Debugged and simplified some code. The Authorization Manager is enabled by default now.
git-svn-id: https://svn.apache.org/repos/asf/ofbiz/branches/executioncontext20090812@894682 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/BranchReadMe.txt b/BranchReadMe.txt
index fb89afc..c961fd4 100644
--- a/BranchReadMe.txt
+++ b/BranchReadMe.txt
@@ -100,3 +100,10 @@
class keeps an ExecutionContext instance per thread. We just need to
make sure all OFBiz entrance vectors call the reset() method, and
then initialize the ExecutionContext to the desired values.
+
+---------------------------------------------------------------------
+
+2009-12-29: The Authorization Manager is mostly working. Filtering
+EntityListIterator values is not implemented due to architectural
+problems. The Authorization Manager is still disabled by default
+because the demo data load will not work with it enabled.
diff --git a/applications/accounting/data/AccountingSecurityData.xml b/applications/accounting/data/AccountingSecurityData.xml
index e48e724..8ec1715 100644
--- a/applications/accounting/data/AccountingSecurityData.xml
+++ b/applications/accounting/data/AccountingSecurityData.xml
@@ -120,8 +120,8 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/accounting" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ap" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ar" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/accounting" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ap" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ar" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/content/data/CompDocData.xml b/applications/content/data/CompDocData.xml
index 0442294..500aab0 100644
--- a/applications/content/data/CompDocData.xml
+++ b/applications/content/data/CompDocData.xml
@@ -34,7 +34,7 @@
<PartyRole partyId="admin" roleTypeId="APPROVER"/>
<UserLogin userLoginId="approver" partyId="approver"/>
<UserLoginSecurityGroup groupId="COMPDOCADMIN" userLoginId="approver" fromDate="2006-01-01 12:00:00.0"/>
- <UserToUserGroupRelationship userLoginId="approver" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="approver" groupId="OFBIZ_USERS"/>
<DataResource dataResourceId="DR1103b" dataResourceTypeId="OFBIZ_FILE_BIN" objectInfo="/applications/content/data/pdftest2.pdf" mimeTypeId="application/pdf" dataResourceName="Personal Profile"/>
diff --git a/applications/content/data/ContentSecurityData.xml b/applications/content/data/ContentSecurityData.xml
index c226074..2f7970a 100644
--- a/applications/content/data/ContentSecurityData.xml
+++ b/applications/content/data/ContentSecurityData.xml
@@ -54,6 +54,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/content" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/content" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/content/data/DemoBlogUsersData.xml b/applications/content/data/DemoBlogUsersData.xml
index 5ef6178..c762409 100644
--- a/applications/content/data/DemoBlogUsersData.xml
+++ b/applications/content/data/DemoBlogUsersData.xml
@@ -25,7 +25,7 @@
<PartyRole partyId="BLOGUSER_ADMIN" roleTypeId="CONTENT_ADMIN"/>
<ContentRole partyId="BLOGUSER_ADMIN" roleTypeId="CONTENT_ADMIN" contentId="BLOGROOT" fromDate="2004-03-27 09:37:40.989"/>
<UserLoginSecurityGroup userLoginId="blog_admin" groupId="FULLADMIN" fromDate="2004-09-15 00:00:00.000"/>
- <UserToUserGroupRelationship userLoginId="blog_admin" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="blog_admin" groupId="OFBIZ_USERS"/>
<Party partyId="BLOGUSER_EDITOR" partyTypeId="PERSON" createdDate="2004-03-27 09:37:40.989" createdByUserLogin="admin" lastModifiedDate="2004-03-27 09:37:40.989" lastModifiedByUserLogin="admin"/>
<Person partyId="BLOGUSER_EDITOR" lastName="Blog" firstName="Editor"/>
@@ -33,19 +33,19 @@
<PartyRole partyId="BLOGUSER_EDITOR" roleTypeId="CONTENT_ADMIN"/>
<ContentRole partyId="BLOGUSER_EDITOR" roleTypeId="CONTENT_ADMIN" contentId="BLOGROOT" fromDate="2004-03-27 09:37:40.989"/>
<UserLoginSecurityGroup userLoginId="blog_editor" groupId="FULLADMIN" fromDate="2004-09-15 00:00:00.000"/>
- <UserToUserGroupRelationship userLoginId="blog_editor" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="blog_editor" groupId="OFBIZ_USERS"/>
<Party partyId="BLOGUSER_USER" partyTypeId="PERSON" createdDate="2004-03-27 09:37:40.989" createdByUserLogin="admin" lastModifiedDate="2004-03-27 09:37:40.989" lastModifiedByUserLogin="admin"/>
<Person partyId="BLOGUSER_USER" lastName="Blog" firstName="User"/>
<UserLogin userLoginId="blog_user" partyId="BLOGUSER_USER" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a"/>
<PartyRole partyId="BLOGUSER_USER" roleTypeId="CONTENT_ADMIN"/>
<PartyRole partyId="BLOGUSER_USER" roleTypeId="CONTENT_AUTHOR"/>
- <UserToUserGroupRelationship userLoginId="blog_user" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="blog_user" groupId="OFBIZ_USERS"/>
<Party partyId="BLOGUSER_GUEST" partyTypeId="PERSON" createdDate="2004-10-20 09:37:40.989" createdByUserLogin="admin" lastModifiedDate="2004-10-20 09:37:40.989" lastModifiedByUserLogin="admin"/>
<Person partyId="BLOGUSER_GUEST" lastName="Blog" firstName="Guest"/>
<UserLogin userLoginId="blog_guest" partyId="BLOGUSER_GUEST" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a"/>
- <UserToUserGroupRelationship userLoginId="blog_guest" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="blog_guest" groupId="OFBIZ_USERS"/>
<Party partyId="AUTHOR_BIGAL" partyTypeId="PERSON" createdDate="2004-03-27 09:37:40.989" createdByUserLogin="admin" lastModifiedDate="2004-03-27 09:37:40.989" lastModifiedByUserLogin="admin"/>
<Person partyId="AUTHOR_BIGAL" lastName="Al" firstName="Big"/>
@@ -54,7 +54,7 @@
<ContentRole partyId="AUTHOR_BIGAL" roleTypeId="CONTENT_AUTHOR" contentId="BLOGROOTBIGAL" fromDate="2004-03-27 09:37:40.989"/>
<ContentPurpose contentId="BLOGROOTBIGAL" contentPurposeTypeId="ARTICLE"/>
<UserLoginSecurityGroup userLoginId="bigal" groupId="CONTENT_USER" fromDate="2004-09-15 00:00:00.000"/>
- <UserToUserGroupRelationship userLoginId="bigal" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="bigal" groupId="OFBIZ_USERS"/>
<!-- Updating BLOGROOTBIGAL with bigal as creator so that he will be found as "owner" for subrecords.
