登录级别
在每个Component的根目录下的ofbiz-component.xml文件下,有对于访问该component的“最基本的权限”定义。所谓最基本的权限,就是登录该component的用户需要至少拥有该文件内定义的权限才可以访问。示例查看order项目的ofbiz-component.xml文件:
<webapp name="order"
title="Order"
description="OrderComponentDescription"
server="default-server"
location="webapp/ordermgr"
base-permission="OFBTOOLS,ORDERMGR"
mount-point="/ordermgr"/>
见其中的“base-permission”属性。可以看到它包含了两个权限值——OFBTOOLS,ORDERMGR,这也意味着你必须同时拥有这两个权限才能访问该组件。而通常一个Component也会同时包含权限“OFBTOOLS”以及权限“COMPONNENT-NAME_VIEW”,这样配置的目的是OFBTOOLS用于对web app的访问进行控制,而COMPONNENT-NAME_VIEW用于控制浏览web app的信息。
将下面数据导入ofbiz:
<entity-engine-xml>
<UserLogin userLoginId="ceshi" currentPassword="{SHA}47b56994cbc2b6d10aa1be30f70165adb305a41a" partyId="admin"/>
<SecurityGroup groupId="ceshiGroup" description="测试权限系统的安全组,只可登录订单系统!"/>
<SecurityGroupPermission groupId="ceshiGroup" permissionId="OFBTOOLS_VIEW"/>
<SecurityGroupPermission groupId="ceshiGroup" permissionId="ORDERMGR_ADMIN"/>
<UserLoginSecurityGroup groupId="ceshiGroup" userLoginId="ceshi" fromDate="2017-01-01 00:00:00"/>
</entity-engine-xml>
可以吧上面的ORDERMGR_ADMIN改为ORDERMGR_VIEW。这样一样可以登录系统,但是该为ORDERMGR_CREATE就无法登录系统了。
权限系统相关表查询:
SELECT * FROM SECURITY_GROUP
SELECT * FROM SECURITY_PERMISSION
SELECT * FROM SECURITY_GROUP_PERMISSION
SELECT * FROM USER_LOGIN_SECURITY_GROUP WHERE user_login_id IN ('admin','flexadmin','demoadmin','demoadmin','bizadmin')
SELECT * FROM PARTY_RELATIONSHIP
SELECT * FROM SECURITY_PERMISSION_AUTO_GRANT
SELECT * FROM user_login
SELECT * FROM user_login_history
SELECT a.user_login_id,a.group_id,b.PERMISSION_ID
FROM USER_LOGIN_SECURITY_GROUP a
LEFT JOIN SECURITY_GROUP_PERMISSION b ON a.group_id = b.group_id
WHERE a.user_login_id IN ('admin','flexadmin','demoadmin','demoadmin','bizadmin')
SELECT * FROM SECURITY_PERMISSION WHERE PERMISSION_ID='ACCOUNTING'
SELECT * FROM Email_Template_Setting
SELECT * FROM SECURITY_PERMISSION WHERE PERMISSION_ID LIKE 'order%' OR PERMISSION_ID LIKE 'OFBTOOLS%'
SELECT t.user_login_id,a.group_id,b.PERMISSION_ID
FROM user_login t
LEFT JOIN USER_LOGIN_SECURITY_GROUP a ON t.user_login_id=a.user_login_id
LEFT JOIN SECURITY_GROUP_PERMISSION b ON a.group_id = b.group_id
WHERE t.user_login_id IN ('ceshi')
SELECT t.*
FROM user_login t
WHERE user_login_id='ceshi'
SELECT * FROM SECURITY_GROUP_PERMISSION WHERE group_id='ceshi'