Foren

Using the permission system

Stephan H, geändert vor 11 Jahren.

Using the permission system

New Member Beiträge: 16 Beitrittsdatum: 15.02.12 Neueste Beiträge
Hi all,

with the book "Liferay in Action" and the developer's guides I tried to write a test portlet that implements the permission system.

I extended the example in Service Builder (Foo) with a field for the groupId to store the Scope.

When creating an object, a resource, as in the the LiA example, is generated:
resourceLocalService.addResources(newFoo.getCompanyId(), newFoo.getGroupId(), userId, Foo.class.getName(), foo.getPrimaryKey(), false, true, true);


The authorization defaults for resources are also available an referenced:
resource.actions.configs=resource-actions/default.xml


<!--?xml version="1.0" encoding="UTF-8"?-->

<resource-action-mapping>

  <portlet-resource>
    <portlet-name>test-permissions</portlet-name>
    <permissions>
      <supports>
        <action-key>ADD_FOO</action-key>
        <action-key>VIEW</action-key>
      </supports>
      <site-member-defaults>
        <action-key>VIEW</action-key>
      </site-member-defaults>
      <guest-defaults>
        <action-key>VIEW</action-key>
      </guest-defaults>

      <guest-unsupported>
        <action-key>ADD_FOO</action-key>
      </guest-unsupported>
    </permissions>
  </portlet-resource>

  <model-resource>
    <model-name>
      de.gwdg.test.permission.model.Foo
    </model-name>
    <portlet-ref>
      <portlet-name>test-permissions</portlet-name>
    </portlet-ref>
    <permissions>
      <supports>
        <action-key>DELETE</action-key>
        <action-key>PERMISSIONS</action-key>
        <action-key>UPDATE</action-key>
        <action-key>VIEW</action-key>
      </supports>
      <site-member-defaults>
        <action-key>VIEW</action-key>
      </site-member-defaults>
      <guest-defaults>
        <action-key>VIEW</action-key>
      </guest-defaults>
      <guest-unsupported>
        <action-key>UPDATE</action-key>
      </guest-unsupported>
    </permissions>
  </model-resource>

</resource-action-mapping>


But the permission check for an entry does not work. I expect, that the owner, so the user who created the "Foo", also automatically gets all permissions on the entry. At least that is displayed in the "Permissions" for the entry. From the code example below, the buttons are only shown the administrator.

&lt;%
ResultRow row = (ResultRow) request.getAttribute(WebKeys.SEARCH_CONTAINER_RESULT_ROW);
Foo myFoo = (Foo) row.getObject();
long groupId = themeDisplay.getLayout().getGroupId();
String name = Foo.class.getName();
String primKey = String.valueOf(myFoo.getPrimaryKey());
%&gt;
<liferay-ui:icon-menu>
  <c:if test="<%= permissionChecker.hasPermission(groupId, name, primKey, ActionKeys.UPDATE) %>">
    <portlet:actionurl name="editProduct" var="editURL">
      <portlet:param name="resourcePrimKey" value="<%= primKey %>" />
    </portlet:actionurl>

    <liferay-ui:icon image="edit" message="Edit" url="<%= editURL.toString() %>" />
  </c:if>

 <c:if test="<%= permissionChecker.hasPermission(groupId, name, primKey, ActionKeys.PERMISSIONS) %>">
    <liferay-security:permissionsurl modelResource="<%= Foo.class.getName() %>" modelResourceDescription="<%= String.valueOf(myFoo.getPrimaryKey()) %>" resourcePrimKey="<%= primKey %>" var="permissionsURL" />

    <liferay-ui:icon image="permissions" url="<%= permissionsURL.toString() %>" />
  </c:if>
</liferay-ui:icon-menu>


What have I missed? Is something wrong with the permissionChecker call?

Stephan