This is used in a screen permission test.
-->
@@ -90,7 +90,7 @@
<ContentRole partyId="AUTHOR_MADMAX" roleTypeId="CONTENT_AUTHOR" contentId="BLOGROOTMADMAX" fromDate="2004-03-27 09:37:40.989"/>
<ContentPurpose contentId="BLOGROOTMADMAX" contentPurposeTypeId="ARTICLE"/>
<UserLoginSecurityGroup userLoginId="madmax" groupId="CONTENT_USER" fromDate="2004-09-15 00:00:00.000"/>
- <UserToUserGroupRelationship userLoginId="madmax" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="madmax" groupId="OFBIZ_USERS"/>
<!-- Updating biBLOGROOTMADMAXgal with madmax as creator so that he will be found as "owner" for subrecords.
This is used in a screen permission test.
-->
diff --git a/applications/humanres/data/HumanResDemoData.xml b/applications/humanres/data/HumanResDemoData.xml
index 446ecca..dcbc439 100644
--- a/applications/humanres/data/HumanResDemoData.xml
+++ b/applications/humanres/data/HumanResDemoData.xml
@@ -32,10 +32,10 @@
<UserLogin userLoginId="demoapprover" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" requirePasswordChange="N" partyId="DemoApprover"/>
<UserLoginSecurityGroup groupId="HUMANRES_APPROVER" userLoginId="demoapprover" fromDate="2001-01-01 12:00:00.0"/>
- <UserToUserGroupRelationship userLoginId="demoapprover" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="demoapprover" groupId="OFBIZ_USERS"/>
<UserLogin userLoginId="demoemployee" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" requirePasswordChange="N" partyId="DemoEmployee"/>
<UserLoginSecurityGroup groupId="HUMANRES_EMPLOYEE" userLoginId="demoemployee" fromDate="2001-01-01 12:00:00.0"/>
- <UserToUserGroupRelationship userLoginId="demoemployee" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="demoemployee" groupId="OFBIZ_USERS"/>
</entity-engine-xml>
diff --git a/applications/humanres/data/HumanResSecurityData.xml b/applications/humanres/data/HumanResSecurityData.xml
index fef1597..d66a3a5 100644
--- a/applications/humanres/data/HumanResSecurityData.xml
+++ b/applications/humanres/data/HumanResSecurityData.xml
@@ -37,6 +37,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/humanres" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/humanres" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/manufacturing/data/ManufacturingSecurityData.xml b/applications/manufacturing/data/ManufacturingSecurityData.xml
index d162238..ff36e97 100644
--- a/applications/manufacturing/data/ManufacturingSecurityData.xml
+++ b/applications/manufacturing/data/ManufacturingSecurityData.xml
@@ -39,6 +39,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/manufacturing" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/manufacturing" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/marketing/data/MarketingSecurityData.xml b/applications/marketing/data/MarketingSecurityData.xml
index 88d694d..4bfea97 100644
--- a/applications/marketing/data/MarketingSecurityData.xml
+++ b/applications/marketing/data/MarketingSecurityData.xml
@@ -42,7 +42,7 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/marketing" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/SalesForceAutomation" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/marketing" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/SalesForceAutomation" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/marketing/data/sfaDemoData.xml b/applications/marketing/data/sfaDemoData.xml
index dcfe558..ef90160 100644
--- a/applications/marketing/data/sfaDemoData.xml
+++ b/applications/marketing/data/sfaDemoData.xml
@@ -42,7 +42,7 @@
<UserLogin userLoginId="DemoLeadOwner" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" partyId="DemoLeadOwner" enabled="Y"/>
<!-- FIXME: Establish SecurityGroup for SFA. This user should have access only to SFA -->
<UserLoginSecurityGroup groupId="FULLADMIN" userLoginId="DemoLeadOwner" fromDate="2001-05-13 00:00:00.000"/>
- <UserToUserGroupRelationship userLoginId="DemoLeadOwner" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoLeadOwner" groupId="OFBIZ_USERS"/>
<Party partyId="DemoLeadOwner1" partyTypeId="PERSON" statusId="PARTY_ENABLED"/>
<Person partyId="DemoLeadOwner1" firstName="Demo" lastName="LeadOwner1"/>
@@ -52,7 +52,7 @@
<UserLogin userLoginId="DemoLeadOwner1" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" partyId="DemoLeadOwner1" enabled="Y"/>
<!-- FIXME: Establish SecurityGroup for SFA. This user should have access only to SFA -->
<UserLoginSecurityGroup groupId="FULLADMIN" userLoginId="DemoLeadOwner1" fromDate="2001-05-13 00:00:00.000"/>
- <UserToUserGroupRelationship userLoginId="DemoLeadOwner1" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoLeadOwner1" groupId="OFBIZ_USERS"/>
<!-- Demo Leads -->
<Party partyId="sfa102" partyTypeId="PARTY_GROUP" statusId="PARTY_ENABLED"/>
diff --git a/applications/order/data/OrderDemoUser.xml b/applications/order/data/OrderDemoUser.xml
index d78a086..69af13d 100644
--- a/applications/order/data/OrderDemoUser.xml
+++ b/applications/order/data/OrderDemoUser.xml
@@ -27,11 +27,11 @@
<UserLogin userLoginId="DemoCustomer" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint=""/>
<UserLogin userLoginId="supplier" partyId="externaluser" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint=""/>
<UserLoginSecurityGroup groupId="ORDERSUPPLIER_LTD" userLoginId="supplier" fromDate="2001-01-01 12:00:00.0"/>
- <UserToUserGroupRelationship userLoginId="DemoBuyer" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoRepAll" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoRepStore" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoCustCompany" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoCustAgent" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoCustomer" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="supplier" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoBuyer" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoRepAll" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoRepStore" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoCustCompany" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoCustAgent" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoCustomer" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="supplier" groupId="OFBIZ_USERS"/>
