1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.upgrade.v5_2_0;
24  
25  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
26  import com.liferay.portal.kernel.dao.jdbc.SmartResultSet;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.upgrade.UpgradeProcess;
30  import com.liferay.portal.kernel.util.GetterUtil;
31  import com.liferay.portal.model.Layout;
32  import com.liferay.portal.model.Permission;
33  import com.liferay.portal.model.PortletConstants;
34  import com.liferay.portal.model.Resource;
35  import com.liferay.portal.model.ResourceConstants;
36  import com.liferay.portal.service.LayoutLocalServiceUtil;
37  import com.liferay.portal.service.PermissionLocalServiceUtil;
38  import com.liferay.portal.service.ResourceLocalServiceUtil;
39  
40  import java.sql.Connection;
41  import java.sql.PreparedStatement;
42  import java.sql.ResultSet;
43  
44  /**
45   * <a href="UpgradePortletPermissions.java.html"><b><i>View Source</i></b></a>
46   *
47   * @author Jorge Ferrer
48   */
49  public class UpgradePortletPermissions extends UpgradeProcess {
50  
51      protected void doUpgrade() throws Exception {
52          updatePortletPermissions(
53              "33", "com.liferay.portlet.blogs", new String[] {"ADD_ENTRY"});
54  
55          updatePortletPermissions(
56              "28", "com.liferay.portlet.bookmarks", new String[] {"ADD_FOLDER"});
57  
58          updatePortletPermissions(
59              "8", "com.liferay.portlet.calendar",
60              new String[] {"ADD_EVENT", "EXPORT_ALL_EVENTS"});
61  
62          updatePortletPermissions(
63              "20", "com.liferay.portlet.documentlibrary",
64              new String[] {"ADD_FOLDER"});
65  
66          updatePortletPermissions(
67              "31", "com.liferay.portlet.imagegallery",
68              new String[] {"ADD_FOLDER"});
69  
70          updatePortletPermissions(
71              "15", "com.liferay.portlet.journal",
72              new String[] {
73                  "ADD_ARTICLE", "ADD_FEED", "ADD_STRUCTURE", "ADD_TEMPLATE",
74                  "APPROVE_ARTICLE"
75              });
76  
77          updatePortletPermissions(
78              "19", "com.liferay.portlet.messageboards",
79              new String[] {"ADD_CATEGORY", "BAN_USER"});
80  
81          updatePortletPermissions(
82              "25", "com.liferay.portlet.polls", new String[] {"ADD_QUESTION"});
83  
84          updatePortletPermissions(
85              "34", "com.liferay.portlet.shopping",
86              new String[] {"ADD_CATEGORY", "MANAGE_COUPONS", "MANAGE_ORDERS"});
87  
88          updatePortletPermissions(
89              "98", "com.liferay.portlet.softwarecatalog",
90              new String[] {"ADD_FRAMEWORK_VERSION", "ADD_PRODUCT_ENTRY"});
91  
92          updatePortletPermissions(
93              "99", "com.liferay.portlet.tags",
94              new String[] {"ADD_ENTRY", "ADD_VOCABULARY"});
95  
96          updatePortletPermissions(
97              "36", "com.liferay.portlet.wiki", new String[] {"ADD_NODE"});
98      }
99  
100     protected long getPortletPermissionsCount(
101             String actionId, long resourceId, String modelName)
102         throws Exception {
103 
104         Connection con = null;
105         PreparedStatement ps = null;
106         ResultSet rs = null;
107 
108         try {
109             con = DataAccess.getConnection();
110 
111             StringBuilder sb = new StringBuilder();
112 
113             sb.append("select count(*) from Permission_ ");
114             sb.append("inner join Resource_ on Resource_.resourceId = ");
115             sb.append("Permission_.resourceId inner join ResourceCode on ");
116             sb.append("ResourceCode.codeId = Resource_.codeId where ");
117             sb.append("Permission_.actionId = ? and ");
118             sb.append("Permission_.resourceId = ? and ResourceCode.name = ? ");
119             sb.append("and ResourceCode.scope = ? ");
120 
121             String sql = sb.toString();
122 
123             ps = con.prepareStatement(sql);
124 
125             ps.setString(1, actionId);
126             ps.setLong(2, resourceId);
127             ps.setString(3, modelName);
