Completely hide and restric access to control panel

thumbnail
Tauseef Ahmed
Published Date9 Years Ago - 266800 Views

By using
#if (($is_signed_in) && $permissionChecker.isCompanyAdmin($company_id))
 dockbar()
#end
in portal_normal.vm we can hide access to control panel but any user can access by using http://localhost:8080/group/control_panel url

To avoid it we can restrict access to control panel by using hook.
  1) Into liferay-hook.xml add:
<portal-properties>portal.properties</portal-properties>

Add portal.properties file to hook's src folder and add this line to it:

servlet.service.events.pre=my.event.portal.ControlPanelAccessPreAction

Create ControlPanelAccessPreAction.java into appropriate package and add next code it:

package my.event.portal;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.service.GroupLocalServiceUtil;
import com.liferay.portal.service.RoleServiceUtil;
import com.liferay.portal.service.UserServiceUtil;
import com.liferay.portal.theme.ThemeDisplay;
 
/**
 * The ControlPanelAccessPreAction restricts access to Control panel of simple
 * users.
 */
public class ControlPanelAccessPreAction extends Action {
 
  /**
   * Instantiates a new control panel access pre action.
   */
  public ControlPanelAccessPreAction() {
 super();
  }
 
  /*
   * @see com.liferay.portal.kernel.events.Action#run(javax.servlet.http. HttpServletRequest,
   * javax.servlet.http.HttpServletResponse)
   */
  public void run(HttpServletRequest request,
      HttpServletResponse response) throws ActionException {
 try {
 
   ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
   if (GroupLocalServiceUtil.getGroup(themeDisplay.getLayout().getGroupId()).isControlPanel()) {
 
  User currentUser = UserServiceUtil.getUserById(themeDisplay.getUserId());
  if (!RoleServiceUtil.hasUserRole(currentUser.getUserId(),
           currentUser.getCompanyId(),
           "administrator",
           true)) {
    throw new PrincipalException("User " + request.getRemoteUser()
     + " can't access the control panel.");
  }
   
   }
 } catch (Exception ex) {
   throw new ActionException(ex);
 }
  }
}

Comment (2)

More Blog Entries

thumbnail

Liferay MVC Portlet Database Interactions / Liferay MVC CRUD Operations

thumbnail
Meera Prince
11 Aug
4
thumbnail

Remove Undeployed Portlets from Layouts

Venkat Koppavolu
29 May
4
Blogs
thumbnail
Gnaniyar Zubair
9 Years Ago
Gud to see ur continuous blog . Hope you are in development now.
we can achieve this through Permission Tauseef..
It would be helpful if you give your explanation with code. Thanks for understanding
Please sign in to reply.