| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <simple-methods xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xmlns="http://ofbiz.apache.org/Simple-Method" xsi:schemaLocation="http://ofbiz.apache.org/Simple-Method http://ofbiz.apache.org/dtds/simple-methods.xsd"> |
| |
| <simple-method method-name="genericDataResourcePermission" short-description="Generic Service for DataResource Permissions"> |
| <set field="primaryPermission" value="CONTENTMGR"/> |
| <call-simple-method method-name="genericBasePermissionCheck" xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| |
| <!-- setting the roleEntity or this service --> |
| <set field="roleEntityField" value="dataResourceId"/> |
| <set field="roleEntity" value="DataResourceRole"/> |
| |
| <!-- mainAction based call outs --> |
| <if> |
| <condition> |
| <not> |
| <if-compare field="hasPermission" value="true" type="Boolean" operator="equals"/> |
| </not> |
| </condition> |
| <then> |
| <if> |
| <!-- view data resource --> |
| <condition> |
| <if-compare field="parameters.mainAction" value="VIEW" operator="equals"/> |
| </condition> |
| <then> |
| <call-simple-method method-name="viewDataResourcePermission"/> |
| </then> |
| <else-if> |
| <!-- create data resource --> |
| <condition> |
| <if-compare field="parameters.mainAction" value="CREATE" operator="equals"/> |
| </condition> |
| <then> |
| <call-simple-method method-name="createDataResourcePermission"/> |
| </then> |
| </else-if> |
| <else-if> |
| <!-- update data resource --> |
| <condition> |
| <if-compare field="parameters.mainAction" value="UPDATE" operator="equals"/> |
| </condition> |
| <then> |
| <call-simple-method method-name="updateDataResourcePermission"/> |
| </then> |
| </else-if> |
| <!-- all other actions use main base check --> |
| </if> |
| </then> |
| <else> |
| <log level="info" message="Admin permission found: ${primaryPermission}_${mainAction}"/> |
| </else> |
| </if> |
| |
| <log level="info" message="Permission service [${mainAction} / ${parameters.contentId}] completed; returning hasPermission = ${hasPermission}"/> |
| <field-to-result field="hasPermission"/> |
| </simple-method> |
| |
| <!-- DataResource View Permission --> |
| <simple-method method-name="viewDataResourcePermission" short-description="Check user can view data resource"> |
| <!-- if called directly check the main permission --> |
| <if-empty field="hasPermission"> |
| <set field="primaryPermission" value="CONTENTMGR"/> |
| <set field="mainAction" value="VIEW"/> |
| <call-simple-method method-name="genericBasePermissionCheck" |
| xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </if-empty> |
| |
| <!-- check role permission --> |
| <set field="primaryPermission" value="CONTENTMGR_ROLE"/> |
| <call-simple-method method-name="genericBasePermissionCheck" |
| xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </simple-method> |
| |
| <!-- DataResource Create Permission --> |
| <simple-method method-name="createDataResourcePermission" short-description="Check user can create new content"> |
| <!-- if called directly check the main permission --> |
| <if-empty field="hasPermission"> |
| <set field="primaryPermission" value="CONTENTMGR"/> |
| <set field="mainAction" value="CREATE"/> |
| <call-simple-method method-name="genericBasePermissionCheck" |
| xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </if-empty> |
| |
| <!-- check role permission --> |
| <set field="primaryPermission" value="CONTENTMGR_ROLE"/> |
| <call-simple-method method-name="genericBasePermissionCheck" |
| xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| |
| <!-- this is about the same as the VIEW permission; but left as a unique service for extending purposes --> |
| </simple-method> |
| |
| <!-- DataResource Update Permission --> |
| <simple-method method-name="updateDataResourcePermission" short-description="Check user can update existing content"> |
| <!-- if called directly check the main permission --> |
| <if-empty field="hasPermission"> |
| <set field="primaryPermission" value="CONTENTMGR"/> |
| <set field="mainAction" value="UPDATE"/> |
| <call-simple-method method-name="genericBasePermissionCheck" |
| xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| </if-empty> |
| |
| <!-- dataResourceId is required for update checking --> |
| <if-empty field="dataResourceId"> |
| <set field="dataResourceId" from-field="parameters.dataResourceId"/> |
| </if-empty> |
| <if-empty field="dataResourceId"> |
| <add-error> |
| <fail-property resource="ContentUiLabels" property="ContentSecurityUpdatePermission"/> |
| </add-error> |
| </if-empty> |
| <check-errors/> |
| |
| <!-- check role permission --> |
| <set field="primaryPermission" value="CONTENTMGR_ROLE"/> |
| <call-simple-method method-name="genericBasePermissionCheck" |
| xml-resource="component://common/minilang/permission/CommonPermissionServices.xml"/> |
| |
| <!-- must have permission to continue --> |
| <if> |
| <condition> |
| <if-compare field="hasPermission" value="true" type="Boolean" operator="equals"/> |
| </condition> |
| <then> |
| <log level="verbose" message="Found necessary ROLE permission: ${primaryPermission}_${mainAction}"/> |
| |
| <!-- obtain the current data resource record --> |
| <entity-one entity-name="DataResource" value-field="thisDataResource"> |
| <field-map field-name="dataResourceId"/> |
| </entity-one> |
| <if-empty field="thisDataResource"> |
| <add-error> |
| <fail-property resource="ContentUiLabels" property="ContentDataResourceNotFound"/> |
| </add-error> |
| <check-errors/> |
| </if-empty> |
| |
| <!-- check ownership of this record --> |
| <set field="checkId" from-field="dataResourceId"/> |
| <call-simple-method method-name="checkOwnership" xml-resource="component://content/minilang/permission/ContentPermissionServices.xml"/> |
| </then> |
| </if> |
| </simple-method> |
| </simple-methods> |