001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.RequiredUserException;
018    import com.liferay.portal.ReservedUserEmailAddressException;
019    import com.liferay.portal.UserEmailAddressException;
020    import com.liferay.portal.UserScreenNameException;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.kernel.exception.SystemException;
023    import com.liferay.portal.kernel.search.Indexer;
024    import com.liferay.portal.kernel.search.IndexerRegistryUtil;
025    import com.liferay.portal.kernel.util.ArrayUtil;
026    import com.liferay.portal.kernel.util.ParamUtil;
027    import com.liferay.portal.kernel.workflow.WorkflowConstants;
028    import com.liferay.portal.kernel.workflow.WorkflowThreadLocal;
029    import com.liferay.portal.model.Address;
030    import com.liferay.portal.model.Company;
031    import com.liferay.portal.model.CompanyConstants;
032    import com.liferay.portal.model.Contact;
033    import com.liferay.portal.model.EmailAddress;
034    import com.liferay.portal.model.Group;
035    import com.liferay.portal.model.GroupConstants;
036    import com.liferay.portal.model.Organization;
037    import com.liferay.portal.model.Phone;
038    import com.liferay.portal.model.Role;
039    import com.liferay.portal.model.User;
040    import com.liferay.portal.model.UserGroup;
041    import com.liferay.portal.model.UserGroupRole;
042    import com.liferay.portal.model.Website;
043    import com.liferay.portal.security.auth.PrincipalException;
044    import com.liferay.portal.security.permission.ActionKeys;
045    import com.liferay.portal.security.permission.PermissionChecker;
046    import com.liferay.portal.service.ServiceContext;
047    import com.liferay.portal.service.base.UserServiceBaseImpl;
048    import com.liferay.portal.service.permission.GroupPermissionUtil;
049    import com.liferay.portal.service.permission.OrganizationPermissionUtil;
050    import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
051    import com.liferay.portal.service.permission.PortalPermissionUtil;
052    import com.liferay.portal.service.permission.RolePermissionUtil;
053    import com.liferay.portal.service.permission.TeamPermissionUtil;
054    import com.liferay.portal.service.permission.UserGroupPermissionUtil;
055    import com.liferay.portal.service.permission.UserGroupRolePermissionUtil;
056    import com.liferay.portal.service.permission.UserPermissionUtil;
057    import com.liferay.portal.util.PropsValues;
058    import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
059    import com.liferay.portlet.usersadmin.util.UsersAdminUtil;
060    
061    import java.util.List;
062    import java.util.Locale;
063    
064    /**
065     * The implementation of the user remote service.
066     *
067     * @author Brian Wing Shun Chan
068     * @author Brian Myunghun Kim
069     * @author Scott Lee
070     * @author Jorge Ferrer
071     * @author Julio Camarero
072     */
073    public class UserServiceImpl extends UserServiceBaseImpl {
074    
075            /**
076             * Adds the users to the group.
077             *
078             * @param  groupId the primary key of the group
079             * @param  userIds the primary keys of the users
080             * @throws PortalException if a group or user with the primary key could not
081             *         be found, or if the user did not have permission to assign group
082             *         members
083             * @throws SystemException if a system exception occurred
084             */
085            public void addGroupUsers(
086                            long groupId, long[] userIds, ServiceContext serviceContext)
087                    throws PortalException, SystemException {
088    
089                    try {
090                            GroupPermissionUtil.check(
091                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
092                    }
093                    catch (PrincipalException pe) {
094    
095                            // Allow any user to join open sites
096    
097                            boolean hasPermission = false;
098    
099                            if (userIds.length == 0) {
100                                    hasPermission = true;
101                            }
102                            else if (userIds.length == 1) {
103                                    User user = getUser();
104    
105                                    if (user.getUserId() == userIds[0]) {
106                                            Group group = groupPersistence.findByPrimaryKey(groupId);
107    
108                                            if (user.getCompanyId() == group.getCompanyId()) {
109                                                    int type = group.getType();
110    
111                                                    if (type == GroupConstants.TYPE_SITE_OPEN) {
112                                                            hasPermission = true;
113                                                    }
114                                            }
115                                    }
116                            }
117    
118                            if (!hasPermission) {
119                                    throw new PrincipalException();
120                            }
121                    }
122    
123                    userLocalService.addGroupUsers(groupId, userIds);
124            }
125    
126            /**
127             * Adds the users to the organization.
128             *
129             * @param  organizationId the primary key of the organization
130             * @param  userIds the primary keys of the users
131             * @throws PortalException if an organization or user with the primary key
132             *         could not be found, if the user did not have permission to assign
133             *         organization members, or if current user did not have an
134             *         organization in common with a given user
135             * @throws SystemException if a system exception occurred
136             */
137            public void addOrganizationUsers(long organizationId, long[] userIds)
138                    throws PortalException, SystemException {
139    
140                    OrganizationPermissionUtil.check(
141                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
142    
143                    validateOrganizationUsers(userIds);
144    
145                    userLocalService.addOrganizationUsers(organizationId, userIds);
146            }
147    
148            /**
149             * Assigns the password policy to the users, removing any other currently
150             * assigned password policies.
151             *
152             * @param  passwordPolicyId the primary key of the password policy
153             * @param  userIds the primary keys of the users
154             * @throws PortalException if the user did not have permission to assign
155             *         policy members
156             * @throws SystemException if a system exception occurred
157             */
158            public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
159                    throws PortalException, SystemException {
160    
161                    PasswordPolicyPermissionUtil.check(
162                            getPermissionChecker(), passwordPolicyId,
163                            ActionKeys.ASSIGN_MEMBERS);
164    
165                    userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
166            }
167    
168            /**
169             * Adds the users to the role.
170             *
171             * @param  roleId the primary key of the role
172             * @param  userIds the primary keys of the users
173             * @throws PortalException if a role or user with the primary key could not
174             *         be found or if the user did not have permission to assign role
175             *         members
176             * @throws SystemException if a system exception occurred
177             */
178            public void addRoleUsers(long roleId, long[] userIds)
179                    throws PortalException, SystemException {
180    
181                    RolePermissionUtil.check(
182                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
183    
184                    userLocalService.addRoleUsers(roleId, userIds);
185            }
186    
187            /**
188             * Adds the users to the team.
189             *
190             * @param  teamId the primary key of the team
191             * @param  userIds the primary keys of the users
192             * @throws PortalException if a team or user with the primary key could not
193             *         be found or if the user did not have permission to assign team
194             *         members
195             * @throws SystemException if a system exception occurred
196             */
197            public void addTeamUsers(long teamId, long[] userIds)
198                    throws PortalException, SystemException {
199    
200                    TeamPermissionUtil.check(
201                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
202    
203                    userLocalService.addTeamUsers(teamId, userIds);
204            }
205    
206            /**
207             * Adds a user.
208             *
209             * <p>
210             * This method handles the creation and bookkeeping of the user including
211             * its resources, metadata, and internal data structures. It is not
212             * necessary to make subsequent calls to any methods to setup default
213             * groups, resources, etc.
214             * </p>
215             *
216             * @param  companyId the primary key of the user's company
217             * @param  autoPassword whether a password should be automatically generated
218             *         for the user
219             * @param  password1 the user's password
220             * @param  password2 the user's password confirmation
221             * @param  autoScreenName whether a screen name should be automatically
222             *         generated for the user
223             * @param  screenName the user's screen name
224             * @param  emailAddress the user's email address
225             * @param  facebookId the user's facebook ID
226             * @param  openId the user's OpenID
227             * @param  locale the user's locale
228             * @param  firstName the user's first name
229             * @param  middleName the user's middle name
230             * @param  lastName the user's last name
231             * @param  prefixId the user's name prefix ID
232             * @param  suffixId the user's name suffix ID
233             * @param  male whether the user is male
234             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
235             *         January)
236             * @param  birthdayDay the user's birthday day
237             * @param  birthdayYear the user's birthday year
238             * @param  jobTitle the user's job title
239             * @param  groupIds the primary keys of the user's groups
240             * @param  organizationIds the primary keys of the user's organizations
241             * @param  roleIds the primary keys of the roles this user possesses
242             * @param  userGroupIds the primary keys of the user's user groups
243             * @param  sendEmail whether to send the user an email notification about
244             *         their new account
245             * @param  serviceContext the user's service context (optionally
246             *         <code>null</code>). Can set the universally unique identifier
247             *         (with the <code>uuid</code> attribute), asset category IDs, asset
248             *         tag names, and expando bridge attributes for the user.
