There are organizations, users, roles and groups in Liferay. But there are many methods in liferay API that returns company or need company id as argument. E.g. UserLocalServiceUtil.getUserByEmailAddress(long companyId, String emailAddress) or com.liferay.portal.model.User getCompanyId().
For what purpose the company is provided in Liferay? Why I have to provide company id to find user by email address?
Documentation does not say too much.
In short - you can have more than one portal instance in the same server (in the same database) and you need "companyId" to avoid db data conflicts between those instances. A single instance itself is a full portal with users,groups,roles and everything else. Having "companyId" you can save, for example, two users with same emailAddress for different instances.
Related
Our account department has asked me a question, that I didn't know the answer to.
Must first tell, that we are on a hybrid environment.
Each month I export our users from Azure, to forward it to the accounting department. Which then distributes the license costs for the internal department the user works in.
Our problem is that the department field in AD, isn't detailed enough as some of the departments have sub-departments. These sub-departments isn't mentioned in the field, cause we use that for our e-mail signatures, and we do not want to have these in official communication.
The accounting department is asking, if we can enrich the export, with a department number.
So is there a way, where I can use some of the other fields on the users AD object, that gets synchronized to Azure, and again gets into the export from the Active users list?
If your users are synchronized from on-premise AD to Azure AD, you could use the onPremisesExtensionAttributes property of the user object. There are fifteen extensionAttributes in onPremisesExtensionAttributes, you can store the department number in any one of them.
After storing them, you could refer to this link and this post to sync the attributes to Azure AD and get the attributes.
I am trying to get a list of users for a Liferay 6.2 site, but I can't seem to find a way to do so. I have the groupId, which I know is correct, since I can get the documents, but the query only gets directly added users, not inherited ones (e.g. from the organisation).
I just use the method UserLocalService.getGroupUsers(groupId), then loop through them. How can I get all users (i.e. the same as Site Memberships in Site Administration, but without the paging)?
update
I have a Liferay portal instance, it has several organisations with associated sites. Org A has User 1, 2, 3 etc. Org B has User 4, 5, 6. They have the same company id's (since they are part of the same portal), but different group id's. I only want those who are in Org A (directly added, part of any user groups or organisations which have been assigned). The site could also be a non organisation site (i.e. Org A and B assigned, but not any others, e.g. a new Org C), for document sharing between organisations. From my understanding, all sites are internally known as groups, from doing work with document libraries.
You could do two calls to get the site and the organization users, then one call to get the assigned organizations, iterate through them and get their users. Then combine all the results:
HashSet<User> groupAndOrganizationUsersSet = new LinkedHashSet<>();
groupAndOrganizationUsersSet.addAll(UserLocalServiceUtil.getGroupUsers(groupId));
groupAndOrganizationUsersSet.addAll(UserLocalServiceUtil.getOrganizationUsers(
GroupLocalServiceUtil.getGroup(groupId).getOrganizationId()));
for (Organization organization :
OrganizationLocalServiceUtil.getGroupOrganizations(groupId)) {
groupAndOrganizationUsersSet.addAll(UserLocalServiceUtil.getOrganizationUsers(
organization.getOrganizationId()));
}
List<User> groupAndOrganizationUsers = new ArrayList<>(groupAndOrganizationUsersSet);
Maybe this
UserLocalServiceUtil.getCompanyUsers(long companyId, int start, int end)
for a standard non pagination result (you know the risk) use
UserLocalServiceUtil.getCompanyUsers(PortalUtil.getDefaultCompanyId(), -1, -1)
I've been reading about and playing with ASP.NET MVC lately, to figure out if it will be the new framework for an exisiting product.
The product consists of a multi-user website where the customers are created by me and added to their respective companies. Each user then has access to do some stuff, add data etc. in the scope of his own company.
How would I go about creating a structure like that in MVC?
I basically want to be the "super-admin" that can create new users, add them to companies and control their rights.
The regular users will also have different user roles (admin, user, guest) within their company.
I've got pretty much everything else set up (MVC and the Entity framework is awesome), but I just need this last layer of separation.
Any help is much appreciated.
There's really two pieces to this. The first is roles. Simply create a clear designation between roles for a company versus roles for the entire application, for example: "Admin", "CompanyAdmin", "CompanyUser", and "CompanyGuest". There, I literally mean "Company", not a placeholder for a specific company name. You should only have one set of roles applicable to all company users.
The second piece is a form of ownership authorization. Each user is assigned to a company, surely through a foreign key on your user entity. Your routes will contain some component that identifies the company being utilized, whether that be via a subdomain, or just part of the path, i.e. /FooInc/Bar/Baz. In your actions, you'll use this component to look up the company from your pesistence store and then compare that with the company the user is assigned to. If the two do not match, then you return a 403. Otherwise, you let the user proceed.
There's many ways that can be done. You could use an action filter, base controller, etc. That's largely up to you and the needs of your application. Regardless, ASP.NET MVC is very capable to handle such a thing.
I have an application where a user can be linked to several companies.
The manyToMany relationship with the company is a distinguished entity called Associate.
I'd like to give to this Associate entity the exact same role functionnality as my FOSUserBundle User entity has. Important : if a user has a role_manager for one company, it should not be given the rights to access specific features of another company he belongs to too.
Is there a clean way to do this?
I'd like to check for instance if $this->getUser->getAssociate->hasRole('ROLE_MANAGER') is true.
What if I give a role array to my entity Associate? I've read it's not secure enough? Why? What could someone do to break that security if anyway my users have to pass through FOS security login checks?
I've found an article where using a voter is suggested. But I don't want to filter routes, I really want to check the condition against the link between a user and a company, so if a voter is the solution, how would I use it?
EDIT: if a better solution not involving roles or with different logic exists, I am interested in learning about it!!
So in my case, I actually one user can actually be only linked to a maximum of 4 companies, each of a different kind defined by its category.
The official doc would suggest using ACL, defining a role for every company or store the data in the entity. cf first paragraphs of :
http://symfony.com/doc/current/cookbook/security/acl.html
I used a combination of roles and business logic. I've created roles for every type of company and since one user can only have one company per type, I just had to check for the type and the role-manager associated to the type.
See my voter here:
symfony2 call is_granted in voter : how to avoid an infinite loop?
I'm developing a liferay portlet. I use Service Builder. The question is that do I have to use companyID and groupID in my entity fields? What should I do if I don't want to have these fields? If I don't use them how can I use resourceLocalService.addResources() method?
They are not required but they are convenient to have.
Liferay has many additional services available to you to use like permissions, users, document library. These services are almost always scoped to a portal instance, for example, Users are scoped to an instance which is tracked by companyId. Some are scoped to a group like document library.
So depending on what Liferay services you are planning to use and at what scope those services operate, it is convenient to have those values stored as well for easy lookup when you're calling those services you are using.
Notice that the DBA team didn’t specify these two foreign key fields in the tables, but you add them anyway. You do this because the DBAs didn’t know the internal workings of Liferay when they designed the table.
These fields are internal to Liferay and are used for context purposes in non-instanceable portlets.
CompanyId corresponds to the portal instance to which the user has navigated, and groupId corresponds to the community or organization to which the user has navigated.
Because you’ll use these field values as parameters in all your queries, the portlet will have different data in different portals, communities, and organizations.