Liferay - How to hide/show button by checking user permission

4
votes

I have a web application hosted on liferay portal. There are certain features like showing a save button for certain users only based on custom permissions defined in liferay.

I have configured the permissions in xml file as below using the reference from http://www.liferay.com/community/wiki/-/wiki/Main/Permissioning+in+Plugin+Environment#section-Permissioning+in+Plugin+Environment-DEFINING+PERMISSION+FOR+A+PORTLET+RESOURCE+IN+PLUGIN+ENVIRONMENT

<?xml version="1.0"?>
<resource-action-mapping>
    <portlet-resource>
        <portlet-name>TESTPortlet</portlet-name>
                <permissions>
        <supports>
            <action-key>SEARCH_BUTTON</action-key>
            <action-key>SAVE_BUTTON</action-key>
            <action-key>DELETE_BUTTON</action-key>
        </supports> 
         </permissions>
    </portlet-resource>
</resource-action-mapping>

I can see the above permissions in permissions tab in portal under my portlet. I have also assigned the SAVE_BUTTON permission to one of the user role say (TEST_ADMIN is my role).

How do I check in my jsp or java, if the logged in user has SAVE_BUTTON permission.

I tried access check with this below code.

<c:if test="<%= PortletPermissionUtil.contains(permissionChecker,plid.longValue(), "TESTPortlet_WAR_TESTPortlet5121","SAVE_BUTTON") %>">

However, it always returns me true even though I pass SEARCH_BUTTON permisison in above check. The above check returns false only, if I pass a permission which does not exist in my configuration itself. I guess above check is to know if the permissions are available in portlet or not and is not at user access level.

Also, if I use the below code from Liferay SVN repo, I always get the value as Yes.

%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<%@ taglib uri="http://java.sun.com/portlet_2_0" prefix="portlet" %>

<%@ taglib uri="http://liferay.com/tld/security" prefix="liferay-security" %>
<%@ taglib uri="http://liferay.com/tld/theme" prefix="liferay-theme" %>
<%@ taglib uri="http://liferay.com/tld/ui" prefix="liferay-ui" %>

<portlet:defineObjects />

<liferay-theme:defineObjects />

<%
long groupId = scopeGroupId;
String name = portletDisplay.getRootPortletId();
String primKey = portletDisplay.getResourcePK();
String actionId = "ADD_SOMETHING";
%>

Do you have the <i><liferay-ui:message key='<%= "action." + actionId %>' /></i> permission for this portlet?

<strong>

<c:choose>
    <c:when test="<%= permissionChecker.hasPermission(groupId, name, primKey, actionId) %>">
        Yes
    </c:when>
    <c:otherwise>
        No
    </c:otherwise>
</c:choose>

</strong>

Can anyone please help, how to check if logged in user has access to a particular permission, so that I can hide or show my buttons.

Thanks in advance.

3
permissionsliferay-6
Also, if I use below code from Liferay SVN repository, I always get true, irrespective of if user has access or not.Ani

3 Answers

1
votes

I am now able to work with permissions. The issue was, earlier, I added my portlet to users public page and it seems that all permissions are inherited to he user by default.

Once I moved the portlet to a community page and gave community role to the user, my above code started working as expected.

0
votes

The way you have done is correct.it should work i dont know why it happend..

Do as follows

Create one role.

Define permission to role you created..when define permission in the application select your portlet name then you can see all actions you configured in xml file.

Define permission to role with respect your actions.

Now assign role to any user.

Login with the user your assigned role now test the portlet functionality..

Refer following links

https://www.liferay.com/documentation/liferay-portal/6.1/development/-/ai/security-and-permissio-4

please Have a look into LiferaySavvy.com for more liferay stuff

0
votes

Instead of using permission Checker can you try with ResourcePermissionLocalServiceUtil class there may be many methods you can find..