New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LPS-138503 As an administrator, I want to define company and group-scoped permissions for an Account Role in Roles Admin #106784
Conversation
… indicate the alternate permissions view for Account Roles This method will return true only if: - The role is an Account type - The parameter "accountRoleGroupScope" is present.
…o get the correct permission scope for Account Roles Since a majority of role types use GROUP_TEMPLATE scope only, this will be the default type. Regular Roles automatically use COMPANY/GROUP scope, and Account Roles will use COMPANY/GROUP scope if the "accountRoleGroupScope" control parameter is present, otherwise use GROUP_TEMPLATE scope.
…Account Roles only
… indicate if group scopes should be allowed
… for Account role type Account Roles can potentially contain permissions at all scopes, so the ResourcePermission search should include all but Individual scope.
… indicate if a given permission is appropriate for the current definition scope This method will help with filtering out irrelevant permissions from the permission summary display in edit_role_permissions_summary.jsp. If the role is not an Account Role, always allow. If defining group permissions, only allow COMPANY and GROUP scope permissions. If defining group template permissions, only allow GROUP_TEMPLATE permissions.
… permission is not valid at the current scope, do not render it
…strict resources for Account Roles When defining group and company scope permissions for Account Roles, only group-level resources should be present. No company or system-level resources should be allowed to be defined for Account Roles except for Account-related resources at the GROUP_TEMPLATE scope.
…gement widget Using a ThreadLocal was the smallest footprint I could make for this. The alternative was to make a copy of all the current ScreenNavigation entries and categories from the Admin portlet and then just exclude the Roles one. Thankfully everything is internal so this ThreadLocal is not exposed to any other module.
…gationCategory This is a preparatory step for adding a new define permissions ScreenNavigationEntry.
This entry is almost the same as the current "Define Permissions" entry, except that it sets "accountRoleGroupScope" parameter to true, and has different labels.
Please only forward necessary changes to Brian Chan during stabilization. Nonurgent changes should wait until the ongoing DXP 7.4 GA1 and Portal 7.4 GA4 release has been completed. For more details on the release timeline and status, see product-delivery. |
To conserve resources, the PR Tester does not automatically run for forwarded pull requests. |
Merged. Thank you. |
@drewbrokke minor SF in a60e6b1 |
@brianchandotcom thank you for catching that. |
Forwarded from: https://github.com/liferay-usm/liferay-portal/pull/254 (Took 1
ci:forward
attempt in 2 minutes)Console
@drewbrokke
@liferay-usm
Original pull request comment:
This is an update for LPS-138503.
/cc @pei-jung @alee8888 @ChrisKian @patriciajeanperez @lr-leo
✔️ ci:test:stable - 10 out of 10 jobs passed
✔️ ci:test:relevant - 23 out of 24 jobs passed in 2 hours 5 minutes
Click here for more details.
Base Branch:
Branch Name: master
Branch GIT ID: 4a6b78a886aceca2c92ab912da85af4038da2a3f
Upstream Comparison:
Branch GIT ID: 4bc11e114e0e1c29363855f50d7f859796b44857
Jenkins Build URL: Acceptance Upstream DXP (master) #2293
ci:test:stable - 10 out of 10 jobs PASSED
10 Successful Jobs:
ci:test:relevant - 22 out of 24 jobs PASSED
2 Failed Jobs:
test-portal-acceptance-pullrequest(master)test-portal-acceptance-pullrequest-batch(master)/modules-integration-mysql57-jdk8/022 Successful Jobs:
For more details click here.
This pull contains no unique failures.
Failures in common with acceptance upstream results at 4bc11e1:
test-portal-acceptance-pullrequest-batch(master)/modules-integration-mysql57-jdk8/0
Job Results:
766 Tests Passed.
1 Test Failed.
✔️ ci:test:sf - 1 out of 1 jobs passed in 4 minutes
Click here for more details.
Base Branch:
Branch Name: master
Branch GIT ID: 4a6b78a886aceca2c92ab912da85af4038da2a3f
Sender Branch:
Branch Name: LPS-138503-STORY-v1-roles-admin-account-role-group-scope-permissions-to-send
1 out of 1jobs PASSEDBranch GIT ID: 6ffa52b38c2518531e13d72be19e135ca3dc1f73
1 Successful Jobs:
For more details click here.