« Back to Themes

Using Custom Permissions in Theme

Introduction #

Our goal is to add a custom permission to Liferay that can be used to control access/visibility to resources in the Velocity templates in a custom theme. This allows an administrator to manage access through the front-end of the software, in a manner they are probably already familiar with. In our example, we'll create a role that will be used to determine if a user can see the dock, but these principles could be applied to many other scenarios

This article assumes that you have already configured your Plugins SDK environment and downloaded the Liferay Portal source code.

Creating a custom theme #

-From a command prompt, navigate to the plugins/themes directory -Create a new them using the following command:

create dock-permissions "Dock Permissions"
-Change your directory to dock-permissions-theme and deploy your new theme using the following command:
ant deploy
-Watch the command window and the console to ensure the theme is deployed and registered successfully and available for use. -Log in to Liferay and from the Dock, select Manage Pages. -Select the Look and Feel tab and choose your new Dock Permissions theme. -The theme will change to a very unstyled look and feel

You have now created and deployed a new custom theme. At this point, it's not very usable because it has no styling associated with it. For the purposes of this example, we're going to copy the styling that's applied to the Liferay classic theme.

-Using your file explorer, navigate to your portal source code folder, -Copy the contents of the portal-web\docroot\html\themes\classic\_diffs directory to plugins\themes\dock-permissions-theme\docroot\_diffs -From the command prompt, deploy the dock-permission-theme again. -Refresh your browser and you should see the dock-permission-theme looks just like the Liferay Classic theme.

Customizing the Resource Actions #

We'll be making use of Liferay's Permission System to control who will see the Dock in our custom theme. Liferay's Permissions system is based on the concepts of actions and resources. In our case, we'll be adding the action VIEW_DOCK to the com.liferay.portal.model.Layout resource.

The resource-actions for a portlet are stored in the /resource-actions/$portletname.xml file. We need to modify the resource actions that are associated with the communities portlet, so we'll be modifying the /resource-actions/communities.xml file. This file is embedded in the portal-impl.jar, and should not be modified. Instead, we will create a new communities.xml file in the /WEB-INF/classes/resource=actions folder of our Liferay installation.

-In a command prompt window, navigate to your /webapps/ROOT/WEB-INF/lib folder. -In this folder is the portal-impl.jar file. To extract the communities.xml file from this .jar, issue the following command:

jar xvf portal-impl.jar resource-actions/communities.xml
-The communities.xml file will be extracted to a resource-actions folder in the lib directory. -Copy the resource-actions folder from the lib directory to /webapps/ROOT/WEB-INF/classes -Open /webapps/ROOT/WEB-INF/classes/resource-actions/communities.xml with a text editor. -Add the following line to the <supports> section of the <model-resource> section (approximately line 28):
<action-key>VIEW_DOCK</action-key> 
-Save the file, then stop and restart Liferay.

Creating a custom role #

The VIEW_DOCK permission is now part of the My Communities portlet and can be added to any existing role. For this example, we'll create a new role called Dock-Users and assign this new permission.

-Navigate to the Control Panel and select Roles under the Portal heading. -Click the Add button -Enter Dock-Users for the name and provide a description. -Click Save. -Click the Actions button that corresponds to the Dock-Users role and select Define Permissions. -Click the Add Portlet Permissions, and select the My Communities portlet. -In the Page section, find the action.VIEW_DOCK entry and set the scope to Enterprise. -Click Save, then click the Roles link in the breadcrumb trail. -Click the Actions button that corresponds to the Dock-Users role again and this time select Assign Members. -Assign some users to this new role and save.

Checking Permissions in a Theme #

The last step is to check for our new permission inside our custom theme. This would be done in one of the Velocity templates. In our example, we want to hide the entire Dock for users that don't have the VIEW_DOCK permission, so we'll create a variable called $show_dock that can be used to determine if the Dock should be displayed.

