diff --git a/src/main/java/com/ableneo/liferay/portal/setup/core/SetupPermissions.java b/src/main/java/com/ableneo/liferay/portal/setup/core/SetupPermissions.java index 40f8da4..1acefc5 100644 --- a/src/main/java/com/ableneo/liferay/portal/setup/core/SetupPermissions.java +++ b/src/main/java/com/ableneo/liferay/portal/setup/core/SetupPermissions.java @@ -11,10 +11,8 @@ import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.log.Log; import com.liferay.portal.kernel.log.LogFactoryUtil; -import com.liferay.portal.kernel.model.Layout; -import com.liferay.portal.kernel.model.Resource; -import com.liferay.portal.kernel.model.ResourceConstants; -import com.liferay.portal.kernel.model.ResourcePermission; +import com.liferay.portal.kernel.model.*; +import com.liferay.portal.kernel.model.role.RoleConstants; import com.liferay.portal.kernel.security.permission.ActionKeys; import com.liferay.portal.kernel.service.ResourceLocalServiceUtil; import com.liferay.portal.kernel.service.ResourcePermissionLocalServiceUtil; @@ -43,29 +41,41 @@ public static void setupPortletPermissions(final ResourcePermissions resourcePer String roleName = actionsPerRoleEntry.getKey(); try { long companyId = SetupConfigurationThreadLocal.getRunInCompanyId(); - long roleId = RoleLocalServiceUtil.getRole(companyId, roleName).getRoleId(); + com.liferay.portal.kernel.model.Role role = RoleLocalServiceUtil.getRole(companyId, roleName); + long roleId = role.getRoleId(); final Set actionStrings = actionsPerRoleEntry.getValue(); final String[] actionIds = actionStrings.toArray(new String[actionStrings.size()]); - /** - * Individual permission is needed even though we set - */ - ResourcePermissionLocalServiceUtil.setResourcePermissions( - companyId, - resource.getResourceId(), - ResourceConstants.SCOPE_INDIVIDUAL, - String.valueOf(companyId), - roleId, - actionIds - ); - ResourcePermissionLocalServiceUtil.setResourcePermissions( - companyId, - resource.getResourceId(), - ResourceConstants.SCOPE_COMPANY, - String.valueOf(companyId), - roleId, - actionIds - ); + if (role.getType() == RoleConstants.TYPE_SITE || role.getType() == RoleConstants.TYPE_ORGANIZATION) { + ResourcePermissionLocalServiceUtil.setResourcePermissions( + companyId, + resource.getResourceId(), + ResourceConstants.SCOPE_GROUP_TEMPLATE, + String.valueOf(companyId), + roleId, + actionIds + ); + } else { + /** + * Individual permission is needed even though we set + */ + ResourcePermissionLocalServiceUtil.setResourcePermissions( + companyId, + resource.getResourceId(), + ResourceConstants.SCOPE_INDIVIDUAL, + String.valueOf(companyId), + roleId, + actionIds + ); + ResourcePermissionLocalServiceUtil.setResourcePermissions( + companyId, + resource.getResourceId(), + ResourceConstants.SCOPE_COMPANY, + String.valueOf(companyId), + roleId, + actionIds + ); + } LOG.info(String.format("Set permission for role: %1$s for action ids: %2$s", roleName, actionIds)); } catch (NestableException e) { LOG.error(String.format("Could not set permission to resource :%1$s", resource.getResourceId()), e);