Are you saying this is missing, and should be added ?
On Sun Jul 24,2011 11:48 am, BJ Freeman wrote: > on the second part that was covered in the security link I gave you > '<if-has-permission' has to be in the UI to be effective on permissions. > > Mansour Al Akeel sent the following on 7/24/2011 10:29 AM: > > BJ, > > thank you for all your help. I looked at the links you sent me, and they > > were usefull. I still don't understand why permissions are checked in > > the ftl and not the service layer. However this is not the issue I am > > stuck at now. > > I think I am still confused about permissions. > > I created an account on trunk demo to show what I am talking about. > > > > If you go to: > > https://demo-trunk.ofbiz.apache.org/projectmgr/control/main > > and try to login with mansour:ofbiz you will be greated with a screen > > saying: > > > > org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen > > [component://common/widget/CommonScreens.xml#GlobalDecorator]: > > java.lang.IllegalArgumentException: Error running Groovy script at location > > [component://projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy]: > > org.ofbiz.service.ServiceAuthException: You have no access to the > > project#: 9000 (Error running Groovy script at location > > [component://projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy]: > > org.ofbiz.service.ServiceAuthException: You have no access to the > > project#: 9000) > > > > This is fine, as the user "mansour" doesn't have persmission to view > > this project, but shouldn't this screen display the projects he is > > member of (if any). > > > > The second part is if you go to: > > > > https://demo-trunk.ofbiz.apache.org/projectmgr/control/FindTask > > > > and hit find, the user can see all the tasks that he is not member of, > > and clicking on any of them, will open the details about that task. > > > > This user is in "PROJECTUSER" security group, which has: > > > > ROJECTMGR_ROLE_TASK_CREATE Be able to create a task (should be member of > > project) > > PROJECTMGR_ROLE_TIMESHEET_CREATE Be able to create a weekly timesheet for > > the loginid. > > PROJECTMGR_ROLE_TIMESHEET_UPDATE Be able to update(report) on an existing > > own timesheet > > PROJECTMGR_ROLE_VIEW All view operations in the Project Manager for a > > project/phase/task the user is member of.. > > PROJECTMGR_VIEW ALL View operations in the Project Manager(but can be > > limited by ROLE_VIEW) > > > > On my local machine, I removed that last one "PROJECTMGR_VIEW", but > > still this user can see others tasks. > > > > Am I doing something wrong here? > > > > I appreciate your help. > > > > On Sun Jul 17,2011 10:09 am, BJ Freeman wrote: > >> New Role Type (see chapter two of the Book) > >> lets you define a new role type to use. > >> it is best to link with the book to use the webtools > >> https://demo-trunk.ofbiz.apache.org/webtools/control/ViewRelations?entityName=RoleType > >> you can also get the xml structure from the data and created a bunch of > >> them then load them via the web tools import. note: that service engine > >> and UI (widgets and ftls) need to changed if you want that role type to > >> have access. > >> > >> doing a google search for > >> ofbiz main role > >> http://ofbiz.135035.n4.nabble.com/Party-Main-Role-td1680393.html > >> > >> I hope these tips help you research you answer more. and As I said > >> before parts of you question are already been answered. > >> > >> > >> This may clear up more on security and Role View all. > >> https://cwiki.apache.org/OFBTECH/ofbiz-security.html > >> > >> > >> Mansour Al Akeel sent the following on 7/17/2011 8:45 AM: > >>> Hello BJ, > >>> and thank you for your reply. > >>> > >>> You can check the link here: > >>> https://demo-trunk.ofbiz.apache.org/partymgr/control/viewroles?partyId=DemoEmployee > >>> > >>> It has > >>> "Add To Main Role" and "Add To Role : view all" Fields. and if you > >>> select soemthing like "Calendare" for the first one, you will get a > >>> third field "Add To Second Role". What is the difference between them ? > >>> > >>> I was confused with the security part, because was adding a user to a > >>> group, but still the user was not allowed to edit a project. I have to > >>> add the user as a resource for that project. > >>> > >>> What I understand now is, Party