Foros de discusión

  1. Inicio
  2. Development
  3. Custom Role's permissions different from Guest(non-logged in) Role

Custom Role's permissions different from Guest(non-logged in) Role

Prateeksha Mandloi, modificado hace 8 años.

Custom Role's permissions different from Guest(non-logged in) Role

Regular Member Mensajes: 112 Fecha de incorporación: 5/02/14 Mensajes recientes
Hi all,

We have a requirement where guest user is able to click a link but any logged-in user with role ABC is unable to. This all controlled by Liferay's Roles & Permissions. I have my custom Roles and Permissions. But as the guest role's permission is inherited by all the other roles the ABC role is getting permission to click the link.

Can anyone suggest how to implement this requirement.

Thanks
thumbnail
Vishal Kumar, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Regular Member Mensajes: 198 Fecha de incorporación: 12/12/12 Mensajes recientes
So, you may check, user have only one role as guest role.
thumbnail
David H Nebinger, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
Vishal Kumar:
So, you may check, user have only one role as guest role.


What does this even mean? Users can have multiple roles assigned either directly or indirectly. And every user, authenticated or not, always has the guest role.
thumbnail
Olaf Kock, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Liferay Legend Mensajes: 6403 Fecha de incorporación: 23/09/08 Mensajes recientes
IMHO permissions are the wrong way to go here. If it doesn't make sense for a a logged-in user to click a particular link, business logic should not display that link - note that this is based on business logic, not on permissions. If you go through permissions for this usecase, logging out would increase your permissions, which is a scenario unheard of in permission management.
thumbnail
Dominique Ebert, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Junior Member Mensajes: 29 Fecha de incorporación: 1/02/13 Mensajes recientes
Hi,
I think Olaf is right. I wouldn't check for permissions here.
If I got you right there, what you basically want is to check wether a user is logged in or not. Because the only case I know of, where users only have the guest role is when the user isn't logged in.
So just check for that. You can do that from the themeDisplay for example.
Prateeksha Mandloi, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Regular Member Mensajes: 112 Fecha de incorporación: 5/02/14 Mensajes recientes
Hi,

Yes, that workaround is perfect as per my requirement.

I am now checking for whether the user is signed in or not for links ; pre-login all links are clickable & post login is where my permissions check comes into picture.

Thanks all emoticon
Prateeksha Mandloi, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Regular Member Mensajes: 112 Fecha de incorporación: 5/02/14 Mensajes recientes
Hi all,

Is there any other way to achieve the same, instead of my workaround. As this checks for guest ROLE, what if I need to check it on basis of only Permissions.
As in, by any customization can we limit the inheritance of permission from guest to other roles !!

Thanks in advance.
thumbnail
Dominique Ebert, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Junior Member Mensajes: 29 Fecha de incorporación: 1/02/13 Mensajes recientes
Prateeksha Mandloi:
As this checks for guest ROLE,.


No it does not check for any particular role. It just checks, wether the user is logged in or not. That doesn't have to do anything with roles.
It's just a fact, that a user thats not logged in to your portal will have the guest role and only the guest role.
Users logged in to your system will have the user role, as long as you don't give them any other roles.

And a permission is a link between a e.g. a role and a particular action. Something like: The role "Guest" has the permission to "View" this portlet.

As Olaf already pointed out its against the common sense of permissions to grant _more_ right to somebody with _less_ permissions.

But could you please explain for what particular use case you need to check for permissions or why the "logged in" check is not sufficient for you? then maybe i can help you a bit better.
Prateeksha Mandloi, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Regular Member Mensajes: 112 Fecha de incorporación: 5/02/14 Mensajes recientes
Hi Dominique,

Thanks for such prompt reply.

My requirement is to limit navigation for few users through the links provided on my page, so that any logged in user follows a complete flow of form filling and then reaches to the last page. Completing the whole process. Straight jumping from page to page is restricted. Whereas a non-logged in user is given such option to navigate through all pages but only read access is given to him.

I hope I am clear
thumbnail
Dominique Ebert, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Junior Member Mensajes: 29 Fecha de incorporación: 1/02/13 Mensajes recientes
Is the navigation youre talking about provided by the liferay navigation portlet (so do you want to limit access to certain pages by the page-view-permissions) or do you have a list of links, that you created on your own - and you want to make them unclickable for non-guests?
thumbnail
Prakash Khanchandani, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role (Respuesta)

Expert Mensajes: 329 Fecha de incorporación: 10/02/11 Mensajes recientes
There is also an option in portal-ext.properties to make GUEST role not be inherited i.e. Guest role will only be there for Guests and not for logged-in User.

permissions.check.guest.enabled=true


So in this case what you would need to do is give the required permissions which are there on Guest by default to Site-members or User role so that logged-in Users can see the content or pages.

Hope this helps.

-
Prakash K
(Fulcrum Worldwide)
thumbnail
Olaf Kock, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Liferay Legend Mensajes: 6403 Fecha de incorporación: 23/09/08 Mensajes recientes
Prakash Khanchandani:
permissions.check.guest.enabled=true

Neat - this is an option that I wasn't aware of. However, I still think that permissions are not the proper solution to the underlying problem (and I don't like this option)
In the end it boils down to preferences - mine are stated above and even when I know of this option, I'd still rather choose what I mentioned earlier (see above). It feels weird when unauthenticated people are allowed to see more than authenticated users. While it might solve your problem today, the next maintainer after you might be surprised by this fact.

Also, note that the comment for this option in portal.properties mentions that you might need to grant additional permissions to the "User" role, as it no longer inherits permissions from Guest.
thumbnail
Prakash Khanchandani, modificado hace 8 años.

RE: Custom Role's permissions different from Guest(non-logged in) Role

Expert Mensajes: 329 Fecha de incorporación: 10/02/11 Mensajes recientes
Olaf Kock:
However, I still think that permissions are not the proper solution to the underlying problem (and I don't like this option)
In the end it boils down to preferences


I agree. Preferences seems to be the ideal way to go.

But if you are bent upon using permissions (because may be you are in love with the complexity involved) then liferay is so generous it provides a way for that as well emoticon