I am working on one feature in Liferay 6 and I want it, to be accessible only for Site Owner. I have big problem how to get if user is Site Owner. I can get if user is Administrator using this
if (RoleServiceUtil.hasUserRole(user.getUserId(), companyId,
"Administrator", true)) {
//do something
}
When I use Site Owner instead of Administrator, then I get this message Site Owner is not a regular role
Thanks for help
-Roman
The simplest way is to use permissionChecker.
First you'll need to include the a TagLib like so:
<%# taglib uri="http://liferay.com/tld/theme" prefix="liferay-theme" %>
Then you can place some basic variables on the page (one of which is permissionChecker) like so:
<liferay-theme:defineObjects />
Then you can simply call,
permissionChecker.isGroupOwner() or permissionChecker.isGroupAdmin()
Related
I have a portlet that is deployed on a page and I need to produce a link that will load a different portlet (which is in a different module) in full-screen mode. I can load the built in Login portlet this way without a problem, but when I try to load any of my custom portlets I get two red error boxes with the message "You do not have the roles required to access this portlet." And I have the permissions - I can access the portlet fine when added to a page - and I'm even testing with an omni-admin account.
The portlet ID that has the .jsp file is 'subscriptionmanagement_WAR_subscriptionmanagementportlet' and the portlet ID I'm trying to load is 'GRPSignupForm_WAR_NY511RMportlet'. The tag is:
<liferay-portlet:renderURL portletName="GRPSignupForm_WAR_NY511RMportlet" var="grpPortlet" windowState="<%= WindowState.MAXIMIZED.toString() %>">
</liferay-portlet:renderURL>
Which produces the URL: http://localhost:8080/group/test/unsubscribe?p_p_id=tripitinerary_WAR_NY511RMportlet&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view
However, as I've mentioned, I have been able to load other portlets in this way. The login portlet for example using the same tag works fine:
<liferay-portlet:renderURL portletName="<%= PortletKeys.LOGIN %>" var="loginURL" windowState="<%= WindowState.MAXIMIZED.toString() %>">
<portlet:param name="mvcRenderCommandName" value="/login/login" />
</liferay-portlet:renderURL>
The obvious difference is that it is passing a specific render command parameter, but otherwise it is the same. It produces the URL:
http://localhost:8080/group/test-1/unsubscribe?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_com_liferay_login_web_portlet_LoginPortlet_mvcRenderCommandName=%2Flogin%2Flogin
For completeness, here is the code for the portlet I'm trying to load. But as I mentioned above, I have tried to load various portlets in this project and all of them produce the permissions error.
#Component(
immediate = true,
property = {
"com.liferay.portlet.display-category=root//NYSDOT//GRP",
"com.liferay.portlet.instanceable=false",
"com.liferay.portlet.header-portlet-css=/css/main.css",
"com.liferay.portlet.footer-portlet-javascript=/js/main.js",
"com.liferay.portlet.css-class-wrapper=grh-signup-form-portlet",
"javax.portlet.display-name=GRP Signup Form",
"javax.portlet.init-param.template-path=/html/",
"javax.portlet.init-param.add-process-action-success-action=false",
"javax.portlet.init-param.config-template=/html/configuration.jsp",
"javax.portlet.init-param.view-template=/html/view.jsp",
"javax.portlet.init-param.edit-template=/html/edit.jsp",
"javax.portlet.name=" + GRPSignupPortletKeys.GRPSIGNUP,
"javax.portlet.resource-bundle=content.Language",
"javax.portlet.security-role-ref=administrator,guest,power-user,user"
},
service = Portlet.class
)
public class GRPSignupPortlet extends GenericPortlet {
...
...
}
So it's obviously possible, as the Login portlet works. I'm sure there is just some small bit of config I'm missing. I've tried to see what is different in the Liferay Login portlet that allows it to work, but haven't found the secret.
Liferay CE 7.3
You need to add the property 'add-default-resource'. In the component add:
"com.liferay.portlet.add-default-resource=true"
From portal.properties: "add-default-resource" set to true will allow those portlets to be dynamically added to any page by any user. This is useful (and necessary) for some portlets that need to be dynamically added to a page, but it can also pose a security risk because it also allows any user to do it.
