Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Madhukara Patel
Someone may be trying to circumvent the permission checker
January 7, 2018 9:31 PM
Answer

Madhukara Patel

Rank: Junior Member

Posts: 44

Join Date: March 23, 2015

Recent Posts

Hi all,

I am trying to create custom resource permission . But it is not creating .

I am facing this exception while checking permission.
Someone may be trying to circumvent the permission checker: {companyId=20116, name=com.liferay.portal.kernel.model.Company, primKey=20116, scope=4}


<model-resource>
<model-name>com.liferay.portal.kernel.model.Company</model-name>
<portlet-ref>
<portlet-name>com_capgemini_invertio_custmgmt_portlet_CustomerManagementPortlet</portlet-name>
</portlet-ref>

<permissions>
<supports>
<action-key>MANAGE_SERVICE_PORTFOLIO</action-key>
<action-key>VIEW_SERVICE_PORTFOLIO</action-key>
<action-key>VIEW_SCOPE</action-key>
<action-key>MANAGE_SCOPE</action-key>
<action-key>VIEW_PPI</action-key>
<action-key>MANAGE_PPM</action-key>
<action-key>APPROVE_PPM_LEVEL1</action-key>
<action-key>APPROVE_PPM_LEVEL2</action-key>
<action-key>APPROVE_PPM_LEVEL3</action-key>
<action-key>VIEW_PPM_DASHBOARD</action-key>
<action-key>MANAGE_FEEDBACK</action-key>
<action-key>MANAGE_TOOLS</action-key>
<action-key>VIEW_TOOL_CONFIG</action-key>
<action-key>DESIGN_WORKFLOW</action-key>
<action-key>DESIGN_RULE</action-key>
<action-key>MANAGE_PROD</action-key>
<action-key>DEPLOY_DEV</action-key>
<action-key>DEPLOY_PROD</action-key>
<action-key>MANAGE_PPM_RULE</action-key>
<action-key> MANAGE_ORG_ROLES</action-key>
<action-key>VIEW_MENULINK</action-key>
<action-key>MANAGE_MENULINK</action-key>
<action-key>MANAGE_EXE_SERVERS</action-key>
<action-key>VIEW_EXE_SERVERS</action-key>
<action-key>PROD_REPO_OWNER</action-key>
<action-key>DEV_WF_INITIATE</action-key>
<action-key>PROD_WF_INITIATE</action-key>
<action-key>VIEW_PROD_WORKFLOW</action-key>
<action-key>VIEW_PROD_RULE</action-key>
<action-key>MANAGE_WF_INST_DEV</action-key>
<action-key>MANAGE_WF_INST_PROD</action-key>

</supports>
<site-member-defaults/>
<guest-defaults />
<guest-unsupported>
<action-key>PERMISSIONS</action-key>
<action-key>VIEW_SERVICE_PORTFOLIO</action-key>
<action-key>VIEW_SCOPE</action-key>
<action-key>MANAGE_SCOPE</action-key>
<action-key>VIEW_PPI</action-key>
<action-key>MANAGE_PPM</action-key>
<action-key>APPROVE_PPM_LEVEL1</action-key>
<action-key>APPROVE_PPM_LEVEL2</action-key>
<action-key>APPROVE_PPM_LEVEL3</action-key>
<action-key>VIEW_PPM_DASHBOARD</action-key>
<action-key>MANAGE_FEEDBACK</action-key>
<action-key>MANAGE_TOOLS</action-key>
<action-key>DESIGN_WORKFLOW</action-key>
<action-key>DESIGN_RULE</action-key>
<action-key>MANAGE_PROD</action-key>
<action-key>DEPLOY_DEV</action-key>
<action-key>DEPLOY_PROD</action-key>
<action-key>MANAGE_PPM_RULE</action-key>
<action-key> MANAGE_ORG_ROLES</action-key>
<action-key>VIEW_MENULINK</action-key>
<action-key>MANAGE_MENULINK</action-key>
<action-key>MANAGE_EXE_SERVERS</action-key>
<action-key>VIEW_EXE_SERVERS</action-key>
<action-key>PROD_REPO_OWNER</action-key>
<action-key>DEV_WF_INITIATE</action-key>
<action-key>PROD_WF_INITIATE</action-key>
<action-key>VIEW_PROD_WORKFLOW</action-key>
<action-key>VIEW_PROD_RULE</action-key>
<action-key>MANAGE_WF_INST_DEV</action-key>
<action-key>MANAGE_WF_INST_PROD</action-key>

</guest-unsupported>
</permissions>
</model-resource>

Please help to solve this.

Thanks in advcance.
Olaf Kock
RE: Someone may be trying to circumvent the permission checker
January 7, 2018 11:40 PM
Answer

Olaf Kock

LIFERAY STAFF

Rank: Liferay Legend

Posts: 4354

Join Date: September 23, 2008

Recent Posts

Madhukara Patel:
I am facing this exception while checking permission.
Someone may be trying to circumvent the permission checker: {companyId=20116, name=com.liferay.portal.kernel.model.Company, primKey=20116, scope=4}


<model-resource>
...
</model-resource>


To help with an exception requires code, at least up until the line where the exception is triggered, rather than some XML code that doesn't show how you check permissions.
Madhukara Patel
RE: Someone may be trying to circumvent the permission checker
January 9, 2018 10:53 PM
Answer

Madhukara Patel

Rank: Junior Member

Posts: 44

Join Date: March 23, 2015

Recent Posts

Thanks for your replay

if (permissionChecker.hasPermission(themeDisplay.getCompanyGroupId(), Company.class.getName(), themeDisplay.getCompanyId(),ActionKeys.PERMISSIONS) {

}

While checking permission i am facing above exception .
Tomas Polesovsky
RE: Someone may be trying to circumvent the permission checker
January 10, 2018 1:05 AM
Answer

Tomas Polesovsky

LIFERAY STAFF

Rank: Liferay Master

Posts: 653

Join Date: February 13, 2009

Recent Posts

Hi,

the answer is simple.

Permission system requires the checked entity to exist in permission system. That means it requires a database record in ResourcePermission table. In your example it expects a DB record with this column values: companyId=20116, name=com.liferay.portal.kernel.model.Company, primKey=20116, scope=4

But Liferay doesn't use Company object for permission checking => doesn't create any records for Company model in ResourcePermission table.

What you are missing here is another piece of code that would create ResourcePermission records of every company for the first time:

1for (Company company : companyLocalService.getCompanies()) {
2    resourceLocalService.addResources(
3            company.getCompanyId(), 0, 0, Company.class.getName(),
4            company.getCompanyId(), false, false, false);
5}


HTH

Participate in the State of Liferay Community 2017. Help the community and even win some prizes!