| <?xml version="1.0" encoding="UTF-8" ?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd"> |
| |
| <!-- ============== Basic Permission Checking ============= --> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions --> |
| <simple-method method-name="basePermissionCheck" short-description="Accounting component base permission logic"> |
| <set field="primaryPermission" value="ACCOUNTING"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions |
| OR if user has one of the base ACCOUNTING_ROLE CRUD+ADMIN permissions --> |
| <simple-method method-name="basePlusRolePermissionCheck" short-description="Accounting component base permission logic"> |
| <set field="primaryPermission" value="ACCOUNTING"/> |
| <set field="altPermission" value="ACCOUNTING_ROLE"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- ============== Task-specific Permission Checking ============= --> |
| |
| <!-- Returns hasPermission=true if user has one of the ACCTG_PREF CRUD+ADMIN permissions --> |
| <simple-method method-name="preferencePermissionCheck" short-description="Accounting preferences permission logic"> |
| <set field="primaryPermission" value="ACCTG_PREF"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the ACCTG_FX CRUD+ADMIN permissions --> |
| <simple-method method-name="acctgFxPermissionCheck" short-description="Foreign exchange permission logic"> |
| <set field="primaryPermission" value="ACCTG_FX"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <!-- Check for deprecated permission --> |
| <if-has-permission permission="ACCTG_FX_ENTRY"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| <log level="warning" message="Deprecated permission ACCTG_FX_ENTRY in use"/> |
| <else> |
| <property-to-field resource="CommonUiLabels" property="CommonGenericPermissionError" field="failMessage"/> |
| <set field="hasPermission" type="Boolean" value="false"/> |
| <field-to-result field="hasPermission"/> |
| <field-to-result field="failMessage"/> |
| </else> |
| </if-has-permission> |
| </if-compare> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions |
| OR if user has one of the base ACCOUNTING_ROLE CRUD+ADMIN permissions --> |
| <!-- TODO: Make this more user-role-specific. Users working with suppliers should only access |
| supplier agreements, users working with customers should only access customer |
| agreements, etc. --> |
| <simple-method method-name="acctgAgreementPermissionCheck" short-description="Accounting agreement permission logic"> |
| <call-simple-method method-name="basePlusRolePermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the ACCOUNTING_COMM CRUD+ADMIN permissions --> |
| <simple-method method-name="commissionPermissionCheck" short-description="Accounting commissions permission logic"> |
| <set field="primaryPermission" value="ACCOUNTING_COMM"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions --> |
| <simple-method method-name="acctgCostPermissionCheck" short-description="Accounting cost permission logic"> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions --> |
| <simple-method method-name="acctgFinAcctPermissionCheck" short-description="Accounting financial account permission logic"> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions |
| OR if user has one of the base ACCOUNTING_ROLE CRUD+ADMIN permissions --> |
| <!-- TODO: Make this more user-role-specific. Users working with suppliers should only access |
| purchase invoices, users working with customers should only access sales-related |
| invoices, etc. --> |
| <simple-method method-name="acctgInvoicePermissionCheck" short-description="Accounting invoice permission logic"> |
| <call-simple-method method-name="basePlusRolePermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the ACCTG_ATX CRUD+ADMIN permissions --> |
| <simple-method method-name="acctgTransactionPermissionCheck" short-description="Accounting transaction permission logic"> |
| <set field="primaryPermission" value="ACCTG_ATX"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions --> |
| <simple-method method-name="acctgBillingAcctCheck" short-description="Accounting billing account permission logic"> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base ACCOUNTING/ACCOUNTING_ROLE CRUD+ADMIN permissions --> |
| <simple-method method-name="acctgPaymentPermissionCheck" short-description="Accounting Permission logic"> |
| <call-simple-method method-name="basePlusRolePermissionCheck"/> |
| </simple-method> |
| </simple-methods> |