description>
-            Performs a party contact mech security check. The userLogin partyId must equal the partyId parameter.
-            Only the order owner should be able to cancel an item from Ecommerce.
-        </description>
+        <description>Permission service for the creation and editing of order adjustments</description>
         <implements service="permissionInterface"/>
-        <attribute name="partyId" type="String" mode="IN" optional="true"/>
     </service>
 
     <service name="createOrderAdjustment" default-entity-name="OrderAdjustment" engine="simple"