-Create a new folder called templates at plugins/themes/dock-permissions-theme/docroot/_diffs -Copy init_custom.vm and portal_normal.vm from plugins/themes/dock-permissions-theme/docroot/templates to /themes/dock-permissions-theme/docroot/_diffs/templates -Add the following line to _diffs/templates/init_custom.vm:

#set ($show_dock = $layoutPermission.contains($permissionChecker, $getterUtil.getLong($plid), "VIEW_DOCK"))
-In the _diffs/templates/portal_normal.vm, replace the following code:
#parse ("$full_templates_path/dock.vm")
with

#if ($show_dock)
  #parse ("$full_templates_path/dock.vm")
#end

-Re-deploy your theme.

Prior to log in, the Dock should no longer be visible. Once logged in, users that are members of the Dock-Users role will now be able to see the Dock. For all others, the Dock should not be visible.

Note, if you hide the Dock from users, you will have to provide some other means for them to sign out.

References #

Plugins SDK
http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Plugins+SDK

Using Liferay's Permissions System from a portlet
http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Using+Liferay%27s+Permission+System+from+a+portlet

Overwrite Liferay Portlet Permissions
http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Overwrite+Liferay+Portlet+Permissions

Permissioning Explained
http://www.liferay.com/web/guest/community/wiki/-/wiki/Main/Permissioning%20Explained

0 Attachments
25006 Views
Average (0 Votes)
The average rating is 0.0 stars out of 5.
Comments
Threaded Replies Author Date
I loved this tutorial until I got to the last... Hoppy Patterson May 5, 2009 8:48 PM
Hi Hoppy, you should insert a link into the... Oliver Bayer May 7, 2009 1:15 AM
Too easy. Thanks! Hoppy Patterson May 9, 2009 8:39 AM
Hi! I'm not sure I understand role of portlet... John Dorien May 27, 2010 2:50 AM
When using $permissionChecker in a Journal... Thomas Kellerer June 18, 2010 5:37 AM

I loved this tutorial until I got to the last line:

"Note, if you hide the Dock from users, you will have to provide some other means for them to sign out. "

Um...instructions :-)

I thought logout would be contained within the sign in portlet but it was not....

Would love some help or a direction to a link for this one.
Posted on 5/5/09 8:48 PM.
Hi Hoppy,

you should insert a link into the portal_normal.vm with the logout-reference (defined in dock.vm).
<a href="$sign_out_url">$sign_out_text</a>
Posted on 5/7/09 1:15 AM in reply to Hoppy Patterson.
Too easy. Thanks!
Posted on 5/9/09 8:39 AM in reply to Oliver Bayer.
Hi!

I'm not sure I understand role of portlet in this. Dock is not part of any portlet. Can you please elaborate a little bit more on:

"We need to modify the resource actions that are associated with the communities portlet"

Why is this connected especially with My communities portlet?

After I implement custom permission as suggested I get exception after portal start:

09:47:16,046 ERROR [AdvancedPermissionChecker:621] com.liferay.portal.NoSuchResourceActionException: com.liferay.portal.model.Layout#VIEW_DOCK
com.liferay.portal.NoSuchResourceAction­Exception: com.liferay.portal.model.Layout#VIEW_DOCK
at com.liferay.portal.security.permission.ResourceActionsUtil.checkAction(ResourceA­ctionsUtil.java:94)
at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasGuestPermiss­ion(AdvancedPermissionChecker.java:522)
at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasPermissionIm­pl(AdvancedPermissionChecker.java:602)
at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasPermission(A­dvancedPermissionChecker.java:291)
at com.liferay.portal.security.permission.BasePermissionChecker.hasPermission(BaseP­ermissionChecker.java:62)
at com.liferay.portal.service.permission.LayoutPermissionImpl.contains(LayoutPermis­sionImpl.java:130)
at com.liferay.portal.service.permission.LayoutPermissionImpl.contains(LayoutPermis­sionImpl.java:164)

Thanks,
John
Posted on 5/27/10 2:50 AM.
When using $permissionChecker in a Journal Velocity Template you have to uncheck the "Cacheable" property. Otherwise the userid in the PermissionChecker will be cached and will not return information about the current user, but the first user that accessed that page
Posted on 6/18/10 5:37 AM.