Fórum

  1. Início
  2. Portal
  3. Ghost permissions

Ghost permissions

Vincent CARNINO, modificado 9 Anos atrás.

Ghost permissions

Junior Member Postagens: 47 Data de Entrada: 11/09/14 Postagens Recentes
Sorry for the weird title but i couldn't find anything better ...

Here is my problem:

I have tried to prevent "guests" from seing anything which belongs to the portal. In order to do that, i simply removed all permissions in the "guest" role through the control panel --> roles section. Despite that, when i log out and access the portal as a guest, even though i can't change anything, i'm still able to see all the portlets of the site. If i want to make a portlet inaccessible to a role, i have to change permissions in that specific portlet ...

I read somewhere that there are default permissions for every port let which are defined in some *.xml file. Then what is the use of assigning/remove permissions to a role (like the guest role) if it doesn't apply automatically ...

If someone may enlighten me ?
thumbnail
Andew Jardine, modificado 9 Anos atrás.

RE: Ghost permissions

Liferay Legend Postagens: 2416 Data de Entrada: 22/12/10 Postagens Recentes
Vincent,

If I understand, are you saying that your site has no public pages? meaning that there should be no "anonymous" (guest) user access? Meaning that no matter what url you hit, you should be required to login before you can see anything?
Vincent CARNINO, modificado 9 Anos atrás.

RE: Ghost permissions

Junior Member Postagens: 47 Data de Entrada: 11/09/14 Postagens Recentes
This is indeed an example.
My first goal (for testing purposes) was to prevent a certain role to see a specific kind of portlet: for example i want that a guest may not be able to see any blog portlet in the whole portal.

I need to create an intranet at first for a company and then (in the future) a public web site, so at first i need that no one could access any part of the portal without being logged in. This is why i remove all the permissions from the guest role but apparently this doesn't prevent a guest from seing the portlets in my site.
thumbnail
Andew Jardine, modificado 9 Anos atrás.

RE: Ghost permissions

Liferay Legend Postagens: 2416 Data de Entrada: 22/12/10 Postagens Recentes
Vincent,

Are you using an external authentication mechanism, like OpenSSO? or do people actually log into the portal?

If people actually log into the portal then you have to have at least one public page that has the Login Portlet on it. For the other pages of the site I think you have two options.

1. Make a whole pile of public pages ... but then for each page remove the VIEW permission for the Guest role.
2. Make all the remaining pages of the site private.
Vincent CARNINO, modificado 9 Anos atrás.

RE: Ghost permissions

Junior Member Postagens: 47 Data de Entrada: 11/09/14 Postagens Recentes
People actually log into the portal so i intended to have only the login portlet on the front page.

For the intranet problem, indeed i think i have to use the private pages of the site, thanks. But i still can't see the use of changing permissions in the control panel --> roles section if it doesn't impact all the portlets on public pages. Is this normal ? If i remove any permissions from the guest role (especially VIEW permission) shouldn't it prevent guests from seing any portlets ?
thumbnail
David H Nebinger, modificado 9 Anos atrás.

RE: Ghost permissions

Liferay Legend Postagens: 14919 Data de Entrada: 02/09/06 Postagens Recentes
Vincent CARNINO:
When i log out and access the portal as a guest i'm still able to see all the portlets of the site.


Page and portlet visibility is defined on the guest role, not just permissions that the guest role has. You can remove guest view access for the page to remove page access, and for portlets you can remove guest view so the guest cannot se the portlet. You'll want to set the corresponding portal-ext.properties value to not show the "you don't have permission to view portlet" messages.
Vincent CARNINO, modificado 9 Anos atrás.

RE: Ghost permissions

Junior Member Postagens: 47 Data de Entrada: 11/09/14 Postagens Recentes
If i understand well, this means that the control panel --> roles --> permissions section is useful in order to add permissions but not to remove default permissions (which are apparently defined in some ressource-actions/*.xml file).

Am i right ?
thumbnail
David H Nebinger, modificado 9 Anos atrás.

RE: Ghost permissions (Resposta)

Liferay Legend Postagens: 14919 Data de Entrada: 02/09/06 Postagens Recentes
Correct. Resource actions are defined in a plugin to establish the initial set of perms when deployed. This is a convenience thing so administrators do not have to deploy the plugin and then set up perms before it can be used.

Page and portlet view perms, they by default will have guest view enabled by default.
Vincent CARNINO, modificado 9 Anos atrás.

RE: Ghost permissions (Resposta)

Junior Member Postagens: 47 Data de Entrada: 11/09/14 Postagens Recentes
Ok, now i get it !

Thank you very much !