Liferay have good permission system that can restrict the access over the resources. Liferay have set of permission actions for each resource. In Liferay prospective resource may be portlet, page, model object and other resources like images, files.
We have two important tables which all manage Liferay permission system
ResouceAction ResourcePermission |
Important Util Classes
ResourcePermissionServiceUtil ResourceActionLocalServiceUtil |
To set Individual Resource Permission on role we will use following Methods
Individual Resource Permissions
void com.liferay.portal.service.ResourcePermissionServiceUtil.setIndividualResourcePermissions(long groupId, long companyId, String name, String primKey, long roleId, String[] actionIds) throws PortalException, SystemException Updates the role's permissions at the scope, setting the actions that can be performed on resources of the type. Existing actions are replaced. This method can be used to set permissions at any scope, but it is generally only used at the individual scope. For example, it could be used to set the guest permissions on a blog post. Depending on the scope, the value of primKey will have different meanings. For more information, see com.liferay.portal.model.impl.ResourcePermissionImpl. Parameters: groupId the primary key of the group companyId the primary key of the company name the resource's name, which can be either a model class name or a portlet ID for example com.liferay.portlet.documentlibrary.model.DLFileEntry primKey the primary key example FileEntry Id roleId the primary key of the role actionIds the action IDs of the actions (VIEW,DELETE,ADD like that) Throws: PortalException - if the user did not have permission to set resource permissions, or if a role with the primary key or a resource action with the name and action ID could not be found SystemException - if a system exception occurred |
public static void setIndividualResourcePermissions(long groupId, long companyId, java.lang.String name, java.lang.String primKey,java.util.Map<java.lang.Long, java.lang.String[]> roleIdsToActionIds)throws com.liferay.portal.kernel.exception.PortalException, com.liferay.portal.kernel.exception.SystemException Updates the role's permissions at the scope, setting the actions that can be performed on resources of the type. Existing actions are replaced. This method can be used to set permissions at any scope, but it is generally only used at the individual scope. For example, it could be used to set the guest permissions on a blog post. Depending on the scope, the value of primKey will have different meanings. For more information, see com.liferay.portal.model.impl.ResourcePermissionImpl. Parameters: groupId the primary key of the group companyId the primary key of the company name the resource's name, which can be either a class name or a portlet ID primKey the primary key roleIdsToActionIds a map of role IDs to action IDs of the actions Throws: PortalException - if the user did not have permission to set resource permissions, or if a role with the primary key or a resource action with the name and action ID could not be found SystemException - if a system exception occurred |
Note:
Prime key value will be changed based on resource type some time it is primary key of resource or its combination of some pattern based on resource.
The complete details about permission system please go through following Article.
In the example case we are going to enable view permission to all file entries of site/organization and these file entries are images.
Important Scenarios:
Case: 1
Some time when we migrate Liferay portal from one version to other then all images which are migrated not visible to GUESTrole if this scenario following code will help us to enable View permission for all images on Guest role.
Case: 2
Some time when we upload bulk images into Liferay document library using custom portlet then images might not have view permission to guest user then we can use following code snippet to enable view permission to all images on Guest role.
In the bulk uploading once file entry is created then we can use following code to enable different permission action on different roles.
Liferay have beautiful feature that executing other langue’s scripts in Liferay portal these will help update or do some actions on portal using Liferay API. We don’t required any application to do some actions rather than we can create some script for example Groovy script which is similar to Java using Liferay API so that it can perform desired actions in Liferay portal.
Note:
When we set view permission to images or file entry then we also need to set same permission to those folders.
