留言板

  1. 主页
  2. Portal
  3. Access to custom portlet edit page with simple user

Access to custom portlet edit page with simple user

thumbnail
Zsolt - Jácint Balogh,修改在9 年前。

Access to custom portlet edit page with simple user

Junior Member 帖子: 91 加入日期: 13-10-9 最近的帖子
Hi all,

I have a custom MVC portlet and I have an edit page. I have to set this page visible for any kind of logged in users.
It's working fine with test test but with my simple test user I get an exception when I try to access the edit page: 

 12:45:03,682 ERROR [http-/127.0.0.1:8080-6][AdvancedPermissionChecker:971] com.liferay.portal.NoSuchResourceActionException: partner_WAR_partnerportlet#PREFERENCES
 com.liferay.portal.NoSuchResourceActionException: partner_WAR_partnerportlet#PREFERENCES
    at com.liferay.portal.security.permission.ResourceActionsImpl.checkAction(ResourceActionsImpl.java:134)
    at com.liferay.portal.security.permission.ResourceActionsUtil.checkAction(ResourceActionsUtil.java:65)
    at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasGuestPermission(AdvancedPermissionChecker.java:885)
    at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasPermissionImpl(AdvancedPermissionChecker.java:960)
    at com.liferay.portal.security.permission.AdvancedPermissionChecker.hasPermission(AdvancedPermissionChecker.java:586)
    at com.liferay.portal.service.permission.PortletPermissionImpl.contains(PortletPermissionImpl.java:305)
    at com.liferay.portal.service.permission.PortletPermissionImpl.contains(PortletPermissionImpl.java:201)
    at com.liferay.portal.service.permission.PortletPermissionImpl.contains(PortletPermissionImpl.java:191)
    at com.liferay.portal.service.permission.PortletPermissionUtil.contains(PortletPermissionUtil.java:139)


How/where can I add permissions for the edit page for all kind of user? Can I do this from portlet.xml?

My portlet.xml:


<portlet-app xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" version="2.0">
    <portlet>
        <portlet-name>partner</portlet-name>
        <display-name>partner</display-name>
        <portlet-class>package.PartnerEditMVC</portlet-class>
        <init-param>
            <name>view-template</name>
            <value>/html/jsp/view.jsp</value>
        </init-param>
        <init-param>
            <name>print-template</name>
            <value>/html/jsp/print.jsp</value>
        </init-param>
        <init-param>
            <name>edit-template</name>
            <value>/html/jsp/edit.jsp</value>
        </init-param>
        
        <expiration-cache>0</expiration-cache>
        <supports>
            <mime-type>text/html</mime-type>
            <portlet-mode>view</portlet-mode>
            <portlet-mode>edit</portlet-mode>
        </supports>
        <resource-bundle>content.Language</resource-bundle>
        <portlet-info>
            <title>partner</title>
            <short-title>partner</short-title>
            <keywords>partner</keywords>
        </portlet-info>
        <security-role-ref>
            <role-name>administrator</role-name>
        </security-role-ref>
        <security-role-ref>
            <role-name>guest</role-name>
        </security-role-ref>
        <security-role-ref>
            <role-name>power-user</role-name>
        </security-role-ref>
        <security-role-ref>
            <role-name>user</role-name>
        </security-role-ref>
		
        <supported-public-render-parameter>partnerEntryId</supported-public-render-parameter>
		
    </portlet>
</portlet-app>



I'm using liferay 6.2GA2 with jboss AS7

Regards,
Zsolt

Edit: I just see that I put this to the "x. Miscellaneous" topic how can I put this to the proper topic?
thumbnail
David H Nebinger,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子
Permissions for your portlet get defined in the <resource-action-mapping /> element for your resource (typically there is a resource-actions folder in the root of your source folder (or resources folder if you're using maven) where you define your permissions in xml files).

