OFBiz › OFBiz - Commits

svn commit: r589144 - in /ofbiz/trunk/applications/party: config/ script/org/ofbiz/party/contact/ script/org/ofbiz/party/party/ servicedef/ src/org/ofbiz/party/party/

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

adrianc

svn commit: r589144 - in /ofbiz/trunk/applications/party: config/ script/org/ofbiz/party/contact/ script/org/ofbiz/party/party/ servicedef/ src/org/ofbiz/party/party/

Author: adrianc
Date: Sat Oct 27 09:16:25 2007
New Revision: 589144

URL: http://svn.apache.org/viewvc?rev=589144&view=rev
Log:
Moved Party Manager embedded permission checking to new permission checking service.

Some important notes about this commit:

1. This commit changes some of the Party Manager permission checking behavior. The previous extended permission checks (PARTYMGR_CME, PARTYMGR_GRP, PARTYMGR_PCM, PARTYMGR_QAL, PARTYMGR_REL, PARTYMGR_ROLE, PARTYMGR_STS, PARTYMGR_SRC) only checked those permissions, and not the base (PARTYMGR) permission. This commit checks both sets of permissions - PARTYMGR and PARTYMGR_xxx. Example: to create a party relationship the following permissions would be checked - PARTYMGR_CREATE, PARTYMGR_ADMIN, PARTYMGR_REL_CREATE, PARTYMGR_REL_ADMIN.

This change was discussed on the dev ml - http://mail-archives.apache.org/mod_mbox/ofbiz-dev/200710.mbox/%3c47150A51.6080908@...%3e

2. There are a number of security holes in the Party Manager services - some services have no permission checking. I didn't attempt to fix those issues in this commit because I believe they should be discussed on the mailing list first.

3. This commit adds a new error message property (PartyPermissionErrorPartyId) to the PartyUiLabels.properties file. In the international copies of that file I copied an existing error message to the new property - international users should update their versions by replacing "this operation" with "${resourceDescription}".

4. Some of the Party Manager services have not been converted to the new permission checking service - communication events for example. I ran out of time.

Added:
ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml
Modified:
ofbiz/trunk/applications/party/config/PartyUiLabels.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_es.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_fr.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_it.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_nl.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_pt_PT.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_ro.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_ru.properties
ofbiz/trunk/applications/party/config/PartyUiLabels_zh.properties
ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/ContactMechServices.xml
ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/PartyContactMechServices.xml
ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyServices.xml
ofbiz/trunk/applications/party/servicedef/services.xml
ofbiz/trunk/applications/party/servicedef/services_view.xml
ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyHelper.java
ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels.properties Sat Oct 27 09:16:25 2007
@@ -401,6 +401,7 @@
PartyPartyFrom=Party From
PartyPartyOfTheRoleParty=of the current party in the role of
PartyPartyId=Party ID
+PartyPartyIdMissing=Party ID missing
PartyPartyIDUserLoginID=PartyID/UserLoginID
PartyPartyInTheRoleOf=in the role of
PartyPartyNotDefined=Party not defined
@@ -423,6 +424,7 @@
PartyPermissionSecurityGroupWithId=Permissions for SecurityGroup with ID
PartyPermission=Permission
PartyPermissionErrorForThisParty=You do not have permission to perform this operation for this party. 
+PartyPermissionErrorPartyId=Security Error\: you do not have permission to perform ${resourceDescription} for this party.
PartyPermissionError=Security Error\: to run ${methodShortDescription} you must have the PARTYMGR${securityAction} or PARTYMGR_ADMIN permission

PartyPermissions=Permissions

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_es.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_es.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_es.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_es.properties Sat Oct 27 09:16:25 2007
@@ -291,6 +291,7 @@
PartyPermission=Permiso
PartyPermissionError=Error de seguridad: para acceder a esta funcionalidad debe contar con los permisos PARTYMGR_CREATE o PARTYMGR_ADMIN
PartyPermissionErrorForThisParty=Usted no cuenta con permisos para realizar esta acci\u00F3n
+PartyPermissionErrorPartyId=Usted no cuenta con permisos para realizar esta acci\u00F3n
PartyPermissionId=C\u00F3digo de permiso
PartyPermissionSecurityGroupWithId=Permisos para grupo de seguridad con c\u00F3digo
PartyPermissions=Permisos

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_fr.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_fr.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_fr.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_fr.properties Sat Oct 27 09:16:25 2007
@@ -282,6 +282,7 @@
PartyPermissionSecurityGroupWithId=Permission du groupe de s\u00e9curit\u00e9 avec l'ident.
PartyPermission=Autorisation
PartyPermissionErrorForThisParty=Vous n'avez pas la permission d'effectuer cette op\u00e9ration pour cet acteur.
+PartyPermissionErrorPartyId=Vous n'avez pas la permission d'effectuer cette op\u00e9ration pour cet acteur.
PartyPermissionId=Ident. autorisation
PartyPermissions=Autorisations
PartyPersonalInformation=Information personnelle

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_it.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_it.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_it.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_it.properties Sat Oct 27 09:16:25 2007
@@ -385,6 +385,7 @@
PartyPermissionSecurityGroupWithId=Permessi per Il Gruppo Sicurezza con Codice
PartyPermission=Permesso
PartyPermissionErrorForThisParty=Tu non sei autorizzato ad eseguire questa operazione per questo Soggetto. 
+PartyPermissionErrorPartyId=Tu non sei autorizzato ad eseguire questa operazione per questo Soggetto. 
PartyPermissionError=Errore Sicurezza \: per eseguire ${methodShortDescription} tu devi avere i permessi PARTYMGR${securityAction} o PARTYMGR_ADMIN

PartyPermissions=Permessi

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_nl.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_nl.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_nl.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_nl.properties Sat Oct 27 09:16:25 2007
@@ -380,6 +380,7 @@
PartyPermissionSecurityGroupWithId=Permissions for SecurityGroup with ID
PartyPermission=Permission
PartyPermissionErrorForThisParty=You do not have permission to perform this operation for this party. 
+PartyPermissionErrorPartyId=You do not have permission to perform this operation for this party. 
PartyPermissionError=Security Error\: to run ${methodShortDescription} you must have the PARTYMGR${securityAction} or PARTYMGR_ADMIN permission

PartyPermissions=Permissies

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_pt_PT.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_pt_PT.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_pt_PT.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_pt_PT.properties Sat Oct 27 09:16:25 2007
@@ -242,6 +242,7 @@
PartyPermissionSecurityGroupWithId=Permiss\u00f5es par Grupos de Seguran\u00e7a com Identifica\u00e7\u00e3o
PartyPermission=Permiss\u00e3o
PartyPermissionErrorForThisParty=Voc\u00ca n\u00e3o tem permiss\u00e3o para efectuar a opera\u00e7\u00e3o nesta sec\u00e7\u00e3o. 
+ PartyPermissionErrorPartyId=Voc\u00ca n\u00e3o tem permiss\u00e3o para efectuar a opera\u00e7\u00e3o nesta sec\u00e7\u00e3o. 
PartyPermissions=Permiss\u00f5es
PartyPermissionId=ID de Permiss\u00e3o
PartyPersonalInformation=Informa\u00e7\u00e3o Pessoal

