Liferay inherited roles
261 views
Skip to first unread message
babak....@gmail.com
Jun 24, 2014, 1:48:08 PM6/24/14
to orb...@googlegroups.com
Hi every one.
First of all i would like to thank Orbeon community because of the quick and
effective answers.
It seems Orbeon portlet proxy dose not undestand Liferay users inherited
roles(roles assigned to all users of the same group in Liferay), however it
works fine with Liferay users regular roles. My properties-local.xml file is
as follow:
<properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:oxf="http://www.orbeon.com/oxf/processors">
<property as="xs:string" name="oxf.fr.persistence.provider.*.*.*"
value="oracle"/>
<property as="xs:string" name="oxf.fr.persistence.oracle.datasource"
value="oracle"/>
<property as="xs:boolean" name="oxf.fr.persistence.oracle.create-flat-view"
value="true"/>
<property as="xs:anyURI" processor-name="oxf:page-flow"
name="authorizer" value="/orbeon-auth"/>
<property as="xs:string" name="oxf.fr.authentication.method"
value="header"/>
<property as="xs:string" name="oxf.fr.authentication.header.username"
value="Orbeon-Liferay-User-Email"/>
<property as="xs:string" name="oxf.fr.authentication.header.roles"
value="Orbeon-Liferay-User-Roles"/>
<property as="xs:string" name="oxf.fr.authentication.header.group"
value="Orbeon-Liferay-User-Group"/>
<property as="xs:string" name="oxf.xforms.forward-submission-headers"
value="Orbeon-Liferay-User-Email Orbeon-Liferay-User-Roles
Orbeon-Liferay-User-Group"/>
<property as="xs:boolean" name="oxf.xforms.async-portlet-load"
value="true"/>
</properties>
do i have made any mistakes, or is there any possible solution for this
problem?
BEST
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.
First of all i would like to thank Orbeon community because of the quick and
effective answers.
It seems Orbeon portlet proxy dose not undestand Liferay users inherited
roles(roles assigned to all users of the same group in Liferay), however it
works fine with Liferay users regular roles. My properties-local.xml file is
as follow:
<properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:oxf="http://www.orbeon.com/oxf/processors">
<property as="xs:string" name="oxf.fr.persistence.provider.*.*.*"
value="oracle"/>
<property as="xs:string" name="oxf.fr.persistence.oracle.datasource"
value="oracle"/>
<property as="xs:boolean" name="oxf.fr.persistence.oracle.create-flat-view"
value="true"/>
<property as="xs:anyURI" processor-name="oxf:page-flow"
name="authorizer" value="/orbeon-auth"/>
<property as="xs:string" name="oxf.fr.authentication.method"
value="header"/>
<property as="xs:string" name="oxf.fr.authentication.header.username"
value="Orbeon-Liferay-User-Email"/>
<property as="xs:string" name="oxf.fr.authentication.header.roles"
value="Orbeon-Liferay-User-Roles"/>
<property as="xs:string" name="oxf.fr.authentication.header.group"
value="Orbeon-Liferay-User-Group"/>
<property as="xs:string" name="oxf.xforms.forward-submission-headers"
value="Orbeon-Liferay-User-Email Orbeon-Liferay-User-Roles
Orbeon-Liferay-User-Group"/>
<property as="xs:boolean" name="oxf.xforms.async-portlet-load"
value="true"/>
</properties>
do i have made any mistakes, or is there any possible solution for this
problem?
BEST
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.
Erik Bruchez
Jun 25, 2014, 3:05:27 AM6/25/14
to orb...@googlegroups.com
Here is how we get Liferay roles:
https://github.com/orbeon/orbeon-forms/blob/master/src/main/scala/org/orbeon/oxf/portlet/liferay/LiferaySupport.scala
We call getRoles() on com.liferay.portal.model.User. Do you happen to know
whethe there is another way to get role information?
