001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.NoSuchPermissionException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.search.SearchEngineUtil;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.Company;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.OrgGroupPermission;
029 import com.liferay.portal.model.Organization;
030 import com.liferay.portal.model.Permission;
031 import com.liferay.portal.model.Resource;
032 import com.liferay.portal.model.ResourceCode;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.RoleConstants;
036 import com.liferay.portal.model.User;
037 import com.liferay.portal.model.UserGroup;
038 import com.liferay.portal.security.permission.PermissionCacheUtil;
039 import com.liferay.portal.security.permission.PermissionCheckerBag;
040 import com.liferay.portal.security.permission.PermissionThreadLocal;
041 import com.liferay.portal.security.permission.ResourceActionsUtil;
042 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044 import com.liferay.portal.util.PortalUtil;
045 import com.liferay.portal.util.PropsValues;
046 import com.liferay.portal.util.comparator.PermissionComparator;
047
048 import java.util.ArrayList;
049 import java.util.HashSet;
050 import java.util.Iterator;
051 import java.util.List;
052 import java.util.Map;
053 import java.util.Set;
054
055 import org.apache.commons.lang.time.StopWatch;
056
057
064 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
065
066
082 public Permission addPermission(
083 long companyId, String actionId, long resourceId)
084 throws SystemException {
085
086 Permission permission = permissionPersistence.fetchByA_R(
087 actionId, resourceId);
088
089 if (permission == null) {
090 long permissionId = counterLocalService.increment(
091 Permission.class.getName());
092
093 permission = permissionPersistence.create(permissionId);
094
095 permission.setCompanyId(companyId);
096 permission.setActionId(actionId);
097 permission.setResourceId(resourceId);
098
099 permissionPersistence.update(permission, false);
100 }
101
102 return permission;
103 }
104
105
120 public List<Permission> addPermissions(
121 long companyId, List<String> actionIds, long resourceId)
122 throws SystemException {
123
124 List<Permission> permissions = permissionPersistence.findByResourceId(
125 resourceId);
126
127 permissions = ListUtil.copy(permissions);
128
129 Set<String> actionIdsSet = new HashSet<String>();
130
131 for (Permission permission : permissions) {
132 actionIdsSet.add(permission.getActionId());
133 }
134
135 for (String actionId : actionIds) {
136 if (actionIdsSet.contains(actionId)) {
137 continue;
138 }
139
140 long permissionId = counterLocalService.increment(
141 Permission.class.getName());
142
143 Permission permission = permissionPersistence.create(permissionId);
144
145 permission.setCompanyId(companyId);
146 permission.setActionId(actionId);
147 permission.setResourceId(resourceId);
148
149 try {
150 permissionPersistence.update(permission, false);
151 }
152 catch (SystemException se) {
153 if (_log.isWarnEnabled()) {
154 _log.warn(
155 "Add failed, fetch {actionId=" + actionId +
156 ", resourceId=" + resourceId + "}");
157 }
158
159 permission = permissionPersistence.fetchByA_R(
160 actionId, resourceId, false);
161
162 if (permission == null) {
163 throw se;
164 }
165 }
166
167 permissions.add(permission);
168 }
169
170 return permissions;
171 }
172
173
191 public List<Permission> addPermissions(
192 long companyId, String name, long resourceId,
193 boolean portletActions)
194 throws SystemException {
195
196 List<String> actionIds = null;
197
198 if (portletActions) {
199 actionIds = ResourceActionsUtil.getPortletResourceActions(name);
200 }
201 else {
202 actionIds = ResourceActionsUtil.getModelResourceActions(name);
203 }
204
205 return addPermissions(companyId, actionIds, resourceId);
206 }
207
208
217 public void addUserPermissions(