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_ro.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_ro.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_ro.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_ro.properties Sat Oct 27 09:16:25 2007
@@ -387,6 +387,7 @@
PartyPermissionSecurityGroupWithId=Permise pentru Grupul De Siguranta cu Cod
PartyPermission=Permis
PartyPermissionErrorForThisParty=Tu nu esti autorizat sa executi aceasta operatie pentru acest Subiect. 
+PartyPermissionErrorPartyId=Tu nu esti autorizat sa executi aceasta operatie pentru acest Subiect. 
PartyPermissionError=EROARE De Siguranta \: pentru a executa ${methodShortDescription} trbuie sa ai permisul PARTYMGR${securityAction} sau PARTYMGR_ADMIN

PartyPermissions=Permis

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_ru.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_ru.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_ru.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_ru.properties Sat Oct 27 09:16:25 2007
@@ -1,4 +1,4 @@
- ###############################################################################
+###############################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -416,6 +416,7 @@
PartyPermissionSecurityGroupWithId=\u041f\u0440\u0430\u0432\u0430 \u0434\u043b\u044f \u0433\u0440\u0443\u043f\u043f\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441 \u043a\u043e\u0434\u043e\u043c
PartyPermission=\u041f\u0440\u0430\u0432\u0430
PartyPermissionErrorForThisParty=\u0423 \u0432\u0430\u0441 \u043d\u0435\u0442 \u043f\u0440\u0430\u0432 \u043d\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0441 \u044d\u0442\u0438\u043c \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u043c. 
+PartyPermissionErrorPartyId=\u0423 \u0432\u0430\u0441 \u043d\u0435\u0442 \u043f\u0440\u0430\u0432 \u043d\u0430 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0434\u0430\u043d\u043d\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0441 \u044d\u0442\u0438\u043c \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u043c. 
PartyPermissionError=\u041e\u0448\u0438\u0431\u043a\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430\: \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 ${methodShortDescription} \u0443 \u0432\u0430\u0441 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u043f\u0440\u0430\u0432\u0430 PARTYMGR${securityAction} \u0438\u043b\u0438 PARTYMGR_ADMIN

PartyPermissions=\u041f\u0440\u0430\u0432\u0430

Modified: ofbiz/trunk/applications/party/config/PartyUiLabels_zh.properties
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/config/PartyUiLabels_zh.properties?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/config/PartyUiLabels_zh.properties (original)
+++ ofbiz/trunk/applications/party/config/PartyUiLabels_zh.properties Sat Oct 27 09:16:25 2007
@@ -402,6 +402,7 @@
PartyPermissionSecurityGroupWithId=\u5b89\u5168\u7ec4\u7684\u6743\u9650\uff0c\u6807\u8bc6
PartyPermission=\u6743\u9650
PartyPermissionErrorForThisParty=\u4f60\u6ca1\u6709\u6743\u9650\u5bf9\u8fd9\u4e2a\u4f1a\u5458\u6267\u884c\u672c\u64cd\u4f5c\u3002 
+PartyPermissionErrorPartyId=\u4f60\u6ca1\u6709\u6743\u9650\u5bf9\u8fd9\u4e2a\u4f1a\u5458\u6267\u884c\u672c\u64cd\u4f5c\u3002 
PartyPermissionError=\u5b89\u5168\u9519\u8bef\: \u8981\u8fd0\u884c ${methodShortDescription}\uff0c\u4f60\u5fc5\u987b\u5177\u6709 PARTYMGR${securityAction} \u6216 PARTYMGR_ADMIN \u6743\u9650

PartyPermissions=\u6743\u9650

Modified: ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/ContactMechServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/ContactMechServices.xml?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/ContactMechServices.xml (original)
+++ ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/ContactMechServices.xml Sat Oct 27 09:16:25 2007
@@ -259,36 +259,21 @@


<simple-method method-name="createContactMechAttribute" short-description="createContactMechAttribute">
- <check-permission permission="PARTYMGR" action="_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyCreateAttributePermissionError"/>
- </check-permission>
- <check-errors/>
-
<make-value value-name="newEntity" entity-name="ContactMechAttribute"/>
<set-pk-fields map-name="parameters" value-name="newEntity"/>
<set-nonpk-fields map-name="parameters" value-name="newEntity"/>
-
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="updateContactMechAttribute" short-description="updateContactMechAttribute">
- <check-permission permission="PARTYMGR" action="_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyUpdateAttributePermissionError"/>
- </check-permission>
- <check-errors/>
-
<entity-one entity-name="ContactMechAttribute" value-name="lookedUpValue"/>
<set-nonpk-fields map-name="parameters" value-name="lookedUpValue"/>
<store-value value-name="lookedUpValue"/>
</simple-method>
<simple-method method-name="removeContactMechAttribute" short-description="removeContactMechAttribute">
- <check-permission permission="PARTYMGR" action="_DELETE">
- <fail-property resource="PartyUiLabels" property="PartyRemoveAttributePermissionError"/>
- </check-permission>
- <check-errors/>
-
<entity-one entity-name="ContactMechAttribute" value-name="lookedUpValue"/>
<remove-value value-name="lookedUpValue"/>
</simple-method>
+
<simple-method method-name="sendVerifyEmailAddressNotification" short-description="Send an email to the person for Verification of his Email Address" login-required="false">
<entity-condition entity-name="ProductStoreEmailSetting" list-name="productStoreEmailSettings">
<condition-list>

Modified: ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/PartyContactMechServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/PartyContactMechServices.xml?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/PartyContactMechServices.xml (original)
+++ ofbiz/trunk/applications/party/script/org/ofbiz/party/contact/PartyContactMechServices.xml Sat Oct 27 09:16:25 2007
@@ -26,12 +26,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="parameters.partyId" operator="not-equals" to-field-name="userLogin.partyId">
- <check-permission permission="PARTYMGR" action="_PCM_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>
- <check-errors/>

<if-empty map-name="parameters" field-name="contactMechId">
<set-service-fields service-name="createContactMech" map-name="parameters" to-map-name="createContactMechMap"/>
@@ -57,9 +51,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_UPDATE"><fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/></check-permission>
- </if-compare-field>


<make-value entity-name="PartyContactMech" value-name="partyContactMechMap"/>
@@ -124,12 +115,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_DELETE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>
- <check-errors/>

<make-value entity-name="PartyContactMech" value-name="partyContactMechMap"/>
<set-pk-fields value-name="partyContactMechMap" map-name="parameters"/>
@@ -150,12 +135,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>
- <check-errors/>

<set-service-fields service-name="createPostalAddress" map-name="parameters" to-map-name="createPostalAddressMap"/>
<call-service in-map-name="createPostalAddressMap" service-name="createPostalAddress">
@@ -180,12 +159,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>
- <check-errors/>

<set-service-fields service-name="updatePostalAddress" map-name="parameters" to-map-name="updatePostalAddressMap"/>
<call-service in-map-name="updatePostalAddressMap" service-name="updatePostalAddress">
@@ -208,12 +181,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>
- <check-errors/>

<log level="info" message="Creating telecom number"/>
<set-service-fields service-name="createTelecomNumber" map-name="parameters" to-map-name="createTelecomNumberMap"/>
@@ -239,12 +206,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>
- <check-errors/>

<set-service-fields service-name="updateTelecomNumber" map-name="parameters" to-map-name="updateTelecomNumberMap"/>
<call-service service-name="updateTelecomNumber" in-map-name="updateTelecomNumberMap">
@@ -269,11 +230,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>

