Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Shane Sullivan
Private Page Security using User Groups
April 30, 2012 8:25 AM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

I am using my Active Directory to sync the user accounts into Liferay. The snerio I have is the following. We create a company Intranet site. They were create as private pages. The site has different pages. What I would like to do is assign the page secruity by whether the user is a member of a user group. This will allow me to manage the secruity all through AD instead of having to do in two different places. How can this be done?
Amit Doshi
RE: Private Page Security using User Groups
May 1, 2012 6:58 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts

Hi Shane,

As user's are getting imported from Active Directory, so the users and also the usergroups related to it were imported already.
And there is also one property for ldap that also need to add "ldap.import.create.role.per.group=true"
So, It will create the role for you according to the user Group while importing from ldap.

Now you need to do only one thing, assign that role to the User.

And From the Particular page you need to give permission to that particular role for viewing etc. that you want to give.

Hope it helps.

Thanks & Regards,
Amit Doshi
Shane Sullivan
RE: Private Page Security using User Groups
May 4, 2012 4:07 PM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

This is great, but this means I still have to go to user and assign that role. What I am want to do is have that user automacally get specific permission to specific pages within the private pages based on user group. Because then I can manage this through AD and not have to go back into Liferay. Can this be done. If so how?
Amit Doshi
RE: Private Page Security using User Groups
May 5, 2012 8:28 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts

I don't think that you have to go to the users to assign that role. The role will automatically get assigned.

Let me explain.

With "ldap.import.create.role.per.group=true" the role will automatically created with the same name as the user group name. and also got assigned to that user group.

Now the user Group will have the User which will get automatically get assigned during import and also the role for that user will automatically assigned with the same name as the User Group as a inherited role.

Now you have to assign View permission to that particular role's only not to individual users. And also unmark guest user's to view that page. So, it will make only that particular user's to view page that having particular role.

Hope it makes you clear.

Thanks & Regards,
Amit Doshi
Shane Sullivan
RE: Private Page Security using User Groups
May 7, 2012 9:51 AM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

I did not think private pages had guest access?
Amit Doshi
RE: Private Page Security using User Groups
May 7, 2012 10:59 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts

Guest cannot access private page. I was talking about overall (public pages also ) so I mentioned like that.
Shane Sullivan
RE: Private Page Security using User Groups
May 7, 2012 3:51 PM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

Okay I still have to be missing something. Here is what I have done:

1. Verified that Liferay has imported both the user and user groups from active directory. In there is a test user that belongs to a test user group.
2. Liferay imports both the user and the user group. Now that the flag has flipped to create user roles Liferay has created a role with the same name as the user group.
3. I go the home page of the private site that I created and assign the test role that was created above view permission of that page.
4. When I log into Liferay with that test user all is good, but when I try to access that default page on the private site, it says I do not have permision to do so.
Amit Doshi
RE: Private Page Security using User Groups
May 8, 2012 2:20 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts


4. When I log into Liferay with that test user all is good, but when I try to access that default page on the private site, it says I do not have permision to do so.


you are trying to access with other users or with the same test users ? And also how you are trying to access Default page on the private site ?
Shane Sullivan
RE: Private Page Security using User Groups
May 8, 2012 6:40 AM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

Everyone has access to community web page A. This is a public open site. Test user A then signs into liferay through community A. It accepts his login, I can see this because the dockbar appears and has his name in the upper right of the dockbar. Next to the name where it says "Go to" it does not list community B, which is the private site with private pages. There is a page marked "HOME" on the private page that the test user's regular role has view access but cannot get to the page even if I cut and paste the link in the address bar. If I add the use to have community access he can get in but has access to all page in the community but this cannot be so because there will be certian pages this user cannot not access even in the private pages.
Amit Doshi
RE: Private Page Security using User Groups
May 8, 2012 7:29 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts


Everyone has access to community web page A. This is a public open site. Test user A then signs into liferay through community A. It accepts his login, I can see this because the dockbar appears and has his name in the upper right of the dockbar. Next to the name where it says "Go to" it does not list community B, which is the private site with private pages. There is a page marked "HOME" on the private page that the test user's regular role has view access but cannot get to the page even if I cut and paste the link in the address bar.


You need to add user to the Community B (i.e., Private Community) in order to make him access to the private page.


If I add the use to have community access he can get in but has access to all page in the community but this cannot be so because there will be certian pages this user cannot not access even in the private pages.


Uncheck the role permissions for the site member in that private page that's the reason you are able to view all the page(even if is private or public). Give only UserGroup that was imported from LDAP "View" Permission and Owner.
Shane Sullivan
RE: Private Page Security using User Groups
May 8, 2012 8:13 AM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

Is there a way to have active directory import these users into this comunity. What I am trying to avoid is doing the maintence on 2 seperate systems. Plus I thought that when you sync to AD it brings the users into all communites?
Amit Doshi
RE: Private Page Security using User Groups
May 9, 2012 12:38 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts

Is there a way to have active directory import these users into this comunity.


During importing the users from ldap you need to write your custom dode to do this. There should be some field in ldap that should tell that it is a user of particular community.

And for that you need to modify PortalLDAPImporterImpl class.


Plus I thought that when you sync to AD it brings the users into all communites?


There is no particular sync process from Liferay to AD. But for that you need to do Export Enabled in Liferay. And that users will get Exported which was imported during importing process from ldap to Liferay.

ldap.user.mappings=uuid=uuid\nscreenName=cn\npassword=userPassword\nemailAddress=mail\nfirstName=givenName\nlastName=sn\njobTitle=title\ngroup=groupMembership

The above field only get Exported and Imported in Liferay. For any other custom fields to Export you need to modify PortalLDAPExporterImpl.java
Shane Sullivan
RE: Private Page Security using User Groups
May 9, 2012 9:36 AM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

I still must be doing something wrong let me mark out what I have done so far:

1. In Liferay setup the ldap import for both user and user groups into Liferay.
2. In the portal-propeties.ext file added the "ldap.import.create.role.per.group=true" and restarted the gerinomo service, verified that this did create the regular roles.
3. Went to Community A and loged in as admin and went into the Control Panel
4. Under the Control Panel changed from Community A to Community B
5. Click on the Pages option to view the pages available for Community B
6. Click on Private Page
7. In there selected the first page in the listing (HOME) and clicked on the permission tab
8. In the permission tab gave User Role A view permision to the home page, if I understood above User Role A is the same as User Group A which Test User A is a memeber of User Group A.
9. I log out as admin
10. I reopen Community A and login as Test User A. I am sucessfull there because I now get the dockbar. When I look at My Sites though Community B is not viewable and if I try to paste the link to Community B's HOME page I get an access denied.


What am I missing, what step. I have got to be close to this.
Amit Doshi
RE: Private Page Security using User Groups
May 10, 2012 12:33 AM
Answer

Amit Doshi

Rank: Liferay Master

Posts: 549

Join Date: December 29, 2010

Recent Posts

Hi Shane,

I already mentioned that in my 5 th post. Please check the same.

Thanks & Regards,
Amit Doshi
Shane Sullivan
RE: Private Page Security using User Groups
May 10, 2012 4:09 PM
Answer

Shane Sullivan

Rank: Junior Member

Posts: 29

Join Date: October 29, 2009

Recent Posts

Is there a way to automatically assign that user to that community?