Skip to main content

Liferay Permission System

Liferay Permission System

1. Liferay’s permission system uses a flexible mechanism that defines the actions that a given user can perform within the context of the portal or a specific portlet.
2. Portal and portlet developers break down the operations that can be performed in the portal or portlet into distinct actions.
3. The act of granting the ability to perform an action to a specific role is the act of granting a permission.
4. In Liferay, permissions are not granted to directly to users. Instead, permissions are granted to roles. Roles, in turn, can be assigned to specific users, sites, organizations, or user groups.

Action: An operation that can be performed by a portal user. For example, actions that be performed on the Offer Portlet include ADD_TO_PAGE, CONFIGURATION, and VIEW.
Actions that can be performed on a Offer entity include ADD_ENTRY, DELETE, PERMISSIONS, UPDATE, and VIEW.

Resource: A generic representation of any portlet or entity in the portal on which an action can be performed. Resources are used for permission checking.

There are two types of Resource
    1. Portlet-Resource-:
          "The <portlet-resource> tag is used to define actions that can be taken with respect to
            the portlet window" Action includes are-:
             (a) ADD_TO_PAGE: Add the portlet to a page
             (b) CONFIGURATION: Access the portlet’s Configuration window
             (c) VIEW: View the portlet

All the supported actions are defined in the <supports> tag, a sub-tag of the <permissions> tag (which is itself a sub-tag of the <portlet-resource> tag:

<supports>
    <action-key>ADD_TO_PAGE</action-key>
    <action-key>CONFIGURATION</action-key>
    <action-key>VIEW</action-key>
</supports>

          

    2. Model-Resource-:

"The <model-resource> tag is used to define actions that can be performed with respect to models, also known as entities. There are two kinds of actions in Liferay: top-level actions and resource actions. Top-level actions are not applied to a particular resource. For example, the action of adding a new entity is not applied to a particular resource, so it’s considered a top-level action."

supports>
    <action-key>ADD_ENTRY</action-key>
    <action-key>DELETE</action-key>
    <action-key>PERMISSIONS</action-key>
    <action-key>UPDATE</action-key>
    <action-key>VIEW</action-key>
</supports>

Permission: An action that can be performed on a resource. In Liferay’s database, resources and actions are saved in pairs. (Each entry in the ResourceAction table contains both the name of a portlet or entity and the name of an action.)

For example-:

The VIEW action with respect to viewing the Offer portlet is associated with the offer_WAR_offerportlet portlet ID.

The VIEW actions with respect to viewing a Offer or viewing a Offer entry are associated with the com.test.model.Company.

You can add permissions to your custom portlets using four easy steps:

    *D*efine all resources and their permissions.

    *R*egister all defined resources in the permissions system. This is also known as adding resources.

    *A*ssociate the necessary permissions with resources.

    *C*heck permission before returning resources.


Define all Resource and their permission-:


The default permissions for site members are defined in the

<site-member-defaults> tag.



In the case of the Offer portlet, site members can view any Offer portlet in the site:


<site-member-defaults>
    <action-key>VIEW</action-key>
</site-member-defaults>

The default permissions for guests are defined in the <guest-defaults> tag

 <guest-defaults>
    <action-key>VIEW</action-key> 
</guest-defaults>

Final Code look like-:

<?xml version="1.0"?>
<resource-action-mapping>
<model-resource>
        <model-name>org.test.Company</model-name>
        <portlet-ref>
            <portlet-name>offer</portlet-name>
        </portlet-ref>
       <permissions>
       <supports>
           <action-key>ADD_ENTRY</action-key>
           <action-key>DELETE</action-key>
    <action-key>UPDATE</action-key>
    <action-key>VIEW</action-key>
       </supports>
       <site-member-defaults>
           <action-key>VIEW</action-key>
<action-key>LIST</action-key>
<action-key>UPDATE</action-key>
       </site-member-defaults>
<guest-defaults>
<action-key>VIEW</action-key>
<action-key>COPY</action-key>
</guest-defaults>
<guest-unsupported>
<action-key>VIEW</action-key>
<action-key>UPDATE</action-key>
</guest-unsupported>
</permissions>
</model-resource>
</resource-action-mapping>

Note-:

Your plugin’s permissions XML file should be named default.xml and should be placed in a directory in your project’s classpath. docroot/WEB-INF/src/resource-actions is the standard location. Once your project’s default.xml file has been created, you should create a properties file named portlet.properties that contains a reference to your permissions XML file. In your portlet.properties file, create a property named resource.actions.configs with the relative path to your portlet’s resource-action mapping file (e.g. default.xml) as its value. Here’s what this property specification might look like:

resource.actions.configs=resource-actions/default.xml


Note-: As per my previous example of HooK were i told about adding permission on application startup -Click Here to see-:

You can see this method there-

String[] actionKeys_Offer_RW = {ActionKeys.VIEW, ActionKeys.ADD_ENTRY, ActionKeys.UPDATE, ActionKeys.DELETE};
  
defineRolePermission(companyId, com.test.model.Company, MyConstant.OFFER_WRITE_ACCESS, actionKeys_Offer_RW, false);

private Role defineRolePermission(long companyId, String model, String roleName, String[] actionKeys, boolean isCustomFieldPermissionRequired) 
     throws PortalException, SystemException {
Role role = null;

role = RoleLocalServiceUtil.getRole(companyId, roleName);
addResource(companyId, role, model, actionKeys);

