| <?xml version="1.0" encoding="UTF-8" ?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd"> |
| |
| <!-- ============== Basic Permission Checking ============= --> |
| |
| <!-- Returns hasPermission=true if user has one of the base PARTYMGR CRUD+ADMIN permissions --> |
| <simple-method method-name="basePermissionCheck" short-description="Party Manager base permission logic"> |
| <set field="primaryPermission" value="PARTYMGR"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter --> |
| <simple-method method-name="partyIdPermissionCheck" short-description="Party ID Permission Check"> |
| <if-empty field="partyId"> |
| <set field="partyId" from-field="parameters.partyId"/> |
| </if-empty> |
| <if> |
| <condition> |
| <and> |
| <not><if-empty field="partyId"/></not> |
| <not><if-empty field="userLogin.partyId"/></not> |
| <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals"/> |
| </and> |
| </condition> |
| <then> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| </then> |
| <else> |
| <set field="resourceDescription" from-field="parameters.resourceDescription"/> |
| <if-empty field="resourceDescription"> |
| <property-to-field resource="CommonUiLabels" property="CommonPermissionThisOperation" field="resourceDescription"/> |
| </if-empty> |
| <property-to-field resource="PartyUiLabels" property="PartyPermissionErrorPartyId" field="failMessage"/> |
| <set field="hasPermission" type="Boolean" value="false"/> |
| <field-to-result field="failMessage"/> |
| </else> |
| </if> |
| <field-to-result field="hasPermission"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if userLogin party equals partyId parameter OR |
| user has one of the base PARTYMGR CRUD+ADMIN permissions --> |
| <simple-method method-name="basePlusPartyIdPermissionCheck" short-description="Base Permission Plus Party ID Permission Check"> |
| <call-simple-method method-name="basePermissionCheck"/> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <call-simple-method method-name="partyIdPermissionCheck"/> |
| </if-compare> |
| </simple-method> |
| |
| <!-- ============== Additional Permission Checking ============= --> |
| |
| <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR |
| user has one of the base PARTYMGR or PARTYMGR_STS CRUD+ADMIN permissions --> |
| <simple-method method-name="partyStatusPermissionCheck" short-description="Party status permission logic"> |
| <set field="hasPermission" type="Boolean" value="false"/> |
| <if-not-empty field="parameters.partyId"> |
| <if-compare-field field="parameters.partyId" to-field="userLogin.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-compare-field> |
| </if-not-empty> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <set field="altPermission" value="PARTYMGR_STS"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </if-compare> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR |
| user has one of the base PARTYMGR or PARTYMGR_GRP CRUD+ADMIN permissions --> |
| <simple-method method-name="partyGroupPermissionCheck" short-description="Party group permission logic"> |
| <set field="altPermission" value="PARTYMGR_GRP"/> |
| <call-simple-method method-name="basePlusPartyIdPermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_SRC CRUD+ADMIN permissions --> |
| <simple-method method-name="partyDatasourcePermissionCheck" short-description="Party datasource permission logic"> |
| <set field="altPermission" value="PARTYMGR_SRC"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_ROLE CRUD+ADMIN permissions --> |
| <simple-method method-name="partyRolePermissionCheck" short-description="Party role permission logic"> |
| <set field="altPermission" value="PARTYMGR_ROLE"/> |
| <call-simple-method method-name="basePlusPartyIdPermissionCheck"/> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if user has one of the base PARTYMGR or PARTYMGR_REL CRUD+ADMIN permissions --> |
| <simple-method method-name="partyRelationshipPermissionCheck" short-description="Party relationship permission logic"> |
| <if-empty field="parameters.partyIdFrom"> |
| <set field="parameters.partyIdFrom" from-field="userLogin.partyId"/> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| <else> |
| <set field="altPermission" value="PARTYMGR_REL"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </else> |
| </if-empty> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if userLogin partyId equals partyId parameter OR |
| user has one of the base PARTYMGR or PARTYMGR_PCM CRUD+ADMIN permissions --> |
| <simple-method method-name="partyContactMechPermissionCheck" short-description="Party contact mech permission logic"> |
| <if-empty field="parameters.partyId"> |
| <set field="parameters.partyId" from-field="userLogin.partyId"/> |
| </if-empty> |
| <if-compare-field to-field="userLogin.partyId" field="parameters.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| |
| <else> |
| <set field="altPermission" value="PARTYMGR_PCM"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </else> |
| </if-compare-field> |
| </simple-method> |
| |
| <!-- Accept/Decline/Cancel PartyInvitation Permission Checks --> |
| <simple-method method-name="accAndDecPartyInvitationPermissionCheck" short-description="Accept and Decline PartyInvitation Permission Logic"> |
| <set field="hasPermission" type="Boolean" value="false"/> |
