Running 4.1.0.2013040182144-PE on Liferay 6.1.1-CE with Liferay User/Role mapping.
Liferay Scenario:
User: Joe
User Group: admin
Role: form-admin
With Joe as a member of admin, and admin a member of form-admin, I can successfully set form-based permissions in FB for form-admin. I can't, however, use form-admin within the form for read-only constraints, I need the User to be directly a member of the Role.
Is this a known constraint on Liferay Role pass-through?
Related
As a programmer, I would like to create Role and Permissions in Liferay and assign it to a User and a Site template or site without the intervention of Liferay Admin.
Please help me with the code if anybody has already done it. I am using Liferay 6.1
Liferay Provides set of api for doing create user , roles etc . You could go through below api which will create user and role also assign respected association between user, site and roles
https://docs.liferay.com/portal/6.1/javadocs/com/liferay/portal/service/UserLocalServiceUtil.html
https://docs.liferay.com/portal/6.1/javadocs/com/liferay/portal/service/RoleLocalServiceUtil.html
Thanks
I've created a user role, which doesn't inherit permissions from Guest. I've achieved it through portal-ext.properties with permissions.check.guest.enabled=false param. But now, if I logged in with this new user role, I can't log out, since I can see the User Personal Bar (probably because of some permission settings). Any idea how to enable the User Personal Bar for my custom user role? I'm using Liferay 7.1 CE.
I have created a 'Site User' role which is appropriate for users who will be Viewers on every available portlet. For example a user with this role should be only allowed to view documents in Documents and Media portlet but not allowed to add a new document or edit an existed.
I have defined the proper permissions in my Site role, however users with this Site role are still able to create events or add documents etc.
All these users are also assigned with the Social Office User role but as I'm seeing there is no such permission granted from this role.
I'm wondering if this is a normal behavior or the only solution is to modify portlets in a way that they won't allow users without the 'Site Admin' role to perform certain actions.
They're most likely still assigned to the "User" role (portal wide), or gets the permission from being a "Site Member". As you can't remove permissions, only add them through roles, check these roles for their bundled permissions.
They're assigned as default to Site Member role as Olaf stated. Look this file:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/resource-actions/documentlibrary.xml
As Site Member you have :
<site-member-defaults>
<action-key>ADD_DOCUMENT</action-key>
<action-key>ADD_FOLDER</action-key>
<action-key>ADD_SHORTCUT</action-key>
<action-key>SUBSCRIBE</action-key>
<action-key>VIEW</action-key>
</site-member-defaults>
as default action permissions.
In users' personal sites pages(/user/xx/so/dashboard), user bar and dockbar are not accessible from any user without the power user or administrator role. In every other site's page, users can normally access it without these 2 roles.
Why is this happening?
This issue was resolved by creating a hook that assigns automatically the Power User role on every newly created user.
A Liferay staff member told me that Power User role is required for all social office plugins, sites etc. liferay post
I am working on a new liferay implementation. I have all of my users in an external system, and have used the external env. to authenticate through my own authentication system. I also store roles in this same system. I have been able to successfully pass these to liferay so that all of my users roles are available in liferay.
I would like to create an organization or community that is associated with a role. For example if I have a role called 'myusers' in my external system, I would like to tie that role to an organization or community in liferay. Then when a user logged in to liferay with that role, they would be able to be part of that organization or community. Is this possible in liferay? I know it's kind of backwards to the normal flow in liferay of adding roles to users and then adding user to a community or organization.
You can modify the below code to check if the user belongs to a role and then add him to the appropriate organization.
To add a user to all Organizations:
public final static void addAllOrganizationstoUser(long userId) throws SystemException, PortalException {
// gets all organizations
List<Organization> organizations = OrganizationLocalServiceUtil.getOrganizations(ALL_POS, ALL_POS);
long[] users = new long[]{userId};
// register user to orgs
for (Organization organization : organizations) {
UserLocalServiceUtil.addOrganizationUsers(organization.getOrganizationId(), users);
}
}
What I ended up doing was using the expando functionality built into liferay. Doing this I allow for entering a list of roles that should map to that organization. This allows me to look at the roles of my users when they login and determine what organizations they should be a member of. I then programatically add/remove the users from the organizations based upon the roles defined in the expando attribute and the roles assigned to the user.