Ivan Cheung Hace 15 años Nice Joe,Will the functionality of the PermissionChecker be the same in the future as it is now? Por favor identifíquese para votar. Contestar como... Cancelar Joe Shum Ivan Cheung Hace 15 años Once we commit the LEP you'll have a flag to decide whether you want to cache the bag. If you do, changes to a users role and group associations won't take affect until the next user login. The price you pay i guess. Right now we check every time, thats why changes are instant. Por favor identifíquese para votar. Contestar como... Cancelar Jakub Liska Joe Shum Hace 13 años Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Por favor identifíquese para votar. Contestar como... Cancelar Jorge Ferrer Jakub Liska Hace 13 años Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Por favor identifíquese para votar. Contestar como... Cancelar Xinsheng Robert Chen Jorge Ferrer Hace 13 años Good job, Joseph!Please do more blogs like this. Por favor identifíquese para votar. Contestar como... Cancelar
Joe Shum Ivan Cheung Hace 15 años Once we commit the LEP you'll have a flag to decide whether you want to cache the bag. If you do, changes to a users role and group associations won't take affect until the next user login. The price you pay i guess. Right now we check every time, thats why changes are instant. Por favor identifíquese para votar. Contestar como... Cancelar Jakub Liska Joe Shum Hace 13 años Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Por favor identifíquese para votar. Contestar como... Cancelar Jorge Ferrer Jakub Liska Hace 13 años Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Por favor identifíquese para votar. Contestar como... Cancelar Xinsheng Robert Chen Jorge Ferrer Hace 13 años Good job, Joseph!Please do more blogs like this. Por favor identifíquese para votar. Contestar como... Cancelar
Jakub Liska Joe Shum Hace 13 años Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Por favor identifíquese para votar. Contestar como... Cancelar Jorge Ferrer Jakub Liska Hace 13 años Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Por favor identifíquese para votar. Contestar como... Cancelar Xinsheng Robert Chen Jorge Ferrer Hace 13 años Good job, Joseph!Please do more blogs like this. Por favor identifíquese para votar. Contestar como... Cancelar
Jorge Ferrer Jakub Liska Hace 13 años Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Por favor identifíquese para votar. Contestar como... Cancelar Xinsheng Robert Chen Jorge Ferrer Hace 13 años Good job, Joseph!Please do more blogs like this. Por favor identifíquese para votar. Contestar como... Cancelar
Xinsheng Robert Chen Jorge Ferrer Hace 13 años Good job, Joseph!Please do more blogs like this. Por favor identifíquese para votar. Contestar como... Cancelar
Shepherd Ching Hace 15 años Hey, Joe,This is the first time I read your blog.Your formal English is plain, clear and direct. It is good for non-English native speaker like us to understand.There is many STUDENTS studying English at Dalian....Back to the topic, I am digesting your knowledge of PermissionChecker, now. Por favor identifíquese para votar. Contestar como... Cancelar
Jorge Ferrer Hace 15 años Very Nice Joe! Por favor identifíquese para votar. Contestar como... Cancelar
b v j Hace 15 años Thanks for the info. A summary description of the following property would be a helpful compliment to this article:permissions.user.check.algorithm Por favor identifíquese para votar. Contestar como... Cancelar b v j b v j Hace 15 años An explanation of the permission algorithms can be found in the administrator's guide:liferay-4-administration-guide.pdfThe guide also covers other important security concerns. Por favor identifíquese para votar. Contestar como... Cancelar
b v j b v j Hace 15 años An explanation of the permission algorithms can be found in the administrator's guide:liferay-4-administration-guide.pdfThe guide also covers other important security concerns. Por favor identifíquese para votar. Contestar como... Cancelar
Rohit Salecha Hace 12 años more on liferay permissions http://liferaydemystified.blogspot.com/search/label/Liferay%20Permissions Por favor identifíquese para votar. Contestar como... Cancelar
Hiran Chaudhuri Hace 12 años "A PermissionChecker is created or borrowed from a pool and placed in the thread local and themeDisplay object on every request."Who/which method places the PermissionChecker in thread local or themeDisplay? Por favor identifíquese para votar. Contestar como... Cancelar
Jakob Fahrner Hace 12 años Great article helps to get a better understanding of how permissions are checked...Have there been big changes to the newer versions?Especially: First is the PermissionCheckerBag already cached and if how often do it refresh? Second is there any information on PermissionCacheUtil class (how to use it)? Por favor identifíquese para votar. Contestar como... Cancelar
Denis Signoretto Hace 10 años Hi Joseph,really good article in particular because it gives a "Liferay Internal" view that can help to undertand in deep. I'm wondering if Liferay can manage hirarchical roles and related permission assigments (enhancing the RBAC model to manage hierarchical roles)(e.g.)1) IT_ROLE (Role for EN users and related permissions) 1.1) IT_ADMIN_ROLE (inherit from parent and add specific permission) 1.1.1) IT_SUPERADMIN_ROLE (inherit from parent and add specific permission)Actually an user can inherith roles by group or organization assigment but permission (action and resource) assigment can be done only by User <->Role relation (as far as I know roles are not hierarchical).I thikn it could be useful an improvement to to support Hierachical roles.WDYT ?Bye,Denis. Por favor identifíquese para votar. Contestar como... Cancelar
sri p Hace 10 años Hi Joe,I have some basic question about permissions and hopefully you could help me.Details :Users - user-one, user-two :Associated roles : user-one member of role-one (user-one->role-one) and user-two member of role-two (user-two->role-two)Categories in Message Board: CAT_ONE, CAT_TWOAssigned Roles : CAT_ONE all the permissions assigned to owner (admin) and role-one.CAT_TWO all the permissions assigned to owner(admin) and role-two. ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(WebKeys.THEME_DISPLAY); long scopeGroupId = themeDisplay.getScopeGroupId(); long groupThreadUserId = themeDisplay.getUserId(); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); List<MBCategory> mbCategories = MBCategoryLocalServiceUtil.getCategories(scopeGroupId); for(MBCategory mbCategory : mbCategories){ boolean hasPerm = permissionChecker.hasPermission(scopeGroupId, MBCategory.class.getName(), mbCategory.getCategoryId(), ActionKeys.VIEW); System.out.println("****mb category name : ****\t" + mbCategory.getName() "\t **** hasPerm *** \t" + hasPerm); } OUTPUT : ****mb category name : **** CAT _ONE **** hasPerm *** true****mb category name : **** CAT _TWO **** hasPerm *** trueI am not sure, what I am missing here, all I wanted to see is if the logged in user (member of above mentioned one of the role ) does not have permission on a category, I do not want to display that category. But in this case, hasPermission method always returning TRUE (: Por favor identifíquese para votar. Contestar como... Cancelar
Leon Rosenberg Hace 9 años Hello,I must be too dumb, but I (or furthermore idea) can't find com.liferay.portal.security.permission.PermissionCheckerImpl in any jars that are provided with the liferay 6.1.2 download. Where do I find this class? Por favor identifíquese para votar. Contestar como... Cancelar