Define Permission System Detailed Concept
In the liferay we have permission system so that we can define permissions system for the role.
We already know how to define permission system from Admin screens in liferay.
In the permission system there is involved two tables
1. Resource Action table
2. Resource Permissions table
Resource Action table:
In this table we are maintaining action for each resource. Actions are divided into two types
1. Portlet Resource
2. Model Resource
Portlet Resource:
Portlets resource action like what is the permission system defines for the portlet like VIEW, EDIT, CONFIGURATION and ADD TO PAGE.
Example Entries for Prtlets Resource.
If we observe name column we can see the portletId, in the name column we can see relevant actions for portlet. Like this way portlets resource action are defined in the table.
Model Resource:
Model resource action is nothing but if we want do some functionality in the portlet then we will define actions for model resource.
Example:
If we take Organization portlet we have different action like MANAGE TEAMS,MANAGE USERS like this . If the portlet inside having any functionality then we need to defined action for model resource.
Note:
Here model resource name model java class name. That is why we can observe model resource name for organization is com.liferay.portal.model.Organization.
How permission system working:
In the liferay 6.x they have introduced algorithm called Advanced Permission Algorithm 6.
When we use this algorithm then this entire functionality uses only two tables are Resource Action and Resource Permission.
This permission system working based on bitwise operator OR and bitwise value.
If we observe table resource action we can find column bitWiseValue for each action.
For each action we have bitwise value from this permission system is working.
Example:
If take any resource either model resource or portlet resource for each they have their own ActionIds
Example:
Assume Organization model resource called com.liferay.portal.model.Organization
We have different actions like MANGE_USERS, MANAGE_TEAM etc..
This bitwise value is multiple of 2
APPROVE_PROPOSAL------2
ASSIGN_MEMBERS-------4
ASSIGN_REVIEWER------8
ASSIGN_USER_ROLES----16
If we add new action then the value id multiple of 2
Assume if we give permission for role on organization we have to calculate the total bitwise value.
So setting permissions is simply a matter of OR ing all the action masks together.
i.e.
i.e.
Permissions = VIEW | ADD_MESSAGE | SUBSCRIBE;
For all you java programmers not up to speed with low level bitwise operations | is bitwise OR and & is bitwise AND.
Checking for VIEW permission is as simple as
if ((permissions & 1) == 1) {
Has permission
}
Checking for any permission is simply
1if ((permissions & ACTION) == ACTION) {
Has permission
}
Example:
Take one portlet MyPortlet I want give ADD TO PAGE ,VIEW and CONFURATION permissions for this portlet on particular role
Then apply bitwise operator like this
VIEW --------------------1
CONFIGURATION ---------------------4
ADD TO PAGE -----------------------2
1------------- 001 apply OR operation
2------------ 010 apply OR operation
4--------- 100 apply OR operation
111---------------7 is value
If want get ADD TO PAGE, VIEW AND CONFUGURATION role should have the value 7 then we will get all permissions.
Where we store all these details?
We have one table call Resource Permissions there we store all these information.
Here all the permissions stored with respect to role. And if observe last column actionIds there total bitwise value is stored.
Like in the above example we will store value 7.
We will see the each column in the resource permissions.
resourcePermissionId: this is just a primary key.
CompanyId: this represent for which liferay instance we are defining permission system.
Name: we already see this in resource action table name column this also same. This represents whether this is Model Resource or portlet Resource.
PrimyKey: this very important value this value vary bases on model resource and portlet resrce.
Scope: scope represent effect of this permission mean only for organization or community or individual resource.
PRIMKEY_DNE = -1;
SCOPE_INDIVIDUAL =4;
SCOPE_GROUP =2;
SCOPE_GROUP_TEMPLATE /OORGANIZATION = 3;
SCOPE_COMPANY =1;
actionIds:
This is total bitwise value of all actions that is assigned to the role on resource.
How prime key change resource to resource?
CASE: 1 when we set permissions to layout:
Example if we set some permission to page means this page view by this role like that. Then entry following like this
Observe above primKey value. When we set permission to the page then primKey value is plid.
CASE: 2 when we set permission to the portlet and that portlet in particular page.
Observe prime key this is combination string
plid_LAYOUT_PortletId
56 is web content display portlet name. This is instanciable portlet that’s why portlet id contain _INSTANCE_aec like that.
Here scope is individual means we are setting permission for web content display portlet that is in particular page.
CASE: 3 Set permission system in the port let functionality or we can say for model resource.
Example we taka organization portlet we have many activities like manage users, manage teams and manage pages like this
Observe prime key this is 0. Means when we apply permissions for model resource then it will become 0.
Total bitwise for all action is 65535.
Here scope 3 means organizations level.
Important points:
When we use define permission system if define any permission there
The following are the entries
Regular Role:
Primekey=CompanyId,
Scope=1
Organization Role:
PrimKey=0
Scope=3
When we set permission system for individual portlets or articles
Regular Role:
PrimKey=layout_portletID
Scope=4
Organization Role:
PrimKey=layout_portletID
Scope=4
Journal articles
Regular Role/Organization Role:
PrimKey=Article Resource key (available in journalarticleresource table)
Scope=4
Set Permission system for Layouts/pages
Regular Role:
PrimKey= plid
Scope=4
Organization Role:
PrimKey=plid
Scope=4
Concept for Bitwise Permission System goes through the following link.
Implementing Custom permission system for our own portlets goes through the following link.
0 comments:
Post a Comment