Using the Control Panel

The Portal section of the Control Panel is used for most administrative tasks. You'll find there an interface for the creation and maintenance of

• Users

• Roles

Additionally, it allows you to configure many server settings, including:

• Password Policies

• Authentication options, including Single Sign-On and LDAP integration

• Default User Associations

• Reserved Screen Names

• Mail Host Names

• Email Notifications

You'll use the Portal section of the Control Panel to create your portal structure, implement security, and administer your users. Note that only users with the Administrator role—a portal scoped role—have permission to view this section of the Control Panel.

Adding Users

Let's begin by adding a user account for yourself. We will then configure this account so that it has the same administrative access as the default administrator account. Go up to the global navigation area and click the Control Panel link, if you aren't there already. Then under the Portal category, click Users. Click the Add button.

You'll then be presented with the Add User form. Fill out the form using your name and email address. When you're finished, click Save.

The page will then reappear with a message saying that the save was successful, and there will now be an expanded form which allows you to fill out a lot more information about the user. You don't have to fill anything else out right now, but one thing is important to note: when the user ID was created, a password was automatically generated and, if Social Office has been correctly installed (see Chapter 2), an email message with the password in it was sent to the user. This of course requires that Social Office can properly communicate with your SMTP mail server in your organization.

If you have not yet set up your mail server, you'll need to use this screen to change the default password for the user ID to something you can remember. You can do this by clicking on the Password link in the box on the right, entering the new password in the two fields, and clicking Save.

Illustration 22: The Add User screen. Next, you'll want to give your user account the same administrative rights as the default administrator's account. This will allow you to perform administrative tasks with your own ID instead of having to use the default ID. And this allows you to make your portal more secure by deleting or disabling the default ID.

Click the Roles link. You'll then be taken to a screen which shows the roles to which your ID is currently assigned. By default, you should have one role: Power User. By default, all users are also assigned the Power User role. You can give this role certain permissions if you wish or disable it altogether. You can also define the default roles a new user receives; we will go over this later.

To make yourself an Administrator, click the Select link. A window will pop up with a list of all the roles in the system. Select the Administrator role from the list and the window will disappear and you'll see that the role has been added to the list of roles to which you're assigned. Next, click the Save button, which is at the bottom of the blue bar of links on the right. You're now an administrator of the portal. Log out of the portal and then log back in with your own user ID.

User Management

If you click the Users link on the left of the Control Panel, you'll see that there are now two users in the list of users. If you wanted to change something about a particular user, you can click the Actions button next to that user.

Edit User: This takes you back to the Edit User page, where you can modify anything about the user.

Permissions: This allows you to define which Roles have permissions to edit the user.

Impersonate User: This opens another browser window which allows you to browse the site as though you were the user.

Deactivate: Clicking this will deactivate the user's account.

Note that most users can't perform most of the above (in fact, they won't even have access to this section of the Control Panel). Because you have administrative access, you can perform all of the above functions.

Roles

Roles are groupings of users that share a particular function within Social Office, according to a particular scope. Roles can be granted permissions to various functions within portlet applications. Think of a role as a description of a function, such as Message Board Administrators. A role with that name is likely to have permissions to functions of the Message Board portlet delegated to it. Users who are placed in this role then inherit those permissions.

Roles are scoped by Portal or Site. The Control Panel makes it easy for you to assign users to Roles and to assign permissions to Roles. You only have to go to one place: the Roles link. From there, you can add roles scoped by Portal or Site from one interface.

Illustration 23: Defining Permissions on a Role. To create a Role, click the Roles link, and then click the Add button. Type a name for your role and an optional description. The drop down box at the bottom of the form lets you choose whether this is a Regular or Site role. When you have finished, click Save.

You'll be back at the list of roles. To see what functions you can perform on your new role, click the Actions button.

Edit: Click this action to edit the role. You can change its name or description.

Permissions: This allows you to define which Users, User Groups, or Roles have permissions to edit the Role.

Define Permissions: Click this to define what permissions this role has. This is outlined in the next section.

Illustration 24: Message Boards permissions. Assign Members: Takes you to a screen where you can search and select users in the portal to be assigned to this role. These users will inherit any permissions given to the role.

