Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Disabling the Control Panel for users Craig Pickles February 11, 2009 12:44 AM
RE: Disabling the Control Panel for users Mohamed Salah Sayed April 15, 2009 9:59 AM
RE: Disabling the Control Panel for users Miguel Coxo January 10, 2011 2:47 AM
RE: Disabling the Control Panel for users Tomas Polesovsky August 17, 2011 12:14 PM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 11, 2011 4:07 AM
RE: Disabling the Control Panel for users Sandeep Nair November 11, 2011 4:05 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 11, 2011 4:32 AM
RE: Disabling the Control Panel for users Sandeep Nair November 11, 2011 4:35 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 11, 2011 4:43 AM
RE: Disabling the Control Panel for users Sandeep Nair November 11, 2011 4:51 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 11, 2011 5:40 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 11, 2011 7:28 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 11, 2011 7:59 AM
RE: Disabling the Control Panel for users Tomas Polesovsky November 11, 2011 2:10 PM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 28, 2011 4:29 AM
RE: Disabling the Control Panel for users Tomas Polesovsky November 28, 2011 6:59 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS November 28, 2011 7:04 AM
RE: Disabling the Control Panel for users Tomas Polesovsky November 30, 2011 2:04 PM
RE: Disabling the Control Panel for users Marco Fargetta January 30, 2012 4:23 AM
RE: Disabling the Control Panel for users MICHAIL MOUDATSOS February 2, 2012 2:10 AM
Craig Pickles
Disabling the Control Panel for users
February 11, 2009 12:44 AM
Answer

Craig Pickles

Rank: New Member

Posts: 2

Join Date: February 10, 2009

Recent Posts

Hi All,
I am using Liferay 5.2 and want to prevent access to the Control Panel for non-admin users.

I have removed the menu item from the dock, however the user is still able to enter the URL and access the control panel directly.

After some investigation it seems the following code in the isViewableGroup method of ServicePreAction is responsible to allowing authenticated (non-default) users to view the control panel.
1
2if (group.getName().equals(GroupConstants.CONTROL_PANEL)) {
3    if (user.isDefaultUser()) {
4        return false;
5    }
6    else {    return true;
7    }
8}

My solution thus far has been to extend ServicePreAction and override isViewableGroup with the following:
 1      
 2        @Override
 3        protected boolean isViewableGroup(    User user, long groupId, boolean privateLayout,    PermissionChecker permissionChecker)            throws PortalException, SystemException {
 4                Group group = GroupLocalServiceUtil.getGroup(groupId);
 5
 6                if (group.getName().equals(GroupConstants.CONTROL_PANEL)) {
 7                        String[] controlPanelRoles = StringUtils.split(PropsUtil.get("control.panel.roles"));
 8                        List<String> rolesList = Arrays.asList(controlPanelRoles);
 9
10                        for(Role role : user.getRoles()) {
11                                if(rolesList.contains(role.getName())) {
12                                        return true;
13                                }
14                         }
15                         return false;
16                }
17                return super.isViewableGroup(user, groupId, privateLayout, permissionChecker);
18        }

Note: control.panel.roles is a property with a comma separated list of allowable roles. ie: Administrator

The solution works, but I am wondering if there is a better way of handling this scenario? In particular, can I hook into the permissions checker instead of accessing the property?

Any input would be much appreciated.
Cheers
Mohamed Salah Sayed
RE: Disabling the Control Panel for users
April 15, 2009 9:59 AM
Answer

Mohamed Salah Sayed

Rank: New Member

Posts: 6

Join Date: February 6, 2009

Recent Posts

Hello,

I am also not expert in this. But I tried this and it worked with me.
Only one comment, you have overridden the method in an incorrect way. Some times the original function returns false for other reasons.

Thanks Any way
Miguel Coxo
RE: Disabling the Control Panel for users
January 10, 2011 2:47 AM
Answer

Miguel Coxo

Rank: New Member

Posts: 16

Join Date: March 1, 2010

Recent Posts

Hello,

Anyone knows how to do this with hooks?
Tomas Polesovsky
RE: Disabling the Control Panel for users
August 17, 2011 12:14 PM
Answer

Tomas Polesovsky

LIFERAY STAFF

Rank: Liferay Master

Posts: 566

Join Date: February 13, 2009

Recent Posts

Hi,

for those who search for a hook solution - here it is:
1, create new myPreEvent and put it inside your hook's portal.properties:
1servlet.service.events.pre=com.asdf.myPreEvent

2, inside your myPreEvent implement access check:
 1
 2package com.asdf;
 3import ...
 4public class myPreAction extends Action {
 5    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {
 6        try {                        
 7            if (GroupLocalServiceUtil.getGroup(((ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY)).getLayout().getGroupId()).isControlPanel()){
 8                throw new PrincipalException("User is not allowed to access the Control Panel!");
 9            }
10        } catch (Exception ex) {
11            throw new ActionException(ex);
12        }
13    }
14}
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 11, 2011 4:07 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

any chance the myPreEvent and myPreAction is one and the same? Cause I'm confused with what you write.