</entity-engine-xml>
diff --git a/applications/order/data/OrderSecurityData.xml b/applications/order/data/OrderSecurityData.xml
index e1af58b..6175309 100644
--- a/applications/order/data/OrderSecurityData.xml
+++ b/applications/order/data/OrderSecurityData.xml
@@ -153,6 +153,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/order" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/order" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/party/data/PartySecurityData.xml b/applications/party/data/PartySecurityData.xml
index 004427d..41c1a02 100644
--- a/applications/party/data/PartySecurityData.xml
+++ b/applications/party/data/PartySecurityData.xml
@@ -98,6 +98,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/party" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/party" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/product/data/ProductSecurityData.xml b/applications/product/data/ProductSecurityData.xml
index faa537f..2b7f6f9 100644
--- a/applications/product/data/ProductSecurityData.xml
+++ b/applications/product/data/ProductSecurityData.xml
@@ -100,6 +100,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/catalog" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/facility" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/catalog" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/facility" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/applications/securityext/data/UserDemoData.xml b/applications/securityext/data/UserDemoData.xml
index 103b71d..043264d 100644
--- a/applications/securityext/data/UserDemoData.xml
+++ b/applications/securityext/data/UserDemoData.xml
@@ -87,13 +87,13 @@
<UserLoginSecurityGroup groupId="VIEWADMIN" userLoginId="ltdadmin1" fromDate="2001-01-01 12:00:00.0"/>
<UserLoginSecurityGroup groupId="BIZADMIN" userLoginId="bizadmin" fromDate="2001-01-01 12:00:00.0"/>
- <UserToUserGroupRelationship userLoginId="anonymous" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="system" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="admin" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="flexadmin" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="demoadmin" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="ltdadmin" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="ltdadmin1" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="bizadmin" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="anonymous" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="system" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="admin" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="flexadmin" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="demoadmin" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="ltdadmin" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="ltdadmin1" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="bizadmin" groupId="OFBIZ_USERS"/>
</entity-engine-xml>
diff --git a/applications/workeffort/data/WorkEffortSecurityData.xml b/applications/workeffort/data/WorkEffortSecurityData.xml
index 0904540..64081f9 100644
--- a/applications/workeffort/data/WorkEffortSecurityData.xml
+++ b/applications/workeffort/data/WorkEffortSecurityData.xml
@@ -56,7 +56,7 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/workeffort" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ical" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/workeffort" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ical" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/framework/api/config/api.properties b/framework/api/config/api.properties
index e6312e9..ddb3948 100644
--- a/framework/api/config/api.properties
+++ b/framework/api/config/api.properties
@@ -37,5 +37,5 @@
authorizationManager.verbose=false
# Set to true to disable the AuthorizationManager.
-authorizationManager.disabled=true
+authorizationManager.disabled=false
diff --git a/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java b/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
index 5bb933b..e181dd1 100644
--- a/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
+++ b/framework/api/src/org/ofbiz/api/authorization/OfbizSecurityTransform.java
@@ -24,7 +24,6 @@
import java.util.Map;
import org.ofbiz.api.context.ThreadContext;
-import org.ofbiz.api.context.GenericExecutionArtifact;
import org.ofbiz.base.util.Debug;
import freemarker.core.Environment;
@@ -72,7 +71,7 @@
}
Template template = env.getTemplate();
String location = template.getName();
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(location, artifactId));
+ ThreadContext.pushExecutionArtifact(location, artifactId);
AccessController accessController = ThreadContext.getAccessController();
try {
accessController.checkPermission(permission);
diff --git a/framework/api/src/org/ofbiz/api/context/ThreadContext.java b/framework/api/src/org/ofbiz/api/context/ThreadContext.java
index 74be5b8..440f98d 100644
--- a/framework/api/src/org/ofbiz/api/context/ThreadContext.java
+++ b/framework/api/src/org/ofbiz/api/context/ThreadContext.java
@@ -24,7 +24,7 @@
import org.ofbiz.api.authorization.AccessController;
import org.ofbiz.api.authorization.AuthorizationManager;
-import org.ofbiz.api.context.ExecutionArtifact;
+import org.ofbiz.api.authorization.NullAuthorizationManager;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilProperties;
@@ -34,6 +34,7 @@
public class ThreadContext {
protected static final String module = ThreadContext.class.getName();
+ protected static final AuthorizationManager nullAuthorizationManager = new NullAuthorizationManager();
protected static final ThreadLocal<ExecutionContext> executionContext = new ThreadLocal<ExecutionContext>() {
protected synchronized ExecutionContext initialValue() {
@@ -49,6 +50,21 @@
}
};
+ /** Used by <code>runUnprotected</code> and <code>endRunUnprotected</code>
+ * to save/restore the original <code>AuthorizationManager</code> instance.
