Author: ashish
Date: Fri Feb 15 07:03:44 2008
New Revision: 628079
URL:
http://svn.apache.org/viewvc?rev=628079&view=revLog:
Applied patch from JIRA Issue # 1647
Logged in party is not able to update its own status (disable his profile)
Thanks Mridul for your patch.
Modified:
ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml
ofbiz/trunk/applications/party/servicedef/services.xml
Modified: ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml?rev=628079&r1=628078&r2=628079&view=diff==============================================================================
--- ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml (original)
+++ ofbiz/trunk/applications/party/script/org/ofbiz/party/party/PartyPermissionServices.xml Fri Feb 15 07:03:44 2008
@@ -69,10 +69,20 @@
<!-- ============== Additional Permission Checking ============= -->
- <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions -->
+ <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
+ user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions -->
<simple-method method-name="partyStatusPermissionCheck" short-description="Party status permission logic">
- <set field="altPermission" value="PARTYMGR_STS"/>
- <call-simple-method method-name="basePermissionCheck"/>
+ <set field="hasPermission" type="Boolean" value="false"/>
+ <if-not-empty field-name="parameters.partyId">
+ <if-compare-field field-name="parameters.partyId" operator="equals" to-field-name="userLogin.partyId">
+ <set field="hasPermission" type="Boolean" value="true"/>
+ <field-to-result field-name="hasPermission"/>
+ </if-compare-field>
+ </if-not-empty>
+ <if-compare field-name="hasPermission" operator="not-equals" value="true">
+ <set field="altPermission" value="PARTYMGR_STS"/>
+ <call-simple-method method-name="basePermissionCheck"/>
+ </if-compare>
</simple-method>
<!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR
Modified: ofbiz/trunk/applications/party/servicedef/services.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/applications/party/servicedef/services.xml?rev=628079&r1=628078&r2=628079&view=diff==============================================================================
--- ofbiz/trunk/applications/party/servicedef/services.xml (original)
+++ ofbiz/trunk/applications/party/servicedef/services.xml Fri Feb 15 07:03:44 2008
@@ -930,10 +930,11 @@
<service name="partyStatusPermissionCheck" engine="simple"
location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyStatusPermissionCheck">
<description>
- Performs a party status security check. The user must have one of the base PARTYMGR or
- PARTYMGR_STS CRUD+ADMIN permissions.
+ Performs a party status security check. The userLogin partyId must equal the partyId parameter OR
+ the user must have one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions.
</description>
<implements service="permissionInterface"/>
+ <attribute name="partyId" type="String" mode="IN" optional="true"/>
</service>
<service name="partyGroupPermissionCheck" engine="simple"
location="component://party/script/org/ofbiz/party/party/PartyPermissionServices.xml" invoke="partyGroupPermissionCheck">
Locked
