Forums

angle-left Back

RE: Someone may be trying to circumvent the permission checker

MP
Madhukara Patel, modified 5 Months ago.

Someone may be trying to circumvent the permission checker

Junior Member Posts: 44 Join Date: 3/23/15 Recent Posts
Hi all,

I am trying to create custom resource permission . But it is not creating .

I am facing this exception while checking permission.
Someone may be trying to circumvent the permission checker: {companyId=20116, name=com.liferay.portal.kernel.model.Company, primKey=20116, scope=4}


<model-resource>
<model-name>com.liferay.portal.kernel.model.Company</model-name>
<portlet-ref>
<portlet-name>com_capgemini_invertio_custmgmt_portlet_CustomerManagementPortlet</portlet-name>
</portlet-ref>

<permissions>
<supports>
<action-key>MANAGE_SERVICE_PORTFOLIO</action-key>
<action-key>VIEW_SERVICE_PORTFOLIO</action-key>
<action-key>VIEW_SCOPE</action-key>
<action-key>MANAGE_SCOPE</action-key>
<action-key>VIEW_PPI</action-key>
<action-key>MANAGE_PPM</action-key>
<action-key>APPROVE_PPM_LEVEL1</action-key>
<action-key>APPROVE_PPM_LEVEL2</action-key>
<action-key>APPROVE_PPM_LEVEL3</action-key>
<action-key>VIEW_PPM_DASHBOARD</action-key>
<action-key>MANAGE_FEEDBACK</action-key>
<action-key>MANAGE_TOOLS</action-key>
<action-key>VIEW_TOOL_CONFIG</action-key>
<action-key>DESIGN_WORKFLOW</action-key>
<action-key>DESIGN_RULE</action-key>
<action-key>MANAGE_PROD</action-key>
<action-key>DEPLOY_DEV</action-key>
<action-key>DEPLOY_PROD</action-key>
<action-key>MANAGE_PPM_RULE</action-key>
<action-key> MANAGE_ORG_ROLES</action-key>
<action-key>VIEW_MENULINK</action-key>
<action-key>MANAGE_MENULINK</action-key>
<action-key>MANAGE_EXE_SERVERS</action-key>
<action-key>VIEW_EXE_SERVERS</action-key>
<action-key>PROD_REPO_OWNER</action-key>
<action-key>DEV_WF_INITIATE</action-key>
<action-key>PROD_WF_INITIATE</action-key>
<action-key>VIEW_PROD_WORKFLOW</action-key>
<action-key>VIEW_PROD_RULE</action-key>
<action-key>MANAGE_WF_INST_DEV</action-key>
<action-key>MANAGE_WF_INST_PROD</action-key>

</supports>
<site-member-defaults/>
<guest-defaults />
<guest-unsupported>
<action-key>PERMISSIONS</action-key>
<action-key>VIEW_SERVICE_PORTFOLIO</action-key>
<action-key>VIEW_SCOPE</action-key>
<action-key>MANAGE_SCOPE</action-key>
<action-key>VIEW_PPI</action-key>
<action-key>MANAGE_PPM</action-key>
<action-key>APPROVE_PPM_LEVEL1</action-key>
<action-key>APPROVE_PPM_LEVEL2</action-key>
<action-key>APPROVE_PPM_LEVEL3</action-key>
<action-key>VIEW_PPM_DASHBOARD</action-key>
<action-key>MANAGE_FEEDBACK</action-key>
<action-key>MANAGE_TOOLS</action-key>
<action-key>DESIGN_WORKFLOW</action-key>
<action-key>DESIGN_RULE</action-key>
<action-key>MANAGE_PROD</action-key>
<action-key>DEPLOY_DEV</action-key>
<action-key>DEPLOY_PROD</action-key>
<action-key>MANAGE_PPM_RULE</action-key>
<action-key> MANAGE_ORG_ROLES</action-key>
<action-key>VIEW_MENULINK</action-key>
<action-key>MANAGE_MENULINK</action-key>
<action-key>MANAGE_EXE_SERVERS</action-key>
<action-key>VIEW_EXE_SERVERS</action-key>
<action-key>PROD_REPO_OWNER</action-key>
<action-key>DEV_WF_INITIATE</action-key>
<action-key>PROD_WF_INITIATE</action-key>
<action-key>VIEW_PROD_WORKFLOW</action-key>
<action-key>VIEW_PROD_RULE</action-key>
<action-key>MANAGE_WF_INST_DEV</action-key>
<action-key>MANAGE_WF_INST_PROD</action-key>

</guest-unsupported>
</permissions>
</model-resource>

Please help to solve this.

Thanks in advcance.
Olaf Kock, modified 5 Months ago.

RE: Someone may be trying to circumvent the permission checker

LIFERAY STAFF Liferay Legend Posts: 4619 Join Date: 9/23/08 Recent Posts
Madhukara Patel:
I am facing this exception while checking permission.
Someone may be trying to circumvent the permission checker: {companyId=20116, name=com.liferay.portal.kernel.model.Company, primKey=20116, scope=4}


<model-resource>
...
</model-resource>


To help with an exception requires code, at least up until the line where the exception is triggered, rather than some XML code that doesn't show how you check permissions.
MP
Madhukara Patel, modified 5 Months ago.

RE: Someone may be trying to circumvent the permission checker

Junior Member Posts: 44 Join Date: 3/23/15 Recent Posts
Thanks for your replay

if (permissionChecker.hasPermission(themeDisplay.getCompanyGroupId(), Company.class.getName(), themeDisplay.getCompanyId(),ActionKeys.PERMISSIONS) {

}

While checking permission i am facing above exception .
Tomas Polesovsky, modified 5 Months ago.

RE: Someone may be trying to circumvent the permission checker

LIFERAY STAFF Liferay Master Posts: 654 Join Date: 2/13/09 Recent Posts
Hi,

the answer is simple.

Permission system requires the checked entity to exist in permission system. That means it requires a database record in ResourcePermission table. In your example it expects a DB record with this column values: companyId=20116, name=com.liferay.portal.kernel.model.Company, primKey=20116, scope=4

But Liferay doesn't use Company object for permission checking => doesn't create any records for Company model in ResourcePermission table.

What you are missing here is another piece of code that would create ResourcePermission records of every company for the first time:

for (Company company : companyLocalService.getCompanies()) {
    resourceLocalService.addResources(
            company.getCompanyId(), 0, 0, Company.class.getName(),
            company.getCompanyId(), false, false, false);
}


HTH