svn commit: r930543 - in /ofbiz/trunk/applications/prod
Locked
 
|
Author: mor
Date: Sat Apr 3 17:01:29 2010 New Revision: 930543 URL: http://svn.apache.org/viewvc?rev=930543&view=rev Log: Moved permission checking logic to service definition. This commit also fix a bad security permission check on updateQuantityBreak and deleteQuantityBreak services. Modified: ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml ofbiz/trunk/applications/product/servicedef/services_shipment.xml Modified: ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml?rev=930543&r1=930542&r2=930543&view=diff ============================================================================== --- ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml (original) +++ ofbiz/trunk/applications/product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml Sat Apr 3 17:01:29 2010 @@ -430,11 +430,6 @@ under the License. </simple-method> <simple-method method-name="cancelOrderItemIssuanceFromSalesShipment" short-description="Cancel an ItemIssuance quantity from Sales Shipment"> - <set value="Cancel Order Item Issuance from Sales Shipment" field="operationName"/> - <check-permission permission="FACILITY" action="_UPDATE"> - <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/> - </check-permission> - <!-- get ItemIssuance and related entities--> <entity-one entity-name="ItemIssuance" value-field="itemIssuance"/> <get-related-one value-field="itemIssuance" relation-name="OrderHeader" to-value-field="orderHeader"/> Modified: ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml?rev=930543&r1=930542&r2=930543&view=diff ============================================================================== --- ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml (original) +++ ofbiz/trunk/applications/product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml Sat Apr 3 17:01:29 2010 @@ -1845,13 +1845,6 @@ under the License. </simple-method> <simple-method method-name="removeOrderShipmentFromShipment" short-description="Delete an OrderShipment and updates the ShipmentItem"> - <set value="Delete OrderShipment entry" field="operationName"/> - <check-permission permission="FACILITY" action="_CREATE"> - <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/> - </check-permission> - <check-permission permission="FACILITY" action="_UPDATE"> - <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/> - </check-permission> <make-value entity-name="OrderShipment" value-field="lookupPk"/> <set-pk-fields value-field="lookupPk" map="parameters"/> <find-by-primary-key entity-name="OrderShipment" map="lookupPk" value-field="orderShipment"/> @@ -1892,14 +1885,6 @@ under the License. <!-- for a given order item and quantity it creates (or updates if already exists) an --> <!-- entry in the ShipmentPlan. --> <simple-method method-name="addOrderShipmentToShipment" short-description="Add or update a ShipmentPlan entry"> - <set value="Put Ordered Quantity to Shipment Plan" field="operationName"/> - <check-permission permission="FACILITY" action="_CREATE"> - <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/> - </check-permission> - <check-permission permission="FACILITY" action="_UPDATE"> - <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/> - </check-permission> - <!-- if quantity is greater than 0 we add or update the ShipmentPlan --> <if-compare field="parameters.quantity" operator="greater" value="0" type="BigDecimal"> @@ -1989,11 +1974,6 @@ under the License. </simple-method> <simple-method method-name="checkCancelItemIssuanceAndOrderShipmentFromShipment" short-description="Check Shipment Items and Cancel Item Issuance and Order Shipment"> - <set value="Cancel Item Issuance and Order Shipment from a Sales Shipment" field="operationName"/> - <check-permission permission="FACILITY" action="_UPDATE"> - <fail-message message="Security Error: to run ${operationName} you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/> - </check-permission> - <entity-and entity-name="OrderShipment" list="orderShipmentList"> <field-map field-name="shipmentId" from-field="parameters.shipmentId"/> </entity-and> @@ -2015,10 +1995,6 @@ under the License. <!-- QuantityBreak services --> <!-- create a new QuantityBreak --> <simple-method method-name="createQuantityBreak" short-description="Create a QuoteAttribute"> - <check-permission permission="FACILITY" action="_CREATE"> - <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunCreateQuantityBreak"/> - </check-permission> - <check-errors/> <make-value value-field="quantityBreak" entity-name="QuantityBreak"/> <set-nonpk-fields map="parameters" value-field="quantityBreak"/> <sequenced-id sequence-name="QuantityBreak" field="quantityBreak.quantityBreakId"/> @@ -2028,10 +2004,6 @@ under the License. <!-- update an existing QuantityBreak --> <simple-method method-name="updateQuantityBreak" short-description="Update an existing QuantityBreak"> - <check-permission permission="FACILITY" action="_CREATE"> - <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunUpdateQuantityBreak"/> - </check-permission> - <check-errors/> <entity-one entity-name="QuantityBreak" value-field="quantityBreak" auto-field-map="true"/> <check-errors/> <set-nonpk-fields map="parameters" value-field="quantityBreak"/> @@ -2041,10 +2013,6 @@ under the License. <!