I can't seem to make this work in Liferay 6.0.6. (I'm trying to restrict user access to Control Panel when they type http://ip:8080/group/control_panel)

I created a class my.pckg.ControlPanelAccessPreAction under WEB-INF/src

and put in the liferay-hook.xml the following:

1
2<hook>
3    <portal-properties>servlet.service.events.pre=my.pckg.ControlPanelAccessPreAction</portal-properties>
4</hook>


Am I missing something? In the Class code I copied and pasted exactly what you proposed. I also put some System.err.println() even before try-catch block but nothing on tomcat console...

Thank you in advance
Sandeep Nair
RE: Disabling the Control Panel for users
November 11, 2011 4:05 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

In your liferay-hook.xml add the following
<hook>
<portal-properties>servlet.service.events.pre=my.pckg.ControlPanelAccessPreAction</portal-properties>
</hook>

Create a file called portal.properties under WEB-INF/src folder

Inside this property file add
servlet.service.events.pre=my.pckg.ControlPanelAccessPreAction

Then deploy.

More about property hook here --> http://www.liferay.com/documentation/liferay-portal/6.0/development/-/ai/performing-a-custom-action

Regards,
Sandeep
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 11, 2011 4:32 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Thanks for instant reply.

I had tried a similar way but I had placed the portal.properties file under WEB-INF. Neverthe less, placing it under /src did not change anything.

In order to give you more feedback, I have two liferay installations (at different machines) and one database. I also tried deploying the hook in both machines still nothing changed. When I log in with a user and type ip:8080/group/control_panel, it shows the My Account choice in the control panel left menu (I have already disabled public and private pages through layout properties in portal-ex.properties)

Any more clues that could help me?

Thank you again, in advance!
Sandeep Nair
RE: Disabling the Control Panel for users
November 11, 2011 4:35 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

Click on control panel and it should throw exception.

Regards,
Sandeep
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 11, 2011 4:43 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Choosing "My Account" works normally. No exception is thrown. By the way I must add that my custom Action Class extends
1com.liferay.portal.kernel.events.Action

I think that's what I should have done.

I also read the page whose link you provided. It says what you briefly described here as well (and ty again for that), but nothing more...

Finally, if I m not mistaken there doesnt exist (at least not on Liferay 6.0.6) any property that would allow a list of roles to access Control panel, right? (Im asking because such a property is implied by post made much earlier which probably concerns another Liferay version)
Sandeep Nair
RE: Disabling the Control Panel for users
November 11, 2011 4:51 AM
Answer

Sandeep Nair

Rank: Liferay Legend

Posts: 1691

Join Date: November 5, 2008

Recent Posts

Hi,

I have created and tested the hook. Unzip it in your plugins sdk/hook folder and deploy it.

After deployment you would get permission error when you access Control panel

Regards,
Sandeep
Attachments: ControlPanel-hook.zip (10.0k)
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 11, 2011 5:40 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Thanks Mate! It actually worked!

The difference between your code and the directions written here was the liferay-hook.xml

where you have
1
2<hook>
3    <portal-properties>portal.properties</portal-properties>
4</hook>


Thanks again!
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 11, 2011 7:28 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

One more thing.

If I had to apply this to all users excluding the ones that have the "Administrator" role, how would this be possible? Do you have any idea?

In portlets I can always use the LiferayFacescontext. What is the approach here?
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 11, 2011 7:59 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Here's my quick n' dirty solution (in order to avoid companyIds,etc)

