1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.search;
24  
25  import com.liferay.portal.NoSuchResourceException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.search.BooleanClauseOccur;
30  import com.liferay.portal.kernel.search.BooleanQuery;
31  import com.liferay.portal.kernel.search.BooleanQueryFactoryUtil;
32  import com.liferay.portal.kernel.search.Document;
33  import com.liferay.portal.kernel.search.Field;
34  import com.liferay.portal.kernel.search.Indexer;
35  import com.liferay.portal.kernel.search.IndexerRegistryUtil;
36  import com.liferay.portal.kernel.search.Query;
37  import com.liferay.portal.kernel.search.SearchPermissionChecker;
38  import com.liferay.portal.kernel.util.GetterUtil;
39  import com.liferay.portal.kernel.util.ListUtil;
40  import com.liferay.portal.kernel.util.Validator;
41  import com.liferay.portal.model.Group;
42  import com.liferay.portal.model.Permission;
43  import com.liferay.portal.model.Resource;
44  import com.liferay.portal.model.ResourceConstants;
45  import com.liferay.portal.model.Role;
46  import com.liferay.portal.model.RoleConstants;
47  import com.liferay.portal.security.permission.ActionKeys;
48  import com.liferay.portal.security.permission.ResourceActionsUtil;
49  import com.liferay.portal.service.GroupLocalServiceUtil;
50  import com.liferay.portal.service.PermissionLocalServiceUtil;
51  import com.liferay.portal.service.ResourceLocalServiceUtil;
52  import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
53  import com.liferay.portal.service.RoleLocalServiceUtil;
54  import com.liferay.portal.service.UserLocalServiceUtil;
55  import com.liferay.portal.util.PropsValues;
56  
57  import java.util.ArrayList;
58  import java.util.List;
59  
60  /**
61   * <a href="SearchPermissionCheckerImpl.java.html"><b><i>View Source</i></b></a>
62   *
63   * @author Allen Chiang
64   * @author Bruno Farache
65   * @author Raymond Augé
66   *
67   */
68  public class SearchPermissionCheckerImpl implements SearchPermissionChecker {
69  
70      public void addPermissionFields(long companyId, Document doc) {
71          try {
72              long groupId = GetterUtil.getLong(doc.get(Field.GROUP_ID));
73              String className = doc.get(Field.ENTRY_CLASS_NAME);
74              String classPK = doc.get(Field.ENTRY_CLASS_PK);
75  
76              if (Validator.isNotNull(className) &&
77                  Validator.isNotNull(classPK)) {
78  
79                  if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
80                      doAddPermissionFields_5(
81                          companyId, groupId, className, classPK, doc);
82                  }
83                  else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
84                      doAddPermissionFields_6(
85                          companyId, groupId, className, classPK, doc);
86                  }
87              }
88          }
89          catch (NoSuchResourceException nsre) {
90          }
91          catch (Exception e) {
92              _log.error(e, e);
93          }
94      }
95  
96      public Query getPermissionQuery(
97          long companyId, long groupId, long userId, String className,
98          Query query) {
99  
100         try {
101             if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
102                 return doGetPermissionQuery_5(
103                     companyId, groupId, userId, className, query);
104             }
105             else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
106                 return doGetPermissionQuery_6(
107                     companyId, groupId, userId, className, query);
108             }
109         }
110         catch (Exception e) {
111             _log.error(e, e);
112         }
113 
114         return query;
115     }
116 
117     public void updatePermissionFields(long resourceId) {
118         try {
119             if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
120                 doUpdatePermissionFields_5(resourceId);
121             }
122         }
123         catch (Exception e) {
124             _log.error(e, e);
125         }
126     }
127 
128     public void updatePermissionFields(
129         String resourceName, String resourceClassPK) {
130 
131         try {
132             if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
133                 doUpdatePermissionFields_6(resourceName, resourceClassPK);
134             }
135         }
136         catch (Exception e) {
137             _log.error(e, e);
138         }
139     }
140 
141     protected void doAddPermissionFields_5(
142             long companyId, long groupId, String className, String classPK,
143             Document doc)
144         throws Exception {
145 
146         Resource resource = ResourceLocalServiceUtil.getResource(
147             companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
148             classPK);
149 
150         Group group = GroupLocalServiceUtil.getGroup(groupId);
151 
152         List<Role> roles = ResourceActionsUtil.getRoles(group, className);
153 
154         List<Long> roleIds = new ArrayList<Long>();
155 
156         for (Role role : roles) {
157             long roleId = role.getRoleId();
158 
159             if (hasPermission(roleId, resource.getResourceId())) {
160                 roleIds.add(roleId);
161             }
162         }
163 
164         doc.addKeyword(
165             Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
166     }
167 
168     protected void doAddPermissionFields_6(
169             long companyId, long groupId, String className, String classPK,
170             Document doc)
171         throws Exception {
172 
173         Group group = GroupLocalServiceUtil.getGroup(groupId);
174 
175         List<Role> roles = ResourceActionsUtil.getRoles(group, className);
176 
177         List<Long> roleIds = new ArrayList<Long>();
178 
179         for (Role role : roles) {
180             long roleId = role.getRoleId();
181 
182             if (ResourcePermissionLocalServiceUtil.hasResourcePermission(
183                     companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
