9 Replies Latest reply on Jun 11, 2012 10:09 PM by Minh Hoang TO

    Portlet modes: how to set up a permission to the 'Edit mode'?

    donino doninos Newbie

      Hi,

       

      I wonder if it is possible to set a permission on a portlet mode: since on a site page, the portlet preferences are shared between all users, in my portlet i would like to enable the 'Edit mode' only for admin users, or specific user groups / memberships types. I did not find in the documentation how to manage this, please could someone confirm if it is possible or not?

       

      thanks!

        • 1. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
          Hai Nguyen Newbie

          Yes, It is possible. You can use UserACL to check permission when access portlet edit mode

          • 2. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
            donino doninos Newbie

            Thanks for your quick reponse.

             

            If i understand correctly, that means i can set 'Edit mode' permissions programmatically in my portlets, but not through the portal GUI, am i right? 

             

            Even if i check the permission when the processAction is fired, i can't prevent the 'Edit mode' option to be displayed in the portlet info bar when a user is not authorized to use it. I could disable the portlet modes, and only authorize the 'Edit mode' when users are in the page editor: it resolves the problem, but that means i can't take advantage of the 'Help mode' anymore.

             

            Since the portlet preferences are shared, i hoped there would be a similar mechanism as the 'Edit page permissions': users  can edit a page only if the belong to the page's editor group. It would be great  if it was extended to the portlet edit mode!

            • 3. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
              Hai Nguyen Newbie

              You can check permission in UIPortlet template to prevent display "Edit" link

              • 4. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
                donino doninos Newbie

                It looks great, however i did still not succeed to achieve that. I think i found the right section in this template:

                if(mode.equals("edit") && rcontext.getRemoteUser()==null) continue;

                could be replaced by something like:

                boolean isEditModeAuth= (rcontext.getRemoteUser()!=null) && (rcontext.isUserRole("administrator"));

                if(mode.equals("edit") && !isEditModeAuth) continue;

                 

                I still not tried this code, what is this rcontext object: is it a PortletRequest, so that the isUserRole method can be used? Is it possible to know here  if the current page has been created by the current user group?

                 

                Thanks

                • 5. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
                  Hai Nguyen Newbie

                  Hi

                   

                  The rcontext is PortletRequestContext. You can find the binding template in WebuiBindingContext. To check member of group you need get instance of UserACL by portal container and use "isUserInGroup" method

                   

                  Enjoy

                  • 6. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
                    Minh Hoang TO Novice

                    To restrict access on Edit mode, you could add custom code to lifecycle methods of portlet according to the portlet mode (retrieved via PortletRequest)

                     

                     

                    donino doninos wrote:

                     

                    It looks great, however i did still not succeed to achieve that. I think i found the right section in this template:

                    if(mode.equals("edit") && rcontext.getRemoteUser()==null) continue;

                    could be replaced by something like:

                    boolean isEditModeAuth= (rcontext.getRemoteUser()!=null) && (rcontext.isUserRole("administrator"));

                    if(mode.equals("edit") && !isEditModeAuth) continue;

                     

                    I still not tried this code, what is this rcontext object: is it a PortletRequest, so that the isUserRole method can be used? Is it possible to know here  if the current page has been created by the current user group?

                     

                    Thanks

                     

                    rcontext  is an instance of PortalRequestContext, it is a wrapper of HttpServletRequest/HttpServletResponse and is attached to the thread handling Http request to portal. From lifecycle methods of portlet, you could get that object using the code

                     

                    PortalRequestContext rcontext = RequestContext.getCurrentInstance();

                    1 of 1 people found this helpful
                    • 7. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
                      Minh Hoang TO Novice

                      donino doninos wrote:

                       

                      Thanks for your quick reponse.

                       

                      If i understand correctly, that means i can set 'Edit mode' permissions programmatically in my portlets, but not through the portal GUI, am i right? 

                       

                      That's true!

                       

                      As user clicks on link to show Edit mode, the Portal simply opens a form and fill it with the markup generated by portlet in response to a render request sent by Portal. The Portal does not integrate any authorization code.

                      • 8. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
                        donino doninos Newbie

                        Thanks Minh,

                         

                        By looking at the source org.exoplatform.portal.application.PortalRequestContext i could check it supports the isUserInRole method, so i got exactly the behaviour i expected with this modification:

                         

                        In UIPortlet.gmpl, i replaced:

                         

                        if(mode.equals("edit") && rcontext.getRemoteUser()==null) continue;

                        By:

                        if(mode.equals("edit") && !rcontext.isUserInRole("administrators")) continue;

                        Thus, the view & help mode can still be accessed by every users, and the edit mode only by administrators. If non admin users drag a portlet in their private dashboard pages, they can access the edit mode in the dashboard  editor, this is exactly what i wanted!

                        • 9. Re: Portlet modes: how to set up a permission to the 'Edit mode'?
                          Minh Hoang TO Novice

                          donino doninos wrote:

                           

                          Thanks Minh,

                           

                          By looking at the source org.exoplatform.portal.application.PortalRequestContext i could check it supports the isUserInRole method, so i got exactly the behaviour i expected with this modification:

                           

                          In UIPortlet.gmpl, i replaced:

                           

                          if(mode.equals("edit") && rcontext.getRemoteUser()==null) continue;

                          By:

                          if(mode.equals("edit") && !rcontext.isUserInRole("administrators")) continue;

                          Thus, the view & help mode can still be accessed by every users, and the edit mode only by administrators. If non admin users drag a portlet in their private dashboard pages, they can access the edit mode in the dashboard  editor, this is exactly what i wanted!

                           

                          The problem with this solution is that the same access restriction is applied to all the portlets. In case you need more fine-grained restrictions, programmatic approach seems to be more appropriated