The roles plug-in component defines roles in Forum of eXo Platform. This convenient application defines access to a set of functions within the application. Currently, it only defines the person who has the administrator role. Administrators can get access to administration functions. At runtime, the application gets data from the roles plug-in to decide whether the logged user has the administrative role or not.
The plug-in is configured in the
roles-configuration.xml
file.
When the user signs in, his or her username, group and membership will be compared with the user roles defined
in the
.xml
file that is provided by the roles plug-in component.
In particular, at runtime of ForumService, the roles plug-in component is called. The role plug-in is
configured in the
roles-configuration.xml
file. The plug-in component named
add.role.rules.plugin
will be referred to
org.exoplatform.ks.common.conf.RoleRulesPlugin
to create users for Forum corresponding to users who exist in the organization database. In addition, the list of
users who have the
administration
role are also defined.
<component-plugin>
<name>add.role.rules.plugin</name>
<set-method>addRolePlugin</set-method>
<type>org.exoplatform.forum.common.conf.RoleRulesPlugin</type>
<description>add role rules</description>
<init-params>
<value-param>
<name>role</name>
<description>name of the role</description>
<value>ADMIN</value>
</value-param>
<values-param>
<name>rules</name>
<description>rules of the role</description>
<value>root</value>
<!-- value>admin</value-->
<!--value>member:/demo</value-->
<!--value>/platform/administrators</value-->
<!--value>manager:/platform/users</value-->
<!--value>*:/somegroup/somesubgroup</value-->
<!--value>manager:/somegroup/someothergroup</value-->
</values-param>
</init-params>
</component-plugin>
In which:
Name | Set-method | Type | Description |
---|---|---|---|
add.role.rules.plugin | addRolePlugin | org.exoplatform.ks.common.conf.RoleRulesPlugin | Adds role rules. |
Init-params:
Name | Possible value | Default value | Description |
---|---|---|---|
role |
string
|
ADMIN
| The name of role. |
rules |
string
|
root
| The rules of role. |
When the
role-configuration.xml
file is executed, the administration role (with
ADMIN
value) will be checked and assigned to a matrix of
users/groups/memberships
defined inside the "value
" tags as below:
<value>...</value>
For example:
...
<value>root</value>
<value>john</value>
<value>/platform/administrators</value>
<value>member:/VIP</value>
<value>validator:/VIP</value>
...
In the example above, the default administrators of Forum include root, john, users in /platform/administrators group and users who have member/validator memberships in the VIP group.
When being root, the users who belong to the /platform/administrators group or who have the member/validator memberships in the VIP group and sign in the Forum, they will be identified as the default administrator of Forum.
To add or remove the default administrator of the Forum, simply edit the
roles-configuration.xml
file, add or remove the relevant "value
" tags.
...
<values-param>
...
<value>...</value>
...
</values-param>
...
The default administrators of the Forum can only change their roles by editing in the
roles-configuration.xml
file.
At runtime, modifications in the
roles-configuration.xml
file will be read and database will be updated. Normal users of the Forum and default administration will be
created correspondingly.