001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchPermissionException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.search.SearchEngineUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.OrgGroupPermission;
029    import com.liferay.portal.model.Organization;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.Resource;
032    import com.liferay.portal.model.ResourceCode;
033    import com.liferay.portal.model.ResourceConstants;
034    import com.liferay.portal.model.Role;
035    import com.liferay.portal.model.RoleConstants;
036    import com.liferay.portal.model.User;
037    import com.liferay.portal.model.UserGroup;
038    import com.liferay.portal.security.permission.PermissionCacheUtil;
039    import com.liferay.portal.security.permission.PermissionCheckerBag;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.ResourceActionsUtil;
042    import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043    import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044    import com.liferay.portal.util.PortalUtil;
045    import com.liferay.portal.util.PropsValues;
046    import com.liferay.portal.util.comparator.PermissionComparator;
047    
048    import java.util.ArrayList;
049    import java.util.HashSet;
050    import java.util.Iterator;
051    import java.util.List;
052    import java.util.Map;
053    import java.util.Set;
054    
055    import org.apache.commons.lang.time.StopWatch;
056    
057    /**
058     * The implementation of the permission local service.
059     *
060     * @author Charles May
061     * @author Brian Wing Shun Chan
062     * @author Raymond Augé
063     */
064    public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
065    
066            /**
067             * Adds a permission to perform the action on the resource.
068             *
069             * <p>
070             * This method will retrieve the permission of the company, action, and
071             * resource with the primary keys. The method creates the permission if it
072             * fails to retrieve it.
073             * </p>
074             *
075             * @param  companyId the primary key of the company
076             * @param  actionId the action's ID
077             * @param  resourceId the primary key of the resource
078             * @return the permission of the company, action, and resource with the
079             *         primary keys
080             * @throws SystemException if a system exception occurred
081             */
082            public Permission addPermission(
083                            long companyId, String actionId, long resourceId)
084                    throws SystemException {
085    
086                    Permission permission = permissionPersistence.fetchByA_R(
087                            actionId, resourceId);
088    
089                    if (permission == null) {
090                            long permissionId = counterLocalService.increment(
091                                    Permission.class.getName());
092    
093                            permission = permissionPersistence.create(permissionId);
094    
095                            permission.setCompanyId(companyId);
096                            permission.setActionId(actionId);
097                            permission.setResourceId(resourceId);
098    
099                            permissionPersistence.update(permission, false);
100                    }
101    
102                    return permission;
103            }
104    
105            /**
106             * Adds permissions to perform the actions on the resource.
107             *
108             * <p>
109             * This method will retrieve the permissions of the company, actions, and
110             * resource with the primary keys. The method creates any permissions it
111             * fails to retrieve.
112             * </p>
113             *
114             * @param  companyId the primary key of the company
115             * @param  actionIds the primary keys of the actions
116             * @param  resourceId the primary key of the resource
117             * @return the permissions to perform the actions on the resource
118             * @throws SystemException if a system exception occurred
119             */
120            public List<Permission> addPermissions(
121                            long companyId, List<String> actionIds, long resourceId)
122                    throws SystemException {
123    
124                    List<Permission> permissions = permissionPersistence.findByResourceId(
125                            resourceId);
126    
127                    permissions = ListUtil.copy(permissions);
128    
129                    Set<String> actionIdsSet = new HashSet<String>();
130    
131                    for (Permission permission : permissions) {
132                            actionIdsSet.add(permission.getActionId());
133                    }
134    
135                    for (String actionId : actionIds) {
136                            if (actionIdsSet.contains(actionId)) {
137                                    continue;
138                            }
139    
140                            long permissionId = counterLocalService.increment(
141                                    Permission.class.getName());
142    
143                            Permission permission = permissionPersistence.create(permissionId);
144    
145                            permission.setCompanyId(companyId);
146                            permission.setActionId(actionId);
147                            permission.setResourceId(resourceId);
148    
149                            try {
150                                    permissionPersistence.update(permission, false);
151                            }
152                            catch (SystemException se) {
153                                    if (_log.isWarnEnabled()) {
154                                            _log.warn(
155                                                    "Add failed, fetch {actionId=" + actionId +
156                                                            ", resourceId=" + resourceId + "}");
157                                    }
158    
159                                    permission = permissionPersistence.fetchByA_R(
160                                            actionId, resourceId, false);
161    
162                                    if (permission == null) {
163                                            throw se;
164                                    }
165                            }
166    
167                            permissions.add(permission);
168                    }
169    
170                    return permissions;
171            }
172    
173            /**
174             * Adds permissions to perform either the portlet resource actions or model
175             * resource actions on the resource.
176             *
177             * <p>
178             * This method will retrieve the permissions of the company, actions, and
179             * resource with the primary keys. The method creates any permissions it
180             * fails to retrieve.
181             * </p>
182             *
183             * @param  companyId the primary key of the company
184             * @param  name the resource name
185             * @param  resourceId the primary key of the resource
186             * @param  portletActions whether to retrieve the action primary keys from
187             *         the portlet or the model resource
188             * @return the permissions to perform the actions on the resource
189             * @throws SystemException if a system exception occurred
190             */
191            public List<Permission> addPermissions(
192                            long companyId, String name, long resourceId,
193                            boolean portletActions)
194                    throws SystemException {
195    
196                    List<String> actionIds = null;
197    
198                    if (portletActions) {
199                            actionIds = ResourceActionsUtil.getPortletResourceActions(name);
200                    }
201                    else {
202                            actionIds = ResourceActionsUtil.getModelResourceActions(name);
203                    }
204    
205                    return addPermissions(companyId, actionIds, resourceId);
206            }
207    
208            /**
209             * Adds user permissions to perform the actions on the resource.
210             *
211             * @param  userId the primary key of the user
212             * @param  actionIds the primary keys of the actions
213             * @param  resourceId the primary key of the resource
214             * @throws PortalException if a user with the primary key could not be found
215             * @throws SystemException if a system exception occurred
216             */
217            public void addUserPermissions(
218                            long userId, String[] actionIds, long resourceId)
219                    throws PortalException, SystemException {
220    
221                    User user = userPersistence.findByPrimaryKey(userId);
222    
223                    List<Permission> permissions = permissionFinder.findByU_R(
224                            userId, resourceId);
225    
226                    permissions = getPermissions(
227                            user.getCompanyId(), actionIds, resourceId);
228    
229                    userPersistence.addPermissions(userId, permissions);
230    
231                    PermissionCacheUtil.clearCache();
232            }
233    
234            /**
235             * Checks to see if the actions are permitted on the named resource.
