Removing Custom Permissions/Actions from a Portlet

2019-03-21 16:45发布

问题:

I have been able to define custom portlet actions/permissions based on this example in Liferay Plugins SDK

https://github.com/liferay/liferay-plugins/tree/master/portlets/sample-permissions-portlet

I want to know the necessary steps I need to take to remove the custom portlet actions/permissions (not model permissions) from a portlet.

I remember observing that when I re-deploy a portlet with modified custom actions/permissions, the old custom actions/permissions stick around.

I tried deleting the portlet folder from Tomcat's webapps and it was successfully unregistered. But after I deploy the portlet again with the custom actions/permissions removed from the corresponding XML, I can still see the permissions in the Define Permissions of a Role.

I tried clearing permissions setting in Server Administration of Liferay's control panel, but it didn't change anything (it wasn't supposed to).

After re-deploying the portlet with the removed/modified permissions and restarting the server, I still see the custom actions/permissions assigned to the portlet, but when I select the portlet, then I don't see the removed permissions which is what I need.

Does un-deploying a portlet remove all the associated custom actions/permissions from Liferay Portal and the portal's Database? Or do I need to make separate liferay service calls to do that? Any inputs in this regard are really appreciated.

Liferay Version: 6.1.2 CE GA3

portlet.properties

include-and-override=portlet-ext.properties
language.bundle=content.Language
resource.actions.configs=resource-actions/default.xml

resource-actions/default.xml

<?xml version="1.0"?>
<!DOCTYPE resource-action-mapping PUBLIC "-//Liferay//DTD Resource Action Mapping 6.2.0//EN" "http://www.liferay.com/dtd/liferay-resource-action-mapping_6_2_0.dtd">

<resource-action-mapping>
    <portlet-resource>
        <portlet-name>1</portlet-name>
        <permissions>
            <supports>
                <action-key>ADD_SOMETHING</action-key>
                <action-key>CONFIGURATION</action-key>
                <action-key>VIEW</action-key>
            </supports>
            <site-member-defaults>
                <action-key>VIEW</action-key>
            </site-member-defaults>
            <guest-defaults>
                <action-key>VIEW</action-key>
            </guest-defaults>
            <guest-unsupported />
        </permissions>
    </portlet-resource>
</resource-action-mapping>

content/language.properties

action.ADD_SOMETHING=Add Something

portlet.xml

<portlet-app xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" version="2.0">
    <portlet>
        <portlet-name>1</portlet-name>
        <display-name>Sample Permissions</display-name>
        <portlet-class>com.liferay.util.bridges.mvc.MVCPortlet</portlet-class>
        <init-param>
            <name>view-template</name>
            <value>/view.jsp</value>
        </init-param>
        <expiration-cache>0</expiration-cache>
        <supports>
            <mime-type>text/html</mime-type>
        </supports>
        <resource-bundle>content.Language</resource-bundle>
        <portlet-info>
            <title>Sample Permissions</title>
            <short-title>Sample Permissions</short-title>
            <keywords>Sample Permissions</keywords>
        </portlet-info>
        <security-role-ref>
            <role-name>administrator</role-name>
        </security-role-ref>
        <security-role-ref>
            <role-name>guest</role-name>
        </security-role-ref>
        <security-role-ref>
            <role-name>power-user</role-name>
        </security-role-ref>
        <security-role-ref>
            <role-name>user</role-name>
        </security-role-ref>
    </portlet>
</portlet-app>

liferay-portlet.xml

<liferay-portlet-app>
    <portlet>
        <portlet-name>1</portlet-name>
        <instanceable>true</instanceable>
    </portlet>
    <role-mapper>
        <role-name>administrator</role-name>
        <role-link>Administrator</role-link>
    </role-mapper>
    <role-mapper>
        <role-name>guest</role-name>
        <role-link>Guest</role-link>
    </role-mapper>
    <role-mapper>
        <role-name>power-user</role-name>
        <role-link>Power User</role-link>
    </role-mapper>
    <role-mapper>
        <role-name>user</role-name>
        <role-link>User</role-link>
    </role-mapper>
</liferay-portlet-app>

liferay-display.xml

<?xml version="1.0"?>
<!DOCTYPE display PUBLIC "-//Liferay//DTD Display 6.2.0//EN" "http://www.liferay.com/dtd/liferay-display_6_2_0.dtd">

<display>
    <category name="category.sample">
        <portlet id="1" />
    </category>
</display>

liferay-plugin-package.properties

name=Sample Permissions
module-group-id=liferay
module-incremental-version=1
tags=sample
short-description=This plugin shows how to use the permission service from a portlet.
long-description=
change-log=
page-url=http://www.liferay.com
author=Liferay, Inc.
licenses=LGPL
liferay-versions=6.2.0+

portal-dependency-jars=\
    jstl-api.jar,\
    jstl-impl.jar

portal-dependency-tlds=\
    c.tld

web.xml

<?xml version="1.0"?>

<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <jsp-config>
        <taglib>
            <taglib-uri>http://java.sun.com/jsp/jstl/core</taglib-uri>
            <taglib-location>/WEB-INF/tld/c.tld</taglib-location>
        </taglib>
    </jsp-config>
</web-app>

The above code works perfectly and I am able to see the permissions in Define Permissions for role.

What I am looking for is, if I modify ADD_SOMETHING action to ADD_SOMETHING_ELSE or Remove ADD_SOMETHING action and add a new action key MY_NEW_ACTION, would the ADD_SOMETHING permission be removed completely from the portal? And if not what are the steps that I need to take to remove the ADD_SOMETHING permission? Redeploy and Restart the server is enough to ensure these actions?

EDIT: Based on Prakash's Response

//Ashok - Beanshell Script for ResourceAction Table Service
import com.liferay.portal.model.ResourceAction;
import com.liferay.portal.service.ResourceActionLocalServiceUtil;
import java.util.List;

List resourceList=ResourceActionLocalServiceUtil.getResourceActions(com.liferay.portal.kernel.dao.orm.QueryUtil.ALL_POS, com.liferay.portal.kernel.dao.orm.QueryUtil.ALL_POS);

for (ResourceAction resourceAction:resourceList) {
    System.out.println("Resource Name: " + resourceAction.getActionId());
    System.out.println("Resource Name: " + resourceAction.getName());
   //ResourceActionLocalServiceUtil.deleteResourceAction(giveActionIdHereForDeleting);
}

回答1:

Permissions are not removed from database for the portlet either when you un-deploy the portlet, or when you restart the server. why?

Because, undeploying a portlet does not necessarily mean the data needs to be removed from the database, the portlet can be redeployed many times. So liferay correctly takes the safe route of keeping the data intact unless it is manually deleted through the database or through some service. And the permissions are considered as data just like you have data stored for your custom asset.

So you can delete the permissions from ResourceAction table by creating some service or through the beanshell scripting panel in control PanelServer AdministrationScriptingSelect Beanshell. You would also need to take care of the bitwiseValue and the permissions already set in the ResourcePermission table.

I would suggest renaming the permission in the ResourceAction table rather than deleting and adding new, it might get complicated.

Hope this helps.