Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Liferay Portal Systems Development

You're reading from   Liferay Portal Systems Development Build dynamic, content-rich, and social systems on top of Liferay with this book and ebook

Arrow left icon
Product type Paperback
Published in Jan 2012
Publisher Packt
ISBN-13 9781849515986
Length 546 pages
Edition 1st Edition
Languages
Arrow right icon
Toc

Table of Contents (17) Chapters Close

Liferay Portal Systems Development
Credits
About the Author
Acknowledgement
About the Reviewers
1. www.PacktPub.com
2. Preface
1. Liferay Enterprise Portal FREE CHAPTER 2. Service-Builder and Development Environment 3. Generic MVC Portlets 4. Ext Plugin and Hooks 5. Enterprise Content Management 6. DDL and WCM 7. Collaborative and Social API 8. Staging, Scheduling, Publishing, and Cache Clustering 9. Indexing, Search, and Workflow 10. Mobile Devices and Portlet Bridges

Terminologies


Earlier, we have addressed many terminologies regarding Liferay Portal. So here we're going to introduce a pattern: Portal-Group-Page-Content (PGPC). As you would expect, we are trying to summarize the main features and behaviors of the portal in a simple pattern.

First of all, let's examine a high-level overview of terminologies, scope and hierarchy in the portal. As shown in the following diagram, the portal is implemented by Portal Instances. The portal can manage multiple portal instances in one installation. Of course, you can also install multiple portal instances in multiple installations, separately.

Each portal instance can have many groups, which are implemented as organizations, communities, user groups, and users. Note that each user can be represented as a group by itself, since if a user is a power user, they will get public pages and private page as any group does. Here we can use the term Group Instance to present organizations, locations, communities, user groups, and users (there is only one user in a group). Each portal instance has complete isolation of the users, organizations, locations, and user groups. In particular, organizations have a hierarchical, for example, parent organization, child organizations, and location. Note that one page can have only one parent organization and many child organizations.

Each group has two sets of pages (that is, public pages and private pages, called layout-set); each page is implemented as a layout. Most interestingly, there is a hierarchy in layouts too, such as parent pages and child pages. Note that a page can have one and only one parent page and many child pages.

Each page may contain different content, which would be implemented as portlets. Thus the content will have different scopes. For example, the content would be scoped into page, group, portal instance and portal. This pattern is known as Portal-Group-Page-Content. We will address these terminologies, scope and hierarchy in detail in the coming sections and chapters.

Multi-tenancy

Liferay Portal allows us to run more than one portal instance on a single installation. Data used for each portal instance is maintained separately from every other portal instance. Portal data, however, can be kept either in the same database or in different databases. This is called database sharding.

This feature should be useful for Multi-tenancy, which is a principle in software architecture where a single instance of the software serves multiple client organizations (called tenants). With a multi-tenant architecture, the portal is designed to virtually partition its data and configuration and each client organization works with a customized virtual portal instance.

Let's have a brief look at multi-tenant capabilities. As shown in the previous diagram, a portal instance is implemented as a set of database tables such as Company, Account_, Shard, and VirtualHost. As you can see, portal instances are presented as different values of companyId; each portal instance has its own account information (presented as database table Account_), possible database (implemented as database table Shard_), and virtual host settings (presented as database table VirtualHost).

Role-based access control

Traditional membership security models address two basic criteria: authentication (who can access) and authorization (what they can do):

  • Authentication is a process of determining whether someone or something is, in fact, who or what it is declared to be

  • Authorization is a process of finding out if the person, once identified, is permitted to have access on a resource

The portal extends the security model by terminologies: resources, users, organizations, locations, user groups, communities, teams, roles, permissions, and so on. The portal provides a fine-grained, role-based permission security model (known as RBAC) - a full access control security model:

Resource, role, and permission

As shown in the preceding diagram, a resource is a base object. It can be a portlet (message boards, calendar, document and media library, and so on), an entity (message board topics, calendar event, document and media library folder, and so on), or a file (documents, images, applications, and so on). Resources are scoped into portal, group, page, and content model-resource and application (or called portlet).

Permission is an action on a resource. Portal-level permissions can be assigned to the portal (users, user groups, communities, and organizations) using roles. Group-level permissions can be assigned to groups such as organization and communities. Page-level permissions can be assigned to page layouts. Model permissions can be assigned to model resource such as blog entries, web, and content. Portlet permissions can be assigned to portlets such as View and Configuration.

A role is a collection of permissions. Roles can be assigned to a user, user group, site, location, or organization. If a role is assigned to a user group, site, organization, or location, then all the users who are members of that entity receive the permissions of that role.

User

A user is an individual who performs tasks using the portal. Depending on what permissions have been assigned, the user either has the permission or doesn't have the permission to perform certain tasks.

Additionally, a registered user who has the permission can have public pages and private pages. More interestingly, a user's private pages and public pages have the ability to use page templates which can be used to customize a set of pages. The pages — private/public — are configurable in properties. You can turn on or turn off access to these pages. Also, only a power user can use a private/public page. A guest is also a user.

Group

A group is implemented as an organization, user, and user group. A user is a group with only one member, that is, the user itself. An organization could be a regular organization and location.

Organizations represent the enterprise-department-location hierarchy. Organizations can contain other organizations as sub-organizations. Moreover, an organization acting as a child of a top-level organization can also represent departments of a parent corporation.

A location is a special organization, having only one parent organization associated and having no child organization associated. Organizations can have any number of locations and sub organizations. Both roles and users can be assigned to organizations (locations or sub organizations). By default, locations and sub organizations inherit permissions from their parent organization using roles.

A community (renamed as site) is a special organization with a flat structure. It may hold a number of users who share common interests. Thus we can say a site is a collection of users who have a common interest. Both roles and users can be assigned to a site.

A user group is a special group with no context, which may hold a number of users. In other words, users can be gathered into user groups. Users can be assigned to user groups, and permissions can be assigned to user groups using roles. Therefore, every user that belongs to that user group will receive those role-based permissions.

A team is a group of users under a community or an organization. A community or organization can group a set of users and create a team. The notion of a team is somewhat similar to a role, but a role is a portal-wide entry, while a team is restricted to a particular site or organization. Therefore, you can manage the permissions of a team like a role. That is, a team is like a site or organization role, but specific to a certain site or organization. A team is different from a User Group too. A user group has the scope of a portal, while a team is always exclusive to a site or organization.

In addition, each group can have public pages and private pages. Thus users in a user group can share private and public pages. More interestingly, a group's private and public pages do have the ability to apply page templates or site templates in order to customize a set of pages in a fast way.

You have been reading a chapter from
Liferay Portal Systems Development
Published in: Jan 2012
Publisher: Packt
ISBN-13: 9781849515986
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image