How to inherit site role permissions from users groups to their members in Liferay 6.1?

1
votes

I'm using Liferay 6.1 and I have a user group, called MySite Approvers and assigned to it the site role Site Approver for the site MySite.

I would expect that the users belonging to this user group would have also the Site Approver role for MySite inherited, aka this site role's permissions inherited.

But the users do not inherit the site role permissions and in site memberships of MySite in control panel, users site roles are empty.

How could I fix it? Should I write a hook adding periodically the site roles to the members of user groups with site roles?

2
inheritanceliferayliferay-6user-permissions
Would you mind using a Regular Role instead of a Site Role ?yannicuLar
@yannicuLar Yes, I need the site role functionality not the regular role. Assigning a user to the group "MySite Approvers" should give Site Approver functionality to the user for the specific site.Maria Ioannidou
And "Site Approver" is a custom site Role you have created, right ?yannicuLar
Right, it is a custom site role.Maria Ioannidou
Μαρία, are you sure you can't use a Regular Role? You can port the "Site Approver" role to a Regular Role, and assign it to the "MySite Approvers" UserGroup. I think this should work just fine for you.yannicuLar

2 Answers

0
votes

Liferay doesn't display your site role "Site Approver" in employee roles profile as the role is not associated to individual user but its assigned at user group.

However, User should be given with permissions as defined in "Site Approver" as long as User is member of your user group "MySite Approvers".

Liferay documentation link here says:

This is where portal users with the proper role review the content and decide to reject it (move it back to the beginning) or accept it (transition it to the next step).

So, for workflow, its important to have a direct role association to user. Not some kind of permission associated with user.

I guess this is the way functionality been designed. Doesn't sound to me as a bug as workflow doesn't expect any permission but expects user to be member of role.

0
votes

I had a similar problem, trying to inherit an Organization Role, through every registered Portal User. After lots of testing I realized that only Regular Roles would get propagated, and behave as expected with PermissionChecker and RoleLocalServiceUtil.

If you try to create a Regular Role, instead of a Site Role, you can assign that role to a User, A UserGroup, an Organization or a Site enter image description here I still haven't find a complete documentation on the difference between Regular, Organization and Site Roles, but I'm getting the impression that e.g a Site role is not a Role you'll assign to all the users of a Site

Update: I opened the source for liferay 6.1.0 and noticed on the the docs of RoleLocalServiceUtil.hasUserRole

/**
* Returns <code>true</code> if the user is associated with the named
* regular role.
*
* @param userId the primary key of the user
* @param companyId the primary key of the company
* @param name the name of the role
* @param inherited whether to include the user's inherited roles in the
search
* @return <code>true</code> if the user is associated with the regular
role; <code>false</code> otherwise
* @throws PortalException if a role with the name could not be found in the
company or if a default user for the company could not be found
* @throws SystemException if a system exception occurred
*/
public static boolean hasUserRole(long userId, long companyId,
    java.lang.String name, boolean inherited)
    throws com.liferay.portal.kernel.exception.PortalException,
        com.liferay.portal.kernel.exception.SystemException {
    return getService().hasUserRole(userId, companyId, name, inherited);
}

Notice the "regular role"

Now I don't have the time to check all the references back to this function, but for me it's a clear indication that the Role/Permission Checking mechanism of Liferay, MIGHT not be meant to work with any Role Type