<if-validate-method field-name="parameters.emailAddress" method="isEmail">
<else><add-error><fail-property resource="PartyUiLabels" property="PartyEmailAddressNotFormattedCorrectly"/></add-error></else>
@@ -294,11 +250,6 @@
<if-empty map-name="parameters" field-name="partyId">
<set field="parameters.partyId" from-field="userLogin.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_PCM_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>

<if-validate-method field-name="parameters.emailAddress" method="isEmail">
<else><add-error><fail-property resource="PartyUiLabels" property="PartyEmailAddressNotFormattedCorrectly"/></add-error></else>

Added: ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml?rev=589144&view=auto
==============================================================================
--- ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml (added)
+++ ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml Sat Oct 27 09:16:25 2007
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+
+<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
+
+ 
+
+ 
+ <simple-method method-name="basePermissionCheck" short-description="Party Manager base permission logic">
+ <set field="primaryPermission" value="PARTYMGR"/>
+ <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+ </simple-method>
+
+ 
+ <simple-method method-name="partyIdPermissionCheck" short-description="Party ID Permission Check">
+ <if-empty field-name="partyId">
+ <set field="partyId" from-field="parameters.partyId"/>
+ </if-empty>
+ <if>
+ <condition>
+ <and>
+ <not><if-empty field-name="partyId"/></not>
+ <not><if-empty field-name="userLogin.partyId"/></not>
+ <if-compare-field field-name="partyId" operator="equals" to-field-name="userLogin.partyId"/>
+ </and>
+ </condition>
+ <then>
+ <set field="hasPermission" type="Boolean" value="true"/>
+ </then>
+ <else>
+ <set field="resourceDescription" from-field="parameters.resourceDescription"/>
+ <if-empty field-name="resourceDescription">
+ <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field-name="resourceDescription"/>
+ </if-empty>
+ <property-to-field resource="PartyUiLabels" property="PartyPermissionErrorPartyId" field-name="failMessage"/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ <field-to-result field-name="failMessage"/>
+ </else>
+ </if>
+ <field-to-result field-name="hasPermission"/>
+ </simple-method>
+
+ 
+ <simple-method method-name="basePlusPartyIdPermissionCheck" short-description="Base Permission Plus Party ID Permission Check">
+ <call-simple-method method-name="basePermissionCheck"/>
+ <if-compare field-name="hasPermission" operator="not-equals" value="true">
+ <call-simple-method method-name="partyIdPermissionCheck"/>
+ </if-compare>
+ </simple-method>
+
+ 
+
+ 
+ <simple-method method-name="partyStatusPermissionCheck" short-description="Party status permission logic">
+ <set field="altPermission" value="PARTYMGR_STS"/>
+ <call-simple-method method-name="basePermissionCheck"/>
+ </simple-method>
+
+ 
+ <simple-method method-name="partyGroupPermissionCheck" short-description="Party group permission logic">
+ <set field="altPermission" value="PARTYMGR_GRP"/>
+ <call-simple-method method-name="basePlusPartyIdPermissionCheck"/>
+ </simple-method>
+
+ 
+ <simple-method method-name="partyDatasourcePermissionCheck" short-description="Party datasource permission logic">
+ <set field="altPermission" value="PARTYMGR_SRC"/>
+ <call-simple-method method-name="basePermissionCheck"/>
+ </simple-method>
+
+ 
+ <simple-method method-name="partyRolePermissionCheck" short-description="Party role permission logic">
+ <set field="altPermission" value="PARTYMGR_ROLE"/>
+ <call-simple-method method-name="basePlusPartyIdPermissionCheck"/>
+ </simple-method>
+
+ 
+ <simple-method method-name="partyRelationshipPermissionCheck" short-description="Party relationship permission logic">
+ <if-empty field-name="parameters.partyIdFrom">
+ <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/>
+ <set field="hasPermission" type="Boolean" value="true"/>
+ <field-to-result field-name="hasPermission"/>
+ <else>
+ <set field="altPermission" value="PARTYMGR_REL"/>
+ <call-simple-method method-name="basePermissionCheck"/>
+ </else>
+ </if-empty>
+ </simple-method>
+
+ 
+ <simple-method method-name="partyContactMechPermissionCheck" short-description="Party contact mech permission logic">
+ <if-empty map-name="parameters" field-name="partyId">
+ <set field="parameters.partyId" from-field="userLogin.partyId"/>
+ </if-empty>
+ <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
+ <set field="altPermission" value="PARTYMGR_PCM"/>
+ <call-simple-method method-name="basePermissionCheck"/>
+ </if-compare-field>
+ </simple-method>
+
+</simple-methods>

Modified: ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyServices.xml?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyServices.xml (original)
+++ ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyServices.xml Sat Oct 27 09:16:25 2007
@@ -24,12 +24,6 @@


<simple-method method-name="createPartyRole" short-description="Create Party Role">
- <check-permission permission="PARTYMGR" action="_ROLE_CREATE">
- <accept-userlogin-party/>
- <fail-property resource="PartyUiLabels" property="PartyCreatePartyRolePermissionError"/>
- </check-permission>
- <check-errors/>
-
<make-value value-name="partyRolePK" entity-name="PartyRole"/>
<set-pk-fields value-name="partyRolePK" map-name="parameters"/>
<find-by-primary-key entity-name="PartyRole" map-name="partyRolePK" value-name="partyRole"/>
@@ -41,11 +35,6 @@
</simple-method>

<simple-method method-name="deletePartyRole" short-description="Delete a PartyRole">
- <check-permission permission="PARTYMGR" action="_DELETE">
- <accept-userlogin-party/>
- <fail-property resource="PartyUiLabels" property="PartyDeletePartyRolePermissionError"/>
- </check-permission>
- <check-errors/>
<entity-one entity-name="PartyRole" value-name="partyRole"/>
<remove-value value-name="partyRole"/>
</simple-method>
@@ -190,25 +179,18 @@


<simple-method method-name="createPostalAddressBoundary" short-description="Create Postal Address Boundary">
- <check-permission permission="PARTYMGR" action="_CREATE"><fail-property resource="PartyUiLabels" property="PartyCreatePostalAddressBoundaryPermissionError"/></check-permission>
- <check-errors/>
<make-value entity-name="PostalAddressBoundary" value-name="newEntity"/>
<set-pk-fields map-name="parameters" value-name="newEntity"/>
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="deletePostalAddressBoundary" short-description="Delete a Postal Address Boundary">
- <check-permission permission="PARTYMGR" action="_DELETE"><fail-property resource="PartyUiLabels" property="PartyRemovePostalAddressBoundaryPermissionError"/></check-permission>
- <check-errors/>
<entity-one entity-name="PostalAddressBoundary" value-name="postalAddressBoundary"/>
<remove-value value-name="postalAddressBoundary"/>
</simple-method>
<simple-method method-name="getPostalAddressBoundary" short-description="Get Postal Address Boundary">
- <check-permission permission="PARTYMGR" action="_VIEW"><fail-property resource="PartyUiLabels" property="PartyViewPostalAddressBoundaryPermissionError"/></check-permission>
- <check-errors/>
<make-value entity-name="PostalAddressBoundary" value-name="postalAddressBoundaryLookupMap"/>
<set field="postalAddressBoundaryLookupMap.geoId" from-field="parameters.geoId"/>
<find-by-and entity-name="PostalAddressBoundary" map-name="postalAddressBoundaryLookupMap" list-name="postalAddressBoundaries"/>
-
<iterate list-name="postalAddressBoundaries" entry-name="postalAddressBoundary">
<get-related-one value-name="postalAddressBoundary" to-value-name="geo" relation-name="Geo"/>
<field-to-list field-name="geo" list-name="geos"/>
@@ -218,8 +200,6 @@


