svn commit: r504818 - in /ofbiz/trunk/applications/prod
Locked
 
|
Author: byersa
Date: Thu Feb 8 00:17:33 2007 New Revision: 504818 URL: http://svn.apache.org/viewvc?view=rev&rev=504818 Log: All commits related to adding a special permission requirement for Categories that are of the prodCatalogCategoryTypeId = PCCT_VIEW_ALLW and PCCT_PURCH_ALLW. Two fields, viewAllowPermReqd and purchaseAllowPermReqd were added to ProdCatalog entity and corresponding changes to the admin form. The "permission-service" approach to security was used for several services in CategoryServices.xml - addProductToCategory, updateProductToCategory, removeProductToCategory and addProductToCategories. A permission service, checkCategoryRelatedPermissionService, was added to CategoryServices.xml and the internal calls to the checkCategoryRelatedPermission method were taken out of those services. Modified: ofbiz/trunk/applications/product/config/ProductUiLabels.properties ofbiz/trunk/applications/product/data/ProductSecurityData.xml ofbiz/trunk/applications/product/entitydef/entitymodel.xml ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml ofbiz/trunk/applications/product/servicedef/services.xml ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml Modified: ofbiz/trunk/applications/product/config/ProductUiLabels.properties URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/config/ProductUiLabels.properties?view=diff&rev=504818&r1=504817&r2=504818 ============================================================================== --- ofbiz/trunk/applications/product/config/ProductUiLabels.properties (original) +++ ofbiz/trunk/applications/product/config/ProductUiLabels.properties Thu Feb 8 00:17:33 2007 @@ -370,6 +370,8 @@ ProductCategoryRollupChildCategories=Category Rollup : Child Categories ProductCategoryRollupParentCategories=Category Rollup : Parent Categories ProductCategorySelectCategoryAndEnterFromDate=Category (select Category and enter fromDate) +ProductCategoryViewAllowPermReqd=Permission required to add product to "ViewAllow" category +ProductCategoryPurchaseAllowPermReqd=Permission required to add product to "PurchaseAllow" category ProductCategoryWithNoParent=Categories With No Parent Categories ProductCategory_Id=Category [ID] ProductChangeWithoutProductCatalog=This cannot be changed without re-creating the Product Catalog. Modified: ofbiz/trunk/applications/product/data/ProductSecurityData.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/data/ProductSecurityData.xml?view=diff&rev=504818&r1=504817&r2=504818 ============================================================================== --- ofbiz/trunk/applications/product/data/ProductSecurityData.xml (original) +++ ofbiz/trunk/applications/product/data/ProductSecurityData.xml Thu Feb 8 00:17:33 2007 @@ -29,6 +29,8 @@ <SecurityPermission description="Limited Update operations in the Catalog Manager." permissionId="CATALOG_ROLE_UPDATE"/> <SecurityPermission description="Limited Delete operations in the Catalog Manager." permissionId="CATALOG_ROLE_DELETE"/> <SecurityPermission description="Permission required, in addition to other applicable permissions, to maintain product price information including prices, promotions, and price rules." permissionId="CATALOG_PRICE_MAINT"/> + <SecurityPermission description="Allow create/update of 'View Allow' in the Catalog Manager." permissionId="CATALOG_VIEW_ALLOW"/> + <SecurityPermission description="Allow create/update of 'Purchase Allow' in the Catalog Manager." permissionId="CATALOG_PURCHASE_ALLOW"/> <SecurityGroup description="Limited Catalog Admin group, has limited catalog permissions." groupId="CATALOGADMIN_LTD"/> <SecurityGroupPermission groupId="CATALOGADMIN_LTD" permissionId="CATALOG_VIEW"/> @@ -36,13 +38,21 @@ <SecurityGroupPermission groupId="CATALOGADMIN_LTD" permissionId="CATALOG_ROLE_UPDATE"/> <SecurityGroupPermission groupId="CATALOGADMIN_LTD" permissionId="CATALOG_ROLE_DELETE"/> <SecurityGroupPermission groupId="CATALOGADMIN_LTD" permissionId="OFBTOOLS_VIEW"/> + <SecurityGroupPermission groupId="CATALOGADMIN_LTD" permissionId="CATALOG_VIEW_ALLOW"/> + <SecurityGroupPermission groupId="CATALOGADMIN_LTD" permissionId="CATALOG_PURCHASE_ALLOW"/> <SecurityGroup description="Catalog Admin group, has all catalog permissions." groupId="CATALOGADMIN"/> <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_ADMIN"/> <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="OFBTOOLS_VIEW"/> + <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_VIEW_ALLOW"/> + <SecurityGroupPermission groupId="CATALOGADMIN" permissionId="CATALOG_PURCHASE_ALLOW"/> <SecurityGroupPermission