I have an organization role in Liferay and in this organization role are users. I want to get this users now. Furthermore I want to specify the organization name of the role.
So is there something like
xxxServiceUtil.getUsersByOrganizationRoleName(String myOrganizationRoleName);
Thank you in advance.
One principle throughout Liferay's API is: If you look for a User, then you go through UserLocalService. That's your first hint on where to look.
Since Liferay 7.0, you should not use the *Util classes any more, but just obtain a #Reference to the service directly.
Looking at the service, you'll notice that it has a getRoleUsers method. However, I can't tell you if this also takes Organization-scoped roles or only portal/instance scoped ones. In case it doesn't reveal what you like, you might need to go through getOrganizationUsers and filter on from there, or start with a DynamicQuery, which you can also find within the same service (following the principle that opened this answer)
Related
I need to give permissions to edit/create/destroy pages in a node to a group of users.
I've created a group and added a test user to that group.
I can't seem to give permission to the Pages application so see if i can see the node.
I also added game this role permissions at the node level too.
Ideally this editor role would be able to create new sub pages, which also means being able to upload media.
Your new user must have editor privilege level (you can edit user in Users application). If you want to provide ability to see content in Pages app you have to grant the user with Browse tree and Read permission (content module). To satisfy your scenario you need to grand user with Modify and Create permissions, too (maybe Design?).
Just FYI: The approach provided by Brenden (cloning the role) is very handy but there a is chance you grant the user with permission you don`t want to provide (inappropriate permissions for original role).
I've found the most efficient method is review the out of the box roles provided by Kentico and clone the one which fits closest to your needs. Then modify your cloned role to add/remove abilities and permissions.
If you're unsure of what each role can and cannot do, create a new test user with one of the roles assigned to them and log in as them. Do the same for all the roles you want to test until you find the one closest to what you're looking for.
We are implementing a Liferay 6. 2 solution, everything was set but then we had a problem. Thing is, we are importing all the users from AD using LDAP with their group information. So, in liferay, we will have users and users' group. We planned to follow organization->sub-organization structure but the customer does not want to assign all the users(no option to assign user groups to organization which i know why and it totally make sense ) to the organization manually which, kind of, makes sense. So, then we had to change our design, now what we are doing is actually creating a department-wise site then assigning user groups to the site and then linking site to organization. So two questions.
Does it make any sense to have organization? if so then what advantages will I have in this particular case.
Do you see any drawbacks in our approach or should we follow a better approach which we are not aware of.
I would like to find out all of the user which are associated in some roles. I have seen the UserLocalService that provides the method to find the users in a particular role. But I want a method to which I can pass an array of roleIds and it shall return me the list of users in those roles.
One way is to write custom SQL, but I would like to get it done by using the API only.
Is that possible with Liferay API??
Call the API multiple times? Create a new service that does this for you so that you only have a single call to (your) API?
I know, this is probably not the answer that you expected. Note that roles in Liferay can be scoped globally (to the whole portal, called 'regular') or to an individual site or organization. Thus just giving a roleId would limit you to the global roles (as the others would require the site's or organization's groupId).
Stepping back and looking at what you want to achieve, my first guess is that you have some semantics in being associated with a specific role - kind of like... a usergroup? A role is designed to give permissions to users, while a usergroup is designed to group users. UserLocalService also has getUserGroupUsers - this also only takes a single usergroup id, but at least it's a single (global) scope by definition and not ambiguous like roles.
I have a question about Symfony2, I Hope someone could help me.
I'm developing an application where the Administrator user has to be able to create new roles with new privileges. In other words, the app/security.yml file will change every time the Administrator creates a new role. I'd like to know how I can do that... or if there is a Bundle that could help me with this.
You may want to use ACL's.
But it depends on what you are doing with the roles. Why is the Admin creating new Roles? What permissions do they grant? The Roles typically protect routes, and I don't know a way to dynamically define routes from some sort of Admin interface (out of the box). So I'm guessing you want to give users permissions to do various things. So I think you want to look at ACL's.
Create your own user entity extends UserInterface and then custom the function getRoles();
Take a look at http://php-and-symfony.matthiasnoback.nl/2012/07/symfony2-security-creating-dynamic-roles-using-roleinterface/
I'm using ASP.NET Membership and noticed there isn't a method in the Roles class to modify a role (its name for instance), only to create and delete them.
Is it possible or it's not supported?
EDIT: #CheGueVerra: Yes, nice workaround.
Do you know (for extra credit :) ) why it's not possible?
There is no direct way to change a role name in the Membership provider.
I would get the list of users that are in the role you want to rename, then remove them from the list, delete the role, create the role with the new name and then Add the users found earlier to the role with the new name.
public void RenameRoleAndUsers(string OldRoleName, string NewRoleName)
{
string[] users = Roles.GetUsersInRole(OldRoleName);
Roles.CreateRole(NewRoleName);
Roles.AddUsersToRole(users, NewRoleName);
Roles.RemoveUsersFromRole(users, OldRoleName);
Roles.DeleteRole(OldRoleName);
}
That will change the name of the role for all users in the role.
Follow-up: Roles, are used to ensure a user plays only his part in the system, thus User.IsInRole(ROLE_NAME), will help you enforce the BR securities that apply, for a user and the roles he is in. If you can change the role names on the fly, how are you going to validate that the user is really in that role. Well that's what I understood, when I asked about it.
rtpHarry edit: Converted pseudocode sample to compilable c# method
Renaming a Role in the ASP.NET Membership model programatically would be a Bad Thing™, because the Role names are used in the configuration file to define permissions. If there were a programmatic way to change the Role name (which persisted the change to the database), you would immediately break any Role-based security configurations in web.config for any web apps using the database, and there'd be no way to guarantee that a single web app could alter the configuration of every web app using that Membership DB.