<simple-method method-name="createPartyClassification" short-description="create a PartyClassification">
- <check-permission permission="PARTYMGR" action="_CREATE"><fail-property resource="PartyUiLabels" property="PartyCreatePartyClassificationPermissionError"/></check-permission>
- <check-errors/>
<make-value entity-name="PartyClassification" value-name="newEntity"/>
<set-pk-fields map-name="parameters" value-name="newEntity"/>
<set-nonpk-fields map-name="parameters" value-name="newEntity"/>
@@ -227,23 +207,17 @@
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="updatePartyClassification" short-description="update a PartyClassification">
- <check-permission permission="PARTYMGR" action="_UPDATE"><fail-property resource="PartyUiLabels" property="PartyUpdatePartyClassificationPermissionError"/></check-permission>
- <check-errors/>
<entity-one entity-name="PartyClassification" value-name="lookedUpValue"/>
<set-nonpk-fields value-name="lookedUpValue" map-name="parameters"/>
<store-value value-name="lookedUpValue"/>
</simple-method>
<simple-method method-name="deletePartyClassification" short-description="delete a PartyClassification">
- <check-permission permission="PARTYMGR" action="_DELETE"><fail-property resource="PartyUiLabels" property="PartyRemovePartyClassificationPermissionError"/></check-permission>
- <check-errors/>
<entity-one entity-name="PartyClassification" value-name="lookedUpValue"/>
<remove-value value-name="lookedUpValue"/>
</simple-method>

<simple-method method-name="createPartyClassificationGroup" short-description="create a PartyClassificationGroup">
<log level="verbose" message="in newEntity" />
- <check-permission permission="PARTYMGR" action="_CREATE"><fail-property resource="PartyUiLabels" property="PartyCreatePartyClassificationGroupPermissionError"/></check-permission>
- <check-errors/>
<make-value entity-name="PartyClassificationGroup" value-name="newEntity"/>
<sequenced-id-to-env sequence-name="PartyClassificationGroup" env-name="newEntity.partyClassificationGroupId"/>
<field-to-result field-name="newEntity.partyClassificationGroupId" result-name="partyClassificationGroupId"/>
@@ -252,96 +226,54 @@
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="updatePartyClassificationGroup" short-description="update a PartyClassificationGroup">
- <check-permission permission="PARTYMGR" action="_UPDATE"><fail-property resource="PartyUiLabels" property="PartyUpdatePartyClassificationGroupPermissionError"/></check-permission>
- <check-errors/>
<entity-one entity-name="PartyClassificationGroup" value-name="lookedUpValue"/>
<set-nonpk-fields value-name="lookedUpValue" map-name="parameters"/>
<store-value value-name="lookedUpValue"/>
</simple-method>
<simple-method method-name="deletePartyClassificationGroup" short-description="delete a PartyClassificationGroup">
- <check-permission permission="PARTYMGR" action="_DELETE"><fail-property resource="PartyUiLabels" property="PartyRemovePartyClassificationGroupPermissionError"/></check-permission>
- <check-errors/>
<entity-one entity-name="PartyClassificationGroup" value-name="lookedUpValue"/>
<remove-value value-name="lookedUpValue"/>
</simple-method>


<simple-method method-name="createVendor" short-description="createVendor">
- <check-permission permission="PARTYMGR" action="_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyCreateVendorPermissionError"/>
- </check-permission>
- <check-errors/>
-
<make-value value-name="newEntity" entity-name="Vendor"/>
<set-pk-fields map-name="parameters" value-name="newEntity"/>
<set-nonpk-fields map-name="parameters" value-name="newEntity"/>
-
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="updateVendor" short-description="updateVendor">
- <check-permission permission="PARTYMGR" action="_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyUpdateVendorPermissionError"/>
- </check-permission>
- <check-errors/>
-
<entity-one entity-name="Vendor" value-name="lookedUpValue"/>
<set-nonpk-fields map-name="parameters" value-name="lookedUpValue"/>
<store-value value-name="lookedUpValue"/>
</simple-method>
<simple-method method-name="deleteVendor" short-description="deleteVendor">
- <check-permission permission="PARTYMGR" action="_DELETE">
- <fail-property resource="PartyUiLabels" property="PartyDeleteVendorPermissionError"/>
- </check-permission>
- <check-errors/>
-
<entity-one entity-name="Vendor" value-name="lookedUpValue"/>
<remove-value value-name="lookedUpValue"/>
</simple-method>


- <simple-method method-name="createPartyAttribute" short-description="cratePartyAttribute">
- <check-permission permission="PARTYMGR" action="_CREATE">
- <fail-property resource="PartyUiLabels" property="PartyCreateAttributePermissionError"/>
- </check-permission>
- <check-errors/>
-
+ <simple-method method-name="createPartyAttribute" short-description="createPartyAttribute">
<make-value value-name="newEntity" entity-name="PartyAttribute"/>
<set-pk-fields map-name="parameters" value-name="newEntity"/>
<set-nonpk-fields map-name="parameters" value-name="newEntity"/>
-
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="updatePartyAttribute" short-description="updatePartyAttribute">
- <check-permission permission="PARTYMGR" action="_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyUpdateAttributePermissionError"/>
- </check-permission>
- <check-errors/>
-
<entity-one entity-name="PartyAttribute" value-name="lookedUpValue"/>
<set-nonpk-fields map-name="parameters" value-name="lookedUpValue"/>
<store-value value-name="lookedUpValue"/>
</simple-method>
<simple-method method-name="removePartyAttribute" short-description="removePartyAttribute">
- <check-permission permission="PARTYMGR" action="_DELETE">
- <fail-property resource="PartyUiLabels" property="PartyRemoveAttributePermissionError"/>
- </check-permission>
- <check-errors/>
-
<entity-one entity-name="PartyAttribute" value-name="lookedUpValue"/>
<remove-value value-name="lookedUpValue"/>
</simple-method>


<simple-method method-name="setPartyProfileDefaults" short-description="Sets Party Profile Defaults">
- 
<if-empty map-name="parameters" field-name="partyId">
<set from-field="userLogin.partyId" field="parameters.partyId"/>
</if-empty>
- <if-compare-field field-name="partyId" map-name="parameters" to-map-name="userLogin" operator="not-equals">
- <check-permission permission="PARTYMGR" action="_UPDATE">
- <fail-property resource="PartyUiLabels" property="PartyPermissionErrorForThisParty"/>
- </check-permission>
- </if-compare-field>


<entity-one entity-name="PartyProfileDefault" value-name="partyProfileDefault"/>
@@ -763,17 +695,6 @@


<simple-method method-name="createPartyRelationship" short-description="createPartyRelationship">
- <if-empty field-name="parameters.partyIdFrom">
- <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/>
- <else>
- <check-permission permission="PARTYMGR_REL" action="_CREATE">
- <alt-permission permission="PARTYMGR" action="_CREATE"/>
- <fail-property resource="ServiceErrorUiLabels" property="serviceUtil.no_permission_to_operation"/>
- </check-permission>
- </else>
- </if-empty>
- <check-errors/>
-
<if-empty field-name="parameters.roleTypeIdFrom"><set field="parameters.roleTypeIdFrom" value="_NA_"/></if-empty>
<if-empty field-name="parameters.roleTypeIdTo"><set field="parameters.roleTypeIdTo" value="_NA_"/></if-empty>

