Forums

Home » Liferay Portal » English » 2. Using Liferay » General

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Document library - controlling access per Organization Thomas Kellerer June 29, 2009 7:20 AM
RE: Document library - controlling access per Organization Auditya manikanta Vadrevu July 1, 2009 11:05 PM
RE: Document library - controlling access per Organization Thomas Kellerer July 2, 2009 2:56 AM
RE: Document library - controlling access per Organization Victor Zorin July 2, 2009 3:43 AM
RE: Document library - controlling access per Organization Thomas Kellerer July 2, 2009 4:49 AM
RE: Document library - controlling access per Organization Thomas Kellerer July 6, 2009 2:34 AM
RE: Document library - controlling access per Organization Thomas Kellerer July 6, 2009 5:30 AM
RE: Document library - controlling access per Organization Kyrre Myrbostad July 10, 2009 2:35 AM
RE: Document library - controlling access per Organization Victor Zorin July 10, 2009 3:18 AM
RE: Document library - controlling access per Organization Kusuma Atmakuri September 2, 2013 5:43 AM
RE: Document library - controlling access per Organization Auditya manikanta Vadrevu July 2, 2009 5:52 AM
RE: Document library - controlling access per Organization Thomas Kellerer July 3, 2009 5:05 AM
RE: Document library - controlling access per Organization Auditya manikanta Vadrevu July 5, 2009 11:58 PM
RE: Document library - controlling access per Organization Thomas Kellerer July 6, 2009 1:33 AM
RE: Document library - controlling access per Organization Auditya manikanta Vadrevu July 6, 2009 1:45 AM
RE: Document library - controlling access per Organization Thomas Kellerer July 6, 2009 2:27 AM
RE: Document library - controlling access per Organization Thomas Kellerer July 6, 2009 6:04 AM
RE: Document library - controlling access per Organization Auditya manikanta Vadrevu July 6, 2009 9:50 PM
RE: Document library - controlling access per Organization Thomas Kellerer July 8, 2009 6:47 AM
Thomas Kellerer
Document library - controlling access per Organization
June 29, 2009 7:20 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Hi,

is it possible to setup the Document Library (and the document library display portlet) so that I can assign a bunch of document to a specific Organization (ideally to a Role & an Organization) so that UserA from OrganizationA only sees documents that are "assigned" to OrganizationA

If UserB who belongs to OrganizationB logs in and displays the same page, only documents "assigned" to OrganizationB are displayed.

Thanks in advance
Thomas
Auditya manikanta Vadrevu
RE: Document library - controlling access per Organization
July 1, 2009 11:05 PM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

hi thomas kellerer,

see this post. DL Permission

With Regards,
V.Auditya
Thomas Kellerer
RE: Document library - controlling access per Organization
July 2, 2009 2:56 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Thanks for the answer.

The suggested workaround in that post is to create a role for each organization I create, right?

And this must be a regular role because organization roles are not displayed in the permission dialog of the DL,.

That means, if I have 1000 organizations I need to create 1000 roles just to be able to limit visibility of documents?

Seems a rather clumsy and error-prone solution.

Thomas
Victor Zorin
RE: Document library - controlling access per Organization
July 2, 2009 3:43 AM
Answer

Victor Zorin

Rank: Liferay Legend

Posts: 1176

Join Date: April 14, 2008

Recent Posts

Thomas, judging from own practical experience, we found that, rather than building complex permission-based structures, it is much easier and safer to organize a proper way of navigating users around those groups they have membership in.
And it is not just about providing controlled and secure access to document libraries, but to everything that is deployed in each group - wiki, forums, calendar events, articles, search, e-forms, real-time functions, etc.
Liferay provides good separation between groups but, when you start adding various roles [and even worse -> portlet-specific roles], practical maintenance of an entire setup becomes a real challenge. And once your system goes into production, security holes will get larger with every little adjustment.

PS. In about 1 week time, we expect to finalize a sample collaboration demo site, where every forum user will be able to log in, see and discuss design patterns of making membership-based collaboration systems on liferay portal.
Thomas Kellerer
RE: Document library - controlling access per Organization
July 2, 2009 4:49 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

I do share the same opinion about using roles for everything, that's why I would like to avoid that solution.

