Liferay provides a system that allows you to implement permissions for your custom portlets. The first step in implementing permissions is to define all resources and the actions that can be performed on them. Once you’ve done this, you’re ready to register these resource-action pairs in the permissions system. In Liferay, a permission is represented as a resource-action pair. Registering permissions with Liferay is also known as adding resources. This step is the R in the DRAC acronym:
-
Define all resources and their permissions.
-
Register all defined resources in the permissions system.
-
Associate the necessary permissions with resources.
-
Check permission before returning resources.
This tutorial explains how to both add and delete resources. The Guestbook project is used as an example. You can find it in the Liferay Docs repository here: Liferay Guestbook project. Read on to find out how to add and delete resources!
Before proceeding, make sure you understand these critical terms:
Action: An operation that can be performed by a portal user.
Resource: A generic representation of any portlet or entity in the portal on which an action can be performed.
Permission: An action that can be performed on a resource.
For further explanation and examples, please see the Adding Permissions to Resources tutorial.
Adding a Resource
Resources should be added at the same time that entities are added to the
database. To do this, you must invoke Liferay service methods to manage Liferay
resources. Adding resources is as easy as calling the addResources(...)
method
of Liferay’s ResourceLocalServiceUtil
class. Here’s the signature of that
method:
public void addResources(
long companyId, long groupId, long userId, String name,
String primKey, boolean portletActions,
boolean addGroupPermissions, boolean addGuestPermissions)
Here’s an overview of the parameters of the addResources
method:
companyId
: the primary key of the entity’s portal instance
groupId
: the primary key of the entity’s site
userId
: the primary key of the user who’s adding the entity
name
: the fully qualified Java class name for the entity being added
primKey
: the primary key of the entity
portletActions
: a boolean parameter that should be set to true
if you’re
adding portlet action permissions
addGroupPermissions
: a boolean parameter that should be set to true
if the
default permissions should be added to the current group
addGuestPermissions
a boolean parameter that should be set to true
if the
default permissions should be added to the guest group
Any entity that should have permission-controlled actions must be added as a
resource. For example, every time a user adds a new guestbook, call the
addResources(...)
method to add a corresponding resource to the resource
system. Here’s the call from the Guestbook project’s GuestbookLocalServiceImpl
class:
resourceLocalService.addResources(
user.getCompanyId(), groupId, userId, Guestbook.class.getName(),
guestbookId, false, true, true);
In this example, portletActions
is false
because a model resource, not
a portlet resource, is being added. addGroupPermissions
and
addGuestPermissions
are true
since the default permissions should be
applied.
You can let your users choose whether to add the default group permissions
and/or the default guest permissions for your portlet resources: Liferay has a
JSP tag called <liferay-ui:input-permissions />
that you can use to add that
functionality. To use it, insert the tag into the appropriate JSP, and the
checkboxes appear on that page. Make sure that the tag is inside the appropriate
<form>
tags.
To see an example of the <liferay-ui:input-permissions />
tag in action,
access the form for adding a new web content folder:
Log in to your Liferay Portal instance as an administrator and click on Admin → Site Administration → Content. Then click on Web Content. Then click Add → Folder. This form appears:
The JSP fragment that’s responsible for rendering the permissions selector is this:
<liferay-ui:input-permissions
modelName="<%= JournalFolder.class.getName() %>"
/>
Notice that this <liferay-ui:input-permissions />
tag appears within an
<aui:form />
tag. The <liferay-ui:input-permissions />
tag only makes sense
in the context of a form.
Deleting a Resource
When you remove an entity from the database, you should remove permissions that
were mapped directly to the entity. This prevents dead resources from taking up
space in the database. Remember to delete resources when deleting entities. To
do so, call ResourceLocalServiceService
’s deleteResource(...)
method.
Here’s an example from the GuestbookLocalServiceImpl
’s deleteGuestbook(...)
method:
resourceLocalService.deleteResource(serviceContext.getCompanyId(),
Guestbook.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL,
guestbookId);
Great! Now you know how to work with resource permissions!