svn commit: r1813619 - in /ofbiz/ofbiz-framework/trunk/applications/order: minilang/shoppinglist/ShoppingListServices.xml servicedef/services_shoppinglist.xml

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1813619 - in /ofbiz/ofbiz-framework/trunk/applications/order: minilang/shoppinglist/ShoppingListServices.xml servicedef/services_shoppinglist.xml

Arun Patidar-4
Author: arunpatidar
Date: Sat Oct 28 12:41:46 2017
New Revision: 1813619

URL: http://svn.apache.org/viewvc?rev=1813619&view=rev
Log:
IMPROVED: Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem. (OFBIZ-9763)
Thanks Chinmay Patidar for your contribution.

Modified:
    ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
    ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml

Modified: ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml?rev=1813619&r1=1813618&r2=1813619&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml (original)
+++ ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml Sat Oct 28 12:41:46 2017
@@ -21,22 +21,6 @@ under the License.
 <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd">
     <simple-method method-name="createShoppingList" short-description="Create a ShoppingList" login-required="false">
-        <if>
-            <condition>
-                  <and>
-                    <not><if-empty field="userLogin"/></not>
-                    <not><if-compare field="userLogin.userLoginId" operator="equals" value="anonymous"/></not>
-                    <not><if-empty field="parameters.partyId"/></not>
-                    <not><if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"/></not>
-                    <not><if-has-permission permission="PARTYMGR" action="_CREATE"/></not>
-                </and>
-            </condition>
-            <then>
-                <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateShoppingListForAnotherParty"/></add-error>
-            </then>
-        </if>
-        <check-errors/>
-
         <make-value entity-name="ShoppingList" value-field="newEntity"/>
         <set-nonpk-fields map="parameters" value-field="newEntity"/>
 
@@ -74,11 +58,6 @@ under the License.
     <simple-method method-name="updateShoppingList" short-description="Update a ShoppingList">
         <entity-one entity-name="ShoppingList" value-field="shoppingList"/>
 
-        <set field="parentMethodName" value="updateShoppingList"/>
-        <set field="permissionAction" value="UPDATE"/>
-        <call-simple-method method-name="checkShoppingListSecurity"/>
-        <check-errors/>
-
         <set-nonpk-fields map="parameters" value-field="shoppingList"/>
 
         <!-- don't let auto-reorders be active unless there is some recurrence info -->
@@ -105,11 +84,6 @@ under the License.
     <simple-method method-name="removeShoppingList" short-description="Remove a ShoppingList">
         <entity-one entity-name="ShoppingList" value-field="shoppingList"/>
 
-        <set field="parentMethodName" value="removeShoppingList"/>
-        <set field="permissionAction" value="DELETE"/>
-        <call-simple-method method-name="checkShoppingListSecurity"/>
-        <check-errors/>
-
         <remove-value value-field="shoppingList"/>
     </simple-method>
 
@@ -122,19 +96,6 @@ under the License.
             <set field="parentMethodName" value="createShoppingListItem"/>
             <set field="permissionAction" value="CREATE"/>
             <entity-one entity-name="ShoppingList" value-field="shoppingList"/>
-            <if>
-                <condition>
-                    <and>
-                        <not><if-empty field="shoppingList.partyId"/></not>
-                        <not><if-compare-field field="userLogin.partyId" to-field="shoppingList.partyId" operator="equals"/></not>
-                        <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not>
-                    </and>
-                </condition>
-                <then>
-                    <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
-                </then>
-            </if>
-            <check-errors/>
 
             <entity-one entity-name="Product" value-field="product"/>
             <if-empty field="product">
@@ -169,11 +130,6 @@ under the License.
     </simple-method>
 
     <simple-method method-name="updateShoppingListItem" short-description="Update a ShoppingListItem">
-        <set field="parentMethodName" value="updateShoppingListItem"/>
-        <set field="permissionAction" value="UPDATE"/>
-        <call-simple-method method-name="checkShoppingListItemSecurity"/>
-        <check-errors/>
-
         <entity-one entity-name="ShoppingList" value-field="shoppingList"/>
         <entity-one entity-name="ShoppingListItem" value-field="shoppingListItem"/>
         <set-nonpk-fields map="parameters" value-field="shoppingListItem"/>
@@ -186,11 +142,6 @@ under the License.
     </simple-method>
 
     <simple-method method-name="removeShoppingListItem" short-description="Remove a ShoppingListItem">
-        <set field="parentMethodName" value="removeShoppingListItem"/>
-        <set field="permissionAction" value="DELETE"/>
-        <call-simple-method method-name="checkShoppingListItemSecurity"/>
-        <check-errors/>
-
         <entity-one entity-name="ShoppingList" value-field="shoppingList"/>
         <entity-one entity-name="ShoppingListItem" value-field="shoppingListItem"/>
         <remove-value value-field="shoppingListItem"/>
@@ -219,9 +170,13 @@ under the License.
     </simple-method>
 
     <simple-method method-name="calculateShoppingListDeepTotalPrice" short-description="Calculate Deep Total Price for a ShoppingList">
-        <set field="parentMethodName" value="calculateShoppingListDeepTotalPrice"/>
-        <set field="permissionAction" value="VIEW"/>
-        <call-simple-method method-name="checkShoppingListItemSecurity"/>
+        <set-service-fields service-name="checkShoppingListItemSecurity" map="parameters" to-map="serviceInMap"/>
+        <call-service service-name="checkShoppingListItemSecurity" in-map-name="serviceInMap">
+            <result-to-field result-name="hasPermission" field="hasPermission"/>
+        </call-service>
+        <if-compare field="hasPermission" operator="equals" value="false" type="Boolean">
+            <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
+        </if-compare>
         <check-errors/>
 
