Sunday, September 11, 2011

Override Access authority from Commands

checkResourcePermission The user does not have the authority to run this command. CMN0410E: The system failed to retrieve the message with  key "_ERR_USER_AUTHORITY" from "com.ibm.commerce.ras.properties.ecServerMessages"
I am sure all of us working in commerce have seen the above error  a million times and some times it is because we didn't correctly define the access privileges when creating a new command and running ACPLoad but some times it is important to override the out of the box access policies.

I would not recommend returning plain null but also find below some more restricted overrides of getResources.


public AccessVector getResources() {
  return null;
}
public AccessVector getResources()
{          final String METHOD_NAME = "getResources";            
            java.util.Vector resourcesVector = new java.util.Vector();
            Long parentOrgId= null;
            UserAccessBean userAccessBean = getCommandContext().getUser();
            Long[] userAncestors = userAccessBean.getAncestors();
            if(userAncestors != null)   {      parentOrgId = userAncestors[0];   }   
            else   {   return null;     }            
            OrganizationAccessBean orgAccessBean = new OrganizationAccessBean();
            orgAccessBean.setInitKey_MemberId(parentOrgId.toString());
            orgAccessBean.refreshCopyHelper();
            resourcesVector.addElement(orgAccessBean.getEJBRef());
            return new AccessVector(resourcesVector);
   }  
public AccessVector getResources()
{     
 final String METHOD_NAME = "getResources";
        resources = new AccessVector();
        try {
            if (resources.isEmpty()) {
                orderId = getRequestProperties().getString(ORDER_ID,
                        null);
                OrderAccessBean orderAccessBean= new OrderAccessBean();
                oab.setInitKey_orderId(orderId);  
                oab.refreshCopyHelper();
                resources.addElement(
orderAccessBean);
            }
    return resources;
}



3 comments:

  1. What if I encounter the above user authority exception when accessing a JSP that uses this OrderDataBean ?

    ReplyDelete
  2. Override getResource method to support resource level access control policies. Making an entry into ACPolicy xml is for command level accesscontrol polocies.

    ReplyDelete
  3. Hey Is there a way to change value in "com.ibm.commerce.ras.properties.ecServerMessages"? , I need to do that for changing the Subject of Email in commerce

    ReplyDelete