Step 2 of 4
The last step introduced the concept of resources. Resources are data stored
with your entities that define how they can be accessed. For example, when the
configuration in your
default.xml files is applied to your application’s
entities in the database, resources are created. These resources are then used
in conjunction with Liferay DXP’s permissions system to determine who can do what
to the entities.
Liferay DXP provides a complete API for managing resources that’s integrated with Service Builder. This API is injected into your implementation classes automatically. To manage the resources, all you must do is call the API in the service’s add and delete methods. Follow these steps to do this in your application:
Just before the
returnstatement, add this code:
resourceLocalService.addResources(user.getCompanyId(), groupId, userId, Guestbook.class.getName(), guestbookId, false, true, true);
Note that the
resourceLocalServiceobject is already there, ready for you to use. This is one of several utilities that are injected automatically by Service Builder. You’ll see the rest in the future.
This code adds a resource to Liferay DXP’s database to correspond with your entity (note that the
guestbookIdis included in the call). The three booleans at the end are settings. The first is whether to add portlet action permissions. This should only be
trueif the permission is for a portlet resource. Since this permission is for a model resource (an entity), it’s
false. The other two are settings for adding group and guest permissions. If you set these to
true, you’ll add the default permissions you defined in the permissions configuration file (
default.xml) in the previous step. Since you definitely want to do this, these booleans are set to
Next, go to the
updateGuestbookmethod. Add a similar bit of code in between
resourceLocalService.updateResources(serviceContext.getCompanyId(), serviceContext.getScopeGroupId(), Guestbook.class.getName(), guestbookId, serviceContext.getGroupPermissions(), serviceContext.getGuestPermissions());
Now you’ll do the same for
deleteGuestbook. Add this code in between
guestbook = deleteGuestbook(guestbook);and the
resourceLocalService.deleteResource(serviceContext.getCompanyId(), Guestbook.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL, guestbookId);
Hit [CTRL]+[SHIFT]+O to organize the imports and save the file.
Now you’ll add resources for the
EntryLocalServiceImpl.javafrom the same package. For
addEntry, add a line of code that adds resources for this entity, just before the return statement:
resourceLocalService.addResources(user.getCompanyId(), groupId, userId, Entry.class.getName(), entryId, false, true, true);
deleteEntry, add this code just before the
resourceLocalService.deleteResource( serviceContext.getCompanyId(), Entry.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL, entryId);
updateEntryand add its resource action, also just before the
resourceLocalService.updateResources( user.getCompanyId(), serviceContext.getScopeGroupId(), Entry.class.getName(), entryId, serviceContext.getGroupPermissions(), serviceContext.getGuestPermissions());
That’s all it takes to add permissions resources. Future entities added to the database are fully permissions-enabled. Note, however, that any entities you’ve already added to your Guestbook application in the portal don’t have resources and thus can’t be protected by permissions. You’ll fix this at the end of this section.
Next, you’ll create helper classes to make it easier to check permissions.