Accessing Liferay 6.1 custom/inherited Organization role

StackOverflow https://stackoverflow.com/questions/13145214

  •  21-07-2021
  •  | 
  •  

Question

I am using Liferay 6.1 CE, Tomcat, Vaadin 6.8.4
Possibly a wildly incorrect approach on my part or maybe I have missed something obvious.

I need to control crud functions for my users - allowing access to organizations they belong to and any child organizations below that. ( I am using Liferay's organization_ table)

In trying to simplify administration of permissions, I had hoped to assign a user to an organization in the hierarchy. Default privileges can then be determined from the roles assigned to that and any parent organization(s). This seems to work reasonably well for regular roles - but then I attempted a custom Organization role and I cannot get hold of the detail as expected.

  • I can see the correct data in the control panel definition for the user.
    ( Liferay knows how to retrieve and display the custom Organization Role :-)

  • I can see the actual data values being populated in the back-end table usergrouprole.

  • I am able to detect this role for the default superadmin / owner (test@liferay)
    . . . but I cannot detect the role for other users :(

  • I have been using RoleLocalServiceUtil and GroupLocalServiceUtil without luck.

    My gut feel says to abandon my "purist" notions and fall back to a familiar custom query instead, but I want to first see if anyone else has any better suggestions.

    I do not currently know how to get into the Liferay code to find the relevant segment, so perhaps that may be an option if you have some reading material :)

    Clues ?

    • Was it helpful?

    Solution

    This is going to look ugly (because it is) but I think you'll need to call:

    UserGroupRoleLocalServiceUtil.hasUserGroupRole(long userId, long groupId, long roleId);

    Generally speaking there is (if not always) a XYZLocalServiceUtil and XYZServiceUtil for an XYZ table.

    OTHER TIPS

    In the spirit of sharing, here is some example code to display the permissions.

    ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
User i_user =  themeDisplay.getUser();
PortletDisplay portDisplay = themeDisplay.getPortletDisplay();
String myRootname = portDisplay.getRootPortletId();
String strOrgGroupRoles = "";

//== 1. Display permission provided to user by Organisation(Group) Roles
//== 2. User is assigned to the org.
//== 3. Org is a member of the OrgRole.
//== 4. OrgRole has permission defined from current selected portlet permissions (action-key)
List<UserGroupRole> ugRoles = new ArrayList<UserGroupRole>();
ugRoles.addAll(UserGroupRoleLocalServiceUtil.getUserGroupRoles(i_user.getUserId() ) );
for (UserGroupRole ugRole : ugRoles){

    //== For each role this user has allocated, display the Rolename and the Organisation
    strOrgGroupRoles += "'" +ugRole.getRole().getName() + "'  (roleId="+ugRole.getRoleId()+")";
    strOrgGroupRoles += " for organization '"+OrganizationLocalServiceUtil.getOrganization(ugRole.getGroup().getClassPK()).getName();
    strOrgGroupRoles += "' (groupId=" +ugRole.getGroupId()+ ")\n";

    //== Permissions for the role is harder to find - linked to a resource
    //== Data shows the `actionId` equates to relative action number column 'bitwiseValue' in `resourceaction`.
    //== Snag is ResourcePermission needs a tie-breaker of the portlet name, not just the roleId
    //== Get this from ThemeDisplay getRootPortletId()
    //==
    //== I think Liferay 6.1.0 API may be broken here:  ResourceActionLocalServiceUtil.getResourceAction expects String, String . . .
    //==  . . . yet the `bitwiseValue` column is BIGINT(20) so nothing is returned.
    //== This causes us to attack it from a different angle
    List<ResourcePermission> resourcePerms = new ArrayList<ResourcePermission>();
    resourcePerms.addAll( ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(ugRole.getRoleId()) );
    for (ResourcePermission resourcePerm : resourcePerms){

        //== For each of the ResourcePermissions of this role, get the actionId (equals Role Permissions aka action-key)
        //== The link is a relative number, not unique in this table so ensure it is for this portlet only
        if ( resourcePerm.getName().equals(myRootname)){ 
            List<ResourceAction> resourceActions = new ArrayList<ResourceAction>();
            resourceActions.addAll( ResourceActionLocalServiceUtil.getResourceActions(myRootname)  );
            for (ResourceAction resourceAction : resourceActions) {

                //== For each listed action, ensure it is the relative action number we want (actionId) 
                if (resourceAction.getBitwiseValue() == resourcePerm.getActionIds() ) {
                    strOrgGroupRoles += " +-- action= " + resourceAction.getActionId() + "\n";
                }   

            }   //== End of actionIds for this portlet

        }   //== End if this portlet only

    }   //== End ResourcePermissions for this role

}   //== End roles for this user

    HTH

    Robin

    Licensed under: CC-BY-SA with attribution
    Not affiliated with StackOverflow
    scroll top