Thursday, June 12, 2014

Hide and disable access to Liferay's 6.1 control panel.

Hello,
    It is often needed to hide control panel dockbar for simple users. This article I'll describe ways how it can be achived
   

    First we need to change theme little bit in order to hide dockbar, it can be done in next way:
        1) Create new theme if you don't have it.
        2) Into portal_normal.vm add change this code:
#if ($is_signed_in)
 #dockbar()
#end
             into this one:
#if (($is_signed_in) && $permissionChecker.isCompanyAdmin($company_id))
 #dockbar()
#end
        It will remove dockbar for all non admin users.

    But user still will be able to access control panel by direct link http://localhost:8080/group/control_panel.
    To avoid it you can restrict access to control panel by using hook.
    Let's check how it can be done:
        1) Into liferay-hook.xml add following:
portal.properties
        2) Add portal.properties file to hook's src folder and add this line to it:
servlet.service.events.pre=my.event.portal.ControlPanelAccessPreAction
        3) Create ControlPanelAccessPreAction.java into appropriate package and add next code it:
package my.event.portal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.service.GroupLocalServiceUtil;
import com.liferay.portal.service.RoleServiceUtil;
import com.liferay.portal.service.UserServiceUtil;
import com.liferay.portal.theme.ThemeDisplay;

/**
 * The ControlPanelAccessPreAction restricts access to Control panel of simple
 * users.
 */
public class ControlPanelAccessPreAction extends Action {

  /**
   * Instantiates a new control panel access pre action.
   */
  public ControlPanelAccessPreAction() {
 super();
  }

  /*
   * @see com.liferay.portal.kernel.events.Action#run(javax.servlet.http. HttpServletRequest,
   * javax.servlet.http.HttpServletResponse)
   */
  public void run(HttpServletRequest request,
      HttpServletResponse response) throws ActionException {
 try {

   ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
   if (GroupLocalServiceUtil.getGroup(themeDisplay.getLayout().getGroupId()).isControlPanel()) {

  User currentUser = UserServiceUtil.getUserById(themeDisplay.getUserId());
  if (!RoleServiceUtil.hasUserRole(currentUser.getUserId(),
           currentUser.getCompanyId(),
           "administrator",
           true)) {
    throw new PrincipalException("User " + request.getRemoteUser()
     + " can't access the control panel.");
  }
  
   }
 } catch (Exception ex) {
   throw new ActionException(ex);
 }
  }
}

        4) Deploy hook

      That's it, now you completelly hide and restrict access to control panel.
      Complete hook example you can find here.

No comments:

Post a Comment