This is basically two question? First i was wonder how to change the page liferay redirects when a user tries to access a page that has Power User view permissions. Liferay by default points to localhost:web/guest/home where they have their login page. On my application i have a different login in page and i want to redirect to the following page. I was browsing the web and found out that by setting auth.login.site.url=/whereiwontittopoint should actualy redirect me there. However it does not. I'm using Liferay 6.0.6 Community Editions. Has anyone done this? Is this the right way or this need to be done with a hook?
My other question is the following. I want to have a custom role on some pages. And i want when a user does not have that specfic role to be redirect to a totaly different page not the default login. I'm fairly sure this can be done by using the hook on some service but for some reason i can not identify this service.
EDIT
Ok for the first question i solved the issues. For the second question the answers i got here were not what i was looking for probably because i didn't post the question correctly. This is a full scenario of what i have done and what i need to do:
First of all i changed the /web/guest path that's on every liferay page to web/somthing/ this might not play a crucial role but the problems(some of the problems) started when that happend. THe over all idea is the following. I'm using spring mvc to create the application. I have created a backend to my application from where the admin can create pages for other users to see(This is not done by going to the control panel of liferay and adding a page but through the logic of the application). Once a page is created depending on some logic i create a role for that certain page(customer role also through code not the liferay admin). Some of the users are given this role if the satisfy some criteria and some are not. Here my problem arises, once a user that is loged in to my application tries to access a page (by inputting a direct URL in the browser to the page) that requres the view permision of the role i create for that page and the user does not have the appropriate role he gets redirect to lets say localhost/web/(username)/home a personal page and for some reason on that page by default from liferay he is able to view personal data(user name) of all other users of the application. My question is how through code to handle the redirection that happens of the above scenario.
I have tried on one attempt to actualy hook the servlet.service.events.pre action and before the user access that page to check if he has the appropriate permisions and actualy change his request. So far i have some issues but i can resolve them but this approach is not what i not rly what i am looking for because this action is executed before every single request on the application( and the page handling is just small part of that application) which means i will have a lot of code executing for no reason. I was wondering if there are any ways to add where the exception will redirect when i create the role? If not what action should i hook that will help me solve this scenario but with out the unneeded extrea trafic that i am creating with hooking servlet.service.events.pre action?
For the second stuff a bit hacky way could be as follows
1) Define set of roles against which you want to check in portal-ext.properties. You can add some property like my.super.secret.roles=rolename1,rolename2
2) Add a property for a redirect page url in portal-ext.properties so that you can redirect user there.
3)Add a custom attribute for Layout named checkForSecretRoles which has to be boolean and visible on Page. This will show you a checkbox in Manage page for each page, so that an admin can easily check or uncheck the value
4)Add a condition in your theme (portal_normal.vm) to check if the page has a check for secret role and then check the users role falls in any of the roles defined in portal-ext.properties. If yes then issue a redirect to the page specified by your custom redirect page url property
For your first question, it should work -
auth.forward.last.paths=/sign-in
sign-in would be your page name
The answer for your second question is, you have to create a Hook extending Action and made the below entry in your portal-ext.properties.
login.events.post=com.liferay.portal.events.LoginPostAction,com.liferay.portal.events.CustomLandingPageAction
There is a lot of information you can found on forum about how to use this property.
for 1. set default.landing.page.path=/whereiwontittopoint in portal.properties, see Liferay Login page redirect
for 2. create a hook, set servlet.service.events.post=com.my.action.MyAction and impliment this action, at this point you can redirect user to another page.
Related
I've been wrestling with uniquely restricting one page in my Kentico installation to be viewed by only two Roles, everyone else should be redirected to a page telling them they need to jump over the paywall. I've not determined the best way yet to do this. Along the way I've found that when I try to access that page from the menu at the top of the page it respects my permission by denying access. However when I use that same link from an editable web part lower in the page it seems to ignore permissions. While it looks like two questions here what I really want to know is how to deny access unless a user is in a particular role and then if denied how do I redirect them to a page to explain why they were denied. Thanks.
