Transcript Struts Portlet Part

Struts Portlet
Permissions
Copyright © 2000-2006 Liferay, Inc.
All Rights Reserved.
No material may be reproduced electronically or in print without written
permission from Liferay, Inc.
Objective
The goal of this tutorial is to setup portlet
permissions
1. Setup permissions in backend
a.
b.
c.
d.
Update LocalServiceImpl (BookLocalServiceImpl.java)
Hook in ext permissions (portal-ext.properties)
Map to our portlet permissions (default-ext.xml)
Define specific permissions for the portlet (Library.xml)
2. Setup permissions in frontend
a.
b.
c.
Add permission checks in view.jsp
Update Action classes to pass in necessary information
Add resource action icons for each BookEntry (success.jsp)
0) Look back at Service.xml
When you run “build-service.xml,” database tables sql scripts, impls,
models, utils and other files are auto-generated based on the service.xml
file.
Service.xml
ext\ext-ejb\src\com\ext\portlet\library\service.xml
<service-builder root-dir=".." package-path="com.ext.portlet">
<portlet name="Library" short-name="Library" />
<entity name="Book" local-service="true">
<!-- PK fields -->
<column name="bookId" type="String" primary="true" />
<!-- Permission Fields -->
<column name="companyId" type="String" />
<column name="groupId" type="String" />
<column name="userId" type="String" />
…
These three fields were introduced earlier in the training, but they havent been used
until now. Permissions are managed by Liferay via ResourceLocalServiceUtil, to
implement permissions, we will need to include these three permission fields.
1) Setup Permissions in Backend
a. Update the LocalServiceImpl
(BookLocalServiceImpl.java)
b. Let Liferay know where to look for
permissions written in the ext environment
(portal-ext.properties)
c. Add mapping to our specific portlet
permissions (default-ext.xml)
d. Define specific permissions for the portlet
(Library.xml)
1a) BookLocalServiceImpl.java
• Review: [EntityName]LocalServiceImpl.java is
automatically generated for you when you ran “ant buildservice”. This is where we write our business logic.
In this Impl file we will need to do two things:
1) Before we create and save a new BookEntry, make sure
that the user has permission to perform this action.
2) When we create a new book, in addition to saving our
title and bookid fields, we will need to add three more
fields to implement BookEntry permissions
- userId, companyId and groupId
1a) BookLocalServiceImpl.java
BookLocalServiceImpl.java (Page 1 of 2)
ext/ext-ejb/src/com/ext/portlet/library/service/impl/BookLocalServiceImpl.java
public class BookLocalServiceImpl implements BookLocalService {
public Book addBook(String userId, String title, String plid, boolean addCommunityPermissions, boolean
addGuestPermissions) throws PortalException, SystemException {
User user = UserUtil.findByPrimaryKey(userId);
String groupId = PortalUtil.getPortletGroupId(plid);
Date now = new Date();
PortletPermission.check(getPermissionChecker(), plid, ActionKeys.ADD_ENTRY);
// Primary Key
Book book = BookUtil.create(Long.toString(CounterServiceUtil.increment(Book.class.getName())));
// Permission Fields
book.setUserId(user.getUserId());
book.setCompanyId(user.getCompanyId());
book.setGroupId(groupId);
// Audit Fields
book.setCreateDate(now);
book.setModifiedDate(now);
// Other Fields
book.setTitle(title);
BookUtil.update(book);
//Permission Implementation
addEntryResources(book.getPrimaryKey(), addCommunityPermissions, addGuestPermissions);
return book;
}
…
1a) BookLocalServiceImpl.java
BookLocalServiceImpl.java (Page 2 of 2)
ext/ext-ejb/src/com/ext/portlet/library/service/impl/BookLocalServiceImpl.java
public List getAll() throws SystemException {
return BookUtil.findAll();
}
public PermissionChecker getPermissionChecker() {
return PermissionThreadLocal.getPermissionChecker();
}
public void addEntryResources(
String book, boolean addCommunityPermissions,
boolean addGuestPermissions)
throws PortalException, SystemException {
Book entry = BookUtil.findByPrimaryKey(book);
ResourceLocalServiceUtil.addResources(
entry.getCompanyId(), entry.getGroupId(), entry.getUserId(),
Book.class.getName(), entry.getPrimaryKey().toString(),
false, addCommunityPermissions, addGuestPermissions);
}
}
1b) Hook in ext-resources
BookLocalServiceImpl will now save permission settings. However, we still
haven’t defined specifically what permissions that we are defining (ie.
create, view, update, delete). We will define these and other more specific
permission setting in a Library.xml file.
