我正在使用 Liferay 6.1 ,我想更改各个组织的权限,以便这些组织可以通过 UserX RoleX 谁不属于该组织 OrgA 。
特别是:
Control Panel->Users and Organizations表单我想以编程方式。
到目前为止我尝试了什么:
创建 RoleX 并为其授予以下权限:
OrgA,范围4(个人):
ActionKeys.VIEW,ActionKeys.UPDATE,ActionKeys.ASSIGN_USER_ROLES, ActionKeys.DELETE,ActionKeys.MANAGE_USERS
OrgA的小组,范围4:
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.CONFIGURE_PORTLETS, ActionKeys.DELETE,
ActionKeys.MANAGE_ANNOUNCEMENTS, ActionKeys.MANAGE_LAYOUTS,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.VIEW_MEMBERS
具有RoleX的用户可以访问控制面板中的Users and Organizations表单,但他们只能看到自己的组织而不是OrgA。
如何授予查看和管理OrgA的权限?
由于
答案 0 :(得分:2)
最后,我能够使用Hook插件完成修改{strong> RoleX 的Resource Permissions和修改init users_admin portlet jsp文件。
主要问题是Liferay没有使用ResourcePermissions在组织用户所属的组织之外启用组织管理。
特别是在portal-trunk/portal-web/docroot/html/portlet/users_admin/init.jsp中,只有几行代码才能使仅用于公司管理员角色:
else if (permissionChecker.isCompanyAdmin()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
所以我在init.jsp中添加了以下行(你可以在钩子中使用init-ext.jsp)来为 RoleX 启用它:
if (MyUtils.isRoleX()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
通过这种方式,数据库查询不会过滤组织,用户和组。
第二步是定义添加,更新,管理等权限。用户和组织以及访问控制面板中的portlet。
使用启动操作挂钩和ResourcePermisssionLocalService API:
private static final String[] ORGANIZATION_ENTRY_ACTION_IDS = new String[] {
ActionKeys.VIEW, ActionKeys.UPDATE, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.DELETE, ActionKeys.MANAGE_USERS };
private static final String[] ORGANIZATION_CUSTOM_FIELDS_ENTRY_ACTION_IDS = new String[] {
ActionKeys.VIEW, ActionKeys.UPDATE };
public static final String[] ORGANIZATION_MODEL_ACTION_IDS = new String[] {
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.DELETE, ActionKeys.MANAGE_ANNOUNCEMENTS,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.MANAGE_USERS,
ActionKeys.MANAGE_SUBORGANIZATIONS };
public static final String[] ORGANIZATION_GROUP_ENTRY_ACTION_IDS = new String[] {
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.VIEW_MEMBERS };
private static final String[] PORTAL_ACTION_IDS = new String[] {
ActionKeys.ADD_USER, ActionKeys.ADD_ORGANIZATION,
ActionKeys.VIEW_CONTROL_PANEL };
private static final String[] USERS_ORG_ADMIN_ACTION_IDS = new String[] { ActionKeys.ACCESS_IN_CONTROL_PANEL };
......遗漏......
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
Organization.class.getName(),
ResourceConstants.SCOPE_GROUP_TEMPLATE, "0", CiUtils
.getRoleX().getPrimaryKey(),
ORGANIZATION_MODEL_ACTION_IDS);
// ORGANIZATION MODEL COMPANY PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
Organization.class.getName(), ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_MODEL_ACTION_IDS);
// PORTAL (portlet 90) PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
"90", ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
PORTAL_ACTION_IDS);
// USER_ORG_ADMINS PORTLET (125) PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
"125", ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
USERS_ORG_ADMIN_ACTION_IDS);
并为每个组织:
ResourcePermissionLocalServiceUtil.setResourcePermissions(organization.getCompanyId(),
Organization.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL, Long .toString(organization.getPrimaryKey()),
MyUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_ENTRY_ACTION_IDS);
long groupId = organization.getGroupId();
ResourcePermissionLocalServiceUtil.setResourcePermissions(
organization.getCompanyId(),Group.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL,Long.toString(groupId),
MyUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_GROUP_ENTRY_ACTION_IDS);
希望这可以帮助别人。