236             *
237             * @param  name the resource name
238             * @param  actionIds the primary keys of the actions
239             * @throws PortalException if the resource company or name could not be
240             *         found or were invalid
241             * @throws SystemException if a system exception occurred
242             */
243            public void checkPermissions(String name, List<String> actionIds)
244                    throws PortalException, SystemException {
245    
246                    List<String> groupDefaultActions =
247                            ResourceActionsUtil.getModelResourceGroupDefaultActions(name);
248                    List<String> guestDefaultActions =
249                            ResourceActionsUtil.getModelResourceGuestDefaultActions(name);
250    
251                    List<Company> companies = companyPersistence.findAll();
252    
253                    for (Company company : companies) {
254                            long companyId = company.getCompanyId();
255    
256                            ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
257                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
258    
259                            if (resourceCode == null) {
260                                    continue;
261                            }
262    
263                            Role guestRole = rolePersistence.fetchByC_N(
264                                    companyId, RoleConstants.GUEST);
265                            Role ownerRole = rolePersistence.fetchByC_N(
266                                    companyId, RoleConstants.OWNER);
267                            Role siteMemberRole = rolePersistence.fetchByC_N(
268                                    companyId, RoleConstants.SITE_MEMBER);
269    
270                            for (String actionId : actionIds) {
271                                    List<Resource> resources = resourceFinder.findByNoActions(
272                                            resourceCode.getCodeId(), actionId);
273    
274                                    List<Permission> permissions = new ArrayList<Permission>(
275                                            resources.size());
276    
277                                    for (Resource resource : resources) {
278                                            long permissionId = counterLocalService.increment(
279                                                    Permission.class.getName());
280    
281                                            Permission permission = permissionPersistence.create(
282                                                    permissionId);
283    
284                                            permission.setCompanyId(companyId);
285                                            permission.setActionId(actionId);
286                                            permission.setResourceId(resource.getResourceId());
287    
288                                            permissionPersistence.update(permission, false);
289    
290                                            permissions.add(permission);
291                                    }
292    
293                                    if ((guestRole != null) &&
294                                            guestDefaultActions.contains(actionId)) {
295    
296                                            rolePersistence.addPermissions(
297                                                    guestRole.getRoleId(), permissions);
298                                    }
299    
300                                    if (ownerRole != null) {
301                                            rolePersistence.addPermissions(
302                                                    ownerRole.getRoleId(), permissions);
303                                    }
304    
305                                    if ((siteMemberRole != null) &&
306                                            groupDefaultActions.contains(actionId)) {
307    
308                                            rolePersistence.addPermissions(
309                                                    siteMemberRole.getRoleId(), permissions);
310                                    }
311    
312                                    for (Resource resource : resources) {
313                                            SearchEngineUtil.updatePermissionFields(
314                                                    resource.getResourceId());
315                                    }
316                            }
317                    }
318    
319                    PermissionCacheUtil.clearCache();
320            }
321    
322            /**
323             * Returns the IDs of all the actions belonging to the permissions.
324             *
325             * @param  permissions the permissions
326             * @return the IDs of all the actions belonging to the permissions
327             */
328            public List<String> getActions(List<Permission> permissions) {
329                    List<String> actionIds = new ArrayList<String>();
330    
331                    Iterator<Permission> itr = permissions.iterator();
332    
333                    while (itr.hasNext()) {
334                            Permission permission = itr.next();
335    
336                            actionIds.add(permission.getActionId());
337                    }
338    
339                    return actionIds;
340            }
341    
342            /**
343             * Returns all the group's permissions on the resource.
344             *
345             * @param  groupId the primary key of the group
346             * @param  resourceId the primary key of the resource
347             * @return the group's permissions on the resource
348             * @throws SystemException if a system exception occurred
349             */
350            public List<Permission> getGroupPermissions(long groupId, long resourceId)
351                    throws SystemException {
352    
353                    return permissionFinder.findByG_R(groupId, resourceId);
354            }
355    
356            /**
357             * Returns all the group's permissions on the named resource with the scope
358             * and primKey.
359             *
360             * @param  groupId the primary key of the group
361             * @param  companyId the primary key of the company
362             * @param  name the resource name
363             * @param  scope the resource scope
364             * @param  primKey the resource primKey
365             * @return the group's permissions on the named resource with the scope and
366             *         primKey
367             * @throws SystemException if a system exception occurred
368             */
369            public List<Permission> getGroupPermissions(
370                            long groupId, long companyId, String name, int scope,
371                            String primKey)
372                    throws SystemException {
373    
374                    return permissionFinder.findByG_C_N_S_P(
375                            groupId, companyId, name, scope, primKey);
376            }
377    
378            /**
379             * Returns the primary key of the latest permission created.
380             *
381             * @return the primary key of the latest permission created
382             * @throws SystemException if a system exception occurred
383             */
384            public long getLatestPermissionId() throws SystemException {
385                    List<Permission> permissions = permissionPersistence.findAll(
386                            0, 1, new PermissionComparator());
387    
388                    if (permissions.size() == 0) {
389                            return 0;
390                    }
391                    else {
392                            Permission permission = permissions.get(0);
393    
394                            return permission.getPermissionId();
395                    }
396            }
397    
398            /**
399             * Returns all the permissions of the organization's group with respect to
400             * the resource.
401             *
402             * @param  organizationId the primary key of the organization
403             * @param  groupId the primary key of the group
404             * @param  resourceId the primary key of the resource
405             * @return the permissions of the organization's group with respect to the
406             *         resource
407             * @throws SystemException if a system exception occurred
408             */
409            public List<Permission> getOrgGroupPermissions(
410                            long organizationId, long groupId, long resourceId)
411                    throws SystemException {
412    
413                    return permissionFinder.findByO_G_R(
414                            organizationId, groupId, resourceId);
415            }
416    
417            /**
418             * Returns all the permissions to perform the actions on the resource,
419             * creating new permissions for any permissions not found.