Currently, Liferay is only looking in the portal code for a definition of resource
actions for portlets. We will need to let Liferay know where to look for the
definition of resource actions for our portlets in the ext environment. To
make Liferay find our xml files in the ext environment, add this to portalext.properties:
portal-ext.properties
ext\ext-ejb\classes\portal-ext.properties
resource.actions.configs=resource-actions/default.xml,resource-actions/default-ext.xml
1c) Add mapping in default-ext.xml
Create the folder ext/ext-ejb/classes/resource-actions/
Create the file ext/ext-ejb/classes/resource-actions/default-ext.xml
default-ext.xml
ext/ext-ejb/classes/resource-actions/default-ext.xml
<?xml version="1.0"?>
<resource-action-mapping>
<resource file="resource-actions/library.xml" />
</resource-action-mapping>
1d) Create library.xml
• When creating a portlet with permissions, you will need to define
specifically what functionality should be protected by permissions
• There are two sets of permissions:
– Portlet permissions (portlet-resource)
– Entry permissions (model-resource)
These will be defined in a file
we will create called
Library.xml. But before we
create that file, lets first let
Liferay know where to look
for this Library.xml file. We
will need to create a
mapping to Library.xml in
default-ext.xml
1d) Create library.xml
•
Now Liferay will look for Library.xml to define the permissions.
Portlet Resources – permissions for the entire porlet (viewing the
portlet)
Entry Resources – permissions for each of the entries (updating or
deleting an entry)
Resource XML Tags
–
Supports
• These are a list of functions that can be assigned permissions
–
community-defaults
• These are the default actions given to those within the community
–
guest-defaults
• These are the default actions given to guests
–
guest-unsupported
• These are actions that the guest can never perform
1d) Create library.xml
library.xml (Page 1 of 2)
ext/ext-ejb/classes/resource-actions/library.xml
<?xml version="1.0"?>
<resource-action-mapping>
<portlet-resource>
<portlet-name>EXT_4</portlet-name>
<!-- This is what will show up when you edit the portlet permissions -->
<supports>
<action-key>ADD_BOOK</action-key>
<action-key>EDIT_BOOK</action-key>
<action-key>DELETE_BOOK</action-key>
<action-key>VIEW</action-key>
</supports>
<community-defaults>
<action-key>VIEW</action-key>
</community-defaults>
<guest-defaults>
<action-key>VIEW</action-key>
</guest-defaults>
<guest-unsupported>
<action-key>UPDATE_BOOK</action-key>
<action-key>DELETE_BOOK</action-key>
</guest-unsupported>
</portlet-resource>
1d) Create library.xml
library.xml (Page 2 of 2)
ext/ext-ejb/classes/resource-actions/library.xml
<!-- Model resources are the actions for each entry, so a book can have permissions for update and delete -->
<model-resource>
<model-name>com.ext.portlet.library.model.Book</model-name>
<portlet-ref>
<portlet-name>EXT_4</portlet-name>
</portlet-ref>
<supports>
<action-key>DELETE</action-key>
<action-key>PERMISSIONS</action-key>
<action-key>UPDATE</action-key>
<action-key>VIEW</action-key>
</supports>
<community-defaults>
<action-key>VIEW</action-key>
</community-defaults>
<guest-defaults>
<action-key>VIEW</action-key>
</guest-defaults>
<guest-unsupported>
<action-key>UPDATE</action-key>
<action-key>DELETE</action-key>
</guest-unsupported>
</model-resource>
</resource-action-mapping>
2) Setup Permissions in Frontend
•
We now have the permissioning setup on
the backend, but what about the
frontend?
a. Display certain buttons in view.jsp
depending on permissions
b. Update Action classes to pass in information
concerning permissions
c. Add resource action icons for each
BookEntry (success.jsp)
2a) Permissions in .jsp
First, we need to determine whether or not the user has permissions to perform the AddEntry action
<%
boolean showAddEntryButton = PortletPermission.contains(permissionChecker, plid,
ActionKeys.ADD_ENTRY);
%>
…
If the user has permissions to AddEntry, then display html button to Add a new Entry
<% if (showAddEntryButton) { %>
Then display the 3 checkboxes relating to permissions.
