Liferay Permission System
1. Liferay’s permission system uses a flexible mechanism that defines the actions that a given user can perform within the context of the portal or a specific portlet.2. Portal and portlet developers break down the operations that can be performed in the portal or portlet into distinct actions.
3. The act of granting the ability to perform an action to a specific role is the act of granting a permission.
4. In Liferay, permissions are not granted to directly to users. Instead, permissions are granted to roles. Roles, in turn, can be assigned to specific users, sites, organizations, or user groups.
Action: An operation that can be performed by a portal user. For example, actions that be performed on the Offer Portlet include ADD_TO_PAGE, CONFIGURATION, and VIEW.
Actions that can be performed on a Offer entity include ADD_ENTRY, DELETE, PERMISSIONS, UPDATE, and VIEW.
Resource: A generic representation of any portlet or entity in the portal on which an action can be performed. Resources are used for permission checking.
There are two types of Resource
1. Portlet-Resource-:
"The
<portlet-resource>
tag is used to define actions that can be taken with respect tothe portlet window" Action includes are-:
(a)
ADD_TO_PAGE
: Add the portlet to a page(b)
CONFIGURATION
: Access the portlet’s Configuration window(c)
VIEW
: View the portletAll the supported actions are defined in the
<supports>
tag, a sub-tag of the <permissions>
tag (which is itself a sub-tag of the <portlet-resource>
tag:<supports>
<action-key>ADD_TO_PAGE</action-key>
<action-key>CONFIGURATION</action-key>
<action-key>VIEW</action-key>
</supports>
2. Model-Resource-:
"The
<model-resource>
tag is used to define actions
that can be performed with respect to models, also known as entities.
There are two kinds of actions in Liferay: top-level actions and resource actions.
Top-level actions are not applied to a particular resource. For
example, the action of adding a new entity is not applied to a
particular resource, so it’s considered a top-level action."supports>
<action-key>ADD_ENTRY</action-key>
<action-key>DELETE</action-key>
<action-key>PERMISSIONS</action-key>
<action-key>UPDATE</action-key>
<action-key>VIEW</action-key>
</supports>
Permission: An action that can be performed on a resource. In Liferay’s database, resources and actions are saved in pairs. (Each entry in the ResourceAction table contains both the name of a portlet or entity and the name of an action.)
For example-:
The VIEW action with respect to viewing the Offer portlet is associated with the offer_WAR_offerportlet portlet ID.
The VIEW actions with respect to viewing a Offer or viewing a Offer entry are associated with the com.test.model.Company.
You can add permissions to your custom portlets using four easy steps:
*D*efine all resources and their permissions.
*R*egister all defined resources in the permissions system. This is also known as adding resources.
*A*ssociate the necessary permissions with resources.
*C*heck permission before returning resources.
Define all Resource and their permission-:
The default permissions for site members are defined in the
<site-member-defaults>
tag.
In the case of the Offer portlet, site members can view any Offer portlet in the site:
<site-member-defaults>
<action-key>VIEW</action-key>
</site-member-defaults>
The default permissions for guests are defined in the <guest-defaults>
tag
<guest-defaults> <action-key>VIEW</action-key>
</guest-defaults>Final Code look like-:
<?xml version="1.0"?>
<resource-action-mapping>
<model-resource>
<model-name>org.test.Company</model-name>
<portlet-ref>
<portlet-name>offer</portlet-name>
</portlet-ref>
<permissions>
<supports>
<action-key>ADD_ENTRY</action-key>
<action-key>DELETE</action-key>
<action-key>UPDATE</action-key>
<action-key>VIEW</action-key>
</supports>
<site-member-defaults>
<action-key>VIEW</action-key>
<action-key>LIST</action-key>
<action-key>UPDATE</action-key>
</site-member-defaults>
<guest-defaults>
<action-key>VIEW</action-key>
<action-key>COPY</action-key>
</guest-defaults>
<guest-unsupported>
<action-key>VIEW</action-key>
<action-key>UPDATE</action-key>
</guest-unsupported>
</permissions>
</model-resource>
</resource-action-mapping>
Note-:
Your plugin’s permissions XML file should be named
default.xml
and should be placed in a directory in your project’s classpath. docroot/WEB-INF/src/resource-actions
