Java 如何为不使用';你不属于这个组织吗?
我正在使用Liferay 6.1,我想更改单个组织的权限,以便这些组织可以由UserX和RoleX一起管理,而该用户不属于该组织OrgA 特别是:Java 如何为不使用';你不属于这个组织吗?,java,liferay,user-permissions,rbac,Java,Liferay,User Permissions,Rbac,我正在使用Liferay 6.1,我想更改单个组织的权限,以便这些组织可以由UserX和RoleX一起管理,而该用户不属于该组织OrgA 特别是: 我想通过控制面板->用户和组织表单中的劳力士查看并更新OrgA UserX可以添加新的组织和用户 UserX属于RoleX,但不属于OrgA(因此我认为组织范围内的角色没有帮助) 我想以编程方式来做这件事 我到目前为止所做的尝试: else if (permissionChecker.isCompanyAdmin()) { filter
- 我想通过
表单中的劳力士查看并更新OrgA控制面板->用户和组织
- UserX可以添加新的组织和用户
- UserX属于RoleX,但不属于OrgA(因此我认为组织范围内的角色没有帮助)
我到目前为止所做的尝试:
else if (permissionChecker.isCompanyAdmin()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
if (MyUtils.isRoleX()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
- 创建了劳力士并授予其以下权限:
- 访问控制面板->用户和组织(portlet 125)
- 组织,范围4(个人): ActionKeys.VIEW、ActionKeys.UPDATE、ActionKeys.ASSIGN\u USER\u角色, ActionKeys.DELETE,ActionKeys.MANAGE\u用户
- OrgA集团,范围4:
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES, ActionKeys.CONFIGURE_PORTLETS, ActionKeys.DELETE, ActionKeys.MANAGE_ANNOUNCEMENTS, ActionKeys.MANAGE_LAYOUTS, ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.VIEW_MEMBERS
用户和组织
表单,但他们只能看到自己的组织,不能看到组织
我如何授予查看和管理OrgA的权限
谢谢最后,我能够通过使用钩子插件来完成对劳力士的
资源权限的修改和对init users\u admin portlet jsp文件的修改
主要问题是Liferay没有使用ResourcePermissions启用用户所属组织以外的组织管理
特别是在portal trunk/portal web/docroot/html/portlet/users\u admin/init.jsp中,只有几行代码只为公司管理员角色启用它:
else if (permissionChecker.isCompanyAdmin()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
if (MyUtils.isRoleX()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
因此,我在init.jsp中添加了以下几行(您可以在钩子中使用init-ext.jsp)来为劳力士启用它:
else if (permissionChecker.isCompanyAdmin()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
if (MyUtils.isRoleX()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
这样,数据库查询就不会过滤组织、用户和组
第二步是定义添加、更新、管理等权限。。用户和组织可以访问控制面板中的portlet
使用启动操作挂钩和ResourcePermissionLocalService
API,这是非常简单的:
private static final String[] ORGANIZATION_ENTRY_ACTION_IDS = new String[] {
ActionKeys.VIEW, ActionKeys.UPDATE, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.DELETE, ActionKeys.MANAGE_USERS };
private static final String[] ORGANIZATION_CUSTOM_FIELDS_ENTRY_ACTION_IDS = new String[] {
ActionKeys.VIEW, ActionKeys.UPDATE };
public static final String[] ORGANIZATION_MODEL_ACTION_IDS = new String[] {
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.DELETE, ActionKeys.MANAGE_ANNOUNCEMENTS,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.MANAGE_USERS,
ActionKeys.MANAGE_SUBORGANIZATIONS };
public static final String[] ORGANIZATION_GROUP_ENTRY_ACTION_IDS = new String[] {
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.VIEW_MEMBERS };
private static final String[] PORTAL_ACTION_IDS = new String[] {
ActionKeys.ADD_USER, ActionKeys.ADD_ORGANIZATION,
ActionKeys.VIEW_CONTROL_PANEL };
private static final String[] USERS_ORG_ADMIN_ACTION_IDS = new String[] { ActionKeys.ACCESS_IN_CONTROL_PANEL };
。。。奥米西斯
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
Organization.class.getName(),
ResourceConstants.SCOPE_GROUP_TEMPLATE, "0", CiUtils
.getRoleX().getPrimaryKey(),
ORGANIZATION_MODEL_ACTION_IDS);
// ORGANIZATION MODEL COMPANY PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
Organization.class.getName(), ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_MODEL_ACTION_IDS);
// PORTAL (portlet 90) PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
"90", ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
PORTAL_ACTION_IDS);
// USER_ORG_ADMINS PORTLET (125) PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
"125", ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
USERS_ORG_ADMIN_ACTION_IDS);
对于每个组织:
ResourcePermissionLocalServiceUtil.setResourcePermissions(organization.getCompanyId(),
Organization.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL, Long .toString(organization.getPrimaryKey()),
MyUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_ENTRY_ACTION_IDS);
long groupId = organization.getGroupId();
ResourcePermissionLocalServiceUtil.setResourcePermissions(
organization.getCompanyId(),Group.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL,Long.toString(groupId),
MyUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_GROUP_ENTRY_ACTION_IDS);
希望这能帮助别人