http://ofbiz.116.s1.nabble.com/Re-svn-commit-r575113-in-ofbiz-trunk-specialpurpose-assetmaint-data-data-AssetMaintSecurityData-xml-l-tp183613p183617.html
The concept is to have the component use its own permissions - not the accounting permissions. So,
the AssetMaintSecurityData.xml file should NOT contain any ACCOUNTING_xxx permissions. Also, the
ASSETMAINT_ADMIN permission grants permission to ALL operations, so there is no need to combine it
> Adrian,
> I am looking at it. Just got the basic permission data added.
>
> Regards
> Anil Patel
>
>
> Adrian Crum wrote:
>
>> Did you get it to work? David is supposed to be looking at this to
>> help me debug it.
>>
>>
[hidden email] wrote:
>>
>>> Author: apatel
>>> Date: Wed Sep 12 15:47:44 2007
>>> New Revision: 575113
>>>
>>> URL:
http://svn.apache.org/viewvc?rev=575113&view=rev>>> Log:
>>> Applying patch from Adrian with some improvements. Thanks Adrian.
>>>
>>> Added:
>>> ofbiz/trunk/specialpurpose/assetmaint/data/
>>>
>>> ofbiz/trunk/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
>>> ofbiz/trunk/specialpurpose/assetmaint/servicedef/secas.xml
>>> Modified:
>>> ofbiz/trunk/specialpurpose/assetmaint/ofbiz-component.xml
>>>
>>> ofbiz/trunk/specialpurpose/assetmaint/script/org/ofbiz/assetmaint/FixedAssetMaintEvents.xml
>>>
>>> ofbiz/trunk/specialpurpose/assetmaint/servicedef/services.xml
>>>
>>> Added:
>>> ofbiz/trunk/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
>>> URL:
>>>
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml?rev=575113&view=auto
>>>
>>> ==============================================================================
>>>
>>> ---
>>> ofbiz/trunk/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
>>> (added)
>>> +++
>>> ofbiz/trunk/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
>>> Wed Sep 12 15:47:44 2007
>>> @@ -0,0 +1,40 @@
>>> +<?xml version="1.0" encoding="UTF-8"?>
>>> +<!--
>>> +Licensed to the Apache Software Foundation (ASF) under one
>>> +or more contributor license agreements. See the NOTICE file
>>> +distributed with this work for additional information
>>> +regarding copyright ownership. The ASF licenses this file
>>> +to you under the Apache License, Version 2.0 (the
>>> +"License"); you may not use this file except in compliance
>>> +with the License. You may obtain a copy of the License at
>>> +
>>> +
http://www.apache.org/licenses/LICENSE-2.0>>> +
>>> +Unless required by applicable law or agreed to in writing,
>>> +software distributed under the License is distributed on an
>>> +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>> +KIND, either express or implied. See the License for the
>>> +specific language governing permissions and limitations
>>> +under the License.
