2.2.7. Roles plugin

The roles plug-in component defines roles in Forum of eXo Platform. This convenient application defines access to a set of functions within the application. Currently, it only defines the person who has the administrator role. Administrators can get access to administration functions. At runtime, the application gets data from the roles plug-in to decide whether the logged user has the administrative role or not.

Configuration

The plug-in is configured in the roles-configuration.xml file.

When the user signs in, his or her username, group and membership will be compared with the user roles defined in the .xml file that is provided by the roles plug-in component.

In particular, at runtime of ForumService, the roles plug-in component is called. The role plug-in is configured in the roles-configuration.xml file. The plug-in component named add.role.rules.plugin will be referred to org.exoplatform.ks.common.conf.RoleRulesPlugin to create users for Forum corresponding to users who exist in the organization database. In addition, the list of users who have the administration role are also defined.


<component-plugin>
  <name>add.role.rules.plugin</name>
  <set-method>addRolePlugin</set-method>
  <type>org.exoplatform.forum.common.conf.RoleRulesPlugin</type>
  <description>add role rules</description>
  <init-params>
    <value-param>
      <name>role</name>
      <description>name of the role</description>
      <value>ADMIN</value>
    </value-param>
    <values-param>
      <name>rules</name>
      <description>rules of the role</description>
      <value>root</value>
      <!-- value>admin</value-->
      <!--value>member:/demo</value-->
      <!--value>/platform/administrators</value-->
      <!--value>manager:/platform/users</value-->
      <!--value>*:/somegroup/somesubgroup</value-->
      <!--value>manager:/somegroup/someothergroup</value-->
    </values-param>
  </init-params>
</component-plugin>

In which:

NameSet-methodTypeDescription
add.role.rules.plugin addRolePluginorg.exoplatform.ks.common.conf.RoleRulesPluginAdds role rules.
NamePossible valueDefault valueDescription
role string ADMIN The name of role.
rules string root The rules of role.

<value>...</value>

For example:


...
<value>root</value>
<value>john</value>
<value>/platform/administrators</value>
<value>member:/VIP</value>
<value>validator:/VIP</value>
...

In the example above, the default administrators of Forum include root, john, users in /platform/administrators group and users who have member/validator memberships in the VIP group.

When being root, the users who belong to the /platform/administrators group or who have the member/validator memberships in the VIP group and sign in the Forum, they will be identified as the default administrator of Forum.

To add or remove the default administrator of the Forum, simply edit the roles-configuration.xml file, add or remove the relevant "value" tags.


...
<values-param>
  ...
  <value>...</value>
  ...
</values-param>
...

The default administrators of the Forum can only change their roles by editing in the roles-configuration.xml file.

At runtime, modifications in the roles-configuration.xml file will be read and database will be updated. Normal users of the Forum and default administration will be created correspondingly.

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus