I’ve users which access to portal from the standard login portlet and other users access using a custom login portlet.
Using the custom login portlet, users have a custom shell and a custom skin and they don’t have to see some options of the left navigation panel.
I need to know if it’s possible to restrict the options on some way, since the users may share some roles and they have (or don’t have) to see the options depending on which portlet they used for log into the portal.
Is there any group or role that differentiates these users? I realize there might be some groups or roles that they have in common, but as long as there is one unique group or role, then it should be a simple matter of permissions.
If not, then you’ll have to use a more dynamic role (such as a Rule Based Role) to differentiate between which login portlets were used.
There is not a group or role that differentiates these users, and they may share some groups or roles, so, I’ve to restrict options for those who are using my custom login portlet.
Please, explain me more about using a rule based role.
I’ve permissions to my own user which overrides other permissions.
I’ve test with two roles, one of them allow access to “My Inbox” and the other denies access and works fine (Inbox is not shown).
But, I think a rule based role is not the solution, since I need the user lost the rol that denies access when enter normally from standard login page.
I’m not sure. Roles are re-evaluated at every single login. So if the rule fires for user A for the first login, then user A logs in later through a different portlet, that user won’t have to have the same role.
The Rule-Based Role Provider isn’t sophisticated enough this task.
How about this solution?
Create a login event listener
If the user logged in from the special login page set an attribute/value on that user, if not set a different attribute/value. (eg: specialLogin=true or specialLogin=false). You can use the IDirectorySession apis for this
Create a shell rule that is based on the value of this attribute
I’ve a Custom Inbox. If the user enter using the Custom Login portlet he should be able to see the Custom Inbox link in the left navigation panel and not to see the standard inbox link. In the other way, if he use the standard login page should see the standard inbox link and not the other.
I failed to understad how these steps will help to segregate these permissions.
I’ve created a rule base role for my user. The role allow access to my custom inbox and denies to the standard inbox (Left Navigation Panel). However, once I logged in, the rol is assigned to my user, and the permissions persist whatever portlet I use to log into the system. Even if I had two roles with different permissions, the permissions are assigned with priority.
Sorry but I don’t understand yet how to solve this problem.
Is it possible to use something other than permissions to display the link? For instance, can you use a portlet to display the link? Of course it depends on what navigation scheme you are using, but if you have control over painting the link than you can base your decision of which link to paint based upon user attributes.
But the visibility of the menu options in the left navigation panel are managed in mws under “Permissions Management” and this permissions are assigned to roles, users or groups… aren’t?
How can I make it to work with user attributes?
Also, the options have a property named “Is Task Folder”, leaving blank this property may hide the option. Can I change this property in execution time to hide an option?.