249             * @return the new user
250             * @throws PortalException if the user's information was invalid, if the
251             *         creator did not have permission to add users, or if the email
252             *         address was reserved
253             * @throws SystemException if a system exception occurred
254             */
255            public User addUser(
256                            long companyId, boolean autoPassword, String password1,
257                            String password2, boolean autoScreenName, String screenName,
258                            String emailAddress, long facebookId, String openId, Locale locale,
259                            String firstName, String middleName, String lastName, int prefixId,
260                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
261                            int birthdayYear, String jobTitle, long[] groupIds,
262                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
263                            boolean sendEmail, ServiceContext serviceContext)
264                    throws PortalException, SystemException {
265    
266                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
267    
268                    try {
269                            WorkflowThreadLocal.setEnabled(false);
270    
271                            return addUserWithWorkflow(
272                                    companyId, autoPassword, password1, password2, autoScreenName,
273                                    screenName, emailAddress, facebookId, openId, locale, firstName,
274                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
275                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
276                                    roleIds, userGroupIds, sendEmail, serviceContext);
277                    }
278                    finally {
279                            WorkflowThreadLocal.setEnabled(workflowEnabled);
280                    }
281            }
282    
283            /**
284             * Adds a user with additional parameters.
285             *
286             * <p>
287             * This method handles the creation and bookkeeping of the user including
288             * its resources, metadata, and internal data structures. It is not
289             * necessary to make subsequent calls to any methods to setup default
290             * groups, resources, etc.
291             * </p>
292             *
293             * @param  companyId the primary key of the user's company
294             * @param  autoPassword whether a password should be automatically generated
295             *         for the user
296             * @param  password1 the user's password
297             * @param  password2 the user's password confirmation
298             * @param  autoScreenName whether a screen name should be automatically
299             *         generated for the user
300             * @param  screenName the user's screen name
301             * @param  emailAddress the user's email address
302             * @param  facebookId the user's facebook ID
303             * @param  openId the user's OpenID
304             * @param  locale the user's locale
305             * @param  firstName the user's first name
306             * @param  middleName the user's middle name
307             * @param  lastName the user's last name
308             * @param  prefixId the user's name prefix ID
309             * @param  suffixId the user's name suffix ID
310             * @param  male whether the user is male
311             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
312             *         January)
313             * @param  birthdayDay the user's birthday day
314             * @param  birthdayYear the user's birthday year
315             * @param  jobTitle the user's job title
316             * @param  groupIds the primary keys of the user's groups
317             * @param  organizationIds the primary keys of the user's organizations
318             * @param  roleIds the primary keys of the roles this user possesses
319             * @param  userGroupIds the primary keys of the user's user groups
320             * @param  addresses the user's addresses
321             * @param  emailAddresses the user's email addresses
322             * @param  phones the user's phone numbers
323             * @param  websites the user's websites
324             * @param  announcementsDelivers the announcements deliveries
325             * @param  sendEmail whether to send the user an email notification about
326             *         their new account
327             * @param  serviceContext the user's service context (optionally
328             *         <code>null</code>). Can set the universally unique identifier
329             *         (with the <code>uuid</code> attribute), asset category IDs, asset
330             *         tag names, and expando bridge attributes for the user.
331             * @return the new user
332             * @throws PortalException if the user's information was invalid, if the
333             *         creator did not have permission to add users, if the email
334             *         address was reserved, or some other portal exception occurred
335             * @throws SystemException if a system exception occurred
336             */
337            public User addUser(
338                            long companyId, boolean autoPassword, String password1,
339                            String password2, boolean autoScreenName, String screenName,
340                            String emailAddress, long facebookId, String openId, Locale locale,
341                            String firstName, String middleName, String lastName, int prefixId,
342                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
343                            int birthdayYear, String jobTitle, long[] groupIds,
344                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
345                            List<Address> addresses, List<EmailAddress> emailAddresses,
346                            List<Phone> phones, List<Website> websites,
347                            List<AnnouncementsDelivery> announcementsDelivers,
348                            boolean sendEmail, ServiceContext serviceContext)
349                    throws PortalException, SystemException {
350    
351                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
352    
353                    try {
354                            WorkflowThreadLocal.setEnabled(false);
355    
356                            return addUserWithWorkflow(
357                                    companyId, autoPassword, password1, password2, autoScreenName,
358                                    screenName, emailAddress, facebookId, openId, locale, firstName,
359                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
360                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
361                                    roleIds, userGroupIds, addresses, emailAddresses, phones,
362                                    websites, announcementsDelivers, sendEmail, serviceContext);
363                    }
364                    finally {
365                            WorkflowThreadLocal.setEnabled(workflowEnabled);
366                    }
367            }
368    
369            /**
370             * Adds the users to the user group.
371             *
372             * @param  userGroupId the primary key of the user group
373             * @param  userIds the primary keys of the users
374             * @throws PortalException if a user group or user with the primary could
375             *         could not be found, or if the current user did not have
376             *         permission to assign group members
377             * @throws SystemException if a system exception occurred
378             */
379            public void addUserGroupUsers(long userGroupId, long[] userIds)
380                    throws PortalException, SystemException {
381    
382                    UserGroupPermissionUtil.check(
383                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
384    
385                    userLocalService.addUserGroupUsers(userGroupId, userIds);
386            }
387    
388            /**
389             * Adds a user with workflow.
390             *
391             * <p>
392             * This method handles the creation and bookkeeping of the user including
393             * its resources, metadata, and internal data structures. It is not
394             * necessary to make subsequent calls to any methods to setup default
395             * groups, resources, etc.
396             * </p>
397             *
398             * @param  companyId the primary key of the user's company
399             * @param  autoPassword whether a password should be automatically generated
400             *         for the user
401             * @param  password1 the user's password
402             * @param  password2 the user's password confirmation
403             * @param  autoScreenName whether a screen name should be automatically
404             *         generated for the user
405             * @param  screenName the user's screen name
406             * @param  emailAddress the user's email address
407             * @param  facebookId the user's facebook ID
408             * @param  openId the user's OpenID
409             * @param  locale the user's locale
410             * @param  firstName the user's first name
411             * @param  middleName the user's middle name
412             * @param  lastName the user's last name
413             * @param  prefixId the user's name prefix ID
414             * @param  suffixId the user's name suffix ID
415             * @param  male whether the user is male
416             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
417             *         January)
418             * @param  birthdayDay the user's birthday day
419             * @param  birthdayYear the user's birthday year
420             * @param  jobTitle the user's job title
421             * @param  groupIds the primary keys of the user's groups
422             * @param  organizationIds the primary keys of the user's organizations
423             * @param  roleIds the primary keys of the roles this user possesses
424             * @param  userGroupIds the primary keys of the user's user groups
425             * @param  sendEmail whether to send the user an email notification about
426             *         their new account
427             * @param  serviceContext the user's service context (optionally
428             *         <code>null</code>). Can set the universally unique identifier
429             *         (with the <code>uuid</code> attribute), asset category IDs, asset
430             *         tag names, and expando bridge attributes for the user.
