Extending the service model to specify more complex permissions using permission service ----------------------------------------------------------------------------------------
Key: OFBIZ-3632 URL: https://issues.apache.org/jira/browse/OFBIZ-3632 Project: OFBiz Issue Type: Improvement Components: framework, product Reporter: Vikas Mayur Priority: Minor Fix For: SVN trunk At present <permission-service> in the service definition allows only one permission service. I have extended the <required-permissions> tag to specify more then one permission services by doing an AND/OR operation. For instance the following code in service definition {code} <required-permissions join-type="AND"> <permission-service service-name="facilityGenericPermission" main-action="CREATE"/> <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> </required-permissions> {code} will replace the following code in service implementation. {code} <check-permission permission="FACILITY" action="_CREATE"> <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or FACILITY_ADMIN permission"/> </check-permission> <check-permission permission="FACILITY" action="_UPDATE"> <fail-message message="Security Error: to run setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or FACILITY_ADMIN permission"/> </check-permission> {code} Similarly the code {code} <required-permissions join-type="OR"> <permission-service service-name="facilityGenericPermission" main-action="CREATE"/> <permission-service service-name="facilityGenericPermission" main-action="UPDATE"/> </required-permissions> {code} will replace {code} <check-permission permission="FACILITY" action="_CREATE"> <alt-permission permission="FACILITY" action="_UPDATE"/> <fail-message message="Security Error: to run createShipmentItem you must have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/> </check-permission> <check-errors/> The patch also contains additional changes where the permission service is defined in the service definition. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.