Cannot login anymore due to removed permissions

Forums de discussion

Loïc Dumont, modifié il y a 13 années.

Cannot login anymore due to removed permissions

Junior Member Publications: 43 Date d'inscription: 27/04/10 Publications récentes

On its site, a client of us removed the guest view permission on every page... As a consequence no one can login anymore in the portal. Even using the c/portal/login URL.

I'm trying to change the rights directly in the database, but it's not easy to do so.

Anyone has a workaround or a tricks to help me?

Victor Zorin, modifié il y a 13 années.

RE: Cannot login anymore due to removed permissions

Liferay Legend Publications: 1228 Date d'inscription: 14/04/08 Publications récentes

A couple of approaches, I am sure there are many more:

#1. If you know which page of Guest community has Sign-In portlet deployed on explicitly, you can try to remove this page from the database. Restart the server, and then go to /c/portal/login or url of any private area.
I have not done it this, but I know that when URL /c/portal/login is invoked, it will bring the page where Sign-In portlet is deployed (5.2.3). If such page is not found, a system's 'Sign-In' portlet will appear (your user would not be able to disable this).
Make sure that your restart the server and clean all temp dirs before attempting /c/portal/login.

#2. Another approach is to modify the authentication pipe, then invoke any valid '/group/community-name' and enforce automatic sign-in as an administrator. We did it some time ago when making auto-login for Novell Netware eDirectory, and if you need to go this way, we'll have to dig into the previous projects to find the break-in class.

Loïc Dumont, modifié il y a 13 années.

RE: Cannot login anymore due to removed permissions

Junior Member Publications: 43 Date d'inscription: 27/04/10 Publications récentes

Thank you for your answers!

It took me some time but I managed to reactivate the permission for one page in the database for the Guest user and was then able to login...

Trying to understand the database schema wasn't very easy, so here are some information I hope is correct:

(Liferay 6.0.5 CE)

- Pages are stored in the Layout table

- In this table I found the page I wanted to add the guest rights to.

- The permissions are stored in ResourcePermission, look for the entry where the primKey "like" the plid of the page in the Layout table. (select * from ResourcePermission where primKey like "%1111%"; where 1111 is the plid column of the page)
- Here you get permissions for the page and the portlets in the page. The name column tells you the model of the ressource or the name/id of the portlet. The entries with a name of "com.liferay.portal.model.Layout" are for the page.

- The actionIds is the column describing the permission for this resource. The number is the sum of the available permissions for this kind of resources available in ResourceAction table.

- Settings 127 will give enough permission, so add a row for the guest roleId with actionIds set to 127.

- The last problem was to set the correct resourcePermissionid. If I'm correct this value is set from a global counter managed in Liferay for every entry in the database. So I put a very big value in this field (99999999999999999) to be sure that Liferay will not try to add a new entry in the db with the same id.

I know this is a lot of information and not very well structured, but I guest it could be helpful.

David H Nebinger, modifié il y a 13 années.

RE: Cannot login anymore due to removed permissions

Liferay Legend Publications: 14916 Date d'inscription: 02/09/06 Publications récentes

Loïc Dumont:

The last problem was to set the correct resourcePermissionid. If I'm correct this value is set from a global counter managed in Liferay for every entry in the database. So I put a very big value in this field (99999999999999999) to be sure that Liferay will not try to add a new entry in the db with the same id.

The lportal.counter table holds the current counter values.

Loïc Dumont, modifié il y a 13 années.

RE: Cannot login anymore due to removed permissions

Junior Member Publications: 43 Date d'inscription: 27/04/10 Publications récentes

Thanks for the tips.

I just want to add to my previous post that I removed the special entry after I was able to change the permissions from the portal.

Chris Stavros, modifié il y a 8 années.

RE: Cannot login anymore due to removed permissions

New Member Publications: 18 Date d'inscription: 04/03/08 Publications récentes

Hello,

We just bumped into this again with 6.2 and wanted to share the info for posterity:

The procedure that worked for us with Liferay 6.2 to re-add guest view perms to a page so we could login, as an example, was:

Get the guest role for the right Company (Instance):
select * from role_ where companyid=62862 and name='Guest’;
(roleid=62869)

Find the page we want to fix (/welcome):
select * from layout where companyid=62862 and friendlyURL='/welcome’;
(plid= 66975)
[layout.plid = resourcepermission.primkey]

Find the desired resourcepermissionid record for the Guest user:
select * from resourcepermission where companyid=62862 and name='com.liferay.portal.model.Layout' and primkey='66975' and roleid=62869;
[name=‘com.liferay.portal.model.Layout’ is probably not necessary]
(resourcepermissionid=62742)

Fix the perms to allow Guest views:
update resourcepermission set actionIds=1 where resourcepermissionid=62742;

Stop the portal. Clear out work/temp caches and restart.

That should do it.