View Users: Lets you view the users who are in the Role.

Delete: Deletes the Role.

Defining Permissions on a Role

Roles exist as a bucket for granting permissions to the users who are members of them. So one of the main tasks you'll be doing with a role is granting it the permissions that you want members of the role to have.

When you click the Define Permissions action on a Portal scoped Role, you're given a choice of two kinds of permissions that can be defined for this role: Portal Permissions and Portlet Permissions. For other Roles, you only see the portlet permissions.

Portal permissions cover portal-wide activities that are in several categories, such as Site, Location, Password Policy, etc. This allows you to create a Role that, for example, can create new Sites in the portal. This would allow you to grant users that particular permission without making them overall portal administrators.

Portlet permissions cover permissions that are defined within various portlets. Since Social Office inherits from the design of Liferay Portal, its applications are referred to in the Control Panel as portlets. If you're familiar, therefore, with Liferay Portal, administering Social Office is the same exact experience. Clicking the Portlet Permissions button brings you to a page where you can browse the names of the portlets that are currently installed in your portal. Once you choose a portlet, you can then define the actions within this portlet that the role will have permission to perform.

If we stick with our example of a Message Boards Admin role, we would then find the Message Boards portlet in the list and click on it. A new page with configurable permissions would then be displayed (see above).

Each possible action to which permissions can be granted is listed. To grant a permission, choose the scope of the permission. You have two choices: Portal and Communities. These labels are inherited from Liferay Portal, but they correspond to global Social Office permissions and Site permissions. Granting Portal permissions means that permission to the action is granted across Social Office, in any site where there is a Message Boards portlet.

If you choose Communities, a button appears next to the permission allowing you to choose one or more sites in which the permission is invalid. This lets you pick and choose specific sites (for a portal scoped role) in which these permissions are valid for users in this role.

Once you have chosen the permissions granted to this role, click Save. For a Message Boards Admin role, you would likely grant Portal permissions to every action listed. After you click Save, you'll see a list of all permissions that are currently granted to this role. From here, you can add more permissions (by clicking Add Portlet Permissions or Add Portal Permissions), or go back by clicking a link in the breadcrumb list or the Return to Full Page link.

Roles are very powerful, and allow portal administrators to define various permissions in whatever combinations they like.

User Groups

User Groups are arbitrary groupings of users. These groups are created by portal administrators to group users together who don't have an obvious aspect which brings them together. Groups cannot have permissions like roles, but User Groups can be added to Roles. Why would you use User Groups, then? They come into play when you have complex security requirements and for page templates, which we will discuss below.

Creating a User Group is easy. Click the User Groups link and then click the Add button. There are only two fields to fill out: Name (the name of the User Group) and Description (an optional description of what the group is for). Click Save and you'll then be back to the list of groups.

As with the other resources in the portal, you can click the Actions button to perform various operations on User Groups.

Edit: Allows you to modify the name or description of the User Group.

Permissions: This allows you to define which Users, User Groups, or Roles have permissions to edit the User Group.

Manage Pages: Though User Groups don't have pages of their own, you can create page templates for a group. When a User Group has page templates, any users added to the group will have the group's pages copied to their personal pages. This allows you to do things like create a Bloggers user group with a page template that has the Blogs and Recent Bloggers portlets on it. The first time users who are added to this group log in to the portal, this page will get copied to their personal pages. They will then automatically have a blog page that they can use.

Assign Members: Takes you to a screen where you can search for and select users in the portal to be assigned to this User Group.

View Users: Lets you view the users who are in the User Group.

Delete: Deletes the User Group.

User Groups and Page Templates

Social Office allows users to have a personal set of pages that each user can optionally customize at will. The default configuration of those pages can be determined by the portal administrator through the portal-ext.properties file and optionally by providing the configuration in a LAR file. Though this has been a long-time feature of Liferay (which Social Office inherits), it was not very flexible or easy to use.

