Liferay 6.2EE Resource Permissions Reports - Pt 1

thumbnail
Daniel Tyger
Published Date6 Years Ago - 120311 Views

Background and Need:

Our campus portal (Site) administrators have a need to review permissions across their sites of various objects. In particular, we see requests for page, portlet, and Web Content permissions reports that we currently offer our site managers. They have also expressed desire for Document Library permission reports. We have over 1600 roles in Liferay and some sites have several hundred pages, so you can imagine this managerial task being daunting on a resource-by-resource review of items. I have begun exploring a solution in Liferay 6.2EE.

Liferay “Permission 6” Algorithm:

First, we must understand Liferay 6.2 permission algorithm. Take a “Deep Dive” into Liferay 6+ roles and permissions. Here is another similar explanation. Also, we need to understand bitwise values and extracting them from summed integers in the resourcepermissions table against their resourceaction models for various object privileges that may be assigned.

Liferay EE Reporting Solution Plugins:

Liferay EE customers have access to the following two MarketPlace plugin applications:

These two portlets combined can be deployed to the portal instance and provide adequate replacement of reporting technology. You’ll have to do some setup. Go through the Liferay Reporting User Guide documentation. Note that you will need to create appropriate queries and corresponding report definition files in the form of .JRXML to meet Jaspersoft’s requirements to produce the reports.

 

Page Permissions Walkthrough:

To retrieve the possible bitwise permission values of the page layout model, run this:

select * from resourceaction where name = 'com.liferay.portal.model.Layout';

+------------------+---------------------------------+----------------------------------------+---------------+

| resourceActionId | name                            | actionId                   | bitwiseValue |

+------------------+---------------------------------+-----------------------------------------+--------------+

|              360 | com.liferay.portal.model.Layout | ADD_DISCUSSION     |            2     |

|              980 | com.liferay.portal.model.Layout | ADD_LAYOUT             |            8     |

|              981 | com.liferay.portal.model.Layout | CONFIGURE_PORTLETS |           16     |

|              982 | com.liferay.portal.model.Layout | CUSTOMIZE              |           32     |

|              983 | com.liferay.portal.model.Layout | DELETE                 |           64     |

|              984 | com.liferay.portal.model.Layout | DELETE_DISCUSSION    |          128    |

|              985 | com.liferay.portal.model.Layout | PERMISSIONS            |          256     |

|              361 | com.liferay.portal.model.Layout | UPDATE                 |            4     |

|              986 | com.liferay.portal.model.Layout | UPDATE_DISCUSSION   |          512     |

|              362 | com.liferay.portal.model.Layout | VIEW                   |            1     |

 

Next, you can check how many different permission assignments have been given to pages in your portal:

select distinct actionIds from resourcepermission where name='com.liferay.portal.model.Layout';

 

In our case, a quick-view report will suffice where we let managers know which roles have default privileges (e.g. VIEW / Add Discussion) and which ones have elevated privileges and may need to be examined for appropriate access levels...

 

We can get the relevant data from the resourcepermissions table and calculate the presence of any bitwise value(s) we want to report on:
 

SELECT l.friendlyURL URL, 
l.type_ Page_Type,
r.name Role_Name,
(case when (actionIds < 4) then 'ViewDisc' else ‘Elevated’ end) Privileges
FROM resourcepermission rp
JOIN role_ r ON (rp.roleId = r.roleId)
JOIN layout l ON (rp.primKey = CAST(l.plid AS CHAR))
WHERE l.groupId=170790
AND r.name != 'Owner'
ORDER BY l.friendlyURL,r.name;

 

Creating Report Definitions and Reports:

The Jasper Reports engine will require an accurately-produced report definition .jrxml file, which can be created using the iReport Designer software that is available for Mac at this time. A JREE version is also available for Eclipse.
 

Install the iReport Designer.

Next, Use the QuickStart path and prepare a report definition file…:

  1. Create an ssh connection to target database server to allow the software to communicate with the database:
    ssh -l root -L 3308:localhost:3306 your.liferay.server.edu

  2. Create / test / save a JDBC connection (mysql) through the secure tunnel to the target db server that utilizes this tunnel:
             iReport-jdbc-conn.png

  3. Create a new report using the wizard. (I used the ‘Coffee’ [landscape] template)

  4. Insert your query. Choose “Next.” Enter your db password. This step may take a long time…

  5. Once it registers the query, Choose which fields will populate the report.

  6. Group BY (you may ignore this if you have an order by clause in your own query. Next. Finish

  7. Make size adjustments in the designer screen. I also removed the footer options, images and reduced the banner size dramatically, etc… deleted the footer band altogether. Set Title to 800, small font.

  8. In the XML View, swap out any Times or Arial fonts for “Serif” or “San-Serif”. Add the following property to your .jrxml file will prevent the header columns from repeating on each ‘page’ - this improved the formatting:
    <jasperReport ... isIgnorePagination="true" ...>

  9. Save the JRXML file.

  10. In Liferay, go to the desired site > Site Admin > Configuration > Reports Admin > Report Definitions > New Report Definition. Upload your .jrxml file and name / save it.

  11. Now choose Actions “Add a Report” from the newly-created report definition. Complete the form and save. A report will be generated shortly thereafter…

  12. Under Reports Admin, select your report. On the screen at the bottom is an Actions > Download option.
     

Report Definitions / Templates Created:

We have created several JRXML report templates which can quickly be adapted for any Site. The reports are stripped down to a minimalist presentation to allow for widest compatibility upon report export-- these reports are exporting perfectly for me as PDF, XLS, CSV, HTML. The following reports are ready-to-go:

  • Pages, Titles, Permissions, Roles, URLs

  • Web Content Objects / URLs, Roles, Permissions

  • Web Content Display portlets / URLs, Roles, Permissions

  • Document Library Folders, Roles, Permissions

  • Document Library Files, Roles, Permissions

  • IFrame Portlets, URLs, Roles, Permissions

  • Navigation Portlets, URLs, Roles, Permissions

 

I will share these files in an upcoming addition to this blog article.

Comment (2)

More Blog Entries

thumbnail

Audience Targeting Now Available

thumbnail
Jamie Sammons
05 Jan
2
thumbnail

Using Reflection API in liferay

thumbnail
Chandan Sharma
10 Jan
1
Blogs
thumbnail
Jose M. Navarro
9 Years Ago
I like your creative solution to extract the page name from the localizations XML. Quite funny!
Please sign in to reply.
I van der Velden
9 Years Ago
Hi Daniel,
Interesting blog post! I have some questions about the implementations of Liferay at your university. Could you please contact me or send me a friend request on the liferay website? Thank you!
Please sign in to reply.