+ */
+ protected static final ThreadLocal<AuthorizationManager> authManager = new ThreadLocal<AuthorizationManager>() {
+ protected synchronized AuthorizationManager initialValue() {return null;};
+ };
+
+ public static void endRunUnprotected() {
+ AuthorizationManager savedAuthorizationManager = authManager.get();
+ if (savedAuthorizationManager != null) {
+ setSecurity(savedAuthorizationManager);
+ authManager.set(null);
+ }
+ }
+
public static AccessController getAccessController() {
return executionContext.get().getAccessController();
}
@@ -93,10 +109,27 @@
executionContext.get().pushExecutionArtifact(artifact);
}
+ public static void pushExecutionArtifact(ExecutionArtifact artifact, Map<String, ? extends Object> parameters) {
+ pushExecutionArtifact(new GenericParametersArtifact(artifact, parameters));
+ }
+
+ public static void pushExecutionArtifact(String location, String name) {
+ pushExecutionArtifact(new GenericExecutionArtifact(location, name));
+ }
+
+ public static void pushExecutionArtifact(String location, String name, Map<String, ? extends Object> parameters) {
+ pushExecutionArtifact(new GenericParametersArtifact(location, name, parameters));
+ }
+
public static void reset() {
executionContext.get().reset();
}
+ public static void runUnprotected() {
+ authManager.set(getSecurity());
+ setSecurity(nullAuthorizationManager);
+ }
+
public static void setCurrencyUom(String currencyUom) {
executionContext.get().setCurrencyUom(currencyUom);
}
diff --git a/framework/common/data/CommonSecurityData.xml b/framework/common/data/CommonSecurityData.xml
index d21c322..db54845 100644
--- a/framework/common/data/CommonSecurityData.xml
+++ b/framework/common/data/CommonSecurityData.xml
@@ -60,9 +60,9 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/bi" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/images" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/tempfiles" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/bi" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/images" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/tempfiles" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java b/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
index 4c978f6..4ba772b 100644
--- a/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
+++ b/framework/context/src/org/ofbiz/context/AuthorizationManagerImpl.java
@@ -152,12 +152,11 @@
underConstruction = true;
node = new PathNode();
// Set up the ExecutionContext for unrestricted access to security-aware artifacts
- AuthorizationManager originalSecurity = (AuthorizationManager) ThreadContext.getSecurity();
- ThreadContext.setSecurity(nullAuthorizationManager);
+ ThreadContext.runUnprotected();
GenericDelegator delegator = ThreadContext.getDelegator();
try {
// Process group membership permissions first
- List<GenericValue> groupMemberships = delegator.findList("UserToUserGroupRelationship", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false);
+ List<GenericValue> groupMemberships = delegator.findList("UserToUserGroupRel", EntityCondition.makeCondition(UtilMisc.toMap("userLoginId", userLoginId)), null, null, null, false);
for (GenericValue userGroup : groupMemberships) {
processGroupPermissions(userGroup.getString("groupId"), node, delegator);
}
@@ -168,7 +167,7 @@
} catch (GenericEntityException e) {
throw new AccessControlException(e.getMessage());
} finally {
- ThreadContext.setSecurity(originalSecurity);
+ ThreadContext.endRunUnprotected();
underConstruction = false;
}
}
@@ -183,7 +182,7 @@
processGroupPermissions(parentGroup.getString("fromGroupId"), node, delegator);
}
// Process this group's permissions
- List<GenericValue> permissionValues = delegator.findList("UserGroupToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("groupId", groupId)), null, null, null, false);
+ List<GenericValue> permissionValues = delegator.findList("UserGrpToArtifactPermRel", EntityCondition.makeCondition(UtilMisc.toMap("groupId", groupId)), null, null, null, false);
setPermissions(groupId, node, permissionValues);
} catch (GenericEntityException e) {
throw new AccessControlException(e.getMessage());
diff --git a/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java b/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java
index dae6793..ba77efd 100644
--- a/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java
+++ b/framework/entity/src/org/ofbiz/entity/DelegatorImpl.java
@@ -38,7 +38,6 @@
import static org.ofbiz.api.authorization.BasicPermissions.*;
import org.ofbiz.api.authorization.AccessController;
-import org.ofbiz.api.context.GenericExecutionArtifact;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.GeneralRuntimeException;
import org.ofbiz.base.util.UtilDateTime;
@@ -989,7 +988,7 @@
EntityListIterator eli = this.find(entityName, whereEntityCondition, havingEntityCondition, UtilMisc.toSet(fieldsToSelect), orderBy, findOptions);
eli.setDelegator(this);
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.findByCondition", entityName));
+ ThreadContext.pushExecutionArtifact("GenericDelegator.findByCondition", entityName);
AccessController accessController = ThreadContext.getAccessController();
eli = (EntityListIterator) accessController.applyFilters((ListIterator<GenericValue>) eli);
ThreadContext.popExecutionArtifact();
@@ -1238,7 +1237,7 @@
List<GenericValue> cacheList = this.delegatorData.cache.get(entityName, entityCondition, orderBy);
if (cacheList != null) {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.findList", entityName));
+ ThreadContext.pushExecutionArtifact("GenericDelegator.findList", entityName);
AccessController accessController = ThreadContext.getAccessController();
cacheList = accessController.applyFilters(cacheList);
ThreadContext.popExecutionArtifact();
@@ -1261,7 +1260,7 @@
ecaRunner.evalRules(EntityEcaHandler.EV_CACHE_PUT, EntityEcaHandler.OP_FIND, dummyValue, false);
this.delegatorData.cache.put(entityName, entityCondition, orderBy, list);
}
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.findList", entityName));
+ ThreadContext.pushExecutionArtifact("GenericDelegator.findList", entityName);
AccessController accessController = ThreadContext.getAccessController();
list = accessController.applyFilters(list);
ThreadContext.popExecutionArtifact();
@@ -1310,7 +1309,7 @@
EntityListIterator eli = helper.findListIteratorByCondition(modelViewEntity, whereEntityCondition, havingEntityCondition, fieldsToSelect, orderBy, findOptions);
eli.setDelegator(this);
// TODO: add decrypt fields
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.findListIteratorByCondition", modelViewEntity.getEntityName()));
+ ThreadContext.pushExecutionArtifact("GenericDelegator.findListIteratorByCondition", modelViewEntity.getEntityName());
AccessController accessController = ThreadContext.getAccessController();
eli = (EntityListIterator) accessController.applyFilters((ListIterator<GenericValue>) eli);
ThreadContext.popExecutionArtifact();
@@ -1843,7 +1842,12 @@
this.delegatorData.initialized = true;
}
// setup the crypto class
- this.delegatorData.crypto = new EntityCrypto(this);
+ ThreadContext.runUnprotected();
+ try {
+ this.delegatorData.crypto = new EntityCrypto(this);
+ } finally {
+ ThreadContext.endRunUnprotected();
+ }
// time to do some tricks with manual class loading that resolves
// circular dependencies, like calling services...