420             *
421             * @param  companyId the primary key of the company
422             * @param  actionIds the primary keys of the actions
423             * @param  resourceId the primary key of the resource
424             * @return the permissions to perform the actions on the resource
425             * @throws SystemException if a system exception occurred
426             * @see    #addPermission(long, String, long)
427             */
428            public List<Permission> getPermissions(
429                            long companyId, String[] actionIds, long resourceId)
430                    throws SystemException {
431    
432                    List<Permission> permissions = new ArrayList<Permission>();
433    
434                    for (String actionId : actionIds) {
435                            Permission permission = addPermission(
436                                    companyId, actionId, resourceId);
437    
438                            permissions.add(permission);
439                    }
440    
441                    return permissions;
442            }
443    
444            /**
445             * Returns all the role's permissions.
446             *
447             * @param  roleId the primary key of the role
448             * @return the role's permissions
449             * @throws SystemException if a system exception occurred
450             */
451            public List<Permission> getRolePermissions(long roleId)
452                    throws SystemException {
453    
454                    return rolePersistence.getPermissions(roleId);
455            }
456    
457            public List<Permission> getRolePermissions(long roleId, int[] scopes)
458                    throws SystemException {
459    
460                    return permissionFinder.findByR_S(roleId, scopes);
461            }
462    
463            /**
464             * Returns all the role's permissions on the resource.
465             *
466             * @param  roleId the primary key of the role
467             * @param  resourceId the primary key of the resource
468             * @return the role's permissions on the resource
469             * @throws SystemException if a system exception occurred
470             */
471            public List<Permission> getRolePermissions(long roleId, long resourceId)
472                    throws SystemException {
473    
474                    return permissionFinder.findByR_R(roleId, resourceId);
475            }
476    
477            /**
478             * Returns all the user's permissions.
479             *
480             * @param  userId the primary key of the user
481             * @return the user's permissions
482             * @throws SystemException if a system exception occurred
483             */
484            public List<Permission> getUserPermissions(long userId)
485                    throws SystemException {
486    
487                    return userPersistence.getPermissions(userId);
488            }
489    
490            /**
491             * Returns all the user's permissions on the resource.
492             *
493             * @param  userId the primary key of the user
494             * @param  resourceId the primary key of the resource
495             * @return the user's permissions on the resource
496             * @throws SystemException if a system exception occurred
497             */
498            public List<Permission> getUserPermissions(long userId, long resourceId)
499                    throws SystemException {
500    
501                    return permissionFinder.findByU_R(userId, resourceId);
502            }
503    
504            /**
505             * Returns all the user's permissions on the named resource with the scope
506             * and primKey.
507             *
508             * @param  userId the primary key of the user
509             * @param  companyId the primary key of the company
510             * @param  name the resource name
511             * @param  scope the resource scope
512             * @param  primKey the resource primKey
513             * @return the user permissions of the resource name, scope, and primKey
514             * @throws SystemException if a system exception occurred
515             */
516            public List<Permission> getUserPermissions(
517                            long userId, long companyId, String name, int scope, String primKey)
518                    throws SystemException {
519    
520                    return permissionFinder.findByU_C_N_S_P(
521                            userId, companyId, name, scope, primKey);
522            }
523    
524            /**
525             * Returns <code>true</code> if the group has permission to perform the
526             * action on the resource.
527             *
528             * @param  groupId the primary key of the group
529             * @param  actionId the action's ID
530             * @param  resourceId the primary key of the resource
531             * @return <code>true</code> if the group has permission to perform the
532             *         action on the resource; <code>false</code> otherwise
533             * @throws SystemException if a system exception occurred
534             */
535            public boolean hasGroupPermission(
536                            long groupId, String actionId, long resourceId)
537                    throws SystemException {
538    
539                    Permission permission = permissionPersistence.fetchByA_R(
540                            actionId, resourceId);
541    
542                    // Return false if there is no permission based on the given action
543                    // id and resource id
544    
545                    if (permission == null) {
546                            return false;
547                    }
548    
549                    return groupPersistence.containsPermission(
550                            groupId, permission.getPermissionId());
551            }
552    
553            /**
554             * Returns <code>true</code> if the role has permission to perform the
555             * action on the named resource with the scope.
556             *
557             * @param  roleId the primary key of the role
558             * @param  companyId the primary key of the company
559             * @param  name the resource name
560             * @param  scope the resource scope
561             * @param  actionId the action's ID
562             * @return <code>true</code> if the role has permission to perform the
563             *         action on the named resource with the scope; <code>false</code>
564             *         otherwise
565             * @throws SystemException if a system exception occurred
566             */
567            public boolean hasRolePermission(
568                            long roleId, long companyId, String name, int scope,
569                            String actionId)
570                    throws SystemException {
571    
572                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
573                            companyId, name, scope);
574    
575                    if (permissionFinder.countByR_A_C(
576                                    roleId, actionId, resourceCode.getCodeId()) > 0) {
577    
578                            return true;
579                    }
580                    else {
581                            return false;
582                    }
583            }
584    
585            /**
586             * Returns <code>true</code> if the role has permission to perform the
587             * action on the named resource with the scope and primKey.
588             *
589             * @param  roleId the primary key of the role
590             * @param  companyId the primary key of the company
591             * @param  name the resource name
592             * @param  scope the resource scope
593             * @param  primKey the resource primKey
594             * @param  actionId the action's ID
595             * @return <code>true</code> if the role has permission to perform the
596             *         action on the named resource with the scope and primKey;
597             *         <code>false</code> otherwise
598             * @throws SystemException if a system exception occurred
599             */
600            public boolean hasRolePermission(
601                            long roleId, long companyId, String name, int scope, String primKey,
602                            String actionId)
603                    throws SystemException {
604    
605                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
606                            companyId, name, scope);
607    
608                    Resource resource = resourcePersistence.fetchByC_P(
609                            resourceCode.getCodeId(), primKey);
610    
611                    if (resource == null) {
612                            return false;
613                    }
614    
615                    Permission permission = permissionPersistence.fetchByA_R(
616                            actionId, resource.getResourceId());
617    
618                    if (permission == null) {
619                            return false;
620                    }
621    
622                    return rolePersistence.containsPermission(
623                            roleId, permission.getPermissionId());
624            }
625    
626            /**
627             * Returns <code>true</code> if the user has permission to perform the
628             * action on the resource.
