This article demonstrates how portal administrators can enable or disable permissions to edit specific fields in the My Account portlet in Liferay Portal 6.2. By default any user (regardless of role - Administrator or Power User) can edit any field in the My Account portlet. This functionality allows administrators to control which users are allowed to edit their information in My Accounts.
At the same time, the same functionality allows administrators to control which fields the users are allowed to edit. Most importantly, the priority of configuring fields is weighted equally and thus operate independently. This becomes apparent below.
Resolution
Prerequisites
For testing and demonstration purposes, create two users that do not have administrator rights; the default Power User role will be sufficient. The second user's email address domain must be different than the administrator's and the first user's.
Specifying Users
To enable or disable permission for different user types to edit specific fields in My Account portlet, make the following changes to field.editable.user.types= in the portal-ext.properties.
- Scenario 1—Only Administrators Can Edit the Fields
If
field.editable.user.types=is left blank, then no user other than the administrator may edit any field in the My Account portlet. This setting must be specified with the values below with a null value (that is, left blank); it cannot be commented out with a#. - Scenario 2—Only Users With the Same Email Domain as the Company's Can Make Changes
If
field.editable.user.types=user-with-mxis set, then users with an email address belonging to the company are allowed to make changes but not those with different email address suffixes. For example, if a corporation uses @company.com as its suffix and allows guests or community members with a valid email address to post comments on a message board, it would make sense to restrict the permissions for guests and community members.However, even if this value is set, if any specific field is enabled (see the Specifying Fields section below), then even users whose email suffixes are not the same as the company can still make changes. This is because each property operates independently. To ensure only users whose email suffices are the same, leave the domain fields blank.
- Scenario 3—Any User Can Edit
If
field.editable.user.types=user-with-mx,user-without-mxis set, then everyone has permissions to edit. This is the default portal setting.
Specifying Fields
In this use case, administrators can specify which fields can be edited. The available properties are:
#field.editable.domains[birthday]=
#field.editable.domains[emailAddress]=
#field.editable.domains[firstName]=
#field.editable.domains[gender]=
#field.editable.domains[jobTitle]=
#field.editable.domains[lastName]=
#field.editable.domains[middleName]=
#field.editable.domains[portrait]=
#field.editable.domains[prefix]=
#field.editable.domains[screenName]=
#field.editable.domains[suffix]=
For example, assume that Liferay Portal is used as a university's registrar office. Officials assign students their screen names and email addresses and do not want students to change them. However, students can edit every other field. For each property, enter a * next to it as shown below:
field.editable.domains[emailAddress]=
field.editable.domains[screenName]=
field.editable.domains[birthday]=*
field.editable.domains[firstName]=*
field.editable.domains[gender]=*
field.editable.domains[jobTitle]=*
field.editable.domains[lastName]=*
field.editable.domains[middleName]=*
field.editable.domains[portrait]=*
field.editable.domains[prefix]=*
field.editable.domains[suffix]=*
Figure 1 above shows that the Screen name and Email Address fields have been grayed out (meaning they are not editable).
Remember that specifying a field to be editable is independent from specifying which users have the permissions to edit. Administrators can allow users whose email suffixes different from the company to edit specific fields in this section.