@@ -786,17 +707,6 @@
<create-value value-name="newEntity"/>
</simple-method>
<simple-method method-name="updatePartyRelationship" short-description="updatePartyRelationship">
- <if-empty field-name="parameters.partyIdFrom">
- <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/>
- <else>
- <check-permission permission="PARTYMGR_REL" action="_UPDATE">
- <alt-permission permission="PARTYMGR" action="_UPDATE"/>
- <fail-property resource="ServiceErrorUiLabels" property="serviceUtil.no_permission_to_operation"/>
- </check-permission>
- </else>
- </if-empty>
- <check-errors/>
-
<if-empty field-name="parameters.roleTypeIdFrom"><set field="parameters.roleTypeIdFrom" value="_NA_"/></if-empty>
<if-empty field-name="parameters.roleTypeIdTo"><set field="parameters.roleTypeIdTo" value="_NA_"/></if-empty>

@@ -805,17 +715,6 @@
<store-value value-name="lookedUpValue"/>
</simple-method>
<simple-method method-name="deletePartyRelationship" short-description="deletePartyRelationship">
- <if-empty field-name="parameters.partyIdFrom">
- <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/>
- <else>
- <check-permission permission="PARTYMGR_REL" action="_DELETE">
- <alt-permission permission="PARTYMGR" action="_DELETE"/>
- <fail-property resource="ServiceErrorUiLabels" property="serviceUtil.no_permission_to_operation"/>
- </check-permission>
- </else>
- </if-empty>
- <check-errors/>
-
<if-empty field-name="parameters.roleTypeIdFrom"><set field="parameters.roleTypeIdFrom" value="_NA_"/></if-empty>
<if-empty field-name="parameters.roleTypeIdTo"><set field="parameters.roleTypeIdTo" value="_NA_"/></if-empty>

Modified: ofbiz/trunk/applications/party/servicedef/services.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/servicedef/services.xml?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/party/servicedef/services.xml Sat Oct 27 09:16:25 2007
@@ -28,18 +28,14 @@
<service name="createAddressMatchMap" engine="simple" default-entity-name="AddressMatchMap" auth="true"
location="org/ofbiz/party/party/PartyServices.xml" invoke="createAddressMatchMap">
<description>Create an AddressMatchMap record</description>
- <required-permissions join-type="AND">
- <check-permission permission="PARTYMGR" action="_CREATE"/>
- </required-permissions>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
</service>
<service name="importAddressMatchMapCsv" engine="java" auth="true"
location="org.ofbiz.party.party.PartyServices" invoke="importAddressMatchMapCsv">
<description>Import a CSV (name,value) of AddressMatchMap records</description>
- <required-permissions join-type="AND">
- <check-permission permission="PARTYMGR" action="_CREATE"/>
- </required-permissions>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<attribute name="uploadedFile" type="java.nio.ByteBuffer" mode="IN" optional="false"/>
<attribute name="_uploadedFile_fileName" type="String" mode="IN" optional="false"/>
<attribute name="_uploadedFile_contentType" type="String" mode="IN" optional="false"/>
@@ -47,17 +43,13 @@
<service name="removeAddressMatchMap" engine="simple" default-entity-name="AddressMatchMap" auth="true"
location="org/ofbiz/party/party/PartyServices.xml" invoke="deleteAddressMatchMap">
<description>Delete an AddressMatchMap record</description>
- <required-permissions join-type="AND">
- <check-permission permission="PARTYMGR" action="_DELETE"/>
- </required-permissions>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
</service>
<service name="clearAddressMatchMap" engine="simple" default-entity-name="AddressMatchMap" auth="true"
location="org/ofbiz/party/party/PartyServices.xml" invoke="clearAddressMatchMap">
<description>Delete an AddressMatchMap record</description>
- <required-permissions join-type="AND">
- <check-permission permission="PARTYMGR" action="_DELETE"/>
- </required-permissions>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
</service>

<service name="deleteParty" engine="java"
@@ -67,8 +59,9 @@
</service>
<service name="setPartyStatus" engine="java"
location="org.ofbiz.party.party.PartyServices" invoke="setPartyStatus" auth="true">
- <description>Set the party status. Requires PARTYMGR_STS_UPDATE permission. The change to statusId must be defined in StatusValidChange, otherwise
+ <description>Set the party status. Requires PARTYMGR_UPDATE or PARTYMGR_STS_UPDATE permission. The change to statusId must be defined in StatusValidChange, otherwise
this service will fail. The result is the original statusId, so that ECA conditions can check if a status has actually changed.</description>
+ <permission-service service-name="partyStatusPermissionCheck" main-action="UPDATE"/>
<attribute name="partyId" type="String" mode="IN" optional="false"/>
<attribute name="statusId" type="String" mode="IN" optional="false"/>
<attribute name="statusDate" type="Timestamp" mode="IN" optional="true"/>
@@ -97,6 +90,7 @@
<service name="updatePerson" engine="java" default-entity-name="Person"
location="org.ofbiz.party.party.PartyServices" invoke="updatePerson" auth="true">
<description>Update a Person</description>
+ <permission-service service-name="partyGroupPermissionCheck" main-action="UPDATE"/>
<auto-attributes mode="IN" include="pk" optional="true"></auto-attributes>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
<attribute name="preferredCurrencyUomId" type="String" mode="IN" optional="true"/>
@@ -117,6 +111,7 @@
<service name="updatePartyGroup" engine="java" default-entity-name="PartyGroup"
location="org.ofbiz.party.party.PartyServices" invoke="updatePartyGroup" auth="true">
<description>Update a PartyGroup</description>
+ <permission-service service-name="partyGroupPermissionCheck" main-action="UPDATE"/>
<auto-attributes mode="IN" include="pk" optional="true"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
<attribute name="description" type="String" mode="IN" optional="true"/>
@@ -162,6 +157,19 @@
<attribute name="siteVisitors" type="String" mode="IN" optional="true"/>
</service>

+ <service name="updateAffiliate" engine="java"
+ location="org.ofbiz.party.party.PartyServices" invoke="updateAffiliate" auth="true">
+ <description>Update an Affiliate</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="UPDATE"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
+ <attribute name="affiliateName" type="String" mode="IN"/>
+ <attribute name="affiliateDescription" type="String" mode="IN" optional="true"/>
+ <attribute name="yearEstablished" type="String" mode="IN" optional="true"/>
+ <attribute name="siteType" type="String" mode="IN" optional="true"/>
+ <attribute name="sitePageViews" type="String" mode="IN" optional="true"/>
+ <attribute name="siteVisitors" type="String" mode="IN" optional="true"/>
+ </service>
+
<service name="createPartyNote" engine="java"
location="org.ofbiz.party.party.PartyServices" invoke="createPartyNote" auth="true">
<description>Create a note item and associate with a party. If a noteId is passed, creates an assoication to that note instead.</description>
@@ -182,6 +190,7 @@
<service name="setPartyProfileDefaults" engine="simple"
location="org/ofbiz/party/party/PartyServices.xml" invoke="setPartyProfileDefaults" auth="true">
<description>Sets the party (customer) profile defaults</description>
+ <permission-service service-name="partyIdPermissionCheck" main-action="UPDATE"/>
<attribute name="productStoreId" type="String" mode="IN" optional="false"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
<attribute name="defaultShipAddr" type="String" mode="IN" optional="true"/>
@@ -192,18 +201,21 @@
<service name="createPartyAttribute" engine="simple" default-entity-name="PartyAttribute"
location="org/ofbiz/party/party/PartyServices.xml" invoke="createPartyAttribute" auth="true">
<description>create a party attribute record</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
<service name="updatePartyAttribute" engine="simple" default-entity-name="PartyAttribute"
location="org/ofbiz/party/party/PartyServices.xml" invoke="updatePartyAttribute" auth="true">
<description>updates a party attribute record</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
<service name="removePartyAttribute" engine="simple" default-entity-name="PartyAttribute"
location="org/ofbiz/party/party/PartyServices.xml" invoke="removePartyAttribute" auth="true">
<description>removes a party attribute record</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
</service>