Now we will add resource here

 Adding a Resource-:

Resources should be added at the same time that entities are added to the database.
Adding resources is as easy as calling the addResources(...) method of Liferay’s ResourceLocalServiceUtil class.

public void addResources(
    long companyId, long groupId, long userId, String name,
    String primKey, boolean portletActions,
    boolean addGroupPermissions, boolean addGuestPermissions)

This is default signature of this method

private void addResource(long companyId, Role role, String modelName, String[]actionsKeys) throws PortalException, SystemException
{
  
  
  for (String actionKey : actionsKeys) {
   if(!ResourcePermissionLocalServiceUtil.hasResourcePermission(companyId, 
     modelName, 
     ResourceConstants.SCOPE_COMPANY, 
     ""+companyId, 
     role.getRoleId(), 
     actionKey)){
    _log.info("Role("+role.getName()+") don't have this permission("+actionKey+") for this model("+modelName+")");
    ResourcePermissionLocalServiceUtil.addResourcePermission(
      companyId, 
      modelName, 
      ResourceConstants.SCOPE_COMPANY, 
      ""+companyId, 
      role.getRoleId(), 
      actionKey);
   }else{
    _log.info("Role("+role.getName()+") already have this permission("+actionKey+") for this model("+modelName+")");
   }
  
  }
}


Checking Permission

public class CompanyPermission {
/***
 * This permissions are checked for portlet permissions (use only in java class)
  * @param permissionChecker
  * @param companyId
  * @param actionId
  * @throws PortalException
  * @throws SystemException */
public static void check
                  (PermissionChecker permissionChecker, long companyId, String actionId) throws PortalException, SystemException  
{

   if (!contains(permissionChecker, companyId, actionId)) 
              {
   throw new PrincipalException();
  }
}

/***
 * This method is used for check permissions for model permissions (use only java class).
  * @param permissionChecker
  * @param company
  * @param actionId
  * @throws PortalException
  */
public static void check
          (PermissionChecker permissionChecker, Company company, String actionId)
  throws PortalException 
  {
    if (!contains(permissionChecker, company, actionId)) 
       {
   throw new PrincipalException();
       }
  }
/***
  * This permissions are checked for portlet  (use only in jsp files).
  * @param permissionChecker
  * @param companyId
  * @param actionId
  * @return
  * @throws PortalException
  * @throws SystemException
  */
 public static boolean contains(PermissionChecker permissionChecker, long companyId, String actionId)
  throws PortalException, SystemException {
  
  OfferDAO offerDAO = OfferFactory.create();
  long contactId = LiferayDBUtil.getMyContactID();
  Contact contact = OfferFactory.create().getContact(0, 0, (int)contactId);
  Company company = offerDAO.getCompany(contact.getCompanyId(), (int)contact.getContactId(), (int)companyId);
  
  return contains(permissionChecker, company, actionId);
 }

 /***
  * This method is used for check permissions for model permissions (use only in jsp files).
  * @param permissionChecker
  * @param company
  * @param actionId
  * @return
  */
public static boolean contains(PermissionChecker permissionChecker, 
                               Company company, String actionId) 
  {
   return permissionChecker.hasPermission( 0l, Company.class.getName(), 
          company.getCompanyId(), actionId);
  }
 
}


Comments

Popular posts from this blog

Liferay 7.1 Topics Coming Soon stay connected

1. Liferay 7.1 Service Builder 2. Rest Service and Liferay 3. Consuming SOAP service with Liferay 7.1 4. Creating Theme With Liferay 7.1 Using Liferay IDE Using NPM 5. Create Angular NPM Module 6. Web Content Management 7. OSGI Basic 8. Liferay 7.1 with more than 1 DB 9. A sample project 10. Liferay Dev Ops

How the portal page is loaded with respective portlets

How the portal page is loaded with respective portlets When a user requests a page with a URL, 1.    The browser sends the request to the Application Server (AS). 2.    Liferay gets the page name from the URL. 3.    It goes to the layout database table and finds the related        theme and page layout. 4.    Based on the page layout, Liferay finds the portlets added        into each area of the page layout. 5.    Liferay runs the portlet and adds the output in the        portlet.vm template. 6.    Liferay interprets the portlet.vm template and adds the output        in the page layout. 7.    Then Liferay interprets the page layout and adds the output in        the portal_normal.vm template. 8.    After that Liferay interprets the portal...

Liferay Custom Field and Custom Attribute (Using Liferay UI and Programatically)

Custom fields are a way to add attributes to many types of assets in the portal. Its basically help us to add additional fields to existed models or entities. Adding some more additional attributes to existed entities or models helps us so to meet our requirements. Liferay provide two way's to allow the creation of Custom Fields. 1. Using Liferay UI 2. Programatically Lets look these both topic one by one-: Suppose you have a scenario where its needed to add few fields in your User_ Table So its simple to add using Liferay UI just you need to follow these steps-: 1. Using Liferay UI-:   Goto-> Control-Panel -> Click on Custom Field A List will be displayed-: Now you can add your custom fields for any entity in the list. Click on User Entity and a page will be displayed like this-: Now add these value in respective fields-: KEY- myContactId Type- Select Integer After adding the custom field we can view, update from the Lifera...