629             *
630             * @param  userId the primary key of the user
631             * @param  actionId the action's ID
632             * @param  resourceId the primary key of the resource
633             * @return <code>true</code> if the user has permission to perform the
634             *         action on the resource; <code>false</code> otherwise
635             * @throws SystemException if a system exception occurred
636             */
637            public boolean hasUserPermission(
638                            long userId, String actionId, long resourceId)
639                    throws SystemException {
640    
641                    Permission permission = permissionPersistence.fetchByA_R(
642                            actionId, resourceId);
643    
644                    // Return false if there is no permission based on the given action
645                    // id and resource id
646    
647                    if (permission == null) {
648                            return false;
649                    }
650    
651                    return userPersistence.containsPermission(
652                            userId, permission.getPermissionId());
653            }
654    
655            /**
656             * Returns <code>true</code> if the user has permission to perform the
657             * action on the resources.
658             *
659             * <p>
660             * This method does not support resources managed by the resource block
661             * system.
662             * </p>
663             *
664             * @param  userId the primary key of the user
665             * @param  groupId the primary key of the group containing the resource
666             * @param  resources representations of the resource at each scope level
667             *         returned by {@link
668             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
669             *         long, long, String, String, String)}
670             * @param  actionId the action's ID
671             * @param  permissionCheckerBag the permission checker bag
672             * @return <code>true</code> if the user has permission to perform the
673             *         action on the resources; <code>false</code> otherwise
674             * @throws PortalException if a resource action based on any one of the
675             *         resources and the action ID could not be found
676             * @throws SystemException if a system exception occurred
677             */
678            public boolean hasUserPermissions(
679                            long userId, long groupId, List<Resource> resources,
680                            String actionId, PermissionCheckerBag permissionCheckerBag)
681                    throws PortalException, SystemException {
682    
683                    StopWatch stopWatch = null;
684    
685                    if (_log.isDebugEnabled()) {
686                            stopWatch = new StopWatch();
687    
688                            stopWatch.start();
689                    }
690    
691                    int block = 1;
692    
693                    // Return false if there are no resources
694    
695                    if (Validator.isNull(actionId) || resources.isEmpty()) {
696                            return false;
697                    }
698    
699                    long[] resourceIds = null;
700    
701                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
702                            resourceIds = new long[resources.size()];
703    
704                            for (int i = 0; i < resources.size(); i++) {
705                                    Resource resource = resources.get(i);
706    
707                                    resourceIds[i] = resource.getResourceId();
708                            }
709                    }
710    
711                    List<Permission> permissions = null;
712    
713                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
714                            permissions = permissionFinder.findByA_R(actionId, resourceIds);
715    
716                            // Return false if there are no permissions
717    
718                            if (permissions.size() == 0) {
719                                    return false;
720                            }
721                    }
722    
723                    // Record logs with the first resource id
724    
725                    long resourceId = 0;
726    
727                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
728                            resourceId = resourceIds[0];
729                    }
730                    else {
731                            resourceId = resources.get(0).getResourceId();
732                    }
733    
734                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
735    
736                    //List<Group> userGroups = permissionCheckerBag.getUserGroups();
737                    //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
738                    //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
739                    //List<Group> userUserGroupGroups =
740                    //        permissionCheckerBag.getUserUserGroupGroups();
741                    List<Group> groups = permissionCheckerBag.getGroups();
742                    List<Role> roles = permissionCheckerBag.getRoles();
743    
744                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
745    
746                    // Check the organization and group intersection table. Break out of
747                    // this method if the user has one of the permissions set at the
748                    // intersection because that takes priority.
749    
750                    //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
751                    //        return true;
752                    //}
753    
754                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
755    
756                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
757                            return hasUserPermissions_1(
758                                    userId, resourceId, actionId, permissions, groups, groupId,
759                                    stopWatch, block);
760                    }
761                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
762                            return hasUserPermissions_2(
763                                    userId, resourceId, actionId, permissions, groups, groupId,
764                                    stopWatch, block);
765                    }
766                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
767                            return hasUserPermissions_3(
768                                    userId, resourceId, actionId, permissions, groups, roles,
769                                    stopWatch, block);
770                    }
771                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
772                            return hasUserPermissions_4(
773                                    userId, resourceId, actionId, permissions, groups, roles,
774                                    stopWatch, block);
775                    }
776                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
777                            return hasUserPermissions_5(
778                                    userId, resourceId, actionId, permissions, roles, stopWatch,
779                                    block);
780                    }
781                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
782                            return hasUserPermissions_6(
783                                    userId, resourceId, resources, actionId,
784                                    permissionCheckerBag.getRoleIds(), stopWatch, block);
785                    }
786    
787                    return false;
788            }
789    
790            /**
791             * Sets the container wide permissions of either the role or the default
792             * user of each company to perform the actions on the named resource.
793             *
794             * @param  name the resource name
795             * @param  roleName the role name. Supported role names include {@link
796             *         com.liferay.portal.model.RoleConstants#ORGANIZATION_USER}, {@link
797             *         com.liferay.portal.model.RoleConstants#OWNER}, and {@link
798             *         com.liferay.portal.model.RoleConstants#SITE_MEMBER}.
799             * @param  actionId the action's ID
800             * @throws PortalException if a matching role could not be found or if a
801             *         default user for the company could not be found
802             * @throws SystemException if a system exception occurred
803             */
804            public void setContainerResourcePermissions(
805                            String name, String roleName, String actionId)
806                    throws PortalException, SystemException {
807    
808                    List<Company> companies = companyPersistence.findAll();
809    
810                    for (Company company : companies) {
811                            setContainerResourcePermissions(
812                                    company.getCompanyId(), name, roleName, actionId);
813                    }
814            }
815    
816            /**
817             * Sets the group's permissions to perform the actions on the resource,
818             * replacing the group's existing permissions on the resource.