It's prudent to also add
"com.liferay.portlet.add-default-resource-check-enabled=true",
From portal.properties: Set this property to true to add a security check around this behavior. If set to true, then portlets can only be dynamically added to a page if it contains a proper security token. This security token is automatically passed when using a portlet URL from one portlet to another portlet.
I am using MVC 5 to build an application. In my web.config I have defined a custom section which I will use to display menu to user. It is something like:
<Menus>
<Menu>
<MainMenu Title="Home"></MainMenu>
<SubMenus>
<SubMenu Title="Page1" PageName="home/index" ADGroup="BusinessUsers">
<SubMenu Title="Page2" PageName="home/index2" ADGroup="ITUsers">
</SubMenus>
</Menu>
<Menu>
<MainMenu Title="About Us"></MainMenu>
<SubMenus>
<SubMenu Title="Another Page1" PageName="about/mypage1" ADGroup="BusinessUsers">
<SubMenu Title="Some Other Page" PageName="about/mypage2" ADGroup="OtherUsers">
</SubMenus>
</Menu>
</Menus>
I am using Windows authentication and everyone will have access via AD groups. By default I have denied access to all users using authorization rule in web.config like below:
<authorization><deny users="*"/></authorization>
Is it possible to define authorization rules based on MENU above in Application_Start at runtime? Something like:
Global.Filters.AuthorizeUser("BusinessUsers", "home/index, about/mypage1");
Global.Filters.AuthorizeUser("ITUsers", "home/index2");
What you're doing here isn't a standard way of defining a menu, so there is no standard way of enforcing authorization on it. You will need to implement it yourself.
Somewhere in your code during a request, you will have to loop through each SubMenu and use HttpContext.Current.User.IsInRole("DOMAIN\\GroupName") to test whether the user is in the appropriate group. I can't give you any further direction than that without seeing more of your code.
I'm sure you have your reasons for putting this in web.config, but what I have done in my own projects is define the menu in a partial view and check the roles right in the view:
#if (HttpContext.Current.User.IsInRole("DOMAIN\\GroupName") {
Some menu item
}
If you're worried about being able to update the menu items without recompiling the whole project, then that's still fine since the cshtml files aren't compiled anyway - you can update it on the fly.
We are intergrating an external JavaScript application into Acumatica and we have a need to be able to access the logged in users authorization / user access roles. Our thought is that if we can write the logged in users access roles to the page source as global scope variables our JavaScript app can handle the rest, but we are a bit challenged in figuring out how to do that. We know we can write the roles to the trace screen, but that doesn't help as we need it literally in the page source for this to work (ideally the page source and not the DOM - but we can look into if the DOM could work too).
Any help would be much appreciated.
The page source in ASP.Net is a ASPX.CS file that resides on the server, I doubt your JavaScript can hook into that. The communication from the server to the UI layer is a template engine.
You define the fields in the ASPX file and these template fields are populated with the DataViews current record. The minified JavaScript that is in the page runs that templating engine.
You can't simply generate dynamic HTML or access the JavaScript side of things from the server. So having fields values in the DOM is probably your best bet. You can make the controls invisible if required.
Example to read UI control values using JavaScript:
<%# MasterType VirtualPath="~/MasterPages/FormDetail.master" %>
<asp:content id="cont1" contentplaceholderid="phDS" runat="Server">
<script language="javascript" type="text/javascript">
window.addEventListener('load', function () {
// Fetch a value from UI control
var control = px_alls["edControlID"];
var value = control.getValue();
});
</script>
[...]
</asp:content>
When putting the liferay tag cloud portlet on a page, clicking the links in the tag cloud will just render the result in the same page if and only if I have an asset publisher portlet on the same page.
What I would want is that when I click a link in the tag cloud, it should take me to a different page showing the results, eg. a search result page.
Is there a way of doing this using the standard components? Or will I have to write my own tag cloud portlet to support this feature?
