Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
RE: Liferay 7.1.2: I can't modify the default permissions for the role User
Santiago Pérez de la Cámara, modified 6 Years ago.
Junior Member
Posts: 53
Join Date: 3/23/12
Recent Posts
Hi everyone:
I'm working with the version 7.1.2 CE upgraded from 7.0.6 CE.
By default, the role "User" has configured permissions for the "Documents and Multimedia" application, for instance: "Add a subfolder", "Add a document", "Update a document" and so on.
I don't want users to be able to upload/update/delete documents, so when I uncheck the appropiate permissions and save them the system displays a successfull message, but the permissions haven't be updated. Nothing has changed.
No errors are throwed in the log files...
Isn't it possible to change the default permissions for the role "User"? Is it a bug?
Thanks,
Santiago
I'm working with the version 7.1.2 CE upgraded from 7.0.6 CE.
By default, the role "User" has configured permissions for the "Documents and Multimedia" application, for instance: "Add a subfolder", "Add a document", "Update a document" and so on.
I don't want users to be able to upload/update/delete documents, so when I uncheck the appropiate permissions and save them the system displays a successfull message, but the permissions haven't be updated. Nothing has changed.
No errors are throwed in the log files...
Isn't it possible to change the default permissions for the role "User"? Is it a bug?
Thanks,
Santiago
Hi Santiago,
7.0.6: https://github.com/liferay/liferay-portal/blob/7.0.6-ga7/portal-impl/src/resource-actions/documentlibrary.xml#L27-L33
7.1.2: https://github.com/liferay/liferay-portal/blob/7.1.2-ga3/portal-impl/src/resource-actions/documentlibrary.xml#L27-L33
I'm guessing this comes from upgrade, probably something that was assigned directly to the User role.
Can you show content of ResourcePermission table where name = 'com.liferay.document.library'?
Thanks.
By default, the role "User" has configured permissions for the "Documents and Multimedia" application, for instance: "Add a subfolder", "Add a document", "Update a document" and so on.The default permissions are defined on Site Memeber role, not User role.
7.0.6: https://github.com/liferay/liferay-portal/blob/7.0.6-ga7/portal-impl/src/resource-actions/documentlibrary.xml#L27-L33
7.1.2: https://github.com/liferay/liferay-portal/blob/7.1.2-ga3/portal-impl/src/resource-actions/documentlibrary.xml#L27-L33
I'm guessing this comes from upgrade, probably something that was assigned directly to the User role.
Can you show content of ResourcePermission table where name = 'com.liferay.document.library'?
Thanks.
If you have MySQL this should return the important info:
SELECT
r.name roleName,
g.name groupName,
rp.*,
(SELECT group_concat(ra.actionId) from ResourceAction ra where ra.name = rp.name and ra.bitwiseValue & rp.actionIds > 0) actions
FROM ResourcePermission rp
INNER JOIN Role_ r on r.roleId = rp.roleId
LEFT JOIN Group_ g on g.groupId = rp.primKey
WHERE rp.name = 'com.liferay.document.library';
Santiago Pérez de la Cámara, modified 6 Years ago.
Junior Member
Posts: 53
Join Date: 3/23/12
Recent Posts
Hi Tomas:
Please, find attached the result file for the SQL.
Let me explain a little more aboute the problem I found.
As Administrator I try to change permissions for the "User" role. For instance, the permissions by default for "Website administration -> Applications -> Documents and Media" and resource "com.liferay.document.library.kernel.model.DLFolder" are shown in image 1.
I change the permissions just to "VIEW" and "ACCESS" (image 2). The database is updated and the field "ResourcePermissions.actionIds" with scope 1 has value 257 (VIEW = 1 + ACCESS = 256), but when the webpage is refreshed all the permissions are checked again (and the value in database remains 257!!!).
Where is it loading that checked permissions for the role User?? It seems like someway the permissions in database are overwritten with other permissions.... from where???
In addition, when the user logs in the web, the "permissionChecker" gets the permissions shown in image 1, not those in the database.
Thanks in advance!
Santiago
Please, find attached the result file for the SQL.
Let me explain a little more aboute the problem I found.
As Administrator I try to change permissions for the "User" role. For instance, the permissions by default for "Website administration -> Applications -> Documents and Media" and resource "com.liferay.document.library.kernel.model.DLFolder" are shown in image 1.
I change the permissions just to "VIEW" and "ACCESS" (image 2). The database is updated and the field "ResourcePermissions.actionIds" with scope 1 has value 257 (VIEW = 1 + ACCESS = 256), but when the webpage is refreshed all the permissions are checked again (and the value in database remains 257!!!).
Where is it loading that checked permissions for the role User?? It seems like someway the permissions in database are overwritten with other permissions.... from where???
In addition, when the user logs in the web, the "permissionChecker" gets the permissions shown in image 1, not those in the database.
Thanks in advance!
Santiago
Attachments:
Santiago Pérez de la Cámara, modified 6 Years ago.
Junior Member
Posts: 53
Join Date: 3/23/12
Recent Posts
Hi Tomas:
I think the bug is in the class:
com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl
Method:
hasScopeResourcePermission
The method is looking for a ResourcePermission list without taking into account the roleId. It retrieves several rows from database related with N roles and if one of them has the permission to "true", always returns "true" no care about the role that you are updating....
I have checked that this code has been updated in github:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/com/liferay/portal/service/impl/ResourcePermissionLocalServiceImpl.java
I don't know if it is included in the new versión 7.1.3 GA4... I'll deploy it this week.
Thanks,
Santiago
I think the bug is in the class:
com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl
Method:
hasScopeResourcePermission
The method is looking for a ResourcePermission list without taking into account the roleId. It retrieves several rows from database related with N roles and if one of them has the permission to "true", always returns "true" no care about the role that you are updating....
public boolean hasScopeResourcePermission(
long companyId, String name, int scope, long roleId,
String actionId)
throws PortalException {
ResourceAction resourceAction =
resourceActionLocalService.getResourceAction(name, actionId);
[color=#ff0000] [b]List<resourcepermission> resourcePermissions =
resourcePermissionPersistence.findByC_N_S(companyId, name, scope);[/b][/color]
for (ResourcePermission resourcePermission : resourcePermissions) {
if (resourcePermission.hasAction(resourceAction)) {
return true;
}
}
return false;
}</resourcepermission>I have checked that this code has been updated in github:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/com/liferay/portal/service/impl/ResourcePermissionLocalServiceImpl.java
public boolean hasScopeResourcePermission(
long companyId, String name, int scope, long roleId,
String actionId)
throws PortalException {
ResourceAction resourceAction =
resourceActionLocalService.getResourceAction(name, actionId);
[color=#006400][b] List<resourcepermission> resourcePermissions =
resourcePermissionPersistence.findByC_N_S_R(
companyId, name, scope, roleId);[/b][/color]
for (ResourcePermission resourcePermission : resourcePermissions) {
if (resourcePermission.hasAction(resourceAction)) {
return true;
}
}
return false;
}</resourcepermission>I don't know if it is included in the new versión 7.1.3 GA4... I'll deploy it this week.
Thanks,
Santiago
Thanks, now I understand.
Yes, this was fixed in 7.1.3 CE GA4.
Yes, this was fixed in 7.1.3 CE GA4.
Copyright © 2025 Liferay, Inc
• Privacy Policy
Powered by Liferay™