Liferay have good permission system that can restrict
the access over the resources. Liferay have set of permission actions for each
resource. In Liferay prospective resource may be portlet, page, model object
and other resources like images, files.
We have two important tables which all manage Liferay
permission system
ResouceAction
ResourcePermission
|
Important
Util Classes
ResourcePermissionServiceUtil
ResourceActionLocalServiceUtil
|
To set Individual Resource Permission on role we will
use following Methods
Individual Resource Permissions
void com.liferay.portal.service.ResourcePermissionServiceUtil.setIndividualResourcePermissions(long
groupId, long companyId, String name, String primKey, long roleId, String[]
actionIds) throws PortalException, SystemException
Updates
the role's permissions at the scope, setting the actions that can be
performed on resources of the type. Existing actions are replaced.
This
method can be used to set permissions at any scope, but it is generally only
used at the individual scope. For example, it could be used to set the guest
permissions on a blog post.
Depending
on the scope, the value of primKey will have different meanings. For more
information, see com.liferay.portal.model.impl.ResourcePermissionImpl.
Parameters:
groupId
the primary key of the group
companyId
the primary key of the company
name
the resource's name, which can be either a model class name or a portlet ID
for example com.liferay.portlet.documentlibrary.model.DLFileEntry
primKey
the primary key example FileEntry Id
roleId
the primary key of the role
actionIds
the action IDs of the actions (VIEW,DELETE,ADD
like that)
Throws:
PortalException
- if the user did not have permission to set resource permissions, or if a
role with the primary key or a resource action with the name and action ID
could not be found
SystemException
- if a system exception occurred
|
public static void
setIndividualResourcePermissions(long groupId,
long companyId, java.lang.String name,
java.lang.String primKey,java.util.Map<java.lang.Long, java.lang.String[]>
roleIdsToActionIds)throws com.liferay.portal.kernel.exception.PortalException,
com.liferay.portal.kernel.exception.SystemException
Updates
the role's permissions at the scope, setting the actions that can be
performed on resources of the type. Existing actions are replaced.
This
method can be used to set permissions at any scope, but it is generally only
used at the individual scope. For example, it could be used to set the guest
permissions on a blog post.
Depending
on the scope, the value of primKey will have different meanings. For more
information, see com.liferay.portal.model.impl.ResourcePermissionImpl.
Parameters:
groupId
the primary key of the group
companyId
the primary key of the company
name
the resource's name, which can be either a class name or a portlet ID
primKey
the primary key
roleIdsToActionIds
a map of role IDs to action IDs of the actions
Throws:
PortalException
- if the user did not have permission to set resource permissions, or if a
role with the primary key or a resource action with the name and action ID
could not be found
SystemException
- if a system exception occurred
|
Note:
Prime key value will be changed based on resource type
some time it is primary key of resource or its combination of some pattern
based on resource.
The complete details about permission system please go
through following Article.
In the example case we are going to enable view
permission to all file entries of site/organization and these file entries are
images.
Important
Scenarios:
Case:
1
Some time when we migrate Liferay portal from one
version to other then all images which are migrated not visible to GUEST
role if this scenario following code will help us to enable View permission for
all images on Guest role.
Case:
2
Some time when we upload bulk images into Liferay document
library using custom portlet then images might not have view permission to
guest user then we can use following code snippet to enable view permission to
all images on Guest role.
In the bulk uploading once file entry is created then
we can use following code to enable different permission action on different
roles.
Liferay have beautiful feature that executing other langue’s
scripts in Liferay portal these will help update or do some actions on portal
using Liferay API. We don’t required any application to
do some actions rather than we can create some script for example Groovy script
which is similar to Java using Liferay API so that it can perform desired
actions in Liferay portal.
Note:
When we set view permission to images or file entry
then we also need to set same permission to those folders.
