Im trying access to site private page by site membership users
this is my step to do :
1-create a user
2-create user group and then add user to user group
3-create site (named testsite)
4-create private page in site (in step 3)
5-add usergroup(in step 2) to testsite (in step 3)
but after login with usergroup member show me "the requested resource was not found"
Liferay 7 public private convention
private
http://localhost:8080/group/{site name}/{private_page}
public
http://localhost:8080/web/{site name}/{private_page}
Try replacing group with web and see what you get
From a quick test that I've made, it seems to be a bug:
Create unprivileged user A
Create user group B
Make user A member of user group B
Make user group B member of Site C
Create a private page D in Site C
Log in as user A and try to navigate to D:
Result: Access Denied
Expected: Page D displayed.
I haven't checked https://issues.liferay.com for a known issue in this regard - you might want to do this and raise one in case you can't find it. Until fixed, you might need to find a workaround, e.g. script an individual site membership from the members of a usergroup. Luckily Liferay's API allows broad overrides on various levels - e.g. whenever membership to a usergroup (or site) changes, run additional code.
Related
I have different Kentico microsites (site 1, site 2) that are password protected. Each site has a separate pair of userid/pw to log in (site 1 > userid1/pw1; site 2 > userid2/pw2). The problem I have is there are a couple of users that have access to both sites, so if they log into site 1, they can't right away log into site 2 without having to clear cache first.
I understand it's not a good practice to do the above, but to temporarily fix the issue at hand, is it possible to automatically end users' current session (log them out so to speak) when they visit certain page. That way those users can log in site 1 and 2 more easily.
I only have access to admin but don't have access to backend, file system stuff. Thanks!
My suggestion would be to create a custom web part which does checking to see if the current user has access to given microsite. If not, log them out. This web part would be placed on the master page template of each microsite.
Another option is to assign roles to the user(s). This would allow one user account for 1 person across multiple microsites.
I am new to Liferay I have created two UserGroups - Grp1 (with users a1, b1, c1) and Grp2 (with users a2, b2, c2).
Groupwise some public and private pages are created which differentiates Grp1 task from Grp2.
I want user a2, b2, c2 to have there own private pages which only they can view.
And when I login through user say a2, by default liferay's public page is viewed and, in GO TO user's (a2) public and private page is available.
Can't on login itself users public and private page be viewed and not liferay's default page?
And how does GROUP LEVEL and USER LEVEL public & private pages differ?
I created pages at group level (Grp2) both public and private, all the pages are visible to a2, b2, c2. On adding a page (a2) it behaves as private page only a2 can view it.
I want user a2, b2, c2 to have there own private pages which only they can view.
Then use User level private pages. Which you can see in GO TO menu with url http://localhost/user/a2/home
These pages will be automatically created when a user is added to liferay. You can control the creation of these pages by modifying the following properties in portal.properties:
layout.user.private.layouts.enabled=true
layout.user.private.layouts.auto.create=true
You can also check out the section Default User Private Layouts in portal.properties to get some more idea.
These pages are visible only to the users and only the users have full control over it.
More about this in Liferay User Guide's section on User personal site.
-
Can't on login itself users public and private page be viewed and not liferay's default page?
For this you can will have to create a login-post-action-hook.
You will need to modify the property: login.events.post in your hook and include a CustomLandingPageAction class on the lines of DefaultLandingPageAction.
This is good resource to create Custom Landing Page.
And how does GROUP LEVEL and USER LEVEL public & private pages differ?
I think you are asking about difference between UserGroup Level (instead of just Group) and User Level.
Please see section User Group Sites in Liferay User-guide, some relevant excerpt from the section:
Liferay allows users to each have a personal site consisting of public and
private pages. Permissions can be granted to allow users to customize their
personal sites at will. Originally, the default configuration of those pages
could only be determined by the portal administrator through the
portal-ext.properties file and, optionally, by providing the configuration in
a LAR file. You can still configure it like this but it isn’t very flexible or
easy to use.
By using User Group Sites, portal administrators can add pages to the personal
sites of all the users who belong to the site in an easy and centralized way.
All the user group site’s public pages are shown as part of the user’s public
personal site. All the user group site’s private pages are shown as part of the
user’s private site. If a user belongs to several user groups, all of its pages
are made part of his public and private site. In an educational institution’s
portal, for example, teachers, staff and students could get different default
pages and applications on their personal sites.
Hope this will be of some help.
I have a public website created with Sharepoint 2007. In that I have a contact form where the client can leave a message ... I want that only clients who have a specific emailadress (only members of the company) can post a message. How can I control that using Active Directory or using some other solution ?
A simple solution would be to replace the usual free text email address box with a custom textbox allowing only the internal name, anything after would be followed by #yourcompany.com if a single domain is matching with your reality.
