Liferay 6.1 CE GA2
How can I remove "Select" / "Add Web Content" buttons so that user cannot change content of web content display?
I have removed all permissions except View for User for site page and web content display but I still can change web content when I login with user account. Web-content should be selected by admin only and not user.
Please advise.
It's hard to say what goes wrong with the information you give. One possibility is that the user account you sign in with is a "Site Administrator" or "Site Owner" - in this case, they'd have permission to administer content in that site by default. If you make that user account just an ordinary "User", the permissions should disappear.
If you have custom roles, note that the "Define Permissions" section for roles has multiple occurrences of "Web Content": See the intermediary headers for "Content", "Applications" and "Control Panel". You'll find the relevant parts in the "Content" section.
Page permissions have nothing to do with permissions to content like WebContent.
Related
I have a requirement that each user has a different set of portlets that he can see and manage based on his role.
I was initially thinking to model User Pages since I want each user to drag and drop the portlet around and set preferences. But then I realized I cannot have a single user home page and disable portlets based on role since all the portlets on a user page have view permission for "Owner"
Is something like this possible with Community home page. Can I configure a community home page with portlet which has role based permission. Every user will also have an option to drag around or add those portlets on the page and set permissions. I doubt I can give common access to all the user add portlet permission on the community page, since the page will be loaded with portlets.
In that case can I use the first approach and have flexibility to show set of portlets on user home page (private page) based on certain role and not have "Owner Role" interfere.
I have created a custom Regular Role and I have inserted it inside portlet.xml of so-portlet(security-role-ref element) and I have also mapped it with the respective role in liferay-portlet.xml.
However, when a user owns only this custom Regular Role, an error message is displayed "You do not have the roles required to access this portlet".
It is also strange that this happens only in user's personal site, on any other site user is able to view the specific portlet.
Does anyone has any idea about this?
Since you have a Custom Regular Role for your App, you should edit the default Role Permissions
log as an admin
Go to Control Panel, Roles,
Find your Role, and from the Actions menu on the right side, pick Define Permissions
From the left menu, find your application
Edit your permissions. Make sure to have the 'View' action granted for your Role. You can additionally, allow it for all sites (default), or you can just select the 'User Personal Site'
Now, if you want to make an exception for a specific portlet instance (that's what I meant in my question, in the comments) you can:
Log as Admin
Navigate to the specific Page where your portlet instance is added.
Enable Edit Controls, and edit your portlet (mini menu on the upper right side, with the wrench icon)
Pick permissions and have your Role allowed to view the portlet
The Personal Site is a Private Site if I remember well, so i think your user is not a site member, necessary condition to view the private pages.
I'm using liferay 6.1 and I have some problems.
I defined a role named "student" and I want to add a basic document in Document and Media Library portlet as "student".I can do this as "admin" role but when I sign in as "student" I cant see the button "add". how can I give permission to this role?
Go to Control Panel > Roles, then click on Action buttons and then Define permissions. Then select Document and Media under Site Content and check "Add Document" permission and save.
Thus, Student role will have permission to add documents.
I want to disable (remove access) for Control Panel > My Account portlet for Power-user role or for my custom user.
It should display for Administrator role. Is there any portal properties or some other configuration?
Or do we need to achieve something through coding?
For this I would suggest you do the following:
1) Go into the Control Panel
2) Go to "Roles" under the "Portal" section
3) Go to "Actions" -> "Define Permissions" for the Power User role (or any other role you want to change)
4) Click "Delete" next to all permissions you want to remove from that role.
Changing them in portal-ext.properties will change them for all users, so this is your best approach.
I am not sure if the procedure in the other answer works. I doubt it for the version 6.0.6.
Another approach is to remove the My Accounts portlet from Liferay. To do so, open the file liferay-portlet.xml in <Liferay>/webapps/ROOT/WEB-INF/ and remove the portlet entry with the portlet-name 2.
Note: If you do so: no user will be able to view this portlet. But administrators are able to view the Users portlet and they can change their account at that location.
I need to customize as to which portlet appear in the "Add more portlet menu" as shown in the image below:
I need to restrict the number of portlets displayed in this menu based on the logged-in user or site (community). So that Site-owner or Site-admin will be able to add only those portlets to their pages which the omni-admin decides for them.
Does Liferay provide any such functionality (through configuration or something) or do I have to create a new portlet and a hook to achieve this?
Environment: Liferay 6.1 CE GA2
Any idea would be very much appreciated.
Thank You
The following is an answer given to the same question in the Liferay forum:
You can limit what portlets can be added to the page from the Administration side and don't have to do any development.
You will need to create a role however and add everyone on it. Here are the steps for achieving this:
Have the user be part of the organization or site that you want them to add portlets to.
Go to Control Panel -> Rolesand make a Regular Role (not an Organization or Site role)
In Define Permissions drop-down menu go to Portal -> Site -> Page -> and check Update as a defined permission.
Go to Define-permissions drop-down menu again and go to Site Application -> (choose Portlet Name that you want your user add to the page) -> Add to page.
Repeat Step-4, if necessary if there are other portlets you want the users to add.
Add this role to your user: Go to Control Panel -> User and Organizations. Click on your User and go to Roles.
Finally you need to go to Server Administration and execute the Clean Up Permissions to clear permissions for the Guest and Power Users roles.
This should now make it so that whatever user is attached to this role they will see an "Add" button on the left hand corner and will only be able to add portlets you specify in the role permissions.
You need to grant the ADD_TO_PAGE permission for the portlets that you want to allow. By default, Community Administrators have quite broad permissions for all portlets. Check the "Community Administrator" Role in "Define Permissions" (Control Panel/Roles/Community Administrator/Action/Define Permissions).
I suggest to see what a community administrator is allowed to do and create a custom role, define its permissions and make your "limited" admins member of this role instead of the default Community Administrator.
there is beter way .
all portlets permissions is checked in its permission table.
go to portlet manager and first un check all for "user"
so its not shown "Add more portlet menu"