CODEWITHSUNDEEP
liferayliferay-6
ankurjhawar
ankurjhawar

Reputation: 325

How to add permissions on a field in liferay structure?

I've created a structure with 5 fields (ddm-textarea) for web content in LR 6.2.4 CE.

My requirement:

Out of the 5 fields, I wish to show 3 fields to all the users, but I have to show 4th and 5th field to different set of users (different user-group).

My question:

Is it possible to have a field level permission? I am aware of creating a custom field, but I am not sure whether I can inject a condition for permission validation.

I have already created a permission check on template level, where I am able to show fields based on user group, but when a user edits that content he sees all the fields (which we do not want).

Note: All the users are expected to have an edit permission on all the web content and should be able to view and edit only the fields they have permissions on.

Upvotes: 0

Views: 476

Answers (1)

Tobias Liefke
Tobias Liefke

Reputation: 9032

There is no such out of the box functionality. You will either need a hook or ext plugin to change the generation of the fields.

The fields are read in JournalConverter and you could override that with your own implementation and check for permissions in getDDMFields(). But that would mean, that those invisible fields are discarded when the article is saved - I guess that is not what you wanted.

So you will have to override html/portlet/journal/article/content.jsp where the article content is converted to fields:

Fields ddmFields = null;
if ((article != null) && Validator.isNotNull(article.getStructureId()) 
    && Validator.isNotNull(content)) {
  ddmFields = JournalConverterUtil.getDDMFields(ddmStructure, content);
}

Now you can add your permission checking directly afterwards:

Fields ddmFields = null;
if ((article != null) && Validator.isNotNull(article.getStructureId()) 
    && Validator.isNotNull(content)) {
  ddmFields = JournalConverterUtil.getDDMFields(ddmStructure, content);
  for (Field field : ddmFields) {
    if (field.getName().startsWith("restrict-")) {
      String role = field.getName().replaceAll("restrict-(.+)(-.*)?", "$1");
      if (!request.isUserInRole(role)) {
        ddmFields.remove(field.getName());
      }
    }
  }
}

I've used the field name for easy configuration of field restrictions. If a field is named restrict- + role name + - + some optional suffix, it is checked that the current user has the given role. You could use other sources for this configuration, but I guess you get the point.

Upvotes: 1

Related Questions