I still don't see how I can limit access to documents in the DL based on the organization?
Auditya manikanta Vadrevu
RE: Document library - controlling access per Organization
July 2, 2009 5:52 AM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

hi thomas,

That means, if I have 1000 organizations I need to create 1000 roles just to be able to limit visibility of documents?

Seems a rather clumsy and error-prone solution.


You misunderstood my post.

I had suggested to modify the code so that it will check the View Permission of what ever role you assign (organisation role or etc..,) If the user doesnot have View permission on any of the role he consists, then that folder or document will not be visible.


With Regards,
V.Auditya
Thomas Kellerer
RE: Document library - controlling access per Organization
July 3, 2009 5:05 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Auditya manikanta Vadrevu:
hi thomas,

That means, if I have 1000 organizations I need to create 1000 roles just to be able to limit visibility of documents?

Seems a rather clumsy and error-prone solution.


You misunderstood my post.

I had suggested to modify the code so that it will check the View Permission of what ever role you assign (organisation role or etc..,) If the user doesnot have View permission on any of the role he consists, then that folder or document will not be visible.
I still don't understand this.
Which "code" you mean?

And which role would I check agains? If want to limit the access of documents per organization, that will mean I have one role per organization (against which role should I check the user otherwise?) Any (!) user of organization A can see documents one and two, any (!) user of organization B can see documents three and four.
Auditya manikanta Vadrevu
RE: Document library - controlling access per Organization
July 5, 2009 11:58 PM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

hi thomas,

Which "code" you mean?


 1
 2
 3
 4IN DOCUMENT LIBRARY (view.jsp) just add one statement to check the permission of signed in user to display folders .
 5
 6
 7the statement is
 8
 9boolean showfolder = DLFolderPermission.contains(permissionChecker, curFolder, ActionKeys.VIEW);
10
11if(showfolder == true)
12{
13/* then display the folder */
14<a href="<%= folderURL %>"><%= curFolder.getName() %></a>
15---------------------------------------
16------------------------------------------
17}
18
19
20for documents, do the same procedure in file_entry_columns.jpsf
21
22boolean showDoc = DLFileEntryPermission.contains(permissionChecker, fileEntry, ActionKeys.VIEW);
23if(showDoc == true)
24{
25/* display documents */
26}



What ever role (org or comm) you mention on that document , it will check the user having that role have View over document or not, if not it will not display document.
Actually, the default behaviour is permissions are not checked while displaying, it is checked when you access it. when a member tries to access any content which he does not have permission to view then he will be alerted that "You do not have required permissions".

When you add this code, then permissions will be checked when the content is displayed.

See this Link also

With Regards,
V.Auditya.
Thomas Kellerer
RE: Document library - controlling access per Organization
July 6, 2009 1:33 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

So I need to change the Liferay code to achieve this emoticon
Auditya manikanta Vadrevu
RE: Document library - controlling access per Organization
July 6, 2009 1:45 AM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

Just a single condition that too in a jsp file thats all..
Thomas Kellerer
RE: Document library - controlling access per Organization
July 6, 2009 2:27 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Auditya manikanta Vadrevu:
Just a single condition that too in a jsp file thats all..

Which will be overwritten when I upgrade Liferay...
Thomas Kellerer
RE: Document library - controlling access per Organization
July 6, 2009 2:34 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Victor Zorin:
Thomas, judging from own practical experience, we found that, rather than building complex permission-based structures, it is much easier and safer to organize a proper way of navigating users around those groups they have membership in.

I don't see how this would help me, as the download portlet does not support user groups. At least not in an obvious way, I have not found any setting where I could limit the visibility of a folder to a user group (or an organization), it only offers permissions based on roles
Thomas Kellerer
RE: Document library - controlling access per Organization
July 6, 2009 5:30 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

I just tried to go through the setup with user groups, and they won't help me here.

With organizations I can define a user who is the "Organization Admin". He should be able to add or remove users from the Organization, but cannot see or modify other organizations. Which can easily be done using the "Organization Owner" role.