| <if-has-permission permission="PARTYMGR_UPDATE" action="_UPDATE"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-has-permission> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <entity-one entity-name="PartyInvitation" value-field="partyInvitation"/> |
| <if-empty field="partyInvitation.partyId"> |
| <if-empty field="partyInvitation.emailAddress"> |
| <add-error> |
| <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/> |
| </add-error> |
| <else> |
| <set field="findPartyCtx.address" from-field="partyInvitation.emailAddress"/> |
| <call-service service-name="findPartyFromEmailAddress" in-map-name="findPartyCtx"> |
| <result-to-field result-name="partyId" field="partyId"/> |
| </call-service> |
| <if-not-empty field="partyId"> |
| <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-compare-field> |
| <else> |
| <add-error> |
| <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/> |
| </add-error> |
| </else> |
| </if-not-empty> |
| </else> |
| </if-empty> |
| <else> |
| <if-compare-field field="partyInvitation.partyId" to-field="userLogin.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-compare-field> |
| </else> |
| </if-empty> |
| <check-errors/> |
| </if-compare> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <property-to-field property="PartyInvitationAccAndDecPermissionError" field="failMessage" resource="PartyUiLabels"/> |
| <field-to-result field="hasPermission"/> |
| <field-to-result field="failMessage"/> |
| </if-compare> |
| </simple-method> |
| <simple-method method-name="cancelPartyInvitationPermissionCheck" short-description="Cancel PartyInvitation Permission Logic"> |
| <set field="hasPermission" type="Boolean" value="false"/> |
| <if-has-permission permission="PARTYMGR_UPDATE" action="_UPDATE"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-has-permission> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <entity-one entity-name="PartyInvitation" value-field="partyInvitation"/> |
| <if-not-empty field="partyInvitation.partyIdFrom"> |
| <if-compare-field field="partyInvitation.partyIdFrom" to-field="userLogin.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-compare-field> |
| </if-not-empty> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <if-empty field="partyInvitation.partyId"> |
| <if-empty field="partyInvitation.emailAddress"> |
| <add-error> |
| <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/> |
| </add-error> |
| <else> |
| <set field="findPartyCtx.address" from-field="partyInvitation.emailAddress"/> |
| <call-service service-name="findPartyFromEmailAddress" in-map-name="findPartyCtx"> |
| <result-to-field result-name="partyId" field="partyId"/> |
| </call-service> |
| <if-not-empty field="partyId"> |
| <if-compare-field field="partyId" to-field="userLogin.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-compare-field> |
| <else> |
| <add-error> |
| <fail-property resource="PartyUiLabels" property="PartyInvitationNotValidError"/> |
| </add-error> |
| </else> |
| </if-not-empty> |
| </else> |
| </if-empty> |
| <else> |
| <if-compare-field field="partyInvitation.partyId" to-field="userLogin.partyId" operator="equals"> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </if-compare-field> |
| </else> |
| </if-empty> |
| <check-errors/> |
| </if-compare> |
| </if-compare> |
| <if-compare field="hasPermission" operator="not-equals" value="true"> |
| <property-to-field property="PartyInvitationCancelPermissionError" field="failMessage" resource="PartyUiLabels"/> |
| <field-to-result field="hasPermission"/> |
| <field-to-result field="failMessage"/> |
| </if-compare> |
| </simple-method> |
| |
| <!-- Returns hasPermission=true if userLogin partyId equals partyIdFrom parameter OR |
| partyIdTo parameter OR user has one of the base PARTYMGR or PARTYMGR_CME CRUD+ADMIN permissions --> |
| <simple-method method-name="partyCommunicationEventPermissionCheck" short-description="Communication Event permission logic"> |
| <if> |
| <condition> |
| <and> |
| <if-compare operator="equals" value="EMAIL_COMMUNICATION" field="parameters.communicationEventTypeId"/> |
| <if-compare operator="equals" value="CREATE" field="action"/> |
| </and> |
| </condition> |
| <then> |
| <set field="altPermission" value="PARTYMGR_CME-EMAIL"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </then> |
| <else-if> |
| <condition> |
| <and> |
| <if-compare operator="equals" value="COMMENT_NOTE" field="parameters.communicationEventTypeId"/> |
| <if-compare operator="equals" value="CREATE" field="action"/> |
| </and> |
| </condition> |
| <then> |
| <set field="altPermission" value="PARTYMGR_CME-NOTE"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </then> |
| </else-if> |
| <else-if> |
| <condition> |
| <and> |
| <if-compare-field field="parameters.partyIdFrom" to-field="userLogin.partyId" operator="not-equals"/> |
| <if-compare-field field="parameters.partyIdTo" to-field="userLogin.partyId" operator="not-equals"/> |
| <if-compare-field field="parameters.partyId" to-field="userLogin.partyId" operator="not-equals"/><!-- update role --> |
| </and> |
| </condition> |
| <then> |
| <set field="altPermission" value="PARTYMGR_CME"/> |
| <call-simple-method method-name="basePermissionCheck"/> |
| </then> |
| </else-if> |
| <else> |
| <set field="hasPermission" type="Boolean" value="true"/> |
| <field-to-result field="hasPermission"/> |
| </else> |
| </if> |
| </simple-method> |
| </simple-methods> |