819             *
820             * @param  groupId the primary key of the group
821             * @param  actionIds the primary keys of the actions
822             * @param  resourceId the primary key of the resource
823             * @throws PortalException if a group with the primary key could not be
824             *         found
825             * @throws SystemException if a system exception occurred
826             */
827            public void setGroupPermissions(
828                            long groupId, String[] actionIds, long resourceId)
829                    throws PortalException, SystemException {
830    
831                    Group group = groupPersistence.findByPrimaryKey(groupId);
832    
833                    List<Permission> permissions = permissionFinder.findByG_R(
834                            groupId, resourceId);
835    
836                    for (Permission permission : permissions) {
837                            groupPersistence.removePermission(groupId, permission);
838                    }
839    
840                    permissions = getPermissions(
841                            group.getCompanyId(), actionIds, resourceId);
842    
843                    groupPersistence.addPermissions(groupId, permissions);
844    
845                    PermissionCacheUtil.clearCache();
846            }
847    
848            /**
849             * Sets the entity's group permissions to perform the actions on the
850             * resource, replacing the entity's existing group permissions on the
851             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
852             * com.liferay.portal.model.UserGroup} class entities are supported.
853             *
854             * @param  className the class name of an organization or user group
855             * @param  classPK the primary key of the class
856             * @param  groupId the primary key of the group
857             * @param  actionIds the primary keys of the actions
858             * @param  resourceId the primary key of the resource
859             * @throws PortalException if an entity with the class name and primary key
860             *         could not be found or if the entity's associated group could not
861             *         be found
862             * @throws SystemException if a system exception occurred
863             */
864            public void setGroupPermissions(
865                            String className, String classPK, long groupId, String[] actionIds,
866                            long resourceId)
867                    throws PortalException, SystemException {
868    
869                    long associatedGroupId = 0;
870    
871                    if (className.equals(Organization.class.getName())) {
872                            long organizationId = GetterUtil.getLong(classPK);
873    
874                            Organization organization =
875                                    organizationPersistence.findByPrimaryKey(organizationId);
876    
877                            orgGroupPermissionFinder.removeByO_G_R(
878                                    organizationId, groupId, resourceId);
879    
880                            associatedGroupId = organization.getGroup().getGroupId();
881                    }
882                    else if (className.equals(UserGroup.class.getName())) {
883                            long userGroupId = GetterUtil.getLong(classPK);
884    
885                            UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
886                                    userGroupId);
887    
888                            associatedGroupId = userGroup.getGroup().getGroupId();
889                    }
890    
891                    setGroupPermissions(associatedGroupId, actionIds, resourceId);
892            }
893    
894            /**
895             * Sets the organization's group permissions to perform the actions on the
896             * resource, replacing the organization's existing group permissions on the
897             * resource.
898             *
899             * @param  organizationId the primary key of the organization
900             * @param  groupId the primary key of the group in which to scope the
901             *         permissions
902             * @param  actionIds the primary keys of the actions
903             * @param  resourceId the primary key of the resource
904             * @throws PortalException if an organization with the primary key could not
905             *         be found
906             * @throws SystemException if a system exception occurred
907             */
908            public void setOrgGroupPermissions(
909                            long organizationId, long groupId, String[] actionIds,
910                            long resourceId)
911                    throws PortalException, SystemException {
912    
913                    Organization organization = organizationPersistence.findByPrimaryKey(
914                            organizationId);
915    
916                    long orgGroupId = organization.getGroup().getGroupId();
917    
918                    List<Permission> permissions = permissionPersistence.findByResourceId(
919                            resourceId);
920    
921                    for (Permission permission : permissions) {
922                            groupPersistence.removePermission(orgGroupId, permission);
923                    }
924    
925                    permissions = getPermissions(
926                            organization.getCompanyId(), actionIds, resourceId);
927    
928                    orgGroupPermissionFinder.removeByO_G_R(
929                            organizationId, groupId, resourceId);
930    
931                    for (Permission permission : permissions) {
932                            OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
933                                    organizationId, groupId, permission.getPermissionId());
934    
935                            OrgGroupPermission orgGroupPermission =
936                                    orgGroupPermissionPersistence.create(pk);
937    
938                            orgGroupPermissionPersistence.update(orgGroupPermission, false);
939                    }
940    
941                    PermissionCacheUtil.clearCache();
942            }
943    
944            /**
945             * Sets the role's permissions to perform the action on the named resource,
946             * replacing the role's existing permissions on the resource.
947             *
948             * @param  roleId the primary key of the role
949             * @param  companyId the primary key of the company
950             * @param  name the resource name
951             * @param  scope the resource scope
952             * @param  primKey the resource primKey
953             * @param  actionId the action's ID
954             * @throws PortalException if the scope was {@link
955             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
956             * @throws SystemException if a system exception occurred
957             */
958            public void setRolePermission(
959                            long roleId, long companyId, String name, int scope, String primKey,
960                            String actionId)
961                    throws PortalException, SystemException {
962    
963                    if (scope == ResourceConstants.SCOPE_COMPANY) {
964    
965                            // Remove group permission
966    
967                            unsetRolePermissions(
968                                    roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
969                                    actionId);
970                    }
971                    else if (scope == ResourceConstants.SCOPE_GROUP) {
972    
973                            // Remove company permission
974    
975                            unsetRolePermissions(
976                                    roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
977                                    actionId);
978                    }
979                    else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
980                            throw new NoSuchPermissionException();
981                    }
982    
983                    Resource resource = resourceLocalService.addResource(
984                            companyId, name, scope, primKey);
985    
986                    long resourceId = resource.getResourceId();
987    
988                    Permission permission = permissionPersistence.fetchByA_R(
989                            actionId, resourceId);
990    
991                    if (permission == null) {
992                            long permissionId = counterLocalService.increment(
993                                    Permission.class.getName());
994    
995                            permission = permissionPersistence.create(permissionId);
996    
997                            permission.setCompanyId(companyId);
998                            permission.setActionId(actionId);
999                            permission.setResourceId(resourceId);
1000    
1001                            permissionPersistence.update(permission, false);
1002                    }
1003    
1004                    rolePersistence.addPermission(roleId, permission);
1005    
1006                    PermissionCacheUtil.clearCache();
1007    
1008                    SearchEngineUtil.updatePermissionFields(resourceId);
1009            }
1010    
1011            /**
1012             * Sets the role's permissions to perform the actions on the named resource,
1013             * replacing the role's existing permission for each of these actions on the
1014             * resource.
1015             *
1016             * @param  roleId the primary key of the role
1017             * @param  companyId the primary key of the company
1018             * @param  name the resource name
1019             * @param  scope the resource scope
1020             * @param  primKey the resource primKey
1021             * @param  actionIds the primary keys of the actions
1022             * @throws PortalException if the scope was {@link
1023             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
1024             * @throws SystemException if a system exception occurred
1025             */
1026            public void setRolePermissions(
1027                            long roleId, long companyId, String name, int scope, String primKey,
1028                            String[] actionIds)
1029                    throws PortalException, SystemException {
1030    
1031                    for (String actionId : actionIds) {
1032                            setRolePermission(
1033                                    roleId, companyId, name, scope, primKey, actionId);
1034                    }
1035            }
1036    
1037            /**
1038             * Sets the role's permissions to perform the actions on the resource,
1039             * replacing the role's existing permissions on the resource.
1040             *
1041             * @param  roleId the primary key of the role
1042             * @param  actionIds the primary keys of the actions
1043             * @param  resourceId the primary key of the resource
1044             * @throws PortalException if a role with the primary key could not be found
1045             * @throws SystemException if a system exception occurred
1046             */
1047            public void setRolePermissions(
1048                            long roleId, String[] actionIds, long resourceId)
1049                    throws PortalException, SystemException {
1050    
1051                    Role role = rolePersistence.findByPrimaryKey(roleId);
1052    
1053                    List<Permission> permissions = permissionFinder.findByR_R(
1054                            roleId, resourceId);
1055    
1056                    rolePersistence.removePermissions(roleId, permissions);
1057    
1058                    permissions = getPermissions(
1059                            role.getCompanyId(), actionIds, resourceId);
1060    
1061                    rolePersistence.addPermissions(roleId, permissions);
1062    
1063                    PermissionCacheUtil.clearCache();
1064    
1065                    SearchEngineUtil.updatePermissionFields(resourceId);
1066            }
1067    
1068            /**
1069             * Sets the permissions of each role to perform respective actions on the
1070             * resource, replacing the existing permissions of each role on the
1071             * resource.
1072             *
1073             * @param  companyId the primary key of the company
1074             * @param  roleIdsToActionIds the map of roles to their new actions on the
1075             *         resource
1076             * @param  resourceId the primary key of the resource
1077             * @throws SystemException if a system exception occurred
1078             */
1079            public void setRolesPermissions(
1080                            long companyId, Map<Long, String[]> roleIdsToActionIds,
1081                            long resourceId)
1082                    throws SystemException {
1083    
1084                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1085    
1086                    PermissionThreadLocal.setIndexEnabled(false);
1087    
1088                    try {
1089                            for (Map.Entry<Long, String[]> entry :
1090                                            roleIdsToActionIds.entrySet()) {
1091    
1092                                    long roleId = entry.getKey();
1093                                    String[] actionIds = entry.getValue();
1094    
1095                                    List<Permission> permissions = permissionFinder.findByR_R(
1096                                            roleId, resourceId);
1097    
1098                                    rolePersistence.removePermissions(roleId, permissions);
1099    
1100                                    permissions = getPermissions(companyId, actionIds, resourceId);
1101    
1102                                    rolePersistence.addPermissions(roleId, permissions);
1103                            }
1104                    }
1105                    finally {
1106                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
1107    
1108                            PermissionCacheUtil.clearCache();
1109    
1110                            SearchEngineUtil.updatePermissionFields(resourceId);
1111                    }
1112            }
1113    
1114            /**
1115             * Sets the permissions of each role to perform respective actions on the
1116             * named resource, replacing the existing permissions of each role on the
1117             * resource.
1118             *
1119             * @param  companyId the primary key of the company
1120             * @param  roleIdsToActionIds the map of roles to their new actions on the
1121             *         resource
1122             * @param  name the resource name
1123             * @param  scope the resource scope
1124             * @param  primKey the resource primKey
1125             * @throws SystemException if a system exception occurred
1126             */
1127            public void setRolesPermissions(
1128                            long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1129                            int scope, String primKey)
1130                    throws SystemException {
1131    
1132                    Resource resource = resourceLocalService.fetchResource(
1133                            companyId, name, scope, String.valueOf(primKey));
1134    
1135                    if (resource == null) {
1136                            resource = resourceLocalService.addResource(
1137                                    companyId, name, scope, String.valueOf(primKey));
1138                    }
1139    
1140                    if (resource == null) {
1141                            return;
1142                    }
1143    
1144                    setRolesPermissions(
1145                            companyId, roleIdsToActionIds, resource.getResourceId());
1146            }
1147    
1148            /**
1149             * Sets the user's permissions to perform the actions on the resource,
1150             * replacing the user's existing permissions on the resource.
1151             *
1152             * @param  userId the primary key of the user
1153             * @param  actionIds the primary keys of the actions
1154             * @param  resourceId the primary key of the resource
1155             * @throws PortalException if a user with the primary key could not be found
1156             * @throws SystemException if a system exception occurred
1157             */
1158            public void setUserPermissions(
1159                            long userId, String[] actionIds, long resourceId)
1160                    throws PortalException, SystemException {
1161    
1162                    User user = userPersistence.findByPrimaryKey(userId);
1163    
1164                    List<Permission> permissions = permissionFinder.findByU_R(
1165                            userId, resourceId);
1166    
1167                    userPersistence.removePermissions(userId, permissions);
1168    
1169                    permissions = getPermissions(
1170                            user.getCompanyId(), actionIds, resourceId);
1171    
1172                    userPersistence.addPermissions(userId, permissions);
1173    
1174                    PermissionCacheUtil.clearCache();
1175            }
1176    
1177            /**
1178             * Removes the permission from the role.
1179             *
1180             * @param  roleId the primary key of the role
1181             * @param  permissionId the primary key of the permission
1182             * @throws SystemException if a system exception occurred
1183             */
1184            public void unsetRolePermission(long roleId, long permissionId)
1185                    throws SystemException {
1186    
1187                    Permission permission = permissionPersistence.fetchByPrimaryKey(
1188                            permissionId);
1189    
1190                    if (permission != null) {
1191                            rolePersistence.removePermission(roleId, permission);
1192                    }
1193    
1194                    PermissionCacheUtil.clearCache();
1195            }
1196    
1197            /**
1198             * Removes the role's permissions to perform the action on the named
1199             * resource with the scope and primKey.
1200             *
1201             * @param  roleId the primary key of the role
1202             * @param  companyId the primary key of the company
1203             * @param  name the resource name
1204             * @param  scope the resource scope
1205             * @param  primKey the resource primKey
1206             * @param  actionId the action's ID
1207             * @throws SystemException if a system exception occurred
1208             */
1209            public void unsetRolePermission(
1210                            long roleId, long companyId, String name, int scope, String primKey,
1211                            String actionId)
1212                    throws SystemException {
1213    
1214                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1215                            companyId, name, scope);
1216    
1217                    Resource resource = resourcePersistence.fetchByC_P(
1218                            resourceCode.getCodeId(), primKey);
1219    
1220                    if (resource != null) {
1221                            Permission permission = permissionPersistence.fetchByA_R(
1222                                    actionId, resource.getResourceId());
1223    
1224                            if (permission != null) {
1225                                    rolePersistence.removePermission(roleId, permission);
1226                            }
1227                    }
1228    
1229                    PermissionCacheUtil.clearCache();
1230            }
1231    
1232            /**
1233             * Removes the role's permissions to perform the action on the named
1234             * resource.
1235             *
1236             * @param  roleId the primary key of the role
1237             * @param  companyId the primary key of the company
1238             * @param  name the resource name
1239             * @param  scope the resource scope
1240             * @param  actionId the action's ID
1241             * @throws SystemException if a system exception occurred
1242             */
1243            public void unsetRolePermissions(
1244                            long roleId, long companyId, String name, int scope,
1245                            String actionId)
1246                    throws SystemException {
1247    
1248                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1249                            companyId, name, scope);
1250    
1251                    List<Permission> permissions = permissionFinder.findByA_C(
1252                            actionId, resourceCode.getCodeId());
1253    
1254                    for (Permission permission : permissions) {
1255                            rolePersistence.removePermission(roleId, permission);
1256                    }
1257    
1258                    PermissionCacheUtil.clearCache();
1259            }
1260    
1261            /**
1262             * Removes the user's permissions to perform the actions on the resource.
1263             *
1264             * @param  userId the primary key of the user
1265             * @param  actionIds the primary keys of the actions
1266             * @param  resourceId the primary key of the resource
1267             * @throws SystemException if a system exception occurred
1268             */
1269            public void unsetUserPermissions(
1270                            long userId, String[] actionIds, long resourceId)
1271                    throws SystemException {
1272    
1273                    List<Permission> permissions = permissionFinder.findByU_A_R(
1274                            userId, actionIds, resourceId);
1275    
1276                    userPersistence.removePermissions(userId, permissions);
1277    
1278                    PermissionCacheUtil.clearCache();
1279            }
1280    
1281            protected boolean checkOrgGroupPermission(
1282                            List<Organization> organizations, List<Group> groups,
1283                            List<Permission> permissions)
1284                    throws PortalException, SystemException {
1285    
1286                    for (Permission permission : permissions) {
1287                            if (checkOrgGroupPermission(organizations, groups, permission)) {
1288                                    return true;
1289                            }
1290                    }
1291    
1292                    return false;
1293            }
1294    
1295            protected boolean checkOrgGroupPermission(
1296                            List<Organization> organizations, List<Group> groups,
1297                            Permission permission)
1298                    throws PortalException, SystemException {
1299    
1300                    // Do not check for an OrgGroupPermission intersection unless there is
1301                    // at least one organization and one group to check
1302    
1303                    if ((organizations.size() == 0) || (groups.size() == 0)) {
1304                            return false;
1305                    }
1306    
1307                    // Do not check unless the OrgGroupPermission intersection contains at
1308                    // least one permission
1309    
1310                    List<OrgGroupPermission> orgGroupPermissions =
1311                            orgGroupPermissionPersistence.findByPermissionId(
1312                                    permission.getPermissionId());
1313    
1314                    if (orgGroupPermissions.size() == 0) {
1315                            return false;
1316                    }
1317    
1318                    for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1319                            if (orgGroupPermission.containsOrganization(organizations) &&
1320                                    orgGroupPermission.containsGroup(groups)) {
1321    
1322                                    return true;
1323                            }
1324                    }
1325    
1326                    // Throw an exception so that we do not continue checking permissions.
1327                    // The user has a specific permission given in the OrgGroupPermission
1328                    // intersection that prohibits him from going further.
1329    
1330                    throw new NoSuchPermissionException(
1331                            "User has a permission in OrgGroupPermission that does not match");
1332            }
1333    
1334            protected boolean hasUserPermissions_1(
1335                            long userId, long resourceId, String actionId,
1336                            List<Permission> permissions, List<Group> groups, long groupId,
1337                            StopWatch stopWatch, int block)
1338                    throws SystemException {
1339    
1340                    // Is the user connected to one of the permissions via group or
1341                    // organization roles?
1342    
1343                    if (groups.size() > 0) {
1344                            if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1345                                    return true;
1346                            }
1347                    }
1348    
1349                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1350    
1351                    // Is the user associated with groups or organizations that are directly
1352                    // connected to one of the permissions?
1353    
1354                    if (groups.size() > 0) {
1355                            if (permissionFinder.countByGroupsPermissions(
1356                                            permissions, groups) > 0) {
1357    
1358                                    return true;
1359                            }
1360                    }
1361    
1362                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1363    
1364                    // Is the user connected to one of the permissions via user roles?
1365    
1366                    if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1367                            return true;
1368                    }
1369    
1370                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1371    
1372                    // Is the user connected to one of the permissions via user group roles?