218 long userId, String[] actionIds, long resourceId)
219 throws PortalException, SystemException {
220
221 User user = userPersistence.findByPrimaryKey(userId);
222
223 List<Permission> permissions = permissionFinder.findByU_R(
224 userId, resourceId);
225
226 permissions = getPermissions(
227 user.getCompanyId(), actionIds, resourceId);
228
229 userPersistence.addPermissions(userId, permissions);
230
231 PermissionCacheUtil.clearCache();
232 }
233
234
243 public void checkPermissions(String name, List<String> actionIds)
244 throws PortalException, SystemException {
245
246 List<String> groupDefaultActions =
247 ResourceActionsUtil.getModelResourceGroupDefaultActions(name);
248 List<String> guestDefaultActions =
249 ResourceActionsUtil.getModelResourceGuestDefaultActions(name);
250
251 List<Company> companies = companyPersistence.findAll();
252
253 for (Company company : companies) {
254 long companyId = company.getCompanyId();
255
256 ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
257 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
258
259 if (resourceCode == null) {
260 continue;
261 }
262
263 Role guestRole = rolePersistence.fetchByC_N(
264 companyId, RoleConstants.GUEST);
265 Role ownerRole = rolePersistence.fetchByC_N(
266 companyId, RoleConstants.OWNER);
267 Role siteMemberRole = rolePersistence.fetchByC_N(
268 companyId, RoleConstants.SITE_MEMBER);
269
270 for (String actionId : actionIds) {
271 List<Resource> resources = resourceFinder.findByNoActions(
272 resourceCode.getCodeId(), actionId);
273
274 List<Permission> permissions = new ArrayList<Permission>(
275 resources.size());
276
277 for (Resource resource : resources) {
278 long permissionId = counterLocalService.increment(
279 Permission.class.getName());
280
281 Permission permission = permissionPersistence.create(
282 permissionId);
283
284 permission.setCompanyId(companyId);
285 permission.setActionId(actionId);
286 permission.setResourceId(resource.getResourceId());
287
288 permissionPersistence.update(permission, false);
289
290 permissions.add(permission);
291 }
292
293 if ((guestRole != null) &&
294 guestDefaultActions.contains(actionId)) {
295
296 rolePersistence.addPermissions(
297 guestRole.getRoleId(), permissions);
298 }
299
300 if (ownerRole != null) {
301 rolePersistence.addPermissions(
302 ownerRole.getRoleId(), permissions);
303 }
304
305 if ((siteMemberRole != null) &&
306 groupDefaultActions.contains(actionId)) {
307
308 rolePersistence.addPermissions(
309 siteMemberRole.getRoleId(), permissions);
310 }
311
312 for (Resource resource : resources) {
313 SearchEngineUtil.updatePermissionFields(
314 resource.getResourceId());
315 }
316 }
317 }
318
319 PermissionCacheUtil.clearCache();
320 }
321
322
328 public List<String> getActions(List<Permission> permissions) {
329 List<String> actionIds = new ArrayList<String>();
330
331 Iterator<Permission> itr = permissions.iterator();
332
333 while (itr.hasNext()) {
334 Permission permission = itr.next();
335
336 actionIds.add(permission.getActionId());
337 }
338
339 return actionIds;
340 }
341
342
350 public List<Permission> getGroupPermissions(long groupId, long resourceId)
351 throws SystemException {
352
353 return permissionFinder.findByG_R(groupId, resourceId);
354 }
355
356
369 public List<Permission> getGroupPermissions(
370 long groupId, long companyId, String name, int scope,
371 String primKey)
372 throws SystemException {
373
374 return permissionFinder.findByG_C_N_S_P(
375 groupId, companyId, name, scope, primKey);
376 }
377
378
384 public long getLatestPermissionId() throws SystemException {
385 List<Permission> permissions = permissionPersistence.findAll(
386 0, 1, new PermissionComparator());
387
388 if (permissions.size() == 0) {
389 return 0;
390 }
391 else {
392 Permission permission = permissions.get(0);
393
394 return permission.getPermissionId();
395 }
396 }
397
398
409 public List<Permission> getOrgGroupPermissions(
