Package org.apache.ofbiz.content.content

Class ContentPermissionServices

  • public class ContentPermissionServices
extends java.lang.Object
    ContentPermissionServices Class Services for granting operation permissions on Content entities in a data-driven manner.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String module  
      static java.lang.String resource  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.util.Map<java.lang.String,​java.lang.Object> checkAssocPermission​(DispatchContext dctx, java.util.Map<java.lang.String,​? extends java.lang.Object> context)  
      static java.util.Map<java.lang.String,​java.lang.Object> checkContentPermission​(DispatchContext dctx, java.util.Map<java.lang.String,​? extends java.lang.Object> context)
      checkContentPermission

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • module

        public static final java.lang.String module

    • Constructor Detail

      • ContentPermissionServices

        public ContentPermissionServices()

    • Method Detail

      • checkContentPermission

        public static java.util.Map<java.lang.String,​java.lang.Object> checkContentPermission​(DispatchContext dctx,
                                                                                            java.util.Map<java.lang.String,​? extends java.lang.Object> context)
        checkContentPermission
        Parameters:
        dctx - The DispatchContext that this service is operating in
        context - Map containing the input parameters
        Returns:
        Map with the result of the service, the output parameters This service goes thru a series of test to determine if the user has authority to performed anyone of the passed in target operations. It expects a Content entity in "currentContent" It expects a list of contentOperationIds in "targetOperationList" rather than a scalar because it is thought that sometimes more than one operation would fit the situation. Similarly, it expects a list of contentPurposeTypeIds in "contentPurposeList". Again, normally there will just be one, but it is possible that a Content entity could have multiple purposes associated with it. The userLogin GenericValue is also required. A list of roleTypeIds is also possible. The basic sequence of testing events is: First the ContentPurposeOperation table is checked to see if there are any entries with matching purposes (and operations) with no roleTypeId (ie. _NA_). This is done because it would be the most common scenario and is quick to check. Secondly, the CONTENTMGR permission is checked. Thirdly, the ContentPurposeOperation table is rechecked to see if there are any conditions with roleTypeIds that match associated ContentRoles tied to the user. If a Party of "PARTY_GROUP" type is found, the PartyRelationship table is checked to see if the current user is linked to that group. If no match is found to this point and the current Content entity has a value for ownerContentId, then the last step is recusively applied, using the ContentRoles associated with the ownerContent entity.

      • checkAssocPermission

        public static java.util.Map<java.lang.String,​java.lang.Object> checkAssocPermission​(DispatchContext dctx,
                                                                                          java.util.Map<java.lang.String,​? extends java.lang.Object> context)