-- remove an existing QuantityBreak --> <simple-method method-name="deleteQuantityBreak" short-description="Remove an existing QuantityBreak"> - <check-permission permission="FACILITY" action="_CREATE"> - <fail-property resource="OrderErrorUiLabels" property="OrderSecurityErrorToRunRemoveQuantityBreak"/> - </check-permission> - <check-errors/> <entity-one entity-name="QuantityBreak" value-field="quantityBreak" auto-field-map="true"/> <check-errors/> <remove-value value-field="quantityBreak"/> Modified: ofbiz/trunk/applications/product/servicedef/services_shipment.xml URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/product/servicedef/services_shipment.xml?rev=930543&r1=930542&r2=930543&view=diff ============================================================================== --- ofbiz/trunk/applications/product/servicedef/services_shipment.xml (original) +++ ofbiz/trunk/applications/product/servicedef/services_shipment.xml Sat Apr 3 17:01:29 2010 @@ -211,6 +211,7 @@ under the License. <service name="checkCancelItemIssuanceAndOrderShipmentFromShipment" engine="simple" location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="checkCancelItemIssuanceAndOrderShipmentFromShipment" auth="true"> <description>Check Shipment Items and cancel Item Issuance and Order Shipment</description> + <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> <attribute name="shipmentId" type="String" mode="IN" optional="false"/> </service> <service name="quickDropShipOrder" engine="simple" @@ -473,6 +474,7 @@ under the License. <service name="cancelOrderItemIssuanceFromSalesShipment" engine="simple" location="component://product/script/org/ofbiz/shipment/issuance/IssuanceServices.xml" invoke="cancelOrderItemIssuanceFromSalesShipment" auth="true"> <description>Cancel an ItemIssuance from Sales Shipment</description> + <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> <attribute name="itemIssuanceId" type="String" mode="IN" optional="false"/> <attribute name="cancelQuantity" type="BigDecimal" mode="IN" optional="true"/> <attribute name="canceledQuantity" type="BigDecimal" mode="OUT" optional="false"/> @@ -694,6 +696,10 @@ under the License. <service name="addOrderShipmentToShipment" engine="simple" default-entity-name="OrderShipment" location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="addOrderShipmentToShipment" auth="true"> <description>Add an OrderShipment and a ShipmentItem - only for sales orders</description> + <required-permissions join-type="AND"> + <permission-service service-name="facilityGenericPermission" main-action="CREATE"/> + <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> + </required-permissions> <auto-attributes include="pk" mode="IN" optional="false"/> <auto-attributes include="nonpk" mode="IN" optional="false"/> <override name="shipmentItemSeqId" mode="IN" optional="true"/> @@ -701,6 +707,10 @@ under the License. <service name="removeOrderShipmentFromShipment" engine="simple" location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="removeOrderShipmentFromShipment" auth="true"> <description>Delete an OrderShipment and updates the ShipmentItem</description> + <required-permissions join-type="AND"> + <permission-service service-name="facilityGenericPermission" main-action="CREATE"/> + <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> + </required-permissions> <auto-attributes entity-name="OrderShipment" include="pk" mode="IN" optional="false"/> </service> <service name="getQuantityForShipment" engine="simple" default-entity-name="OrderItem" @@ -871,17 +881,20 @@ under the License. <service name="createQuantityBreak" engine="simple" location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="createQuantityBreak" auth="true"> <description>Create a QuantityBreak</description> + <permission-service service-name="facilityGenericPermission" main-action="CREATE"/> <auto-attributes entity-name="QuantityBreak" include="nonpk" mode="IN" optional="true"/> </service> <service name="updateQuantityBreak" engine="simple" location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="updateQuantityBreak" auth="true"> <description>Update a QuantityBreak</description> + <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> <auto-attributes entity-name="QuantityBreak" include="pk" mode="IN" optional="false"/> <auto-attributes entity-name="QuantityBreak" include="nonpk" mode="IN" optional="true"/> </service> <service name="deleteQuantityBreak" engine="simple" location="component://product/script/org/ofbiz/shipment/shipment/ShipmentServices.xml" invoke="deleteQuantityBreak" auth="true"> <description>Delete a QuantityBreak</description> + <permission-service service-name="facilityGenericPermission" main-action="DELETE"/> <auto-attributes entity-name="QuantityBreak" include="pk" mode="IN" optional="false"/> </service> |
«
Return to OFBiz - Commits
|
1 view|%1 views
| Free forum by Nabble | Edit this page |