@@ -219,6 +231,7 @@
location="org/ofbiz/party/party/PartyServices.xml" invoke="createPartyRole" auth="true">
<description>Create a Party Role (add a Role to a Party). The logged in user must have PARTYMGR_CREATE or have
permission to change the role of this partyId</description>
+ <permission-service service-name="partyRolePermissionCheck" main-action="CREATE"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
<attribute name="roleTypeId" type="String" mode="IN" optional="false"/>
</service>
@@ -226,6 +239,7 @@
location="org/ofbiz/party/party/PartyServices.xml" invoke="deletePartyRole" auth="true">
<description>Delete a Party Role (remove a Role from a Party). The logged in user must have PARTYMGR_DELETE or have
permission to change the role of this partyId</description>
+ <permission-service service-name="partyRolePermissionCheck" main-action="DELETE"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
<attribute name="roleTypeId" type="String" mode="IN" optional="false"/>
</service>
@@ -260,6 +274,7 @@
if roleTypeIds are not specified they will default to "_NA_".
If a partyIdFrom is passed in, it will be used if the userLogin has PARTYMGR_REL_CREATE permission.
</description>
+ <permission-service service-name="partyRelationshipPermissionCheck" main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="true"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="partyIdTo" optional="false"/>
@@ -272,6 +287,7 @@
if roleTypeIds are not specified they will default to "_NA_".
If a partyIdFrom is passed in, it will be used if the userLogin has PARTYMGR_REL_UPDATE permission.
</description>
+ <permission-service service-name="partyRelationshipPermissionCheck" main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
<override name="partyIdFrom" optional="true"/>
@@ -285,6 +301,7 @@
if partyIdFrom is not specified the partyId of the current userLogin will be used;
if roleTypeIds are not specified they will default to "_NA_".
</description>
+ <permission-service service-name="partyRelationshipPermissionCheck" main-action="DELETE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<override name="partyIdFrom" optional="true"/>
<override name="roleTypeIdFrom" optional="true"/>
@@ -310,6 +327,7 @@
<service name="createPartyContactMech" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="createPartyContactMech" auth="true">
<description>Create a PartyContactMech</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="CREATE"/>
<auto-attributes entity-name="ContactMech" include="nonpk" mode="IN" optional="true"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<attribute name="contactMechPurposeTypeId" type="String" mode="IN" optional="true"/>
@@ -325,6 +343,7 @@
<service name="updatePartyContactMech" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="updatePartyContactMech" auth="true">
<description>Update a PartyContactMech</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="UPDATE"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<attribute name="contactMechId" type="String" mode="INOUT" optional="false"/>
<attribute name="contactMechTypeId" type="String" mode="IN" optional="false"/>
@@ -334,6 +353,7 @@
<service name="deletePartyContactMech" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="deletePartyContactMech" auth="true">
<description>Delete a PartyContactMech</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="DELETE"/>
<attribute name="partyId" type="String" mode="IN" optional="true"/>
<attribute name="contactMechId" type="String" mode="IN" optional="false"/>
</service>
@@ -359,6 +379,7 @@
<service name="createPartyPostalAddress" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="createPartyPostalAddress" auth="true">
<description>Create a Postal Address</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="CREATE"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<auto-attributes entity-name="PostalAddress" include="nonpk" mode="IN" optional="true"/>
<attribute name="paymentMethodId" type="String" mode="IN" optional="true"/>
@@ -383,6 +404,7 @@
<service name="updatePartyPostalAddress" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="updatePartyPostalAddress" auth="true">
<description>Update a Postal Address</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="UPDATE"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<auto-attributes entity-name="PostalAddress" include="nonpk" mode="IN" optional="true"/>
<attribute name="contactMechId" type="String" mode="INOUT" optional="false"/>
@@ -400,6 +422,7 @@
<service name="createPartyTelecomNumber" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="createPartyTelecomNumber" auth="true">
<description>Create a Telecommunications Number</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="CREATE"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<auto-attributes entity-name="TelecomNumber" include="nonpk" mode="IN" optional="true"/>
<attribute name="contactMechPurposeTypeId" type="String" mode="IN" optional="true"/>
@@ -415,6 +438,7 @@
<service name="updatePartyTelecomNumber" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="updatePartyTelecomNumber" auth="true">
<description>Update a Telecommunications Number</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="UPDATE"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<auto-attributes entity-name="TelecomNumber" include="nonpk" mode="IN" optional="true"/>
<attribute name="contactMechId" type="String" mode="INOUT" optional="false"/>
@@ -430,6 +454,7 @@
<service name="createPartyEmailAddress" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="createPartyEmailAddress" auth="true">
<description>Create an Email Address</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="CREATE"/>
<auto-attributes entity-name="ContactMech" include="nonpk" mode="IN" optional="true"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<attribute name="contactMechPurposeTypeId" type="String" mode="IN" optional="true"/>
@@ -445,6 +470,7 @@
<service name="updatePartyEmailAddress" engine="simple"
location="org/ofbiz/party/contact/PartyContactMechServices.xml" invoke="updatePartyEmailAddress" auth="true">
<description>Update an Email Address</description>
+ <permission-service service-name="partyContactMechPermissionCheck" main-action="UPDATE"/>
<auto-attributes entity-name="PartyContactMech" include="all" mode="IN" optional="true"/>
<attribute name="contactMechId" type="String" mode="INOUT" optional="false"/> 
<attribute name="emailAddress" type="String" mode="IN" optional="false"/>
@@ -461,18 +487,21 @@
<service name="createContactMechAttribute" engine="simple" default-entity-name="ContactMechAttribute"
location="org/ofbiz/party/contact/ContactMechServices.xml" invoke="createContactMechAttribute" auth="true">
<description>create a contact mech attribute record</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
<service name="updateContactMechAttribute" engine="simple" default-entity-name="ContactMechAttribute"
location="org/ofbiz/party/contact/ContactMechServices.xml" invoke="updateContactMechAttribute" auth="true">
<description>updates a contact mech attribute record</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="UPDATE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
<auto-attributes include="nonpk" mode="IN" optional="true"/>
</service>
<service name="removeContactMechAttribute" engine="simple" default-entity-name="ContactMechAttribute"
location="org/ofbiz/party/contact/ContactMechServices.xml" invoke="removeContactMechAttribute" auth="true">
<description>removes a contact mech attribute record</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes include="pk" mode="IN" optional="false"/>
</service>

