Permissions

Permissions is a property in the portal.properties file, which is the default configuration file for Sun GlassFish Web Space Server. You can override this property using portal-ext.properties file.

Set the default permission checker class used by com.liferay.portal.security.permission.PermissionCheckerFactory to check permissions for actions on objects. This class can be overridden with a custom class that extends com.liferay.portal.security.permission.PermissionCheckerImpl.

permissions.checker=com.liferay.portal.security.permission.PermissionCheckerImpl

Set the algorithm used to check permissions for a user. This is useful so that you can optimize the search for different databases. See com.liferay.portal.service.impl.PermissionLocalServiceImpl. The default is method two.

The first algorithm uses several if statements to query the database for these five things in order. If it finds any one of them, it returns true:

• Is the user connected to one of the permissions via group or organization roles?

• Is the user associated with groups or organizations that are directly connected to one of the permissions?

• Is the user connected to one of the permissions via user roles?

• Is the user connected to one of the permissions via user group roles?

• Is the user directly connected to one of the permissions?

permissions.user.check.algorithm=1

The second algorithm (the default) does a database join and checks the permissions in one step, by calling countByGroupsRoles, countByGroupsPermissions, countByUsersRoles, countByUserGroupRole, and countByUsersPermissions in one method.

permissions.user.check.algorithm=2

The third algorithm checks the permissions by checking for three things. It combines the role check into one step. If it finds any of the following items, it returns true:

• Is the user associated with groups or organizations that are directly connected to one of the permissions?

• Is the user associated with a role that is directly connected to one of the permissions?

• Is the user directly connected to one of the permissions?

permissions.user.check.algorithm=3

The fourth algorithm does a database join and checks the permissions that algorithm three checks in one step, by calling countByGroupsPermissions, countByRolesPermissions, and countByUsersPermissions in one method.

permissions.user.check.algorithm=4

Set the default permissions list filter class. This class must implement com.liferay.portal.kernel.security.permission.PermissionsListFilter. This is used if you want to filter the list of permissions before it is actually persisted. For example, if you want to make sure that all users who create objects never have the UPDATE action, then you can filter that list and remove any permissions that have the UPDATE action before it is persisted.

permissions.list.filter=com.liferay.portal.security.permission.PermissionsListFilterImpl