最后,我能够完成Resource Permissions
对RoleX的修改和修改 init users_admin portlet jsp 文件,两者都使用 Hook 插件。
主要问题是 Liferay 没有使用 ResourcePermissions 来启用用户所属组织之外的组织管理。
特别portal-trunk/portal-web/docroot/html/portlet/users_admin/init.jsp
是只有几行代码仅针对 Company Admin Role启用它:
else if (permissionChecker.isCompanyAdmin()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
因此,我在 init.jsp 中添加了以下几行(您可以在钩子中使用 init-ext.jsp),以便也为RoleX启用它:
if (MyUtils.isRoleX()) {
filterManageableGroups = false;
filterManageableOrganizations = false;
filterManageableUserGroups = false;
}
这样,数据库查询不会过滤组织、用户和组。
第二步是定义添加、更新、管理等权限。用户和组织以及访问控制面板中的 portlet。
使用启动操作钩子和ResourcePermisssionLocalService
API 非常简单:
private static final String[] ORGANIZATION_ENTRY_ACTION_IDS = new String[] {
ActionKeys.VIEW, ActionKeys.UPDATE, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.DELETE, ActionKeys.MANAGE_USERS };
private static final String[] ORGANIZATION_CUSTOM_FIELDS_ENTRY_ACTION_IDS = new String[] {
ActionKeys.VIEW, ActionKeys.UPDATE };
public static final String[] ORGANIZATION_MODEL_ACTION_IDS = new String[] {
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.DELETE, ActionKeys.MANAGE_ANNOUNCEMENTS,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.MANAGE_USERS,
ActionKeys.MANAGE_SUBORGANIZATIONS };
public static final String[] ORGANIZATION_GROUP_ENTRY_ACTION_IDS = new String[] {
ActionKeys.ASSIGN_MEMBERS, ActionKeys.ASSIGN_USER_ROLES,
ActionKeys.UPDATE, ActionKeys.VIEW, ActionKeys.VIEW_MEMBERS };
private static final String[] PORTAL_ACTION_IDS = new String[] {
ActionKeys.ADD_USER, ActionKeys.ADD_ORGANIZATION,
ActionKeys.VIEW_CONTROL_PANEL };
private static final String[] USERS_ORG_ADMIN_ACTION_IDS = new String[] { ActionKeys.ACCESS_IN_CONTROL_PANEL };
……省略……
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
Organization.class.getName(),
ResourceConstants.SCOPE_GROUP_TEMPLATE, "0", CiUtils
.getRoleX().getPrimaryKey(),
ORGANIZATION_MODEL_ACTION_IDS);
// ORGANIZATION MODEL COMPANY PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
Organization.class.getName(), ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_MODEL_ACTION_IDS);
// PORTAL (portlet 90) PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
"90", ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
PORTAL_ACTION_IDS);
// USER_ORG_ADMINS PORTLET (125) PERMISSIONS
ResourcePermissionLocalServiceUtil.setResourcePermissions(companyId,
"125", ResourceConstants.SCOPE_COMPANY,
Long.toString(companyId),
CiUtils.getRoleX().getPrimaryKey(),
USERS_ORG_ADMIN_ACTION_IDS);
对于每个组织:
ResourcePermissionLocalServiceUtil.setResourcePermissions(organization.getCompanyId(),
Organization.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL, Long .toString(organization.getPrimaryKey()),
MyUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_ENTRY_ACTION_IDS);
long groupId = organization.getGroupId();
ResourcePermissionLocalServiceUtil.setResourcePermissions(
organization.getCompanyId(),Group.class.getName(), ResourceConstants.SCOPE_INDIVIDUAL,Long.toString(groupId),
MyUtils.getRoleX().getPrimaryKey(),
ORGANIZATION_GROUP_ENTRY_ACTION_IDS);
希望这可以帮助别人。