@@ -515,11 +544,13 @@
<service name="createPostalAddressBoundary" engine="simple" default-entity-name="PostalAddressBoundary"
location="org/ofbiz/party/party/PartyServices.xml" invoke="createPostalAddressBoundary">
<description>Create a Postal Address Boundary</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
</service>
<service name="deletePostalAddressBoundary" engine="simple" default-entity-name="PostalAddressBoundary"
location="org/ofbiz/party/party/PartyServices.xml" invoke="deletePostalAddressBoundary">
<description>Delete a Postal Address Boundary</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
</service>

@@ -527,6 +558,7 @@
<service name="createPartyClassification" engine="simple" default-entity-name="PartyClassification"
location="org/ofbiz/party/party/PartyServices.xml" invoke="createPartyClassification">
<description>create PartyClassification</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
<override name="fromDate" optional="true"/>
@@ -534,29 +566,34 @@
<service name="updatePartyClassification" engine="simple" default-entity-name="PartyClassification"
location="org/ofbiz/party/party/PartyServices.xml" invoke="updatePartyClassification">
<description>update PartyClassification</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="UPDATE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
</service>
<service name="deletePartyClassification" engine="simple" default-entity-name="PartyClassification"
location="org/ofbiz/party/party/PartyServices.xml" invoke="deletePartyClassification">
<description>delete PartyClassification</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
</service>
<service name="createPartyClassificationGroup" engine="simple" default-entity-name="PartyClassificationGroup"
location="org/ofbiz/party/party/PartyServices.xml" invoke="createPartyClassificationGroup">
<description>create PartyClassificationGroup</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes mode="OUT" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
</service>
<service name="updatePartyClassificationGroup" engine="simple" default-entity-name="PartyClassificationGroup"
location="org/ofbiz/party/party/PartyServices.xml" invoke="updatePartyClassificationGroup">
<description>update PartyClassificationGroup</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="UPDATE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
<auto-attributes mode="IN" include="nonpk" optional="true"/>
</service>
<service name="deletePartyClassificationGroup" engine="simple" default-entity-name="PartyClassificationGroup"
location="org/ofbiz/party/party/PartyServices.xml" invoke="deletePartyClassificationGroup">
<description>delete PartyClassificationGroup</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes mode="IN" include="pk" optional="false"/>
</service>

@@ -564,18 +601,21 @@
<service name="createVendor" engine="simple"
location="org/ofbiz/party/party/PartyServices.xml" invoke="createVendor" auth="true">
<description>Create Vendor Information</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="CREATE"/>
<auto-attributes entity-name="Vendor" include="pk" mode="IN" optional="false"/>
<auto-attributes entity-name="Vendor" include="nonpk" mode="IN" optional="true"/>
</service>
<service name="updateVendor" engine="simple"
location="org/ofbiz/party/party/PartyServices.xml" invoke="updateVendor" auth="true">
<description>Update Vendor Information</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="UPDATE"/>
<auto-attributes entity-name="Vendor" include="pk" mode="IN" optional="false"/>
<auto-attributes entity-name="Vendor" include="nonpk" mode="IN" optional="true"/>
</service>
<service name="deleteVendor" engine="simple"
location="org/ofbiz/party/party/PartyServices.xml" invoke="deleteVendor" auth="true">
<description>Remove Vendor Information</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="DELETE"/>
<auto-attributes entity-name="Vendor" include="pk" mode="IN" optional="false"/>
</service>

@@ -583,6 +623,7 @@
<service name="createPartyDataSource" engine="java"
location="org.ofbiz.party.party.PartyServices" invoke="createPartyDataSource" auth="true">
<description>Creates a relation between a Party and a DataSource using PartyDataSource. The userLogin must have PARTYMGR_SRC_CREATE permission.</description>
+ <permission-service service-name="partyDatasourcePermissionCheck" main-action="CREATE"/>
<attribute name="partyId" type="String" mode="IN" optional="false"/>
<attribute name="dataSourceId" type="String" mode="IN" optional="false"/>
<attribute name="fromDate" type="Timestamp" mode="IN" optional="true"/>
@@ -790,5 +831,77 @@
<service name="verifyEmailAddress" engine="simple"
location="org/ofbiz/party/contact/ContactMechServices.xml" invoke="verifyEmailAddress">
<attribute name="verifyHash" type="String" mode="IN" optional="false"/>
+ </service>
+
+ 
+ <service name="partyBasePermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="basePermissionCheck">
+ <description>
+ Performs a basic Party Manager security check. The user must have one of the base PARTYMGR
+ CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ </service>
+ <service name="partyIdPermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="basePlusPartyIdPermissionCheck">
+ <description>
+ Performs a party ID security check. The userLogin partyId must equal
+ the partyId parameter, or the logged-in user must have the correct permission
+ to perform the operation.
+ </description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
+ </service>
+ <service name="partyStatusPermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyStatusPermissionCheck">
+ <description>
+ Performs a party status security check. The user must have one of the base PARTYMGR or
+ PARTYMGR_STS CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ </service>
+ <service name="partyGroupPermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyGroupPermissionCheck">
+ <description>
+ Performs a party group security check. The userLogin partyId must equal the partyId parameter OR
+ the user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
+ </service>
+ <service name="partyDatasourcePermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyDatasourcePermissionCheck">
+ <description>
+ Performs a party datasource security check. The user must have one of the base PARTYMGR or
+ PARTYMGR_SRC CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ </service>
+ <service name="partyRolePermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyRolePermissionCheck">
+ <description>
+ Performs a party role security check. The user must have one of the base PARTYMGR or
+ PARTYMGR_ROLE CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="INOUT" optional="true"/>
+ </service>
+ <service name="partyRelationshipPermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyRelationshipPermissionCheck">
+ <description>
+ Performs a party relationship security check. The user must have one of the base PARTYMGR or
+ PARTYMGR_REL CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyIdFrom" type="String" mode="IN" optional="true"/>
+ </service>
+ <service name="partyContactMechPermissionCheck" engine="simple"
+ location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyContactMechPermissionCheck">
+ <description>
+ Performs a party contact mech security check. The userLogin partyId must equal the partyId parameter OR
+ the user must have one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions.
+ </description>
+ <implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
</service>
</services>

Modified: ofbiz/trunk/applications/party/servicedef/services_view.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/servicedef/services_view.xml?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/servicedef/services_view.xml (original)
+++ ofbiz/trunk/applications/party/servicedef/services_view.xml Sat Oct 27 09:16:25 2007
@@ -166,6 +166,7 @@
<service name="getPostalAddressBoundary" engine="simple"
location="org/ofbiz/party/party/PartyServices.xml" invoke="getPostalAddressBoundary">
<description>Get all Postal Address Boundaries</description>
+ <permission-service service-name="partyBasePermissionCheck" main-action="VIEW"/>
<attribute name="contactMechId" type="String" mode="IN" optional="false"/>
<attribute name="geos" type="java.util.List" mode="OUT" optional="true"/>
</service>

Modified: ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyHelper.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyHelper.java?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyHelper.java (original)
+++ ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyHelper.java Sat Oct 27 09:16:25 2007
@@ -19,13 +19,20 @@

package org.ofbiz.party.party;

+import java.util.Locale;
+import java.util.Map;
+
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilFormatOut;
import org.ofbiz.base.util.UtilMisc;
+import org.ofbiz.base.util.UtilProperties;
import org.ofbiz.entity.GenericDelegator;
import org.ofbiz.entity.GenericEntityException;
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.model.ModelEntity;
+import org.ofbiz.security.Security;
+import org.ofbiz.service.ModelService;
+import org.ofbiz.service.ServiceUtil;

