I've previously added filters to JournalArticleLocalServiceImpl Class before calling addArticleResources() method and setting the addGuestPermissions boolean to false to disable default permissions for Guest/Site member roles on WEB CONTENT.
The change reflects on control pannel--> Web content, but not on WEB CONTENT DISPLAY PORTLET.
What needs to be done to disable default gues/site member permissions on Web content display
liferay version: 6.1.2
If I understand you correctly, you have an article which does not have guest view permission. When you add it to a Web Content Display Portlet, the portlet's permissions are unchanged?
In case this describes your situation: Note that this is completely expected: The portlet is configured to show any article. When the portlet is "protected", this has nothing to say for the article. A read-protected article on the other hand would leave an empty portlet, e.g. the article would not be shown, despite the portlet's permission.
If this does not describe your situation, please describe with more detail
Related
Using Liferay 6.2, I try to workaround to set a specific layout for the Terms of use, shown after an user registered to the portal, and also Verify Email Address page after the user clicked "Agree" under URL /c/portal/....
I would like to have these pages showing with a look and feel I created. For example, I have created a layout called "1_column_white" in the theme I am using for this site and would like to assign to these pages (Terms of use and Verify Email Address). I did try to overwrite property in portal.properties but there is nothing come up.
Please kindly give me an advice.
Regards,
Create a Liferay hook as explained here to modify /portal-trunk/portal-web/docroot/html/portal/terms_of_use.jsp file as per your requirement.
I'd like to to hide the in-built "Sign-in" portlet for users that have logged in.
How do I set permissions to achieve this?
Liferay uses RBAC permission model, which probably won't allow you to achieve this through permissions. This is because it's utterly illogical to deprave a system role from a permission granted to a guest.
Consider some other options, from the top of my head:
Create a layout-template which show or hides some portlet column depending on whether current user is not guest (not entirely sure if this will be that easy as it depends on which variables exactly are available in layout-template velocity environment)
Wrap sign-in portlet in another portlet
Simply hook sign-in portlet's JSP
Javascript maybe? Probably the easiest solution, not the best though
Another way of achieving this is to create a public page which contains the Login portlet, let's say the page is called Login (this page and it's portlet should be viewable by guests).
Next, create another page and call this Welcome. Put some portlets on it for logged in users to see. The page should preferably private, however if it's public ensure you change permissions so guests can't see portlets etc..
Now go to Control Panel > Portal > Portal Settings and modify the Navigation links (hover over the question mark icon for informative tooltips explaining what each link does).
Here is an example, following on from what I've mentioned above with the Login and Welcome pages:
Simples! No code modifications or custom themes!
Liferay adds the signed-in class to your <body> element. If you can live with it being available in HTML, but just not shown, add
.signed-in .portlet_login {
display:none;
}
or similar to your theme or the login-portlet's look&feel advanced styling.
You can render/not render many things based on $is_signed_in check in Theme VM files.
is_signed_in will be true for logged in users and false otherwise.
Some examples are below from portal_vm.vm
#if(!$is_signed_in)
$sign_in_text
#end
#if($is_signed_in)
#if($permissionChecker.isOmniadmin()== true)
#dockbar()
#end
#if(!$is_signed_in)
$theme.include($themeServletContext, "/jsp/someJsp.jsp")
#end
This is basically two question? First i was wonder how to change the page liferay redirects when a user tries to access a page that has Power User view permissions. Liferay by default points to localhost:web/guest/home where they have their login page. On my application i have a different login in page and i want to redirect to the following page. I was browsing the web and found out that by setting auth.login.site.url=/whereiwontittopoint should actualy redirect me there. However it does not. I'm using Liferay 6.0.6 Community Editions. Has anyone done this? Is this the right way or this need to be done with a hook?
My other question is the following. I want to have a custom role on some pages. And i want when a user does not have that specfic role to be redirect to a totaly different page not the default login. I'm fairly sure this can be done by using the hook on some service but for some reason i can not identify this service.
EDIT
Ok for the first question i solved the issues. For the second question the answers i got here were not what i was looking for probably because i didn't post the question correctly. This is a full scenario of what i have done and what i need to do:
First of all i changed the /web/guest path that's on every liferay page to web/somthing/ this might not play a crucial role but the problems(some of the problems) started when that happend. THe over all idea is the following. I'm using spring mvc to create the application. I have created a backend to my application from where the admin can create pages for other users to see(This is not done by going to the control panel of liferay and adding a page but through the logic of the application). Once a page is created depending on some logic i create a role for that certain page(customer role also through code not the liferay admin). Some of the users are given this role if the satisfy some criteria and some are not. Here my problem arises, once a user that is loged in to my application tries to access a page (by inputting a direct URL in the browser to the page) that requres the view permision of the role i create for that page and the user does not have the appropriate role he gets redirect to lets say localhost/web/(username)/home a personal page and for some reason on that page by default from liferay he is able to view personal data(user name) of all other users of the application. My question is how through code to handle the redirection that happens of the above scenario.
