1. Home
  2. Development
  3. RE: Custom permissions for a custom portlet. Liferay 6.2

RE: Custom permissions for a custom portlet. Liferay 6.2

David J Godbey, modified 7 Years ago.
Custom permissions for a custom portlet. Liferay 6.2
New Member Posts: 6 Join Date: 10/14/10 Recent Posts

Folks,
I am developing a custom portlet for a customer that has fine-grained permission requirements. There are three tables whose records must be permissionable, including an APPROVE and an EXECUTE permission. I have worked with some of the documentation available from Liferay, but I'm not getting the whole story. And things aren't working.

First, my portlet is a separate war file, it does not live in ROOT as do the portlets in the documentation that I've found.

What I have found: 1. The default.xml file that lives in the portal-impl.jar file must be edited to reference my resource actions xml file. 2. My resource actions file must live in ROOT, I put it in ROOT/WEB-INF/classes/resource-actions. 3. I added three <model-resource> items to my resouce-actions file, but Liferay only created RESOURCEACTION records for one of the items, the top item.

Find attached the resource-actions xml file.

Below find the SQL output for the RESOURCEACTIONS and RESOURCEPERMISSIONS tables. The entries in the RESOURCEPERMISSION table represent the site member and the owner.

RESOURCEACTIONID NAME                                  ACTIONID            BITWISEVALUE
---------------- ------------------------------------------------------------ ------------------------- ------------
        6110 gov.nasa.hq.portlet.permission                   VIEW                   1
        6107 gov.nasa.hq.portlet.permission                   ADD                   2
        6108 gov.nasa.hq.portlet.permission                   DELETE                   4
        6109 gov.nasa.hq.portlet.permission                   UPDATE                   8
        6111 gov.nasa.hq.portlet.permission                   PERMISSIONS              16
        6112 gov.nasa.hq.portlet.permission                   APPROVE                  32

6 rows selected.

SQL>
RESOURCEPERMISSIONID  COMPANYID NAME                                  SCOPE PRIMKEY               ROLEID    OWNERID  ACTIONIDS
-------------------- ---------- ------------------------------------------------------------ ---------- ------------------------- ---------- ---------- ----------
           15304      20155 gov.nasa.hq.portlet.permission                          4 23209                   20171          0      1
           15303      20155 gov.nasa.hq.portlet.permission                          4 23209                   20164          0     63


Do you know why there are no records were made for the Payload and Survey entries, just for the top model-resource? I put nothing in the CLASSNAME_ table, do I need to?

Thanks for the help,
Dave

Attachments:

thumbnail
Minhchau Dang, modified 7 Years ago.
RE: Custom permissions for a custom portlet. Liferay 6.2
Liferay Master Posts: 598 Join Date: 10/22/07 Recent Posts
David J Godbey:
  1. The default.xml file that lives in the portal-impl.jar file must be edited to reference my resource actions xml file.
  2. My resource actions file must live in ROOT, I put it in ROOT/WEB-INF/classes/resource-actions.
  3. I added three <model-resource> items to my resouce-actions file, but Liferay only created RESOURCEACTION records for one of the items, the top item.

In case you need examples for how to add permissions to a portlet WAR, Adding Permissions to Resources example from the documentation assumes your resource actions XML is inside of the portlet WAR, and the sample-permissions-portlet (as well as many other portlets in the public plugins SDK for 6.2) also have their resource actions in the portlet WAR.

By putting your resource actions in the ROOT war instead of the portlet WAR, what you're effectively doing is creating an EXT plugin to contain permissions for regular plugins SDK portlets. I'm not sure how well that works (my mental model makes me think it shouldn't work at all), but you can try attaching a breakpoint to PortletHotDeployListener to check what model resources it's processing at runtime.

David J Godbey, modified 7 Years ago.
RE: Custom permissions for a custom portlet. Liferay 6.2
New Member Posts: 6 Join Date: 10/14/10 Recent Posts

There were a couple of other entries here. Where did they go? Did you guys have another hard drive failure with necessary restore?

David J Godbey, modified 7 Years ago.
RE: Custom permissions for a custom portlet. Liferay 6.2
New Member Posts: 6 Join Date: 10/14/10 Recent Posts

Can you tell me again how to fix the ivy problem, your cdn provider going out of the cdn business?

thumbnail
Minhchau Dang, modified 7 Years ago.
RE: Custom permissions for a custom portlet. Liferay 6.2
Liferay Master Posts: 598 Join Date: 10/22/07 Recent Posts
David J Godbey:

Can you tell me again how to fix the ivy problem, your cdn provider going out of the cdn business?

As a workaround for CDN problems, you can update ivy-settings.xml (which you can find at the root of the plugins SDK) to use the actual repository rather than the CDN. To do so, replace https://cdn.lfrs.sl/repository.liferay.com with https://repository.liferay.com.

David J Godbey, modified 7 Years ago.
RE: Custom permissions for a custom portlet. Liferay 6.2
New Member Posts: 6 Join Date: 10/14/10 Recent Posts

Minchau,

I see that using the liferay-security taglib in the jsp works. Do you know why this inside a portlet java class does not if scope is SCOPE_INDIVIDUAL? ResourcePermissionLocalServiceUtil.addResourcePermission(cid, resName, scope, primKey,
                                                                 roleId, action.trim());

 

SCOPE_COMPANY will put a record in the RESOURCEPERMISSION table, but not one that work for giving a user  access to that record.

Thanks,
Dave