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658547.html
https://github.com/orbeon/orbeon-forms/blob/master/src/main/scala/org/orbeon/oxf/portlet/liferay/LiferaySupport.scala
We call getRoles() on com.liferay.portal.model.User. Do you happen to know
whethe there is another way to get role information?
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658547.html
Erik Bruchez
Jun 27, 2014, 2:25:14 PM6/27/14
to orb...@googlegroups.com
Got it.
Now the question is: how can we obtain roles from Liferay in this scenario?
In this forum post:
http://www.liferay.com/community/forums/-/message_boards/message/32479830
I see that possibly this could be used:
RoleLocalServiceUtil.getUserRelatedRoles()
Are you able to try it out?
I am a bit unclear if we should always also add the group roles by default.
What do you think?
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658550.html
Now the question is: how can we obtain roles from Liferay in this scenario?
In this forum post:
http://www.liferay.com/community/forums/-/message_boards/message/32479830
I see that possibly this could be used:
RoleLocalServiceUtil.getUserRelatedRoles()
Are you able to try it out?
I am a bit unclear if we should always also add the group roles by default.
What do you think?
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658550.html
Erik Bruchez
Jun 30, 2014, 6:34:35 PM6/30/14
to orb...@googlegroups.com
It is possible, but we don't provide instructions to build the PE version
right now unless you are a PE customer. This said, your change should only
impact the proxy portlet, so you should be able to figure it out easily!
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658578.html
right now unless you are a PE customer. This said, your change should only
impact the proxy portlet, so you should be able to figure it out easily!
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658578.html
Jez
Jul 1, 2014, 4:00:38 AM7/1/14
to orb...@googlegroups.com
Hi Erik
See also, StackOverflow Question
<http://stackoverflow.com/questions/16812008/how-does-orbeon-deal-with-liferay-inherited-roles>
IMHO I would add Group Roles by default, as, when you scale up Role
management and Role Based Access Control (RBAC) to the Enterprise level, the
most granular roles (should) map to functions rather than organisational
positions. What I mean is the standard CRUD functions would map to roles
"can-read", "can-edit", etc. which are then assigned to an organisational
position User Group, ie:
Steve -> Manager -> "can-read", "can-edit", "can-delete"
Amy -> Clerk -> "can-read"
Practically this means that the functions that a Manager, etc. can perform
are stored within the User provisioning mechanism rather than the form
definition.
Regards
Jez
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658580.html
See also, StackOverflow Question
<http://stackoverflow.com/questions/16812008/how-does-orbeon-deal-with-liferay-inherited-roles>
IMHO I would add Group Roles by default, as, when you scale up Role
management and Role Based Access Control (RBAC) to the Enterprise level, the
most granular roles (should) map to functions rather than organisational
positions. What I mean is the standard CRUD functions would map to roles
"can-read", "can-edit", etc. which are then assigned to an organisational
position User Group, ie:
Steve -> Manager -> "can-read", "can-edit", "can-delete"
Amy -> Clerk -> "can-read"
Practically this means that the functions that a Manager, etc. can perform
are stored within the User provisioning mechanism rather than the form
definition.
Regards
Jez
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658580.html
Erik Bruchez
Jul 1, 2014, 4:59:40 PM7/1/14
to orb...@googlegroups.com
Jez,
Thanks for the comments. So I am tempted to add:
RoleLocalServiceUtil.getUserRelatedRoles()
by default.
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658584.html
Thanks for the comments. So I am tempted to add:
RoleLocalServiceUtil.getUserRelatedRoles()
by default.
-Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658584.html
Erik Bruchez
Jul 14, 2014, 9:01:24 PM7/14/14
to orb...@googlegroups.com
Thanks for sharing, and glad it's working now! -Erik
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658666.html
--
View this message in context: http://discuss.orbeon.com/Liferay-inherited-roles-tp4658542p4658666.html
Reply all
Reply to author
Forward
0 new messages