You dont have to create a new portlet. Please follow these steps
1) By using hooks, modify the links that are generated in the tag cloud portlet for the tags. Instead of current layout, redirect to the designated page (for eg. If you are on /web/guest/tag page, then all tags link will start from the /web/guest/tag?..... Make this to /web/guest/search?....)
2) on the search page, put the asset publisher
So now, when you click any tag link, it will go the search page, since this page has asset publisher, it reads all the parameters from the request url and from the session, and it will show results on the search page.
The code for this hook :
File liferay-hook.xml:
<hook>
<custom-jsp-dir>/META-INF/custom_jsps</custom-jsp-dir>
</hook>
File /docroot/META-INF/custom_jsps/html/taglib/ui/asset_tags_navigation/page.jsp:
<%# include file="/html/taglib/ui/asset_tags_navigation/init.jsp" %>
<%# taglib uri="<http://liferay.com/tld/util>"
prefix="liferay-util" %>
<%# page import="com.liferay.portal.kernel.util.StringUtil" %>
<%# page import="com.liferay.portal.service.LayoutLocalServiceUtil"%>
<liferay-util:buffer var="html">
<liferay-util:include page="/html/taglib/ui/asset_tags_navigation/page.portal.jsp"/>
</liferay-util:buffer>
<% Layout searchLayout =
LayoutLocalServiceUtil.getFriendlyURLLayout(scopeGroupId, false,
"/search");
html = StringUtil.replace(html,layout.getRegularURL(request),searchLayout.getRegularURL(request));
%>
<%= html %>
I am looking to create a page with a single form on it that does the following:
Contact a webservice with input from the form.
Perform an action (programmed using C#) depending on the result of the webservice call.
Since I am not interacting with any lists or similar on the SharePoint site, I was thinking a WebPart would be the simplest way to add the form and catch the submit-event, but I am not sure if this is the best practice or an easier/better way exists.
I also need to restrict access to the form to a specific usergroup.
Thanks in advance!
A new SharePoint Web Part is probably the most common way to provide this solution in SharePoint and fits your requirements well. Though your solution doesn't call for it, you do have access to the lists from custom web part code.
If you are using SharePoint 2007, Visual Studio Extensions provide the Microsoft supported way to create one easily. It's much easier with Visual Studio 2010 and SharePoint 2010.
Some other options would be an InfoPath Form with custom code or a custom application page with code behind. The benefit of the web part is that it works with all versions of SharePoint and can be added to any web part page on the site and customized by users. Also, the application page may not pick up the master page if you are on SharePoint 2007.
Use WebDAV to upload an ASPX page to a site in SharePoint. Then upload your assembly to each SharePoint server, the bin folder of your application is preferred, or add it to the GAC.
Your ASPX page might look like this:
<%# Page Language="C#" masterpagefile="~masterurl/custom.master" inherits="MyAssembly, MyClass, Version=1.0.0.0, Culture=neutral, PublicKeyToken=c48b11b32c9eb4a7" %>
<asp:Content runat="server" ContentPlaceholderID="PlaceHolderPageTitle">My Title</asp:Content>
<asp:Content runat="server" ContentPlaceholderID="PlaceHolderPageTitleInTitleArea">My Page</asp:Content>
<asp:Content runat="server" ContentPlaceholderID="PlaceHolderMain">
<asp:Button runat="server" ID="ButtonClickMe" Text="Click Me!" />
</asp:Content>
Then your assembly might look something like this:
public class MyClass : Microsoft.SharePoint.WebPartPages.WebPartPage
{
protected global::System.Web.UI.WebControls.Button ButtonClickMe;
protected override void OnLoad(EventArgs e)
{
base.OnLoad( e );
ButtonClickMe.Click += new EventHandler( ButtonClickMe_Click );
}
void ButtonClickMe_Click(object sender, EventArgs e)
{
if (!Page.IsValid)
return;
// Do stuff here
}
}
You won't be able to edit the permissions of the ASPX page directly, but you can manipulate the permissions of the site it is in (thus, restrict the site to only the usergroup which you want to access the form).