Fórum

  1. Início
  2. Portal
  3. Permission to prevent user from updating their profile.

Permission to prevent user from updating their profile.

thumbnail
Sandeep Nair, modificado 14 Anos atrás.

Permission to prevent user from updating their profile.

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hi,

I am using liferay 5.1.2. Is there a permission or privilege that i can set so that users cannot update their profile.

Regards,
Sandeep
thumbnail
Auditya manikanta Vadrevu, modificado 14 Anos atrás.

RE: Permission to prevent user from updating their profile.

Liferay Master Postagens: 621 Data de Entrada: 06/05/08 Postagens Recentes
hai sandeep,

i think there is no such option.

We can do it through a little modifications.

1. First remove the link in Welcome menu

2. goto that jsp page(code) and disable view permission.


With Regards,
V.Auditya
thumbnail
Sandeep Nair, modificado 14 Anos atrás.

RE: Permission to prevent user from updating their profile.

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hi auditya,

Thanks for the reply. Actually i found in edituser.jsp the following code.

if (portletName.equals(PortletKeys.ENTERPRISE_ADMIN) || portletName.equals(PortletKeys.ORGANIZATION_ADMIN) || portletName.equals(PortletKeys.MY_ACCOUNT)) {
	if ((user2 == null) || user2.isActive()) {
		editable = true;

		if ((user2 != null) && !UserPermissionUtil.contains(permissionChecker, user2.getUserId(), ActionKeys.UPDATE)) {
			editable = false;
		}
	}
}


As you can see above if they are checking UserPermissionUtil.contains(permissionChecker, user2.getUserId(), ActionKeys.UPDATE)
update permission. if i can somehow set update permission to false to a group of users then they wont be able to modify their profile. But i cant find how i can do it.

Regards,
Sandeep
thumbnail
Auditya manikanta Vadrevu, modificado 14 Anos atrás.

RE: Permission to prevent user from updating their profile.

Liferay Master Postagens: 621 Data de Entrada: 06/05/08 Postagens Recentes
hi sandeep ,

try with this ,

if (portletName.equals(PortletKeys.ENTERPRISE_ADMIN) || portletName.equals(PortletKeys.ORGANIZATION_ADMIN) || portletName.equals(PortletKeys.MY_ACCOUNT)) {
        if ((user2 == null) || user2.isActive()) {
        //      editable = false;
long roleIds = RoleLocalServiceUtil.getRole([b]your companyId[/b], "[b]your Role name[/b]").getRoleId();
if(UserLocalServiceUtil.hasRoleUser(roleIds, user2.getUserId())) 
{
editable=false;
}
else
{
editable=true;
}
                if ((user2 != null) && !UserPermissionUtil.contains(permissionChecker, user2.getUserId(), ActionKeys.UPDATE)) {
                        editable = false;
                }
        }
}


It works.

for group try with this,

for group...
UserLocalServiceUtil.hasGroupUser(groupId, userId);


With Regards,
V.Auditya
thumbnail
Sandeep Nair, modificado 14 Anos atrás.

RE: Permission to prevent user from updating their profile.

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Thanks Auditya,

That seems to be a good option. I was thinking of another option. Like i will create my own privilege say "DENY_ACCESS" and place it in portal.xml as under

<model-resource>
		<model-name>com.liferay.portal.model.User</model-name>
		<portlet-ref>
			<portlet-name>11</portlet-name>
			<portlet-name>79</portlet-name>
			<portlet-name>80</portlet-name>
			<portlet-name>90</portlet-name>
		</portlet-ref>
		<supports>
			<action-key>DELETE</action-key>
			<action-key>IMPERSONATE</action-key>
			<action-key>PERMISSIONS</action-key>
			<action-key>UPDATE</action-key>
			<action-key>VIEW</action-key>
                        [b]<action-key>DENY_ACCESS</action-key>[/b]
		</supports>
		<community-defaults />
		<guest-defaults />
		<guest-unsupported>
			<action-key>DELETE</action-key>
			<action-key>IMPERSONATE</action-key>
			<action-key>PERMISSIONS</action-key>
			<action-key>UPDATE</action-key>
			<action-key>VIEW</action-key>
                      [b]  <action-key>DENY_ACCESS</action-key>[/b]
		</guest-unsupported>
	</model-resource>


Then i will check whether the user has this permission in code as under

UserPermissionUtil.contains(permissionChecker, user2.getUserId(), "DENY_ACCESS")

Regards,
Sandeep