We also need to set permission
to folders where file entries available
Example
to Set View Permission to All Images for Role Guest in the Site/Organization
Sample code to enable view permission to all images in
the Site/Organization
public void
setViewPermissionforGuestonAllfileEntries(ActionRequest actionRequest,
ActionResponse actionResponse) throws
Exception {
DynamicQuery fileEntryQuery=
DynamicQueryFactoryUtil.forClass(DLFileEntry.class,
PortalClassLoaderUtil.getClassLoader());
Criterion criterion = null;
ThemeDisplay themeDisplay =
(ThemeDisplay) actionRequest.getAttribute(WebKeys.THEME_DISPLAY);
//criterion =
RestrictionsFactoryUtil.in("mimeType",new String[]{"image/png","image/x-ms-bmp","image/jpeg"});
//String
valueForLike=StringPool.PERCENT+"image"+StringPool.PERCENT;
criterion=RestrictionsFactoryUtil.like("mimeType",new
StringBuilder("%").append("image").append("%").toString());
criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new Long(themeDisplay.getScopeGroupId())));
fileEntryQuery.add(criterion);
List<DLFileEntry>
fileEntriesList=DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery);
Role guestRole=RoleLocalServiceUtil.getRole(themeDisplay.getCompanyId(),
RoleConstants.GUEST);
String[] actionIds=new
String[]{"VIEW"};
logger.info("fileEntriesList"+fileEntriesList.size());
long lastViewPermissionAssignedFolderId=0;
long currentFolderId=0;
for(DLFileEntry
curFileEntry:fileEntriesList){
try{
currentFolderId=curFileEntry.getFolderId();
if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),
DLFolder.class.getName(),String.valueOf(currentFolderId),guestRole.getRoleId(),
actionIds);
lastViewPermissionAssignedFolderId=currentFolderId;
logger.info("permission
successfully setted to folder id"+currentFolderId);
}
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),
DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()),
guestRole.getRoleId(),
actionIds);
}catch(Exception
e){
logger.error("permission
not able stet"+e.getLocalizedMessage());
}
logger.info("permission
successfully setted to "+curFileEntry.getName());
}
|
Example
to Set View Permission to All Images for Role Guest in the Site/Organization with
Second Method
public void
setViewPermissionforGuestonAllfileEntriesAnotherWay(ActionRequest actionRequest,
ActionResponse actionResponse) throws
Exception {
DynamicQuery fileEntryQuery=
DynamicQueryFactoryUtil.forClass(DLFileEntry.class,
PortalClassLoaderUtil.getClassLoader());
Criterion criterion = null;
ThemeDisplay themeDisplay =
(ThemeDisplay) actionRequest.getAttribute(WebKeys.THEME_DISPLAY);
//criterion =
RestrictionsFactoryUtil.in("mimeType",new String[]{"image/png","image/x-ms-bmp","image/jpeg"});
//String
valueForLike=StringPool.PERCENT+"image"+StringPool.PERCENT;
criterion=RestrictionsFactoryUtil.like("mimeType",new
StringBuilder("%").append("image").append("%").toString());
criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new Long(themeDisplay.getScopeGroupId())));
fileEntryQuery.add(criterion);
List<DLFileEntry>
fileEntriesList=
DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery);
Role guestRole=RoleLocalServiceUtil.getRole(themeDisplay.getCompanyId(),
RoleConstants.GUEST);
Role siteMemebrRole=RoleLocalServiceUtil.getRole(themeDisplay.getCompanyId(),
RoleConstants.SITE_MEMBER);
String[] guestActionIds=new
String[]{"VIEW",""};
String[] siteMemebrActionIds=new
String[]{"VIEW","DELETE"};
java.util.Map<java.lang.Long,
java.lang.String[]> roleIdsToActionIds=new
HashMap<Long, String[]>();
roleIdsToActionIds.put(guestRole.getRoleId(),
guestActionIds);
roleIdsToActionIds.put(siteMemebrRole.getRoleId(),siteMemebrActionIds);
logger.info("fileEntriesList"+fileEntriesList.size());
long lastViewPermissionAssignedFolderId=0;
long currentFolderId=0;
for(DLFileEntry
curFileEntry:fileEntriesList){
try{
currentFolderId=curFileEntry.getFolderId();
if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),
DLFolder.class.getName(),String.valueOf(currentFolderId),roleIdsToActionIds);
lastViewPermissionAssignedFolderId=currentFolderId;
logger.info("permission
successfully setted to folder id"+currentFolderId);
}
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),
DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()),
roleIdsToActionIds);
}catch(Exception
e){
logger.error("permission
not able stet"+e.getLocalizedMessage());
}
logger.info("permission
successfully setted to "+curFileEntry.getName());
}
|
The following is simple Groovy scrip execute from
Liferay Server Administration then you can enable guest permission to all
images in the site.
Note
You have to change to your groupId and companyId
that are hard coded in the script
import
com.liferay.portal.service.ResourcePermissionServiceUtil;
import com.liferay.portal.model.Role;
import
com.liferay.portal.service.RoleLocalServiceUtil;
import
java.util.List;
import
com.liferay.portal.model.RoleConstants;
import
com.liferay.portlet.documentlibrary.service.DLFileEntryLocalServiceUtil;
import
com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
import
com.liferay.portal.kernel.dao.orm.Criterion;
import
com.liferay.portal.kernel.util.PortalClassLoaderUtil;
import
com.liferay.portlet.documentlibrary.model.DLFileEntry;
import
com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
import
com.liferay.portal.kernel.dao.orm.DynamicQuery;
import
com.liferay.portlet.documentlibrary.model.DLFolder;
DynamicQuery
fileEntryQuery= DynamicQueryFactoryUtil.forClass(DLFileEntry.class,
PortalClassLoaderUtil.getClassLoader());
Criterion
criterion = null;
String[]
mimeTypeExtensiona=["image/png","image/x-ms-bmp","image/jpeg"]
as String[];
criterion
= RestrictionsFactoryUtil.in("mimeType",mimeTypeExtensiona);
criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new
Long(126774)));
fileEntryQuery.add(criterion);
List<DLFileEntry>
fileEntriesList=DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery);
Role
guestRole=RoleLocalServiceUtil.getRole(20155,RoleConstants.GUEST);
String[]
actionIds=["VIEW"] as String[];
out.println("fileEntriesList"+fileEntriesList.size());
long
lastViewPermissionAssignedFolderId=0;
long
currentFolderId=0;
for(DLFileEntry
curFileEntry:fileEntriesList){
try{
currentFolderId=curFileEntry.getFolderId();
if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){
ResourcePermissionServiceUtil.setIndividualResourcePermissions(curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),DLFolder.class.getName(),
String.valueOf(currentFolderId),guestRole.getRoleId(),
actionIds);
lastViewPermissionAssignedFolderId=currentFolderId;
out.println("permission
successfully setted to folder id"+currentFolderId);
}
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),
DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()),
guestRole.getRoleId(),
actionIds);
}catch(Exception
e){
out.println("permission
not able stet"+e.getLocalizedMessage());
}
out.println("permission
successfully setted to "+curFileEntry.getName());
} |
Note:
In above dynamic query have used IN operator to fetch all file entries which are matched to given
mime types.
