Role and Permission management
Prerequisites
This tutorial requires the completion of the following tutorials:
Content of this tutorial
In this tutorial, we will create specific permissions and roles and use those to protect privileged features and displays.
|
[jnt:intranetDashboard] > jnt:content, jmix:structuredContent |
|
- welcomeMessage (string) i18n |
And the following view:
|
<%@ page language="java" contentType="text/html;charset=UTF-8" %> |
|
<%@ taglib prefix="template" uri="http://www.jahia.org/tags/templateLib" %> |
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> |
|
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> |
|
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> |
|
<%@ taglib prefix="jcr" uri="http://www.jahia.org/tags/jcr" %> |
|
<%@ taglib prefix="ui" uri="http://www.jahia.org/tags/uiComponentsLib" %> |
|
<%@ taglib prefix="functions" uri="http://www.jahia.org/tags/functions" %> |
|
<%@ taglib prefix="query" uri="http://www.jahia.org/tags/queryLib" %> |
|
<%@ taglib prefix="utility" uri="http://www.jahia.org/tags/utilityLib" %> |
|
<%@ taglib prefix="s" uri="http://www.jahia.org/tags/search" %> |
|
|
|
<div class="intranet-welcome">${currentNode.properties.welcomeMessage.string}</div> |
|
|
|
Shortcuts: |
|
<ul> |
|
<li><a href="/cms/news">Read the latest corporate news</a></li> |
|
<li><a href="/cms/profile/update">Manage your corporate profile</a></li> |
|
<li><a href="/cms/intranet/administration">Access the administration console</a></li> |
|
</ul> |
This view is by no means a good example: labels and URLs are hardcoded. But it is simple and will serve our Roles and Permissions tutorial well.
The main issue with the view is with the access to the administration console. Only a subset of the users should have access to it, but it is displayed to all right now.
How to create a permission
Permissions are created in a Jahia module (link to the Module creation tutorial) under the folder src/main/imports
as XML files.
The name of the file is permissions.xml
|
"1.0" encoding="UTF-8" xml version= |
|
<permissions jcr:primaryType="jnt:permission" |
|
xmlns:jcr="http://www.jcp.org/jcr/1.0" |
|
xmlns:j="http://www.jahia.org/jahia/1.0" |
|
xmlns:jnt="http://www.jahia.org/jahia/nt/1.0"> |
|
<canViewIntranetAdmin jcr:primaryType="jnt:permission"/> |
|
</permissions> |
We have just defined a new permission: canViewIntranetAdmin
The module needs to be re-built and deployed for the permission to become active.
How to create a role
Role management is very similar to permission management, except that it also has a management UI. This tutorial will focus on the role creation via a Jahia Module.
under the folder src/main/imports
create a file roles.xml
|
"1.0" encoding="UTF-8" xml version= |
|
<roles jcr:primaryType="jnt:roles" |
|
xmlns:jcr="http://www.jcp.org/jcr/1.0" |
|
xmlns:j="http://www.jahia.org/jahia/1.0" |
|
xmlns:jnt="http://www.jahia.org/jahia/nt/1.0"> |
|
<intranetAdministrator jcr:primaryType="jnt:role" j:roleGroup="edit-role" |
|
j:permissions="/permissions/canViewIntranetAdmin" |
|
|
|
/> |
|
</roles> |
With this file, we created a new role intranetAdministrator
. This new role grants the permission canViewIntranetAdmin
.
The module needs to be re-built and deployed for the role to become active.
How to assign a role to a user
Roles are assigned on a piece of content, and inherited by all contents below. A role 'Editor in Chief
' configured on the homepage will apply to all subpages, unless the inheritance is broken.
When editing a piece of content, click "Live role" or 'Edit role', depending on whether the role should apply on edit mode or on the live site.
Edit > Advanced Options > Live Roles > Add user to the intranetAdministrator role
How to use a permission a JSP
The JSTL taglib jcr
provides a hasPermission
method. In our previous example, the following code would only display the link to the administration console to those with the permission canViewIntranetAdmin.
|
<%@ page language="java" contentType="text/html;charset=UTF-8" %> |
|
<%@ taglib prefix="template" uri="http://www.jahia.org/tags/templateLib" %> |
|
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> |
|
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> |
|
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> |
|
<%@ taglib prefix="jcr" uri="http://www.jahia.org/tags/jcr" %> |
|
<%@ taglib prefix="ui" uri="http://www.jahia.org/tags/uiComponentsLib" %> |
|
<%@ taglib prefix="functions" uri="http://www.jahia.org/tags/functions" %> |
|
<%@ taglib prefix="query" uri="http://www.jahia.org/tags/queryLib" %> |
|
<%@ taglib prefix="utility" uri="http://www.jahia.org/tags/utilityLib" %> |
|
<%@ taglib prefix="s" uri="http://www.jahia.org/tags/search" %> |
|
|
|
<c:if test="${jcr:hasPermission[c][d][e][f](currentNode, 'canViewIntranetAdmin')}"> |
|
<li><a href="/cms/intranet/administration">Access the administration console</a></li> |
|
</c:if> |
Do not forget to define a cache .properties file to have a cache.perUser = true
configuration. [Add a link towards to view caching tutorial]
How to use a permission in Java
The Java-based permission usage is very similar to the JSP approach:
|
JCRNodeWrapper page = jcrSessionWrapper.getNode("/sites/mySite/home"); |
|
if (page.hasPermission("canViewIntranetAdmin")) { |
|
// restricted action |
|
} |
This piece of code will make sure that the currently logged-in user has the permission canViewIntranetAdmin on the page before executing some logic.