groupId="FULLADMIN" permissionId="CATALOG_ADMIN"/> <SecurityGroupPermission groupId="FULLADMIN" permissionId="CATALOG_PRICE_MAINT"/> + <SecurityGroupPermission groupId="FULLADMIN" permissionId="CATALOG_VIEW_ALLOW"/> + <SecurityGroupPermission groupId="FULLADMIN" permissionId="CATALOG_PURCHASE_ALLOW"/> + <SecurityGroupPermission groupId="FLEXADMIN" permissionId="CATALOG_VIEW_ALLOW"/> + <SecurityGroupPermission groupId="FLEXADMIN" permissionId="CATALOG_PURCHASE_ALLOW"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="CATALOG_CREATE"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="CATALOG_DELETE"/> <SecurityGroupPermission groupId="FLEXADMIN" permissionId="CATALOG_UPDATE"/> Modified: ofbiz/trunk/applications/product/entitydef/entitymodel.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/entitydef/entitymodel.xml?view=diff&rev=504818&r1=504817&r2=504818 ============================================================================== --- ofbiz/trunk/applications/product/entitydef/entitymodel.xml (original) +++ ofbiz/trunk/applications/product/entitydef/entitymodel.xml Thu Feb 8 00:17:33 2007 @@ -63,6 +63,8 @@ <field name="headerLogo" type="url"></field> <field name="contentPathPrefix" type="long-varchar"></field> <field name="templatePathPrefix" type="long-varchar"></field> + <field name="viewAllowPermReqd" type="indicator"></field> + <field name="purchaseAllowPermReqd" type="indicator"></field> <prim-key field="prodCatalogId"/> </entity> <entity entity-name="ProdCatalogCategory" Modified: ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml?view=diff&rev=504818&r1=504817&r2=504818 ============================================================================== --- ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml (original) +++ ofbiz/trunk/applications/product/script/org/ofbiz/product/category/CategoryServices.xml Thu Feb 8 00:17:33 2007 @@ -109,11 +109,12 @@ <simple-method method-name="addProductToCategory" short-description="Add Product to Category"> <!-- note that the security semantics require the user to have the general admin permission, or the role limited permission and association with the category, not the product --> + <!-- <set value="addProductToCategory" field="callingMethodName"/> <set value="CREATE" field="checkAction"/> <call-simple-method method-name="checkCategoryRelatedPermission"/> <check-errors/> - + --> <make-value value-name="newEntity" entity-name="ProductCategoryMember"/> <set-pk-fields map-name="parameters" value-name="newEntity"/> <set-nonpk-fields map-name="parameters" value-name="newEntity"/> @@ -130,11 +131,13 @@ <iterate entry-name="category" list-name="parameters.categories"> <!-- note that the security semantics require the user to have the general admin permission, or the role limited permission and association with the category, not the product --> + <!-- <set field="productCategoryIdToCheck" from-field="category"/> <set field="callingMethodName" value="addProductToCategories"/> <set field="checkAction" value="CREATE"/> <call-simple-method method-name="checkCategoryRelatedPermission"/> <check-errors/> + --> <make-value value-name="newEntity" entity-name="ProductCategoryMember"/> <set field="newEntity.productCategoryId" from-field="category"/> @@ -173,10 +176,12 @@ <simple-method method-name="updateProductToCategory" short-description="Update Product to Category Application"> <!-- note that the security semantics require the user to have the general admin permission, or the role limited permission and association with the category, not the product --> + <!-- <set value="updateProductToCategory" field="callingMethodName"/> <set value="UPDATE" field="checkAction"/> <call-simple-method method-name="checkCategoryRelatedPermission"/> <check-errors/> + --> <make-value value-name="lookupPKMap" entity-name="ProductCategoryMember"/> <set-pk-fields map-name="parameters" value-name="lookupPKMap"/> @@ -187,10 +192,12 @@ <simple-method method-name="removeProductFromCategory" short-description="Remove Product From Category"> <!-- note that the security semantics require the user to have the general admin permission, or the role limited permission and association with the category, not the product --> + <!-- <set value="removeProductFromCategory" field="callingMethodName"/> <set value="DELETE" field="checkAction"/> <call-simple-method method-name="checkCategoryRelatedPermission"/> <check-errors/> + --> <!