Ivan Cheung 15 Years Ago Nice Joe,Will the functionality of the PermissionChecker be the same in the future as it is now? Please sign in to reply. Reply as... Cancel Joe Shum Ivan Cheung 15 Years Ago Once we commit the LEP you'll have a flag to decide whether you want to cache the bag. If you do, changes to a users role and group associations won't take affect until the next user login. The price you pay i guess. Right now we check every time, thats why changes are instant. Please sign in to reply. Reply as... Cancel Jakub Liska Joe Shum 13 Years Ago Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Please sign in to reply. Reply as... Cancel Jorge Ferrer Jakub Liska 13 Years Ago Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Please sign in to reply. Reply as... Cancel Xinsheng Robert Chen Jorge Ferrer 13 Years Ago Good job, Joseph!Please do more blogs like this. Please sign in to reply. Reply as... Cancel
Joe Shum Ivan Cheung 15 Years Ago Once we commit the LEP you'll have a flag to decide whether you want to cache the bag. If you do, changes to a users role and group associations won't take affect until the next user login. The price you pay i guess. Right now we check every time, thats why changes are instant. Please sign in to reply. Reply as... Cancel Jakub Liska Joe Shum 13 Years Ago Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Please sign in to reply. Reply as... Cancel Jorge Ferrer Jakub Liska 13 Years Ago Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Please sign in to reply. Reply as... Cancel Xinsheng Robert Chen Jorge Ferrer 13 Years Ago Good job, Joseph!Please do more blogs like this. Please sign in to reply. Reply as... Cancel
Jakub Liska Joe Shum 13 Years Ago Hi Joe,thank you for this post, I'm just wondering why Resource_ and Permission_ table are epmty. Did ResourceAction table substituted them ? Please sign in to reply. Reply as... Cancel Jorge Ferrer Jakub Liska 13 Years Ago Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Please sign in to reply. Reply as... Cancel Xinsheng Robert Chen Jorge Ferrer 13 Years Ago Good job, Joseph!Please do more blogs like this. Please sign in to reply. Reply as... Cancel
Jorge Ferrer Jakub Liska 13 Years Ago Hi Jakub,Yeah, those two tables are used by algorithms 1 to 5. You are probably using algorithm 6 which is the default (and recommended) in Liferay 6 which uses the ResourceAction table.Eventually the other algorithms might be removed and we won't need those other tables, but we need to make sure that doesn't cause problems to people before doing that. Please sign in to reply. Reply as... Cancel Xinsheng Robert Chen Jorge Ferrer 13 Years Ago Good job, Joseph!Please do more blogs like this. Please sign in to reply. Reply as... Cancel
Xinsheng Robert Chen Jorge Ferrer 13 Years Ago Good job, Joseph!Please do more blogs like this. Please sign in to reply. Reply as... Cancel
Shepherd Ching 15 Years Ago Hey, Joe,This is the first time I read your blog.Your formal English is plain, clear and direct. It is good for non-English native speaker like us to understand.There is many STUDENTS studying English at Dalian....Back to the topic, I am digesting your knowledge of PermissionChecker, now. Please sign in to reply. Reply as... Cancel
b v j 15 Years Ago Thanks for the info. A summary description of the following property would be a helpful compliment to this article:permissions.user.check.algorithm Please sign in to reply. Reply as... Cancel b v j b v j 15 Years Ago An explanation of the permission algorithms can be found in the administrator's guide:liferay-4-administration-guide.pdfThe guide also covers other important security concerns. Please sign in to reply. Reply as... Cancel
b v j b v j 15 Years Ago An explanation of the permission algorithms can be found in the administrator's guide:liferay-4-administration-guide.pdfThe guide also covers other important security concerns. Please sign in to reply. Reply as... Cancel
Rohit Salecha 12 Years Ago more on liferay permissions http://liferaydemystified.blogspot.com/search/label/Liferay%20Permissions Please sign in to reply. Reply as... Cancel
Hiran Chaudhuri 12 Years Ago "A PermissionChecker is created or borrowed from a pool and placed in the thread local and themeDisplay object on every request."Who/which method places the PermissionChecker in thread local or themeDisplay? Please sign in to reply. Reply as... Cancel
Jakob Fahrner 12 Years Ago Great article helps to get a better understanding of how permissions are checked...Have there been big changes to the newer versions?Especially: First is the PermissionCheckerBag already cached and if how often do it refresh? Second is there any information on PermissionCacheUtil class (how to use it)? Please sign in to reply. Reply as... Cancel
Denis Signoretto 11 Years Ago Hi Joseph,really good article in particular because it gives a "Liferay Internal" view that can help to undertand in deep. I'm wondering if Liferay can manage hirarchical roles and related permission assigments (enhancing the RBAC model to manage hierarchical roles)(e.g.)1) IT_ROLE (Role for EN users and related permissions) 1.1) IT_ADMIN_ROLE (inherit from parent and add specific permission) 1.1.1) IT_SUPERADMIN_ROLE (inherit from parent and add specific permission)Actually an user can inherith roles by group or organization assigment but permission (action and resource) assigment can be done only by User <->Role relation (as far as I know roles are not hierarchical).I thikn it could be useful an improvement to to support Hierachical roles.WDYT ?Bye,Denis. Please sign in to reply. Reply as... Cancel
sri p 10 Years Ago Hi Joe,I have some basic question about permissions and hopefully you could help me.Details :Users - user-one, user-two :Associated roles : user-one member of role-one (user-one->role-one) and user-two member of role-two (user-two->role-two)Categories in Message Board: CAT_ONE, CAT_TWOAssigned Roles : CAT_ONE all the permissions assigned to owner (admin) and role-one.CAT_TWO all the permissions assigned to owner(admin) and role-two. ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(WebKeys.THEME_DISPLAY); long scopeGroupId = themeDisplay.getScopeGroupId(); long groupThreadUserId = themeDisplay.getUserId(); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); List<MBCategory> mbCategories = MBCategoryLocalServiceUtil.getCategories(scopeGroupId); for(MBCategory mbCategory : mbCategories){ boolean hasPerm = permissionChecker.hasPermission(scopeGroupId, MBCategory.class.getName(), mbCategory.getCategoryId(), ActionKeys.VIEW); System.out.println("****mb category name : ****\t" + mbCategory.getName() "\t **** hasPerm *** \t" + hasPerm); } OUTPUT : ****mb category name : **** CAT _ONE **** hasPerm *** true****mb category name : **** CAT _TWO **** hasPerm *** trueI am not sure, what I am missing here, all I wanted to see is if the logged in user (member of above mentioned one of the role ) does not have permission on a category, I do not want to display that category. But in this case, hasPermission method always returning TRUE (: Please sign in to reply. Reply as... Cancel
Leon Rosenberg 9 Years Ago Hello,I must be too dumb, but I (or furthermore idea) can't find com.liferay.portal.security.permission.PermissionCheckerImpl in any jars that are provided with the liferay 6.1.2 download. Where do I find this class? Please sign in to reply. Reply as... Cancel