410 long organizationId, long groupId, long resourceId)
411 throws SystemException {
412
413 return permissionFinder.findByO_G_R(
414 organizationId, groupId, resourceId);
415 }
416
417
428 public List<Permission> getPermissions(
429 long companyId, String[] actionIds, long resourceId)
430 throws SystemException {
431
432 List<Permission> permissions = new ArrayList<Permission>();
433
434 for (String actionId : actionIds) {
435 Permission permission = addPermission(
436 companyId, actionId, resourceId);
437
438 permissions.add(permission);
439 }
440
441 return permissions;
442 }
443
444
451 public List<Permission> getRolePermissions(long roleId)
452 throws SystemException {
453
454 return rolePersistence.getPermissions(roleId);
455 }
456
457 public List<Permission> getRolePermissions(long roleId, int[] scopes)
458 throws SystemException {
459
460 return permissionFinder.findByR_S(roleId, scopes);
461 }
462
463
471 public List<Permission> getRolePermissions(long roleId, long resourceId)
472 throws SystemException {
473
474 return permissionFinder.findByR_R(roleId, resourceId);
475 }
476
477
484 public List<Permission> getUserPermissions(long userId)
485 throws SystemException {
486
487 return userPersistence.getPermissions(userId);
488 }
489
490
498 public List<Permission> getUserPermissions(long userId, long resourceId)
499 throws SystemException {
500
501 return permissionFinder.findByU_R(userId, resourceId);
502 }
503
504
516 public List<Permission> getUserPermissions(
517 long userId, long companyId, String name, int scope, String primKey)
518 throws SystemException {
519
520 return permissionFinder.findByU_C_N_S_P(
521 userId, companyId, name, scope, primKey);
522 }
523
524
535 public boolean hasGroupPermission(
536 long groupId, String actionId, long resourceId)
537 throws SystemException {
538
539 Permission permission = permissionPersistence.fetchByA_R(
540 actionId, resourceId);
541
542
543
544
545 if (permission == null) {
546 return false;
547 }
548
549 return groupPersistence.containsPermission(
550 groupId, permission.getPermissionId());
551 }
552
553
567 public boolean hasRolePermission(
568 long roleId, long companyId, String name, int scope,
569 String actionId)
570 throws SystemException {
571
572 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
573 companyId, name, scope);
574
575 if (permissionFinder.countByR_A_C(
576 roleId, actionId, resourceCode.getCodeId()) > 0) {
577
578 return true;
579 }
580 else {
581 return false;
582 }
583 }
584
585
600 public boolean hasRolePermission(
601 long roleId, long companyId, String name, int scope, String primKey,
602 String actionId)
603 throws SystemException {
604
605 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
606 companyId, name, scope);
607
608 Resource resource = resourcePersistence.fetchByC_P(
609 resourceCode.getCodeId(), primKey);
610
611 if (resource == null) {
612 return false;
613 }
614
615 Permission permission = permissionPersistence.fetchByA_R(
616 actionId, resource.getResourceId());
617
618 if (permission == null) {
619 return false;
620 }
621
622 return rolePersistence.containsPermission(
623 roleId, permission.getPermissionId());
624 }
625
626
637 public boolean hasUserPermission(
638 long userId, String actionId, long resourceId)
639 throws SystemException {
640
641 Permission permission = permissionPersistence.fetchByA_R(
642 actionId, resourceId);
643
644
645
646
647 if (permission == null) {
648 return false;
649 }
650
651 return userPersistence.containsPermission(
652 userId, permission.getPermissionId());
653 }
654
655
678 public boolean hasUserPermissions(
679 long userId, long groupId, List<Resource> resources,
680 String actionId, PermissionCheckerBag permissionCheckerBag)
681 throws PortalException, SystemException {
682
683 StopWatch stopWatch = null;
684
685 if (_log.isDebugEnabled()) {
686 stopWatch = new StopWatch();
687
688 stopWatch.start();
689 }
