Hello:

How does the security API handle something like ability to view calendar entries for your “team” members? I understand that one would either extend OFBizSecurity or implement one’s own version, but I can’t see how the only relevant function (hasRolePermission) would handle it. I feel that other functions with additional parameters may be required.

To further clarify my questions, let’s use a simple data model example. Assume teams are parties and team members are associated with their teams through PartyRelationships (partyRelationshipTypeId is GROUP_ROLLUP, partyIdFrom is team, partyIdTo is member). Further assume partyA and partyB are both part of teamOne, and they are allowed to view each team member’s calendar. If partyA is logged in and wants to view partyB’s calendar, I expect to use a class that extends OFBizSecurity to handle this data model along with call to something like hasRolePermission. But it doesn’t seem to have enough arguments. I can write another function but that defeats the whole purpose of security API.

I also read Data Driven Security (http://ofbizwiki.go-integral.com/Wiki.jsp?page=DataDrivenSecurity) in wiki. The entity it uses ContentPurposeOperation does not seem to be part of the standard security data model. As far as I can tell, there are only 3 entities part of this model (OrderRole, FacilityRole, MarketingCampaignRole). What am I missing?

Thanks in advance.

Vinay Agarwal