Enabling or Disabling Permission to Edit Specific Fields in the My Account Portlet

This article demonstrates how portal administrators can enable or disable permissions to edit specific fields in the My Account portlet in Liferay Portal 6.2. By default any user (regardless of role - Administrator or Power User) can edit any field in the My Account portlet. This functionality allows administrators to control which users are allowed to edit their information in My Accounts.

At the same time, the same functionality allows administrators to control which fields the users are allowed to edit. Most importantly, the priority of configuring fields is weighted equally and thus operate independently. This becomes apparent below.

Resolution

Prerequisites

For testing and demonstration purposes, create two users that do not have administrator rights; the default Power User role will be sufficient. The second user's email address domain must be different than the administrator's and the first user's.

Specifying Users

To enable or disable permission for different user types to edit specific fields in My Account portlet, make the following changes to field.editable.user.types= in the portal-ext.properties.

  1. Scenario 1Only Administrators Can Edit the Fields

    If field.editable.user.types= is left blank, then no user other than the administrator may edit any field in the My Account portlet. This setting must be specified with the values below with a null value (that is, left blank); it cannot be commented out with a #.

  2. Scenario 2Only Users With the Same Email Domain as the Company's Can Make Changes

    If field.editable.user.types=user-with-mx is set, then users with an email address belonging to the company are allowed to make changes but not those with different email address suffixes. For example, if a corporation uses @company.com as its suffix and allows guests or community members with a valid email address to post comments on a message board, it would make sense to restrict the permissions for guests and community members.

    However, even if this value is set, if any specific field is enabled (see the Specifying Fields section below), then even users whose email suffixes are not the same as the company can still make changes. This is because each property operates independently. To ensure only users whose email suffices are the same, leave the domain fields blank.

  3. Scenario 3Any User Can Edit

    If field.editable.user.types=user-with-mx,user-without-mx is set, then everyone has permissions to edit. This is the default portal setting.

Specifying Fields

In this use case, administrators can specify which fields can be edited. The available properties are:

    #field.editable.domains[birthday]=
    #field.editable.domains[emailAddress]=
    #field.editable.domains[firstName]=
    #field.editable.domains[gender]=
    #field.editable.domains[jobTitle]=
    #field.editable.domains[lastName]=
    #field.editable.domains[middleName]=
    #field.editable.domains[portrait]=
    #field.editable.domains[prefix]=
    #field.editable.domains[screenName]=
    #field.editable.domains[suffix]=

For example, assume that Liferay Portal is used as a university's registrar office. Officials assign students their screen names and email addresses and do not want students to change them. However, students can edit every other field. For each property, enter a * next to it as shown below:

    field.editable.domains[emailAddress]=
    field.editable.domains[screenName]=
    field.editable.domains[birthday]=*
    field.editable.domains[firstName]=*
    field.editable.domains[gender]=*
    field.editable.domains[jobTitle]=*
    field.editable.domains[lastName]=*
    field.editable.domains[middleName]=*
    field.editable.domains[portrait]=*
    field.editable.domains[prefix]=*
    field.editable.domains[suffix]=*

my-account01.png
Figure 1 above shows that the Screen name and Email Address fields have been grayed out (meaning they are not editable).

Remember that specifying a field to be editable is independent from specifying which users have the permissions to edit. Administrators can allow users whose email suffixes different from the company to edit specific fields in this section.

这篇文章有帮助吗?
1 人中有 1 人觉得有帮助