Foren

  1. Startseite
  2. Development
  3. Accessing user permissions (external) [Liferay 7]

Accessing user permissions (external) [Liferay 7]

thumbnail
Michel Schmidt, geändert vor 7 Jahren.

Accessing user permissions (external) [Liferay 7]

New Member Beiträge: 21 Beitrittsdatum: 27.02.17 Neueste Beiträge
Hello everybody,

I have a question about accessing user rights in liferay.

What I want to do is, provide a method that basically checks if a user is allowed to do, what he is trying to do.
The method could look like this:


boolean isAllowed(userID, resource) {
    ...
}


The idea is that we develope an external service that checks for permissions.
I already took a look into the liferay source code, but I didn't find what I was looking for, thats why I thought I'd ask here.

Maybe someone could point me into the right direction?

Thanks in advance,

Michel
thumbnail
David H Nebinger, geändert vor 7 Jahren.

RE: Accessing user permissions (external) [Liferay 7]

Liferay Legend Beiträge: 14919 Beitrittsdatum: 02.09.06 Neueste Beiträge
Permissions checks are not enabled through web services because that would be a security vulnerability (hackers could poll for users and their permissions in order to find someone w/ the desired access rights).

I'm guessing you're coming at this from some sort of angular or other JS platform and wanting to check perms for showing buttons, data, or controlling actions.

If that's the case, your best bet is to leverage your launching JSP file where you can use scriptlets to access the user's PermissionChecker and can check specific permissions to resources and then use that data to populate a javascript variable with all of the pre-fetched data.
thumbnail
Michel Schmidt, geändert vor 7 Jahren.

RE: Accessing user permissions (external) [Liferay 7]

New Member Beiträge: 21 Beitrittsdatum: 27.02.17 Neueste Beiträge
Thank you for the reply.

David H Nebinger:
I'm guessing you're coming at this from some sort of angular or other JS platform and wanting to check perms for showing buttons, data, or controlling actions.


Actually we want to be able to authenticate users without the liferay portal itself, but with it's database.
Thats because we are planning on using a microservice architecture and users may try to use our microservices directly without beeing authenticated by the Liferay portal.


David H Nebinger:
... to access the user's PermissionChecker and can check specific permissions to resources ....

Can you provide some links to this topic?
Is it possible to do so without the liferay portal?


Thanks in advance!
thumbnail
David H Nebinger, geändert vor 7 Jahren.

RE: Accessing user permissions (external) [Liferay 7]

Liferay Legend Beiträge: 14919 Beitrittsdatum: 02.09.06 Neueste Beiträge
Just use the basic auth and the JSON ws layer created by ServiceBuilder. You can find in most of the portal's remote services how they are handling permission checks on the incoming requests and you can build out your business logic in there too. Basic auth headers will get you through the authentication too.