I have created a custom Regular Role and I have inserted it inside portlet.xml of so-portlet(security-role-ref element) and I have also mapped it with the respective role in liferay-portlet.xml.
However, when a user owns only this custom Regular Role, an error message is displayed "You do not have the roles required to access this portlet".
It is also strange that this happens only in user's personal site, on any other site user is able to view the specific portlet.
Does anyone has any idea about this?
Since you have a Custom Regular Role for your App, you should edit the default Role Permissions
log as an admin
Go to Control Panel, Roles,
Find your Role, and from the Actions menu on the right side, pick Define Permissions
From the left menu, find your application
Edit your permissions. Make sure to have the 'View' action granted for your Role. You can additionally, allow it for all sites (default), or you can just select the 'User Personal Site'
Now, if you want to make an exception for a specific portlet instance (that's what I meant in my question, in the comments) you can:
Log as Admin
Navigate to the specific Page where your portlet instance is added.
Enable Edit Controls, and edit your portlet (mini menu on the upper right side, with the wrench icon)
Pick permissions and have your Role allowed to view the portlet
The Personal Site is a Private Site if I remember well, so i think your user is not a site member, necessary condition to view the private pages.
Related
I have a requirement that each user has a different set of portlets that he can see and manage based on his role.
I was initially thinking to model User Pages since I want each user to drag and drop the portlet around and set preferences. But then I realized I cannot have a single user home page and disable portlets based on role since all the portlets on a user page have view permission for "Owner"
Is something like this possible with Community home page. Can I configure a community home page with portlet which has role based permission. Every user will also have an option to drag around or add those portlets on the page and set permissions. I doubt I can give common access to all the user add portlet permission on the community page, since the page will be loaded with portlets.
In that case can I use the first approach and have flexibility to show set of portlets on user home page (private page) based on certain role and not have "Owner Role" interfere.
Is there some configuration where we can provide default Permissions for a Site page for a particular Role?
Similar to the functionality we have in Control Panel → Portal Settings → Users, here we can specify which Roles, Sites or UserGroups can be assigned to the User when the User is created.
To elaborate:
I have created a new Role say, Champion Role
Now I am creating public pages (Page1, Page2 etc) or private pages in a Site, say Site01.
I require that when the Page1 was created in Site01 then the VIEW & UPDATE permission should be automatically assigned to Champion Role.
I know this is possible through a listener hook by having a LayoutListener and overriding various methods, but I am looking for another easier or cleaner solution.
Thanks
I think you could and should do it by using the Liferay's Permission management system, and you should avoid extending code to do your task
Go to Control Panel → Portal → Roles → ChampionRole → Define Permissions → Sites, then
go to the Site actions subgroup and check the VIEW and UPDATE, then use the Limit Scope link, where you'll select the site:
After that, all you have to do is give this role to the right people, e.g like directly applying the Champion Role as a personal role to specific users, by the control panel
I want to disable (remove access) for Control Panel > My Account portlet for Power-user role or for my custom user.
It should display for Administrator role. Is there any portal properties or some other configuration?
Or do we need to achieve something through coding?
For this I would suggest you do the following:
1) Go into the Control Panel
2) Go to "Roles" under the "Portal" section
3) Go to "Actions" -> "Define Permissions" for the Power User role (or any other role you want to change)
4) Click "Delete" next to all permissions you want to remove from that role.
Changing them in portal-ext.properties will change them for all users, so this is your best approach.
I am not sure if the procedure in the other answer works. I doubt it for the version 6.0.6.
Another approach is to remove the My Accounts portlet from Liferay. To do so, open the file liferay-portlet.xml in <Liferay>/webapps/ROOT/WEB-INF/ and remove the portlet entry with the portlet-name 2.
Note: If you do so: no user will be able to view this portlet. But administrators are able to view the Users portlet and they can change their account at that location.
I need to customize as to which portlet appear in the "Add more portlet menu" as shown in the image below:
I need to restrict the number of portlets displayed in this menu based on the logged-in user or site (community). So that Site-owner or Site-admin will be able to add only those portlets to their pages which the omni-admin decides for them.
Does Liferay provide any such functionality (through configuration or something) or do I have to create a new portlet and a hook to achieve this?
Environment: Liferay 6.1 CE GA2
Any idea would be very much appreciated.
Thank You
The following is an answer given to the same question in the Liferay forum:
You can limit what portlets can be added to the page from the Administration side and don't have to do any development.
You will need to create a role however and add everyone on it. Here are the steps for achieving this:
Have the user be part of the organization or site that you want them to add portlets to.
Go to Control Panel -> Rolesand make a Regular Role (not an Organization or Site role)
In Define Permissions drop-down menu go to Portal -> Site -> Page -> and check Update as a defined permission.
Go to Define-permissions drop-down menu again and go to Site Application -> (choose Portlet Name that you want your user add to the page) -> Add to page.
Repeat Step-4, if necessary if there are other portlets you want the users to add.
Add this role to your user: Go to Control Panel -> User and Organizations. Click on your User and go to Roles.
Finally you need to go to Server Administration and execute the Clean Up Permissions to clear permissions for the Guest and Power Users roles.
This should now make it so that whatever user is attached to this role they will see an "Add" button on the left hand corner and will only be able to add portlets you specify in the role permissions.
You need to grant the ADD_TO_PAGE permission for the portlets that you want to allow. By default, Community Administrators have quite broad permissions for all portlets. Check the "Community Administrator" Role in "Define Permissions" (Control Panel/Roles/Community Administrator/Action/Define Permissions).
I suggest to see what a community administrator is allowed to do and create a custom role, define its permissions and make your "limited" admins member of this role instead of the default Community Administrator.
there is beter way .
all portlets permissions is checked in its permission table.
go to portlet manager and first un check all for "user"
so its not shown "Add more portlet menu"
I am developing a sharepoint 2010 visual webpart that will show some sort of ajax content.
I have a property on the webpart for the refresh rate, but I want this property to be set only by an Administrator (or any specific group).
What is the best way to achieve this?
Thank you.
In our organization, everyone by default is granted "Read" permission to our SharePoint sites through an "All Employees" Active Directory group. This allows users to browse the pages, but not edit them; and if you can't edit a page, you can't edit any web parts on the page.
Those who should have elevated privileges are added to other AD groups (you could use SharePoint groups too), and those groups are granted appropriate permissions.
You could create a custom Toolpart. Take a look at this example for a tutorial on how to create one.
Overall, your general steps will be:
Create your custom Toolpart class inheriting from Microsoft.SharePoint.WebPartPages.ToolPart
In your custom Toolpart, override CreateChildControls, write the code to display your textbox as long as the current user has permission (based on whatever rules you choose, ex: SharePoint group).
In your webpart, override GetToolParts and add your custom ToolPart so that it shows up in the right hand side