-- If the associated category was the primary category for the product, clear that field --> <entity-one entity-name="Product" value-name="product" auto-field-map="true"/> @@ -591,8 +598,106 @@ <then> <log level="verbose" message="Permission check failed, user does not have permission"/> <add-error><fail-message message="Security Error: to run ${callingMethodName} you must have the CATALOG_${checkAction} or CATALOG_ADMIN permission or have the CATALOG_ROLE_${checkAction} permission and be associated with a category containing this category."/></add-error> + <set field="hasPermission" type="Boolean" value="false"/> </then> </if> + </simple-method> + + <!-- a service verion of checkCategoryRelatedPermission, only with purchase/viewAllowPermReqd taken into account --> + <simple-method method-name="checkCategoryRelatedPermissionService" short-description="Check Product Category Related Permission"> + <set field="hasPermission" type="Boolean" value="true"/> + + <!-- Set up for a call to checkCategoryRelatedPermission below, but callingMethodName is needed sooner --> + <if-empty field-name="parameters.resourceDescription"> + <set field="callingMethodName" value="this operation"/> + <else> + <set field="callingMethodName" value="parameters.resourceDescription"/> + </else> + </if-empty> + <if-empty field-name="parameters.mainAction"> + <set field="checkAction" value="UPDATE"/> + <else> + <set field="checkAction" value="parameters.mainAction"/> + </else> + </if-empty> + + <!-- This service is set up to handle lists of categories or one category --> + <set field="productCategoryIdList" from-field="parameters.categories"/> + <if-empty field-name="productCategoryIdList" > + <set field="productCategoryIdList[]" from-field="parameters.productCategoryId"/> + </if-empty> + + <!-- Foreach category iterate thru its possible ProdCatalogCategory records --> + <iterate entry-name="productCategoryId" list-name="productCategoryIdList"> + <entity-and list-name="prodCatalogCategoryListRaw" entity-name="ProdCatalogCategory"> + <field-map field-name="productCategoryId"/> + </entity-and> + <filter-list-by-date list-name="prodCatalogCategoryListRaw" to-list-name="prodCatalogCategoryList"/> + <iterate entry-name="prodCatalogCategory" list-name="prodCatalogCategoryList"> + <!-- Only check for View/Purchase Allow instances --> + <if> + <condition> + <or> + <if-compare operator="equals" field-name="prodCatalogCategory.prodCatalogCategoryTypeId" value="PCCT_VIEW_ALLW"/> + <if-compare operator="equals" field-name="prodCatalogCategory.prodCatalogCategoryTypeId" value="PCCT_PURCH_ALLW"/> + </or> + </condition> + <then> + <set field="globalViewAllowPermReqd" value="N"/> + <set field="globalPurchaseAllowPermReqd" value="N"/> + + <!-- Do not do a permission check unless the ProdCatalog requires it --> + <entity-one entity-name="ProdCatalog" value-name="prodCatalog"> + <field-map field-name="prodCatalogId" env-name="prodCatalogCategory.prodCatalogId"/> + </entity-one> + <if-not-empty field-name="prodCatalog"> + <if-compare operator="equals" field-name="prodCatalog.viewAllowPermReqd" value="Y"> + <set field="globalViewAllowPermReqd" value="Y"/> + </if-compare> + <if-compare operator="equals" field-name="prodCatalog.purchaseAllowPermReqd" value="Y"> + <set field="globalPurchaseAllowPermReqd" value="Y"/> + </if-compare> + </if-not-empty> + <if-compare operator="equals" field-name="globalViewAllowPermReqd" value="Y" > + <if> + <condition> + <not> + <if-has-permission permission="CATALOG" action="_VIEW_ALLOW"/> + </not> + </condition> + <then> + <log level="verbose" message="Permission check failed, user does not have permission"/> + <set field="failMessage" value="Security Error: to run ${callingMethodName} you must have the CATALOG_VIEW_ALLOW permission."/> + <set field="hasPermission" type="Boolean" value="false"/> + </then> + </if> + </if-compare> + <if-compare operator="equals" field-name="globalPurchaseAllowPermReqd" value="Y" > + <if> + <condition> + <not> + <if-has-permission permission="CATALOG" action="_PURCHASE_ALLOW"/> + </not> + </condition> + <then> + <log level="verbose" message="Permission check failed, user does not have permission"/> + <set field="failMessage" value="Security Error: to run ${callingMethodName} you must have the CATALOG_PURCHASE_ALLOW permission."/> + <set field="hasPermission" type="Boolean" value="false"/> + </then> + </if> + </if-compare> + </then> + </if> + </iterate> + <!-- Do the "standard" permission checkq --> + <if-compare operator="equals" field-name="hasPermission" value="true" type="Boolean"> + <set field="productCategoryIdToCheck" from-field="productCategoryId"/> + <call-simple-method method-name="checkCategoryRelatedPermission"/> + </if-compare> + </iterate> + <field-to-result field-name="hasPermission"/> + <field-to-result field-name="failMessage"/> + </simple-method> <simple-method method-name="duplicateProductCategory" short-description="Duplicate a ProductCategory"> Modified: ofbiz/trunk/applications/product/servicedef/services.