ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mansour Al Akeel <mansour.alak...@gmail.com>
Subject Re: Creating parties
Date Sun, 24 Jul 2011 18:49:02 GMT
What about the ability to view tasks that "mansour" is not part of their
projects?

On Sun Jul 24,2011 11:35 am, BJ Freeman wrote:
> permission usually refer to the Login of a party.
> if you look in the ofbiz-component.xml, base-permission="PROJECTMGR",
> your login must have this security level.
> 
> Mansour Al Akeel sent the following on 7/24/2011 10:29 AM:
> > BJ,
> > thank you for all your help. I looked at the links you sent me, and they
> > were usefull. I still don't understand why permissions are checked in
> > the ftl and not the service layer. However this is not the issue I am
> > stuck at now.
> > I think I am still confused about permissions.
> > I created an account on trunk demo to show what I am talking about.
> > 
> > If you go to:
> > https://demo-trunk.ofbiz.apache.org/projectmgr/control/main
> > and try to login with mansour:ofbiz you will be greated with a screen
> > saying:
> > 
> > org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen [component://common/widget/CommonScreens.xml#GlobalDecorator]:
java.lang.IllegalArgumentException: Error running Groovy script at location [component://projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy]:
org.ofbiz.service.ServiceAuthException: You have no access to the project#: 9000 (Error running
Groovy script at location [component://projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy]:
org.ofbiz.service.ServiceAuthException: You have no access to the project#: 9000)
> > 
> > This is fine, as the user "mansour" doesn't have persmission to view
> > this project, but shouldn't this screen display the projects he is
> > member of (if any).
> > 
> > The second part is if you go to:
> > 
> > https://demo-trunk.ofbiz.apache.org/projectmgr/control/FindTask
> > 
> > and hit find, the user can see all the tasks that he is not member of,
> > and clicking on any of them, will open the details about that task.
> > 
> > This user is in "PROJECTUSER"  security group, which has:
> > 
> > ROJECTMGR_ROLE_TASK_CREATE Be able to create a task (should be member of project)
	
> > PROJECTMGR_ROLE_TIMESHEET_CREATE Be able to create a weekly timesheet for the loginid.

> > PROJECTMGR_ROLE_TIMESHEET_UPDATE Be able to update(report) on an existing own timesheet

