I want to hide top menu navigation bar when user role is "ERP USER", logout link should be remains there. or how to remove navigation item "My Profile", "My Account" & "My Dashboard". due to some security access in third party application i need to disable this navigation items.
Can anybody explain me how to accomplish my requirement?
Thanks!!!
You can remove My Profile, My Dashboard and Control Panel entries by modifying portal configuration, the rest requires some development. First two will disappear if you set followig options in portal-ext.properties to false:
#
# Set whether or not private layouts are enabled. Set whether or not private
# layouts should be auto created if a user has no private layouts. If
# private layouts are not enabled, then the property
# "layout.user.private.layouts.auto.create" is assumed to be false.
#
layout.user.private.layouts.enabled=true
layout.user.private.layouts.auto.create=true
#
# Set whether or not public layouts are enabled. Set whether or not public
# layouts should be auto created if a user has no public layouts. If public
# layouts are not enabled, then the property
# "layout.user.public.layouts.auto.create" is assumed to be false.
#
layout.user.public.layouts.enabled=true
layout.user.public.layouts.auto.create=true
That you will disable User's private and public pages (and remove them from dockbar).
To get rid of Control Panel, you have to revoke Access Control Panel permission in Roles configuration (usually for User role).
Your other two requirements - hiding My Profile or removing Dockbar will require more effort.
To get rid of My Profile you will need to create JSP hook for Dockbar portlet (in version 6.2 it should be https://github.com/liferay/liferay-portal/blob/master/portal-web/docroot/html/portlet/dockbar/view_user_account.jspf).
The easiest way to hide dockbar for specific role is to implement role checking in portal_normal.vm/ftl of your theme. In standard unstyled_ theme you have to change the following lines https://github.com/liferay/liferay-portal/blob/6.2.0-ga1/portal-web/docroot/html/themes/_unstyled/templates/portal_normal.ftl#L21-L23
You can remove navigation bar using Liferay theme from portal_normal.vm for specific user. Apply this theme to your current site.
Related
This is my first question, so sorry for the mistakes.
Actually, I want to apply my custom layout on liferay portal screen(s) like new password screen (physically that is not a layout and behaves like a pop_up over current page on first login, if password reset required is set to true).
This pop_up keeps on showing even if you manually change the URL in navigation bar, until you update new password.
And I am not able to find any way to achieve this.
Thanks in advance.
Just go:
Control Panel > Sites > {Your site name} > "Pages" category > "Sites pages" section >
Private/Public Pages
And select your Own Theme in "Available Themes" in order to save it.
I've previously added filters to JournalArticleLocalServiceImpl Class before calling addArticleResources() method and setting the addGuestPermissions boolean to false to disable default permissions for Guest/Site member roles on WEB CONTENT.
The change reflects on control pannel--> Web content, but not on WEB CONTENT DISPLAY PORTLET.
What needs to be done to disable default gues/site member permissions on Web content display
liferay version: 6.1.2
If I understand you correctly, you have an article which does not have guest view permission. When you add it to a Web Content Display Portlet, the portlet's permissions are unchanged?
In case this describes your situation: Note that this is completely expected: The portlet is configured to show any article. When the portlet is "protected", this has nothing to say for the article. A read-protected article on the other hand would leave an empty portlet, e.g. the article would not be shown, despite the portlet's permission.
If this does not describe your situation, please describe with more detail
I am trying to set up some restrictions within my Sitecore instance so that users who only have permission to create items within a subsection of a site also have the publish permission, but only have the ability to publish items where they have create content permission.
For example I have the content similar to the following:
Sitecore
|- Content
|- Home
| - WhatWeDo
| - Infrastructure
| - Training
| - Locations
| - Europe
| - North America
I have set up the Everyone role to have read permission to all items within the content tree, and I have specifically specified that they are denied write, rename, create, and delete permission
I have set up a role, "WhatWeDo" and has been granted write, rename, create, and delete permission to item WhatWeDo and its descendants.
Now if I add the "WhatWeDo" role to the Client Publishing role, then the users who have been granted "WhatWeDo" role, also have the ability to publish, but they have the ability to publish any item within the content tree. i.e. The Publish button on the Publish ribbon is displayed.
Mostly when I have tried googling this, they are talking about publishing restrictions. i.e the Publishing Settings dialog, but this is of no use to me in this scenario.
I have found this https://stackoverflow.com/a/6351649/1442308 but I cannot seem to get this working and I suspect that it is related to very old version of Sitecore and no longer applies.
