You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Michael Gustav Simon <mg...@gmail.com> on 2006/01/20 15:27:04 UTC
PorletPermission
Hello,
I do not understand the permission for portlets!
If I set a role (ex. admin) to a portlet (ex. Helloworld Portlet Wrapper) in
the "Root Folder >> Jetspeed Administrative Portlets >> Portlet Application
Manager" / "Portlet Application Detail" tab "Portlets" subtab "Security" and
relogin with an user (ex. user), the portlet can selected (portlet: "Portlet
Selector") for in the customization page.
The portlet "Portlet Selector" will filter the portlets with the following
code-snippet.
(PortletSelector.java)
...
if (permissionManager.checkPermission(subject,
new PortletPermission(portlet.getUniqueName(),
SecuredResource.VIEW_ACTION, subject )))
{
list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale),
portlet.getDescriptionText(locale)));
}
...
Why is this portlet selectable?
greets,
mgsimon
Re: PorletPermission
Posted by Michael Gustav Simon <mg...@gmail.com>.
OK, but how i can associate the PortletPermission to a role.
I want to filter the selectable portlets in the portlet selector.
For ex. only an user with the role "customer" can add the portlet "myoders"
to the page.
Re: PorletPermission
Posted by David Sean Taylor <da...@bluesunrise.com>.
Michael Gustav Simon wrote:
> Hello,
> I do not understand the permission for portlets!
>
> If I set a role (ex. admin) to a portlet (ex. Helloworld Portlet Wrapper) in
> the "Root Folder >> Jetspeed Administrative Portlets >> Portlet Application
> Manager" / "Portlet Application Detail" tab "Portlets" subtab "Security" and
> relogin with an user (ex. user), the portlet can selected (portlet: "Portlet
> Selector") for in the customization page.
>
I think this is a great idea, but its NOT where portlet permissions are
configured. Unfortunately there is not a connection between this admin
portlet and the security policy that holds portlet permissions.
You need to set portlet permissions in the database, such as in the seed
data:
INSERT INTO SECURITY_PERMISSION
VALUES(100,'org.apache.jetspeed.security.PortletPermission','j2-admin::*','view,
edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572');
> The portlet "Portlet Selector" will filter the portlets with the following
> code-snippet.
>
yes
> (PortletSelector.java)
> ...
> if (permissionManager.checkPermission(subject,
> new PortletPermission(portlet.getUniqueName(),
> SecuredResource.VIEW_ACTION, subject )))
> {
> list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale),
> portlet.getDescriptionText(locale)));
> }
> ...
>
> Why is this portlet selectable?
>
Im not sure if I understand that question...
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org