[
https://issues.apache.org/jira/browse/OFBIZ-3632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12852464#action_12852464
]
Adam Heath commented on OFBIZ-3632:
-----------------------------------
Adding lots and lots of permission servicese, will increase the amount of
bytecode in the system. Unless all these new method are placed into their very
own separate classes, and existing classes are split up to reduce coupling,
then the permgen issue will get worse and worse.
So, having a declarative syntax available, so that a custom permission service
doesn't need to exist, it a feature worth having.
> Extending the service model to specify more complex permissions using
> permission service
> ----------------------------------------------------------------------------------------
>
> Key: OFBIZ-3632
> URL: https://issues.apache.org/jira/browse/OFBIZ-3632
> Project: OFBiz
> Issue Type: Improvement
> Components: framework, product
> Reporter: Vikas Mayur
> Priority: Minor
> Fix For: SVN trunk
>
> Attachments: permission.patch
>
>
> At present <permission-service> in the service definition allows only one
> permission service. I have extended the <required-permissions> tag to
> specify more then one permission services by doing an AND/OR operation.
> For instance the following code in service definition
> {code}
> <required-permissions join-type="AND">
> <permission-service service-name="facilityGenericPermission"
> main-action="CREATE"/>
> <permission-service service-name="facilityGenericPermission"
> main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace the following code in service implementation.
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
> <fail-message message="Security Error: to run
> setShipmentSettingsFromPrimaryOrder you must have the FACILITY_CREATE or
> FACILITY_ADMIN permission"/>
> </check-permission>
> <check-permission permission="FACILITY" action="_UPDATE">
> <fail-message message="Security Error: to run
> setShipmentSettingsFromPrimaryOrder you must have the FACILITY_UPDATE or
> FACILITY_ADMIN permission"/>
> </check-permission>
> {code}
> Similarly the code
> {code}
> <required-permissions join-type="OR">
> <permission-service service-name="facilityGenericPermission"
> main-action="CREATE"/>
> <permission-service service-name="facilityGenericPermission"
> main-action="UPDATE"/>
> </required-permissions>
> {code}
> will replace
> {code}
> <check-permission permission="FACILITY" action="_CREATE">
> <alt-permission permission="FACILITY" action="_UPDATE"/>
> <fail-message message="Security Error: to run createShipmentItem you must
> have the FACILITY_CREATE, FACILITY_UPDATE or FACILITY_ADMIN permission"/>
> </check-permission>
> <check-errors/>
> {code}
> The patch also contains additional changes where the permission service is
> defined in the service definition.
> EDITS: Added missing ending \{code\} tag for the last code snippet
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
