CMS viewContentPermission

Tue, 29 May 2007 17:08:06 -0700 

Is there any reason why ContentPermission.viewContentPermission does not
need the same code as updateContentPermission that sets "checkId"? Below is
some code where I have added that code.

   <simple-method method-name="viewContentPermission"
short-description="Check user can view content">
       <!-- if called directly check the main permission -->
       <if-empty field-name="hasPermission">
           <set field="primaryPermission" value="CONTENTMGR"/>
           <set field="mainAction" value="VIEW"/>
           <call-simple-method method-name="genericBasePermissionCheck"

xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>
       </if-empty>

       <!-- check content role permission -->
       <set field="primaryPermission" value="CONTENTMGR_ROLE"/>
       <call-simple-method method-name="genericBasePermissionCheck"

xml-resource="org/ofbiz/common/permission/CommonPermissionServices.xml"/>

       <!-- must have the security permission to continue -->
       <if>
           <condition>
               <if-compare field-name="hasPermission" value="true"
type="Boolean" operator="equals"/>
           </condition>
           <then>
               <!-- if no operation is passed; we use the CONTENT_VIEW
operation -->
               <if-empty field-name="parameters.contentOperationId">
                   <set field="parameters.contentOperationId"
value="CONTENT_VIEW"/>
               </if-empty>

               <!-- I see a need to add this group -->
               <!-- contentId is required for update checking -->
               <if-empty field-name="contentId">
                   <set field="contentId" from-field="parameters.contentId
"/>
               </if-empty>
               <if-empty field-name="contentId">
                   <add-error><fail-message message="Content Permission
Service VIEW requires a contentId!"/></add-error>
               </if-empty>
               <check-errors/>

               <!-- grab the current requested content record -->
               <entity-one entity-name="Content" value-name="content">
                   <field-map field-name="contentId" env-name="contentId"/>
               </entity-one>

               <!-- check the operation security -->
               <set field="contentOperationId" from-field="
parameters.contentOperationId"/>
               <set field="content" from-field="content"/>
               <!-- I see a need to add this line -->
               <set field="checkId" from-field="contentId"/>
               <call-simple-method
method-name="checkContentOperationSecurity"/>
           </then>
       </if>
   </simple-method>

-Al

Reply via email to