         <set from-field="parameters.prodCatalogId" field="calcPriceInBaseMap.prodCatalogId"/>
@@ -282,23 +237,33 @@ under the License.
     </simple-method>
 
     <simple-method method-name="checkShoppingListSecurity" short-description="Checks security on a ShoppingList">
+        <set field="hasPermission" value="false" type="Boolean"/>
         <if>
             <condition>
                 <and>
-                    <not><if-compare-field to-field="shoppingList.partyId" field="userLogin.partyId" operator="equals"/></not>
+                    <not><if-empty field="userLogin"/></not>
+                    <not><if-compare field="userLogin.userLoginId" operator="equals" value="anonymous"/></not>
+                    <not><if-empty field="parameters.partyId"/></not>
+                    <not><if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"/></not>
                     <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not>
                 </and>
             </condition>
             <then>
                 <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
             </then>
+            <else>
+                <set field="hasPermission" value="true" type="Boolean"/>
+            </else>
         </if>
+        <field-to-result field="hasPermission"/>
     </simple-method>
     <simple-method method-name="checkShoppingListItemSecurity" short-description="Checks security on a ShoppingListItem">
+        <set field="hasPermission" value="false" type="Boolean"/>
         <entity-one entity-name="ShoppingList" value-field="shoppingList"/>
         <if>
             <condition>
                 <and>
+                    <not><if-empty field="shoppingList.partyId"/></not>
                     <not><if-compare-field field="userLogin.partyId" to-field="shoppingList.partyId" operator="equals"/></not>
                     <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not>
                 </and>
@@ -306,7 +271,11 @@ under the License.
             <then>
                 <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error>
             </then>
+            <else>
+                <set field="hasPermission" value="true" type="Boolean"/>
+            </else>
         </if>
+        <field-to-result field="hasPermission"/>
     </simple-method>
     <simple-method method-name="addSuggestionsToShoppingList" short-description="Add suggestions to a shopping list">
         <!-- first check the ProductStore.enableAutoSuggestionList indicator -->

Modified: ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml?rev=1813619&r1=1813618&r2=1813619&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml (original)
+++ ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml Sat Oct 28 12:41:46 2017
@@ -35,6 +35,7 @@ under the License.
         <description>Create a shopping list entity</description>
         <implements service="createShoppingListRecurrence"/>
         <implements service="shoppingListInterface"/>
+        <permission-service service-name="checkShoppingListSecurity" main-action="CREATE"/>
         <attribute name="shoppingListId" type="String" mode="OUT" optional="false"/>
     </service>
     <service name="updateShoppingList" engine="simple" auth="true"
@@ -42,13 +43,21 @@ under the License.
         <description>Update a shopping list entity</description>
         <implements service="createShoppingListRecurrence"/>
         <implements service="shoppingListInterface"/>
+        <permission-service service-name="checkShoppingListSecurity" main-action="UPDATE"/>
         <attribute name="shoppingListId" type="String" mode="IN" optional="false"/>
     </service>
     <service name="removeShoppingList" engine="simple" auth="true"
             location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="removeShoppingList">
         <description>Remove a shopping list entity</description>
+        <permission-service service-name="checkShoppingListSecurity" main-action="DELETE"/>
         <attribute name="shoppingListId" type="String" mode="IN" optional="false"/>
     </service>
+    <service name="checkShoppingListSecurity" engine="simple" auth="false"
+            location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="checkShoppingListSecurity">
+        <description>Checks security on a ShoppingList</description>
+        <implements service="permissionInterface"/>
+        <attribute name="partyId" type="String" mode="IN" optional="true"/>
+    </service>
     <service name="calculateShoppingListDeepTotalPrice" engine="simple" auth="true"
             location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="calculateShoppingListDeepTotalPrice">
         <description>Remove a shopping list entity</description>
@@ -112,6 +121,7 @@ under the License.
             location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="createShoppingListItem">
         <description>Create a shopping list item</description>
         <implements service="shoppingListItemInterface"/>
+        <permission-service service-name="checkShoppingListItemSecurity" main-action="CREATE"/>
         <attribute name="shoppingListId" type="String" mode="IN" optional="true"/>
         <attribute name="productStoreId" type="String" mode="INOUT" optional="true"/>
         <attribute name="productId" type="String" mode="IN" optional="false"/>
@@ -121,14 +131,23 @@ under the License.
             location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="updateShoppingListItem">
         <description>Update a shopping list item</description>
         <implements service="shoppingListItemInterface"/>
+        <permission-service service-name="checkShoppingListItemSecurity" main-action="UPDATE"/>
         <attribute name="shoppingListItemSeqId" type="String" mode="IN" optional="false"/>
     </service>
     <service name="removeShoppingListItem" engine="simple" auth="true"
             location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="removeShoppingListItem">
         <description>Remove a shopping list item</description>
+        <permission-service service-name="checkShoppingListItemSecurity" main-action="DELETE"/>
         <attribute name="shoppingListId" type="String" mode="IN" optional="false"/>
         <attribute name="shoppingListItemSeqId" type="String" mode="IN" optional="false"/>
     </service>
+    <service name="checkShoppingListItemSecurity" engine="simple" auth="false"
+            location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="checkShoppingListItemSecurity">
+        <description>Checks security on a ShoppingListItem</description>
+        <implements service="permissionInterface"/>
+        <attribute name="partyId" type="String" mode="IN" optional="true"/>
+        <attribute name="shoppingListId" type="String" mode="IN" optional="true"/>
+    </service>
     <service name="addSuggestionsToShoppingList" engine="simple" auth="true"
             location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="addSuggestionsToShoppingList">
         <description>Add suggestions to a shopping list</description>