Tuesday, July 26, 2016

Liferay Permission checker for guest user

Liferay has permission checker where user related permissions are available. Whenever we are giving access to specific resources then we will use permission checker. From permission checker we will use has permission to check the user permissions, permission checker object will be ready when the user login into the Liferay portal.

In JSP level we will use following code to get user permission checker Object.


PermissionChecker permissionCheckerObj = themeDisplay.getPermissionChecker();

Or We have JSP implicit variable for permission checker as follows.

permissionChecker

Finally we will use has permission method to check whether user have permission or not as follows.

permissionChecker.hasPermission(-----);



Another scenario where we are calling XXXServiceUtil methods of service layer, these are services which need to passing through permission checker and permission checker will check whether user has right permission to call these methods or not, otherwise it throws PrincipalException says that permission checker is not set.

Generally XXXServiceUtil methods are for login user or user should have right permission to use these calls otherwise it throws exception.

Example:


UserServiceUtil.addUser(----);
GroupServiceUtil.addGroup(----);

OR

themeDisplay.getScopeGroup().getExpandoBridge().addAttribute("test");


Above methods calls will fails when we are invoking as guest user, it means executing these methods without login into Liferay portal. If the user does not have right permission to call these methods then it will throw following exception stack trace.



com.liferay.portal.security.auth.PrincipalException
            at com.liferay.portal.service.permission.
PortletPermissionImpl.check(PortletPermissionImpl.java:161)
            at com.liferay.portal.service.permission.
PortletPermissionUtil.check(PortletPermissionUtil.java:113)
            at com.liferay.portlet.expando.service.
impl.ExpandoColumnServiceImpl.
addColumn(ExpandoColumnServiceImpl.java:47)

But we can call these methods as guest user and we will call these methods on behalf of Admin user permission checker object such way we can use these services.

The following is code to call XXXServiceUtil methods on behalf of administrator and this will work any time it means whether you login into portal or not.

The following is example


Role adminRole = RoleLocalServiceUtil.getRole(CompanyThreadLocal.getCompanyId(), "Administrator");
List<User> adminUsers = UserLocalServiceUtil.getRoleUsers(adminRole.getRoleId());
long userId = 20159;
if(adminUsers != null && !adminUsers.isEmpty()) {
            userId = adminUsers.get(0).getUserId();
}
User user1 = UserLocalServiceUtil.getUser(userId);
PermissionChecker checker = PermissionCheckerFactoryUtil.create(user);
PermissionThreadLocal.setPermissionChecker(checker);
UserServiceUtil.addUser(--);
GroupServiceUtil.addGroup(--);



 We need to get admin user and we can create permission checker object, finally we will set permission object to Permission Thread Local so that permission checker is available. Once you set permission checker next code lines we can call XXXServiceUtil methods then it will be successfully invoked.

Note:

This is not recommended way but some scenarios when it needed where we can use it.
Let’s say we are writing some application start up hooks where we may need use  XXXServiceUtil methods need to be called then it will be useful. Because we are not sure while deploy the hook portal is login with user or not, otherwise method invocation will get failed after deployment of hook.

Let’s say in our custom portlet service layer we may need portal XXXServiceUtil methods in that scenarios also we can use it.

All of methods are available in XXXLocalServiceUtil but some scenarios if not available then it may useful.
Author

Popular Posts

Recent Posts

Recent Posts Widget