Completely hide and restric access to control panel

Tauseef Ahmed
Tauseef Ahmed
Less Than a Minute Read

By using
#if (($is_signed_in) && $permissionChecker.isCompanyAdmin($company_id))
 dockbar()
#end
in portal_normal.vm we can hide access to control panel but any user can access by using http://localhost:8080/group/control_panel url

To avoid it we can restrict access to control panel by using hook.
  1) Into liferay-hook.xml add:
<portal-properties>portal.properties</portal-properties>

Add portal.properties file to hook's src folder and add this line to it:

servlet.service.events.pre=my.event.portal.ControlPanelAccessPreAction

Create ControlPanelAccessPreAction.java into appropriate package and add next code it:

package my.event.portal;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.service.GroupLocalServiceUtil;
import com.liferay.portal.service.RoleServiceUtil;
import com.liferay.portal.service.UserServiceUtil;
import com.liferay.portal.theme.ThemeDisplay;
 
/**
 * The ControlPanelAccessPreAction restricts access to Control panel of simple
 * users.
 */
public class ControlPanelAccessPreAction extends Action {
 
  /**
   * Instantiates a new control panel access pre action.
   */
  public ControlPanelAccessPreAction() {
 super();
  }
 
  /*
   * @see com.liferay.portal.kernel.events.Action#run(javax.servlet.http. HttpServletRequest,
   * javax.servlet.http.HttpServletResponse)
   */
  public void run(HttpServletRequest request,
      HttpServletResponse response) throws ActionException {
 try {
 
   ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
   if (GroupLocalServiceUtil.getGroup(themeDisplay.getLayout().getGroupId()).isControlPanel()) {
 
  User currentUser = UserServiceUtil.getUserById(themeDisplay.getUserId());
  if (!RoleServiceUtil.hasUserRole(currentUser.getUserId(),
           currentUser.getCompanyId(),
           "administrator",
           true)) {
    throw new PrincipalException("User " + request.getRemoteUser()
     + " can't access the control panel.");
  }
   
   }
 } catch (Exception ex) {
   throw new ActionException(ex);
 }
  }
}

Page Comments
thumbnail
Gnaniyar Zubair
11 Years Ago
Gud to see ur continuous blog . Hope you are in development now.
we can achieve this through Permission Tauseef..
It would be helpful if you give your explanation with code. Thanks for understanding
Please sign in to reply.

Related Assets...

No Results Found

More Blog Entries...

David H Nebinger
March 20, 2026
Ben Turner
March 20, 2026
Marco Leo
March 11, 2026