We also need to set permission to folders where file entries availableExample to Set View Permission to All Images for Role Guest in the Site/Organization
Sample code to enable view permission to all images in the Site/Organization
public voidsetViewPermissionforGuestonAllfileEntries(ActionRequest actionRequest, ActionResponse actionResponse) throwsException { DynamicQuery fileEntryQuery= DynamicQueryFactoryUtil.forClass(DLFileEntry.class, PortalClassLoaderUtil.getClassLoader()); Criterion criterion = null; ThemeDisplay themeDisplay = (ThemeDisplay) actionRequest.getAttribute(WebKeys.THEME_DISPLAY); //criterion = RestrictionsFactoryUtil.in("mimeType",new String[]{"image/png","image/x-ms-bmp","image/jpeg"}); //String valueForLike=StringPool.PERCENT+"image"+StringPool.PERCENT; criterion=RestrictionsFactoryUtil.like("mimeType",newStringBuilder("%").append("image").append("%").toString()); criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new Long(themeDisplay.getScopeGroupId()))); fileEntryQuery.add(criterion); List<DLFileEntry> fileEntriesList=DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery); Role guestRole=RoleLocalServiceUtil.getRole(themeDisplay.getCompanyId(), RoleConstants.GUEST); String[] actionIds=newString[]{"VIEW"}; logger.info("fileEntriesList"+fileEntriesList.size()); long lastViewPermissionAssignedFolderId=0; long currentFolderId=0; for(DLFileEntry curFileEntry:fileEntriesList){ try{ currentFolderId=curFileEntry.getFolderId(); if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){ ResourcePermissionServiceUtil.setIndividualResourcePermissions( curFileEntry.getGroupId(), curFileEntry.getCompanyId(), DLFolder.class.getName(),String.valueOf(currentFolderId),guestRole.getRoleId(), actionIds); lastViewPermissionAssignedFolderId=currentFolderId; logger.info("permission successfully setted to folder id"+currentFolderId); } ResourcePermissionServiceUtil.setIndividualResourcePermissions( curFileEntry.getGroupId(), curFileEntry.getCompanyId(), DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()), guestRole.getRoleId(), actionIds); }catch(Exception e){ logger.error("permission not able stet"+e.getLocalizedMessage()); } logger.info("permission successfully setted to "+curFileEntry.getName()); } |
Example to Set View Permission to All Images for Role Guest in the Site/Organization with Second Method
public voidsetViewPermissionforGuestonAllfileEntriesAnotherWay(ActionRequest actionRequest, ActionResponse actionResponse) throwsException { DynamicQuery fileEntryQuery= DynamicQueryFactoryUtil.forClass(DLFileEntry.class, PortalClassLoaderUtil.getClassLoader()); Criterion criterion = null; ThemeDisplay themeDisplay = (ThemeDisplay) actionRequest.getAttribute(WebKeys.THEME_DISPLAY); //criterion = RestrictionsFactoryUtil.in("mimeType",new String[]{"image/png","image/x-ms-bmp","image/jpeg"}); //String valueForLike=StringPool.PERCENT+"image"+StringPool.PERCENT; criterion=RestrictionsFactoryUtil.like("mimeType",newStringBuilder("%").append("image").append("%").toString()); criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new Long(themeDisplay.getScopeGroupId()))); fileEntryQuery.add(criterion); List<DLFileEntry> fileEntriesList= DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery); Role guestRole=RoleLocalServiceUtil.getRole(themeDisplay.getCompanyId(), RoleConstants.GUEST); Role siteMemebrRole=RoleLocalServiceUtil.getRole(themeDisplay.getCompanyId(), RoleConstants.SITE_MEMBER); String[] guestActionIds=newString[]{"VIEW",""}; String[] siteMemebrActionIds=newString[]{"VIEW","DELETE"}; java.util.Map<java.lang.Long, java.lang.String[]> roleIdsToActionIds=newHashMap<Long, String[]>(); roleIdsToActionIds.put(guestRole.getRoleId(), guestActionIds); roleIdsToActionIds.put(siteMemebrRole.getRoleId(),siteMemebrActionIds); logger.info("fileEntriesList"+fileEntriesList.size()); long lastViewPermissionAssignedFolderId=0; long currentFolderId=0; for(DLFileEntry curFileEntry:fileEntriesList){ try{ currentFolderId=curFileEntry.getFolderId(); if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){ ResourcePermissionServiceUtil.setIndividualResourcePermissions( curFileEntry.getGroupId(), curFileEntry.getCompanyId(), DLFolder.class.getName(),String.valueOf(currentFolderId),roleIdsToActionIds); lastViewPermissionAssignedFolderId=currentFolderId; logger.info("permission successfully setted to folder id"+currentFolderId); } ResourcePermissionServiceUtil.setIndividualResourcePermissions( curFileEntry.getGroupId(), curFileEntry.getCompanyId(), DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()), roleIdsToActionIds); }catch(Exception e){ logger.error("permission not able stet"+e.getLocalizedMessage()); } logger.info("permission successfully setted to "+curFileEntry.getName()); } |
The following is simple Groovy scrip execute from Liferay Server Administration then you can enable guest permission to all images in the site.