431             * @return the new user
432             * @throws PortalException if the user's information was invalid, if the
433             *         creator did not have permission to add users, or if the email
434             *         address was reserved
435             * @throws SystemException if a system exception occurred
436             */
437            public User addUserWithWorkflow(
438                            long companyId, boolean autoPassword, String password1,
439                            String password2, boolean autoScreenName, String screenName,
440                            String emailAddress, long facebookId, String openId, Locale locale,
441                            String firstName, String middleName, String lastName, int prefixId,
442                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
443                            int birthdayYear, String jobTitle, long[] groupIds,
444                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
445                            boolean sendEmail, ServiceContext serviceContext)
446                    throws PortalException, SystemException {
447    
448                    long creatorUserId = 0;
449    
450                    try {
451                            creatorUserId = getGuestOrUserId();
452                    }
453                    catch (PrincipalException pe) {
454                    }
455    
456                    checkAddUserPermission(
457                            creatorUserId, companyId, emailAddress, groupIds, organizationIds,
458                            roleIds, userGroupIds, serviceContext);
459    
460                    return userLocalService.addUserWithWorkflow(
461                            creatorUserId, companyId, autoPassword, password1, password2,
462                            autoScreenName, screenName, emailAddress, facebookId, openId,
463                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
464                            birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
465                            organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
466            }
467    
468            /**
469             * Adds a user with workflow and additional parameters.
470             *
471             * <p>
472             * This method handles the creation and bookkeeping of the user including
473             * its resources, metadata, and internal data structures. It is not
474             * necessary to make subsequent calls to any methods to setup default
475             * groups, resources, etc.
476             * </p>
477             *
478             * @param  companyId the primary key of the user's company
479             * @param  autoPassword whether a password should be automatically generated
480             *         for the user
481             * @param  password1 the user's password
482             * @param  password2 the user's password confirmation
483             * @param  autoScreenName whether a screen name should be automatically
484             *         generated for the user
485             * @param  screenName the user's screen name
486             * @param  emailAddress the user's email address
487             * @param  facebookId the user's facebook ID
488             * @param  openId the user's OpenID
489             * @param  locale the user's locale
490             * @param  firstName the user's first name
491             * @param  middleName the user's middle name
492             * @param  lastName the user's last name
493             * @param  prefixId the user's name prefix ID
494             * @param  suffixId the user's name suffix ID
495             * @param  male whether the user is male
496             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
497             *         January)
498             * @param  birthdayDay the user's birthday day
499             * @param  birthdayYear the user's birthday year
500             * @param  jobTitle the user's job title
501             * @param  groupIds the primary keys of the user's groups
502             * @param  organizationIds the primary keys of the user's organizations
503             * @param  roleIds the primary keys of the roles this user possesses
504             * @param  userGroupIds the primary keys of the user's user groups
505             * @param  addresses the user's addresses
506             * @param  emailAddresses the user's email addresses
507             * @param  phones the user's phone numbers
508             * @param  websites the user's websites
509             * @param  announcementsDelivers the announcements deliveries
510             * @param  sendEmail whether to send the user an email notification about
511             *         their new account
512             * @param  serviceContext the user's service context (optionally
513             *         <code>null</code>). Can set the universally unique identifier
514             *         (with the <code>uuid</code> attribute), asset category IDs, asset
515             *         tag names, and expando bridge attributes for the user.
516             * @return the new user
517             * @throws PortalException if the user's information was invalid, if the
518             *         creator did not have permission to add users, if the email
519             *         address was reserved, or some other portal exception occurred
520             * @throws SystemException if a system exception occurred
521             */
522            public User addUserWithWorkflow(
523                            long companyId, boolean autoPassword, String password1,
524                            String password2, boolean autoScreenName, String screenName,
525                            String emailAddress, long facebookId, String openId, Locale locale,
526                            String firstName, String middleName, String lastName, int prefixId,
527                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
528                            int birthdayYear, String jobTitle, long[] groupIds,
529                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
530                            List<Address> addresses, List<EmailAddress> emailAddresses,
531                            List<Phone> phones, List<Website> websites,
532                            List<AnnouncementsDelivery> announcementsDelivers,
533                            boolean sendEmail, ServiceContext serviceContext)
534                    throws PortalException, SystemException {
535    
536                    boolean indexingEnabled = serviceContext.isIndexingEnabled();
537    
538                    serviceContext.setIndexingEnabled(false);
539    
540                    try {
541                            User user = addUserWithWorkflow(
542                                    companyId, autoPassword, password1, password2, autoScreenName,
543                                    screenName, emailAddress, facebookId, openId, locale, firstName,
544                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
545                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
546                                    roleIds, userGroupIds, sendEmail, serviceContext);
547    
548                            UsersAdminUtil.updateAddresses(
549                                    Contact.class.getName(), user.getContactId(), addresses);
550    
551                            UsersAdminUtil.updateEmailAddresses(
552                                    Contact.class.getName(), user.getContactId(), emailAddresses);
553    
554                            UsersAdminUtil.updatePhones(
555                                    Contact.class.getName(), user.getContactId(), phones);
556    
557                            UsersAdminUtil.updateWebsites(
558                                    Contact.class.getName(), user.getContactId(), websites);
559    
560                            updateAnnouncementsDeliveries(
561                                    user.getUserId(), announcementsDelivers);
562    
563                            if (indexingEnabled) {
564                                    Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(
565                                            User.class);
566    
567                                    indexer.reindex(user);
568                            }
569    
570                            return user;
571                    }
572                    finally {
573                            serviceContext.setIndexingEnabled(indexingEnabled);
574                    }
575            }
576    
577            /**
578             * Deletes the user's portrait image.
579             *
580             * @param  userId the primary key of the user
581             * @throws PortalException if a user with the primary key could not be
582             *         found, if the user's portrait could not be found, or if the
583             *         current user did not have permission to update the user
584             * @throws SystemException if a system exception occurred
585             */
586            public void deletePortrait(long userId)
587                    throws PortalException, SystemException {
588    
589                    UserPermissionUtil.check(
590                            getPermissionChecker(), userId, ActionKeys.UPDATE);
591    
592                    userLocalService.deletePortrait(userId);
593            }
594    
595            /**
596             * Removes the user from the role.
597             *
598             * @param  roleId the primary key of the role
599             * @param  userId the primary key of the user
600             * @throws PortalException if a role or user with the primary key could not
601             *         be found, or if the current user did not have permission to
602             *         assign role members
603             * @throws SystemException if a system exception occurred
604             */
605            public void deleteRoleUser(long roleId, long userId)
606                    throws PortalException, SystemException {
607    
608                    RolePermissionUtil.check(
609                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
610    
611                    userLocalService.deleteRoleUser(roleId, userId);
612            }
613    
614            /**
615             * Deletes the user.
616             *
617             * @param  userId the primary key of the user
618             * @throws PortalException if a user with the primary key could not be found
619             *         or if the current user did not have permission to delete the user
620             * @throws SystemException if a system exception occurred
621             */
622            public void deleteUser(long userId)
623                    throws PortalException, SystemException {
624    
625                    if (getUserId() == userId) {
626                            throw new RequiredUserException();
627                    }
628    
629                    UserPermissionUtil.check(
630                            getPermissionChecker(), userId, ActionKeys.DELETE);
631    
632                    userLocalService.deleteUser(userId);
633            }
634    
635            public List<User> getCompanyUsers(long companyId, int start, int end)
636                    throws PortalException, SystemException {
637    
638                    PermissionChecker permissionChecker = getPermissionChecker();
639    
640                    if (!permissionChecker.isCompanyAdmin(companyId)) {
641                            throw new PrincipalException();
642                    }
643    
644                    return userPersistence.findByCompanyId(companyId, start, end);
645            }
646    
647            public int getCompanyUsersCount(long companyId)
648                    throws PortalException, SystemException {
649    
650                    PermissionChecker permissionChecker = getPermissionChecker();
651    
652                    if (!permissionChecker.isCompanyAdmin(companyId)) {
653                            throw new PrincipalException();
654                    }
655    
656                    return userPersistence.countByCompanyId(companyId);
657            }
658    
659            /**
660             * Returns the primary key of the default user for the company.