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/servicedef/services.xml?view=diff&rev=504818&r1=504817&r2=504818 ============================================================================== --- ofbiz/trunk/applications/product/servicedef/services.xml (original) +++ ofbiz/trunk/applications/product/servicedef/services.xml Thu Feb 8 00:17:33 2007 @@ -387,6 +387,7 @@ <service name="addProductToCategories" default-entity-name="ProductCategoryMember" engine="simple" location="org/ofbiz/product/category/CategoryServices.xml" invoke="addProductToCategories" auth="true"> <description>Add Product To Multiple Categories</description> + <permission-service service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/> <auto-attributes include="pk" mode="IN" optional="false"> <exclude field-name="productCategoryId"/> </auto-attributes> @@ -397,6 +398,7 @@ <service name="addProductToCategory" default-entity-name="ProductCategoryMember" engine="simple" location="org/ofbiz/product/category/CategoryServices.xml" invoke="addProductToCategory" auth="true"> <description>Add Product To Category</description> + <permission-service service-name="checkCategoryRelatedPermissionService" main-action="CREATE"/> <auto-attributes include="pk" mode="IN" optional="false"/> <auto-attributes include="nonpk" mode="IN" optional="true"/> <override name="fromDate" optional="true"/> @@ -404,12 +406,14 @@ <service name="updateProductToCategory" default-entity-name="ProductCategoryMember" engine="simple" location="org/ofbiz/product/category/CategoryServices.xml" invoke="updateProductToCategory" auth="true"> <description>Add Product To Category</description> + <permission-service service-name="checkCategoryRelatedPermissionService" main-action="UPDATE"/> <auto-attributes include="pk" mode="IN" optional="false"/> <auto-attributes include="nonpk" mode="IN" optional="true"/> </service> <service name="removeProductFromCategory" default-entity-name="ProductCategoryMember" engine="simple" location="org/ofbiz/product/category/CategoryServices.xml" invoke="removeProductFromCategory" auth="true"> <description>Remove Product From Category</description> + <permission-service service-name="checkCategoryRelatedPermissionService" main-action="DELETE"/> <auto-attributes include="pk" mode="IN" optional="false"/> </service> @@ -991,4 +995,11 @@ <auto-attributes entity-name="CommunicationEventProduct" include="pk" mode="IN" optional="false"/> </service> + <!-- Permission Services --> + <service name="checkCategoryRelatedPermissionService" engine="simple" + location="org/ofbiz/product/category/CategoryServices.xml" invoke="checkCategoryRelatedPermissionService"> + <implements service="permissionInterface"/> + <attribute type="String" mode="IN" name="productCategoryId" optional="true"/> + <attribute type="List" mode="IN" name="categories" optional="true"/> + </service> </services> Modified: ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml?view=diff&rev=504818&r1=504817&r2=504818 ============================================================================== --- ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml (original) +++ ofbiz/trunk/applications/product/webapp/catalog/catalog/ProdCatalogForms.xml Thu Feb 8 00:17:33 2007 @@ -44,6 +44,13 @@ <field name="contentPathPrefix" title="${uiLabelMap.ProductContentPathPrefix}" tooltip="${uiLabelMap.ProductPrependedImageContentPaths}"><text size="60" maxlength="250"/></field> <field name="templatePathPrefix" title="${uiLabelMap.ProductTemplatePathPrefix}" tooltip="${uiLabelMap.ProductPrependedTemplatePaths}"><text size="60" maxlength="250"/></field> + <field name="viewAllowPermReqd" title="${uiLabelMap.ProductCategoryViewAllowPermReqd}" widget-style="selectBox"> + <drop-down allow-empty="false" no-current-selected-key="N"><option key="Y" description="${uiLabelMap.CommonY}"/><option key="N" description="${uiLabelMap.CommonN}"/></drop-down> + </field> + <field name="purchaseAllowPermReqd" title="${uiLabelMap.ProductCategoryPurchaseAllowPermReqd}" widget-style="selectBox"> + <drop-down allow-empty="false" no-current-selected-key="N"><option key="Y" description="${uiLabelMap.CommonY}"/><option key="N" description="${uiLabelMap.CommonN}"/></drop-down> + </field> + <field name="submitButton" title="${uiLabelMap.CommonUpdate}" widget-style="smallSubmit"><submit button-type="button"/></field> </form> <form name="AddProdCatalogToParty" type="single" |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |