1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchResourcePermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.search.SearchEngineUtil;
29  import com.liferay.portal.model.ResourceAction;
30  import com.liferay.portal.model.ResourceConstants;
31  import com.liferay.portal.model.ResourcePermission;
32  import com.liferay.portal.model.ResourcePermissionConstants;
33  import com.liferay.portal.model.Role;
34  import com.liferay.portal.model.RoleConstants;
35  import com.liferay.portal.security.permission.PermissionCacheUtil;
36  import com.liferay.portal.security.permission.ResourceActionsUtil;
37  import com.liferay.portal.service.base.ResourcePermissionLocalServiceBaseImpl;
38  import com.liferay.portal.util.PortalUtil;
39  
40  import java.util.ArrayList;
41  import java.util.Collections;
42  import java.util.List;
43  
44  /**
45   * <a href="ResourcePermissionLocalServiceImpl.java.html"><b><i>View Source</i>
46   * </b></a>
47   *
48   * @author Brian Wing Shun Chan
49   * @author Raymond Augé
50   *
51   */
52  public class ResourcePermissionLocalServiceImpl
53      extends ResourcePermissionLocalServiceBaseImpl {
54  
55      public void addResourcePermission(
56              long companyId, String name, int scope, String primKey, long roleId,
57              String actionId)
58          throws PortalException, SystemException {
59  
60          if (scope == ResourceConstants.SCOPE_COMPANY) {
61  
62              // Remove group permission
63  
64              removeResourcePermissions(
65                  companyId, name, ResourceConstants.SCOPE_GROUP, roleId,
66                  actionId);
67          }
68          else if (scope == ResourceConstants.SCOPE_GROUP) {
69  
70              // Remove company permission
71  
72              removeResourcePermissions(
73                  companyId, name, ResourceConstants.SCOPE_COMPANY, roleId,
74                  actionId);
75          }
76          else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
77              throw new NoSuchResourcePermissionException();
78          }
79  
80          updateResourcePermission(
81              companyId, name, scope, primKey, roleId, new String[] {actionId},
82              ResourcePermissionConstants.OPERATOR_ADD);
83  
84          PermissionCacheUtil.clearCache();
85      }
86  
87      public List<String> getAvailableResourcePermissionActionIds(
88              long companyId, String name, int scope, String primKey, long roleId,
89              List<String> actionIds)
90          throws PortalException, SystemException {
91  
92          ResourcePermission resourcePermission =
93              resourcePermissionPersistence.fetchByC_N_S_P_R(
94                  companyId, name, scope, primKey, roleId);
95  
96          if (resourcePermission == null) {
97              return Collections.EMPTY_LIST;
98          }
99  
100         List<String> availableActionIds = new ArrayList<String>(
101             actionIds.size());
102 
103         for (String actionId : actionIds) {
104             ResourceAction resourceAction =
105                 resourceActionLocalService.getResourceAction(name, actionId);
106 
107             if (hasActionId(resourcePermission, resourceAction)) {
108                 availableActionIds.add(actionId);
109             }
110         }
111 
112         return availableActionIds;
113     }
114 
115     public int getResourcePermissionsCount(
116             long companyId, String name, int scope, String primKey)
117         throws SystemException {
118 
119         return resourcePermissionPersistence.countByC_N_S_P(
120             companyId, name, scope, primKey);
121     }
122 
123     public List<ResourcePermission> getRoleResourcePermissions(long roleId)
124         throws SystemException {
125 
126         return resourcePermissionPersistence.findByRoleId(roleId);
127     }
128 
129     public boolean hasActionId(
130         ResourcePermission resourcePermission, ResourceAction resourceAction) {
131 
132         long actionIds = resourcePermission.getActionIds();
133         long bitwiseValue = resourceAction.getBitwiseValue();
134 
135         if ((actionIds & bitwiseValue) == bitwiseValue) {
136             return true;
137         }
138         else {
139             return false;
140         }
141     }
142 
143     public boolean hasResourcePermission(
144             long companyId, String name, int scope, String primKey, long roleId,
145             String actionId)
146         throws PortalException, SystemException {
147 
148         ResourcePermission resourcePermission =
149             resourcePermissionPersistence.fetchByC_N_S_P_R(
150                 companyId, name, scope, primKey, roleId);
151 
152         if (resourcePermission == null) {
153             return false;
154         }
155 
156         ResourceAction resourceAction =
157             resourceActionLocalService.getResourceAction(name, actionId);
158 
159         if (hasActionId(resourcePermission, resourceAction)) {
160             return true;
161         }
162         else {
163             return false;
164         }
165     }
166 
167     public boolean hasScopeResourcePermission(
168             long companyId, String name, int scope, long roleId,
169             String actionId)
170         throws PortalException, SystemException {
171 
172         List<ResourcePermission> resourcePermissions =
173             resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
174 
175         for (ResourcePermission resourcePermission : resourcePermissions) {
176             if (hasResourcePermission(
177                     companyId, name, scope, resourcePermission.getPrimKey(),
178                     roleId, actionId)) {
179 
180                 return true;
181             }
182         }
183 
184         return false;
185     }
186 
187     public void mergePermissions(long fromRoleId, long toRoleId)
188         throws PortalException, SystemException {
189 
190         Role fromRole = rolePersistence.findByPrimaryKey(fromRoleId);
191         Role toRole = rolePersistence.findByPrimaryKey(toRoleId);
192 
193         if (fromRole.getType() != toRole.getType()) {
194             throw new PortalException("Role types are mismatched");
