1. Home
  2. Portal
  3. RE: Expression Builder-styled permission settings

RE: Expression Builder-styled permission settings

Jeffrey Ramspacher, modified 6 Years ago.
Expression Builder-styled permission settings
New Member Posts: 4 Join Date: 4/11/19 Recent Posts
We are trying to gate or open content to our users based on a combination of roles or user groups. For example, we may want users to be able to navigate to a certain page or see a portlet on a page if they have roles A or B, but not C.

At the moment, we haven't been able to find a way to clearly integrate these kinds of restrictions without building them internally to a page or portlet through our own logic. Does liferay have a some kind of expression builder to accomplish more complex permissions?
thumbnail
Andrew Jardine, modified 6 Years ago.
RE: Expression Builder-styled permission settings
Liferay Legend Posts: 2416 Join Date: 12/22/10 Recent Posts
Hi Jeffrey -- the short answer is, you can't do that. 

I've worked with many clients in the past that wanted this kind of solution and the answer has always been the same. The first time I encountered this requirement I went down the same path you did, and you might even find some forum posts along the way where I was asking the same question.

The answer that was given to me, which I think is still the case is this. The permissions model in Liferay is not designed to have exception scenarios in it. The reason for this decision is probably in part to keep it simple but also to make it obviosu what rights a user has. If you are in Role A, and Role A is defined as being able to do these things, then these are the things that you can do. If you start to warp that defintion by saying if you are in Role A you can do these things, unless you are Jeffrey, then it becomes much harder to determine what exactly the definition of Role A is. 

I know it's probably not the answer that you want to hear, but this is my undertanding. 
Jeffrey Ramspacher, modified 6 Years ago.
RE: Expression Builder-styled permission settings
New Member Posts: 4 Join Date: 4/11/19 Recent Posts
Definitely not the answer we were hoping for, but I appreciate the response before we spent months trying to rig something up to emulate what we currently have. I guess we will have to change our content strategy.
thumbnail
Andrew Jardine, modified 6 Years ago.
RE: Expression Builder-styled permission settings
Liferay Legend Posts: 2416 Join Date: 12/22/10 Recent Posts
Yeah, sorry to be the bearer of bad news. If it's worth anything, I have found that the permissions model that Liferay uses is totally adequate, but it does sometimes force implementations to do a better job defining roles. I can't even count the number of times I have seen roles like "Report Reader" and "Report Writer". Those aren't really roles but rather actions that are associated with a role. 

I'm certainly not suggesting it's an easy task, but sometimes walls you hit like these can have a silver lining when they force you to take a second look at how your approach. 

I did also look once at extending the portal to provide the ability to allow for these exception scenarios. It was no small effort, bu tmy measure it was not an impossible task either. In the end I recommended against it though as it would prbably really complicate the upgrade path. We ended up redefining the roles emoticon