128             ps.setInt(4, ResourceConstants.SCOPE_INDIVIDUAL);
129 
130             rs = ps.executeQuery();
131 
132             rs.next();
133 
134             return rs.getLong(1);
135         }
136         finally {
137             DataAccess.cleanUp(con, ps, rs);
138         }
139     }
140 
141     protected void updatePortletPermission(
142             long permissionId, String actionId, String primKey,
143             String modelName, int scope)
144         throws Exception {
145 
146         long plid = GetterUtil.getLong(
147             primKey.substring(
148                 0, primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR)));
149 
150         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
151 
152         Resource resource = ResourceLocalServiceUtil.addResource(
153             layout.getCompanyId(), modelName, scope,
154             String.valueOf(layout.getGroupId()));
155 
156         long portletPermissionCount = getPortletPermissionsCount(
157             actionId, resource.getResourceId(), modelName);
158 
159         if (portletPermissionCount == 0) {
160             Permission permission = PermissionLocalServiceUtil.getPermission(
161                 permissionId);
162 
163             permission.setResourceId(resource.getResourceId());
164 
165             PermissionLocalServiceUtil.updatePermission(permission);
166         }
167         else {
168             runSQL(
169                 "delete from Permission_ where permissionId = " + permissionId);
170         }
171     }
172 
173     protected void updatePortletPermissions(
174             String portletName, String modelName, String[] actionIds)
175         throws Exception {
176 
177         Connection con = null;
178         PreparedStatement ps = null;
179         ResultSet rs = null;
180 
181         try {
182             con = DataAccess.getConnection();
183 
184             StringBuilder sb = new StringBuilder();
185 
186             sb.append("select Permission_.permissionId, ");
187             sb.append("Permission_.actionId, Resource_.primKey, ");
188             sb.append("ResourceCode.scope from Permission_ ");
189             sb.append("inner join Resource_ on Resource_.resourceId = ");
190             sb.append("Permission_.resourceId inner join ResourceCode on ");
191             sb.append("ResourceCode.codeId = Resource_.codeId where (");
192 
193             for (int i = 0; i < actionIds.length; i++) {
194                 String actionId = actionIds[i];
195 
196                 sb.append("Permission_.actionId = '");
197                 sb.append(actionId);
198                 sb.append("'");
199 
200                 if (i < (actionIds.length - 1)) {
201                     sb.append(" or ");
202                 }
203             }
204 
205             sb.append(") and ResourceCode.name = ? and ResourceCode.scope = ?");
206 
207             String sql = sb.toString();
208 
209             ps = con.prepareStatement(sql);
210 
211             ps.setString(1, portletName);
212             ps.setInt(2, ResourceConstants.SCOPE_INDIVIDUAL);
213 
214             rs = ps.executeQuery();
215 
216             SmartResultSet srs = new SmartResultSet(rs);
217 
218             while (srs.next()) {
219                 long permissionId = srs.getLong("Permission_.permissionId");
220                 String actionId = srs.getString("Permission_.actionId");
221                 String primKey = srs.getString("Resource_.primKey");
222                 int scope = srs.getInt("ResourceCode.scope");
223 
224                 try {
225                     updatePortletPermission(
226                         permissionId, actionId, primKey, modelName, scope);
227                 }
228                 catch (Exception e) {
229                     _log.error(
230                         "Unable to upgrade permission " + permissionId, e);
231                 }
232             }
233         }
234         finally {
235             DataAccess.cleanUp(con, ps, rs);
236         }
237     }
238 
239     private static Log _log = LogFactoryUtil.getLog(
240         UpgradePortletPermissions.class);
241 
242 }