661             *
662             * @param  companyId the primary key of the company
663             * @return the primary key of the default user for the company
664             * @throws PortalException if a default user for the company could not be
665             *         found
666             * @throws SystemException if a system exception occurred
667             */
668            public long getDefaultUserId(long companyId)
669                    throws PortalException, SystemException {
670    
671                    return userLocalService.getDefaultUserId(companyId);
672            }
673    
674            /**
675             * Returns the primary keys of all the users belonging to the group.
676             *
677             * @param  groupId the primary key of the group
678             * @return the primary keys of the users belonging to the group
679             * @throws PortalException if the current user did not have permission to
680             *         view group assignments
681             * @throws SystemException if a system exception occurred
682             */
683            public long[] getGroupUserIds(long groupId)
684                    throws PortalException, SystemException {
685    
686                    GroupPermissionUtil.check(
687                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
688    
689                    return userLocalService.getGroupUserIds(groupId);
690            }
691    
692            /**
693             * Returns all the users belonging to the group.
694             *
695             * @param  groupId the primary key of the group
696             * @return the users belonging to the group
697             * @throws PortalException if the current user did not have permission to
698             *         view group assignments
699             * @throws SystemException if a system exception occurred
700             */
701            public List<User> getGroupUsers(long groupId)
702                    throws PortalException, SystemException {
703    
704                    GroupPermissionUtil.check(
705                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
706    
707                    return userLocalService.getGroupUsers(groupId);
708            }
709    
710            /**
711             * Returns the primary keys of all the users belonging to the organization.
712             *
713             * @param  organizationId the primary key of the organization
714             * @return the primary keys of the users belonging to the organization
715             * @throws PortalException if the current user did not have permission to
716             *         view organization assignments
717             * @throws SystemException if a system exception occurred
718             */
719            public long[] getOrganizationUserIds(long organizationId)
720                    throws PortalException, SystemException {
721    
722                    OrganizationPermissionUtil.check(
723                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
724    
725                    return userLocalService.getOrganizationUserIds(organizationId);
726            }
727    
728            /**
729             * Returns all the users belonging to the organization.
730             *
731             * @param  organizationId the primary key of the organization
732             * @return users belonging to the organization
733             * @throws PortalException if the current user did not have permission to
734             *         view organization assignments
735             * @throws SystemException if a system exception occurred
736             */
737            public List<User> getOrganizationUsers(long organizationId)
738                    throws PortalException, SystemException {
739    
740                    OrganizationPermissionUtil.check(
741                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
742    
743                    return userLocalService.getOrganizationUsers(organizationId);
744            }
745    
746            /**
747             * Returns the primary keys of all the users belonging to the role.
748             *
749             * @param  roleId the primary key of the role
750             * @return the primary keys of the users belonging to the role
751             * @throws PortalException if the current user did not have permission to
752             *         view role members
753             * @throws SystemException if a system exception occurred
754             */
755            public long[] getRoleUserIds(long roleId) throws
756                    PortalException, SystemException {
757    
758                    RolePermissionUtil.check(
759                            getPermissionChecker(), roleId, ActionKeys.VIEW);
760    
761                    return userLocalService.getRoleUserIds(roleId);
762            }
763    
764            /**
765             * Returns the user with the email address.
766             *
767             * @param  companyId the primary key of the user's company
768             * @param  emailAddress the user's email address
769             * @return the user with the email address
770             * @throws PortalException if a user with the email address could not be
771             *         found or if the current user did not have permission to view the
772             *         user
773             * @throws SystemException if a system exception occurred
774             */
775            public User getUserByEmailAddress(long companyId, String emailAddress)
776                    throws PortalException, SystemException {
777    
778                    User user = userLocalService.getUserByEmailAddress(
779                            companyId, emailAddress);
780    
781                    UserPermissionUtil.check(
782                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
783    
784                    return user;
785            }
786    
787            /**
788             * Returns the user with the primary key.
789             *
790             * @param  userId the primary key of the user
791             * @return the user with the primary key
792             * @throws PortalException if a user with the primary key could not be found
793             *         or if the current user did not have permission to view the user
794             * @throws SystemException if a system exception occurred
795             */
796            public User getUserById(long userId)
797                    throws PortalException, SystemException {
798    
799                    User user = userPersistence.findByPrimaryKey(userId);
800    
801                    UserPermissionUtil.check(
802                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
803    
804                    return user;
805            }
806    
807            /**
808             * Returns the user with the screen name.
809             *
810             * @param  companyId the primary key of the user's company
811             * @param  screenName the user's screen name
812             * @return the user with the screen name
813             * @throws PortalException if a user with the screen name could not be found
814             *         or if the current user did not have permission to veiw the user
815             * @throws SystemException if a system exception occurred
816             */
817            public User getUserByScreenName(long companyId, String screenName)
818                    throws PortalException, SystemException {
819    
820                    User user = userLocalService.getUserByScreenName(companyId, screenName);
821    
822                    UserPermissionUtil.check(
823                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
824    
825                    return user;
826            }
827    
828            public List<User> getUserGroupUsers(long userGroupId)
829                    throws PortalException, SystemException {
830    
831                    UserGroupPermissionUtil.check(
832                            getPermissionChecker(), userGroupId, ActionKeys.VIEW_MEMBERS);
833    
834                    return userGroupPersistence.getUsers(userGroupId);
835            }
836    
837            /**
838             * Returns the primary key of the user with the email address.
839             *
840             * @param  companyId the primary key of the user's company
841             * @param  emailAddress the user's email address
842             * @return the primary key of the user with the email address
843             * @throws PortalException if a user with the email address could not be
844             *         found
845             * @throws SystemException if a system exception occurred
846             */
847            public long getUserIdByEmailAddress(long companyId, String emailAddress)
848                    throws PortalException, SystemException {
849    
850                    User user = getUserByEmailAddress(companyId, emailAddress);
851    
852                    UserPermissionUtil.check(
853                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
854    
855                    return user.getUserId();
856            }
857    
858            /**
859             * Returns the primary key of the user with the screen name.
860             *
861             * @param  companyId the primary key of the user's company
862             * @param  screenName the user's screen name
863             * @return the primary key of the user with the screen name
864             * @throws PortalException if a user with the screen name could not be found
865             * @throws SystemException if a system exception occurred
866             */
867            public long getUserIdByScreenName(long companyId, String screenName)
868                    throws PortalException, SystemException {
869    
870                    User user = getUserByScreenName(companyId, screenName);
871    
872                    UserPermissionUtil.check(
873                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
874    
875                    return user.getUserId();
876            }
877    
878            /**
879             * Returns <code>true</code> if the user is a member of the group.
880             *
881             * @param  groupId the primary key of the group
882             * @param  userId the primary key of the user
883             * @return <code>true</code> if the user is a member of the group;
884             *         <code>false</code> otherwise
885             * @throws SystemException if a system exception occurred
886             */
887            public boolean hasGroupUser(long groupId, long userId)
888                    throws PortalException, SystemException {
889    
890                    try {
891                            UserPermissionUtil.check(
892                                    getPermissionChecker(), userId, ActionKeys.VIEW);
893                    }
894                    catch (PrincipalException e) {
895                            GroupPermissionUtil.check(
896                                    getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
897                    }
898    
899                    return userLocalService.hasGroupUser(groupId, userId);
900            }
901    
902            /**
903             * Returns <code>true</code> if the user is a member of the role.
904             *
905             * @param  roleId the primary key of the role
906             * @param  userId the primary key of the user
907             * @return <code>true</code> if the user is a member of the role;
908             *         <code>false</code> otherwise
909             * @throws SystemException if a system exception occurred
910             */
911            public boolean hasRoleUser(long roleId, long userId)
912                    throws PortalException, SystemException {
913    
914                    try {
915                            UserPermissionUtil.check(
916                                    getPermissionChecker(), userId, ActionKeys.VIEW);
917                    }
918                    catch (PrincipalException e) {
919                            RolePermissionUtil.check(
920                                    getPermissionChecker(), roleId, ActionKeys.VIEW_MEMBERS);
921                    }
922    
923                    return userLocalService.hasRoleUser(roleId, userId);
924            }
925    
926            /**
927             * Returns <code>true</code> if the user has the role with the name,
928             * optionally through inheritance.
