Fórum
Help with site and organizational structure + permission checking
Odysseas Doumas, modificado 7 Anos atrás.
Help with site and organizational structure + permission checking
New Member Postagens: 17 Data de Entrada: 22/06/16 Postagens Recentes
I have the following requirement. We need the following structure (this is an initial design, feel free to propose changes as i unravel the requirements behind this). I mostly want to validate my design process.
Main Site (think of it as a buisness 2 buisness community)
--MasterOrg (this organization will be a member to the site, so every subogranization and users within will also be members)
------SubOrg1 (separtion of my master org to scope administration, for example per country)
-----------partnerOrg1 (These organizations will be created programmatically via a registration form, they represent a partner)
----------- partnerOrg2
---------------- :
------SubOrg2
---------:
Every partnerOrganization must hold ownership of some custom content, and the permissions on this content must be organization scoped.
In my Main Site, i want to create a dashboard-like page. Let's suppose this page holds one JSF portlet that shows some content. I want to display (and have diplsay permissions) for the content of ONLY the organization the logged in user is member of. So i suppose i must create organization scoped-roles. Furthermore let's suppose the user is member of more than than
My real question is how to properly add the resources-permissions when i create a new content. To summarize i need:
1) Set "ownerhip" of a content to a specific organization.
2)A user can view/add the content only if he/she is a member of the "owner" organization.
3)How to use the LiferayFacesContext to automatically determine the logged in user's organizationId/groupId, so i can easily add new content adn check permissions.
Also, can i assign a user of a parent organization the permission to view the content of All the child organizations?
Main Site (think of it as a buisness 2 buisness community)
--MasterOrg (this organization will be a member to the site, so every subogranization and users within will also be members)
------SubOrg1 (separtion of my master org to scope administration, for example per country)
-----------partnerOrg1 (These organizations will be created programmatically via a registration form, they represent a partner)
----------- partnerOrg2
---------------- :
------SubOrg2
---------:
Every partnerOrganization must hold ownership of some custom content, and the permissions on this content must be organization scoped.
In my Main Site, i want to create a dashboard-like page. Let's suppose this page holds one JSF portlet that shows some content. I want to display (and have diplsay permissions) for the content of ONLY the organization the logged in user is member of. So i suppose i must create organization scoped-roles. Furthermore let's suppose the user is member of more than than
My real question is how to properly add the resources-permissions when i create a new content. To summarize i need:
1) Set "ownerhip" of a content to a specific organization.
2)A user can view/add the content only if he/she is a member of the "owner" organization.
3)How to use the LiferayFacesContext to automatically determine the logged in user's organizationId/groupId, so i can easily add new content adn check permissions.
Also, can i assign a user of a parent organization the permission to view the content of All the child organizations?
Samuel Kong, modificado 7 Anos atrás.
RE: Help with site and organizational structure + permission checking
Liferay Legend Postagens: 1902 Data de Entrada: 10/03/08 Postagens Recentes
The portal isn't setup to check permission based on the content owner's organization. So if you need this, you'll need to create all this permission logic into your JSF portlet. Alternatively, you can place your portlet in an organization's private pages. This way, only members of the organization can access the content.
Organizations work the other way. Member of a child-organization are automatically members of the parent site. For more info, check out Adding and Managing Organizations.
Also, can i assign a user of a parent organization the permission to view the content of All the child organizations?
Organizations work the other way. Member of a child-organization are automatically members of the parent site. For more info, check out Adding and Managing Organizations.
Odysseas Doumas, modificado 7 Anos atrás.
RE: Help with site and organizational structure + permission checking
New Member Postagens: 17 Data de Entrada: 22/06/16 Postagens Recentes
Thank you very much for your reply.
First of all let me apologize for my luck of understanding of these Liferay concepts as i am new in Liferay.
Second, after further reading i understand that the way to go is that every organization has it's own site, similar to users having their own personal sites.
Let's forget the "organization ownership" thing.
In the documentation here, in the Atlantic sport league example, it states:
To be clear, this happens because a user of a suborganization is also a member of it's parents, right? Is there no way in Liferay to have a similar behaviour for another entity rather than users, for example a user's bookmarks? I mean, since an organization administrator can handle all of it's suborganization users, doesn't that (or can't that) apply for those users content?
