Environment: Liferay 6.1 GA3 EE
Can we have custom permissions defined for the portal?
We can create custom permissions in our plugin portlet through creating an XML with <portlet-resource>
tag and defining the <action-key>
within it.
And when I go to define permissions for a Role in Control Panel my portlet appears in the section Site Applications
, now what I want is to create custom permissions (not through EXT) in a portlet or hook that should have a separate category as My Custom
and should have custom permissions like <action-key>ACCESS_EMAIL</action-key>
, <action-key>ACCESS_TOOLSET<\action-key>
etc.
In short my custom category should appear within section Portal
as shown in the following figure while I define the permission for a custom Portal (regular) role:
I would like to use this permission not for a specific portlet but need to use it inside jsp-hooks or any other of my custom portlets. Just like we have ADD_SITE
, ADD_USER
etc permissions in Portal
--> General
, I want to have these permissions as generic.
Edit
To make the portlet appear in any of the section I created a simple custom-portlet, so the portlet appeared in the Site Application
section and if I want I can make it appear in the Control Panel
sections as well.
But now the problem is I don't have any view nor any implementation in this portlet so I make it hidden by updating the liferay-display.xml
and putting it under category.hidden
. This also hides it from the Define Permission
drop-down.
And if I don't use the lifeay-display.xml
liferay puts it under the Undefined
category while accessing it from +Add
menu in dockbar. :-(
Thank You
You can use custom permissions for these types of controls. Custom permissions let you define access checks that can be assigned to users via permission sets or profiles, similar to how you assign user permissions and other access settings.
Custom permissions let you define access checks that can be assigned to users via permission sets or profiles, similar to how you assign user permissions and other access settings. For example, you can define access checks in Apex that make a button on a Visualforce page available only if a user has the appropriate custom permission.
You add table permissions to web roles so you can define roles in your organization that correspond logically to the privileges and concepts of record ownership and access. Remember that a given contact can belong to any number of roles, and a given role can contain any number of table permissions. More information: Create web roles for portals.
Here are some methods that can help you determine the permissions you will want to add to your custom role: Look at existing built-in roles. You might want to modify an existing role or combine permissions used in multiple roles. List the Azure services you want to grant access to.
This is how we achieved it:
/resource-actions/custompermission.xml
to specify the different custom permissions we want. The full steps are identical to this wiki.Add
menu in dockbar, neither in Control-panel nor in the Define Permissions
drop-down.Now create a JSP hook (you can either create a separate plugin or include the hook in the custom-portlet defined in point no. 1) and modify the /docroot/html/portlet/roles_admin/edit_role_permissions_navigation.jspf
to include our custom category:
<aui:form action="<%= currentURL %>" name="resourceSelection">
<aui:fieldset>
<aui:select changesContext="<%= true %>" name="add-permissions" onchange='<%= renderResponse.getNamespace() + "addPermissions(this);" %>'>
<aui:option label="" />
<%-- Our customization starts here --%>
<%--
We have added our very own option group but this is not required just the <aui:option> will do
--%>
<optgroup label="<liferay-ui:message key="custom" />">
<%
if (_isCustomPermissionsPortlet(CUSTOM_PERMISSIONS_PORTLET)) {
editPermissionsURL.setParameter("portletResource", CUSTOM_PERMISSIONS_PORTLET);
editPermissionsURL.setParameter("showModelResources", "0");
%>
<%--
and here we add our own Permission category drop-down option
--%>
<aui:option label="custom-permissions"
selected="<%= _isCurrent(editPermissionsURL.toString(), portletResource, showModelResources) %>"
value="<%= editPermissionsURL.toString() %>" />
<%
}
%>
</optgroup>
<%-- Our customization ends here --%>
<c:choose>
<c:when test="<%= role.getType() == RoleConstants.TYPE_SITE %>">
<optgroup label="<liferay-ui:message key="administration" />">
<% // Other liferay stuff continues ...
and at the end of the JSP we have:
// ... other liferay stuff
private boolean _isOrganizationPortlet(String portletId) {
return ArrayUtil.contains(_ORGANIZATION_PORTLETS, portletId);
}
private boolean _isPortalPortlet(String portletId) {
return ArrayUtil.contains(_PORTAL_PORTLETS, portletId);
}
// Our customization starts here
// portlet's ID
public static final String CUSTOM_PERMISSIONS_PORTLET = "CustomPermissions_WAR_CustomPermissionsportlet";
private static final String[] _CUSTOM_PERMISSIONS_PORTLET = {
CUSTOM_PERMISSIONS_PORTLET,
};
private boolean _isCustomPermissionsPortlet(String portletId) {
return ArrayUtil.contains(_CUSTOM_PERMISSIONS_PORTLET, portletId);
}
// Our customization ends here
This is how it looks in the Control Panel:
We can move the permissions in the Portal
section as well by moving our customized code to that place in the JSP.
The advantage of having it above is that it will be displayed when we want to set Define Permissions for Site Role.
Hope this helps somebody.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With