ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chinmay Patidar (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-9763) Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem
Date Sat, 23 Sep 2017 12:05:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chinmay Patidar updated OFBIZ-9763:
-----------------------------------
    Attachment: OFBIZ-9763.patch

Provided the patch for the issue. Done the following:
* Removed all of the security related checks present inline.
* Converted simple-methods "checkShoppingListSecurity" and "checkShoppingListItemSecurity"
into services which will be called as a permission service from the CRUD services.
* Added hasPermission flag to result of "checkShoppingListSecurity" and "checkShoppingListItemSecurity"
services which are required for these services as they implement 'permissionInterface' service.

> Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem
> ------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-9763
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9763
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ecommerce, party
>    Affects Versions: Trunk, Release Branch 16.11
>            Reporter: Chinmay Patidar
>            Assignee: Chinmay Patidar
>             Fix For: Trunk
>
>         Attachments: OFBIZ-9763.patch
>
>
> In CRUD services for ShoppingList and ShoppingListItem entities, the security related
checks are present inline in the services. This implementation violates the best practice
of keeping security implementation different from the business logic.
> We need to implement security services for such operations and to call them as a permission-service
from the CRUD operation services definition



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message