Roles has nothing to do with > >>> permissions, and the later has to be handled separately through the > >>> security group. > >>> > >>> > >>> Thank you. > >>> > >>> > >>> On Sat Jul 16,2011 11:01 pm, BJ Freeman wrote: > >>>> Yes I still have to go back and review. The book Deals only with Roles > >>>> related to Party. Security based on login is not in the Book. > >>>> The is covered in the Service Engine and Webapps, widgets > >>>> > >>>> It helps if you give complete URL to the places you talking about. It > >>>> saves time of the answerer and verify we are talking the same component. > >>>> The labels are in seperate files from actual code, so depending on who > >>>> put in the text for that label, it may not be clear as to its meaning. > >>>> > >>>> you can limit based on Roles, security groups and/or security roles > >>>> which is different from roles. > >>>> going through the widgets and Ftls will give you code examples of how > >>>> this is accomplished. > >>>> > >>>> The example component is good to review. > >>>> > >>>> > >>>> Mansour Al Akeel sent the following on 7/16/2011 8:29 PM: > >>>>> Ok, the "BOOK" explained things, and I know I have to read many parts > >>>>> again, especially while trying to match the readings with the > >>>>> functionality offered by OFBiz. > >>>>> > >>>>> Now I have a question related to adding roles. In the "Add To Role" > >>>>> screen: > >>>>> > >>>>> > >>>>> Add To Main Role > >>>>> --> Role Type Id > >>>>> > >>>>> Add To Second Role > >>>>> --> Role Type Id > >>>>> > >>>>> Add To Role : view all > >>>>> --> Role Type Id > >>>>> > >>>>> What is the difference between "Main Role" and "Second Role" and how do > >>>>> I use them ? > >>>>> What is the "Add To Role" mean ? > >>>>> > >>>>> Back again to the senario in the first email, and after I modeled the > >>>>> Parties, how do I let each access only to the functionality they need to > >>>>> access ? For example, "Approver" to aprove timesheet and work effort. > >>>>> Project manager to Assing tasks, "Developer" to update tasks. Would this > >>>>> have to be separately using "Security Groups" ? > >>>>> > >>>>> Thank you. > >>>>> > >>>>> > >>>>> On Mon Jun 27,2011 09:29 am, BJ Freeman wrote: > >>>>>> as both Adrian and I mentioned most of that would be described well in > >>>>>> the Data model book that ofbiz was modeled after, which is why not much > >>>>>> documentation is written specifically in ofbiz. > >>>>>> > >>>>>> There are emails in the archive that have covered different parts of > >>>>>> your question. > >>>>>> > >>>>>> Actually it has been a good time for the Documentation for over 6 > >>>>>> years, > >>>>>> problem is getting someone to volunteer to do it. We have added > >>>>>> internal > >>>>>> Help in ofbiz that needs to be filled out. ANY VOLUNTEERS. > >>>>>> > >>>>>> Normally such Contributions have been from someone hiring someone to do > >>>>>> the documentation, because it takes a lot of time to volunteer and > >>>>>> those > >>>>>> that have to make a living do not have such time free. Then that > >>>>>> documentation was volunteered to ofbiz community. > >>>>>> > >>>>>> I limit my volunteer time per subject on the mailing list to 15 min, > >>>>>> unless i have a vested interest in it. I have even stopped answering on > >>>>>> here because my time has become very limited. as an example this email > >>>>>> took over two hours to finish because of interruptions to do business. > >>>>>> > >>>>>> so maybe others that have the time will volunteer the information you > >>>>>> desire. > >>>>>> > >>>>>> Most find the charge for the "BOOK" a lot less than hiring someone, or > >>>>>> volunteering the time to document. > >>>>>> > >>>>>> That said, feel free once you understand to volunteer you time to > >>>>>> documented this the way you think it should be done. > >>>>>> BTW I have made this offer to others that presented the same proposal > >>>>>> in > >>>>>> the past and they have not volunteer such documentation yet. > >>>>>> > >>>>>> I would suggest you draw an organizational chart then use the fields in > >>>>>> ofbiz to associated the chart to relationships. There is no "ONE" > >>>>>> organization chart. > >>>>>> > >>>>>> Demo employee shows two relationships as examples, in a normal Company > >>>>>> there may be many relationships. like the one