The Liferay Security and Permissions docs define a Resource as:
A generic term for any object represented in the portal. Examples of
resources include portlets (e.g. Message Boards, Calendar, etc.), Java
classes (e.g. Message Board Topics, Calendar Events, etc.), and files
(e.g. documents, images, etc.)
As described in another SO post, I'm considering trying to use Liferay's permission system in another application (not a portlet).
In my use case, Liferay resources would be defined for domain objects in my application. When a new domain object is created in my application, I would add a corresponding new resource in Liferay (presumably by using the JSON-WS API).
The docs also state:
The name parameter is the fully qualified Java class name for the
resource object being added. The primKey parameter is the primary key
of the resource object.
Am I undertanding correctly that the 'name parameter' just has to match a<model-name> I've previously defined in a <model-resource>?
And the 'primKey parameter' doesn't have to match any particular object in the Portal database? It could be a primary key of an object in my external database?
So, can a Liferay permissions resource represent an object outside of portal? Am I on the right track?
How you describe it, it should work. Basically the liferay-resource-action definition does it all for you.
But 'name parameter' is not string. Its PK from CLASSNAME_ table, which contains all class names defined in liferay. Here you have to add a line which holds the full qualified java class name.
The 'primarKey' parameter is usually a primary key of some entity form liferay. So maybe you can keep the concept and set you entity pk in the field.
Related
Currently I only find documentation that allows me to change my email / username / phone number, but nothing talks about adding a user attribute as an authentication entity for the login.
Write the new identifier to signInNames.whatever, exactly like the “change identifier” samples work. They just overwrite an existing value, if one didn’t exist, it just gets created automatically.
You can’t add an identifier to /any/ attribute, it has to go into signInNames attribute, as that is uniquely constrained.
I have a single forest and single domain AD scenario and I configured AD Connect with sAMAccountName as sourceanchor.
As far as I understood you cannot change sourceanchor attribute without destroying all the objects.
Did I miss anything here? I really wants to be able to change usernames and email addresses in the future, any suggestion?
Destroy and recreate all objects could be an option is there any tool/script to automate things in these cases?
Thanks,
Alessandro
The sourceAnchor attribute is defined as an attribute immutable during the lifetime of an object. You could use objectGUID as the SourceAnchor. The objectGUID attribute is the unique identifier of a user. You also can read DOC to select a good sourceAnchor attribute.
If you have a single forest on-premises, then the attribute you should
use is objectGUID. This is also the attribute used when you use
express settings in Azure AD Connect and also the attribute used by
DirSync.
For more details for syncing attribute process, you can read this.
I would like to find out all of the user which are associated in some roles. I have seen the UserLocalService that provides the method to find the users in a particular role. But I want a method to which I can pass an array of roleIds and it shall return me the list of users in those roles.
One way is to write custom SQL, but I would like to get it done by using the API only.
Is that possible with Liferay API??
Call the API multiple times? Create a new service that does this for you so that you only have a single call to (your) API?
I know, this is probably not the answer that you expected. Note that roles in Liferay can be scoped globally (to the whole portal, called 'regular') or to an individual site or organization. Thus just giving a roleId would limit you to the global roles (as the others would require the site's or organization's groupId).
Stepping back and looking at what you want to achieve, my first guess is that you have some semantics in being associated with a specific role - kind of like... a usergroup? A role is designed to give permissions to users, while a usergroup is designed to group users. UserLocalService also has getUserGroupUsers - this also only takes a single usergroup id, but at least it's a single (global) scope by definition and not ambiguous like roles.
I'm developing a liferay portlet. I use Service Builder. The question is that do I have to use companyID and groupID in my entity fields? What should I do if I don't want to have these fields? If I don't use them how can I use resourceLocalService.addResources() method?
They are not required but they are convenient to have.
Liferay has many additional services available to you to use like permissions, users, document library. These services are almost always scoped to a portal instance, for example, Users are scoped to an instance which is tracked by companyId. Some are scoped to a group like document library.
So depending on what Liferay services you are planning to use and at what scope those services operate, it is convenient to have those values stored as well for easy lookup when you're calling those services you are using.
Notice that the DBA team didn’t specify these two foreign key fields in the tables, but you add them anyway. You do this because the DBAs didn’t know the internal workings of Liferay when they designed the table.
These fields are internal to Liferay and are used for context purposes in non-instanceable portlets.
CompanyId corresponds to the portal instance to which the user has navigated, and groupId corresponds to the community or organization to which the user has navigated.
Because you’ll use these field values as parameters in all your queries, the portlet will have different data in different portals, communities, and organizations.
I have a custom employee object in the web service as a type. It is defined as a class and returned. I need to consume it in a windows form. The class includes a first name, last name and full name property. I can consume it into a Object type, but can't do anything with it from there. I can't even get the properties out. I have also tried recreating the Employee class in the app and consuming it as a Employee type and it creates an error when building. How do you consume a custom object from a web service?
I found the answer, when you include a web reference or service reference in .net, the custom object is part of the reference. So if you have WebRefernce1, to get to the custom object it is WebRefernce1.customObject. Then to consume a service do a Webreference1.NamespaceOfWebservices.WebMethod. Then consume it into the custom object or custom object array.