To clarify even further, let's suppose that i need 2 types of organizations. The first is my company's structure, that has departments (let's call them regular organizations). I need these organizations to only be "administrative" ones. The second type represents our partners. According to the documentation, an admin of a regular organization can manage all the users of it's child partner organizations. So far so good.
Now the partner users create content (or assets, i am not familiar with the terminology, i hope you understand). Can't the top level organizations have permissions to manage child organization's user's content, just like the they can manage the users themselves?
Thank you very much for your time.
First of all let me apologize for my luck of understanding of these Liferay concepts as i am new in Liferay.
Second, after further reading i understand that the way to go is that every organization has it's own site, similar to users having their own personal sites.
Let's forget the "organization ownership" thing.
In the documentation here, in the Atlantic sport league example, it states:
Whenever you have a collection of users that fit into a hierarchical structure, you can use organizations to model those users. In Liferay, organization administrators can manage all the users in their organization and in any suborganization.
To be clear, this happens because a user of a suborganization is also a member of it's parents, right? Is there no way in Liferay to have a similar behaviour for another entity rather than users, for example a user's bookmarks? I mean, since an organization administrator can handle all of it's suborganization users, doesn't that (or can't that) apply for those users content?
To clarify even further, let's suppose that i need 2 types of organizations. The first is my company's structure, that has departments (let's call them regular organizations). I need these organizations to only be "administrative" ones. The second type represents our partners. According to the documentation, an admin of a regular organization can manage all the users of it's child partner organizations. So far so good.
Now the partner users create content (or assets, i am not familiar with the terminology, i hope you understand). Can't the top level organizations have permissions to manage child organization's user's content, just like the they can manage the users themselves?
Thank you very much for your time.
Samuel Kong, modificado 7 Anos atrás.
RE: Help with site and organizational structure + permission checking (Resposta)
Liferay Legend Postagens: 1902 Data de Entrada: 10/03/08 Postagens RecentesTo be clear, this happens because a user of a suborganization is also a member of it's parents, right?
Correct
Is there no way in Liferay to have a similar behaviour for another entity rather than users, for example a user's bookmarks? I mean, since an organization administrator can handle all of it's suborganization users, doesn't that (or can't that) apply for those users content?
First of all, remember that organizations are for managing users. Assets, such as bookmarks, are content that is in a site. Content is managed by a Site Administrator. Things get a little confusing because you can associate a site with an organization and if you associate a site with an organization, the organization admin will implicitly become the site admin also. But conceptually you should keep the 2 separate: organization is for users and sites are for content.
So let's say user1 (who is in OrgA) creates a bookmark in OrgA's site. The organization administration for OrgA can manage the bookmark since it's created in OrgA. But if user1 creates a bookmark in SiteB, the administrator for Org A does not have permission to manage Site B's content even though user1 is in Org A.
Can't the top level organizations have permissions to manage child organization's user's content, just like the they can manage the users themselves?
If I recall correctly, I want to say the answer is yes. A parent org admin can manage the content in a child org's site.
Neil Griffin, modificado 7 Anos atrás.
RE: Help with site and organizational structure + permission checking
Liferay Legend Postagens: 2655 Data de Entrada: 27/07/05 Postagens RecentesOdysseas Doumas:
3)How to use the LiferayFacesContext to automatically determine the logged in user's organizationId/groupId, so i can easily add new content adn check permissions.
Better to use LiferayPortletHelperUtil than LiferayFacesContext since it has been deprecated. There are several utility methods that can help with checking permissions.
Odysseas Doumas, modificado 7 Anos atrás.
RE: Help with site and organizational structure + permission checking
New Member Postagens: 17 Data de Entrada: 22/06/16 Postagens RecentesNeil Griffin:
Odysseas Doumas:
3)How to use the LiferayFacesContext to automatically determine the logged in user's organizationId/groupId, so i can easily add new content adn check permissions.
Better to use LiferayPortletHelperUtil than LiferayFacesContext since it has been deprecated. There are several utility methods that can help with checking permissions.
I didn't mention that i use Liferay 6.2 . I can't seem to import LiferayPortletHelperUtil.