Package org.apache.ofbiz.content.content

Class ContentPermissionServices

java.lang.Object

org.apache.ofbiz.content.content.ContentPermissionServices

public class ContentPermissionServices
extends Object

ContentPermissionServices Class Services for granting operation permissions on Content entities in a data-driven manner.

Constructor Summary

Constructors

Constructor	Description
ContentPermissionServices()

Method Summary

Modifier and Type	Method	Description
static Map<String,Object>	checkAssocPermission(DispatchContext dctx, Map<String,? extends Object> context)
static Map<String,Object>	checkContentPermission(DispatchContext dctx, Map<String,? extends Object> context)	checkContentPermission

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ContentPermissionServices

public ContentPermissionServices()

Method Details

checkContentPermission

public static Map<String,Object> checkContentPermission(DispatchContext dctx,
 Map<String,? extends Object> context)

checkContentPermission

Parameters:

dctx - The DispatchContext that this service is operating in

context - Map containing the input parameters

Returns:

Map with the result of the service, the output parameters This service goes thru a series of test to determine if the user has authority to performed anyone of the passed in target operations. It expects a Content entity in "currentContent" It expects a list of contentOperationIds in "targetOperationList" rather than a scalar because it is thought that sometimes more than one operation would fit the situation. Similarly, it expects a list of contentPurposeTypeIds in "contentPurposeList". Again, normally there will just be one, but it is possible that a Content entity could have multiple purposes associated with it. The userLogin GenericValue is also required. A list of roleTypeIds is also possible. The basic sequence of testing events is: First the ContentPurposeOperation table is checked to see if there are any entries with matching purposes (and operations) with no roleTypeId (ie. _NA_). This is done because it would be the most common scenario and is quick to check. Secondly, the CONTENTMGR permission is checked. Thirdly, the ContentPurposeOperation table is rechecked to see if there are any conditions with roleTypeIds that match associated ContentRoles tied to the user. If a Party of "PARTY_GROUP" type is found, the PartyRelationship table is checked to see if the current user is linked to that group. If no match is found to this point and the current Content entity has a value for ownerContentId, then the last step is recusively applied, using the ContentRoles associated with the ownerContent entity.

checkAssocPermission

public static Map<String,Object> checkAssocPermission(DispatchContext dctx,
 Map<String,? extends Object> context)