用户的权限都是以权限组来分配的

相关的几个表如下 

security_group security_permission security_group_permission security_permission_auto_grant user_login_security_group 

系统中没有权限的定义 只有安全组的定义权限都是系统初始化进去的。 

1、ftl内用security.hasEntityPermission 

<#if security.hasEntityPermission("PARTYMGR", "_CREATE", session)>
<li>
<a href="<@ofbizUrl>editPartyAttribute?partyId=${party.partyId}</@ofbizUrl>">${uiLabelMap.CommonCreateNew}</a>
</li>

</#if> 

2、script 包内的simple-method内用 check-permission去判断权限 例如

<check-permission permission="ACCOUNTING" action="_UPDATE">
<alt-permission permission="ACCOUNTING_ROLE" action="_UPDATE" />
<fail-message message="Security Error: to run updateFixedAssetCalendar you must have the ACCOUNTING_UPDATE or ACCOUNTING_ADMIN permission, or the limited ACCOUNTING_ROLE_UPDATE permission" />

</check-permission>

3、servicedef包内的service内用permission-service去判断权限 例如

<permission-service service-name="contentManagerPermission" main-action="CREATE" />

4、 *FORMS.xml内 (1)现在screen内去获取,以MAP形式然后再form去判断

<actions>
<set field="tabButtonItem" value="FindTrainingApprovals" />
<set field="titleProperty" value="PageTitleFindTrainingApprovals" />
<service service-name="humanResManagerPermission" result-map="permResult">
<field-map field-name="mainAction" value="ADMIN" />
</service>
<set field="hasAdminPermission"
from-field="permResult.hasPermission" />
<set field="loginPartyId" from-field="parameters.userLogin.partyId" />

</actions>

以上是screen的action内定义的。 下面是在form内判断的

<field name="approverId" use-when="!hasAdminPermission">
<hidden value="${loginPartyId}" />

</field>

(2)直接在form内以bsh形式去判断 例如use-when="${bsh:security.hasEntityPermission("CATALOG","_UPDATE", session);}"