1
22
23 package com.liferay.portal.search;
24
25 import com.liferay.portal.NoSuchResourceException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.log.Log;
28 import com.liferay.portal.kernel.log.LogFactoryUtil;
29 import com.liferay.portal.kernel.search.BooleanClauseOccur;
30 import com.liferay.portal.kernel.search.BooleanQuery;
31 import com.liferay.portal.kernel.search.BooleanQueryFactoryUtil;
32 import com.liferay.portal.kernel.search.Document;
33 import com.liferay.portal.kernel.search.Field;
34 import com.liferay.portal.kernel.search.Indexer;
35 import com.liferay.portal.kernel.search.IndexerRegistryUtil;
36 import com.liferay.portal.kernel.search.Query;
37 import com.liferay.portal.kernel.search.SearchPermissionChecker;
38 import com.liferay.portal.kernel.util.GetterUtil;
39 import com.liferay.portal.kernel.util.ListUtil;
40 import com.liferay.portal.kernel.util.Validator;
41 import com.liferay.portal.model.Group;
42 import com.liferay.portal.model.Permission;
43 import com.liferay.portal.model.Resource;
44 import com.liferay.portal.model.ResourceConstants;
45 import com.liferay.portal.model.Role;
46 import com.liferay.portal.model.RoleConstants;
47 import com.liferay.portal.security.permission.ActionKeys;
48 import com.liferay.portal.security.permission.ResourceActionsUtil;
49 import com.liferay.portal.service.GroupLocalServiceUtil;
50 import com.liferay.portal.service.PermissionLocalServiceUtil;
51 import com.liferay.portal.service.ResourceLocalServiceUtil;
52 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
53 import com.liferay.portal.service.RoleLocalServiceUtil;
54 import com.liferay.portal.service.UserLocalServiceUtil;
55 import com.liferay.portal.util.PropsValues;
56
57 import java.util.ArrayList;
58 import java.util.List;
59
60
68 public class SearchPermissionCheckerImpl implements SearchPermissionChecker {
69
70 public void addPermissionFields(long companyId, Document doc) {
71 try {
72 long groupId = GetterUtil.getLong(doc.get(Field.GROUP_ID));
73 String className = doc.get(Field.ENTRY_CLASS_NAME);
74 String classPK = doc.get(Field.ENTRY_CLASS_PK);
75
76 if (Validator.isNotNull(className) &&
77 Validator.isNotNull(classPK)) {
78
79 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
80 doAddPermissionFields_5(
81 companyId, groupId, className, classPK, doc);
82 }
83 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
84 doAddPermissionFields_6(
85 companyId, groupId, className, classPK, doc);
86 }
87 }
88 }
89 catch (NoSuchResourceException nsre) {
90 }
91 catch (Exception e) {
92 _log.error(e, e);
93 }
94 }
95
96 public Query getPermissionQuery(
97 long companyId, long groupId, long userId, String className,
98 Query query) {
99
100 try {
101 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
102 return doGetPermissionQuery_5(
103 companyId, groupId, userId, className, query);
104 }
105 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
106 return doGetPermissionQuery_6(
107 companyId, groupId, userId, className, query);
108 }
109 }
110 catch (Exception e) {
111 _log.error(e, e);
112 }
113
114 return query;
115 }
116
117 public void updatePermissionFields(long resourceId) {
118 try {
119 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
120 doUpdatePermissionFields_5(resourceId);
121 }
122 }
123 catch (Exception e) {
124 _log.error(e, e);
125 }
126 }
127
128 public void updatePermissionFields(
129 String resourceName, String resourceClassPK) {
130
131 try {
132 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
133 doUpdatePermissionFields_6(resourceName, resourceClassPK);
134 }
135 }
136 catch (Exception e) {
137 _log.error(e, e);
138 }
139 }
140
141 protected void doAddPermissionFields_5(
142 long companyId, long groupId, String className, String classPK,
143 Document doc)
144 throws Exception {
145
146 Resource resource = ResourceLocalServiceUtil.getResource(
147 companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
148 classPK);
149
150 Group group = GroupLocalServiceUtil.getGroup(groupId);
151
152 List<Role> roles = ResourceActionsUtil.getRoles(group, className);
153
154 List<Long> roleIds = new ArrayList<Long>();
155
156 for (Role role : roles) {
157 long roleId = role.getRoleId();
158
159 if (hasPermission(roleId, resource.getResourceId())) {
160 roleIds.add(roleId);
161 }
162 }
163
164 doc.addKeyword(
165 Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
166 }
167
168 protected void doAddPermissionFields_6(
169 long companyId, long groupId, String className, String classPK,
170 Document doc)
171 throws Exception {
172
173 Group group = GroupLocalServiceUtil.getGroup(groupId);
174
175 List<Role> roles = ResourceActionsUtil.getRoles(group, className);
176
177 List<Long> roleIds = new ArrayList<Long>();
178
179 for (Role role : roles) {
180 long roleId = role.getRoleId();
181
182 if (ResourcePermissionLocalServiceUtil.hasResourcePermission(