I have also updated my config so that the publishing should only publish if have read and write permission
<setting name="Publishing.CheckSecurity" >
<patch:attribute name="value" value="true" />
</setting>
But this has had no effect on restricting users publishing content tree items that they should not as the user is still able to publish items within the Locations section of the content tree. i.e. The publish button is still visible on the Publish ribbon.
I need to restrict this so that those users who have been granted the "WhatWeDo" role can only publish item WhatWeDo and its descendants, and do not have the ability to publish any other item within the content tree. i.e They should only have the publish button visible when they are in the WhatWeDo item or any of its descendants.
Update
Updated question to make it clearer that I want to make sure that the publishing button is not visible on the ribbon bar.
The Publishing.CheckSecurity setting is used durring the execution of the publish, so only items that the user has access to are actually published. It does not affect access to the publish ribbon button.
Typically, people use workflow to achieve what you are looking for. Set up a workflow with a publish action. The sample workflow provided with the initial install gives an example of this. Then you can restrict access to the workflow command.
Update
The Sample Workflow that is provided out-of-the-box has everything you need to get this to work. It has the commands and the auto-publish action as well as the security settings applied for the Sitecore Client Authoring role.
Since you have already applied security to your content items, all you would need to do is assign those items to the sample workflow. You could duplicate it and rename it if you wanted. You could also rename the Approve command to Publish.
To ensure that the standard publish button does not appear in the ribbon, make sure that these users are not members of the Sitecore Client Publishing role.
(Sorry but I don't have the comments option enabled yet.)
I would definitely go for the workflows option. As mentionned in the comments, the Publish button will be enabled through the security permissions, but as a general ability, not dependent on the items permissions. If you don't want the Publish button to show up without going into fancy customizations, you should forget this option.
Instead of the classical Publish button, users would have the workflow button triggering the publish action, under the Review tab. It wouldn't change that much for your end-users. It will even get them used to the workflow actions, that you could further use and refine, later in your project. You could take this opportunity to introduce them in your project, moreover it's perfectly suiting your needs.
Don't hesitate to ask if you want more detailed explanations on how to set up such a workflow.
It's not possible hide the publish button in the ribbon out of the box for items that the user does not have access to, but it is quite simple to use the Rules Engine to control whether the button is shown or not. It will require some coding though, there is no way around that.
You can find more information in these blog posts, but there are some differences for Sitecore 7.1+ due to changes in the Rules Engine:
Rule-Based User Interface Components for the Sitecore Client
How to create a custom ribbon in Sitecore Content Editor
Limiting Conditions and Actions with Sitecore 7.1+
1. Create the rule action class
In your Visual Studio Project create the CommandRuleContext and SetCommandState classes as specified in first blog post.
2. Create the Rule in Sitecore
This is where there have been a lot of updates in Sitecore 7.1+, the third blog post explains the new structure of the rules engine:
Under /sitecore/system/Settings/Rules/Definitions/Tags create a new tag called Command State
Under /sitecore/system/Settings/Rules/Definitions create a new folder called Command States and add the 4 states shown in Step 1.14
Create a new Element Folder under /sitecore/system/Settings/Rules/Definitions/Elements called Command Rules
Insert a new Action under this folder. Set the field values as:
Text: set command state to [commandstateid,Tree,root=/sitecore/system/Settings/Rules/Definitions/Command States,specific command state]
Type: MyProject.Custom.Commands.SetCommandState, MyProject.Custom
Select the Tags/Default item and select Command State from the list of tags. This is the tag we defined earlier.
Now under /sitecore/system/Settings/Rules insert a new "Rules Context Folder" called Command Rules and then add a new rule in the Rules folder.
Before we create the rule we need to associate tags to show the conditions and actions. Select the "Tags/Default" item again and this time select Command State and Item Security. You can select different tags if you want to use different conditions (e.g. Item Hierarchy, Item Information, Security etc)
Now create the rule with condition you need, e.g.
3. Update the command to use the Rules
We need to update the code for the Publish button command to use the Rules we have defined.