/**
* PartyHelper

Modified: ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java?rev=589144&r1=589143&r2=589144&view=diff
==============================================================================
--- ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java (original)
+++ ofbiz/trunk/applications/party/src/org/ofbiz/party/party/PartyServices.java Sat Oct 27 09:16:25 2007
@@ -49,7 +49,6 @@
import org.ofbiz.entity.util.EntityListIterator;
import org.ofbiz.entity.util.EntityTypeUtil;
import org.ofbiz.entity.util.EntityUtil;
-import org.ofbiz.security.Security;
import org.ofbiz.service.DispatchContext;
import org.ofbiz.service.ModelService;
import org.ofbiz.service.ServiceUtil;
@@ -192,26 +191,19 @@

/**
* Sets a party status.
- * security check: userLogin must have permission PARTYMGR_STS_UPDATE and the status change must be defined in StatusValidChange.
+ * security check: the status change must be defined in StatusValidChange.
*/
public static Map setPartyStatus(DispatchContext ctx, Map context) {
- Map result = new HashMap();
GenericDelegator delegator = ctx.getDelegator();
- Security security = ctx.getSecurity();
- GenericValue userLogin = (GenericValue) context.get("userLogin");
Locale locale = (Locale) context.get("locale");

String partyId = (String) context.get("partyId");
String statusId = (String) context.get("statusId");
Timestamp statusDate = (Timestamp) context.get("statusDate");
- if (statusDate == null) statusDate = UtilDateTime.nowTimestamp();
-
- // userLogin must have PARTYMGR_STS_UPDATE. Also, we aren't letting userLogin with same partyId change his own status.
- if (!security.hasEntityPermission("PARTYMGR", "_STS_UPDATE", userLogin)) {
- String errorMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_operation", locale) + ".";
- Debug.logWarning(errorMsg, module);
- return ServiceUtil.returnError(errorMsg);
+ if (statusDate == null) {
+ statusDate = UtilDateTime.nowTimestamp();
}
+
try {
GenericValue party = delegator.findByPrimaryKey("Party", UtilMisc.toMap("partyId", partyId));

@@ -243,7 +235,6 @@

/**
* Updates a Person.
- * security check: userLogin partyId must equal partyId, or must have PARTYMGR_GRP_UPDATE permission.
* @param ctx The DispatchContext that this service is operating in.
* @param context Map containing the input parameters.
* @return Map with the result of the service, the output parameters.
@@ -251,14 +242,12 @@
public static Map updatePerson(DispatchContext ctx, Map context) {
Map result = new HashMap();
GenericDelegator delegator = ctx.getDelegator();
- Security security = ctx.getSecurity();
- GenericValue userLogin = (GenericValue) context.get("userLogin");
Locale locale = (Locale) context.get("locale");

- String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PARTYMGR", "_GRP_UPDATE");
-
- if (result.size() > 0)
- return result;
+ String partyId = getPartyId(context);
+ if (UtilValidate.isEmpty(partyId)) {
+ return ServiceUtil.returnError(UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.party_id_missing", locale));
+ }

GenericValue person = null;
GenericValue party = null;
@@ -406,22 +395,14 @@
public static Map updatePartyGroup(DispatchContext ctx, Map context) {
Map result = new HashMap();
GenericDelegator delegator = ctx.getDelegator();
- Security security = ctx.getSecurity();
- GenericValue userLogin = (GenericValue) context.get("userLogin");
-
- // get the party Id from context if party has permission to update groups, otherwise use getPartyIdCheckSecurity
- String partyId = null;
- if (security.hasEntityPermission("PARTYMGR", "_GRP_UPDATE", userLogin)) {
- partyId = (String) context.get("partyId");
- } else {
- partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PARTYMGR", "_UPDATE");
- }
Locale locale = (Locale) context.get("locale");
- String errMsg = null;

- if (result.size() > 0)
- return result;
+ String partyId = getPartyId(context);
+ if (UtilValidate.isEmpty(partyId)) {
+ return ServiceUtil.returnError(UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.party_id_missing", locale));
+ }

+ String errMsg = null;
GenericValue partyGroup = null;
GenericValue party = null;

@@ -466,16 +447,12 @@
public static Map createAffiliate(DispatchContext ctx, Map context) {
Map result = new HashMap();
GenericDelegator delegator = ctx.getDelegator();
- GenericValue userLogin = (GenericValue) context.get("userLogin");
Timestamp now = UtilDateTime.nowTimestamp();

- String partyId = (String) context.get("partyId");
Locale locale = (Locale) context.get("locale");
String errMsg = null;

- if (partyId == null || partyId.length() == 0) {
- partyId = userLogin.getString("partyId");
- }
+ String partyId = getPartyId(context);

// if specified partyId starts with a number, return an error
if (Character.isDigit(partyId.charAt(0))) {
@@ -540,24 +517,20 @@

/**
* Updates an Affiliate.
- * security check: userLogin partyId must equal partyId, or must have PARTYMGR_UPDATE permission.
* @param ctx The DispatchContext that this service is operating in.
* @param context Map containing the input parameters.
* @return Map with the result of the service, the output parameters.
*/
public static Map updateAffiliate(DispatchContext ctx, Map context) {
- Map result = new HashMap();
GenericDelegator delegator = ctx.getDelegator();
- Security security = ctx.getSecurity();
- GenericValue userLogin = (GenericValue) context.get("userLogin");
-
- String partyId = ServiceUtil.getPartyIdCheckSecurity(userLogin, security, context, result, "PARTYMGR", "_UPDATE");
Locale locale = (Locale) context.get("locale");
- String errMsg = null;

- if (result.size() > 0)
- return result;
+ String partyId = getPartyId(context);
+ if (UtilValidate.isEmpty(partyId)) {
+ return ServiceUtil.returnError(UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.party_id_missing", locale));
+ }

+ String errMsg = null;
GenericValue affiliate = null;

try {
@@ -931,9 +904,6 @@

public static Map createPartyDataSource(DispatchContext ctx, Map context) {
GenericDelegator delegator = ctx.getDelegator();
- Security security = ctx.getSecurity();
- GenericValue userLogin = (GenericValue) context.get("userLogin");
- Locale locale = (Locale) context.get("locale");

// input data
String partyId = (String) context.get("partyId");
@@ -941,11 +911,6 @@
Timestamp fromDate = (Timestamp) context.get("fromDate");
if (fromDate == null) fromDate = UtilDateTime.nowTimestamp();

- // userLogin must have PARTYMGR_SRC_CREATE permission
- if (!security.hasEntityPermission("PARTYMGR", "_SRC_CREATE", userLogin)) {
- String errorMsg = UtilProperties.getMessage(ServiceUtil.resource, "serviceUtil.no_permission_to_operation", locale) + ".";
- return ServiceUtil.returnError(errorMsg);
- }
try {
// validate the existance of party and dataSource
GenericValue party = delegator.findByPrimaryKey("Party", UtilMisc.toMap("partyId", partyId));
@@ -1677,5 +1642,16 @@
}

return ServiceUtil.returnSuccess();
+ }
+
+ public static String getPartyId(Map context) {
+ String partyId = (String) context.get("partyId");
+ if (UtilValidate.isEmpty(partyId)) {
+ GenericValue userLogin = (GenericValue) context.get("userLogin");
+ if (userLogin != null) {
+ partyId = userLogin.getString("partyId");
+ }
+ }
+ return partyId;
}
}