svn commit: r1813619 - in /ofbiz/ofbiz-framework/trunk/a
Locked
svn commit: r1813619 - in /ofbiz/ofbiz-framework/trunk/a
 
|
Author: arunpatidar
Date: Sat Oct 28 12:41:46 2017 New Revision: 1813619 URL: http://svn.apache.org/viewvc?rev=1813619&view=rev Log: IMPROVED: Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem. (OFBIZ-9763) Thanks Chinmay Patidar for your contribution. Modified: ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml Modified: ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml?rev=1813619&r1=1813618&r2=1813619&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml (original) +++ ofbiz/ofbiz-framework/trunk/applications/order/minilang/shoppinglist/ShoppingListServices.xml Sat Oct 28 12:41:46 2017 @@ -21,22 +21,6 @@ under the License. <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd"> <simple-method method-name="createShoppingList" short-description="Create a ShoppingList" login-required="false"> - <if> - <condition> - <and> - <not><if-empty field="userLogin"/></not> - <not><if-compare field="userLogin.userLoginId" operator="equals" value="anonymous"/></not> - <not><if-empty field="parameters.partyId"/></not> - <not><if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"/></not> - <not><if-has-permission permission="PARTYMGR" action="_CREATE"/></not> - </and> - </condition> - <then> - <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateShoppingListForAnotherParty"/></add-error> - </then> - </if> - <check-errors/> - <make-value entity-name="ShoppingList" value-field="newEntity"/> <set-nonpk-fields map="parameters" value-field="newEntity"/> @@ -74,11 +58,6 @@ under the License. <simple-method method-name="updateShoppingList" short-description="Update a ShoppingList"> <entity-one entity-name="ShoppingList" value-field="shoppingList"/> - <set field="parentMethodName" value="updateShoppingList"/> - <set field="permissionAction" value="UPDATE"/> - <call-simple-method method-name="checkShoppingListSecurity"/> - <check-errors/> - <set-nonpk-fields map="parameters" value-field="shoppingList"/> <!-- don't let auto-reorders be active unless there is some recurrence info --> @@ -105,11 +84,6 @@ under the License. <simple-method method-name="removeShoppingList" short-description="Remove a ShoppingList"> <entity-one entity-name="ShoppingList" value-field="shoppingList"/> - <set field="parentMethodName" value="removeShoppingList"/> - <set field="permissionAction" value="DELETE"/> - <call-simple-method method-name="checkShoppingListSecurity"/> - <check-errors/> - <remove-value value-field="shoppingList"/> </simple-method> @@ -122,19 +96,6 @@ under the License. <set field="parentMethodName" value="createShoppingListItem"/> <set field="permissionAction" value="CREATE"/> <entity-one entity-name="ShoppingList" value-field="shoppingList"/> - <if> - <condition> - <and> - <not><if-empty field="shoppingList.partyId"/></not> - <not><if-compare-field field="userLogin.partyId" to-field="shoppingList.partyId" operator="equals"/></not> - <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not> - </and> - </condition> - <then> - <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error> - </then> - </if> - <check-errors/> <entity-one entity-name="Product" value-field="product"/> <if-empty field="product"> @@ -169,11 +130,6 @@ under the License. </simple-method> <simple-method method-name="updateShoppingListItem" short-description="Update a ShoppingListItem"> - <set field="parentMethodName" value="updateShoppingListItem"/> - <set field="permissionAction" value="UPDATE"/> - <call-simple-method method-name="checkShoppingListItemSecurity"/> - <check-errors/> - <entity-one entity-name="ShoppingList" value-field="shoppingList"/> <entity-one entity-name="ShoppingListItem" value-field="shoppingListItem"/> <set-nonpk-fields map="parameters" value-field="shoppingListItem"/> @@ -186,11 +142,6 @@ under the License. </simple-method> <simple-method method-name="removeShoppingListItem" short-description="Remove a ShoppingListItem"> - <set field="parentMethodName" value="removeShoppingListItem"/> - <set field="permissionAction" value="DELETE"/> - <call-simple-method method-name="checkShoppingListItemSecurity"/> - <check-errors/> - <entity-one entity-name="ShoppingList" value-field="shoppingList"/> <entity-one entity-name="ShoppingListItem" value-field="shoppingListItem"/> <remove-value value-field="shoppingListItem"/> @@ -219,9 +170,13 @@ under the License. </simple-method> <simple-method method-name="calculateShoppingListDeepTotalPrice" short-description="Calculate Deep Total Price for a ShoppingList"> - <set field="parentMethodName" value="calculateShoppingListDeepTotalPrice"/> - <set field="permissionAction" value="VIEW"/> - <call-simple-method method-name="checkShoppingListItemSecurity"/> + <set-service-fields service-name="checkShoppingListItemSecurity" map="parameters" to-map="serviceInMap"/> + <call-service service-name="checkShoppingListItemSecurity" in-map-name="serviceInMap"> + <result-to-field result-name="hasPermission" field="hasPermission"/> + </call-service> + <if-compare field="hasPermission" operator="equals" value="false" type="Boolean"> + <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error> + </if-compare> <check-errors/> <set from-field="parameters.prodCatalogId" field="calcPriceInBaseMap.prodCatalogId"/> @@ -282,23 +237,33 @@ under the License. </simple-method> <simple-method method-name="checkShoppingListSecurity" short-description="Checks security on a ShoppingList"> + <set field="hasPermission" value="false" type="Boolean"/> <if> <condition> <and> - <not><if-compare-field to-field="shoppingList.partyId" field="userLogin.partyId" operator="equals"/></not> + <not><if-empty field="userLogin"/></not> + <not><if-compare