690
691 int block = 1;
692
693
694
695 if (Validator.isNull(actionId) || resources.isEmpty()) {
696 return false;
697 }
698
699 long[] resourceIds = null;
700
701 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
702 resourceIds = new long[resources.size()];
703
704 for (int i = 0; i < resources.size(); i++) {
705 Resource resource = resources.get(i);
706
707 resourceIds[i] = resource.getResourceId();
708 }
709 }
710
711 List<Permission> permissions = null;
712
713 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
714 permissions = permissionFinder.findByA_R(actionId, resourceIds);
715
716
717
718 if (permissions.size() == 0) {
719 return false;
720 }
721 }
722
723
724
725 long resourceId = 0;
726
727 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
728 resourceId = resourceIds[0];
729 }
730 else {
731 resourceId = resources.get(0).getResourceId();
732 }
733
734 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
735
736
737
738
739
740
741 List<Group> groups = permissionCheckerBag.getGroups();
742 List<Role> roles = permissionCheckerBag.getRoles();
743
744 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
745
746
747
748
749
750
751
752
753
754 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
755
756 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
757 return hasUserPermissions_1(
758 userId, resourceId, actionId, permissions, groups, groupId,
759 stopWatch, block);
760 }
761 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
762 return hasUserPermissions_2(
763 userId, resourceId, actionId, permissions, groups, groupId,
764 stopWatch, block);
765 }
766 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
767 return hasUserPermissions_3(
768 userId, resourceId, actionId, permissions, groups, roles,
769 stopWatch, block);
770 }
771 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
772 return hasUserPermissions_4(
773 userId, resourceId, actionId, permissions, groups, roles,
774 stopWatch, block);
775 }
776 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
777 return hasUserPermissions_5(
778 userId, resourceId, actionId, permissions, roles, stopWatch,
779 block);
780 }
781 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
782 return hasUserPermissions_6(
783 userId, resourceId, resources, actionId,
784 permissionCheckerBag.getRoleIds(), stopWatch, block);
785 }
786
787 return false;
788 }
789
790
804 public void setContainerResourcePermissions(
805 String name, String roleName, String actionId)
806 throws PortalException, SystemException {
807
808 List<Company> companies = companyPersistence.findAll();
809
810 for (Company company : companies) {
811 setContainerResourcePermissions(
812 company.getCompanyId(), name, roleName, actionId);
813 }
814 }
815
816
827 public void setGroupPermissions(
828 long groupId, String[] actionIds, long resourceId)
829 throws PortalException, SystemException {
830
831 Group group = groupPersistence.findByPrimaryKey(groupId);
832
833 List<Permission> permissions = permissionFinder.findByG_R(
834 groupId, resourceId);
835
836 for (Permission permission : permissions) {
837 groupPersistence.removePermission(groupId, permission);
838 }
839
840 permissions = getPermissions(
841 group.getCompanyId(), actionIds, resourceId);
842
843 groupPersistence.addPermissions(groupId, permissions);
844
845 PermissionCacheUtil.clearCache();
846 }
847
848
864 public void setGroupPermissions(
865 String className, String classPK, long groupId, String[] actionIds,
866 long resourceId)
867 throws PortalException, SystemException {
868
869 long associatedGroupId = 0;
870
871 if (className.equals(Organization.class.getName())) {
872 long organizationId = GetterUtil.getLong(classPK);
873
874 Organization organization =
875 organizationPersistence.findByPrimaryKey(organizationId);
876
877 orgGroupPermissionFinder.removeByO_G_R(
878 organizationId, groupId, resourceId);
879
880 associatedGroupId = organization.getGroup().getGroupId();
