Why do we need to use the system userlogin? If we change the permission check to allow the placing party authorization then we shouldn't need to switch anything. This type of situation is handled in a few places around OFBiz, I would suggest that you find and take a look at them (which is what I would have to do to answer any more questions :-)

Regards
Scott

On 26/10/2009, at 9:05 PM, Abdullah Shaikh wrote:

Hi Scott,

Yes, I too thought of improving the already implemented service, I always have that as a first preference, and all should, to make more better code.

Now coming back to the issue, below is what I have already comment in
previous post.

This error is because the party (customer) doesn't have the ORDERMGR_CREATE
or ORDERMGR_ADMIN permission, but we can't give this permission to a
customer, further as the common service is called from ecommerce and order manager for cancel, the solution will be to check the party's role, if its a
CUSTOMER, then I guess we can use the SYSTEM user in place of the
PARTY(CUSTOMER), for this we need to give ORDERMGR permission to the SYSTEM user. But then it will seem as if the SYSTEM user has cancelled the order
and
not the CUSTOMER ?

The only thought that came to my mind to improve the permission check
service is as above, but then I guess it will lead to some other issues.

- Abdullah

On Mon, Oct 26, 2009 at 1:20 PM, Scott Gray <scott.g...@hotwaxmedia.com >wrote:

My first thought without looking at it is that the permission checking service should be improved to allow the order placing party to invoke the service. I don't personally think a separate service definition is the way
to go.

Regards
Scott

HotWax Media
http://www.hotwaxmedia.com


On 26/10/2009, at 8:43 PM, Abdullah Shaikh wrote:

Hi All,

Any thoughts on this ?

Jacques, should I proceed with the overriding service patch ?

On Fri, Oct 23, 2009 at 6:21 PM, Abdullah Shaikh <
abdullah.sha...@viithiisys.com> wrote:

Yes, I guess maybe this is the only solution for this, should I submit
the
overriding service patch for this or should I wait for some more ideas to
pour in for this ?


On Fri, Oct 23, 2009 at 6:09 PM, Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:

Abdullah,

Yes, overriding the service without permission check only for ecommerce
use seems the better choise IMO

Jacques

From: "Abdullah Shaikh" <abdullah.sha...@viithiisys.com>

If I cancel an order item from ecommerce. I get, the below error
displayed
on the page.

The Following Errors Occurred:
Unable to cancel order line : WSCO11640 / 00001 / null

Note to test this you need to take the latest update of apply this patch
https://issues.apache.org/jira/browse/OFBIZ-2408.

Below is the error trace from console, this error is because the party
(customer) doesn't have the ORDERMGR_CREATE or ORDERMGR_ADMIN
permission,
but we can't give this permission to a customer, further as the common
service is called from ecommerce and order manager for cancel, the
solution
will be to check the party's role, if its a CUSTOMER, then I guess we
can
use the SYSTEM user in place of the PARTY(CUSTOMER), for this we need to
give ORDERMGR permission to the SYSTEM user.

But then it will seem as if the SYSTEM user has cancelled the order and
not
the CUSTOMER ?

Another solution will be to override the service without permission
check
only for ecommerce use.








Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to