LPS-138503 As an administrator, I want to define company and group-scoped permissions for an Account Role in Roles Admin #106784
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… indicate the alternate permissions view for Account Roles This method will return true only if: - The role is an Account type - The parameter "accountRoleGroupScope" is present.
…o get the correct permission scope for Account Roles Since a majority of role types use GROUP_TEMPLATE scope only, this will be the default type. Regular Roles automatically use COMPANY/GROUP scope, and Account Roles will use COMPANY/GROUP scope if the "accountRoleGroupScope" control parameter is present, otherwise use GROUP_TEMPLATE scope.
…Account Roles only
… indicate if group scopes should be allowed
… for Account role type Account Roles can potentially contain permissions at all scopes, so the ResourcePermission search should include all but Individual scope.
… indicate if a given permission is appropriate for the current definition scope This method will help with filtering out irrelevant permissions from the permission summary display in edit_role_permissions_summary.jsp. If the role is not an Account Role, always allow. If defining group permissions, only allow COMPANY and GROUP scope permissions. If defining group template permissions, only allow GROUP_TEMPLATE permissions.
… permission is not valid at the current scope, do not render it
…strict resources for Account Roles When defining group and company scope permissions for Account Roles, only group-level resources should be present. No company or system-level resources should be allowed to be defined for Account Roles except for Account-related resources at the GROUP_TEMPLATE scope.
…gement widget Using a ThreadLocal was the smallest footprint I could make for this. The alternative was to make a copy of all the current ScreenNavigation entries and categories from the Admin portlet and then just exclude the Roles one. Thankfully everything is internal so this ThreadLocal is not exposed to any other module.
…gationCategory This is a preparatory step for adding a new define permissions ScreenNavigationEntry.
This entry is almost the same as the current "Define Permissions" entry, except that it sets "accountRoleGroupScope" parameter to true, and has different labels.
|
Please only forward necessary changes to Brian Chan during stabilization. Nonurgent changes should wait until the ongoing DXP 7.4 GA1 and Portal 7.4 GA4 release has been completed. For more details on the release timeline and status, see product-delivery. |
|
To conserve resources, the PR Tester does not automatically run for forwarded pull requests. |
|
Merged. Thank you. |
|
@drewbrokke minor SF in a60e6b1 |
|
@brianchandotcom thank you for catching that. |
liferay-continuous-integration
deleted the
ci-forward-LPS-138503-STORY-v1-roles-admin-account-role-group-scope-permissions-to-send-pr-254-sender-drewbrokke-ts-1631053608492
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Forwarded from: https://github.com/liferay-usm/liferay-portal/pull/254 (Took 1
ci:forwardattempt in 2 minutes)Console
@drewbrokke
@liferay-usm
Original pull request comment:
This is an update for LPS-138503.
/cc @pei-jung @alee8888 @ChrisKian @patriciajeanperez @lr-leo
✔️ ci:test:stable - 10 out of 10 jobs passed
✔️ ci:test:relevant - 23 out of 24 jobs passed in 2 hours 5 minutes
Click here for more details.
Base Branch:
Branch Name: master
Branch GIT ID: 4a6b78a886aceca2c92ab912da85af4038da2a3f
Upstream Comparison:
Branch GIT ID: 4bc11e114e0e1c29363855f50d7f859796b44857
Jenkins Build URL: Acceptance Upstream DXP (master) #2293
ci:test:stable - 10 out of 10 jobs PASSED
10 Successful Jobs:
ci:test:relevant - 22 out of 24 jobs PASSED
2 Failed Jobs:
test-portal-acceptance-pullrequest(master)test-portal-acceptance-pullrequest-batch(master)/modules-integration-mysql57-jdk8/022 Successful Jobs:
For more details click here.
This pull contains no unique failures.
Failures in common with acceptance upstream results at 4bc11e1:
test-portal-acceptance-pullrequest-batch(master)/modules-integration-mysql57-jdk8/0
Job Results:
766 Tests Passed.
1 Test Failed.
✔️ ci:test:sf - 1 out of 1 jobs passed in 4 minutes
Click here for more details.
Base Branch:
Branch Name: master
Branch GIT ID: 4a6b78a886aceca2c92ab912da85af4038da2a3f
Sender Branch:
Branch Name: LPS-138503-STORY-v1-roles-admin-account-role-group-scope-permissions-to-send
1 out of 1jobs PASSEDBranch GIT ID: 6ffa52b38c2518531e13d72be19e135ca3dc1f73
1 Successful Jobs:
For more details click here.