that says the demo > >>>>>> employee is a employee. > >>>>>> > >>>>>> you would use roles and relationship > >>>>>> > >>>>>> Mansour Al Akeel sent the following on 6/27/2011 4:28 AM: > >>>>>>> BJ thank you. > >>>>>>> > >>>>>>> My question is related more to ofbiz usage. In the relationship page: > >>>>>>> https://demo-trunk.ofbiz.apache.org/partymgr/control/EditPartyRelationships?partyId=DemoEmployee > >>>>>>> you can see some fields that are not clear to me. To be more > >>>>>>> specific, We have: > >>>>>>> in the role of | is A of Party | in the role of > >>>>>>> > >>>>>>> There two relations for DemoEmployee. And each relation has two fields > >>>>>>> "in the Role Of". > >>>>>>> Further more, there is some confusion about where to relate employee > >>>>>>> to organization. I mean if you go to: > >>>>>>> > >>>>>>> https://demo-trunk.ofbiz.apache.org/partymgr/control/viewprofile?partyId=DemoEmployee > >>>>>>> > >>>>>>> You will see four tabs with labels indicates similar functionality: > >>>>>>> -Roles > >>>>>>> -Link Party > >>>>>>> -Relationships > >>>>>>> -Segments > >>>>>>> > >>>>>>> > >>>>>>> What is the difference between these ? To add employee to Organization > >>>>>>> I need to use ..... ? > >>>>>>> May be it's a good opportunity to discuss and document each of them, > >>>>>>> instead of referring me to the "BOOK" ;) > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> On Sun, Jun 26, 2011 at 9:10 PM, BJ Freeman <bjf...@free-man.net> > >>>>>>> wrote: > >>>>>>>> there is not much documented in ofbiz about party. > >>>>>>>> however if you read the Data model book Vol I you will see a lot > >>>>>>>> about > >>>>>>>> partyrelationsips. Good diagram on pg 41 > >>>>>>>> In this case you would have party relationship with the company that > >>>>>>>> supplies contractors > >>>>>>>> so you need to setup the roles of each party then setup the > >>>>>>>> relationship > >>>>>>>> between them > >>>>>>>> start with organizational party relationship then individual (person) > >>>>>>>> realtionships with organizations. > >>>>>>>> > >>>>>>>> example > >>>>>>>> the programmer would be a employee role with the recruitment company > >>>>>>>> if > >>>>>>>> they contract, then the programmer would have a contractor > >>>>>>>> relationship > >>>>>>>> with the Company. > >>>>>>>> > >>>>>>>> the rest you can get from the demo data or you can look at the demo > >>>>>>>> site > >>>>>>>> at the different parties to see the relationships. > >>>>>>>> > >>>>>>>> Mansour Al Akeel sent the following on 6/26/2011 4:43 PM: > >>>>>>>>> Hello all, > >>>>>>>>> I didn't use the parties component extensively, and don't know a > >>>>>>>>> lot about it. > >>>>>>>>> Here's the scenario we have. Three Group parties: > >>>>>>>>> Programmers > >>>>>>>>> Recruiter > >>>>>>>>> Sales /marketing/Distributing > >>>>>>>>> The distributor obtains the requirements and hires the Programmers > >>>>>>>>> through the "Recruitment" company. Billing is done by hour. > >>>>>>>>> In each company there's two employees that interact with the system. > >>>>>>>>> programmer1 , programmer2 > >>>>>>>>> hr manager 1, hr manager2 > >>>>>>>>> project manager1, project manager2 > >>>>>>>>> > >>>>>>>>> We need to setup the system, to handle the requirements > >>>>>>>>> communication, > >>>>>>>>> timesheet, project management ... etc. > >>>>>>>>> I have created the three group parties, and 6 employees parties, and > >>>>>>>>> stopped there not knowing how to connect them. > >>>>>>>>> > >>>>>>>>> How to associate users (employee) with companies (Group Party) ? > >>>>>>>>> I tried to go to Relationships page and use "Add other party > >>>>>>>>> relationship", but those fields are not clear to me. For example > >>>>>>>>> "in > >>>>>>>>> the Role of" .... etc. > >>>>>>>>> Let's say I need to put hr_manager1 as an employee of "Recruiter" ?? > >>>>>>>>> How many accounts I need, knowing that the recruiter get a > >>>>>>>>> percentage ? > >>>>>>>>> > >>>>>>>>> What do I need to do after that ? > >>>>>>>>> > >>>>>>>>> Guessing is not very help full here as it relies on trial and error, > >>>>>>>>> and an error may not be initially visible. So I like to get an > >>>>>>>>> advice > >>>>>>>>> from someone with more experience in this area. > >>>>>>>>> > >>>>>>>>> Thank you. > >>>>>>>>> > >>>>>>>> > >>>>>>> > >>>>> > >>> > >
