In this document , basically we will understand about roles and permissions
permission
1-portal level permission
2-resource level permission
3-page level permission
What are Roles?
Roles are used to collect permissions that define a particular function within the portal, according to a particular scope. Roles can be granted permissions to various functions for example : page management,content management and portlet management etc. A roles is basically just a collection of permissions that defines a function. It can be of 3 types :
- Regular role: Permissions are defined at the portal level and are applied at the portal level.
- Site role: Permissions are defined at the site level and are applied to specific site.
- Organization role: Permissions are defined at the organization level and are applied to specific organization.
What is Permission?
When a role is assigned to a user, the user receives all the permissions defined by the role. So, to use a role, you need to assign members to it and define the permissions.
Basically Liferay defines two tables to handle permissions on any resource
resourceaction: This table is used to hold the actions for all the resource available in portal.
resourcepermission : This table stored the permissions using bitwise values, portal uses this value to check if any resource has proper permission or not.
Now let's talk about resourceaction table in detail :
To understand the permission system better , We have to first understand resourceaction table. Whenever Liferay server starts, all the entries available in "resource-actions/default.xml" inserted into resourceaction. default.xml file contains the mapping of all the resource available in portal and Actions are defined in corresponding resource xml files.
Let's take an example of one of the M
Example 1-
private void setPermissionsAndProperties(long companyId, ExpandoColumn expandoColumn) {
HashMap<String, String[]> rolesMap = new HashMap<String, String[]>();
rolesMap.put(RoleConstants.GUEST, new String[] { ActionKeys.VIEW, ActionKeys.UPDATE });
rolesMap.put(RoleConstants.USER, new String[] { ActionKeys.VIEW, ActionKeys.UPDATE });
Iterator<String> itr = rolesMap.keySet().iterator();
while (itr.hasNext()) {
String roleName = itr.next();
Role role = null;
try {
role = RoleLocalServiceUtil.getRole(companyId, roleName);
} catch (PortalException e) {
_log.error(e);
} catch (SystemException e) {
_log.error(e);
}
try {
ResourcePermissionLocalServiceUtil.setResourcePermissions(
companyId, ExpandoColumn.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(expandoColumn.getColumnId()),
role.getRoleId(), rolesMap.get(roleName));
} catch (PortalException e) {
_log.error(e);
} catch (SystemException e) {
_log.error(e);
}
}
example 2-
// Give the permission to vocabulary
AssetCategotyUtil.addPermission(assetVocabulary.getVocabularyId(), AssetVocabulary.class.getName());
} catch (PortalException e) {
_log.error(e.getMessage());
} catch (SystemException e) {
_log.error(e.getMessage());
}
return assetVocabulary.getVocabularyId();
}
// Give the permission to category
if(Validator.isNotNull(assetCategory))
AssetCategotyUtil.addPermission(assetCategory.getCategoryId(),AssetCategory.class.getName());
return categoryId;
}
=================================================================================
package com.util;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.model.ResourceConstants;
import com.liferay.portal.model.RoleConstants;
import com.liferay.portal.security.permission.ActionKeys;
import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
import com.liferay.portal.service.RoleLocalServiceUtil;
import com.liferay.portal.util.PortalUtil;
public class AssetCategotyUtil {
public static void addPermission(long classPK, String ClassName){
try {
// ResourcePermissionLocalServiceUtil.setResourcePermissions
// (companyId, name, scope, primKey, roleIdsToActionIds);
ResourcePermissionLocalServiceUtil.setResourcePermissions(PortalUtil.getDefaultCompanyId(), ClassName, ResourceConstants.SCOPE_INDIVIDUAL,String.valueOf(classPK),getRoleId(RoleConstants.USER), new String[] { ActionKeys.VIEW});
} catch (PortalException e) {
e.printStackTrace();
} catch (SystemException e) {
e.printStackTrace();
}
}
public static long getRoleId(String roleName) {
long roleId = 0l;
try {
roleId = RoleLocalServiceUtil.getRole(PortalUtil.getDefaultCompanyId(), roleName).getRoleId();
} catch (PortalException e) {
e.printStackTrace();
} catch (SystemException e) {
e.printStackTrace();
}
return roleId;
}
}
No comments:
Post a Comment