Package org.apache.ofbiz.content.content
Class ContentPermissionServices
- java.lang.Object
-
- org.apache.ofbiz.content.content.ContentPermissionServices
-
public class ContentPermissionServices extends java.lang.Object
ContentPermissionServices Class Services for granting operation permissions on Content entities in a data-driven manner.
-
-
Constructor Summary
Constructors Constructor Description ContentPermissionServices()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static java.util.Map<java.lang.String,java.lang.Object>
checkAssocPermission(DispatchContext dctx, java.util.Map<java.lang.String,? extends java.lang.Object> context)
static java.util.Map<java.lang.String,java.lang.Object>
checkContentPermission(DispatchContext dctx, java.util.Map<java.lang.String,? extends java.lang.Object> context)
checkContentPermission
-
-
-
Field Detail
-
module
public static final java.lang.String module
-
resource
public static final java.lang.String resource
- See Also:
- Constant Field Values
-
-
Method Detail
-
checkContentPermission
public static java.util.Map<java.lang.String,java.lang.Object> checkContentPermission(DispatchContext dctx, java.util.Map<java.lang.String,? extends java.lang.Object> context)
checkContentPermission- Parameters:
dctx
- The DispatchContext that this service is operating incontext
- Map containing the input parameters- Returns:
- Map with the result of the service, the output parameters This service goes thru a series of test to determine if the user has authority to performed anyone of the passed in target operations. It expects a Content entity in "currentContent" It expects a list of contentOperationIds in "targetOperationList" rather than a scalar because it is thought that sometimes more than one operation would fit the situation. Similarly, it expects a list of contentPurposeTypeIds in "contentPurposeList". Again, normally there will just be one, but it is possible that a Content entity could have multiple purposes associated with it. The userLogin GenericValue is also required. A list of roleTypeIds is also possible. The basic sequence of testing events is: First the ContentPurposeOperation table is checked to see if there are any entries with matching purposes (and operations) with no roleTypeId (ie. _NA_). This is done because it would be the most common scenario and is quick to check. Secondly, the CONTENTMGR permission is checked. Thirdly, the ContentPurposeOperation table is rechecked to see if there are any conditions with roleTypeIds that match associated ContentRoles tied to the user. If a Party of "PARTY_GROUP" type is found, the PartyRelationship table is checked to see if the current user is linked to that group. If no match is found to this point and the current Content entity has a value for ownerContentId, then the last step is recusively applied, using the ContentRoles associated with the ownerContent entity.
-
checkAssocPermission
public static java.util.Map<java.lang.String,java.lang.Object> checkAssocPermission(DispatchContext dctx, java.util.Map<java.lang.String,? extends java.lang.Object> context)
-
-