>>> +-->
>>> +<entity-engine-xml>
>>> + <!-- Asset Maintenance security -->
>>> + <SecurityPermission description="ALL Asset Maintenance
>>> operations." permissionId="ASSETMAINT_ADMIN"/>
>>> + <SecurityPermission description="Asset Maintenance View
>>> permission." permissionId="ASSETMAINT_VIEW"/>
>>> + <SecurityPermission description="Asset Maintenance Create
>>> operations." permissionId="ASSETMAINT_CREATE"/>
>>> + <SecurityPermission description="Asset Maintenance Update
>>> operations." permissionId="ASSETMAINT_UPDATE"/>
>>> + <SecurityPermission description="Asset Maintenance Delete
>>> operations." permissionId="ASSETMAINT_DELETE"/>
>>> +
>>> + <SecurityGroup description="Asset Maintenance Admin group, has
>>> all maintenance permissions." groupId="ASSETMAINTADMIN"/>
>>> + <SecurityGroup description="Asset Maintenance Technician group,
>>> has view and update." groupId="ASSETMAINTTECH"/>
>>> +
>>> + <SecurityGroupPermission groupId="ASSETMAINTADMIN"
>>> permissionId="ACCOUNTING_CREATE"/>
>>> + <SecurityGroupPermission groupId="ASSETMAINTADMIN"
>>> permissionId="ASSETMAINT_ADMIN"/>
>>> + <SecurityGroupPermission groupId="ASSETMAINTADMIN"
>>> permissionId="ASSETMAINT_VIEW"/>
>>> +
>>> + <SecurityGroupPermission groupId="ASSETMAINTTECH"
>>> permissionId="ASSETMAINT_VIEW"/>
>>> + <SecurityGroupPermission groupId="ASSETMAINTTECH"
>>> permissionId="ASSETMAINT_UPDATE"/>
>>> + <SecurityGroupPermission groupId="ASSETMAINTTECH"
>>> permissionId="ACCOUNTING_UPDATE"/>
>>> + + <SecurityGroupPermission groupId="FULLADMIN"
>>> permissionId="ASSETMAINT_ADMIN"/>
>>> +</entity-engine-xml>
>>>
>>> Modified: ofbiz/trunk/specialpurpose/assetmaint/ofbiz-component.xml
>>> URL:
>>>
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/assetmaint/ofbiz-component.xml?rev=575113&r1=575112&r2=575113&view=diff
>>>
>>> ==============================================================================
>>>
>>> --- ofbiz/trunk/specialpurpose/assetmaint/ofbiz-component.xml (original)
>>> +++ ofbiz/trunk/specialpurpose/assetmaint/ofbiz-component.xml Wed Sep
>>> 12 15:47:44 2007
>>> @@ -37,13 +37,13 @@
>>>
>>> <!-- service resources: model(s), eca(s) and group definitions -->
>>> <service-resource type="model" loader="main"
>>> location="servicedef/services.xml"/>
>>> -
>>> + <service-resource type="eca" loader="main"
>>> location="servicedef/secas.xml"/>
>>>
>>> <webapp name="assetmaint"
>>> title="AssetMaint"
>>> server="default-server"
>>> location="webapp/assetmaint"
>>> - base-permission="OFBTOOLS"
>>> + base-permission="ASSETMAINT"
>>> mount-point="/assetmaint"
>>> - app-bar-display="false"/>
>>> + app-bar-display="true"/>
>>> </ofbiz-component>
>>>
>>> Modified:
>>> ofbiz/trunk/specialpurpose/assetmaint/script/org/ofbiz/assetmaint/FixedAssetMaintEvents.xml
>>>
>>> URL:
>>>
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/assetmaint/script/org/ofbiz/assetmaint/FixedAssetMaintEvents.xml?rev=575113&r1=575112&r2=575113&view=diff
>>>
>>> ==============================================================================
>>>
>>> ---
>>> ofbiz/trunk/specialpurpose/assetmaint/script/org/ofbiz/assetmaint/FixedAssetMaintEvents.xml
>>> (original)
>>> +++
>>> ofbiz/trunk/specialpurpose/assetmaint/script/org/ofbiz/assetmaint/FixedAssetMaintEvents.xml
>>> Wed Sep 12 15:47:44 2007
>>> @@ -68,5 +68,27 @@
>>> <call-service service-name="createWorkEffortAndAssoc"
>>> in-map-name="createWorkEffortAndAssocCtx"/>
>>> <check-errors/>
>>> </simple-method> +
>>> + <!-- ==============Permission Checking Service============= -->
>>> + <simple-method method-name="assetMaintPermissionCheck"
>>> short-description="Asset Maintenance permission logic">
>>> + <if-has-permission permission="ASSETMAINT_ADMIN">
>>> + <set field="hasPermission" type="Boolean" value="true"/>
>>> + <else>
