Fóruns

Início » Liferay Portal » English » 3. Development

Visualização combinada Visão plana Exibição em árvore
Tópicos [ Anterior | Próximo ]
toggle
shahab mahtab
portlet access control by user role
12 de Janeiro de 2012 07:03
Resposta

shahab mahtab

Ranking: New Member

Mensagens: 5

Data de entrada: 12 de Dezembro de 2011

Mensagens recentes

Hi:

I would like to grant access to a portlet ("add to page" and "view") based on few custom roles only, which are imported from LDAP.
I have defined the roles in portlet.xml and liferay-portlet.xml of the portlet.

However, it looks like any user can view the portlet. What is the correct way to enforce it?

I have tried adding the permission file (resource-actions\....xml). I can restrict guests from viewing the portlet this way. But, it looks like "resource-action-mapping" DTD does not support custom roles.

Is there a way to enfore role based access control without using the built-in Permissions GUI?

Thanks.
David H Nebinger
RE: portlet access control by user role
12 de Janeiro de 2012 08:02
Resposta

David H Nebinger

Ranking: Liferay Legend

Mensagens: 7153

Data de entrada: 1 de Setembro de 2006

Mensagens recentes

Sure...

Drop the portlet on the page, go to the configuration page for the portlet, to the permissions tab, and set the permissions there. Disable guest perms on the portlet, and you should be golden...
shahab mahtab
RE: portlet access control by user role
12 de Janeiro de 2012 08:37
Resposta

shahab mahtab

Ranking: New Member

Mensagens: 5

Data de entrada: 12 de Dezembro de 2011

Mensagens recentes

Hi:

Can I configure it from any configuration file other than the "Permissions" tab?

Thanks
Mauro Almeida
RE: portlet access control by user role
3 de Maio de 2012 08:58
Resposta

Mauro Almeida

Ranking: Junior Member

Mensagens: 31

Data de entrada: 15 de Março de 2012

Mensagens recentes

Hi Shahab.

Did you manage to overcome this?

Best regards,
MJA
Thomas Berg
RE: portlet access control by user role
3 de Maio de 2012 09:09
Resposta

Thomas Berg

Ranking: Regular Member

Mensagens: 121

Data de entrada: 7 de Setembro de 2009

Mensagens recentes

Hello Shahab,
You should be able to achieve what you need by reading the information in this thread

HTH

Regards / Thomas
shahab mahtab
RE: portlet access control by user role
3 de Maio de 2012 16:17
Resposta

shahab mahtab

Ranking: New Member

Mensagens: 5

Data de entrada: 12 de Dezembro de 2011

Mensagens recentes

Hi HTH,

I believe, resource-action-mapping takes some pre-defined roles only (guest, community etc.). I ended up writing a filter to checks user's role, and show appropriate message if user is not authorized.

My use case is slightly different. Users are accessing some pre-configured pages with bunch of portlets, and they can view portlets that they are entitled to. (users' entitlement can change dynamically)

Thanks
Shahab