Probably because PartyRole records actually mean very little by themselves and typically require some sort of context before they're useful. For example it doesn't mean much to be an EMPLOYEE if we don't know what company you're employed by.
So you can't simply use PartyRole by itself as some sort of authorization mechanism. That's my take on it at least, I didn't comment the code so I can't say for a fact what the motivation was. Regards Scott HotWax Media http://www.hotwaxmedia.com On 10/08/2010, at 9:53 AM, Wai wrote: > > > There is a section of code that is commented out in > ModelPermission.evalRoleMember(). The comment indicates that it is a > security risk. > Could someone tell what risk it presents. > > As this code is masked out, role-based security is effectively disabled. In > addition, the code is looking for from/thru date which are not a part of the > PartyRole entity. > > Could someone provide some insight. > > Thanks, > Wai > > > -- > View this message in context: > http://ofbiz.135035.n4.nabble.com/Role-based-security-is-disabled-tp2319089p2319089.html > Sent from the OFBiz - Dev mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME cryptographic signature