929             *
930             * @param  companyId the primary key of the role's company
931             * @param  name the name of the role (must be a regular role, not an
932             *         organization, site or provider role)
933             * @param  userId the primary key of the user
934             * @param  inherited whether to include roles inherited from organizations,
935             *         sites, etc.
936             * @return <code>true</code> if the user has the role; <code>false</code>
937             *         otherwise
938             * @throws PortalException if a role with the name could not be found
939             * @throws SystemException if a system exception occurred
940             */
941            public boolean hasRoleUser(
942                            long companyId, String name, long userId, boolean inherited)
943                    throws PortalException, SystemException {
944    
945                    try {
946                            UserPermissionUtil.check(
947                                    getPermissionChecker(), userId, ActionKeys.VIEW);
948                    }
949                    catch (PrincipalException e) {
950                            Role role = roleLocalService.getRole(companyId, name);
951    
952                            RolePermissionUtil.check(
953                                    getPermissionChecker(), role.getRoleId(),
954                                    ActionKeys.VIEW_MEMBERS);
955                    }
956    
957                    return userLocalService.hasRoleUser(companyId, name, userId, inherited);
958            }
959    
960            /**
961             * Sets the users in the role, removing and adding users to the role as
962             * necessary.
963             *
964             * @param  roleId the primary key of the role
965             * @param  userIds the primary keys of the users
966             * @throws PortalException if the current user did not have permission to
967             *         assign role members
968             * @throws SystemException if a system exception occurred
969             */
970            public void setRoleUsers(long roleId, long[] userIds)
971                    throws PortalException, SystemException {
972    
973                    RolePermissionUtil.check(
974                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
975    
976                    userLocalService.setRoleUsers(roleId, userIds);
977            }
978    
979            /**
980             * Sets the users in the user group, removing and adding users to the user
981             * group as necessary.
982             *
983             * @param  userGroupId the primary key of the user group
984             * @param  userIds the primary keys of the users
985             * @throws PortalException if the current user did not have permission to
986             *         assign group members
987             * @throws SystemException if a system exception occurred
988             */
989            public void setUserGroupUsers(long userGroupId, long[] userIds)
990                    throws PortalException, SystemException {
991    
992                    UserGroupPermissionUtil.check(
993                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
994    
995                    userLocalService.setUserGroupUsers(userGroupId, userIds);
996            }
997    
998            /**
999             * Removes the users from the teams of a group.
1000             *
1001             * @param  groupId the primary key of the group
1002             * @param  userIds the primary keys of the users
1003             * @throws PortalException if the current user did not have permission to
1004             *         modify user group assignments
1005             * @throws SystemException if a system exception occurred
1006             */
1007            public void unsetGroupTeamsUsers(long groupId, long[] userIds)
1008                    throws PortalException, SystemException {
1009    
1010                    UserGroupPermissionUtil.check(
1011                            getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1012    
1013                    userLocalService.unsetGroupTeamsUsers(groupId, userIds);
1014            }
1015    
1016            /**
1017             * Removes the users from the group.
1018             *
1019             * @param  groupId the primary key of the group
1020             * @param  userIds the primary keys of the users
1021             * @throws PortalException if the current user did not have permission to
1022             *         modify group assignments
1023             * @throws SystemException if a system exception occurred
1024             */
1025            public void unsetGroupUsers(
1026                            long groupId, long[] userIds, ServiceContext serviceContext)
1027                    throws PortalException, SystemException {
1028    
1029                    try {
1030                            GroupPermissionUtil.check(
1031                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1032                    }
1033                    catch (PrincipalException pe) {
1034    
1035                            // Allow any user to leave open and restricted sites
1036    
1037                            boolean hasPermission = false;
1038    
1039                            if (userIds.length == 0) {
1040                                    hasPermission = true;
1041                            }
1042                            else if (userIds.length == 1) {
1043                                    User user = getUser();
1044    
1045                                    if (user.getUserId() == userIds[0]) {
1046                                            Group group = groupPersistence.findByPrimaryKey(groupId);
1047    
1048                                            if (user.getCompanyId() == group.getCompanyId()) {
1049                                                    int type = group.getType();
1050    
1051                                                    if ((type == GroupConstants.TYPE_SITE_OPEN) ||
1052                                                            (type == GroupConstants.TYPE_SITE_RESTRICTED)) {
1053    
1054                                                            hasPermission = true;
1055                                                    }
1056                                            }
1057                                    }
1058                            }
1059    
1060                            if (!hasPermission) {
1061                                    throw new PrincipalException();
1062                            }
1063                    }
1064    
1065                    userLocalService.unsetGroupUsers(groupId, userIds, serviceContext);
1066            }
1067    
1068            /**
1069             * Removes the users from the organization.
1070             *
1071             * @param  organizationId the primary key of the organization
1072             * @param  userIds the primary keys of the users
1073             * @throws PortalException if the current user did not have permission to
1074             *         modify organization assignments
1075             * @throws SystemException if a system exception occurred
1076             */
1077            public void unsetOrganizationUsers(long organizationId, long[] userIds)
1078                    throws PortalException, SystemException {
1079    
1080                    OrganizationPermissionUtil.check(
1081                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
1082    
1083                    userLocalService.unsetOrganizationUsers(organizationId, userIds);
1084            }
1085    
1086            /**
1087             * Removes the users from the password policy.
1088             *
1089             * @param  passwordPolicyId the primary key of the password policy
1090             * @param  userIds the primary keys of the users
1091             * @throws PortalException if the current user did not have permission to
1092             *         modify policy assignments
1093             * @throws SystemException if a system exception occurred
1094             */
1095            public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
1096                    throws PortalException, SystemException {
1097    
1098                    PasswordPolicyPermissionUtil.check(
1099                            getPermissionChecker(), passwordPolicyId,
1100                            ActionKeys.ASSIGN_MEMBERS);
1101    
1102                    userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
1103            }
1104    
1105            /**
1106             * Removes the users from the role.
1107             *
1108             * @param  roleId the primary key of the role
1109             * @param  userIds the primary keys of the users
1110             * @throws PortalException if the current user did not have permission to
1111             *         modify role assignments
1112             * @throws SystemException if a system exception occurred
1113             */
1114            public void unsetRoleUsers(long roleId, long[] userIds)
1115                    throws PortalException, SystemException {
1116    
1117                    RolePermissionUtil.check(
1118                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
1119    
1120                    userLocalService.unsetRoleUsers(roleId, userIds);
1121            }
1122    
1123            /**
1124             * Removes the users from the team.
1125             *
1126             * @param  teamId the primary key of the team
1127             * @param  userIds the primary keys of the users
1128             * @throws PortalException if the current user did not have permission to
1129             *         modify team assignments
1130             * @throws SystemException if a system exception occurred
1131             */
1132            public void unsetTeamUsers(long teamId, long[] userIds)
1133                    throws PortalException, SystemException {
1134    
1135                    TeamPermissionUtil.check(
1136                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
1137    
1138                    userLocalService.unsetTeamUsers(teamId, userIds);
1139            }
1140    
1141            /**
1142             * Removes the users from the user group.
1143             *
1144             * @param  userGroupId the primary key of the user group
1145             * @param  userIds the primary keys of the users
1146             * @throws PortalException if the current user did not have permission to
1147             *         modify user group assignments
1148             * @throws SystemException if a system exception occurred
1149             */
1150            public void unsetUserGroupUsers(long userGroupId, long[] userIds)
1151                    throws PortalException, SystemException {
1152    
1153                    UserGroupPermissionUtil.check(
1154                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
1155    
1156                    userLocalService.unsetUserGroupUsers(userGroupId, userIds);
1157            }
1158    
1159            /**
1160             * Updates the user's response to the terms of use agreement.