881 }
882 else if (className.equals(UserGroup.class.getName())) {
883 long userGroupId = GetterUtil.getLong(classPK);
884
885 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
886 userGroupId);
887
888 associatedGroupId = userGroup.getGroup().getGroupId();
889 }
890
891 setGroupPermissions(associatedGroupId, actionIds, resourceId);
892 }
893
894
908 public void setOrgGroupPermissions(
909 long organizationId, long groupId, String[] actionIds,
910 long resourceId)
911 throws PortalException, SystemException {
912
913 Organization organization = organizationPersistence.findByPrimaryKey(
914 organizationId);
915
916 long orgGroupId = organization.getGroup().getGroupId();
917
918 List<Permission> permissions = permissionPersistence.findByResourceId(
919 resourceId);
920
921 for (Permission permission : permissions) {
922 groupPersistence.removePermission(orgGroupId, permission);
923 }
924
925 permissions = getPermissions(
926 organization.getCompanyId(), actionIds, resourceId);
927
928 orgGroupPermissionFinder.removeByO_G_R(
929 organizationId, groupId, resourceId);
930
931 for (Permission permission : permissions) {
932 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
933 organizationId, groupId, permission.getPermissionId());
934
935 OrgGroupPermission orgGroupPermission =
936 orgGroupPermissionPersistence.create(pk);
937
938 orgGroupPermissionPersistence.update(orgGroupPermission, false);
939 }
940
941 PermissionCacheUtil.clearCache();
942 }
943
944
958 public void setRolePermission(
959 long roleId, long companyId, String name, int scope, String primKey,
960 String actionId)
961 throws PortalException, SystemException {
962
963 if (scope == ResourceConstants.SCOPE_COMPANY) {
964
965
966
967 unsetRolePermissions(
968 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
969 actionId);
970 }
971 else if (scope == ResourceConstants.SCOPE_GROUP) {
972
973
974
975 unsetRolePermissions(
976 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
977 actionId);
978 }
979 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
980 throw new NoSuchPermissionException();
981 }
982
983 Resource resource = resourceLocalService.addResource(
984 companyId, name, scope, primKey);
985
986 long resourceId = resource.getResourceId();
987
988 Permission permission = permissionPersistence.fetchByA_R(
989 actionId, resourceId);
990
991 if (permission == null) {
992 long permissionId = counterLocalService.increment(
993 Permission.class.getName());
994
995 permission = permissionPersistence.create(permissionId);
996
997 permission.setCompanyId(companyId);
998 permission.setActionId(actionId);
999 permission.setResourceId(resourceId);
1000
1001 permissionPersistence.update(permission, false);
1002 }
1003
1004 rolePersistence.addPermission(roleId, permission);
1005
1006 PermissionCacheUtil.clearCache();
1007
1008 SearchEngineUtil.updatePermissionFields(resourceId);
1009 }
1010
1011
1026 public void setRolePermissions(
1027 long roleId, long companyId, String name, int scope, String primKey,
1028 String[] actionIds)
1029 throws PortalException, SystemException {
1030
1031 for (String actionId : actionIds) {
1032 setRolePermission(
1033 roleId, companyId, name, scope, primKey, actionId);
1034 }
1035 }
1036
1037
1047 public void setRolePermissions(
1048 long roleId, String[] actionIds, long resourceId)
1049 throws PortalException, SystemException {
1050
1051 Role role = rolePersistence.findByPrimaryKey(roleId);
1052
1053 List<Permission> permissions = permissionFinder.findByR_R(
1054 roleId, resourceId);
1055
1056 rolePersistence.removePermissions(roleId, permissions);
1057
1058 permissions = getPermissions(
1059 role.getCompanyId(), actionIds, resourceId);
1060
1061 rolePersistence.addPermissions(roleId, permissions);
1062
1063 PermissionCacheUtil.clearCache();
1064
1065 SearchEngineUtil.updatePermissionFields(resourceId);
1066 }
1067
1068
