[RESOLVED] Document file entry resource permission (Liferay 7)

掲示板

6年前に Damien Guillermet によって更新されました。

[RESOLVED] Document file entry resource permission (Liferay 7)

Junior Member 投稿: 44 参加年月日: 15/07/09 最新の投稿

Hello Liferay community!

I'm using the document API to upload files and I have some trouble with the permission. The folder and file entry are created correctly but I would like the file be accessible by all users/members of the site (the site where the file has been uploaded).

So here is the code :


// File entry has been previously updated (DLAppLocalServiceUtil.updateFileEntry) or created (DLAppLocalServiceUtil.addFileEntry)
final com.liferay.portal.kernel.repository.model.FileEntry fileEntry;

// Get site member role (assert role exists and is not null)
final Role role = RoleLocalServiceUtil.fetchRole(companyId, RoleConstants.SITE_MEMBER);

// Then we should check if a permission already exists and update it if so. Here we only create a new permission
ResourcePermissionLocalServiceUtil.addResourcePermission(companyId, DLFileEntry.class.getName(), ResourceConstants.SCOPE_COMPANY, String.valueOf(fileEntry.getPrimaryKey()), role.getRoleId(), ActionKeys.VIEW);

No exception is thrown but when a site member user try to access the preview file entry URL (com.liferay.document.library.kernel.util.DLUtil.getPreviewURL(fileEntry, fileVersion, themeDisplay, queryString)) then :


Caused by: com.liferay.portal.kernel.security.auth.PrincipalException$MustHavePermission: User 22222 must have VIEW permission for com.liferay.portal.kernel.repository.model.FileEntry 111111
at com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission.check(DLFileEntryPermission.java:79)
at com.liferay.portlet.documentlibrary.service.impl.DLFileVersionServiceImpl.getLatestFileVersion(DLFileVersionServiceImpl.java:68)
...

Only administrators can access to the preview file URL without exception.

I tried several options with any success : change scope of permission to INDIVIDUAL, create permission using ResourcePermissionLocalServiceUtil.createResourcePermission(CounterLocalServiceUtil.increment()) first, get action id via ResourceActionLocalServiceUtil.getResourceAction(DLFileEntry.class.getName(), actionId).

Thank you very much for sharing your ideas.
Best regards.
Damien.

Configuration : Liferay Portal CE 7.0 GA3

6年前に Andrew Jardine によって更新されました。

RE: Document file entry resource permission (Liferay 7)

Liferay Legend 投稿: 2416 参加年月日: 10/12/22 最新の投稿

Have you tried changing the permissions defined for the User role (assuming that all users get the User role in your solution)?

Control Panel > Users > Roles .. the three dots at the end of the User row entry, Define Permissions. Then you expand the Site Administration > Content and choose the Document Library to see the permissions available to the User role.

Perhaps if you assign the general VIEW permission somewhere in here it will solve your issue?

6年前に Djamel TORCHE によって更新されました。

RE: Document file entry resource permission (Liferay 7)

New Member 投稿: 18 参加年月日: 14/10/21 最新の投稿

Hi Damien,
It is very simple to grant the permission to all site users by setting the "ServiceContext", below how to do it:


ServiceContext serviceContext = new ServiceContext();
//Witch site (group)!
serviceContext.setScopeGroupId(groupId);
// permissions for group (site)
serviceContext.setAddGroupPermissions(true);

then use this "ServiceContex" for DLAppServiceUtil.addFolder(....., serviceContext) if it's Folder or for DLAppServiceUtil.addFileEntry(......, serviceContext) if it's files.

Kind regards,
Djamel

6年前に Damien Guillermet によって更新されました。

RE: Document file entry resource permission (Liferay 7)

Junior Member 投稿: 44 参加年月日: 15/07/09 最新の投稿

Hello Andrew, Djamel,

thank you for you replies.
I tried to add 2 permissions for the Site Member role on Administration site > Content > Documents and media like : View on Documents Folder + View on Document and it works.
I'm not even sure if the view permission on Document is required because it's already defined via the code I mentioned, in theory. If this is true then we can make it works directly via the code by adding a view permission on file's folder also.
Otherwise the solution to define permission via the ServiceContext (setAddGroupPermissions) seems to be easier than dealing with the ResourcePermissionLocalService. I will test that because it can be usefull if I want to define permission on specific folders/files rather than all documents.

Well thank you again emoticon

Damien.

6年前に Andrew Jardine によって更新されました。

RE: Document file entry resource permission (Liferay 7)

Liferay Legend 投稿: 2416 参加年月日: 10/12/22 最新の投稿

Hi Damien,

Glad to hear that you got it all worked out. Personally, I would still have opted for the configuration settings if it met your needs just incase something changed in the future. As developers we often fallback to our comfort zone "I'll just code something up!" -- but you have to noodle through the long term as well. Let's say tomorrow someone decides that they no longer want anyone to be able to VIEW. You'd have to either click through the UI or write some code to roll back that change (because with the service context you are setting the VIEW permission on each individual file). It's pretty unlikely, but there is also always the possibility that Liferay decides in the next release to remove that method from the service context in which case you'd have to update your code for it to continue to work (although this change is probably pretty remote).

I guess my point is, with configuration there is no code change or API dependency required so your total cost of ownership lowers. Personally, I always opt for configuration over code. Just like I try to encourage all my client to leverage the out of the box features before rolling their own custom stuff.

Just some food for thought. The end goal was to have the VIEW permission applied, and it sounds like you managed to get that sorted regardless.