Friday 13 July 2012

Hide and disable access to Liferay's 6.1 control panel.

Hello,
    It is often needed to hide control panel dockbar for simple users. This article I'll describe ways how it can be achived
   

    First we need to change theme little bit in order to hide dockbar, it can be done in next way:
        1) Create new theme if you don't have it.
        2) Into portal_normal.vm add change this code:
#if ($is_signed_in)
 #dockbar()
#end
             into this one:
#if (($is_signed_in) && $permissionChecker.isCompanyAdmin($company_id))
 #dockbar()
#end
        It will remove dockbar for all non admin users.

    But user still will be able to access control panel by direct link http://localhost:8080/group/control_panel.
    To avoid it you can restrict access to control panel by using hook.
    Let's check how it can be done:
        1) Into liferay-hook.xml add following:
portal.properties
        2) Add portal.properties file to hook's src folder and add this line to it:
servlet.service.events.pre=my.event.portal.ControlPanelAccessPreAction
        3) Create ControlPanelAccessPreAction.java into appropriate package and add next code it:
package my.event.portal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.PrincipalException;
import com.liferay.portal.service.GroupLocalServiceUtil;
import com.liferay.portal.service.RoleServiceUtil;
import com.liferay.portal.service.UserServiceUtil;
import com.liferay.portal.theme.ThemeDisplay;

/**
 * The ControlPanelAccessPreAction restricts access to Control panel of simple
 * users.
 */
public class ControlPanelAccessPreAction extends Action {

  /**
   * Instantiates a new control panel access pre action.
   */
  public ControlPanelAccessPreAction() {
 super();
  }

  /*
   * @see com.liferay.portal.kernel.events.Action#run(javax.servlet.http. HttpServletRequest,
   * javax.servlet.http.HttpServletResponse)
   */
  public void run(HttpServletRequest request,
      HttpServletResponse response) throws ActionException {
 try {

   ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
   if (GroupLocalServiceUtil.getGroup(themeDisplay.getLayout().getGroupId()).isControlPanel()) {

  User currentUser = UserServiceUtil.getUserById(themeDisplay.getUserId());
  if (!RoleServiceUtil.hasUserRole(currentUser.getUserId(),
           currentUser.getCompanyId(),
           "administrator",
           true)) {
    throw new PrincipalException("User " + request.getRemoteUser()
     + " can't access the control panel.");
  }
  
   }
 } catch (Exception ex) {
   throw new ActionException(ex);
 }
  }
}

        4) Deploy hook

      That's it, now you completelly hide and restrict access to control panel.
      Complete hook example you can find here.
       
BR,
Paul

4 comments:

  1. 1) Login as admin
    2) Go to->Control panel->roles->User
    3) In Action menu of User role ->Define permission
    4) Search for general 'Go To Control Panel' permission and delete it
    5) Log in as simple user
    6) You can not see control panel link in Go to menu in dock bar

    ReplyDelete
  2. Is there any further reading you would recommend on this?

    Amela
    control panels

    ReplyDelete