> > PROJECTMGR_ROLE_VIEW All view operations in the Project Manager for a project/phase/task
the user is member of.. 	
> > PROJECTMGR_VIEW ALL View operations in the Project Manager(but can be limited by
ROLE_VIEW) 
> > 
> > On my local machine, I removed that last one "PROJECTMGR_VIEW", but
> > still this user can see others tasks.
> > 
> > Am I doing something wrong here?
> > 
> > I appreciate your help.
> > 
> > On Sun Jul 17,2011 10:09 am, BJ Freeman wrote:
> >> New Role Type (see chapter two of the Book)
> >> lets you define a new role type to use.
> >> it is best to link with the book to use the webtools
> >> https://demo-trunk.ofbiz.apache.org/webtools/control/ViewRelations?entityName=RoleType
> >> you can also get the xml structure from the data and created a bunch of
> >> them then load them via the web tools import. note: that service engine
> >> and UI (widgets and ftls) need to changed if you want that role type to
> >> have access.
> >>
> >> doing a google search for
> >> ofbiz main role
> >> http://ofbiz.135035.n4.nabble.com/Party-Main-Role-td1680393.html
> >>
> >> I hope these tips help you research you answer more. and As I said
> >> before parts of you question are already been answered.
> >>
> >>
> >> This may clear up more on security and Role View all.
> >> https://cwiki.apache.org/OFBTECH/ofbiz-security.html
> >>
> >>
> >> Mansour Al Akeel sent the following on 7/17/2011 8:45 AM:
> >>> Hello BJ,
> >>> and thank you for your reply.
> >>>
> >>> You can check the link here:
> >>> https://demo-trunk.ofbiz.apache.org/partymgr/control/viewroles?partyId=DemoEmployee
> >>>
> >>> It has 
> >>> "Add To Main Role" and "Add To Role : view all" Fields. and if you
> >>> select soemthing like "Calendare" for the first one, you will get a
> >>> third field "Add To Second Role". What is the difference between them ?
> >>>
> >>> I was confused with the security part, because was adding a user to a
> >>> group, but still the user was not allowed to edit a project. I have to
> >>> add the user as a resource for that project. 
> >>>
> >>> What I understand now is, Party Roles has nothing to do with
> >>> permissions, and the later has to be handled separately through the
> >>> security group.
> >>>
> >>>
> >>> Thank you.
> >>>
> >>>
> >>> On Sat Jul 16,2011 11:01 pm, BJ Freeman wrote:
> >>>> Yes I still have to go back and review. The book Deals only with Roles
> >>>> related to Party. Security based on login is not in the Book.
> >>>> The is covered in the Service Engine and Webapps, widgets
> >>>>
> >>>> It helps if you give complete URL to the places you talking about. It
> >>>> saves time of the answerer and verify we are talking the same component.
> >>>> The labels are in seperate files from actual code, so depending on who
> >>>> put in the text for that label, it may not be clear as to its meaning.
> >>>>
> >>>> you can limit based on Roles, security groups and/or security roles
> >>>> which is different from roles.
> >>>> going through the widgets and Ftls will give you code examples of how
> >>>> this is accomplished.
> >>>>
> >>>> The example component is good to review.
> >>>>
> >>>>
> >>>> Mansour Al Akeel sent the following on 7/16/2011 8:29 PM:
> >>>>> Ok, the "BOOK" explained things, and I know I have to read many
parts
> >>>>> again, especially while trying to match the readings with  the
> >>>>> functionality offered by OFBiz.
> >>>>>
> >>>>> Now I have a question related to adding roles. In the "Add To Role"
> >>>>> screen:
> >>>>>
> >>>>>
> >>>>> Add To Main Role
> >>>>> --> Role Type Id 	
> >>>>>
> >>>>> Add To Second Role
> >>>>> --> Role Type Id
> >>>>>
> >>>>> Add To Role : view all
> >>>>> --> Role Type Id
> >>>>>
> >>>>> What is the difference between "Main Role" and "Second Role" and
how do
> >>>>> I use them ? 
> >>>>> What is the "Add To Role" mean ? 
> >>>>>
> >>>>> Back again to the senario in the first email, and after I modeled
the
> >>>>> Parties, how do I let each access only to the functionality they
need to
> >>>>> access ? For example, "Approver" to aprove timesheet and work effort.
> >>>>> Project manager to Assing tasks, "Developer" to update tasks. Would
this
> >>>>> have to be separately using "Security Groups" ? 
> >>>>>
> >>>>> Thank you.
> >>>>>
> >>>>>
> >>>>> On Mon Jun 27,2011 09:29 am, BJ Freeman wrote:
> >>>>>> as both Adrian and I mentioned most of that would be described
well in
> >>>>>> the Data model book that ofbiz was modeled after, which is why
not much
> >>>>>> documentation is written specifically in ofbiz.
> >>>>>>
> >>>>>> There are emails in the archive that have covered different
parts of
> >>>>>> your question.
> >>>>>>
> >>>>>> Actually it has been a good time for the Documentation for over
6 years,
> >>>>>> problem is getting someone to volunteer to do it. We have added
internal
> >>>>>> Help in ofbiz that needs to be filled out. ANY VOLUNTEERS.
> >>>>>>
> >>>>>> Normally such Contributions have been from someone hiring someone
to do
> >>>>>> the documentation, because it takes a lot of time to volunteer
and those
> >>>>>> that have to make a living do not have such time free. Then
that
> >>>>>> documentation was volunteered to ofbiz community.
> >>>>>>
> >>>>>> I limit my volunteer time per subject on the mailing list to
15 min,