@@ -2180,7 +2184,7 @@
}
public int removeByCondition(String entityName, EntityCondition condition, boolean doCacheClear) throws GenericEntityException {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.removeByCondition", entityName));
+ ThreadContext.pushExecutionArtifact("GenericDelegator.removeByCondition", entityName);
AccessController accessController = ThreadContext.getAccessController();
boolean beganTransaction = false;
try {
@@ -2714,7 +2718,7 @@
}
public int storeByCondition(String entityName, Map<String, ? extends Object> fieldsToSet, EntityCondition condition, boolean doCacheClear) throws GenericEntityException {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("GenericDelegator.storeByCondition", entityName));
+ ThreadContext.pushExecutionArtifact("GenericDelegator.storeByCondition", entityName);
AccessController accessController = ThreadContext.getAccessController();
boolean beganTransaction = false;
try {
diff --git a/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java b/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java
index 45c95d0..aeb6ca7 100644
--- a/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java
+++ b/framework/entityext/src/org/ofbiz/entityext/data/EntityDataLoadContainer.java
@@ -28,9 +28,6 @@
import javolution.util.FastList;
-import org.ofbiz.api.authorization.AuthorizationManager;
-import org.ofbiz.api.authorization.NullAuthorizationManager;
-import org.ofbiz.api.context.GenericExecutionArtifact;
import org.ofbiz.base.container.Container;
import org.ofbiz.base.container.ContainerConfig;
import org.ofbiz.base.container.ContainerException;
@@ -250,10 +247,9 @@
TreeSet<String> modelEntityNames = new TreeSet<String>(modelEntities.keySet());
// Set up the execution context
- AuthorizationManager oldAuthorizationManager = ThreadContext.getSecurity();
- ThreadContext.setSecurity(new NullAuthorizationManager());
+ ThreadContext.runUnprotected();
ThreadContext.setDelegator(delegator);
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(module, "EntityDataLoad"));
+ ThreadContext.pushExecutionArtifact(module, "EntityDataLoad");
try {
// check for drop index/fks
if (dropConstraints) {
@@ -473,7 +469,7 @@
}
} finally {
ThreadContext.popExecutionArtifact();
- ThreadContext.setSecurity(oldAuthorizationManager);
+ ThreadContext.endRunUnprotected();
}
return true;
}
diff --git a/framework/example/data/ExampleSecurityData.xml b/framework/example/data/ExampleSecurityData.xml
index 558e171..52fc431 100644
--- a/framework/example/data/ExampleSecurityData.xml
+++ b/framework/example/data/ExampleSecurityData.xml
@@ -48,7 +48,7 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/example" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/exampleext" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/example" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/exampleext" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/framework/security/entitydef/entitymodel.xml b/framework/security/entitydef/entitymodel.xml
index e27d6f3..5c5d5d5 100644
--- a/framework/security/entitydef/entitymodel.xml
+++ b/framework/security/entitydef/entitymodel.xml
@@ -281,7 +281,7 @@
</relation>
</entity>
- <entity entity-name="UserToUserGroupRelationship"
+ <entity entity-name="UserToUserGroupRel"
package-name="org.ofbiz.security.artifactsecurity"
default-resource-name="SecurityEntityLabels"
title="Security Component - User-To-User Group Relationship Entity">
@@ -337,7 +337,7 @@
</relation>
</entity>
- <entity entity-name="UserGroupToArtifactPermRel"
+ <entity entity-name="UserGrpToArtifactPermRel"
package-name="org.ofbiz.security.artifactsecurity"
default-resource-name="SecurityEntityLabels"
title="Security Component - User Group-To-Artifact Permission Relationship Entity">
diff --git a/framework/service/src/org/ofbiz/service/ServiceDispatcher.java b/framework/service/src/org/ofbiz/service/ServiceDispatcher.java
index 650b369..2223f82 100644
--- a/framework/service/src/org/ofbiz/service/ServiceDispatcher.java
+++ b/framework/service/src/org/ofbiz/service/ServiceDispatcher.java
@@ -30,7 +30,6 @@
import javolution.util.FastMap;
import org.ofbiz.api.authorization.AccessController;
-import org.ofbiz.api.context.GenericParametersArtifact;
import org.ofbiz.base.config.GenericConfigException;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.UtilMisc;
@@ -306,7 +305,7 @@
ThreadContext.setDelegator(newDelegator);
ThreadContext.setDispatcher(ctx.getDispatcher());
ThreadContext.initializeContext(context);
- ThreadContext.pushExecutionArtifact(new GenericParametersArtifact(modelService, context));
+ ThreadContext.pushExecutionArtifact(modelService, context);
// start the transaction
boolean beganTrans = false;
try {
diff --git a/framework/service/src/org/ofbiz/service/job/JobPoller.java b/framework/service/src/org/ofbiz/service/job/JobPoller.java
index a5ab4a3..e2c8d68 100644
--- a/framework/service/src/org/ofbiz/service/job/JobPoller.java
+++ b/framework/service/src/org/ofbiz/service/job/JobPoller.java
@@ -24,10 +24,8 @@
import javolution.util.FastList;
import javolution.util.FastMap;
-import org.ofbiz.api.context.GenericExecutionArtifact;
import org.ofbiz.service.ThreadContext;
import org.ofbiz.base.util.Debug;
-import org.ofbiz.api.authorization.NullAuthorizationManager;
import org.ofbiz.service.config.ServiceConfigUtil;
/**
@@ -87,8 +85,8 @@
java.lang.Thread.sleep(30000);
} catch (InterruptedException e) {
}
- ThreadContext.setSecurity(new NullAuthorizationManager());
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact("ofbiz/framework/service/job", "JobPoller"));
+ ThreadContext.runUnprotected();
+ ThreadContext.pushExecutionArtifact(module, "JobPoller");
while (isRunning) {
try {
// grab a list of jobs to run.