1161             *
1162             * @param  userId the primary key of the user
1163             * @param  agreedToTermsOfUse whether the user has agree to the terms of use
1164             * @return the user
1165             * @throws PortalException if the current user did not have permission to
1166             *         update the user's agreement to terms-of-use
1167             * @throws SystemException if a system exception occurred
1168             */
1169            public User updateAgreedToTermsOfUse(
1170                            long userId, boolean agreedToTermsOfUse)
1171                    throws PortalException, SystemException {
1172    
1173                    UserPermissionUtil.check(
1174                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1175    
1176                    return userLocalService.updateAgreedToTermsOfUse(
1177                            userId, agreedToTermsOfUse);
1178            }
1179    
1180            /**
1181             * Updates the user's email address.
1182             *
1183             * @param  userId the primary key of the user
1184             * @param  password the user's password
1185             * @param  emailAddress1 the user's new email address
1186             * @param  emailAddress2 the user's new email address confirmation
1187             * @return the user
1188             * @throws PortalException if a user with the primary key could not be found
1189             *         or if the current user did not have permission to update the user
1190             * @throws SystemException if a system exception occurred
1191             */
1192            public User updateEmailAddress(
1193                            long userId, String password, String emailAddress1,
1194                            String emailAddress2, ServiceContext serviceContext)
1195                    throws PortalException, SystemException {
1196    
1197                    UserPermissionUtil.check(
1198                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1199    
1200                    return userLocalService.updateEmailAddress(
1201                            userId, password, emailAddress1, emailAddress2, serviceContext);
1202            }
1203    
1204            /**
1205             * Updates a user account that was automatically created when a guest user
1206             * participated in an action (e.g. posting a comment) and only provided his
1207             * name and email address.
1208             *
1209             * @param  companyId the primary key of the user's company
1210             * @param  autoPassword whether a password should be automatically generated
1211             *         for the user
1212             * @param  password1 the user's password
1213             * @param  password2 the user's password confirmation
1214             * @param  autoScreenName whether a screen name should be automatically
1215             *         generated for the user
1216             * @param  screenName the user's screen name
1217             * @param  emailAddress the user's email address
1218             * @param  facebookId the user's facebook ID
1219             * @param  openId the user's OpenID
1220             * @param  locale the user's locale
1221             * @param  firstName the user's first name
1222             * @param  middleName the user's middle name
1223             * @param  lastName the user's last name
1224             * @param  prefixId the user's name prefix ID
1225             * @param  suffixId the user's name suffix ID
1226             * @param  male whether the user is male
1227             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
1228             *         January)
1229             * @param  birthdayDay the user's birthday day
1230             * @param  birthdayYear the user's birthday year
1231             * @param  jobTitle the user's job title
1232             * @param  updateUserInformation whether to update the user's information
1233             * @param  sendEmail whether to send the user an email notification about
1234             *         their new account
1235             * @param  serviceContext the user's service context (optionally
1236             *         <code>null</code>). Can set the expando bridge attributes for the
1237             *         user.
1238             * @return the user
1239             * @throws PortalException if the user's information was invalid or if the
1240             *         email address was reserved
1241             * @throws SystemException if a system exception occurred
1242             */
1243            public User updateIncompleteUser(
1244                            long companyId, boolean autoPassword, String password1,
1245                            String password2, boolean autoScreenName, String screenName,
1246                            String emailAddress, long facebookId, String openId, Locale locale,
1247                            String firstName, String middleName, String lastName, int prefixId,
1248                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
1249                            int birthdayYear, String jobTitle, boolean updateUserInformation,
1250                            boolean sendEmail, ServiceContext serviceContext)
1251                    throws PortalException, SystemException {
1252    
1253                    long creatorUserId = 0;
1254    
1255                    try {
1256                            creatorUserId = getGuestOrUserId();
1257                    }
1258                    catch (PrincipalException pe) {
1259                    }
1260    
1261                    checkAddUserPermission(
1262                            creatorUserId, companyId, emailAddress, null, null, null, null,
1263                            serviceContext);
1264    
1265                    return userLocalService.updateIncompleteUser(
1266                            creatorUserId, companyId, autoPassword, password1, password2,
1267                            autoScreenName, screenName, emailAddress, facebookId, openId,
1268                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
1269                            birthdayMonth, birthdayDay, birthdayYear, jobTitle,
1270                            updateUserInformation, sendEmail, serviceContext);
1271            }
1272    
1273            /**
1274             * Updates whether the user is locked out from logging in.
1275             *
1276             * @param  userId the primary key of the user
1277             * @param  lockout whether the user is locked out
1278             * @return the user
1279             * @throws PortalException if the user did not have permission to lock out
1280             *         the user
1281             * @throws SystemException if a system exception occurred
1282             */
1283            public User updateLockoutById(long userId, boolean lockout)
1284                    throws PortalException, SystemException {
1285    
1286                    UserPermissionUtil.check(
1287                            getPermissionChecker(), userId, ActionKeys.DELETE);
1288    
1289                    return userLocalService.updateLockoutById(userId, lockout);
1290            }
1291    
1292            /**
1293             * Updates the user's OpenID.
1294             *
1295             * @param  userId the primary key of the user
1296             * @param  openId the new OpenID
1297             * @return the user
1298             * @throws PortalException if a user with the primary key could not be found
1299             *         or if the current user did not have permission to update the user
1300             * @throws SystemException if a system exception occurred
1301             */
1302            public User updateOpenId(long userId, String openId)
1303                    throws PortalException, SystemException {
1304    
1305                    UserPermissionUtil.check(
1306                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1307    
1308                    return userLocalService.updateOpenId(userId, openId);
1309            }
1310    
1311            /**
1312             * Sets the organizations that the user is in, removing and adding
1313             * organizations as necessary.
1314             *
1315             * @param  userId the primary key of the user
1316             * @param  organizationIds the primary keys of the organizations
1317             * @throws PortalException if a user with the primary key could not be found
1318             *         or if the current user did not have permission to update the user
1319             * @throws SystemException if a system exception occurred
1320             */
1321            public void updateOrganizations(
1322                            long userId, long[] organizationIds, ServiceContext serviceContext)
1323                    throws PortalException, SystemException {
1324    
1325                    UserPermissionUtil.check(
1326                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1327    
1328                    checkOrganizations(userId, organizationIds);
1329    
1330                    userLocalService.updateOrganizations(
1331                            userId, organizationIds, serviceContext);
1332            }
1333    
1334            /**
1335             * Updates the user's password without tracking or validation of the change.
1336             *
1337             * @param  userId the primary key of the user
1338             * @param  password1 the user's new password
1339             * @param  password2 the user's new password confirmation
1340             * @param  passwordReset whether the user should be asked to reset their
1341             *         password the next time they log in
1342             * @return the user
1343             * @throws PortalException if a user with the primary key could not be found
1344             *         or if the current user did not have permission to update the user
1345             * @throws SystemException if a system exception occurred
1346             */
1347            public User updatePassword(
1348                            long userId, String password1, String password2,
1349                            boolean passwordReset)
1350                    throws PortalException, SystemException {
1351    
1352                    UserPermissionUtil.check(
1353                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1354    
1355                    return userLocalService.updatePassword(
1356                            userId, password1, password2, passwordReset);
1357            }
1358    
1359            /**
1360             * Updates the user's portrait image.
1361             *
1362             * @param  userId the primary key of the user
1363             * @param  bytes the new portrait image data
1364             * @return the user
1365             * @throws PortalException if a user with the primary key could not be
1366             *         found, if the new portrait was invalid, or if the current user
1367             *         did not have permission to update the user
1368             * @throws SystemException if a system exception occurred
1369             */
1370            public User updatePortrait(long userId, byte[] bytes)
1371                    throws PortalException, SystemException {
1372    
1373                    UserPermissionUtil.check(
1374                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1375    
1376                    return userLocalService.updatePortrait(userId, bytes);
1377            }
1378    
1379            /**
1380             * Updates the user's password reset question and answer.