If your site is anonymously available, you could create ad dedicated "contact" sub site that you'll restrict to only members of the company (thus not anonymously available). You could that way have your regular contact us form, only authenticated users will be able to fill in the form. (and will see the relevant sub site). You'll need to allow authentication on the public site to make it work (eg : have a sign in button with is linked to an available AD or FBA).
We've started to adopt SharePoint 2010, and are starting to manually migrate content from SharePoint 2007 sites to new sites we're rebuilding from scratch in SP2010.
One of the things we previously had supported was to delegate responsibility for managing some of our site columns to a member of the team. The team member is not familiar with SharePoint internals, and doesn't want the responsibility of full permissions to the site and all its objects.
We're now trying to figure out what the minimum permission is that we need to grant our team member, so they can continue to edit (& propagate) the content of the site columns we've defined.
Permissions he currently has (which are obviously insufficient):
Site permissions (according to _layouts/user.aspx): Read, Contribute, Manage Lists
Permissions for specific objects in the site (according to _layouts/people.aspxMembershipGroupId=xxx, then choosing Settings, View Group Permissions):
server/sites/[sitename]: Contribute
server/sites/[sitename]/Lists/[a list with columns that inherit from site columns]: "Contribute No Delete"
Note: the "Contribute No Delete" permission is a custom permission I designed by copying the SharePoint-native "Contribute" permission set and deselecting the Delete permission. The "Manage Lists" permission is a custom permission I designed that includes the following specific permissions: (List Permissions) Manage Lists, View Items; (Site Permissions) View Pages, Open.
Operations that are throwing access denied errors:
_layouts/mngfield.aspx: SharePoint returns the "Error: Access Denied" dialog, and provides three clickable options: "Sign in as a different user", "Request access", and "Go back to site"
_layouts/fldedit.aspx?field=Level%5Fx0020%5F3 [one of the site columns we've defined]: can load the page and type in changes to the textboxes "...but when I press OK (save changes) I get the same message above."
When our team member clicks the "Request access" link, the email I receive sends me to a page that recommends that I grant the user membership in the "[sitename] Users" group - of which he's already a member. So while SP2010 tries to request access, it doesn't actually direct me to either (a) a valid group that has the correct permissions or (b) the specific object to which I need to grant our team member access.
Also note: on the SP2007 (MOSS) site (where our team member was successful in managing Site Column edits), they had dozens of additional permissions throughout the site that we do not wish to blindly re-allocate in SP2010 until we know they're necessary.
Any help anyone can provide would be greatly appreciated.
There are two sets of permissions: one set of permissions that are set at the Site level, and another set of permissions that must be assigned on every List where the Site Column is being inherited (i.e. where it's been implemented as a List column):
Site-level Permissions
Manage Lists (labelled “List Permissions”)
View Items (labelled “List Permissions”)
Add and Customize Pages (labelled “Site Permissions”)
Browse Directories (labelled “Site Permissions”)
View Pages (labelled “Site Permissions”)
Open (labelled “Site Permissions”)
List-level Permissions
Manage Lists (individual permission – which includes View Items, View Pages and Open)
Contribute (permission set)
For details and the methodology on how I arrived at these permissions, you're welcome to rad the whole gory story here: http://paranoidmike.blogspot.com/2010/10/found-minimum-permissions-to-edit-site.html
Im trying to run a command on the AddUserToGroup method via webservices (UserGroup.asmx).
I set up the code as follows.
//set up the user group
userGroup = new UserGroup.UserGroup();
userGroup.Url = vtiBin + "/UserGroup.asmx";
userGroup.Credentials = CredentialCache.DefaultCredentials;
So I have my credentials being passed to the webserive. Now I run the following
userGroup.AddUserToGroup("System Group", preferedName, userLogin, email, "");
this throws an exception, my account does not have permission. however if I run this code under a different user with GOD access it works
What is the minimum required permission??
I have given my account
Full Access to the User Information List (on the sharepoint site)
Manage Analytics, Manage Audiences, Manage User Profiles, Personal Features, Personal Site, Set Permissions (sharedServices Admin, Personalization services permissions )
Couldn't this also have more to do with the permission to manage the group rather than permission to use the web service? I know I've run into similar situations via the UI before, and it turned out that I didn't have permissions to edit the group's membership. I believe there are a few situations in which you have permission to edit a group's membership:
You are the creator of the group
The creator of the group (or a site collection administrator) designated you as an owner of the group
The group was configured to allow all group members to edit its membership, and you are a member of the group
You are a site collection administrator
Is it possible that none of those conditions fit for you?
There is a permission in SharePoint to allow for web service calls. It's called "Use Remote Interfaces". Your user should have this permission to make changes via web services.