1373    
1374                    if (permissionFinder.countByUserGroupRole(
1375                                    permissions, userId, groupId) > 0) {
1376    
1377                            return true;
1378                    }
1379    
1380                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1381    
1382                    // Is the user directly connected to one of the permissions?
1383    
1384                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1385                            return true;
1386                    }
1387    
1388                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1389    
1390                    return false;
1391            }
1392    
1393            protected boolean hasUserPermissions_2(
1394                            long userId, long resourceId, String actionId,
1395                            List<Permission> permissions, List<Group> groups, long groupId,
1396                            StopWatch stopWatch, int block)
1397                    throws SystemException {
1398    
1399                    // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
1400                    // countByUserGroupRole, and countByUsersPermissions in one method
1401    
1402                    if (permissionFinder.containsPermissions_2(
1403                                    permissions, userId, groups, groupId)) {
1404    
1405                            return true;
1406                    }
1407    
1408                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1409    
1410                    return false;
1411            }
1412    
1413            protected boolean hasUserPermissions_3(
1414                            long userId, long resourceId, String actionId,
1415                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1416                            StopWatch stopWatch, int block)
1417                    throws SystemException {
1418    
1419                    // Is the user associated with groups or organizations that are directly
1420                    // connected to one of the permissions?
1421    
1422                    if (groups.size() > 0) {
1423                            if (permissionFinder.countByGroupsPermissions(
1424                                            permissions, groups) > 0) {
1425    
1426                                    return true;
1427                            }
1428                    }
1429    
1430                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1431    
1432                    // Is the user associated with a role that is directly connected to one
1433                    // of the permissions?
1434    
1435                    if (roles.size() > 0) {
1436                            if (permissionFinder.countByRolesPermissions(
1437                                            permissions, roles) > 0) {
1438    
1439                                    return true;
1440                            }
1441                    }
1442    
1443                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1444    
1445                    // Is the user directly connected to one of the permissions?
1446    
1447                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1448                            return true;
1449                    }
1450    
1451                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1452    
1453                    return false;
1454            }
1455    
1456            protected boolean hasUserPermissions_4(
1457                            long userId, long resourceId, String actionId,
1458                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1459                            StopWatch stopWatch, int block)
1460                    throws SystemException {
1461    
1462                    // Call countByGroupsPermissions, countByRolesPermissions, and
1463                    // countByUsersPermissions in one method
1464    
1465                    if (permissionFinder.containsPermissions_4(
1466                                    permissions, userId, groups, roles)) {
1467    
1468                            return true;
1469                    }
1470    
1471                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1472    
1473                    return false;
1474            }
1475    
1476            protected boolean hasUserPermissions_5(
1477                            long userId, long resourceId, String actionId,
1478                            List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1479                            int block)
1480                    throws SystemException {
1481    
1482                    if (roles.size() > 0) {
1483                            if (permissionFinder.countByRolesPermissions(
1484                                            permissions, roles) > 0) {
1485    
1486                                    return true;
1487                            }
1488                    }
1489    
1490                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1491    
1492                    return false;
1493            }
1494    
1495            protected boolean hasUserPermissions_6(
1496                            long userId, long resourceId, List<Resource> resources,
1497                            String actionId, long[] roleIds, StopWatch stopWatch, int block)
1498                    throws PortalException, SystemException {
1499    
1500                    boolean hasUserPermissions =
1501                            resourcePermissionLocalService.hasResourcePermission(
1502                                    resources, roleIds, actionId);
1503    
1504                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1505    
1506                    return hasUserPermissions;
1507            }
1508    
1509            protected void logHasUserPermissions(
1510                    long userId, long resourceId, String actionId, StopWatch stopWatch,
1511                    int block) {
1512    
1513                    if (!_log.isDebugEnabled()) {
1514                            return;
1515                    }
1516    
1517                    _log.debug(
1518                            "Checking user permissions block " + block + " for " + userId +
1519                                    " " + resourceId + " " + actionId + " takes " +
1520                                            stopWatch.getTime() + " ms");
1521            }
1522    
1523            protected void setContainerResourcePermissions(
1524                            long companyId, String name, String roleName, String actionId)
1525                    throws PortalException, SystemException {
1526    
1527                    ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1528                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1529    
1530                    if (resourceCode == null) {
1531                            return;
1532                    }
1533    
1534                    long classNameId = 0;
1535    
1536                    Role role = rolePersistence.findByC_N(companyId, roleName);
1537    
1538                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
1539                            classNameId = PortalUtil.getClassNameId(Organization.class);
1540                    }
1541                    else if (role.getType() == RoleConstants.TYPE_SITE) {
1542                            classNameId = PortalUtil.getClassNameId(Group.class);
1543                    }
1544    
1545                    List<Resource> resources = resourceFinder.findByContainerResource(
1546                            resourceCode.getCodeId(), classNameId);
1547    
1548                    if (resources.isEmpty()) {
1549                            return;
1550                    }
1551    
1552                    List<Permission> permissions = new ArrayList<Permission>(
1553                            resources.size());
1554    
1555                    for (Resource resource : resources) {
1556                            Permission permission = permissionPersistence.fetchByA_R(
1557                                    actionId, resource.getResourceId());
1558    
1559                            if (permission == null) {
1560                                    long permissionId = counterLocalService.increment(
1561                                            Permission.class.getName());
1562    
1563                                    permission = permissionPersistence.create(permissionId);
1564    
1565                                    permission.setCompanyId(companyId);
1566                                    permission.setActionId(actionId);
1567                                    permission.setResourceId(resource.getResourceId());
1568    
1569                                    permissionPersistence.update(permission, false);
1570                            }
1571    
1572                            permissions.add(permission);
1573                    }
1574    
1575                    if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1576                            !roleName.equals(RoleConstants.GUEST)) {
1577    
1578                            rolePersistence.addPermissions(role.getRoleId(), permissions);
1579                    }
1580                    else {
1581                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
1582    
1583                            userPersistence.addPermissions(defaultUserId, permissions);
1584                    }
1585            }
1586    
1587            private static Log _log = LogFactoryUtil.getLog(
1588                    PermissionLocalServiceImpl.class);
1589    
1590    }