svn commit: r691962 - in /ofbiz/trunk/applications/order: script/org/ofbiz/order/request/CustRequestServices.xml servicedef/services_request.xml

Author: jacopoc
Date: Thu Sep  4 04:06:05 2008
New Revision: 691962

URL: http://svn.apache.org/viewvc?rev=691962&view=rev
Log:
Migrated permission control for cust request creation to the new permission framework based on services.

Modified:
    ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml
    ofbiz/trunk/applications/order/servicedef/services_request.xml

Modified: ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml?rev=691962&r1=691961&r2=691962&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml (original)
+++ ofbiz/trunk/applications/order/script/org/ofbiz/order/request/CustRequestServices.xml Thu Sep  4 04:06:05 2008
@@ -20,20 +20,35 @@
 
 <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="http://ofbiz.apache.org/dtds/simple-methods.xsd">
-    <simple-method method-name="createCustRequest" short-description="Create Customer Request">
+    <simple-method method-name="custRequestPermissionCheck" short-description="Cust Request Permission Check">
         <if>
             <condition>
                 <and>
                     <not><if-empty field="parameters.fromPartyId"/></not>
                     <not><if-compare-field field="parameters.fromPartyId" to-field="userLogin.partyId" operator="equals"/></not>
-                    <not><if-has-permission permission="ORDERMGR" action="_CRQ_CREATE"/></not>
                 </and>
             </condition>
             <then>
-                <add-error><fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateCustRequest"/></add-error>
+                <set field="primaryPermission" value="ORDERMGR_CRQ"/>
+                <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/script/org/ofbiz/common/permission/CommonPermissionServices.xml"/>
+                <if-compare field="hasPermission" operator="not-equals" value="true">
+                    <set field="resourceDescription" from-field="parameters.resourceDescription"/>
+                    <if-empty field="resourceDescription">
+                        <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field-name="resourceDescription"/>
+                    </if-empty>
+                    <property-to-field resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateCustRequest" field-name="failMessage"/>
+                    <set field="hasPermission" type="Boolean" value="false"/>
+                    <field-to-result field-name="failMessage"/>
+                </if-compare>
             </then>
+            <else>
+                <set field="hasPermission" type="Boolean" value="true"/>
+            </else>
         </if>
-        <check-errors/>
+        <field-to-result field-name="hasPermission"/>
+    </simple-method>
+
+    <simple-method method-name="createCustRequest" short-description="Create Customer Request">
         <make-value value-name="newEntity" entity-name="CustRequest"/>
         <set-nonpk-fields map-name="parameters" value-name="newEntity"/>
         
@@ -47,7 +62,6 @@
             <set field="newEntity.custRequestDate" from-field="nowTimestamp"/>
         </if-empty>
 
-        
         <if-empty field="parameters.statusId">
             <set value="CRQ_SUBMITTED" field="newEntity.statusId"/>
         </if-empty>

Modified: ofbiz/trunk/applications/order/servicedef/services_request.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/servicedef/services_request.xml?rev=691962&r1=691961&r2=691962&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/servicedef/services_request.xml (original)
+++ ofbiz/trunk/applications/order/servicedef/services_request.xml Thu Sep  4 04:06:05 2008
@@ -25,9 +25,18 @@
     <version>1.0</version>
 
     <!-- Customer Request Services -->
+    <service name="custRequestPermissionCheck" engine="simple"
+            location="org/ofbiz/order/request/CustRequestServices.xml" invoke="custRequestPermissionCheck">
+        <description>
+            Performs a security check for CustRequest. The user, if enters a request for someone else,
+            must have one of the base ORDERMGR_CRQ CRUD+ADMIN permissions.
+        </description>
+        <implements service="permissionInterface"/>
+    </service>
     <service name="createCustRequest" engine="simple" default-entity-name="CustRequest"
             location="org/ofbiz/order/request/CustRequestServices.xml" invoke="createCustRequest" auth="true">
         <description>Create a custRequest record and optionally create a custRequest item.</description>
+        <permission-service service-name="custRequestPermissionCheck" main-action="CREATE"/>
         <auto-attributes include="nonpk" mode="IN" optional="true"/>
         <auto-attributes include="pk" mode="INOUT" optional="true"/>
         <auto-attributes include="all" mode="IN" entity-name="CustRequestItem" optional="true"/>