本文介绍了在Liferay中如何实现细粒度的权限控制,包括如何通过自定义的orderPermission类来检查用户权限,并详细解释了check和contains方法的区别及应用场景。
接着(一)讲,在做持久化的时候会在新增的portlet包下面有一个service包(参考自动生成持久化代码那篇文章),增加一个名为permission的包,增加orderPermission.java,内容如下:
public static void check(
PermissionChecker permissionChecker, long plid, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
if (!contains(permissionChecker, plid, categoryId, actionId)) {
throw new PrincipalException();
}
}
public static void check(
PermissionChecker permissionChecker, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
if (!contains(permissionChecker, categoryId, actionId)) {
throw new PrincipalException();
}
}
public static void check(
PermissionChecker permissionChecker, CategoryEntry category,
String actionId)
throws PortalException, SystemException {
if (!contains(permissionChecker, category, actionId)) {
throw new PrincipalException();
}
}
public static boolean contains(
PermissionChecker permissionChecker, long pld, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
if (categoryId == ProductCategoryUtil.DEFAULT_PARENT_CATEGORY_ID) {
return PortletPermissionUtil.contains(
permissionChecker, pld, "PROTLET_NAME", actionId);
}
else {
return contains(permissionChecker, categoryId, actionId);
}
}
public static boolean contains(
PermissionChecker permissionChecker, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
CategoryEntry category =
CategoryEntryServiceUtil.findByPrimaryKey(categoryId);
return contains(permissionChecker, category, actionId);
}
public static boolean contains(
PermissionChecker permissionChecker, CategoryEntry category,
String actionId)
throws PortalException, SystemException {
return permissionChecker.hasPermission(
category.getGroupId(), CategoryEntry.class.getName(),
category.getCategoryId(), actionId);
}
一个check对应一个contains,两个用在不同的场合,check用在后台持久化操作时候会抛出一个权限不足的错误,而contains用在JSP只是用来验证权限的.其实可以看出最后都是调用permissionChecker.hasPermission方法的,四个参数:1社区ID,2元素class名,3主键,4所操作的权限(要和order.xml中定义的权限名相同).还有一个PortletPermissionUtil.contains方法,这个是用来验证当前portlet操作权限的,他有四个参数:1permissionChecker,2当前layout.getPlid(),3portlet名,4所操作权限.
至于里面的参数的获得可以参照一下liferay原码中的shopping card,这个里面有这些参数的获得方法.有这个权限后,就可以把权限控制到每一个元素上.
public static void check(
PermissionChecker permissionChecker, long plid, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
if (!contains(permissionChecker, plid, categoryId, actionId)) {
throw new PrincipalException();
}
}
public static void check(
PermissionChecker permissionChecker, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
if (!contains(permissionChecker, categoryId, actionId)) {
throw new PrincipalException();
}
}
public static void check(
PermissionChecker permissionChecker, CategoryEntry category,
String actionId)
throws PortalException, SystemException {
if (!contains(permissionChecker, category, actionId)) {
throw new PrincipalException();
}
}
public static boolean contains(
PermissionChecker permissionChecker, long pld, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
if (categoryId == ProductCategoryUtil.DEFAULT_PARENT_CATEGORY_ID) {
return PortletPermissionUtil.contains(
permissionChecker, pld, "PROTLET_NAME", actionId);
}
else {
return contains(permissionChecker, categoryId, actionId);
}
}
public static boolean contains(
PermissionChecker permissionChecker, long categoryId,
String actionId)
throws PortalException, SystemException, Exception {
CategoryEntry category =
CategoryEntryServiceUtil.findByPrimaryKey(categoryId);
return contains(permissionChecker, category, actionId);
}
public static boolean contains(
PermissionChecker permissionChecker, CategoryEntry category,
String actionId)
throws PortalException, SystemException {
return permissionChecker.hasPermission(
category.getGroupId(), CategoryEntry.class.getName(),
category.getCategoryId(), actionId);
}
一个check对应一个contains,两个用在不同的场合,check用在后台持久化操作时候会抛出一个权限不足的错误,而contains用在JSP只是用来验证权限的.其实可以看出最后都是调用permissionChecker.hasPermission方法的,四个参数:1社区ID,2元素class名,3主键,4所操作的权限(要和order.xml中定义的权限名相同).还有一个PortletPermissionUtil.contains方法,这个是用来验证当前portlet操作权限的,他有四个参数:1permissionChecker,2当前layout.getPlid(),3portlet名,4所操作权限.
至于里面的参数的获得可以参照一下liferay原码中的shopping card,这个里面有这些参数的获得方法.有这个权限后,就可以把权限控制到每一个元素上.
扫一扫
513
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
