I have a requirement that each user has a different set of portlets that he can see and manage based on his role.
I was initially thinking to model User Pages since I want each user to drag and drop the portlet around and set preferences. But then I realized I cannot have a single user home page and disable portlets based on role since all the portlets on a user page have view permission for "Owner"
Is something like this possible with Community home page. Can I configure a community home page with portlet which has role based permission. Every user will also have an option to drag around or add those portlets on the page and set permissions. I doubt I can give common access to all the user add portlet permission on the community page, since the page will be loaded with portlets.
In that case can I use the first approach and have flexibility to show set of portlets on user home page (private page) based on certain role and not have "Owner Role" interfere.
Related
I need that each page is administered by one person or group of persons.
Do I need to create one role each for every page I have to administer(Page1 administrator, page 2 administrator) or can I just create one generic role named "Page Administrator" and have some thing like a user having Page Administrator role can manage only page1 and similarly another user having the same "Page Administrator" can only manage "page2"? This is to avoid creating as many roles as there are pages in the system.
it depends... The easiest and most maintainable way to assign permissions in Liferay is through roles per site. If you have 1 page per site, you're good to go with a site role. You can build the navigation from many different sites, an example is this POC app by yours truly.
If you create roles (or teams) per page, be aware that page management is a different beast than content management: All of the pages of one site share the same content. Thus it might be hard to solve, if you also want the page administrators to maintain the content.
I have created a custom Regular Role and I have inserted it inside portlet.xml of so-portlet(security-role-ref element) and I have also mapped it with the respective role in liferay-portlet.xml.
However, when a user owns only this custom Regular Role, an error message is displayed "You do not have the roles required to access this portlet".
It is also strange that this happens only in user's personal site, on any other site user is able to view the specific portlet.
Does anyone has any idea about this?
Since you have a Custom Regular Role for your App, you should edit the default Role Permissions
log as an admin
Go to Control Panel, Roles,
Find your Role, and from the Actions menu on the right side, pick Define Permissions
From the left menu, find your application
Edit your permissions. Make sure to have the 'View' action granted for your Role. You can additionally, allow it for all sites (default), or you can just select the 'User Personal Site'
Now, if you want to make an exception for a specific portlet instance (that's what I meant in my question, in the comments) you can:
Log as Admin
Navigate to the specific Page where your portlet instance is added.
Enable Edit Controls, and edit your portlet (mini menu on the upper right side, with the wrench icon)
Pick permissions and have your Role allowed to view the portlet
The Personal Site is a Private Site if I remember well, so i think your user is not a site member, necessary condition to view the private pages.
I've created a Regular User Role in my Liferay Portal titled Announcement Poster - the purpose of this role is to give all normal, non-administrative users the ability to add only the Announcement and the Alert Liferay out-of-the-box portlets to a page, as well as modify and delete those portlets as needed.
According to this post pertaining to Liferay 6.1, this can be done very simply by defining a Role's permissions and I've seen other users have success with the method, however in Liferay 6.2 I cannot achieve this - With my current settings, the user can still see the Edit and Preview options as well as the Portlet Configuration option. I simply want only the Add option to be displayed to a user assigned to this role.
My defined role permissions are as follows:
So far I've tried many combinations of Site, Site Setting & Application permissions but can't achieve the desired outcome; has anyone had any luck with this or a similar situation?
Subsequent Liferay forum post https://www.liferay.com/community/forums/-/message_boards/message/43455741
I don't think it is a Liferay bug, simply those buttons are not under permission system. You can hide them via css, or better, you can hook the dockbar JSP and render them with your own conditions.
EDIT:
When I say "those buttons are not under permission system" i mean singly.
I need to customize as to which portlet appear in the "Add more portlet menu" as shown in the image below:
I need to restrict the number of portlets displayed in this menu based on the logged-in user or site (community). So that Site-owner or Site-admin will be able to add only those portlets to their pages which the omni-admin decides for them.
Does Liferay provide any such functionality (through configuration or something) or do I have to create a new portlet and a hook to achieve this?
Environment: Liferay 6.1 CE GA2
Any idea would be very much appreciated.
Thank You
The following is an answer given to the same question in the Liferay forum:
You can limit what portlets can be added to the page from the Administration side and don't have to do any development.
You will need to create a role however and add everyone on it. Here are the steps for achieving this:
Have the user be part of the organization or site that you want them to add portlets to.
Go to Control Panel -> Rolesand make a Regular Role (not an Organization or Site role)
In Define Permissions drop-down menu go to Portal -> Site -> Page -> and check Update as a defined permission.
Go to Define-permissions drop-down menu again and go to Site Application -> (choose Portlet Name that you want your user add to the page) -> Add to page.
Repeat Step-4, if necessary if there are other portlets you want the users to add.
Add this role to your user: Go to Control Panel -> User and Organizations. Click on your User and go to Roles.
Finally you need to go to Server Administration and execute the Clean Up Permissions to clear permissions for the Guest and Power Users roles.
This should now make it so that whatever user is attached to this role they will see an "Add" button on the left hand corner and will only be able to add portlets you specify in the role permissions.
You need to grant the ADD_TO_PAGE permission for the portlets that you want to allow. By default, Community Administrators have quite broad permissions for all portlets. Check the "Community Administrator" Role in "Define Permissions" (Control Panel/Roles/Community Administrator/Action/Define Permissions).
I suggest to see what a community administrator is allowed to do and create a custom role, define its permissions and make your "limited" admins member of this role instead of the default Community Administrator.
there is beter way .
all portlets permissions is checked in its permission table.
go to portlet manager and first un check all for "user"
so its not shown "Add more portlet menu"
I am developing a sharepoint 2010 visual webpart that will show some sort of ajax content.
I have a property on the webpart for the refresh rate, but I want this property to be set only by an Administrator (or any specific group).
What is the best way to achieve this?
Thank you.
In our organization, everyone by default is granted "Read" permission to our SharePoint sites through an "All Employees" Active Directory group. This allows users to browse the pages, but not edit them; and if you can't edit a page, you can't edit any web parts on the page.
Those who should have elevated privileges are added to other AD groups (you could use SharePoint groups too), and those groups are granted appropriate permissions.
You could create a custom Toolpart. Take a look at this example for a tutorial on how to create one.
Overall, your general steps will be:
Create your custom Toolpart class inheriting from Microsoft.SharePoint.WebPartPages.ToolPart
In your custom Toolpart, override CreateChildControls, write the code to display your textbox as long as the current user has permission (based on whatever rules you choose, ex: SharePoint group).
In your webpart, override GetToolParts and add your custom ToolPart so that it shows up in the right hand side