Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9763

Create separate Permission Services for CRUD services of ShoppingList and ShoppingListItem

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: Trunk, Release Branch 16.11
    • Fix Version/s: Upcoming Release
    • Component/s: ecommerce, party
    • Labels:
      None

      Description

      In CRUD services for ShoppingList and ShoppingListItem entities, the security related checks are present inline in the services. This implementation violates the best practice of keeping security implementation different from the business logic.

      We need to implement security services for such operations and to call them as a permission-service from the CRUD operation services definition

      1. OFBIZ-9763.patch
        12 kB
        Chinmay Patidar
      2. OFBIZ-9763.patch
        13 kB
        Chinmay Patidar

        Activity

        Hide
        chinmay.patidar Chinmay Patidar added a comment -

        Provided the patch for the issue. Done the following:

        • Removed all of the security related checks present inline.
        • Converted simple-methods "checkShoppingListSecurity" and "checkShoppingListItemSecurity" into services which will be called as a permission service from the CRUD services.
        • Added hasPermission flag to result of "checkShoppingListSecurity" and "checkShoppingListItemSecurity" services which are required for these services as they implement 'permissionInterface' service.
        Show
        chinmay.patidar Chinmay Patidar added a comment - Provided the patch for the issue. Done the following: Removed all of the security related checks present inline. Converted simple-methods "checkShoppingListSecurity" and "checkShoppingListItemSecurity" into services which will be called as a permission service from the CRUD services. Added hasPermission flag to result of "checkShoppingListSecurity" and "checkShoppingListItemSecurity" services which are required for these services as they implement 'permissionInterface' service.
        Hide
        chinmay.patidar Chinmay Patidar added a comment -

        Updated the patch with an occurrence which was left out. i.e. replace the method call to 'checkShoppingListItemSecurity' with service call as it's converted into a service.

        Show
        chinmay.patidar Chinmay Patidar added a comment - Updated the patch with an occurrence which was left out. i.e. replace the method call to 'checkShoppingListItemSecurity' with service call as it's converted into a service.
        Hide
        arunpati Arun Patidar added a comment -

        Committed revision 1813619.

        Thanks Chinmay Patidar for your contribution.

        Show
        arunpati Arun Patidar added a comment - Committed revision 1813619. Thanks Chinmay Patidar for your contribution.

          People

          • Assignee:
            arunpati Arun Patidar
            Reporter:
            chinmay.patidar Chinmay Patidar
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development