diff --git a/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java b/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
index 2143126..e2e4c68 100644
--- a/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
+++ b/framework/webapp/src/org/ofbiz/webapp/control/ControlServlet.java
@@ -42,7 +42,6 @@
import org.ofbiz.entity.GenericValue;
import org.ofbiz.entity.transaction.GenericTransactionException;
import org.ofbiz.entity.transaction.TransactionUtil;
-import org.ofbiz.api.context.GenericExecutionArtifact;
import org.ofbiz.api.authorization.AuthorizationManager;
import org.ofbiz.security.authz.Authorization;
import org.ofbiz.service.LocalDispatcher;
@@ -312,7 +311,7 @@
Debug.logError("Error in ControlServlet output where response isCommitted and there is no session (probably because of a logout); not saving ServerHit/Bin information because there is no session and as the response isCommitted we can't get a new one. The output was successful, but we just can't save ServerHit/Bin info.", module);
} else {
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(module, webappName));
+ ThreadContext.pushExecutionArtifact(module, webappName);
UtilHttp.setInitialRequestInfo(request);
VisitHandler.getVisitor(request, response);
if (requestHandler.trackStats(request)) {
diff --git a/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
index d48511b..74c656c 100644
--- a/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
@@ -36,8 +36,6 @@
import javolution.util.FastMap;
-import org.ofbiz.api.context.GenericExecutionArtifact;
-import org.ofbiz.api.context.GenericParametersArtifact;
import org.ofbiz.base.util.Debug;
import org.ofbiz.base.util.SSLUtil;
import org.ofbiz.base.util.StringUtil;
@@ -146,7 +144,7 @@
}
Locale locale = ThreadContext.getLocale();
- ThreadContext.pushExecutionArtifact(new GenericParametersArtifact(UtilHttp.getFullRequestUrl(request).toString(), cname, UtilHttp.getParameterMap(request)));
+ ThreadContext.pushExecutionArtifact(UtilHttp.getFullRequestUrl(request).toString(), cname, UtilHttp.getParameterMap(request));
String eventReturn = null;
boolean interruptRequest = false;
@@ -279,7 +277,7 @@
if (visit != null) {
for (ConfigXMLReader.Event event: controllerConfig.firstVisitEventList.values()) {
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(event.path, event.invoke));
+ ThreadContext.pushExecutionArtifact(event.path, event.invoke);
String returnString = this.runEvent(request, response, event, null, "firstvisit");
if (returnString != null && !returnString.equalsIgnoreCase("success")) {
throw new EventHandlerException("First-Visit event did not return 'success'.");
@@ -298,7 +296,7 @@
// Invoke the pre-processor (but NOT in a chain)
for (ConfigXMLReader.Event event: controllerConfig.preprocessorEventList.values()) {
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(event.path, event.invoke));
+ ThreadContext.pushExecutionArtifact(event.path, event.invoke);
String returnString = this.runEvent(request, response, event, null, "preprocessor");
if (returnString != null && !returnString.equalsIgnoreCase("success")) {
if (!returnString.contains(":_protect_:")) {
@@ -350,7 +348,7 @@
String checkLoginReturnString = null;
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(checkLoginEvent.path, checkLoginEvent.invoke));
+ ThreadContext.pushExecutionArtifact(checkLoginEvent.path, checkLoginEvent.invoke);
checkLoginReturnString = this.runEvent(request, response, checkLoginEvent, null, "security-auth");
} catch (EventHandlerException e) {
throw new RequestHandlerException(e.getMessage(), e);
@@ -386,7 +384,7 @@
long eventStartTime = System.currentTimeMillis();
// run the request event
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(requestMap.event.path, requestMap.event.invoke));
+ ThreadContext.pushExecutionArtifact(requestMap.event.path, requestMap.event.invoke);
eventReturn = this.runEvent(request, response, requestMap.event, requestMap, "request");
// save the server hit for the request event
@@ -537,7 +535,7 @@
// first invoke the post-processor events.
for (ConfigXMLReader.Event event: controllerConfig.postprocessorEventList.values()) {
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(event.path, event.invoke));
+ ThreadContext.pushExecutionArtifact(event.path, event.invoke);
String returnString = this.runEvent(request, response, event, requestMap, "postprocessor");
if (returnString != null && !returnString.equalsIgnoreCase("success")) {
throw new EventHandlerException("Post-Processor event did not return 'success'.");
@@ -1091,7 +1089,7 @@
public void runAfterLoginEvents(HttpServletRequest request, HttpServletResponse response) {
for (ConfigXMLReader.Event event: getControllerConfig().afterLoginEventList.values()) {
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(event.path, event.invoke));
+ ThreadContext.pushExecutionArtifact(event.path, event.invoke);
String returnString = this.runEvent(request, response, event, null, "after-login");
if (returnString != null && !returnString.equalsIgnoreCase("success")) {
throw new EventHandlerException("Pre-Processor event did not return 'success'.");
@@ -1107,7 +1105,7 @@
public void runBeforeLogoutEvents(HttpServletRequest request, HttpServletResponse response) {
for (ConfigXMLReader.Event event: getControllerConfig().beforeLogoutEventList.values()) {
try {
- ThreadContext.pushExecutionArtifact(new GenericExecutionArtifact(event.path, event.invoke));
+ ThreadContext.pushExecutionArtifact(event.path, event.invoke);
String returnString = this.runEvent(request, response, event, null, "before-logout");
if (returnString != null && !returnString.equalsIgnoreCase("success")) {
throw new EventHandlerException("Pre-Processor event did not return 'success'.");
diff --git a/framework/webslinger/data/WebslingerSeedData.xml b/framework/webslinger/data/WebslingerSeedData.xml
index a217c23..f85c049 100644
--- a/framework/webslinger/data/WebslingerSeedData.xml
+++ b/framework/webslinger/data/WebslingerSeedData.xml
@@ -31,5 +31,5 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webslinger" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webslinger" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/framework/webtools/data/WebtoolsSecurityData.xml b/framework/webtools/data/WebtoolsSecurityData.xml
