Ivan Cheung Vor 15 Jahren Nice Joe,Will the functionality of the PermissionChecker be the same in the future as it is now? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Joe Shum Ivan Cheung Vor 15 Jahren Once we commit the LEP you'll have a flag to decide whether you want to cache the bag. If you do, changes to a users role and group associations won't take affect until the next user login. The price you pay i guess. Right now we check every time, thats why changes are instant. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Jakub Liska Joe Shum Vor 13 Jahren Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Jorge Ferrer Jakub Liska Vor 13 Jahren Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Xinsheng Robert Chen Jorge Ferrer Vor 13 Jahren Good job, Joseph!Please do more blogs like this. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Joe Shum Ivan Cheung Vor 15 Jahren Once we commit the LEP you'll have a flag to decide whether you want to cache the bag. If you do, changes to a users role and group associations won't take affect until the next user login. The price you pay i guess. Right now we check every time, thats why changes are instant. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Jakub Liska Joe Shum Vor 13 Jahren Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Jorge Ferrer Jakub Liska Vor 13 Jahren Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Xinsheng Robert Chen Jorge Ferrer Vor 13 Jahren Good job, Joseph!Please do more blogs like this. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Jakub Liska Joe Shum Vor 13 Jahren Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Jorge Ferrer Jakub Liska Vor 13 Jahren Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Xinsheng Robert Chen Jorge Ferrer Vor 13 Jahren Good job, Joseph!Please do more blogs like this. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Jorge Ferrer Jakub Liska Vor 13 Jahren Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen Xinsheng Robert Chen Jorge Ferrer Vor 13 Jahren Good job, Joseph!Please do more blogs like this. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Xinsheng Robert Chen Jorge Ferrer Vor 13 Jahren Good job, Joseph!Please do more blogs like this. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Shepherd Ching Vor 15 Jahren Hey, Joe,This is the first time I read your blog.Your formal English is plain, clear and direct. It is good for non-English native speaker like us to understand.There is many STUDENTS studying English at Dalian....Back to the topic, I am digesting your knowledge of PermissionChecker, now. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Jorge Ferrer Vor 15 Jahren Very Nice Joe! Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
b v j Vor 15 Jahren Thanks for the info. A summary description of the following property would be a helpful compliment to this article:permissions.user.check.algorithm Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen b v j b v j Vor 15 Jahren An explanation of the permission algorithms can be found in the administrator's guide:liferay-4-administration-guide.pdfThe guide also covers other important security concerns. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
b v j b v j Vor 15 Jahren An explanation of the permission algorithms can be found in the administrator's guide:liferay-4-administration-guide.pdfThe guide also covers other important security concerns. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Rohit Salecha Vor 12 Jahren more on liferay permissions http://liferaydemystified.blogspot.com/search/label/Liferay%20Permissions Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Hiran Chaudhuri Vor 12 Jahren "A PermissionChecker is created or borrowed from a pool and placed in the thread local and themeDisplay object on every request."Who/which method places the PermissionChecker in thread local or themeDisplay? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Jakob Fahrner Vor 12 Jahren Great article helps to get a better understanding of how permissions are checked...Have there been big changes to the newer versions?Especially: First is the PermissionCheckerBag already cached and if how often do it refresh? Second is there any information on PermissionCacheUtil class (how to use it)? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Denis Signoretto Vor 11 Jahren Hi Joseph,really good article in particular because it gives a "Liferay Internal" view that can help to undertand in deep. I'm wondering if Liferay can manage hirarchical roles and related permission assigments (enhancing the RBAC model to manage hierarchical roles)(e.g.)1) IT_ROLE (Role for EN users and related permissions) 1.1) IT_ADMIN_ROLE (inherit from parent and add specific permission) 1.1.1) IT_SUPERADMIN_ROLE (inherit from parent and add specific permission)Actually an user can inherith roles by group or organization assigment but permission (action and resource) assigment can be done only by User <->Role relation (as far as I know roles are not hierarchical).I thikn it could be useful an improvement to to support Hierachical roles.WDYT ?Bye,Denis. Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
sri p Vor 10 Jahren Hi Joe,I have some basic question about permissions and hopefully you could help me.Details :Users - user-one, user-two :Associated roles : user-one member of role-one (user-one->role-one) and user-two member of role-two (user-two->role-two)Categories in Message Board: CAT_ONE, CAT_TWOAssigned Roles : CAT_ONE all the permissions assigned to owner (admin) and role-one.CAT_TWO all the permissions assigned to owner(admin) and role-two. ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(WebKeys.THEME_DISPLAY); long scopeGroupId = themeDisplay.getScopeGroupId(); long groupThreadUserId = themeDisplay.getUserId(); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); List<MBCategory> mbCategories = MBCategoryLocalServiceUtil.getCategories(scopeGroupId); for(MBCategory mbCategory : mbCategories){ boolean hasPerm = permissionChecker.hasPermission(scopeGroupId, MBCategory.class.getName(), mbCategory.getCategoryId(), ActionKeys.VIEW); System.out.println("****mb category name : ****\t" + mbCategory.getName() "\t **** hasPerm *** \t" + hasPerm); } OUTPUT : ****mb category name : **** CAT _ONE **** hasPerm *** true****mb category name : **** CAT _TWO **** hasPerm *** trueI am not sure, what I am missing here, all I wanted to see is if the logged in user (member of above mentioned one of the role ) does not have permission on a category, I do not want to display that category. But in this case, hasPermission method always returning TRUE (: Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen
Leon Rosenberg Vor 9 Jahren Hello,I must be too dumb, but I (or furthermore idea) can't find com.liferay.portal.security.permission.PermissionCheckerImpl in any jars that are provided with the liferay 6.1.2 download. Where do I find this class? Melden Sie sich an, um auf diesen Beitrag zu antworten. Antworten als... Abbrechen