With a user group I don't have this level of control. As far as I can tell I cannot restrict the permission to manage the users of a user group to that specific group. A role cannot be "tied" to a user group and when editing the permissions of a user group, only regular roles are displayed (no community or organization roles).

So basically it winds up to the fact that I cannot do what I would like to do.

Additionally I'm also planning to use the announcement portlet to distribute information to the individual organizations, but again this does not work. I can only select roles or user groups to which announcements are sent, not organizations.

It seems that I cannot achieve what I want to do emoticon

Neither the Document library nor the Announcement portlet can deal with Organizations.
Thomas Kellerer
RE: Document library - controlling access per Organization
July 6, 2009 6:04 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Auditya manikanta Vadrevu:
What ever role (org or comm) you mention on that document , it will check the user having that role have View over document or not, if not it will not display document.


Even if I decide to "patch" the Liferay source code, that wouldn't help me if I understand you correctly.

As I have to check for a role in that service call, I still need to create one role for each organization. I don't see any other way to limit documents to members of a specific organization.
Auditya manikanta Vadrevu
RE: Document library - controlling access per Organization
July 6, 2009 9:50 PM
Answer

Auditya manikanta Vadrevu

Rank: Liferay Master

Posts: 621

Join Date: May 6, 2008

Recent Posts

hi thomas

so that I can assign a bunch of document to a specific Organization (ideally to a Role & an Organization) so that UserA from OrganizationA only sees documents that are "assigned" to OrganizationA


From version 5.1.1 portal uses RBAC algorithm where every thing is associated with roles only. If you want to have the specified requirement then try the procedure using previous algorithms where you can assign view permissions direclty to the organisation

i think it may work with previous algorithm , check it.. .If you want to use new algorithm then you need to create roles.

With Regards,
V.Auditya
Thomas Kellerer
RE: Document library - controlling access per Organization
July 8, 2009 6:47 AM
Answer

Thomas Kellerer

Rank: Expert

Posts: 375

Join Date: June 9, 2008

Recent Posts

Auditya manikanta Vadrevu:
hi thomas

From version 5.1.1 portal uses RBAC algorithm where every thing is associated with roles only. If you want to have the specified requirement then try the procedure using previous algorithms where you can assign view permissions direclty to the organisation

i think it may work with previous algorithm , check it.. .If you want to use new algorithm then you need to create roles.
OK, not the answer I hoped for but I guess I need to live with it.

So we will need to roll out our own portlet to manage documents that can check for organization membership emoticon

What's the (intended) use of organizations then if I can't build business rules (and processes) around them?

Regards
Thomas
Kyrre Myrbostad
RE: Document library - controlling access per Organization
July 10, 2009 2:35 AM
Answer

Kyrre Myrbostad

Rank: Junior Member

Posts: 37

Join Date: January 21, 2009

Recent Posts

Victor Zorin:

PS. In about 1 week time, we expect to finalize a sample collaboration demo site, where every forum user will be able to log in, see and discuss design patterns of making membership-based collaboration systems on liferay portal.


Hi, did you make such a site and if you did - could you tell me where to find it?
Victor Zorin
RE: Document library - controlling access per Organization
July 10, 2009 3:18 AM
Answer

Victor Zorin

Rank: Liferay Legend

Posts: 1176

Join Date: April 14, 2008

Recent Posts

Kyrre, unfortunately still working on it. While it takes only a couple of days to assemble a new system, a lot of explanations are to be put onto each page. In the next 2 months, we intend to publish at least 5 'liferay use blueprints' for various types of industry, from collaboration, customer service to real-time logistics. They are all based on our past and current projects, so it takes time making them generic enough to avoid any intellectual property conflicts. Current ETA for collaboration portal is currently stretched to July 20th.
Kusuma Atmakuri
RE: Document library - controlling access per Organization
September 2, 2013 5:43 AM
Answer

Kusuma Atmakuri

Rank: New Member

Posts: 1

Join Date: September 2, 2013

Recent Posts

Wow... I see this thread 5 yrs old and it's still not updated with any solution.

Hi guys,
I am very new to this and I wonder if there is any out of the box solution with 6.1? Any update on this would help me a lot in my evaluation on this product.

Thank you!