195         }
196         else if (PortalUtil.isSystemRole(toRole.getName())) {
197             throw new PortalException("Cannot move permissions to system role");
198         }
199         else if (PortalUtil.isSystemRole(fromRole.getName())) {
200             throw new PortalException(
201                 "Cannot move permissions from system role");
202         }
203 
204         List<ResourcePermission> resourcePermissions =
205             getRoleResourcePermissions(fromRoleId);
206 
207         for (ResourcePermission resourcePermission : resourcePermissions) {
208             resourcePermission.setRoleId(toRoleId);
209 
210             resourcePermissionPersistence.update(resourcePermission, false);
211         }
212 
213         roleLocalService.deleteRole(fromRoleId);
214 
215         PermissionCacheUtil.clearCache();
216     }
217 
218     public void reassignPermissions(long resourcePermissionId, long toRoleId)
219         throws PortalException, SystemException {
220 
221         ResourcePermission resourcePermission = getResourcePermission(
222             resourcePermissionId);
223 
224         long companyId = resourcePermission.getCompanyId();
225         String name = resourcePermission.getName();
226         int scope = resourcePermission.getScope();
227         String primKey = resourcePermission.getPrimKey();
228         long fromRoleId = resourcePermission.getRoleId();
229 
230         Role toRole = roleLocalService.getRole(toRoleId);
231 
232         List<String> actionIds = null;
233 
234         if (toRole.getType() == RoleConstants.TYPE_REGULAR) {
235             actionIds = ResourceActionsUtil.getModelResourceActions(name);
236         }
237         else {
238             actionIds =
239                 ResourceActionsUtil.getModelResourceCommunityDefaultActions(
240                     name);
241         }
242 
243         setResourcePermissions(
244             companyId, name, scope, primKey, toRoleId,
245             actionIds.toArray(new String[actionIds.size()]));
246 
247         resourcePermissionPersistence.remove(resourcePermissionId);
248 
249         List<ResourcePermission> resourcePermissions =
250             getRoleResourcePermissions(fromRoleId);
251 
252         if (resourcePermissions.isEmpty()) {
253             roleLocalService.deleteRole(fromRoleId);
254         }
255     }
256 
257     public void removeResourcePermission(
258             long companyId, String name, int scope, String primKey, long roleId,
259             String actionId)
260         throws PortalException, SystemException {
261 
262         updateResourcePermission(
263             companyId, name, scope, primKey, roleId, new String[] {actionId},
264             ResourcePermissionConstants.OPERATOR_REMOVE);
265 
266         PermissionCacheUtil.clearCache();
267     }
268 
269     public void removeResourcePermissions(
270             long companyId, String name, int scope, long roleId,
271             String actionId)
272         throws PortalException, SystemException {
273 
274         List<ResourcePermission> resourcePermissions =
275             resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
276 
277         for (ResourcePermission resourcePermission : resourcePermissions) {
278             updateResourcePermission(
279                 companyId, name, scope, resourcePermission.getPrimKey(), roleId,
280                 new String[] {actionId},
281                 ResourcePermissionConstants.OPERATOR_REMOVE);
282         }
283 
284         PermissionCacheUtil.clearCache();
285     }
286 
287     public void setResourcePermissions(
288             long companyId, String name, int scope, String primKey, long roleId,
289             String[] actionIds)
290         throws PortalException, SystemException {
291 
292         updateResourcePermission(
293             companyId, name, scope, primKey, roleId, actionIds,
294             ResourcePermissionConstants.OPERATOR_SET);
295     }
296 
297     protected void updateResourcePermission(
298             long companyId, String name, int scope, String primKey, long roleId,
299             String[] actionIds, int operator)
300         throws PortalException, SystemException {
301 
302         ResourcePermission resourcePermission =
303             resourcePermissionPersistence.fetchByC_N_S_P_R(
304                 companyId, name, scope, primKey, roleId);
305 
306         if (resourcePermission == null) {
307             if (operator == ResourcePermissionConstants.OPERATOR_REMOVE) {
308                 return;
309             }
310 
311             long resourcePermissionId = counterLocalService.increment(
312                 ResourcePermission.class.getName());
313 
314             resourcePermission = resourcePermissionPersistence.create(
315                 resourcePermissionId);
316 
317             resourcePermission.setCompanyId(companyId);
318             resourcePermission.setName(name);
319             resourcePermission.setScope(scope);
320             resourcePermission.setPrimKey(primKey);
321             resourcePermission.setRoleId(roleId);
322         }
323 
324         long actionIdsLong = resourcePermission.getActionIds();
325 
326         if (operator == ResourcePermissionConstants.OPERATOR_SET) {
327             actionIdsLong = 0;
328         }
329 
330         for (String actionId : actionIds) {
331             ResourceAction resourceAction =
332                 resourceActionLocalService.getResourceAction(name, actionId);
333 
334             if ((operator == ResourcePermissionConstants.OPERATOR_ADD) ||
335                 (operator == ResourcePermissionConstants.OPERATOR_SET)) {
336 
337                 actionIdsLong |= resourceAction.getBitwiseValue();
338             }
339             else {
340                 actionIdsLong =
341                     actionIdsLong & (~resourceAction.getBitwiseValue());
342             }
343         }
344 
345         resourcePermission.setActionIds(actionIdsLong);
346 
347         resourcePermissionPersistence.update(resourcePermission, false);
348 
349         PermissionCacheUtil.clearCache();
350 
351         SearchEngineUtil.updatePermissionFields(name, primKey);
352     }
353 
354 }