>>> + <if-has-permission permission="ASSETMAINT"
>>> action="_${parameters.mainAction}">
>>> + <set field="hasPermission" type="Boolean"
>>> value="true"/>
>>> + <else>
>>> + <set field="hasPermission" type="Boolean"
>>> value="false"/>
>>> + <set field="failMessage" value="Security
>>> Error: you must have one of the following permissions:
>>> + ACCOUNTING_${parameters.mainAction},
>>> ACCOUNTING_ROLE_${parameters.mainAction}, ACCOUNTING_ADMIN,
>>> ASSETMAINT_${parameters.mainAction}, ASSETMAINT_ADMIN"/>
>>> + <field-to-result field-name="failMessage"/>
>>> + </else>
>>> + </if-has-permission>
>>> + </else>
>>> + </if-has-permission>
>>> + <field-to-result field-name="hasPermission"/>
>>> + <log level="info" message="assetMaintPermissionCheck ran"/>
>>> + <log level="info" message="hasPermission = ${hasPermission}"/>
>>> + </simple-method>
>>> +
>>> </simple-methods>
>>> - \ No newline at end of file
>>> + Added: ofbiz/trunk/specialpurpose/assetmaint/servicedef/secas.xml
>>> URL:
>>>
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/assetmaint/servicedef/secas.xml?rev=575113&view=auto
>>>
>>> ==============================================================================
>>>
>>> --- ofbiz/trunk/specialpurpose/assetmaint/servicedef/secas.xml (added)
>>> +++ ofbiz/trunk/specialpurpose/assetmaint/servicedef/secas.xml Wed
>>> Sep 12 15:47:44 2007
>>> @@ -0,0 +1,30 @@
>>> +<?xml version="1.0" encoding="UTF-8"?>
>>> +<!--
>>> +Licensed to the Apache Software Foundation (ASF) under one
>>> +or more contributor license agreements. See the NOTICE file
>>> +distributed with this work for additional information
>>> +regarding copyright ownership. The ASF licenses this file
>>> +to you under the Apache License, Version 2.0 (the
>>> +"License"); you may not use this file except in compliance
>>> +with the License. You may obtain a copy of the License at
>>> +
>>> +
http://www.apache.org/licenses/LICENSE-2.0>>> +
>>> +Unless required by applicable law or agreed to in writing,
>>> +software distributed under the License is distributed on an
>>> +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>>> +KIND, either express or implied. See the License for the
>>> +specific language governing permissions and limitations
>>> +under the License.
>>> +-->
>>> +
>>> +<service-eca xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
>>> +
>>> xsi:noNamespaceSchemaLocation="
http://ofbiz.apache.org/dtds/service-eca.xsd">
>>>
>>> +
>>> + <!-- ECAs used to extend service permission checking -->
>>> + <eca service="fixedAssetPermissionCheck" event="return"
>>> run-on-failure="true" run-on-error="true">
>>> + <condition field-name="hasPermission" operator="equals"
>>> value="false" type="Boolean"/>
>>> + <action service="assetMaintPermissionCheck" mode="sync"/>
>>> + </eca>
>>> +
>>> +</service-eca>
>>>
>>> Modified: ofbiz/trunk/specialpurpose/assetmaint/servicedef/services.xml
>>> URL:
>>>
http://svn.apache.org/viewvc/ofbiz/trunk/specialpurpose/assetmaint/servicedef/services.xml?rev=575113&r1=575112&r2=575113&view=diff
>>>
>>> ==============================================================================
>>>
>>> --- ofbiz/trunk/specialpurpose/assetmaint/servicedef/services.xml
>>> (original)
>>> +++ ofbiz/trunk/specialpurpose/assetmaint/servicedef/services.xml Wed
>>> Sep 12 15:47:44 2007
>>> @@ -31,4 +31,9 @@
>>> <attribute type="String" mode="IN" name="facilityId"
>>> optional="false"/>
>>> </service>
>>> + <service name="assetMaintPermissionCheck" engine="simple"
>>> +
>>> location="component://assetmaint/script/org/ofbiz/assetmaint/FixedAssetMaintEvents.xml"
>>> invoke="assetMaintPermissionCheck">
>>> + <description>Asset Maintentance Permission Checking
>>> Logic</description>
>>> + <implements service="permissionInterface"/>
>>> + </service>
>>> </services>
>>>
>>>
>>>
>