183 companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
184 classPK, roleId, ActionKeys.VIEW)) {
185
186 roleIds.add(roleId);
187 }
188 }
189
190 doc.addKeyword(
191 Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
192 }
193
194 protected Query doGetPermissionQuery_5(
195 long companyId, long groupId, long userId, String className,
196 Query query)
197 throws Exception {
198
199 BooleanQuery fullQuery = BooleanQueryFactoryUtil.create();
200
201 BooleanQuery permissionQuery = BooleanQueryFactoryUtil.create();
202
203 List<Role> roles = RoleLocalServiceUtil.getUserRoles(userId);
204
205 roles = ListUtil.copy(roles);
206
207 roles.addAll(RoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
208 roles.addAll(
209 RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId));
210
211 long defaultUserId = UserLocalServiceUtil.getDefaultUserId(companyId);
212
213 if (defaultUserId != userId) {
214 roles.add(
215 RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST));
216 }
217
218 long companyResourceId = 0;
219
220 try {
221 Resource companyResource = ResourceLocalServiceUtil.getResource(
222 companyId, className, ResourceConstants.SCOPE_COMPANY,
223 String.valueOf(companyId));
224
225 companyResourceId = companyResource.getResourceId();
226 }
227 catch (NoSuchResourceException nsre) {
228 }
229
230 long groupResourceId = 0;
231
232 try {
233 Resource groupResource = ResourceLocalServiceUtil.getResource(
234 companyId, className, ResourceConstants.SCOPE_GROUP,
235 String.valueOf(groupId));
236
237 groupResourceId = groupResource.getResourceId();
238 }
239 catch (NoSuchResourceException nsre) {
240 }
241
242 for (Role role : roles) {
243 if (role.getName().equals(RoleConstants.ADMINISTRATOR)) {
244 return query;
245 }
246
247 long roleId = role.getRoleId();
248
249 if (hasPermission(roleId, companyResourceId) ||
250 hasPermission(roleId, groupResourceId)) {
251
252 return query;
253 }
254
255 permissionQuery.addTerm(Field.ROLE_ID, role.getRoleId());
256 }
257
258 fullQuery.add(query, BooleanClauseOccur.MUST);
259 fullQuery.add(permissionQuery, BooleanClauseOccur.MUST);
260
261 return fullQuery;
262 }
263
264 protected Query doGetPermissionQuery_6(
265 long companyId, long groupId, long userId, String className,
266 Query query)
267 throws Exception {
268
269 BooleanQuery fullQuery = BooleanQueryFactoryUtil.create();
270
271 BooleanQuery permissionQuery = BooleanQueryFactoryUtil.create();
272
273 List<Role> roles = RoleLocalServiceUtil.getUserRoles(userId);
274
275 roles = ListUtil.copy(roles);
276
277 roles.addAll(RoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
278 roles.addAll(
279 RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId));
280
281 long defaultUserId = UserLocalServiceUtil.getDefaultUserId(companyId);
282
283 if (defaultUserId != userId) {
284 roles.add(
285 RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST));
286 }
287
288 for (Role role : roles) {
289 if (role.getName().equals(RoleConstants.ADMINISTRATOR)) {
290 return query;
291 }
292
293 long roleId = role.getRoleId();
294
295 if (ResourcePermissionLocalServiceUtil.hasResourcePermission(
296 companyId, className, ResourceConstants.SCOPE_COMPANY,
297 String.valueOf(companyId), roleId, ActionKeys.VIEW) ||
298 ResourcePermissionLocalServiceUtil.hasResourcePermission(
299 companyId, className, ResourceConstants.SCOPE_GROUP,
300 String.valueOf(groupId), roleId, ActionKeys.VIEW)) {
301
302 return query;
303 }
304
305 permissionQuery.addTerm(Field.ROLE_ID, roleId);
306 }
307
308 fullQuery.add(query, BooleanClauseOccur.MUST);
309 fullQuery.add(permissionQuery, BooleanClauseOccur.MUST);
310
311 return fullQuery;
312 }
313
314 protected void doUpdatePermissionFields_5(long resourceId)
315 throws Exception {
316
317 Resource resource = ResourceLocalServiceUtil.getResource(resourceId);
318
319 Indexer indexer = IndexerRegistryUtil.getIndexer(resource.getName());
320
321 if (indexer != null) {
322 indexer.reIndex(
323 resource.getName(), GetterUtil.getLong(resource.getPrimKey()));
324 }
325 }
326
327 protected void doUpdatePermissionFields_6(
328 String resourceName, String resourceClassPK)
329 throws Exception {
330
331 Indexer indexer = IndexerRegistryUtil.getIndexer(resourceName);
332
333 if (indexer != null) {
334 indexer.reIndex(resourceName, GetterUtil.getLong(resourceClassPK));
335 }
336 }
337
338 protected boolean hasPermission(long roleId, long resourceId)
339 throws SystemException {
340
341 if (resourceId == 0) {
342 return false;
343 }
344
345 List<Permission> permissions =
346 PermissionLocalServiceUtil.getRolePermissions(roleId, resourceId);
347
348 List<String> actions = ResourceActionsUtil.getActions(permissions);
349
350 if (actions.contains(ActionKeys.VIEW)) {
351 return true;
352 }
353 else {
354 return false;
355 }
356 }
357
358 private static Log _log =
359 LogFactoryUtil.getLog(SearchPermissionCheckerImpl.class);
360
361 }