is the standard location. Once your project’s default.xml
file has been created, you should create a properties file named portlet.properties
that contains a reference to your permissions XML file. In your portlet.properties
file, create a property named resource.actions.configs
with the relative path to your portlet’s resource-action mapping file (e.g. default.xml
) as its value. Here’s what this property specification might look like: resource.actions.configs=resource-actions/default.xml
Note-: As per my previous example of HooK were i told about adding permission on application startup -Click Here to see-:
You can see this method there-
String[] actionKeys_Offer_RW = {ActionKeys.VIEW, ActionKeys.ADD_ENTRY, ActionKeys.UPDATE, ActionKeys.DELETE};
defineRolePermission(companyId, com.test.model.Company, MyConstant.OFFER_WRITE_ACCESS, actionKeys_Offer_RW, false);
private Role defineRolePermission(long companyId, String model, String roleName, String[] actionKeys, boolean isCustomFieldPermissionRequired)
throws PortalException, SystemException {
Role role = null;
role = RoleLocalServiceUtil.getRole(companyId, roleName);
addResource(companyId, role, model, actionKeys);
Now we will add resource here
Adding a Resource-:Resources should be added at the same time that entities are added to the database.
Adding resources is as easy as calling the
addResources(...)
method of Liferay’s ResourceLocalServiceUtil
class.public void addResources(
long companyId, long groupId, long userId, String name,
String primKey, boolean portletActions,
boolean addGroupPermissions, boolean addGuestPermissions)
This is default signature of this method
private void addResource(long companyId, Role role, String modelName, String[]actionsKeys) throws PortalException, SystemException
{
for (String actionKey : actionsKeys) { if(!ResourcePermissionLocalServiceUtil.hasResourcePermission(companyId, modelName, ResourceConstants.SCOPE_COMPANY, ""+companyId, role.getRoleId(), actionKey)){ _log.info("Role("+role.getName()+") don't have this permission("+actionKey+") for this model("+modelName+")"); ResourcePermissionLocalServiceUtil.addResourcePermission( companyId, modelName, ResourceConstants.SCOPE_COMPANY, ""+companyId, role.getRoleId(), actionKey); }else{ _log.info("Role("+role.getName()+") already have this permission("+actionKey+") for this model("+modelName+")"); } } }
Checking Permission
public class CompanyPermission {
/***
* This permissions are checked for portlet permissions (use only in java class)
* @param permissionChecker
* @param companyId
* @param actionId
* @throws PortalException
* @throws SystemException */
public static void check
(PermissionChecker permissionChecker, long companyId, String actionId) throws PortalException, SystemException
{
if (!contains(permissionChecker, companyId, actionId))
{
throw new PrincipalException();
}
}
/***
* This method is used for check permissions for model permissions (use only java class).
* @param permissionChecker
* @param company
* @param actionId
* @throws PortalException
*/
public static void check
(PermissionChecker permissionChecker, Company company, String actionId)
throws PortalException
{
if (!contains(permissionChecker, company, actionId))
{
throw new PrincipalException();
}
}
/*** * This permissions are checked for portlet (use only in jsp files). * @param permissionChecker * @param companyId * @param actionId * @return * @throws PortalException * @throws SystemException */ public static boolean contains(PermissionChecker permissionChecker, long companyId, String actionId) throws PortalException, SystemException { OfferDAO offerDAO = OfferFactory.create(); long contactId = LiferayDBUtil.getMyContactID(); Contact contact = OfferFactory.create().getContact(0, 0, (int)contactId); Company company = offerDAO.getCompany(contact.getCompanyId(), (int)contact.getContactId(), (int)companyId); return contains(permissionChecker, company, actionId); } /*** * This method is used for check permissions for model permissions (use only in jsp files). * @param permissionChecker * @param company * @param actionId * @return */ public static boolean contains(PermissionChecker permissionChecker,
Company company, String actionId)
{ return permissionChecker.hasPermission( 0l, Company.class.getName(),
company.getCompanyId(), actionId); } }
Comments
Post a Comment