1079 public void setRolesPermissions(
1080 long companyId, Map<Long, String[]> roleIdsToActionIds,
1081 long resourceId)
1082 throws SystemException {
1083
1084 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1085
1086 PermissionThreadLocal.setIndexEnabled(false);
1087
1088 try {
1089 for (Map.Entry<Long, String[]> entry :
1090 roleIdsToActionIds.entrySet()) {
1091
1092 long roleId = entry.getKey();
1093 String[] actionIds = entry.getValue();
1094
1095 List<Permission> permissions = permissionFinder.findByR_R(
1096 roleId, resourceId);
1097
1098 rolePersistence.removePermissions(roleId, permissions);
1099
1100 permissions = getPermissions(companyId, actionIds, resourceId);
1101
1102 rolePersistence.addPermissions(roleId, permissions);
1103 }
1104 }
1105 finally {
1106 PermissionThreadLocal.setIndexEnabled(flushEnabled);
1107
1108 PermissionCacheUtil.clearCache();
1109
1110 SearchEngineUtil.updatePermissionFields(resourceId);
1111 }
1112 }
1113
1114
1127 public void setRolesPermissions(
1128 long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1129 int scope, String primKey)
1130 throws SystemException {
1131
1132 Resource resource = resourceLocalService.fetchResource(
1133 companyId, name, scope, String.valueOf(primKey));
1134
1135 if (resource == null) {
1136 resource = resourceLocalService.addResource(
1137 companyId, name, scope, String.valueOf(primKey));
1138 }
1139
1140 if (resource == null) {
1141 return;
1142 }
1143
1144 setRolesPermissions(
1145 companyId, roleIdsToActionIds, resource.getResourceId());
1146 }
1147
1148
1158 public void setUserPermissions(
1159 long userId, String[] actionIds, long resourceId)
1160 throws PortalException, SystemException {
1161
1162 User user = userPersistence.findByPrimaryKey(userId);
1163
1164 List<Permission> permissions = permissionFinder.findByU_R(
1165 userId, resourceId);
1166
1167 userPersistence.removePermissions(userId, permissions);
1168
1169 permissions = getPermissions(
1170 user.getCompanyId(), actionIds, resourceId);
1171
1172 userPersistence.addPermissions(userId, permissions);
1173
1174 PermissionCacheUtil.clearCache();
1175 }
1176
1177
1184 public void unsetRolePermission(long roleId, long permissionId)
1185 throws SystemException {
1186
1187 Permission permission = permissionPersistence.fetchByPrimaryKey(
1188 permissionId);
1189
1190 if (permission != null) {
1191 rolePersistence.removePermission(roleId, permission);
1192 }
1193
1194 PermissionCacheUtil.clearCache();
1195 }
1196
1197
1209 public void unsetRolePermission(
1210 long roleId, long companyId, String name, int scope, String primKey,
1211 String actionId)
1212 throws SystemException {
1213
1214 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1215 companyId, name, scope);
1216
1217 Resource resource = resourcePersistence.fetchByC_P(
1218 resourceCode.getCodeId(), primKey);
1219
1220 if (resource != null) {
1221 Permission permission = permissionPersistence.fetchByA_R(
1222 actionId, resource.getResourceId());
1223
1224 if (permission != null) {
1225 rolePersistence.removePermission(roleId, permission);
1226 }
1227 }
1228
1229 PermissionCacheUtil.clearCache();
1230 }
1231
1232
1243 public void unsetRolePermissions(
1244 long roleId, long companyId, String name, int scope,
1245 String actionId)
1246 throws SystemException {
1247
1248 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1249 companyId, name, scope);
1250
1251 List<Permission> permissions = permissionFinder.findByA_C(
1252 actionId, resourceCode.getCodeId());
1253
1254 for (Permission permission : permissions) {
1255 rolePersistence.removePermission(roleId, permission);
1256 }
1257
1258 PermissionCacheUtil.clearCache();
1259 }
1260
1261
1269 public void unsetUserPermissions(
1270 long userId, String[] actionIds, long resourceId)
1271 throws SystemException {
1272
1273 List<Permission> permissions = permissionFinder.findByU_A_R(
1274 userId, actionIds, resourceId);
