Change Theme based on user roles Liferay - permissions

I want such a mechanism that will provide different themes depends on different user roles in Liferay.Is there a way that provide me a solution that i can change theme on User roles.
Secondly i want to know that is this is possible programatically or Liferay provides custom supports with this.
any help will be greatly appreciated.

Bad choice
The right way is not to change the theme but to inject something in the page to alter the style.
It's a bad idea to change the theme at runtime depending on the user session. Poor performance due to the invalidated cache every request.
Build a custom portlet and inject it into the theme for every page. Depending on user logic that portlet can inject some javascript to alter css class of html tag.
Is it clear?

Theme is associated with layout (i.e. page). This can be observed in Layout table of liferay. So, even it can be changed using API, but not something that is different at user level, but its associated at page level.
For your requirement, If you have some fixed number of themes, then having different Sites each having one particular theme been applied.
Using Post login hook, you can check for user role and redirect to appropriate site.
Having this approach you can have completely different layout and pages as well depending on user role if you wish you.

We can also use velocity variables such $is_male, $is_female, $time_zone, $language.. to identify user group and can load different CSS file or a parent class in body tag.
Answer might be not useful for Mark who has raised this but future reader might find this useful.
Thanks

Related

Need to make certain components only view access based on new role?

In the app I'm working on it's a fairly big codebase and components/pages are sometimes based on user roles. Admins will be able to see certain buttons or sections while regular users are not.
I need to modify a lot of the existing pages/components to accommodate a new role that's being added, which is view-only-admin.
This role will only be able to see everything including calendars, tasks, etc. but they are not allowed to make any sort of updates.
It would be a tremendous amount of work to go through the template of each component and file and look for v-if admin and also add a view-only-admin as well as make every single button or submit/click method behave differently for a view-only-admin role.
What would be the best way to handle this for the entire app? Re-writing and modifying v-if and submit methods seem like a bad use of time.
I've only been working with Vue/Nuxt for a few months, but I have read Mixins are pieces of code that you can reuse.
Would it be possible to write a mixin so that if the role is "view-only-admin" and there's an action that is a put/Post call, then they are not able to perform those API calls and presented with an error message?
I'm not sure how to go about properly implementing this feature. If I am able to stop all PUT/POST calls using a mixin, it would just redirect to a 404 right?
Thoughts?
If you are using axios for POST/PUT methods, then you should definitely check Interceptors.
But if you add only an interceptors without UI updates - your users may be confused why some buttons exist but doesn't work as expected.

Telerik Sitefinity Add Property User

In my Sitefinity back-end there is a user section that I would like to add some setting. Something like DisplayLink where it would be a boolean value that I can set on Login of the user. Is there a way I can do that? I am using sf 14 and can't find anyway to add some setting for the user.
I believe this is what you need ...map the view externally and modify.
However keep in mind these views pull in the XHR JSON and you just expose it to the grid... Open your console and view the XHR network traffic to see the JSON object per user. There's a "Comment" field you might be able to leverage, but man the best way would be to just use a ROLE... because they can be filtered, and already come across in that JSON.
Another thing to note, is this is an OLD UI screen and likely will get revamped in the next few releases of Sitefinity rendering everything you're doing pointless... (have to re-do it with likely the new AdminApp Extensions)

Page & Action wise Authorization Asp.Net Core Razor Pages

I have a requirement to configure the user's authorization per module per screen per action. For example, one user should be able to Create/Save WorkOrders in WorkOrder Module, but another user should only able to View/Delete WorkOrders. Similarly, a third user should only be able to View WorkOrders. This is an example of one screen. Now there are many screens in the application. Let's keep the actions same for all i.e. View, New, Update, Delete.
There is a reports module also, in which the user will create reports on the fly and add it into the application. So authorization is required here too. For example, a user can View/Print WorkOrder reports. But another user can only view reports. Let's keep the actions in reports only View & Print.
I am not sure Asp.Net Core built-in authorization is capable of this or not. What I have looked so far, it is not possible. Please correct me if I am wrong.
Now question is, how should I do this? I had a similar kind of requirement in a previously built application where I used database tables to store rights against each user and each screen. And upon log-in, I used to fetch that data, and then while loading the web page; I used to show or hide the relevant buttons & menus based on user's rights. But here in Asp.Net Razor Pages, the action method matters (If I'm not wrong), and certain functionality can be accessed via route. I am looking for some attribute-based solution.
I found this link with more or less above mentioned implementation using database tables and route URL to determine action name. So the URLs are saved in the database and on runtime they are checked and matched with the current URL and the user is authenticated.
Another link here, where the developer has used attribute-based filtering on action methods. But URL Routes are not being saved in the database or anywhere.
Are these the only & best solution to my problem? I have no problem implementing them, they look logical. But I just want to use the best available approach. Can anyone assist me with any other more suitable approach?

How can i introduce my own permission in a plugin

I would like to write an plugin for the cockpit app. The feature i would like to add includes also an additional item in the drop-down menu. However i also would like to introduce my own permission. If the role of the user has the permission the item in menu will be shown otherwise not. Is this possible at all? And how does at look like? I checked the online documentation but couldn't find anything about it. I hope someone could help me...
The only way to introduce new permissions is through a microservice in its manifest. With purely UI you cannot add those.
As an alternative you could base your plugin on any property of the user. You probably would than want to have a second plugin to set/manage this for a user.

Piranah CMS apply Permissions to Regions and Media instances

I am reviewing Piranha CMS and really like the framework.
I am wondering how I can associate permissions to Regions and Media elements.
I was thinking that this may be easily accomplished through a custom extension but would like to know if this is the recommended approach.
What I'd like to do is to restrict rendering of a region if the current user's does not have access to it. I was thinking I may be able to add a group GUID as the permission property of the region extension. If the permission property is an empty GUID then it will render the region otherwise the current user must be a member of the group that the region is associated to.
I would like to do the same for Media elements.
Cheers
John
You could solve both the region & media question with a custom extension, however I'm not really sure I follow why you would need it for the page region.
As regions are merely considered a "part of a page" there's no way to customize security for a single regions, it is set on the complete page.
As media is usually rendered in some context, as a page, there's currently no security setting for uploaded media. This however is a feature that could be added into the core framework as it could make sense for some use-cases.
Best regards
HÃ¥kan