In this recipe, we will talk about applications as a set of portlets and gadgets, and we will see how to secure them.
We need the Application Registry Portlet to start. See the previous recipe to find out how to use it.
As for the categories, the permissions of the applications can be managed through Application Registry. They can be configured graphically, as for the categories, and through XML. Here is the configuration of the Account Portlet:
<object type="org.exoplatform.application.registry.Application">
<field name="applicationName">
<string>AccountPortlet</string>
</field>
……..
<field name="accessPermissions">
<collection type="java.util.ArrayList" item-type="java.lang.String">
<value>
<string>*:/platform/administrators</string>
</value>
<value>
<string>*:/organization/management/executive-board</string>
</value>
</collection>
</field>
………
</object>As the application is not used only for administration, we can set the access for the instance. For example, we could get more applications of the same type in a portal. Doing this through the web console is very simple.
- Select a page and click on Edit Page:
- Select the body of the application. A tool row will appear at the top-left corner, as shown in the following screenshot:
- Click on the pencil icon to edit the application and go to the permission panel. In this panel, we can set the required permissions, as we did in the Managing registered portlets recipe in Chapter 2, Managing Portal Contents Using the GUI.
As for the categories, the pages are imported from eXo JCR through Chromattic. All permissions are content metadata in GateIn. We can access Chromattic anywhere (groovy scripts, portlets, POJO) and get the information that we need if we have the correct permissions.
As for the categories, there is no difference between the Edit and Access permissions. The access permissions are read by pages and toolboxes. If a toolbox cannot access an application, it means that the toolbox has no edit permission for that application.