How to setup the access for the subscreens not only for the menu index 1

moqui / moqui-framework

Use Moqui Framework to build enterprise applications based on Java. It includes tools for databases (relational, graph, document), local and web services, web and other UI with screens and forms, security, file/resource access, scripts, templates, l10n, caching, logging, search, rules, workflow, multi-instance, and integration.

http://www.moqui.org

Other

279 stars 200 forks source link

How to setup the access for the subscreens not only for the menu index 1 #397

Closed lightning-pro closed 4 years ago

lightning-pro commented 4 years ago

Hi, from the example component, there is a demo setup of component://example/screen/ExampleApp/Example.xml with an user example.ltd, yes ,this can access the Example page only as expected. But once only need to setup for other pages like component://example/screen/ExampleApp/Feature.xml, this is not working, no menu at all.

after some testing, I found that only the page with default-menu-index="1" works, but most of the case ,we need to setup different users groups to visit different pages(e.g. some user only access Feature.xml page). I event try to the deny combination of the setup, but still fails. any setup examples can take reference?

jonesde commented 4 years ago

More details needed, please see the Bugs and General Issues section here:

https://www.moqui.org/m/docs/moqui/Issue+and+Pull+Request+Guide#bugs-and-general-issues

Information needed for a issues in general are: 1. Steps to Reproduce (what did you do), 2. What Happened (what did the system do), and 3. What Should Have Happened (what is the difference between what the system did and what you expected).

From what you wrote there seem to be multiple issues so you'd have a set of these 3 for each. Each needs to be a specific case to have any hope of communication adequate for anyone reviewing the issue to reproduce what you're doing and have a decent chance of being helpful whether it be fixing something in the framework or pointing out issues in your code or configuration.

lightning-pro commented 4 years ago

OK, for short,you can follow below steps to reproduce it

install the example component and import all the related data
change the artifactName of ArtifactGroupMember with artifactGroupId= EXAMPLE_LTD to be component://example/screen/ExampleApp/Feature.xml.
relogin with user example.ltd

no menu and content would displayed after you login.

jonesde commented 4 years ago

Basically in step #2 you removed the default authorization for the ExampleApp.xml screen and when you tried to render it or check if the user is authorized (as part of the render path for the Feature.xml screen) it failed because there is no authorization.

For docs on the artifact stack and how it works with authorization see:

https://moqui.org/m/docs/framework/Security

For an example of how to do this see the authz setup for the POPC ERP app:

https://github.com/moqui/PopCommerce/blob/master/data/PopCommerceAaaSetupData.xml

In short you need authorization for the root screen of the app or it won't be allowed, and to not grant authz for the entire app by using a non-inherited authz as mentioned in the comment on line 57.