Create a new command class inheriting from the existing Publish command:
using Sitecore.Data.Items;
using Sitecore.Diagnostics;
using Sitecore.Rules;
using Sitecore.SecurityModel;
using Sitecore.Shell.Framework.Commands;
namespace MyProject.Custom.Commands
{
public class PermissionBasedPublish : Sitecore.Shell.Framework.Commands.PublishNow
{
public override CommandState QueryState(CommandContext context)
{
Assert.ArgumentNotNull(context, "context");
var state = base.QueryState(context);
if (state != CommandState.Enabled)
return state;
return RunRules(context);
}
private CommandState RunRules(CommandContext context)
{
Item parentRuleItem;
var ruleContext = new CommandRuleContext();
ruleContext.Item = context.Items[0];
using (new SecurityDisabler())
{
parentRuleItem = ruleContext.Item.Database.GetItem("/sitecore/system/Settings/Rules/Command Rules/Rules");
if (parentRuleItem == null)
return CommandState.Enabled;
}
RuleList<CommandRuleContext> rules = RuleFactory.GetRules<CommandRuleContext>(parentRuleItem, "Rule");
if (rules == null)
return CommandState.Enabled;
rules.Run(ruleContext);
return ruleContext.CommandState;
}
}
}
And now we can patch in this command instead of the default one:
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">
<sitecore>
<commands>
<command name="item:publishnow">
<patch:attribute name="type">MyProject.Custom.Commands.PermissionBasedPublish, MyProject.Custom</patch:attribute>
</command>
</commands>
</sitecore>
</configuration>
The visibility of the publish button is now based on defined rules. With the rule defined above, the button will only be visible if the user has write access to the current item they are one.
The user will still need publish permission using the appropriate roles. Note that using out of the box roles means the user will have access to the Publish Site option from the drop down as well. You need to restrict access to /sitecore/content/Applications/Content Editor/Menues/Publish/Publish Site in the Core database and the shortcut from the desktop as appropriate.
You may also want to combine this with the Publishing.CheckSecurity setting by setting it to true.
I'll add that giving users Publish rights as a general rule is a bad idea IMO since every publish, even of a single item (and this includes Auto-Publish with Workflow) will clear the HTML caches and may lead to performance issues.
I need to remove "Add New" button from Asset Publisher portlet for the role "Power User" in Liferay 6.1.
How can I do it. Please help.
The "Add New" Button only appears when a user has permissions to create one of the assets displayed in AssetPublisher. It seems that your users/power users have permission to create content - this can be WebContent, Blogs or others. For example this typically happens in their own personal site where they have write permissions by default.
You can either remove that permission from the Power User, use standard users (there has been a recent blogpost about the difference between the two) or, if the permission is ok, just the UI should disappear either override the AssetPublisher UI with a hook (remove the button there) or use the simple CSS-trick ("display:none") in the portlet's "Look&Feel/Advanced Styling" section
I'd like to to hide the in-built "Sign-in" portlet for users that have logged in.
How do I set permissions to achieve this?
Liferay uses RBAC permission model, which probably won't allow you to achieve this through permissions. This is because it's utterly illogical to deprave a system role from a permission granted to a guest.
Consider some other options, from the top of my head:
Create a layout-template which show or hides some portlet column depending on whether current user is not guest (not entirely sure if this will be that easy as it depends on which variables exactly are available in layout-template velocity environment)
Wrap sign-in portlet in another portlet
Simply hook sign-in portlet's JSP
Javascript maybe? Probably the easiest solution, not the best though
Another way of achieving this is to create a public page which contains the Login portlet, let's say the page is called Login (this page and it's portlet should be viewable by guests).
Next, create another page and call this Welcome. Put some portlets on it for logged in users to see. The page should preferably private, however if it's public ensure you change permissions so guests can't see portlets etc..
Now go to Control Panel > Portal > Portal Settings and modify the Navigation links (hover over the question mark icon for informative tooltips explaining what each link does).
Here is an example, following on from what I've mentioned above with the Login and Welcome pages:
Simples! No code modifications or custom themes!
Liferay adds the signed-in class to your <body> element. If you can live with it being available in HTML, but just not shown, add
.signed-in .portlet_login {
display:none;
}
or similar to your theme or the login-portlet's look&feel advanced styling.
You can render/not render many things based on $is_signed_in check in Theme VM files.
is_signed_in will be true for logged in users and false otherwise.
Some examples are below from portal_vm.vm
#if(!$is_signed_in)
$sign_in_text
#end
#if($is_signed_in)
#if($permissionChecker.isOmniadmin()== true)
#dockbar()
#end
#if(!$is_signed_in)
$theme.include($themeServletContext, "/jsp/someJsp.jsp")
#end