Friday, 22 August 2014

Liferay Permission System



Liferay Permission System :

In the liferay we have permission system so that we can define permissions system for the role.
Defining Permissions for a role can be happen in the following three ways :

  1. Page Level.
  2. Portlet Level.
  3. Model Resource level.

Page Level Permissions :


At page level, we can define the permissions(VIEW,UPDATE,PERMISSIONS etc) for a particular page on a particular role(Guest,Organization Member etc).
The defined permissions can be stored in two tables:
  1. Resource Action.
  2. Resource Permission.
In the Resource Action table we are maintaining actions for each resource.
For Example :
Page is a resource and the actions are like VIEW,UPDATE,PERMISSIONS etc. These details can be stored as follows as
ResourceActionId
name
actionId
Bitwisevalue
1
com.liferay.portal.model.Layout
VIEW
1
2
com.liferay.portal.model.Layout
ADD_DISCUSSION
2
3
com.liferay.portal.model.Layout
DELETE
4
4
com.liferay.portal.model.Layout
DELETE_DISCUSSION
8
5
com.liferay.portal.model.Layout
UPDATE
16
6
com.liferay.portal.model.Layout
UPDATE_DISCUSSION
32
7
com.liferay.portal.model.Layout
PERMISSIONS
64

Whenever we defined permissions (VIEW,UPDATE,PERMISSIONS etc) for a particular page on a particular role(Guest,Organization Member etc) these details are stored in the ResourcePermission table as follows as.
Resource Permission Table:
ResourcePermissionId
companyId
name
primkey
roleId
actionIds
1
10132
com.liferay.portal.model.Layout
111418
10139
1
2
10132
com.liferay.portal.model.Layout
111418
10147
3
3
10132
com.liferay.portal.model.Layout
111418
10140
127

Here 
primKey ->  It is the current PageId.
RoleId ->  It is nothing but roles like Guest (10139),Organization Member(10147),Owner (10140).
ActionIds ->  1(VIEW), 3 (VIEW and ADD_DISCUSSION), 127 (All Permissions).

Retrieving the defined page level permissions programmatically:

Step 1 :
Send companyid, Layout class name ,PageId parameters to the ‘getResourcePermissions()’ method of
ResourcePermissionLocalServiceUtil  class.
List<ResourcePermission>  resourcePermissionObj=ResourcePermissionLocalServiceUtil.getResourcePermissions(themeDisplay.getLayout().getCompanyId(),Layout.class.getName(),ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(themeDisplay.getLayout().getPlid()));
Step 2 :
Retrieve the values from the ‘ resourcePermissionObj’ and get the respective roleIds like 10139(Guest),10140(0wner) etc.
Iterator  resourcePermissionObjDetails=resourcePermissionObj.iterator();
                while(resourcePermissionObjDetails.hasNext()){
                                ResourcePermission resourcePermissionData=(ResourcePermission)resourcePermissionObjDetails.next();
Role roleObj=RoleLocalServiceUtil.getRole(resourcePermissionData.getRoleId());
}
Step 3 :
Check what type of permissions (VIEW,UPDATE etc) is defined for a particular role on the particular page.
boolean flag=ResourcePermissionLocalServiceUtil.hasResourcePermission(themeDisplay.getLayout().getCompanyId(), Layout.class.getName(),ResourceConstants.SCOPE_INDIVIDUAL,String.valueOf(themeDisplay.getLayout().getPlid()) ,resourcePermissionData.getRoleId() , "VIEW")

Portlet Level Permissions :


At portlet level, we can define the permissions(Add to Page,View,Configuration etc) of a portlet  on a particular role(Guest,Organization Member etc).
The defined permissions can be stored in two tables:
  1. Resource Action.
  2. Resource Permission.
In the Resource Action table we are maintaining actions for each resource.
For Example :
Portlet(Like Calendar Portlet) is a resource and the actions are like Add to Page,View,Configuration etc. These details can be stored as follows as
ResourceActionId
name
actionId
Bitwisevalue
1
8
VIEW
1
2
8
ACCESS_IN_CONTROL_PANEL
2
3
8
ADD_TO_PAGE
4
4
8
CONFIGURATION
8
Here ‘8’ indicates the portletId of the calendar portlet.
Whenever we defined permissions (Add to Page,View,Configuration etc) for a portlet(Calendar) on a particular role(Guest,Organization Member etc) these details are stored in the ResourcePermission table as follows as.
Resource Permission Table:
ResourcePermissionId
companyId
name
primkey
roleId
actionIds
1
10132
8
111008_LAYOUT_8
10139
1
2
10132
8
111008_LAYOUT_8
10147
3
3
10132
8
111008_LAYOUT_8
10140
15

Here 
name -> 8 indicates the portletId of the calendar portlet.
primKey -> ‘ 111008_LAYOUT_8 ‘  It is the current combination of ‘ PageId_LAYOUT_PortletId’.
roleId ->  It is nothing but roles like Guest (10139),Organization Member(10147),Owner (10140).
actionIds ->  1(VIEW), 3 (VIEW and ACCESS_IN_CONTROL_PANEL), 15 (All Permissions).