Assign default permissions to community
Assign default permissions to guest
Only assign permissions to me
<liferay-ui:input-permissions />
<% } %>
2a) Permissions in .jsp
view.jsp
ext/ext-web/docroot/html/portlet/ext/library/view.jsp
<%@ include file="/html/portlet/ext/library/init.jsp" %>
<br/>
Add a book entry to the Library:
<br/><br/>
<%
boolean showAddEntryButton = PortletPermission.contains(permissionChecker, plid,
ActionKeys.ADD_ENTRY);
%>
<form action="<portlet:actionURL windowState="<%= WindowState.MAXIMIZED.toString()
%>"><portlet:param name="struts_action" value="/ext/library/add_book" /></portlet:actionURL>"
method="post" name="<portlet:namespace />fm">
Book Title:
<% if (showAddEntryButton) { %>
<input name="<portlet:namespace />book_title" size="20" type="text" value=""><br/><br/>
<input type="button" value="Submit" onClick="submitForm(document.<portlet:namespace />fm);">
<br />
<liferay-ui:input-permissions />
<% } %>
</form>
2b) Update Action classes
• The information from the JSPs will be passed into the
ActionClasses.
• We need to update our ActionClasses to
– Handle information passed in from the JSP
Layout layout = (Layout) req.getAttribute(WebKeys.LAYOUT);
boolean addCommunityPermissions = ParamUtil.getBoolean(req, "addCommunityPermissions");
boolean addGuestPermissions = ParamUtil.getBoolean(req, "addGuestPermissions");
– Pass information down to the Utils
BookLocalServiceUtil.addBook(req.getRemoteUser(), bookTitle, layout.getPlid(),
addCommunityPermissions, addGuestPermissions);
2b) Update Action classes
AddBookAction.java
ext\ext-ejb\src\com\ext\portlet\library\action\AddBookAction.java
public class AddBookAction extends PortletAction {
public void processAction(ActionMapping mapping, ActionForm form,
PortletConfig config, ActionRequest req, ActionResponse res)
throws Exception {
String bookTitle = req.getParameter("book_title");
Layout layout = (Layout) req.getAttribute(WebKeys.LAYOUT);
boolean addCommunityPermissions = ParamUtil.getBoolean(req, "addCommunityPermissions");
boolean addGuestPermissions = ParamUtil.getBoolean(req, "addGuestPermissions");
if ("".equals(bookTitle) || bookTitle == null) {
setForward(req, "portlet.ext.library.error");
} else {
BookLocalServiceUtil.addBook(req.getRemoteUser(), bookTitle, layout
.getPlid(), addCommunityPermissions, addGuestPermissions);
setForward(req, "portlet.ext.library.success");
}
}
…
2c) Resource Action Icons
Earlier in library.xml, we defined two sets of permissions.
library.xml
ext/ext-ejb/classes/resource-actions/library.xml
<?xml version="1.0"?>
<resource-action-mapping>
<portlet-resource>
…
</portlet-resource>
<model-resource>
…
</model-resource>
</resource-action-mapping>
PortletResouce – set of permissions for the portlet itself
ModelResource – set of permissions for each entry in the portlet, in this case, a
BookEntry
2c) Resource Action Icons
For an admin user to configure portlet permissions:
- click “configuration”
- select “permissions” tab
- select user
- select permissions
This configuration icon in the top right will automatically appear if portlet permissions have been defined
For an admin user to configure entry permissions
- The logical method for letting a admin user configure entry permissions is to list out the entries and include a
“permissions” icon next to each entry. We will need to add the code for this.
success.jsp
ext/ext-web/docroot/html/portlet/ext/library/sucess.jsp
<tr>
<td><%=book.getBookId()%></td>
<td><%=book.getTitle()%></td>
<td><liferay-security:permissionsURL
modelResource="<%= Book.class.getName() %>"
modelResourceDescription="<%= book.getTitle() %>"
resourcePrimKey="<%= book.getPrimaryKey().toString() %>"
var="bookURL" /> <liferay-ui:icon image="permissions"
url="<%= bookURL %>" /></td>
Extra Practice
In Library.xml, we defined there to be four possible permissions for the model-resouce
(BookEntry).
<model-resource>
<model-name>com.ext.portlet.library.model.Book</model-name>
<portlet-ref>
<portlet-name>EXT_4</portlet-name>
</portlet-ref>
<supports>
<action-key>DELETE</action-key>
<action-key>PERMISSIONS</action-key>
<action-key>UPDATE</action-key>
<action-key>VIEW</action-key>
</supports>
In success.jsp, we can view the book and we added a “permissions” icons to set
permissions. Add an Update and Delete icon for each entry and tie them to the
Update and Delete action classes that were written in the Struts Action Class slides
Hint: to see example of how this is done, look at the message board or document library.
Final Steps
1. ant deploy
2. Restart Tomcat
3. Open up a new browser and type
http://localhost:8080
LOGIN: [email protected]
PASSWORD: test
Review Key Concepts
Revision History
Scott Lee
10/30/2006
- Slides created from Brett’s Europe Training Docs