8/30/2011

Hiding the Liferay Control Panel

Whenever you set up Liferay for a customer, there will be a requirement to prevent the "normal" user from accessing the control panel. Some administrators fear, the user might do things he´s not supposed to do, others fear, the the user might be confused.

But how do you hide the control panel?

Well, there are several possibilities, and none of them is really nice. There is no portal.properties entry and there is no permission you could set. Either you do it programmatically or by CSS and then you also have the loophole of users entering the control panel URL into the browser:

You, and all of your users can always access the control panel by entering "http://localhost:8080/group/control_panel" into the Browser, no matter what you do. To prevent this, I suspect you have to take a look at ServletFilters and prevent every access to this URL if the User is no administrator.

I will now point out two possibilities how to hide the control panel and I would be very glad if you could describe your own approaches in the comments section.


Hiding the Control Panel programmatically


if you want to hide the control panel for all users, who are no administrators you can overwrite the ServicePreAction class in your ext environment. If you take a look at the servicePre method you will find this:
themeDisplay.setShowControlPanelIcon(signedIn);
So, what ever you do in the .vm files your theme provides: All logged in users will always see the link to the control panel. To remove it, just call the RoleLocalServiceUtil, check whether your user has administrative rights, and change the code above.


Hide the Control Panel using CSS


You could hide the control panel using CSS: You need to apply display:none styles to all elements of the class(es) "control-panel last aui-menu-item".


But how do you make sure, the control panel is hidden from normal users ? To do this, you need to have your own theme. In your theme you need to change the portal_normal.vm and add the following:

#if ($permissionChecker.isCompanyAdmin($company_id))
<style type="text/css"> 
  .control-panel{
    display:none;
  }
</style>
#end


That´s it .. control panel should be hidden!


If you like this tutorial it would be very nice, if you could click on some of the google ads you see on the right side. It helps me run this block and motivates me ;)

If you have any questions, feel free to leave a comment.