Try this:
From your top level page (master page), add the role "Everyone" and grant them read access. This will replicate through the rest of the pages and everyone can see everything. Yes, sounds fishy but read on...
Next navigate to the specific page you want to restrict access to. On the Security tab, click the "Change permission inheritance" link. Then click the "Break inheritance and copy parent permissions". Next select the Everyone role and check the Deny full control box.
Now add your specific role(s) and set their permissions to Read.
This should get your permissions working as you want for that page.
As for a message and redirecting if in a particular role, you could place a webpart on a page and say if they are not part of a role, just redirect them to a page using your choice of redirects. The webpart itself will handle if they are in the particular role. Keep in mind the user will have to be logged in already and/or have access to that page so no restrictions can be on that page.
Thanks for all your suggestions. Here's what I found. First, the reason the two pages were acting differently was a brain cramp on my part. I had embedded two different links. My bad!
Secondly, on security, it appears that Deny takes precedence over Allow. If the role is denied no amount of "allow" will override the denial. The way I fixed the problem was to create a zone for those who I wanted to allow access to the text and a zone or web part for those I wanted to deny. In the Zone visibility section (click the arrow next to "Visible" to enter text) I put a boolean statement:
{% CurrentUser.IsInRole("Member") || CurrentUser.IsInRole("SecondRoleToTest") #%}
This way anyone who was in either of those two groups would cause a true value to this statement and visible would equal true (notice the"!"). For the zone or web part I wanted to present to those who was not a member of either of those to groups I put the opposite of that condition
{% !(CurrentUser.IsInRole("Member") || CurrentUser.IsInRole("SecondRoleToTest")) #%}
and it would display the materials for those who were not in either of those groups. In this case the text read the equivalent of "you need to be either this or that with a link to information on how they could become this or that". Have to admit I learned quite a bit on this one. Thanks for all your help, you helped lead me to the answer.
If I am understanding you correctly, you are saying that you have locked down a page to only 2 roles? If a person clicks on a navigational link that is not in those roles, they are denied access...correct? But if a person clicks on a link from a webpart on a page, they are not denied access...correct?
Where this is unusual I am also wondering how the link is setup in the webpart? Is it just a anchor link or are you using a Kentico permalink? These should not behave any differently, but just a thought. Sounds like more than likely there is some permission that is still allowing access to the page, but without seeing your actual permissions setup it is really hard to tell you what could be causing that.
As far as redirect, by default it should redirect to a login page if you have one of those setup (you would of set that up in the Settings Tab), otherwise the access denied would just happen. You could quite easily write some custom code to redirect users who are not into a role to another page. For re-usability, you could write it into a custom webpart and have a property for the roles the users need to be in and a property for the redirect page location and then handle it from there. Doing it that way would allow you to use the same pattern on any pages you desired...but you would then need to bypass the built in security lock down stuff.
Lastly (and I don't know the classes to use) you could probably override what happens when 'access denied' occurs in accessing a page in the site..then you could do your own custom redirect. I am sure someone else can chime in with the exact class.
I'm trying to implement permission levels in SharePoint hosted app. I've created a custom list "Permissions" where I'm adding different users with their roles.
I have created a page List.aspx where I'm showing my custom list "Products" as a list view web part. Page List.aspx checks the user's role against "Permissions" list, and page can show or hide content in regards to this role. The problem is, when user tries to navigate to "Lists/Products/Allitems.aspx" or "Lists/Permissions/Allitems.aspx" he can see the list items.
All code check is done in JavaScript and I know there is a security risk, but this will work for my users. I just need to find a way to inject custom JavaScript code to Allitems.aspx, and to check if user has permissions to see it or not.
Everything here is done on App web and there's nothing that I use on host web.
I've found a workaround for this. Basically what I did is that I just hide the list view from direct access. To achieve this, open the Schema.xml of the list and replace "JSLink":
from
<JSLink>clienttemplates.js</JSLink>
to
<JSLink>~site/Scripts/OverrideListView.js</JSLink>
Now, create a new file Scripts/OverrideListView.js and add following code to it:
document.write("<style>body {display:none; };</style>");
Try now to access Lists/Permissions/Allitems.aspx directly. You will get a blank page.
