Liferay inherited roles

Hi every one.

First of all i would like to thank Orbeon community because of the quick and effective answers.

It seems Orbeon portlet proxy dose not undestand Liferay users inherited roles(roles assigned to all users of the same group in Liferay), however it works fine with Liferay users regular roles. My properties-local.xml file is as follow:



<properties xmlns:xs="http://www.w3.org/2001/XMLSchema"
            xmlns:oxf="http://www.orbeon.com/oxf/processors">
                       
<property as="xs:string" name="oxf.fr.persistence.provider.*.*.*" value="oracle"/>
<property as="xs:string" name="oxf.fr.persistence.oracle.datasource" value="oracle"/>
<property as="xs:boolean" name="oxf.fr.persistence.oracle.create-flat-view" value="true"/>


    <property as="xs:anyURI" processor-name="oxf:page-flow" name="authorizer" value="/orbeon-auth"/>

    <property as="xs:string" name="oxf.fr.authentication.method"           value="header"/>
    <property as="xs:string" name="oxf.fr.authentication.header.username"  value="Orbeon-Liferay-User-Email"/> 
    <property as="xs:string" name="oxf.fr.authentication.header.roles"     value="Orbeon-Liferay-User-Roles"/> 
        <property as="xs:string" name="oxf.fr.authentication.header.group"     value="Orbeon-Liferay-User-Group"/>
    <property as="xs:string" name="oxf.xforms.forward-submission-headers"   value="Orbeon-Liferay-User-Email Orbeon-Liferay-User-Roles Orbeon-Liferay-User-Group"/>
 

   
   
       <property as="xs:boolean" name="oxf.xforms.async-portlet-load" value="true"/>


</properties>

do i have made any mistakes, or is there any possible solution for this problem?

BEST

Here is how we get Liferay roles:

https://github.com/orbeon/orbeon-forms/blob/master/src/main/scala/org/orbeon/oxf/portlet/liferay/LiferaySupport.scala

We call getRoles() on com.liferay.portal.model.User. Do you happen to know whethe there is another way to get role information?

-Erik

Hi Erick.

The problem is as follow:

If i define a role for a single user in Liferay, orbeon works fine (understand the user role and impose correct restrictions) but if i define a group users (in Liferay) and assign a role to that group, orbeon dose not consider that role for the users of that group.

do you suggest me to change Orbeon source ( for example by calling different Liferay APIs)?

is there any other way to get role information?

Got it.

Now the question is: how can we obtain roles from Liferay in this scenario?

In this forum post:

    http://www.liferay.com/community/forums/-/message_boards/message/32479830

I see that possibly this could be used:

    RoleLocalServiceUtil.getUserRelatedRoles()

Are you able to try it out?

I am a bit unclear if we should always also add the group roles by default. What do you think?

-Erik

Thank you so much Erick,

i got the solution, the simple problem is as follow:

we are trying to to build the Orbeon modified source to generate Orbeon PE version to test the inherited roles capabilities but building process will (out-of-box)  produce the community edition war, i hope it would be possible to  create PE version from existing source ;)

Sincerely yours.

It is possible, but we don't provide instructions to build the PE version right now unless you are a PE customer. This said, your change should only impact the proxy portlet, so you should be able to figure it out easily!

-Erik

Hi Erik

See also, StackOverflow Question

IMHO I would add Group Roles by default, as, when you scale up Role management and Role Based Access Control (RBAC) to the Enterprise level, the most granular roles (should) map to functions rather than organisational positions. What I mean is the standard CRUD functions would map to roles "can-read", "can-edit", etc. which are then assigned to an organisational position User Group, ie:

Steve -> Manager -> "can-read", "can-edit", "can-delete"
Amy -> Clerk -> "can-read"

Practically this means that the functions that a Manager, etc. can perform are stored within the User provisioning mechanism rather than the form definition.

Regards

Jez

Jez,

Thanks for the comments. So I am tempted to add:

    RoleLocalServiceUtil.getUserRelatedRoles()

by default.

-Erik

Hi Erick

i modified the source code and now it is working fine with the liferay inherited roles:

first i add a class to the orbeon to fetch all user inherited and normal roles :



 package org.orbeon.oxf.basaUtil;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.model.*;
import com.liferay.portal.service.*;
import com.liferay.portal.service.persistence.UserGroupRoleFinder;

import java.util.ArrayList;
import java.util.List;

import com.liferay.portal.service.RoleServiceUtil;

/**
 * Created by bnadaf on 6/28/14.
 */
public class RoleWrapper {



    public static List<Role> getUserAllRoles(User user) throws PortalException, SystemException {

        boolean dublicated = false;
        List<Role> roles = new ArrayList<Role>();
        roles.addAll(user.getRoles());
        roles.addAll(getUserGroupRolesOfUser(user));
        roles.addAll(getUserExplicitRoles(user));

        // getting list of the all Liferay roles
        List<Role> allRoles=RoleLocalServiceUtil.getRoles(0,RoleLocalServiceUtil.getRolesCount());

        //  selecting inherited portal roles
        for(Role role : allRoles)
        {


            try{

                if( RoleServiceUtil.hasUserRole(user.getUserId(), user.getCompanyId(), role.getName(), true))
                {

                    // checking if the role previously added to the user role list
                    for(Role role1 : roles)
                        if(role1.getDescriptiveName().equals(role.getDescriptiveName()))
                            dublicated=true;

                    if(dublicated==false)
                        roles.add(role);

                    dublicated=false;

                }
            }

            catch(Exception e){}

        }

        return roles;
    }

    public static List<Role> getUserExplicitRoles(User user) throws SystemException, PortalException {
               List<Role> roles = new ArrayList<Role>();
                List<UserGroupRole> userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(user.getUserId());
                for (UserGroupRole userGroupRole : userGroupRoles) {
                        roles.add(userGroupRole.getRole());
                    }
        for(Role rol:roles)
        {
            System.out.println(rol.getDescriptiveName());
            System.out.println(rol.getTypeLabel());
        }
                return roles;
            }

    public static List<Role> getUserGroupRolesOfUser(User user) throws SystemException, PortalException {
                List<Role> roles = new ArrayList<Role>();
                List<UserGroup> userGroupList = UserGroupLocalServiceUtil.getUserUserGroups(user.getUserId());
                List<UserGroupGroupRole> userGroupGroupRoles = new ArrayList<UserGroupGroupRole>();
                for (UserGroup userGroup : userGroupList) {
                        userGroupGroupRoles.addAll(UserGroupGroupRoleLocalServiceUtil.getUserGroupGroupRoles(userGroup
                                .getUserGroupId()));
                    }
                for (UserGroupGroupRole userGroupGroupRole : userGroupGroupRoles) {
                        Role role = RoleLocalServiceUtil.getRole(userGroupGroupRole.getRoleId());
                       roles.add(role);
                    }
                return roles;
           }
}


then i modify the following line of LiferaySupport.scala file:

   //Orginal
        "Orbeon-Liferay-User-Roles"       → (u ⇒ u.getRoles.asScala map (_.getName) toList)
       
  //modified
 "Orbeon-Liferay-User-Roles"       → (u ⇒ RoleWrapper.getUserAllRoles(u).asScala map (_.getName) toList)

note: for more information to see how get the user inherited role see:
https://www.liferay.com/community/forums/-/message_boards/view_message/13284677

Thanks for sharing, and glad it's working now! -Erik