Define Permission System Detailed Concept
In the
liferay we have permission system so that we can define permissions system for
the role.
We
already know how to define permission system from Admin screens in liferay.
In the permission system there is
involved two tables
1. Resource
Action table
2. Resource
Permissions table
Resource Action table:
In this table we are maintaining action for
each resource. Actions are divided into two types
1. Portlet
Resource
2. Model
Resource
Portlet Resource:
Portlets
resource action like what is the permission system defines for the portlet like
VIEW, EDIT, CONFIGURATION and ADD TO PAGE.
Example Entries for Prtlets Resource.
If we observe
name column we can see the portletId, in the name column we can see relevant
actions for portlet. Like this way portlets resource action are defined in the
table.
Model Resource:
Model resource
action is nothing but if we want do some functionality in the portlet then we
will define actions for model resource.
Example:
If we
take Organization portlet we have different action like MANAGE TEAMS,MANAGE USERS like this . If
the portlet inside having any functionality then we need to defined action for
model resource.
Note:
Here
model resource name model java class name. That is why we can observe model
resource name for organization is com.liferay.portal.model.Organization.
How permission system working:
In the liferay 6.x they have introduced algorithm
called Advanced Permission Algorithm
6.
When we
use this algorithm then this entire functionality uses only two tables are Resource Action and Resource Permission.
This
permission system working based on bitwise operator OR and bitwise value.
If we
observe table resource action we can find column bitWiseValue for each action.
For each
action we have bitwise value from this permission system is working.
Example:
If take
any resource either model resource or portlet resource for each they have their
own ActionIds
Example:
Assume Organization
model resource called com.liferay.portal.model.Organization
We have different
actions like MANGE_USERS, MANAGE_TEAM etc..
This
bitwise value is multiple of 2
APPROVE_PROPOSAL------2
ASSIGN_MEMBERS-------4
ASSIGN_REVIEWER------8
ASSIGN_USER_ROLES----16
If we
add new action then the value id multiple of 2
Assume
if we give permission for role on organization we have to calculate the total
bitwise value.
So setting
permissions is simply a matter of OR
ing all the action masks together.
i.e.
i.e.
Permissions = VIEW | ADD_MESSAGE |
SUBSCRIBE;
For all you java programmers not up to speed with low level bitwise operations | is bitwise OR and & is bitwise AND.
Checking for VIEW permission is as simple as
if ((permissions & 1) == 1) {
Has permission
}
Checking for any permission is simply
1if ((permissions & ACTION) ==
ACTION) {
Has permission
}
Example:
Take one
portlet MyPortlet I want give ADD TO PAGE ,VIEW and CONFURATION permissions
for this portlet on particular role
Then apply
bitwise operator like this
VIEW --------------------1
CONFIGURATION
---------------------4
ADD TO
PAGE -----------------------2
1------------- 001 apply OR operation
2------------ 010 apply OR operation
4--------- 100 apply OR operation
111---------------7 is
value
If want
get ADD TO PAGE, VIEW AND CONFUGURATION role should have the value 7 then we
will get all permissions.
Where we store all these details?
We have
one table call Resource Permissions there we store all these information.
Here all
the permissions stored with respect to role. And if observe last column actionIds there total bitwise value
is stored.
Like in
the above example we will store value 7.
We will
see the each column in the resource permissions.
resourcePermissionId: this is just a primary key.
CompanyId: this represent for which liferay instance we are defining permission
system.
Name: we already see this in resource
action table name column this
also same. This represents whether this is Model Resource or portlet Resource.
PrimyKey: this very important value this
value vary bases on model resource and portlet resrce.
Scope: scope represent effect of this
permission mean only for organization or community or individual resource.
PRIMKEY_DNE = -1;
SCOPE_INDIVIDUAL
=4;
SCOPE_GROUP =2;
SCOPE_GROUP_TEMPLATE /OORGANIZATION =
3;
SCOPE_COMPANY =1;
actionIds:
This is total bitwise value
of all actions that is assigned to the role on resource.
How prime key change
resource to resource?
CASE: 1 when we
set permissions to layout:
Example if we set some permission to page means this page view by
this role like that. Then entry following like this
Observe
above primKey value. When we set permission to the page then primKey value is plid.
CASE: 2 when we set permission
to the portlet and that portlet in
particular page.
Observe
prime key this is combination string
plid_LAYOUT_PortletId
56 is web content display portlet name. This is instanciable portlet
that’s why portlet id contain _INSTANCE_aec
like that.
Here
scope is individual means we are setting permission for web content display
portlet that is in particular page.
CASE: 3 Set
permission system in the port let functionality or we can say for model
resource.
Example
we taka organization portlet we have many activities like manage users, manage teams
and manage pages like this
Observe
prime key this is 0. Means when we apply permissions for model resource then it
will become 0.
Total bitwise
for all action is 65535.
Here
scope 3 means organizations level.
Important points:
When we
use define permission system if define any permission there
The following are the entries
Regular Role:
Primekey=CompanyId,
Scope=1
Organization Role:
PrimKey=0
Scope=3
When we set permission system for
individual portlets or articles
Regular Role:
PrimKey=layout_portletID
Scope=4
Organization Role:
PrimKey=layout_portletID
Scope=4
Journal articles
Regular Role/Organization Role:
PrimKey=Article
Resource key (available in journalarticleresource
table)
Scope=4
Set Permission system for
Layouts/pages
Regular Role:
PrimKey=
plid
Scope=4
Organization Role:
PrimKey=plid
Scope=4
Concept for Bitwise Permission
System goes through the following link.
Implementing Custom permission system
for our own portlets goes through the following link.
0 comments :
Post a Comment