How can i define custom permisssion to custom portlet for specific user in liferay
I used enviroment liferay 6.1.2 ga3 with jboss
In my custom portlet deploy/undeploy button but how can i give specific permission to that only admin person can access that function any other can not use that
check this link
http://i.imgur.com/Qwfbg2H.png
Can you please elaborate.
I also check this link for reference
and in jsp page for rendering all the datagrid data render through jeasyui and rest API
Removing Custom Permissions/Actions from a Portlet
http://liferayzone.wordpress.com/2013/09/01/liferay-permission-on-custom-portlet/
Liferay allows assigning permissions to roles only, you just cannot do it for single users. You have either define a new role or implement this functionality on your own (not using Liferay's permission system).
Just in case if you would come up with this idea, avoid using creating roles for every user - it is a performance killer. People sometimes try do do this in order to get around the limitations of Liferay's permission system - it is a very bad idea!
This tutorial can help you:
You need to create a resource-action-mapping XML file, and add a new action-key (plain string)
Put it into /src/main/resources/resource-action (name it as default.xml)
Create a portlet.properties file under /src/main/resources
Add the following line: resource.actions.configs=resource-actions/default.xml
Deploy your portlet, and check your new permission under Roles -> Select role -> Define permissions tab
You can check the user permissions with the permissionChecker on your JSP
You need this import: <%# taglib prefix="theme" uri="http://liferay.com/tld/theme" %>
Define objects: <theme:defineObjects />
Now you can use the permissionchecker object:
permissionChecker.hasPermission(scopeGroupId, portletName, scopeGroupId, permissionName)
Related
Sorry for an obvious question but I'm net to .Net Core.
I'm working on a new project that was created using Visual Studio on Mac with "Individual Authentication".
I want to assign Role to user right at the registration process (depending on their choice - dropdown option). I read many tutorials and watched many videos, but I cannot understand what's the right way to do it.
In many videos I was guided to create a project without Authentication and implement it manually including sign up and sign in.
I'm confused because I'm getting this functionality right away by creating a new project with Authentication.
But in my project I don't have access to files like "RegistrationController" or "Sign Up" View.
My questions:
Should I use "Individual Authentication"?
How to assign Role to user at the registration?
How to edit Sign up page (which is currently hidden in my VisualStudio, despite that I can register new users) to add dropdown.
Thank you so much for your help!
Should I use "Individual Authentication"?
Yes, Individual User Accounts
How to assign Role to user at the registration?
example:
_userManager.AddToRoleAsync(user, "Admin")
NB: the role has to have already been added to the database using the role manager.
How to edit Sign up page (which is currently hidden in my VisualStudio, despite that I can register new users) to add dropdown.
To update your view you need to right-click on your project and Select Add> New Scaffolded Item > Identity. Your view will be in Area section and you can make the needed changes.
I also recommend looking over the documentation if you haven't already
done so:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/add-user-data?view=aspnetcore-5.0&tabs=visual-studio
Hope this hepls.
I'm using Sitefinity v11.2. I have created a new role "App Editor". This is a very restrictive role:
Access to a specific content type (i.e. ContentType1) for view, update, add, delete
SiteSync only ContentType1
Problem:
When logged in using that role, the SiteSync proposes everything to sync (from pages to all content types). I want to restrict that role to SiteSync ContentType1 only.
Does SF v11.2 enable that restriction?
If yes, how can I achieve it?
I'm getting the below error when trying to create a new user in Splunk:
Encountered the following error while trying to save: In handler 'users': Could not get info for role that does not exist: alert_manager
Do I need to disable any apps or delete the files related to any apps from the Splunk directory? Kindly suggest.
Without knowing any further information about your problem or environment, it sounds like the issue is with your alert_manager role, rather than a global issue. Try to create a user with the user role (or another role) and see if that works; if it does, there is a problem with how your alert_manager role is configured (or that role doesn't exist).
To see how to modify or add roles, check out Add and edit roles with Splunk Web in the Splunk docs.
In alfresco execution of webscript, we can define whether the webscript authentication. Advanced Description Options
But I want to know "Is it a single webscript can be executed as admin or member of some group only modifying authentication property?"
I want to write new programs for member of some group, not member of admin group, can create new users, upload users and delete existing users. All webscripts[user-csv-upload.post, person.delete, people.post] to do these tasks require admin authentication. If I changed to authentication of these webscripts to user and run these webscript as admin like <authentication runas="admin">user</authentication>. All normal users can create new users. So I want to check that these webscript can only invoked one condition is met.
If I cannot check, I have to do two ways.
I have to write the same logic to two different webscripts, one for admin and one for member of some group
write authentication checking inside controller file with sudo like tool for current user is admin or member of some group.
I want to get any of your suggestion. Any help is greatly appreciated.
Solution:
I found exact code for my needs in sudo-like-tool-for-alfresco-security-aspects
Like Will Abson said in another question post, the most elegant solution is using this: Sudo Tool for Alfresco WebScripts. With this tool you can grant your user (if this users is part of a certain custom group) temporarily admin privileges. If not, it acts as a normal user with his own privileges. It requires some Java coding, though.
Otherwise, the solution number 1 is what we achieved for an our client. We developed a custom webscript with a custom url known only to their manager users, that can run script with "runas=admin" option, and make what they want. In this case, what you can do is: expose a link to the "user management webscript", only if the manager user is logged in, otherwise the link doesn't appear, and you respect some sort of "security". It's not very elegant but does the trick.
I am new to alfresco. I am integrating Alfresco with the web application as an library for my application. I am logging to alfresco as a admin and I can see the Data Dictionary in my repository. I want to hide it. Is it possible?
In order to hide the Data Dictionary folder for normal users you have to properly configure permissions. By default, all folders in Alfresco use the default ACL, which makes everyone Consumer (i.e. read only). This is what makes them visible to every user.
Try one the following:
[From Alfresco Explorer]
log in as admin
go to Data Dictionary
click on More Actions -> Manage space users
remove the only one entry you have there
[From Alfresco Share]
log in as admin
go to Repository
if needed, click on "Show folders"
hover on Data Dictionary
click on More -> Manage Permissions
hover on the Actions column, click Delete
This way you hide the Data Dictionary folder to normal users. Admin users always get access to everything. With similar procedures you can configure more fine grained access levels on folders, e.g. to enable some users to access them.