index 7e29d46..3601793 100644
--- a/framework/webtools/data/WebtoolsSecurityData.xml
+++ b/framework/webtools/data/WebtoolsSecurityData.xml
@@ -101,6 +101,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webtools" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webtools" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml b/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
index bd1cfbc..11c4e9b 100644
--- a/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
+++ b/specialpurpose/assetmaint/data/AssetMaintSecurityData.xml
@@ -42,7 +42,7 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/assetmaint" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ismgr" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/assetmaint" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ismgr" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/cmssite/data/CmsSiteDemoData.xml b/specialpurpose/cmssite/data/CmsSiteDemoData.xml
index 87132a2..6faa380 100644
--- a/specialpurpose/cmssite/data/CmsSiteDemoData.xml
+++ b/specialpurpose/cmssite/data/CmsSiteDemoData.xml
@@ -185,6 +185,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/cmssite" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ofbizsite" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/cmssite" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ofbizsite" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/ebay/data/EbaySecurityData.xml b/specialpurpose/ebay/data/EbaySecurityData.xml
index 36cc2f0..640c7db 100644
--- a/specialpurpose/ebay/data/EbaySecurityData.xml
+++ b/specialpurpose/ebay/data/EbaySecurityData.xml
@@ -33,6 +33,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ebay" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ebay" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/ecommerce/data/DemoPurchasing.xml b/specialpurpose/ecommerce/data/DemoPurchasing.xml
index 2364fc7..f36fb1f 100644
--- a/specialpurpose/ecommerce/data/DemoPurchasing.xml
+++ b/specialpurpose/ecommerce/data/DemoPurchasing.xml
@@ -30,7 +30,7 @@
<PartyContactMechPurpose partyId="DemoSupplier" contactMechId="9001" contactMechPurposeTypeId="GENERAL_LOCATION" fromDate="2001-05-13 00:00:00.000"/>
<PartyContactMechPurpose partyId="DemoSupplier" contactMechId="9001" contactMechPurposeTypeId="PAYMENT_LOCATION" fromDate="2001-05-13 00:00:00.000"/>
<UserLogin userLoginId="DemoSupplier" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" partyId="DemoSupplier"/>
- <UserToUserGroupRelationship userLoginId="DemoSupplier" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoSupplier" groupId="OFBIZ_USERS"/>
<Party partyId="BigSupplier" partyTypeId="PARTY_GROUP" supplierProductName="" supplierProductId=""/>
@@ -43,7 +43,7 @@
<PartyContactMechPurpose partyId="BigSupplier" contactMechId="9002" contactMechPurposeTypeId="GENERAL_LOCATION" fromDate="2000-01-01 00:00:00.000"/>
<PartyContactMechPurpose partyId="BigSupplier" contactMechId="9002" contactMechPurposeTypeId="PAYMENT_LOCATION" fromDate="2000-01-01 00:00:00.000"/>
<UserLogin userLoginId="BigSupplier" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" partyId="BigSupplier"/>
- <UserToUserGroupRelationship userLoginId="BigSupplier" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="BigSupplier" groupId="OFBIZ_USERS"/>
<Party partyId="EuroSupplier" partyTypeId="PARTY_GROUP" supplierProductName="" supplierProductId=""/>
<PartyGroup partyId="EuroSupplier" groupName="European Supplier" supplierProductName="" supplierProductId=""/>
@@ -55,7 +55,7 @@
<PartyContactMechPurpose partyId="EuroSupplier" contactMechId="9003" contactMechPurposeTypeId="GENERAL_LOCATION" fromDate="2000-01-01 00:00:00.000"/>
<PartyContactMechPurpose partyId="EuroSupplier" contactMechId="9003" contactMechPurposeTypeId="PAYMENT_LOCATION" fromDate="2000-01-01 00:00:00.000"/>
<UserLogin userLoginId="EuroSupplier" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" partyId="EuroSupplier"/>
- <UserToUserGroupRelationship userLoginId="EuroSupplier" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="EuroSupplier" groupId="OFBIZ_USERS"/>
<!-- supplier pricing -->
<SupplierProduct partyId="DemoSupplier" supplierPrefOrderId="10_MAIN_SUPPL" minimumOrderQuantity="0" currencyUomId="USD" productId="GZ-1000" lastPrice="7.5" supplierProductId="GZ-1000-0" availableFromDate="2005-01-01 00:00:00.000"/>
diff --git a/specialpurpose/ecommerce/data/EcommerceTypeData.xml b/specialpurpose/ecommerce/data/EcommerceTypeData.xml
index e0b01e8..adabc5e 100644
--- a/specialpurpose/ecommerce/data/EcommerceTypeData.xml
+++ b/specialpurpose/ecommerce/data/EcommerceTypeData.xml
@@ -38,7 +38,7 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ecommerce" permissionValue="admin=true"/>
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ecomclone" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ecommerce" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/ecomclone" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/googlebase/data/GoogleBaseSecurityData.xml b/specialpurpose/googlebase/data/GoogleBaseSecurityData.xml
index 41e645c..62bbfc3 100644
--- a/specialpurpose/googlebase/data/GoogleBaseSecurityData.xml
+++ b/specialpurpose/googlebase/data/GoogleBaseSecurityData.xml
@@ -33,6 +33,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/googlebase" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/googlebase" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/googlecheckout/data/GoogleCheckoutSecurityData.xml b/specialpurpose/googlecheckout/data/GoogleCheckoutSecurityData.xml
index f206c40..e43eeae 100644
--- a/specialpurpose/googlecheckout/data/GoogleCheckoutSecurityData.xml
+++ b/specialpurpose/googlecheckout/data/GoogleCheckoutSecurityData.xml
@@ -38,6 +38,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/googlecheckout" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/googlecheckout" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/hhfacility/data/HhFacilitySecurityData.xml b/specialpurpose/hhfacility/data/HhFacilitySecurityData.xml
index 326565d..382e0ff 100644
--- a/specialpurpose/hhfacility/data/HhFacilitySecurityData.xml
+++ b/specialpurpose/hhfacility/data/HhFacilitySecurityData.xml