Note
You have to change to your groupId and companyIdthat are hard coded in the script
import com.liferay.portal.service.ResourcePermissionServiceUtil; import com.liferay.portal.model.Role; import com.liferay.portal.service.RoleLocalServiceUtil; import java.util.List; import com.liferay.portal.model.RoleConstants; import com.liferay.portlet.documentlibrary.service.DLFileEntryLocalServiceUtil; import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil; import com.liferay.portal.kernel.dao.orm.Criterion; import com.liferay.portal.kernel.util.PortalClassLoaderUtil; import com.liferay.portlet.documentlibrary.model.DLFileEntry; import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil; import com.liferay.portal.kernel.dao.orm.DynamicQuery; import com.liferay.portlet.documentlibrary.model.DLFolder; DynamicQuery fileEntryQuery= DynamicQueryFactoryUtil.forClass(DLFileEntry.class, PortalClassLoaderUtil.getClassLoader()); Criterion criterion = null; String[] mimeTypeExtensiona=["image/png","image/x-ms-bmp","image/jpeg"] as String[]; criterion = RestrictionsFactoryUtil.in("mimeType",mimeTypeExtensiona); criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new Long(126774))); fileEntryQuery.add(criterion); List<DLFileEntry> fileEntriesList=DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery); Role guestRole=RoleLocalServiceUtil.getRole(20155,RoleConstants.GUEST); String[] actionIds=["VIEW"] as String[]; out.println("fileEntriesList"+fileEntriesList.size()); long lastViewPermissionAssignedFolderId=0; long currentFolderId=0; for(DLFileEntry curFileEntry:fileEntriesList){ try{ currentFolderId=curFileEntry.getFolderId(); if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){ ResourcePermissionServiceUtil.setIndividualResourcePermissions(curFileEntry.getGroupId(), curFileEntry.getCompanyId(),DLFolder.class.getName(), String.valueOf(currentFolderId),guestRole.getRoleId(), actionIds); lastViewPermissionAssignedFolderId=currentFolderId; out.println("permission successfully setted to folder id"+currentFolderId); } ResourcePermissionServiceUtil.setIndividualResourcePermissions( curFileEntry.getGroupId(), curFileEntry.getCompanyId(), DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()), guestRole.getRoleId(), actionIds); }catch(Exception e){ out.println("permission not able stet"+e.getLocalizedMessage()); } out.println("permission successfully setted to "+curFileEntry.getName()); } |
Note:
In above dynamic query have used IN operator to fetch all file entries which are matched to given mime types.
The following is simple Groovy scrip execute from Liferay Server Administration then you can enable guest permission to all images in the site.
Note
You have to change to your groupId and companyIdthat are hard coded in the script
import com.liferay.portal.service.ResourcePermissionServiceUtil; import com.liferay.portal.model.Role; import com.liferay.portal.service.RoleLocalServiceUtil; import java.util.List; import com.liferay.portal.model.RoleConstants; import com.liferay.portlet.documentlibrary.service.DLFileEntryLocalServiceUtil; import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil; import com.liferay.portal.kernel.dao.orm.Criterion; import com.liferay.portal.kernel.util.PortalClassLoaderUtil; import com.liferay.portlet.documentlibrary.model.DLFileEntry; import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil; import com.liferay.portal.kernel.dao.orm.DynamicQuery; import com.liferay.portal.kernel.util.StringPool; import com.liferay.portlet.documentlibrary.model.DLFolder; DynamicQuery fileEntryQuery= DynamicQueryFactoryUtil.forClass(DLFileEntry.class, PortalClassLoaderUtil.getClassLoader()); Criterion criterion = null; String valueForLike=StringPool.PERCENT+"image"+StringPool.PERCENT; criterion=RestrictionsFactoryUtil.like("mimeType",valueForLike); criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new Long(142101))); fileEntryQuery.add(criterion); List<DLFileEntry> fileEntriesList=DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery); Role guestRole=RoleLocalServiceUtil.getRole(20155,RoleConstants.GUEST); String[] actionIds=["VIEW"] as String[]; out.println("fileEntriesList"+fileEntriesList.size()); long lastViewPermissionAssignedFolderId=0; long currentFolderId=0; for(DLFileEntry curFileEntry:fileEntriesList){ try{ currentFolderId=curFileEntry.getFolderId(); if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){ ResourcePermissionServiceUtil.setIndividualResourcePermissions(curFileEntry.getGroupId(), curFileEntry.getCompanyId(),DLFolder.class.getName(), String.valueOf(currentFolderId),guestRole.getRoleId(), actionIds); lastViewPermissionAssignedFolderId=currentFolderId; out.println("permission successfully setted to folder id"+currentFolderId); } ResourcePermissionServiceUtil.setIndividualResourcePermissions( curFileEntry.getGroupId(), curFileEntry.getCompanyId(), DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()), guestRole.getRoleId(), actionIds); }catch(Exception e){ out.println("permission not able stet"+e.getLocalizedMessage()); } out.println("permission successfully setted to "+curFileEntry.getName()); } |
Note:
In above dynamic query have used like operator to fetch all file entries which are images include all types images (PNG, GIF, JPEG, BMP and TIF).
Execute Groovy Script in Liferay
Liferay have ability to execute other langue’s script to make some actions in the Liferay portal and these script uses the Liferay API so that it can do some operations in Liferay portal. Liferay supported scripts like Groovy, Python, Ruby, Beanshell and JavaScript.
Download Sample Liferay Groovy Scripts from following location
Login as Liferay Portal admin and go to Liferay Control Panel there you can see the server administration
Once click on server Administration it will launch User Interface there we can do many things in the tabs you can find Script click on the tab.
Select Language Groovy from the drop down and copy given Groovy script in the text area finally click on Execute button then groovy script will be executed.
Output for above scripts as follows
Reference about Individual Resource Permissions
Author
0 comments:
Post a Comment