liferay的权限很多资料说是资源加行为即权限。对这个不实际应用还真是把握不好。
资源是有范围的:1到4,由大到小,1公司,2社区3角色4实例
对于角色的权限定义,在角色管理,选中某个portlet资源(门户的定义也是portlet,portlet name 'portal',id是90),资源范围是3,关联表式roles_permission,资源的主键是0,截图权限1.bmp为证。
对于社区的权限定义,在社区管理里边,选中某个portlet,此时资源范围是2,和角色不同的是,此时资源的id是社区的groupid,并没有在groups_permissions表中添加关联记录。
对于公司范围的资源的权限定义,资源id是公司的id
==========================================================
版本:4.3.4企业版
1.用户所关联实体(社区、组织、用户组、角色、及他们之间的关联体):
com.liferay.portal.service.persistence.GroupFinder.countByGroupId:
SELECT
COUNT(*) AS COUNT_VALUE
FROM
Group_
INNER JOIN
Users_Groups ON
(Users_Groups.userId = ?)
WHERE
(Group_.liveGroupId = 0) AND
(Users_Groups.groupId = Group_.groupId)
(Group_.groupId = ?) AND
(Group_.liveGroupId = 0)
2.资源及权限查找:
资源有四种范围:
对于范围是4的资源,资源的primky是业务对象的id
对于范围是2的资源,资源的primky是权限验证相关的groupid,一般是社区
对于范围是3的资源,资源的primky是GroupImpl.DEFAULT_PARENT_GROUP_ID,即0
对于范围是3的资源,资源的primky是companyId公司id
所以要查找四个范围的资源
3.权限验证:
以下是liferay默认的用户权限运算规则要权限检查的对象,对应的表很好找,使用customersql的方式查询
com.liferay.portal.service.persistence.PermissionFinder.countByGroupsRoles:
com.liferay.portal.service.persistence.PermissionFinder.countByGroupsPermissions:
com.liferay.portal.service.persistence.PermissionFinder.countByUsersRoles:
com.liferay.portal.service.persistence.PermissionFinder.countByUserGroupRole:
com.liferay.portal.service.persistence.PermissionFinder.countByUsersPermissions:
SELECT
COUNT(*) AS COUNT_VALUE
FROM
Groups_Roles
INNER JOIN
Roles_Permissions ON
(Roles_Permissions.roleId = Groups_Roles.roleId)
INNER JOIN
Permission_ ON
(Permission_.permissionId = Roles_Permissions.permissionId)
WHERE
(Roles_Permissions.permissionId=?) AND
(Groups_Roles.groupId=?)
Union all(
SELECT
COUNT(*) AS COUNT_VALUE
FROM
Permission_
INNER JOIN
Groups_Permissions ON
(Groups_Permissions.permissionId = Permission_.permissionId)
WHERE
(Groups_Permissions.permissionId=?) AND
(Groups_Permissions.groupId=?)
)
union all(
SELECT
COUNT(*) AS COUNT_VALUE
FROM
Users_Roles
INNER JOIN
Roles_Permissions ON
(Roles_Permissions.roleId = Users_Roles.roleId)
INNER JOIN
Permission_ ON
(Permission_.permissionId = Roles_Permissions.permissionId)
WHERE
(Roles_Permissions.permissionId=?) AND
(Users_Roles.userId = ?)
)
union all(
SELECT
COUNT(*) AS COUNT_VALUE
FROM
UserGroupRole
INNER JOIN
Roles_Permissions ON
(Roles_Permissions.roleId = UserGroupRole.roleId and UserGroupRole.groupId = ?)
INNER JOIN
Permission_ ON
(Permission_.permissionId = Roles_Permissions.permissionId)
WHERE
(Roles_Permissions.permissionId=?) AND
(UserGroupRole.userId = ?)
)
union all(
SELECT
COUNT(*) AS COUNT_VALUE
FROM
Permission_
INNER JOIN
Users_Permissions ON
(Users_Permissions.permissionId = Permission_.permissionId)
WHERE
(Users_Permissions.permissionId=?) AND
(Users_Permissions.userId = ?)
)