@@ -25,6 +25,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/hhfacility" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/hhfacility" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/myportal/data/MyPortalSecurityData.xml b/specialpurpose/myportal/data/MyPortalSecurityData.xml
index f1f9b73..d19f98a 100644
--- a/specialpurpose/myportal/data/MyPortalSecurityData.xml
+++ b/specialpurpose/myportal/data/MyPortalSecurityData.xml
@@ -87,6 +87,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/myportal" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/myportal" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/oagis/data/OagisSecurityData.xml b/specialpurpose/oagis/data/OagisSecurityData.xml
index b59ae69..b8ec47e 100644
--- a/specialpurpose/oagis/data/OagisSecurityData.xml
+++ b/specialpurpose/oagis/data/OagisSecurityData.xml
@@ -33,6 +33,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/oagis" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/oagis" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/pos/data/DemoRetail.xml b/specialpurpose/pos/data/DemoRetail.xml
index e9547cd..f186eda 100644
--- a/specialpurpose/pos/data/DemoRetail.xml
+++ b/specialpurpose/pos/data/DemoRetail.xml
@@ -23,8 +23,8 @@
<UserLogin userLoginId="2" partyId="ltdadmin" currentPassword="a54bed37c5b3b28ee30760b5c8d1bbd735ef10cf" passwordHint="The Number Two, Yeah, Literally"/>
<UserLoginSecurityGroup groupId="POSCLERK" userLoginId="1" fromDate="2001-01-01 12:00:00.0"/>
<UserLoginSecurityGroup groupId="POSCLERK" userLoginId="2" fromDate="2001-01-01 12:00:00.0"/>
- <UserToUserGroupRelationship userLoginId="1" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="2" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="1" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="2" groupId="OFBIZ_USERS"/>
<Facility facilityId="MyRetailStore" ownerPartyId="Company" facilityTypeId="RETAIL_STORE" facilityName="My Retail Store" description="Example Retail (POS) Store"/>
<ContactMech contactMechId="9300" contactMechTypeId="POSTAL_ADDRESS"/>
<ContactMech contactMechId="9301" contactMechTypeId="TELECOM_NUMBER"/>
diff --git a/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml b/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml
index cc57d5a..b8093d1 100644
--- a/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml
+++ b/specialpurpose/projectmgr/data/ProjectMgrDemoPasswordData.xml
@@ -24,10 +24,10 @@
<UserLogin userLoginId="DemoEmployee1" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee1"/>
<UserLogin userLoginId="DemoEmployee2" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee2"/>
<UserLogin userLoginId="DemoEmployee3" currentPassword="{SHA}47ca69ebb4bdc9ae0adec130880165d2cc05db1a" passwordHint="" partyId="DemoEmployee3"/>
- <UserToUserGroupRelationship userLoginId="DemoCustomer1" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoCustomer2" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoEmployee" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoEmployee1" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoEmployee2" groupId="OFBIZ_USERS"/>
- <UserToUserGroupRelationship userLoginId="DemoEmployee3" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoCustomer1" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoCustomer2" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoEmployee" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoEmployee1" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoEmployee2" groupId="OFBIZ_USERS"/>
+ <UserToUserGroupRel userLoginId="DemoEmployee3" groupId="OFBIZ_USERS"/>
</entity-engine-xml>
diff --git a/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml b/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
index 3b1351c..26616ea 100644
--- a/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
+++ b/specialpurpose/projectmgr/data/ProjectMgrSecurityData.xml
@@ -59,6 +59,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/projectmgr" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/projectmgr" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/specialpurpose/webpos/data/DemoPosData.xml b/specialpurpose/webpos/data/DemoPosData.xml
index 3283f45..60395a2 100644
--- a/specialpurpose/webpos/data/DemoPosData.xml
+++ b/specialpurpose/webpos/data/DemoPosData.xml
@@ -29,6 +29,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webpos" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/webpos" permissionValue="admin=true"/>
</entity-engine-xml>
\ No newline at end of file
diff --git a/themes/bizznesstime/data/BizznessTimeThemeData.xml b/themes/bizznesstime/data/BizznessTimeThemeData.xml
index 4db2fa2..ea797c9 100644
--- a/themes/bizznesstime/data/BizznessTimeThemeData.xml
+++ b/themes/bizznesstime/data/BizznessTimeThemeData.xml
@@ -37,6 +37,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/bizznesstime" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/bizznesstime" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/themes/bluelight/data/BlueLightThemeData.xml b/themes/bluelight/data/BlueLightThemeData.xml
index c618c42..e60f540 100644
--- a/themes/bluelight/data/BlueLightThemeData.xml
+++ b/themes/bluelight/data/BlueLightThemeData.xml
@@ -36,6 +36,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/bluelight" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/bluelight" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/themes/flatgrey/data/FlatGreyThemeData.xml b/themes/flatgrey/data/FlatGreyThemeData.xml
index 729507d..24a03dd 100644
--- a/themes/flatgrey/data/FlatGreyThemeData.xml
+++ b/themes/flatgrey/data/FlatGreyThemeData.xml
@@ -37,6 +37,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/flatgrey" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/flatgrey" permissionValue="admin=true"/>
</entity-engine-xml>
diff --git a/themes/multiflex/data/MultiflexThemeData.xml b/themes/multiflex/data/MultiflexThemeData.xml
index 0948854..3aa24bb 100644
--- a/themes/multiflex/data/MultiflexThemeData.xml
+++ b/themes/multiflex/data/MultiflexThemeData.xml
@@ -36,6 +36,6 @@
is converted over to the new security design, the corresponding admin
permission should be removed. -->
- <UserGroupToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/multiflex" permissionValue="admin=true"/>
+ <UserGrpToArtifactPermRel groupId="OFBIZ_USERS" artifactPath="ofbiz/multiflex" permissionValue="admin=true"/>
</entity-engine-xml>