1275
1276 userPersistence.removePermissions(userId, permissions);
1277
1278 PermissionCacheUtil.clearCache();
1279 }
1280
1281 protected boolean checkOrgGroupPermission(
1282 List<Organization> organizations, List<Group> groups,
1283 List<Permission> permissions)
1284 throws PortalException, SystemException {
1285
1286 for (Permission permission : permissions) {
1287 if (checkOrgGroupPermission(organizations, groups, permission)) {
1288 return true;
1289 }
1290 }
1291
1292 return false;
1293 }
1294
1295 protected boolean checkOrgGroupPermission(
1296 List<Organization> organizations, List<Group> groups,
1297 Permission permission)
1298 throws PortalException, SystemException {
1299
1300
1301
1302
1303 if ((organizations.size() == 0) || (groups.size() == 0)) {
1304 return false;
1305 }
1306
1307
1308
1309
1310 List<OrgGroupPermission> orgGroupPermissions =
1311 orgGroupPermissionPersistence.findByPermissionId(
1312 permission.getPermissionId());
1313
1314 if (orgGroupPermissions.size() == 0) {
1315 return false;
1316 }
1317
1318 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1319 if (orgGroupPermission.containsOrganization(organizations) &&
1320 orgGroupPermission.containsGroup(groups)) {
1321
1322 return true;
1323 }
1324 }
1325
1326
1327
1328
1329
1330 throw new NoSuchPermissionException(
1331 "User has a permission in OrgGroupPermission that does not match");
1332 }
1333
1334 protected boolean hasUserPermissions_1(
1335 long userId, long resourceId, String actionId,
1336 List<Permission> permissions, List<Group> groups, long groupId,
1337 StopWatch stopWatch, int block)
1338 throws SystemException {
1339
1340
1341
1342
1343 if (groups.size() > 0) {
1344 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1345 return true;
1346 }
1347 }
1348
1349 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1350
1351
1352
1353
1354 if (groups.size() > 0) {
1355 if (permissionFinder.countByGroupsPermissions(
1356 permissions, groups) > 0) {
1357
1358 return true;
1359 }
1360 }
1361
1362 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1363
1364
1365
1366 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1367 return true;
1368 }
1369
1370 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1371
1372
1373
1374 if (permissionFinder.countByUserGroupRole(
1375 permissions, userId, groupId) > 0) {
1376
1377 return true;
1378 }
1379
1380 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1381
1382
1383
1384 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1385 return true;
1386 }
1387
1388 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1389
1390 return false;
1391 }
1392
1393 protected boolean hasUserPermissions_2(
1394 long userId, long resourceId, String actionId,
1395 List<Permission> permissions, List<Group> groups, long groupId,
1396 StopWatch stopWatch, int block)
1397 throws SystemException {
1398
1399
1400
1401
1402 if (permissionFinder.containsPermissions_2(
1403 permissions, userId, groups, groupId)) {
1404
1405 return true;
1406 }
1407
1408 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1409
1410 return false;
1411 }
1412
1413 protected boolean hasUserPermissions_3(
1414 long userId, long resourceId, String actionId,
1415 List<Permission> permissions, List<Group> groups, List<Role> roles,
1416 StopWatch stopWatch, int block)
1417 throws SystemException {
1418
1419
1420
1421
1422 if (groups.size() > 0) {
1423 if (permissionFinder.countByGroupsPermissions(
1424 permissions, groups) > 0) {
1425
1426 return true;
1427 }
1428 }
1429
1430 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1431
1432
1433
1434
1435 if (roles.size() > 0) {
1436 if (permissionFinder.countByRolesPermissions(
1437 permissions, roles) > 0) {
1438
1439 return true;
1440 }
1441 }
1442
1443 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1444
1445
1446
1447 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1448 return true;
1449 }
1450