See https://www.liferay.com/documentation/liferay-portal/6.2/development/-/ai/security-and-permissions-liferay-portal-6-2-dev-guide-06-en.
thumbnail
Zsolt - Jácint Balogh,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Junior Member 帖子: 91 加入日期: 13-10-9 最近的帖子
Thank you for the quick response. I had no success for the first try but I will read again the article from the top to the bottom.
A strange thing or maybe a bug...
If I try to access to the edit page I will get the error. If I switch to an other page and then back to the page the portlet remains on the edit mode and my edit JSP is displayed without any error message.
thumbnail
David H Nebinger,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子
Zsolt - Jácint Balogh:
If I try to access to the edit page I will get the error. If I switch to an other page and then back to the page the portlet remains on the edit mode and my edit JSP is displayed without any error message.


Yeah, so I think the exception is tied to the missing resource action stuff, but also I think it's a bug if you can switch a page and come back and be on the edit page. That sounds more like a security hole, too...
thumbnail
Olaf Kock,修改在9 年前。

RE: Access to custom portlet edit page with simple user (答复)

Liferay Legend 帖子: 6403 加入日期: 08-9-23 最近的帖子
Careful: It seems that your "edit" permission (partner_WAR_partnerportlet#PREFERENCES) is what Liferay calls "Preferences" on the UI. In fact, it points to the JSR-286 name "edit mode" of a portlet, which, in fact, sets the display properties aka preferences. It's specifically not meant to edit any production data and this is a common misunderstanding of that mode.

If you show your production data in the portlet's VIEW mode, you're also editing that same data in the VIEW mode. You might want to configure settings like "number of records shown" in the EDIT mode (or "preferences").

This is a really unfortunate misnomer in the portlet spec, but as it's in the spec, we're stuck with it. Just assume that you typically need administrative access when going into the EDIT mode while regular (even writing) users typically only stay in the VIEW mode.
thumbnail
Zsolt - Jácint Balogh,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Junior Member 帖子: 91 加入日期: 13-10-9 最近的帖子
Olaf Kock:
Careful: It seems that your "edit" permission (partner_WAR_partnerportlet#PREFERENCES) is what Liferay calls "Preferences" on the UI. In fact, it points to the JSR-286 name "edit mode" of a portlet, which, in fact, sets the display properties aka preferences. It's specifically not meant to edit any production data and this is a common misunderstanding of that mode.

If you show your production data in the portlet's VIEW mode, you're also editing that same data in the VIEW mode. You might want to configure settings like "number of records shown" in the EDIT mode (or "preferences").

This is a really unfortunate misnomer in the portlet spec, but as it's in the spec, we're stuck with it. Just assume that you typically need administrative access when going into the EDIT mode while regular (even writing) users typically only stay in the VIEW mode.



Actually I want to edit some data.
So I have to forget the edit mode. I have to upload images and let the users to make some modification in on there custom profile.
What is the best way to do this? I can't put logic to my jsp.
I will create a new action method and after clicking on the edit link I will initialize my data in this method and after that I will include my edit jsp.

Is this a good approach?

Regards,
Zsolt
thumbnail
David H Nebinger,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Liferay Legend 帖子: 14919 加入日期: 06-9-2 最近的帖子
Portlet prefs apply to the instance, not the user.

If you're expecting user-specific prefs, you're going to be disappointed.
thumbnail
Zsolt - Jácint Balogh,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Junior Member 帖子: 91 加入日期: 13-10-9 最近的帖子
I don't use the portlet perfs. I only want a well separated page where the user can modify some data.
thumbnail
Olaf Kock,修改在9 年前。

RE: Access to custom portlet edit page with simple user (答复)

Liferay Legend 帖子: 6403 加入日期: 08-9-23 最近的帖子
If you're using Liferay's MVCPortlet, you can use another renderURL, e.g. 

<portlet:renderurl var="myURL">
	<portlet:param name="mvcPath" value="/html/my-portlet/edit_data.jsp" />
</portlet:renderurl>
<a href="<%=myURL%>">Edit this data</a>


(or add more parameters, e.g. for ID values when you want to edit a specific object.

Liferay's naming conventions are: view.jsp for the default VIEW mode, edit.jsp for the default EDIT mode (aka PREFERENCES), edit_something.jsp for editing the entity something (typically in VIEW mode)
thumbnail
Zsolt - Jácint Balogh,修改在9 年前。

RE: Access to custom portlet edit page with simple user

Junior Member 帖子: 91 加入日期: 13-10-9 最近的帖子
Thank you I made it to work last night.
I will use this naming conventions after a big refactor emoticon