All geek questions in one place

How to find out what permissions a site administrator and site owner have?

Find out what permissions the following Liferay roles have:

  • Site administrator
  • Site owner

I donโ€™t see any record made in the ResourcePermissions table for system roles such as the two above and the Administrator roles, so I think this makes the Permission...Service classes useless in my case.

Register Usage

What we need to do is to provide the Site Administrator role, but removing some permissions, such as a specific Site Administrator , will not be able to update site settings or not have access to certain screens on the control panel, etc.

We are thinking of creating a separate role ( Custom Site Admin ), since we cannot determine the permissions for the roles created by Liferay, and then we will assign all the Site Administrator permissions to this role and remove some of the permissions as specified in the use case.

Edit:
Another question: if I create a new role and assign all permissions and just delete several, will this affect performance?

Version: Liferay 6.1 GA2

If you know any other workaround, I would really appreciate it.

thanks

+4
source share
1 answer

Difference

Administrators have all the privileges for the domain they describe, with only one notable exception.

  • They cannot appoint or remove other administrators.

For example, "Site Administrator" receives all rights to this site, except that it again appoints other site administrators.

In your use case, I would create another role.

Another question: if I create a new role and assign all permissions and just delete several, will this affect performance?

No. Think that there are two more roles, โ€œguestโ€ and โ€œparticipantโ€, which are much more often used in the process of use, which will require a search in the same way as your new user role.

But can you tell me exactly what permissions are allowed between the site owner and the site administrator?

All signs indicate that they are hardcoded, since there are methods in PermissionChecker with methods such as isSiteAdmin , isSiteOwner , isOmniAdmin , etc., these methods check whether the User has these roles and allows them to perform this specific action.

Typically, the following steps allow you to assign a role to a user:

  • Group permission with the "Assign User Roles" action
  • Role permission with the "Assign Participants" action

However, even if you expose these actions to some other role, you still cannot make people "Site Administrators" or "Site Owners" without being "Site Owner"

+5
source

Source: https://habr.com/ru/post/1442953/

More articles:


All Articles