> >>>>>> unless i have a vested interest in it. I have even stopped answering
on
> >>>>>> here because my time has become very limited. as an example
this email
> >>>>>> took over two hours to finish because of interruptions to do
business.
> >>>>>>
> >>>>>> so maybe others that have the time will volunteer the information
you
> >>>>>> desire.
> >>>>>>
> >>>>>> Most find the charge for the "BOOK" a lot less than hiring someone,
or
> >>>>>> volunteering the time to document.
> >>>>>>
> >>>>>> That said, feel free once you understand to volunteer you time
to
> >>>>>> documented this the way you think it should be done.
> >>>>>> BTW I have made this offer to others that presented the same
proposal in
> >>>>>> the past and they have not volunteer such documentation yet.
> >>>>>>
> >>>>>> I would suggest you draw an organizational chart then use the
fields in
> >>>>>> ofbiz to associated the chart to relationships. There is no
"ONE"
> >>>>>> organization chart.
> >>>>>>
> >>>>>> Demo employee shows two relationships as examples, in a normal
Company
> >>>>>> there may be many relationships. like the one that says the
demo
> >>>>>> employee is a employee.
> >>>>>>
> >>>>>> you would use roles and relationship
> >>>>>>
> >>>>>> Mansour Al Akeel sent the following on 6/27/2011 4:28 AM:
> >>>>>>> BJ thank you.
> >>>>>>>
> >>>>>>> My question is related more to ofbiz usage. In the relationship
page:
> >>>>>>> https://demo-trunk.ofbiz.apache.org/partymgr/control/EditPartyRelationships?partyId=DemoEmployee
> >>>>>>> you can see some fields that are not clear to me. To be
more specific, We have:
> >>>>>>> in the role of  |	is A 	of Party 	| in the role of 	
> >>>>>>>
> >>>>>>> There two relations for DemoEmployee. And each relation
has two fields
> >>>>>>> "in the Role Of".
> >>>>>>> Further more, there is some confusion about where to relate
employee
> >>>>>>> to organization. I mean if you go to:
> >>>>>>>
> >>>>>>> https://demo-trunk.ofbiz.apache.org/partymgr/control/viewprofile?partyId=DemoEmployee
> >>>>>>>
> >>>>>>> You will see four tabs with labels indicates similar functionality:
> >>>>>>> -Roles
> >>>>>>> -Link Party
> >>>>>>> -Relationships
> >>>>>>> -Segments
> >>>>>>>
> >>>>>>>
> >>>>>>> What is the difference between these ? To add employee to
Organization
> >>>>>>> I need to use ..... ?
> >>>>>>> May be it's a good opportunity to discuss and document each
of them,
> >>>>>>> instead of referring me to the "BOOK" ;)
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On Sun, Jun 26, 2011 at 9:10 PM, BJ Freeman <bjfree@free-man.net>
wrote:
> >>>>>>>> there is not much documented in ofbiz about party.
> >>>>>>>> however if you read the Data model book Vol I you will
see a lot about
> >>>>>>>> partyrelationsips. Good diagram on pg 41
> >>>>>>>> In this case you would have party relationship with
the company that
> >>>>>>>> supplies contractors
> >>>>>>>> so you need to setup the roles of each party then setup
the relationship
> >>>>>>>> between them
> >>>>>>>> start with organizational party relationship then individual
(person)
> >>>>>>>> realtionships with organizations.
> >>>>>>>>
> >>>>>>>> example
> >>>>>>>> the programmer would be a employee role with the recruitment
company if
> >>>>>>>> they contract, then the programmer would have a contractor
relationship
> >>>>>>>> with the Company.
> >>>>>>>>
> >>>>>>>> the rest you can get from the demo data or you can look
at the demo site
> >>>>>>>> at the different parties to see the relationships.
> >>>>>>>>
> >>>>>>>> Mansour Al Akeel sent the following on 6/26/2011 4:43
PM:
> >>>>>>>>> Hello all,
> >>>>>>>>> I didn't use the parties component extensively,
and don't know a lot about it.
> >>>>>>>>> Here's the scenario we have. Three Group parties:
> >>>>>>>>> Programmers
> >>>>>>>>> Recruiter
> >>>>>>>>> Sales /marketing/Distributing
> >>>>>>>>> The distributor obtains the requirements and hires
the Programmers
> >>>>>>>>> through the "Recruitment" company. Billing is done
by hour.
> >>>>>>>>> In each company there's two employees that interact
with the system.
> >>>>>>>>> programmer1 , programmer2
> >>>>>>>>> hr manager 1, hr manager2
> >>>>>>>>> project manager1, project manager2
> >>>>>>>>>
> >>>>>>>>> We need to setup the system, to handle the requirements
communication,
> >>>>>>>>> timesheet, project management ... etc.
> >>>>>>>>> I have created the three group parties, and 6 employees
parties, and
> >>>>>>>>> stopped there not knowing how to connect them.
> >>>>>>>>>
> >>>>>>>>> How to associate users (employee) with companies
(Group Party) ?
> >>>>>>>>> I tried to go to Relationships page and use  "Add
other party
> >>>>>>>>> relationship", but those fields are not clear to
me. For example  "in
> >>>>>>>>> the Role of" .... etc.
> >>>>>>>>> Let's say I need to put hr_manager1 as an employee
of "Recruiter" ??
> >>>>>>>>> How many accounts I need, knowing that the recruiter
get a percentage ?
> >>>>>>>>>
> >>>>>>>>> What do I need to do after that ?
> >>>>>>>>>
> >>>>>>>>> Guessing is not very help full here as it relies
on trial and error,
> >>>>>>>>> and an error may not be initially visible. So I
like to get an advice
> >>>>>>>>> from someone with more experience in this area.
> >>>>>>>>>
> >>>>>>>>> Thank you.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>
> >>>
> > 

Mime
View raw message