release16.11/applications/accounting/minilang/permissions/PermissionServices.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.
-->

<simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd">

    <!-- ============== Basic Permission Checking ============= -->

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions -->
    <simple-method method-name="basePermissionCheck" short-description="Accounting component base permission logic">
        <set field="primaryPermission" value="ACCOUNTING"/>
        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions
        OR if user has one of the base ACCOUNTING_ROLE CRUD+ADMIN permissions -->
    <simple-method method-name="basePlusRolePermissionCheck" short-description="Accounting component base permission logic">
        <set field="primaryPermission" value="ACCOUNTING"/>
        <set field="altPermission" value="ACCOUNTING_ROLE"/>
        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
    </simple-method>

    <!-- ============== Task-specific Permission Checking ============= -->

    <!-- Returns hasPermission=true if user has one of the ACCTG_PREF CRUD+ADMIN permissions -->
    <simple-method method-name="preferencePermissionCheck" short-description="Accounting preferences permission logic">
        <set field="primaryPermission" value="ACCTG_PREF"/>
        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the ACCTG_FX CRUD+ADMIN permissions -->
    <simple-method method-name="acctgFxPermissionCheck" short-description="Foreign exchange permission logic">
        <set field="primaryPermission" value="ACCTG_FX"/>
        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
        <if-compare field="hasPermission" operator="not-equals" value="true">
            <!-- Check for deprecated permission -->
            <if-has-permission permission="ACCTG_FX_ENTRY">
                <set field="hasPermission" type="Boolean" value="true"/>
                <field-to-result field="hasPermission"/>
                <log level="warning" message="Deprecated permission ACCTG_FX_ENTRY in use"/>
                <else>
                    <property-to-field resource="CommonUiLabels" property="CommonGenericPermissionError" field="failMessage"/>
                    <set field="hasPermission" type="Boolean" value="false"/>
                    <field-to-result field="hasPermission"/>
                    <field-to-result field="failMessage"/>
                </else>
            </if-has-permission>
        </if-compare>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions
        OR if user has one of the base ACCOUNTING_ROLE CRUD+ADMIN permissions -->
    <!-- TODO: Make this more user-role-specific. Users working with suppliers should only access
        supplier agreements, users working with customers should only access customer
        agreements, etc. -->
    <simple-method method-name="acctgAgreementPermissionCheck" short-description="Accounting agreement permission logic">
        <call-simple-method method-name="basePlusRolePermissionCheck"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the ACCOUNTING_COMM CRUD+ADMIN permissions -->
    <simple-method method-name="commissionPermissionCheck" short-description="Accounting commissions permission logic">
        <set field="primaryPermission" value="ACCOUNTING_COMM"/>
        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions -->
    <simple-method method-name="acctgCostPermissionCheck" short-description="Accounting cost permission logic">
        <call-simple-method method-name="basePermissionCheck"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions -->
    <simple-method method-name="acctgFinAcctPermissionCheck" short-description="Accounting financial account permission logic">
        <call-simple-method method-name="basePermissionCheck"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions
        OR if user has one of the base ACCOUNTING_ROLE CRUD+ADMIN permissions -->
    <!-- TODO: Make this more user-role-specific. Users working with suppliers should only access
        purchase invoices, users working with customers should only access sales-related
        invoices, etc. -->
    <simple-method method-name="acctgInvoicePermissionCheck" short-description="Accounting invoice permission logic">
        <call-simple-method method-name="basePlusRolePermissionCheck"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the ACCTG_ATX CRUD+ADMIN permissions -->
    <simple-method method-name="acctgTransactionPermissionCheck" short-description="Accounting transaction permission logic">
        <set field="primaryPermission" value="ACCTG_ATX"/>
        <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/>
    </simple-method>

    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING CRUD+ADMIN permissions -->
    <simple-method method-name="acctgBillingAcctCheck" short-description="Accounting billing account permission logic">
        <call-simple-method method-name="basePermissionCheck"/>
    </simple-method>
    
    <!-- Returns hasPermission=true if user has one of the base ACCOUNTING/ACCOUNTING_ROLE CRUD+ADMIN permissions -->
    <simple-method method-name="acctgPaymentPermissionCheck" short-description="Accounting Permission logic">
        <call-simple-method method-name="basePlusRolePermissionCheck"/>
    </simple-method>
</simple-methods>