We now have the concept of page templates which are tied to User Groups. This enables administrators to provide the same configuration for the personal pages of all (or just a subset of) users, using the GUI instead of the properties file. In some cases you may want to provide a different configuration for each user depending on his or her profile. For example, in a configuration for University students, staff and undergraduates would get different default pages and portlets in their personal space. You can also set it up so that different groups are combined together to create the desired default configuration. When a user is assigned to a user group, the configured page templates are copied directly to the user's personal pages.

User Group Page Templates: Defining page templates for a user group

The a User Group's page templates can be administered using the Control Panel. The User Groups link lists all the existing user groups and allows you to perform several actions on each of them.

Illustration 25: Manage Pages action on a User Group. By selecting the Manage Pages action the administrator will access the common Liferay UI for creating pages and organizing them in a hierarchy.

Note that it's possible to create both public and private pages. Each set is used as templates and copied to the user's personal public or private page sets respectively when the user becomes a member of the user group.

Illustration 26: Adding a Page TemplateIn the screen shot above, the administrator has created a new private page called You are a student within the Students user group. Since the page created is a portlet page, the administrator can now click the View Pages button to open the page and add as many portlets as desired to that page and configure them as needed. Let's assume for this example that the Currency Converter and Calendar portlets are selected.

Applying the page templates by assigning members to the user group

The next step is to assign an existing user to that group to verify that the page template is copied as a user's private page. To do this, click Actions → Assign Members action in the list of available user groups.

Illustration 27: Assigning Members to a User GroupBy clicking the Available tab in the next screen, a list of all available users is shown. From that list, one or more users can be selected to make them members of the user group. When the Update Associations button is clicked, the users become members of the group and copies of any public or private page templates which are configured for the user group are copied to their page sets.

In the previous example, a user that already had an existing page called Welcome will now have a new page called You Are A Student the next time she accesses her personal space. That page will contain two portlets: Currency Converter and Calendar as configured by the User Group administrator.

Additional details

Because the pages are copied to a user's set of pages, those pages are now owned by the user and they can be changed at any time if Social Office is set up to allow users to edit their personal pages. When a user is removed from a user group the associated pages won't be removed: they have become that user's pages. The system is smart enough, however, to detect when a user is added again to a group of which he or she was already a part, and the pages are not added again.

If an administrator modifies page templates for a User group after users have already been added to the group, those changes are reused when new users are assigned to the user group. Since the pages are templates, however, the changes won't be applied to users that were already members of the user group.

Composing A Page Out of Several User Groups

Users can belong to many user groups. If you have templates defined for a number of groups, this may result having many page templates copied to users' pages. To prevent this, you can combine pages from different user groups into a single page.

Let's expand our previous example by dividing the Students into First Year Students, Second Year Students, Third Year Students, International Students, and Prospective Students. For each of these types of students we want them to have a page with the Currency Converter and Calendar, but depending on which type we also want other different portlets on that page too.

This can be achieved by using a naming convention for the pages. If two or more pages of different user groups have the same name, they are recombined into a single page when they are copied to a user's personal pages set.

In the example above, a User was added to a Students group which had a page called You are a Student. If the administrator creates a page template with the same name (You are a Student) in the First Year Students group and puts in it an RSS portlet pointing to information interesting for them, that page would be combined with the You are a Student page that's in the Students group, and the resulting page would contain the portlets configured for both User Groups.

Page Combination Rules

The following rules are used when composing a page by combining pages from different user groups:

• If a user becomes a member of a User Group that has a page template with the same name in the same set (public or private) as a page that the user already has, those pages are combined.

• If any of the pages has the name translated to several languages, only the default language is considered in the comparison.

• The portlets on the new page are copied to the bottom of the equivalent columns of the existing page.

• If the existing and the new pages have different layout templates, the existing one is preserved.

• If the new layout template has portlets in columns that don't exist in the existing page, those portlets are automatically copied to the first column of the existing layout template.

As you can see, it's possible to have a very flexible configuration for the default pages of portal users. Furthermore, that configuration can be changed at any time using the UI administrators are used to and then assigning users to new user groups.

While these examples are somewhat simple, the system allows for as many user groups as desired. By using the convention of matching the page names it's possible to build any default page composition that you want for your users.