The following is simple Groovy scrip execute from
Liferay Server Administration then you can enable guest permission to all
images in the site.
Note
You have to change to your groupId and companyId
that are hard coded in the script
import
com.liferay.portal.service.ResourcePermissionServiceUtil;
import
com.liferay.portal.model.Role;
import
com.liferay.portal.service.RoleLocalServiceUtil;
import
java.util.List;
import
com.liferay.portal.model.RoleConstants;
import
com.liferay.portlet.documentlibrary.service.DLFileEntryLocalServiceUtil;
import
com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
import
com.liferay.portal.kernel.dao.orm.Criterion;
import
com.liferay.portal.kernel.util.PortalClassLoaderUtil;
import
com.liferay.portlet.documentlibrary.model.DLFileEntry;
import
com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
import
com.liferay.portal.kernel.dao.orm.DynamicQuery;
import com.liferay.portal.kernel.util.StringPool;
import
com.liferay.portlet.documentlibrary.model.DLFolder;
DynamicQuery
fileEntryQuery= DynamicQueryFactoryUtil.forClass(DLFileEntry.class,
PortalClassLoaderUtil.getClassLoader());
Criterion
criterion = null;
String
valueForLike=StringPool.PERCENT+"image"+StringPool.PERCENT;
criterion=RestrictionsFactoryUtil.like("mimeType",valueForLike);
criterion=RestrictionsFactoryUtil.and(criterion,RestrictionsFactoryUtil.eq("groupId",new
Long(142101)));
fileEntryQuery.add(criterion);
List<DLFileEntry>
fileEntriesList=DLFileEntryLocalServiceUtil.dynamicQuery(fileEntryQuery);
Role
guestRole=RoleLocalServiceUtil.getRole(20155,RoleConstants.GUEST);
String[]
actionIds=["VIEW"] as String[];
out.println("fileEntriesList"+fileEntriesList.size());
long
lastViewPermissionAssignedFolderId=0;
long
currentFolderId=0;
for(DLFileEntry
curFileEntry:fileEntriesList){
try{
currentFolderId=curFileEntry.getFolderId();
if(currentFolderId!=0&&lastViewPermissionAssignedFolderId!=currentFolderId){
ResourcePermissionServiceUtil.setIndividualResourcePermissions(curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),DLFolder.class.getName(),
String.valueOf(currentFolderId),guestRole.getRoleId(),
actionIds);
lastViewPermissionAssignedFolderId=currentFolderId;
out.println("permission
successfully setted to folder id"+currentFolderId);
}
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
curFileEntry.getGroupId(),
curFileEntry.getCompanyId(),
DLFileEntry.class.getName(),String.valueOf(curFileEntry.getFileEntryId()),
guestRole.getRoleId(),
actionIds);
}catch(Exception
e){
out.println("permission
not able stet"+e.getLocalizedMessage());
}
out.println("permission
successfully setted to "+curFileEntry.getName());
} |
Note:
In above dynamic query have used like operator to fetch
all file entries which are images include all types images (PNG, GIF, JPEG, BMP
and TIF).
Execute
Groovy Script in Liferay
Liferay have ability to execute other langue’s script
to make some actions in the Liferay portal and these script uses the Liferay
API so that it can do some operations in Liferay portal. Liferay supported scripts
like Groovy, Python, Ruby, Beanshell and JavaScript.
Download Sample Liferay Groovy Scripts from following
location
Login as Liferay Portal admin and go to Liferay Control Panel
there you can see the server administration
Once click on server Administration it will launch
User Interface there we can do many things in the tabs you can find Script click on the tab.
Select Language Groovy from the drop down and copy
given Groovy script in the text area finally click on Execute button then
groovy script will be executed.
Output for above scripts as follows
Reference about Individual Resource Permissions
Author
Posts