1381             *
1382             * @param  userId the primary key of the user
1383             * @param  question the user's new password reset question
1384             * @param  answer the user's new password reset answer
1385             * @return the user
1386             * @throws PortalException if a user with the primary key could not be
1387             *         found, if the new question or answer were invalid, or if the
1388             *         current user did not have permission to update the user
1389             * @throws SystemException if a system exception occurred
1390             */
1391            public User updateReminderQuery(long userId, String question, String answer)
1392                    throws PortalException, SystemException {
1393    
1394                    UserPermissionUtil.check(
1395                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1396    
1397                    return userLocalService.updateReminderQuery(userId, question, answer);
1398            }
1399    
1400            /**
1401             * Updates the user's screen name.
1402             *
1403             * @param  userId the primary key of the user
1404             * @param  screenName the user's new screen name
1405             * @return the user
1406             * @throws PortalException if a user with the primary key could not be
1407             *         found, if the new screen name was invalid, or if the current user
1408             *         did not have permission to update the user
1409             * @throws SystemException if a system exception occurred
1410             */
1411            public User updateScreenName(long userId, String screenName)
1412                    throws PortalException, SystemException {
1413    
1414                    UserPermissionUtil.check(
1415                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1416    
1417                    return userLocalService.updateScreenName(userId, screenName);
1418            }
1419    
1420            /**
1421             * Updates the user's workflow status.
1422             *
1423             * @param  userId the primary key of the user
1424             * @param  status the user's new workflow status
1425             * @return the user
1426             * @throws PortalException if a user with the primary key could not be
1427             *         found, if the current user was updating her own status to
1428             *         anything but {@link WorkflowConstants.STATUS_APPROVED}, or if the
1429             *         current user did not have permission to update the user's
1430             *         workflow status.
1431             * @throws SystemException if a system exception occurred
1432             */
1433            public User updateStatus(long userId, int status)
1434                    throws PortalException, SystemException {
1435    
1436                    if ((getUserId() == userId) &&
1437                            (status != WorkflowConstants.STATUS_APPROVED)) {
1438    
1439                            throw new RequiredUserException();
1440                    }
1441    
1442                    UserPermissionUtil.check(
1443                            getPermissionChecker(), userId, ActionKeys.DELETE);
1444    
1445                    return userLocalService.updateStatus(userId, status);
1446            }
1447    
1448            /**
1449             * Updates the user with additional parameters.
1450             *
1451             * @param  userId the primary key of the user
1452             * @param  oldPassword the user's old password
1453             * @param  newPassword1 the user's new password (optionally
1454             *         <code>null</code>)
1455             * @param  newPassword2 the user's new password confirmation (optionally
1456             *         <code>null</code>)
1457             * @param  passwordReset whether the user should be asked to reset their
1458             *         password the next time they login
1459             * @param  reminderQueryQuestion the user's new password reset question
1460             * @param  reminderQueryAnswer the user's new password reset answer
1461             * @param  screenName the user's new screen name
1462             * @param  emailAddress the user's new email address
1463             * @param  facebookId the user's new Facebook ID
1464             * @param  openId the user's new OpenID
1465             * @param  languageId the user's new language ID
1466             * @param  timeZoneId the user's new time zone ID
1467             * @param  greeting the user's new greeting
1468             * @param  comments the user's new comments
1469             * @param  firstName the user's new first name
1470             * @param  middleName the user's new middle name
1471             * @param  lastName the user's new last name
1472             * @param  prefixId the user's new name prefix ID
1473             * @param  suffixId the user's new name suffix ID
1474             * @param  male whether user is male
1475             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1476             *         for January)
1477             * @param  birthdayDay the user's new birthday day
1478             * @param  birthdayYear the user's birthday year
1479             * @param  smsSn the user's new SMS screen name
1480             * @param  aimSn the user's new AIM screen name
1481             * @param  facebookSn the user's new Facebook screen name
1482             * @param  icqSn the user's new ICQ screen name
1483             * @param  jabberSn the user's new Jabber screen name
1484             * @param  msnSn the user's new MSN screen name
1485             * @param  mySpaceSn the user's new MySpace screen name
1486             * @param  skypeSn the user's new Skype screen name
1487             * @param  twitterSn the user's new Twitter screen name
1488             * @param  ymSn the user's new Yahoo! Messenger screen name
1489             * @param  jobTitle the user's new job title
1490             * @param  groupIds the primary keys of the user's groups
1491             * @param  organizationIds the primary keys of the user's organizations
1492             * @param  roleIds the primary keys of the user's roles
1493             * @param  userGroupRoles the user user's group roles
1494             * @param  userGroupIds the primary keys of the user's user groups
1495             * @param  addresses the user's addresses
1496             * @param  emailAddresses the user's email addresses
1497             * @param  phones the user's phone numbers
1498             * @param  websites the user's websites
1499             * @param  announcementsDelivers the announcements deliveries
1500             * @param  serviceContext the user's service context (optionally
1501             *         <code>null</code>). Can set the universally unique identifier
1502             *         (with the <code>uuid</code> attribute), asset category IDs, asset
1503             *         tag names, and expando bridge attributes for the user.
1504             * @return the user
1505             * @throws PortalException if a user with the primary key could not be
1506             *         found, if the new information was invalid, or if the current user
1507             *         did not have permission to update the user
1508             * @throws SystemException if a system exception occurred
1509             */
1510            public User updateUser(
1511                            long userId, String oldPassword, String newPassword1,
1512                            String newPassword2, boolean passwordReset,
1513                            String reminderQueryQuestion, String reminderQueryAnswer,
1514                            String screenName, String emailAddress, long facebookId,
1515                            String openId, String languageId, String timeZoneId,
1516                            String greeting, String comments, String firstName,
1517                            String middleName, String lastName, int prefixId, int suffixId,
1518                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1519                            String smsSn, String aimSn, String facebookSn, String icqSn,
1520                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1521                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1522                            long[] organizationIds, long[] roleIds,
1523                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1524                            List<Address> addresses, List<EmailAddress> emailAddresses,
1525                            List<Phone> phones, List<Website> websites,
1526                            List<AnnouncementsDelivery> announcementsDelivers,
1527                            ServiceContext serviceContext)
1528                    throws PortalException, SystemException {
1529    
1530                    UserPermissionUtil.check(
1531                            getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
1532    
1533                    User user = userPersistence.findByPrimaryKey(userId);
1534    
1535                    if (addresses != null) {
1536                            UsersAdminUtil.updateAddresses(
1537                                    Contact.class.getName(), user.getContactId(), addresses);
1538                    }
1539    
1540                    if (emailAddresses != null) {
1541                            UsersAdminUtil.updateEmailAddresses(
1542                                    Contact.class.getName(), user.getContactId(), emailAddresses);
1543                    }
1544    
1545                    if (phones != null) {
1546                            UsersAdminUtil.updatePhones(
1547                                    Contact.class.getName(), user.getContactId(), phones);
1548                    }
1549    
1550                    if (websites != null) {
1551                            UsersAdminUtil.updateWebsites(
1552                                    Contact.class.getName(), user.getContactId(), websites);
1553                    }
1554    
1555                    if (announcementsDelivers != null) {
1556                            updateAnnouncementsDeliveries(
1557                                    user.getUserId(), announcementsDelivers);
1558                    }
1559    
1560                    long curUserId = getUserId();
1561    
1562                    if (curUserId == userId) {
1563                            screenName = screenName.trim().toLowerCase();
1564    
1565                            if (!screenName.equalsIgnoreCase(user.getScreenName())) {
1566                                    validateScreenName(user, screenName);
1567                            }
1568    
1569                            emailAddress = emailAddress.trim().toLowerCase();
1570    
1571                            if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
1572                                    validateEmailAddress(user, emailAddress);
1573                            }
1574                    }
1575    
1576                    if (groupIds != null) {
1577                            groupIds = checkGroups(userId, groupIds);
1578                    }
1579    
1580                    if (organizationIds != null) {
1581                            organizationIds = checkOrganizations(userId, organizationIds);
1582                    }
1583    
1584                    if (roleIds != null) {
1585                            roleIds = checkRoles(userId, roleIds);
1586                    }
1587    
1588                    if (userGroupRoles != null) {
1589                            userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
1590                    }
1591    
1592                    if (userGroupIds != null) {
1593                            userGroupIds = checkUserGroupIds(userId, userGroupIds);
1594                    }
1595    
1596                    return userLocalService.updateUser(
1597                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1598                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1599                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1600                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1601                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1602                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1603                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1604                            userGroupIds, serviceContext);
1605            }
1606    
1607            /**
1608             * Updates the user.
