Thursday, October 25, 2012

Liferay: authorization of actions on dynamic data lists


Another feature you might want to include in your dynamic data list template, is that the edit button is only shown to users of a certain role. This, again, requires some thinking and trying, but I have done it for you. What I did, was get all the roles for the current user (through the user id in the request's theme display).
#set ($user_id = $request.theme-display.user-id)

#set ($roles = $serviceLocator.findService("com.liferay.portal.service.RoleLocalService").getUserRoles($getterUtil.getLong($user_id)))
Now, we can loop the roles, and set a variable if the user has a certain role.
#set ($can_edit = 'false')

#foreach ($role in $roles)
    #if ($role.name == 'Administrator')
        #set ($can_edit = 'true')
    #end
#end
Later in the template, we can than use the $can_edit variable to conditionally display the edit link.