How to check user access role in a WebSphere Portal theme

Since the release of IBM WebSphere Portal 7, there have been a number of Portal EL beans exposed for access in your theme. EL beans are Java objects that can be used with the JSTL Expression Language. One of these objects, the AccessControlRuntimeModelBean, provides convenient access to the current access control permissions on a resource.

In the default Portal 8.0 theme, for example, you can find the following code stanza, which is used to determine whether or not a Help link should be shown in the UI. The snippet is in /themes/html/dynamicSpots/commonActions.jsp and it looks like this:

<%-- Help icon - only displayed for users with admin or editor role --%>
<portal-logic:if loggedIn="yes" line="1">
    <c:set var="admin" value="<%=com.ibm.portal.ac.data.RoleType.ADMIN%>"/>
    <c:if test="${wp.ac[wp.selectionModel.selected].hasPermission[admin]}">
        <a class="wpthemeHelp" href="javascript:void(0);" onclick="javascript:window.open('/wps/iehs/topic/com.ibm.wp.admin.help/admin/h_wp_admin_welcome.html','wpthemeHelp','width=800,height=600')" aria-label="<portal-fmt:text key="help.title" bundle="nls.commonUI"/>" aria-haspopup="true" role="button">
            <img src="${themeConfig['resources.modules.ibm.contextRoot']}/themes/html/dynamicSpots/icons/blank.gif" alt="">
            <span class="wpthemeAltText"><portal-fmt:text key="help.title" bundle="nls.commonUI"/></span>
        </a>
    </li>
    </c:if>
</portal-logic:if>

First, a JSTL variable, admin, is being set with the value of a RoleType constant representing the Administrator role. The AccessControlRuntimeModelBean is exposed as an EL bean called wp.ac, which has a hasPermission method that takes the RoleType as parameter. That’s the part, written in expression language, that looks like this:

${wp.ac[wp.selectionModel.selected].hasPermission[admin]}

So, you can use the same general stanza to check whether or not the current user is in a given role on a given resource.

Your Copy/Paste Template…

Here’s a general template you can use to copy/paste from. When replacing and , remember to eliminate the less-than and greater-than symbols.

<portal-logic:if loggedIn="yes">
    <c:if test="${wp.ac[wp.selectionModel.selected].hasPermission[<role_type_var>]}">
        ... render something ...
    </li>
</portal-logic:if>

And here’s a useful variation, which checks against a named portal page, rather than the currently selected page.

<portal-logic:if loggedIn="yes">
    <c:if test="${wp.ac[wp.navigationModel['uniquename']].hasPermission[<role_type_var>]}">
        ... render something ...
    </li>
</portal-logic:if>

Role Types:

The com.ibm.portal.ac.data.RoleType object shown above exposes the following RoleType constants:

  • ADMIN
  • SECURITY_ADMIN
  • DELEGATOR
  • CAN_RUN_AS_USER
  • MANAGER
  • EDITOR
  • MARKUP_EDITOR
  • CONTRIBUTOR
  • PRIVILEGED_USER
  • USER

Related Content

You may also be interested in another useful Portal EL Bean, which I describe in my post,How to Display User Attributes in a WebSphere Portal Theme.

See: Portal EL Beans in the WebSphere Portal Family wiki for a list of all the EL beans.

Acknowledgements

Special thanks goes to Georgy Gobozov who provided information that improved the quality of this post. Georgy blogs about Android and WebSphere Portal development, among other things (in both Russian and English) on his weblog, Блоггг.