Retrieving the defined portlet level permissions programmatically:

Step 1 :
Send companyid,portletId ,primkey(combination of PageId_LAYOUT_PortletId) parameters to the ‘getResourcePermissions()’ method of ResourcePermissionLocalServiceUtil  class.
List<ResourcePermission>  resourcePermissionObj=ResourcePermissionLocalServiceUtil.getResourcePermissions(themeDisplay.getLayout().getCompanyId(),themeDisplay.getPortletDisplay().getId(),ResourceConstants.SCOPE_INDIVIDUAL, primKey);
Step 2 :
Retrieve the values from the ‘ resourcePermissionObj’ and get the respective roleIds like 10139(Guest),10140(0wner) etc.
Iterator  resourcePermissionObjDetails=resourcePermissionObj.iterator();
while(resourcePermissionObjDetails.hasNext()){
                ResourcePermission resourcePermissionData=(ResourcePermission)resourcePermissionObjDetails.next();
Role roleObj=RoleLocalServiceUtil.getRole(resourcePermissionData.getRoleId());
}
Step 3 :
Check what type of permissions (Add to Page,View,Configuration etc) is defined for a particular role on the particular page.
boolean flag=ResourcePermissionLocalServiceUtil.hasResourcePermission(themeDisplay.getLayout().getCompanyId(),themeDisplay.getPortletDisplay().getId(),ResourceConstants.SCOPE_INDIVIDUAL, primKey,resourcePermissionData.getRoleId(),"VIEW")

Model Resource(Calendar Event, Manage Pages,Manage Teams) Level Permissions :


At Model Resource(Calendar Event,Manage teams etc) level, we can define the permissions(View,Add Discussion,Permissions etc) for a model resource (Calendar Event)on a particular role(Guest,Organization Member etc).

The defined permissions can be stored in two tables:
  1. Resource Action.
  2. Resource Permission.
In the Resource Action table we are maintaining actions for each resource.
For Example :
Model Resource (Like Calendar events) is a resource and the actions are VIEW,UPDATE,PERMISSIONS etc. These details can be stored as follows as
ResourceActionId
name
actionId
Bitwisevalue
1
com.liferay.portlet.calendar.model.CalEvent
VIEW
1
2
com.liferay.portlet.calendar.model.CalEvent
ADD_DISCUSSION
2
3
com.liferay.portlet.calendar.model.CalEvent
DELETE
4
4
com.liferay.portlet.calendar.model.CalEvent
DELETE_DISCUSSION
8
5
com.liferay.portlet.calendar.model.CalEvent
UPDATE
16
6
com.liferay.portlet.calendar.model.CalEvent
UPDATE_DISCUSSION
32
7
com.liferay.portlet.calendar.model.CalEvent
PERMISSIONS
64

Whenever we defined permissions (VIEW,UPDATE,PERMISSIONS) for a model resource(Calendar event) on a particular role(Guest,Organization Member etc) these details are stored in the ResourcePermission table as follows as.
Resource Permission Table:
ResourcePermissionId
companyId
name
primkey
roleId
actionIds
1
10132
com.liferay.portlet.calendar.model.CalEvent
109611
10139
1
2
10132
com.liferay.portlet.calendar.model.CalEvent
109611
10147
3
3
10132
com.liferay.portlet.calendar.model.CalEvent
109611
10140
127

Here 
primKey ->109611 indicates the Calendar Event Id.
roleId ->  It is nothing but roles like Guest (10139),Organization Member(10147),Owner (10140).
actionIds ->  1(VIEW), 3 (VIEW and ADD_DISCUSSION), 127 (All Permissions).

Posted by at

1 comment:

  1. Unknown8 October 2015 at 11:50

    This was useful, thanks. The procedure that worked for us with Liferay 6.2, as an example, was:

    Get the guest role for the right Company (Instance):
    select * from role_ where companyid=62862 and name='Guest’;
    (roleid=62869)

    Find the page we want to fix (/welcome):
    select * from layout where companyid=62862 and friendlyURL='/welcome’;
    (plid= 66975)
    [layout.plid = resourcepermission.primkey]

    Find the desired resourcepermissionid record for the Guest user:
    select * from resourcepermission where companyid=62862 and name='com.liferay.portal.model.Layout' and primkey='66975' and roleid=62869;
    [name=‘com.liferay.portal.model.Layout’ is probably not necessary]
    (resourcepermissionid=62742)

    Fix the perms to allow Guest views:
    update resourcepermission set actionIds=1 where resourcepermissionid=62742;

    Stop the portal. Clear out work/temp caches and restart.

    That should do it.

    ReplyDelete

Subscribe to: Post Comments (Atom)