I have tried on one attempt to actualy hook the servlet.service.events.pre action and before the user access that page to check if he has the appropriate permisions and actualy change his request. So far i have some issues but i can resolve them but this approach is not what i not rly what i am looking for because this action is executed before every single request on the application( and the page handling is just small part of that application) which means i will have a lot of code executing for no reason. I was wondering if there are any ways to add where the exception will redirect when i create the role? If not what action should i hook that will help me solve this scenario but with out the unneeded extrea trafic that i am creating with hooking servlet.service.events.pre action?
For the second stuff a bit hacky way could be as follows
1) Define set of roles against which you want to check in portal-ext.properties. You can add some property like my.super.secret.roles=rolename1,rolename2
2) Add a property for a redirect page url in portal-ext.properties so that you can redirect user there.
3)Add a custom attribute for Layout named checkForSecretRoles which has to be boolean and visible on Page. This will show you a checkbox in Manage page for each page, so that an admin can easily check or uncheck the value
4)Add a condition in your theme (portal_normal.vm) to check if the page has a check for secret role and then check the users role falls in any of the roles defined in portal-ext.properties. If yes then issue a redirect to the page specified by your custom redirect page url property
For your first question, it should work -
auth.forward.last.paths=/sign-in
sign-in would be your page name
The answer for your second question is, you have to create a Hook extending Action and made the below entry in your portal-ext.properties.
login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.CustomLandingPageAction
There is a lot of information you can found on forum about how to use this property.
for 1. set default.landing.page.path=/whereiwontittopoint in portal.properties, see Liferay Login page redirect
for 2. create a hook, set servlet.service.events.post=com.my.action.MyAction and impliment this action, at this point you can redirect user to another page.
I am using Liferay 6 for development .
I have developed a Custom Login Portlet using Struts2 .
I am able to display my Custom Login page , On click of the Submit Button after validating the credentials aganist our MYSQL Databse , please tell me how can i display my 4 other Custom Portlets on entering valid credentials ??
please guide me what is the concept i should refer for this in liferay
( I am using Liferay 6 for development )
Okay, the way I would suggest you do this is by:
adding the 4 other portlets to your Custom Login page (or add a redirect on successful login, and them to the page you redirect to)
Set the permissions of your Custom Portlets to be viewable by only authenticated users. This can be done by removing Guest "View" permissions. This way a non-authenticated user or "Guest" won't see your portlets when the go to the page.
Does this answer your question?
~~ EDIT IN RESPONSE TO COMMENT ~~
Okay, so if you're using Struts, instead of redirecting to a JSP file, you want to redirect to a URL instead. So instead of /view/result.jsp it should be something like http://yoursite.com/page_with_4_portlets_on_it or just a relative URL /page_with_4_portlets_on_it (if the two pages are on the same Navigation level.
HOWEVER:
If you're new to Liferay then I would strongly suggest you use Liferay's inbuilt Portlet architecture using their MVCPortlet class. This will handle all the mappings, and workings that you have to manually write for using Struts. Then you can implement a doPost() method and do a ActionResponse.sendRedirect("/page_with_4_portlets_on_it");
Then this means that when your form action completes Liferay will redirect the user to the page you've specified.
The best place to get started with Liferay 6 portlets, the Liferay way is here.
we created one page and placed under LAYOUTS folder.so can u tell me can all users access this page by giving their AD credentials.
some users are not able to login to this page.
pleage give me some suggestions.
The default Application Page setup will require the View Application Pages permission, and all derived permissions. You can manually configure the permissions of the application page by defining the RightsRequired property of the page. This is usually defined OnLoadComplete, but you can specify to occur after OnPreInitComplete by configuring the RightsCheckMode property.
But, without fiddling in these settings, it is still possible that certain users who have the read permissions on the general site may be barred from the Application Page. This can arise whenever you have controls that require different permission levels. For example, if you have a custom application page that has a field control associated with a specific list and item, if that control is in Edit mode then the user needs Edit permissions for that list and item in order to view the application page. It does not actually matter if this field control has anything to do with the list in question! For example, I once had an application page designed for bulk-downloading files which are in two folders. I wanted to re-use this page for a few different document libraries, so I decided to create a custom multi-lookup field control that would take the List query string as if on a New Form, and build the list of items to download that way. But this page was blocked for a subset of users who were not allowed New item permissions in one of the two folders, even though the page technically didn't do anything involving adding new items.
Any other elements on the page which require a separate set of permissions than general site permissions will also interfere, but the general case is with item-level and list-level permissions conflicting with the site-level permission. Simply check all of your controls, especially ones based on SharePoint web controls. As long as the user has permissions necessary to operate all of these, the user should be able to view the application page.
The entire user who has read permission, they can access this page.
If this page trying to do any manipulation, which needs hire permission, you may get access denied.
For trouble shooting comment all cods and try to access this page with read permission.