1451 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1452
1453 return false;
1454 }
1455
1456 protected boolean hasUserPermissions_4(
1457 long userId, long resourceId, String actionId,
1458 List<Permission> permissions, List<Group> groups, List<Role> roles,
1459 StopWatch stopWatch, int block)
1460 throws SystemException {
1461
1462
1463
1464
1465 if (permissionFinder.containsPermissions_4(
1466 permissions, userId, groups, roles)) {
1467
1468 return true;
1469 }
1470
1471 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1472
1473 return false;
1474 }
1475
1476 protected boolean hasUserPermissions_5(
1477 long userId, long resourceId, String actionId,
1478 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1479 int block)
1480 throws SystemException {
1481
1482 if (roles.size() > 0) {
1483 if (permissionFinder.countByRolesPermissions(
1484 permissions, roles) > 0) {
1485
1486 return true;
1487 }
1488 }
1489
1490 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1491
1492 return false;
1493 }
1494
1495 protected boolean hasUserPermissions_6(
1496 long userId, long resourceId, List<Resource> resources,
1497 String actionId, long[] roleIds, StopWatch stopWatch, int block)
1498 throws PortalException, SystemException {
1499
1500 boolean hasUserPermissions =
1501 resourcePermissionLocalService.hasResourcePermission(
1502 resources, roleIds, actionId);
1503
1504 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1505
1506 return hasUserPermissions;
1507 }
1508
1509 protected void logHasUserPermissions(
1510 long userId, long resourceId, String actionId, StopWatch stopWatch,
1511 int block) {
1512
1513 if (!_log.isDebugEnabled()) {
1514 return;
1515 }
1516
1517 _log.debug(
1518 "Checking user permissions block " + block + " for " + userId +
1519 " " + resourceId + " " + actionId + " takes " +
1520 stopWatch.getTime() + " ms");
1521 }
1522
1523 protected void setContainerResourcePermissions(
1524 long companyId, String name, String roleName, String actionId)
1525 throws PortalException, SystemException {
1526
1527 ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1528 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1529
1530 if (resourceCode == null) {
1531 return;
1532 }
1533
1534 long classNameId = 0;
1535
1536 Role role = rolePersistence.findByC_N(companyId, roleName);
1537
1538 if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
1539 classNameId = PortalUtil.getClassNameId(Organization.class);
1540 }
1541 else if (role.getType() == RoleConstants.TYPE_SITE) {
1542 classNameId = PortalUtil.getClassNameId(Group.class);
1543 }
1544
1545 List<Resource> resources = resourceFinder.findByContainerResource(
1546 resourceCode.getCodeId(), classNameId);
1547
1548 if (resources.isEmpty()) {
1549 return;
1550 }
1551
1552 List<Permission> permissions = new ArrayList<Permission>(
1553 resources.size());
1554
1555 for (Resource resource : resources) {
1556 Permission permission = permissionPersistence.fetchByA_R(
1557 actionId, resource.getResourceId());
1558
1559 if (permission == null) {
1560 long permissionId = counterLocalService.increment(
1561 Permission.class.getName());
1562
1563 permission = permissionPersistence.create(permissionId);
1564
1565 permission.setCompanyId(companyId);
1566 permission.setActionId(actionId);
1567 permission.setResourceId(resource.getResourceId());
1568
1569 permissionPersistence.update(permission, false);
1570 }
1571
1572 permissions.add(permission);
1573 }
1574
1575 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1576 !roleName.equals(RoleConstants.GUEST)) {
1577
1578 rolePersistence.addPermissions(role.getRoleId(), permissions);
1579 }
1580 else {
1581 long defaultUserId = userLocalService.getDefaultUserId(companyId);
1582
1583 userPersistence.addPermissions(defaultUserId, permissions);
1584 }
1585 }
1586
1587 private static Log _log = LogFactoryUtil.getLog(
1588 PermissionLocalServiceImpl.class);
1589
1590 }