184                     classPK, roleId, ActionKeys.VIEW)) {
185 
186                 roleIds.add(roleId);
187             }
188         }
189 
190         doc.addKeyword(
191             Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
192     }
193 
194     protected Query doGetPermissionQuery_5(
195             long companyId, long groupId, long userId, String className,
196             Query query)
197         throws Exception {
198 
199         BooleanQuery fullQuery = BooleanQueryFactoryUtil.create();
200 
201         BooleanQuery permissionQuery = BooleanQueryFactoryUtil.create();
202 
203         List<Role> roles = RoleLocalServiceUtil.getUserRoles(userId);
204 
205         roles = ListUtil.copy(roles);
206 
207         roles.addAll(RoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
208         roles.addAll(
209             RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId));
210 
211         long defaultUserId = UserLocalServiceUtil.getDefaultUserId(companyId);
212 
213         if (defaultUserId != userId) {
214             roles.add(
215                 RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST));
216         }
217 
218         long companyResourceId = 0;
219 
220         try {
221             Resource companyResource = ResourceLocalServiceUtil.getResource(
222                 companyId, className, ResourceConstants.SCOPE_COMPANY,
223                 String.valueOf(companyId));
224 
225             companyResourceId = companyResource.getResourceId();
226         }
227         catch (NoSuchResourceException nsre) {
228         }
229 
230         long groupResourceId = 0;
231 
232         try {
233             Resource groupResource = ResourceLocalServiceUtil.getResource(
234                 companyId, className, ResourceConstants.SCOPE_GROUP,
235                 String.valueOf(groupId));
236 
237             groupResourceId = groupResource.getResourceId();
238         }
239         catch (NoSuchResourceException nsre) {
240         }
241 
242         for (Role role : roles) {
243             if (role.getName().equals(RoleConstants.ADMINISTRATOR)) {
244                 return query;
245             }
246 
247             long roleId = role.getRoleId();
248 
249             if (hasPermission(roleId, companyResourceId) ||
250                 hasPermission(roleId, groupResourceId)) {
251 
252                 return query;
253             }
254 
255             permissionQuery.addTerm(Field.ROLE_ID, role.getRoleId());
256         }
257 
258         fullQuery.add(query, BooleanClauseOccur.MUST);
259         fullQuery.add(permissionQuery, BooleanClauseOccur.MUST);
260 
261         return fullQuery;
262     }
263 
264     protected Query doGetPermissionQuery_6(
265             long companyId, long groupId, long userId, String className,
266             Query query)
267         throws Exception {
268 
269         BooleanQuery fullQuery = BooleanQueryFactoryUtil.create();
270 
271         BooleanQuery permissionQuery = BooleanQueryFactoryUtil.create();
272 
273         List<Role> roles = RoleLocalServiceUtil.getUserRoles(userId);
274 
275         roles = ListUtil.copy(roles);
276 
277         roles.addAll(RoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
278         roles.addAll(
279             RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId));
280 
281         long defaultUserId = UserLocalServiceUtil.getDefaultUserId(companyId);
282 
283         if (defaultUserId != userId) {
284             roles.add(
285                 RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST));
286         }
287 
288         for (Role role : roles) {
289             if (role.getName().equals(RoleConstants.ADMINISTRATOR)) {
290                 return query;
291             }
292 
293             long roleId = role.getRoleId();
294 
295             if (ResourcePermissionLocalServiceUtil.hasResourcePermission(
296                     companyId, className, ResourceConstants.SCOPE_COMPANY,
297                     String.valueOf(companyId), roleId, ActionKeys.VIEW) ||
298                 ResourcePermissionLocalServiceUtil.hasResourcePermission(
299                     companyId, className, ResourceConstants.SCOPE_GROUP,
300                     String.valueOf(groupId), roleId, ActionKeys.VIEW)) {
301 
302                 return query;
303             }
304 
305             permissionQuery.addTerm(Field.ROLE_ID, roleId);
306         }
307 
308         fullQuery.add(query, BooleanClauseOccur.MUST);
309         fullQuery.add(permissionQuery, BooleanClauseOccur.MUST);
310 
311         return fullQuery;
312     }
313 
314     protected void doUpdatePermissionFields_5(long resourceId)
315         throws Exception {
316 
317         Resource resource = ResourceLocalServiceUtil.getResource(resourceId);
318 
319         Indexer indexer = IndexerRegistryUtil.getIndexer(resource.getName());
320 
321         if (indexer != null) {
322             indexer.reIndex(
323                 resource.getName(), GetterUtil.getLong(resource.getPrimKey()));
324         }
325     }
326 
327     protected void doUpdatePermissionFields_6(
328             String resourceName, String resourceClassPK)
329         throws Exception {
330 
331         Indexer indexer = IndexerRegistryUtil.getIndexer(resourceName);
332 
333         if (indexer != null) {
334             indexer.reIndex(resourceName, GetterUtil.getLong(resourceClassPK));
335         }
336     }
337 
338     protected boolean hasPermission(long roleId, long resourceId)
339         throws SystemException {
340 
341         if (resourceId == 0) {
342             return false;
343         }
344 
345         List<Permission> permissions =
346             PermissionLocalServiceUtil.getRolePermissions(roleId, resourceId);
347 
348         List<String> actions = ResourceActionsUtil.getActions(permissions);
349 
350         if (actions.contains(ActionKeys.VIEW)) {
351             return true;
352         }
353         else {
354             return false;
355         }
356     }
357 
358     private static Log _log =
359         LogFactoryUtil.getLog(SearchPermissionCheckerImpl.class);
360 
361 }