field="userLogin.userLoginId" operator="equals" value="anonymous"/></not> + <not><if-empty field="parameters.partyId"/></not> + <not><if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"/></not> <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not> </and> </condition> <then> <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error> </then> + <else> + <set field="hasPermission" value="true" type="Boolean"/> + </else> </if> + <field-to-result field="hasPermission"/> </simple-method> <simple-method method-name="checkShoppingListItemSecurity" short-description="Checks security on a ShoppingListItem"> + <set field="hasPermission" value="false" type="Boolean"/> <entity-one entity-name="ShoppingList" value-field="shoppingList"/> <if> <condition> <and> + <not><if-empty field="shoppingList.partyId"/></not> <not><if-compare-field field="userLogin.partyId" to-field="shoppingList.partyId" operator="equals"/></not> <not><if-has-permission permission="PARTYMGR" action="_${permissionAction}"/></not> </and> @@ -306,7 +271,11 @@ under the License. <then> <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunForAnotherParty"/></add-error> </then> + <else> + <set field="hasPermission" value="true" type="Boolean"/> + </else> </if> + <field-to-result field="hasPermission"/> </simple-method> <simple-method method-name="addSuggestionsToShoppingList" short-description="Add suggestions to a shopping list"> <!-- first check the ProductStore.enableAutoSuggestionList indicator --> Modified: ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml?rev=1813619&r1=1813618&r2=1813619&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml (original) +++ ofbiz/ofbiz-framework/trunk/applications/order/servicedef/services_shoppinglist.xml Sat Oct 28 12:41:46 2017 @@ -35,6 +35,7 @@ under the License. <description>Create a shopping list entity</description> <implements service="createShoppingListRecurrence"/> <implements service="shoppingListInterface"/> + <permission-service service-name="checkShoppingListSecurity" main-action="CREATE"/> <attribute name="shoppingListId" type="String" mode="OUT" optional="false"/> </service> <service name="updateShoppingList" engine="simple" auth="true" @@ -42,13 +43,21 @@ under the License. <description>Update a shopping list entity</description> <implements service="createShoppingListRecurrence"/> <implements service="shoppingListInterface"/> + <permission-service service-name="checkShoppingListSecurity" main-action="UPDATE"/> <attribute name="shoppingListId" type="String" mode="IN" optional="false"/> </service> <service name="removeShoppingList" engine="simple" auth="true" location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="removeShoppingList"> <description>Remove a shopping list entity</description> + <permission-service service-name="checkShoppingListSecurity" main-action="DELETE"/> <attribute name="shoppingListId" type="String" mode="IN" optional="false"/> </service> + <service name="checkShoppingListSecurity" engine="simple" auth="false" + location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="checkShoppingListSecurity"> + <description>Checks security on a ShoppingList</description> + <implements service="permissionInterface"/> + <attribute name="partyId" type="String" mode="IN" optional="true"/> + </service> <service name="calculateShoppingListDeepTotalPrice" engine="simple" auth="true" location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="calculateShoppingListDeepTotalPrice"> <description>Remove a shopping list entity</description> @@ -112,6 +121,7 @@ under the License. location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="createShoppingListItem"> <description>Create a shopping list item</description> <implements service="shoppingListItemInterface"/> + <permission-service service-name="checkShoppingListItemSecurity" main-action="CREATE"/> <attribute name="shoppingListId" type="String" mode="IN" optional="true"/> <attribute name="productStoreId" type="String" mode="INOUT" optional="true"/> <attribute name="productId" type="String" mode="IN" optional="false"/> @@ -121,14 +131,23 @@ under the License. location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="updateShoppingListItem"> <description>Update a shopping list item</description> <implements service="shoppingListItemInterface"/> + <permission-service service-name="checkShoppingListItemSecurity" main-action="UPDATE"/> <attribute name="shoppingListItemSeqId" type="String" mode="IN" optional="false"/> </service> <service name="removeShoppingListItem" engine="simple" auth="true" location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="removeShoppingListItem"> <description>Remove a shopping list item</description> + <permission-service service-name="checkShoppingListItemSecurity" main-action="DELETE"/> <attribute name="shoppingListId" type="String" mode="IN" optional="false"/> <attribute name="shoppingListItemSeqId" type="String" mode="IN" optional="false"/> </service> + <service name="checkShoppingListItemSecurity" engine="simple" auth="false" + location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="checkShoppingListItemSecurity"> + <description>Checks security on a ShoppingListItem</description> + <implements service="permissionInterface"/> + <attribute name="partyId" type="String" mode="IN" optional="true"/> + <attribute name="shoppingListId" type="String" mode="IN" optional="true"/> + </service> <service name="addSuggestionsToShoppingList" engine="simple" auth="true" location="component://order/minilang/shoppinglist/ShoppingListServices.xml" invoke="addSuggestionsToShoppingList"> <description>Add suggestions to a shopping list</description> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |