ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David E Jones <jone...@undersunconsulting.com>
Subject Re: Parameterize serviceName in error message for permission error.
Date Wed, 03 Jan 2007 06:44:43 GMT

That's a different issue, sounds like the one from your other email  
earlier today.

Having a permission extension like "_ROLE_PARTY" is weird, I'm not  
sure _what_ that is for. It looks like a variation on the "role  
limited permissions" that are an established pattern in OFBiz. The  
best example of them is probably the checkProductRelatedPermission  
simple-method in the ProductServices.xml file. On line 511 you'll see  
where it uses "CATALOG_ROLE" as the prefix instead of "CATALOG".

When doing role-limited permissions the "_ROLE" appendage should  
always be a suffix to the "permission", and not a prefix to the  
"action" side of the permission. I have seen this confused before and  
I think it's a bad practice because it breaks the normal suffix set  

The basic idea is that if you have something like a "CATALOG_ROLE"  
permission base instead of the "CATALOG" permission base, then you  
have to be connected to the item in question either in a  
predetermined role, or in any role, depending on how things are coded  
(ie it's a convention, not a set of hard rules).


On Jan 2, 2007, at 7:40 PM, Anil Patel wrote:

> If we were to go by this, In example component, we look for _CREATE or
> _DELETE permission on the component in different CRUD services and  
> not at
> the entity level like _ROLE_PARTY
> is this right?
> Regards
> Anil
> On 1/2/07, David E Jones <jonesde@undersunconsulting.com> wrote:
>> Yes, there is a solution to this.
>> As with various things rather than trying to universally implement
>> best practices due to practicality the best practice is demonstrated
>> in the example component. You can see what you need in the
>> ExampleServices.xml, and in the corresponding label properties file
>> if I remember right.
>> -David
>> On Jan 2, 2007, at 4:07 PM, Anil Patel wrote:
>> > Hi,
>> > Checking to see if there is possible better way to do this. Every
>> > time we do
>> > permission check for CRUD operation we end up defining new message
>> > resource
>> > file. Only thing that changes is name of service.
>> >
>> > Is there a known solution, where we can parameterize the service
>> > name and
>> > use just one message all these CRUD operation?
>> >
>> > Regards
>> > Anil Patel

View raw message