[jira] Commented: (OFBIZ-3632) Extending the service model to specify more complex permissions using permission service

Thu, 01 Apr 2010 06:38:49 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-3632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12852384#action_12852384
 ] 

Adrian Crum commented on OFBIZ-3632:
------------------------------------

Have you looked at the new security design in 
https://svn.apache.org/repos/asf/ofbiz/branches/executioncontext20091231?


> Extending the service model to specify more complex permissions using 
> permission service
> ----------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-3632
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-3632
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework, product
>            Reporter: Vikas Mayur
>            Priority: Minor
>             Fix For: SVN trunk
>
>         Attachments: permission.patch
>
>
> At present <permission-service> in the service definition allows only one 
> permission service. I have extended the  <required-permissions> tag to 
> specify more then one permission services by doing an AND/OR operation.
> For instance the following code in service definition 
> {code}
> <required-permissions join-type="AND">
>     <permission-service service-name="facilityGenericPermission" 
> main-action="CREATE"/>
>     <permission-service service-name="facilityGenericPermission" 
> main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace the following code in service implementation.
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
>     <fail-message message="Security Error: to run 
> setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or 
> FACILITY_ADMIN permission"/>
> </check-permission>
> <check-permission permission="FACILITY" action="_UPDATE">
>     <fail-message message="Security Error: to run 
> setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or 
> FACILITY_ADMIN permission"/>
> </check-permission>
> {code}
> Similarly the code
> {code}
> <required-permissions join-type="OR">
>     <permission-service service-name="facilityGenericPermission" 
> main-action="CREATE"/>
>     <permission-service service-name="facilityGenericPermission" 
> main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
>     <alt-permission permission="FACILITY" action="_UPDATE"/>
>     <fail-message message="Security Error: to run createShipmentItem you must 
> have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-errors/>
> {code}
> The patch also contains additional changes where the permission service is 
> defined in the service definition.
> EDITS: Added missing ending \{code\} tag for the last code snippet

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to