1. Liferay Help Center
  2. 知识库
  3. How-to

Restricting Access to Specific User Fields

Avatar

Liferay Support

  • 更新

This article documents how to restrict access to specific fields for certain users in the Liferay platform. For example, there may be the need to set the email address field for users as read-only. This can be accomplished through overriding the default behavior in the platform. 

Resolution

Their are numerous portal properties that can be used to configure the platform to restrict access for certain users to their user fields. They are:

  1. field.editable.user.types=user-with-mx,user-without-mx

    Input a list of comma delimited user types. Users that match one of these user types have permission to edit all of their own fields. Valid user types are "user-with-mx" and "user-without-mx". A value of "user-with-mx" is a user who has an email address that matches the company mail suffix, and "user-without-mx" is a user who does not have an email address that matches the company mail suffix.

  2. field.editable.roles=administrator

    Input a list of comma delimited role names. Users associated with one of these roles have permission to edit all of their own fields.

  3. field.editable.domains=

    Input a list of comma delimited domain names. Users with an email address that match one of these domain names have permission to edit all of their own fields.

  4. field.editable.domains[birthday]=

field.editable.domains[emailAddress]=

field.editable.domains[firstName]=

field.editable.domains[gender]=

field.editable.domains[jobTitle]=

field.editable.domains[lastName]=

field.editable.domains[middleName]=

field.editable.domains[portrait]=

field.editable.domains[prefix]=

field.editable.domains[screenName]=

field.editable.domains[suffix]=

    Input a list of comma delimited domain names. Users with an email address that match one of these domain names have permission to edit the specified field.

For example, if the use-case is to restrict the users' ability to edit their own email address, the following steps could be taken:

  1. The first property that must be set in the portal-ext.properties is field.editable.user.types=. This property must be set to 'blank'having nothing after the equal sign. This makes it so that no user will be able to edit anything in his or her account.
  2. Since it is desired to only limit the users in editing their email address, permission must be given to edit the other fields besides the email address field. That is why all of the following properties must be set. For example, if your domain is test.com, please be sure to use your email suffix, which in this case would be test.com. Please find an example of this below: 
    field.editable.user.types=

field.editable.domains[birthday]=test.com

field.editable.domains[emailAddress]=

field.editable.domains[firstName]=test.com

field.editable.domains[gender]=test.com

field.editable.domains[jobTitle]=test.com

field.editable.domains[lastName]=test.com

field.editable.domains[middleName]=test.com

field.editable.domains[portrait]=test.com

field.editable.domains[prefix]=test.com

field.editable.domains[screenName]=test.com

field.editable.domains[suffix]=test.com
这篇文章有帮助吗?
0 人中有 0 人觉得有帮助