This is basically idea how to insert custom JS code into list view. You could add additional code for checking current user's permissions on site level and in regards to it to unhide this view, or even to redirect him to the homepage if he does not have right role or permissions.
I am using Liferay 6 for development .
I have developed a Custom Login Portlet using Struts2 .
I am able to display my Custom Login page , On click of the Submit Button after validating the credentials aganist our MYSQL Databse , please tell me how can i display my 4 other Custom Portlets on entering valid credentials ??
please guide me what is the concept i should refer for this in liferay
( I am using Liferay 6 for development )
Okay, the way I would suggest you do this is by:
adding the 4 other portlets to your Custom Login page (or add a redirect on successful login, and them to the page you redirect to)
Set the permissions of your Custom Portlets to be viewable by only authenticated users. This can be done by removing Guest "View" permissions. This way a non-authenticated user or "Guest" won't see your portlets when the go to the page.
Does this answer your question?
~~ EDIT IN RESPONSE TO COMMENT ~~
Okay, so if you're using Struts, instead of redirecting to a JSP file, you want to redirect to a URL instead. So instead of /view/result.jsp it should be something like http://yoursite.com/page_with_4_portlets_on_it or just a relative URL /page_with_4_portlets_on_it (if the two pages are on the same Navigation level.
HOWEVER:
If you're new to Liferay then I would strongly suggest you use Liferay's inbuilt Portlet architecture using their MVCPortlet class. This will handle all the mappings, and workings that you have to manually write for using Struts. Then you can implement a doPost() method and do a ActionResponse.sendRedirect("/page_with_4_portlets_on_it");
Then this means that when your form action completes Liferay will redirect the user to the page you've specified.
The best place to get started with Liferay 6 portlets, the Liferay way is here.
I am using MOSS with ADS. I want to display Terms of Use page before the user can login into SharePoint with two button i.e. "Accept","Decline". If user select "Accept" he will be directed to sharepoint site, if not to our companies intranet front page. This will be applicable for the current session. ie. If the user has signed off, then it should prompt the terms of use again when user hits the MOSS site but once accepted user should not get this page again until he/she signs off.
Please advise.
Thank you
You can follow one of the Approach below based on your requirement & Flexibility.
If you have AD Configured with the FBA, Make a copy of Login.aspx and save it as MyLogin.aspx & Edit the Login Control and insert your Terms & Conditions there,keep in a check box AND enable the login button only if I agree is checked.
Next is to have a control that is deployed to the Master Page, this control will not have a UI but it will check in the session to see if the user has agreed the Terms and condition if yes it will redirect to the welcome page or the page user has requested else will navigate him to the Terms page until accepts.On Accept flag that information in session.
If you are using SharePoint 2010 you could use the Dialog framework to show a popup & get this done.
You could create a custom page in /_layouts which has your terms and conditions, along with the buttons for accept/decline.
Hitting the accept button will create a cookie for keeping track of whether or not the user has accepted the conditions for the current session.
Then, you could create a HttpModule which intercepts all requests to the SharePoint site. If the cookie is present, do nothing (ie let the user access the requested page), otherwise redirect the browser to the custom accept/decline page.
You should be able to do this fairly easily. If you dont care about them accepting or denying it, then just use this redirect module http://httpcode.s3.amazonaws.com/httpcode.Redirect.wsp to redirect them once to the page. You can tell this module to do it once. If you need to verify that they accept/decline, you will need to add all the people to a new group, and then on accepting, remove them from that group. That way they will always be directed to the new page.
Hope this helps
What I am tring to do is, when people comes to that page:
http://server:26521/MY_Portal/service/default.aspx
I want them to be redirected to that page
http://server:26521/default.aspx
Depending on their User name Or User Group.
Thanks for helps.
I can think of two ways to do this:
If you're using ISA Server or a similiar product in front of Sharepoint, you can configure it to do this. So those users who you want redirected will never access the first page.
Alternatively, you could write a webpart, which analyzes who the user is, and does some sort of redirection, either in .net or in javascript to the page you want.