 1if (GroupLocalServiceUtil.getGroup(((ThemeDisplay)request.getAttribute(WebKeys.THEME_DISPLAY)).getLayout().getGroupId()).isControlPanel())
 2            {
 3                long userId = 0;
 4
 5                try
 6                {
 7                    String remoteUserId = request.getRemoteUser();
 8
 9                    System.err.println("Fetched userId: " + remoteUserId);
10
11                    String [] token = remoteUserId.split("[.]");
12
13                    userId = (long)Integer.parseInt(token[token.length-1]);
14                }
15                catch(Exception e)
16                {
17                    System.err.println("Error while fetching LiferayFacesContext: " + e);
18                }
19                //System.err.println("Checking Access to Control Panel...");
20
21                List<Role> roleList = RoleLocalServiceUtil.getUserRoles(userId);
22
23                Boolean granted = false;
24
25                for(Role role : roleList)
26                {
27                    //System.err.println("role.getName() " + role.getName());
28                    if(role.getName().compareTo("Administrator") == 0)
29                    {
30                        granted = true;
31                    }
32                }
33
34                if(!granted)
35                {
36                    throw new PrincipalException("User is not allowed to access the Control Panel!");
37                }
38            }
Tomas Polesovsky
RE: Disabling the Control Panel for users
November 11, 2011 2:10 PM
Answer

Tomas Polesovsky

LIFERAY STAFF

Rank: Liferay Master

Posts: 566

Join Date: February 13, 2009

Recent Posts

Hi Michail,

Sorry for my late response - you're right:
1, myPreAction = myPreEvent
2, you need to create portal.properties file

For checking the administrator role
1, see OmniadminUtil class, it's pity that you can't use it directly (it's in portal-impl emoticon ).
2, You'll also need:
1long[] OMNIADMIN_USERS = StringUtil.split(PropsUtil.get(PropsKeys.OMNIADMIN_USERS), 0L);
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 28, 2011 4:29 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Thanks! If I understand correctly your approach suggests to retrieve the omniadmin users and check directly if the user sending he request is one of them.

However, it is not clear to me if this is an addition or an alternate proposition to what I wrote, meaning that by reading your code it makes me wonder whether omni admins do not have the Administrator Role (in which case what you write is an addition).

So, do i need to explicitly detect omni-admin users?

By the way, my approach assumes that the role will have the name "Administrator" (which is the default name in Liferay). I suppose your approach for omni admins ensure that any user returned will have the omniadmin role no matter what its String representation is. I wonder whether I can extnd this for detecting admin users as well without having to rely on role String name.

Thanks again!
Tomas Polesovsky
RE: Disabling the Control Panel for users
November 28, 2011 6:59 AM
Answer

Tomas Polesovsky

LIFERAY STAFF

Rank: Liferay Master

Posts: 566

Join Date: February 13, 2009

Recent Posts

I hope I've caught your question well emoticon

The problem is that you can setup omniadmin also in portal(-ext).properties. These don't have Administrator role in DB se so you won't get Administrator role via the API.

Is it answer to your question?

-- tom
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
November 28, 2011 7:04 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

OMG it sure is!
...which means that I should also look up for such usrs (although I do not define omni-admins in portal-ext.properties, but who knows what may happen in the future?)
Isn't it a bit counter-intuitive though to have a user defined as omni-admin, via portal-ext.properties, and yet not being an actual administrator himself?

Thanks again!
Tomas Polesovsky
RE: Disabling the Control Panel for users
November 30, 2011 2:04 PM
Answer

Tomas Polesovsky

LIFERAY STAFF

Rank: Liferay Master

Posts: 566

Join Date: February 13, 2009

Recent Posts

Hmm, what to say? emoticon

You need to understand the logic behind, then it is intuitive emoticon

-- tom
Marco Fargetta
RE: Disabling the Control Panel for users
January 30, 2012 4:23 AM
Answer

Marco Fargetta

Rank: New Member

Posts: 2

Join Date: January 30, 2012

Recent Posts

Hi Micheal,

I tried your code and there is a problem. If the user get administrative privileges from the Group you are not
able to identify the role.

Just in case other would limit the access to a specific role, this the code I used to identify them:
1
2                    User liferayUser = UserServiceUtil.getUserById(Long.parseLong(request.getRemoteUser()));
3                    if(!RoleServiceUtil.hasUserRole(liferayUser.getUserId(), liferayUser.getCompanyId(), "administrator", true)){
4                        response.sendRedirect("/ControlPanel_denied");
5
6                    }


Cheers,
Marco
MICHAIL MOUDATSOS
RE: Disabling the Control Panel for users
February 2, 2012 2:10 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Marco Fargetta:
If the user get administrative privileges from the Group you are not
able to identify the role.


Can you elaborate on this one, please? Do you mean that It can't detect custom Roles, having the same privileges as the predefined Administrator Role? Or do you mean something else?

To be honest, I haven't checked the source code of hasUserRole(). What does it do? Does it check for user Role name, or does it infer the Role by searching the assigned privileges (quite unlikely I believe)