1609             *
1610             * @param  userId the primary key of the user
1611             * @param  oldPassword the user's old password
1612             * @param  newPassword1 the user's new password (optionally
1613             *         <code>null</code>)
1614             * @param  newPassword2 the user's new password confirmation (optionally
1615             *         <code>null</code>)
1616             * @param  passwordReset whether the user should be asked to reset their
1617             *         password the next time they login
1618             * @param  reminderQueryQuestion the user's new password reset question
1619             * @param  reminderQueryAnswer the user's new password reset answer
1620             * @param  screenName the user's new screen name
1621             * @param  emailAddress the user's new email address
1622             * @param  facebookId the user's new Facebook ID
1623             * @param  openId the user's new OpenID
1624             * @param  languageId the user's new language ID
1625             * @param  timeZoneId the user's new time zone ID
1626             * @param  greeting the user's new greeting
1627             * @param  comments the user's new comments
1628             * @param  firstName the user's new first name
1629             * @param  middleName the user's new middle name
1630             * @param  lastName the user's new last name
1631             * @param  prefixId the user's new name prefix ID
1632             * @param  suffixId the user's new name suffix ID
1633             * @param  male whether user is male
1634             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1635             *         for January)
1636             * @param  birthdayDay the user's new birthday day
1637             * @param  birthdayYear the user's birthday year
1638             * @param  smsSn the user's new SMS screen name
1639             * @param  aimSn the user's new AIM screen name
1640             * @param  facebookSn the user's new Facebook screen name
1641             * @param  icqSn the user's new ICQ screen name
1642             * @param  jabberSn the user's new Jabber screen name
1643             * @param  msnSn the user's new MSN screen name
1644             * @param  mySpaceSn the user's new MySpace screen name
1645             * @param  skypeSn the user's new Skype screen name
1646             * @param  twitterSn the user's new Twitter screen name
1647             * @param  ymSn the user's new Yahoo! Messenger screen name
1648             * @param  jobTitle the user's new job title
1649             * @param  groupIds the primary keys of the user's groups
1650             * @param  organizationIds the primary keys of the user's organizations
1651             * @param  roleIds the primary keys of the user's roles
1652             * @param  userGroupRoles the user user's group roles
1653             * @param  userGroupIds the primary keys of the user's user groups
1654             * @param  serviceContext the user's service context (optionally
1655             *         <code>null</code>). Can set the universally unique identifier
1656             *         (with the <code>uuid</code> attribute), asset category IDs, asset
1657             *         tag names, and expando bridge attributes for the user.
1658             * @return the user
1659             * @throws PortalException if a user with the primary key could not be
1660             *         found, if the new information was invalid, or if the current user
1661             *         did not have permission to update the user
1662             * @throws SystemException if a system exception occurred
1663             */
1664            public User updateUser(
1665                            long userId, String oldPassword, String newPassword1,
1666                            String newPassword2, boolean passwordReset,
1667                            String reminderQueryQuestion, String reminderQueryAnswer,
1668                            String screenName, String emailAddress, long facebookId,
1669                            String openId, String languageId, String timeZoneId,
1670                            String greeting, String comments, String firstName,
1671                            String middleName, String lastName, int prefixId, int suffixId,
1672                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1673                            String smsSn, String aimSn, String facebookSn, String icqSn,
1674                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1675                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1676                            long[] organizationIds, long[] roleIds,
1677                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1678                            ServiceContext serviceContext)
1679                    throws PortalException, SystemException {
1680    
1681                    return updateUser(
1682                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1683                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1684                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1685                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1686                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1687                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1688                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1689                            userGroupIds, null, null, null, null, null, serviceContext);
1690            }
1691    
1692            protected void checkAddUserPermission(
1693                            long creatorUserId, long companyId, String emailAddress,
1694                            long[] groupIds, long[] organizationIds, long[] roleIds,
1695                            long[] userGroupIds, ServiceContext serviceContext)
1696                    throws PortalException, SystemException {
1697    
1698                    Company company = companyPersistence.findByPrimaryKey(companyId);
1699    
1700                    if (groupIds != null) {
1701                            checkGroups(CompanyConstants.SYSTEM, groupIds);
1702                    }
1703    
1704                    if (organizationIds != null) {
1705                            checkOrganizations(CompanyConstants.SYSTEM, organizationIds);
1706                    }
1707    
1708                    if (roleIds != null) {
1709                            checkRoles(CompanyConstants.SYSTEM, roleIds);
1710                    }
1711    
1712                    if (userGroupIds != null) {
1713                            checkUserGroupIds(CompanyConstants.SYSTEM, userGroupIds);
1714                    }
1715    
1716                    boolean anonymousUser = ParamUtil.getBoolean(
1717                            serviceContext, "anonymousUser");
1718    
1719                    if (((creatorUserId != 0) &&
1720                             (creatorUserId != getDefaultUserId(companyId))) ||
1721                            (!company.isStrangers() && !anonymousUser)) {
1722    
1723                            if (!PortalPermissionUtil.contains(
1724                                            getPermissionChecker(), ActionKeys.ADD_USER) &&
1725                                    !OrganizationPermissionUtil.contains(
1726                                            getPermissionChecker(), organizationIds,
1727                                            ActionKeys.ASSIGN_MEMBERS)) {
1728    
1729                                    throw new PrincipalException();
1730                            }
1731                    }
1732    
1733                    if ((creatorUserId == 0) ||
1734                            (creatorUserId == getDefaultUserId(companyId))) {
1735    
1736                            if (!company.isStrangersWithMx() &&
1737                                    company.hasCompanyMx(emailAddress)) {
1738    
1739                                    throw new ReservedUserEmailAddressException();
1740                            }
1741                    }
1742            }
1743    
1744            protected long[] checkGroups(long userId, long[] groupIds)
1745                    throws PortalException, SystemException {
1746    
1747                    long[] oldGroupIds = null;
1748    
1749                    PermissionChecker permissionChecker = getPermissionChecker();
1750    
1751                    if (userId != CompanyConstants.SYSTEM) {
1752    
1753                            // Add back any groups that the administrator does not have the
1754                            // rights to remove and check that he has the permission to add
1755                            // a new group
1756    
1757                            List<Group> oldGroups = groupLocalService.getUserGroups(userId);
1758    
1759                            oldGroupIds = new long[oldGroups.size()];
1760    
1761                            for (int i = 0; i < oldGroups.size(); i++) {
1762                                    Group group = oldGroups.get(i);
1763    
1764                                    if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
1765                                            !GroupPermissionUtil.contains(
1766                                                    permissionChecker, group.getGroupId(),
1767                                                    ActionKeys.ASSIGN_MEMBERS)) {
1768    
1769                                            groupIds = ArrayUtil.append(groupIds, group.getGroupId());
1770                                    }
1771    
1772                                    oldGroupIds[i] = group.getGroupId();
1773                            }
1774                    }
1775    
1776                    for (long groupId : groupIds) {
1777                            if ((oldGroupIds == null) ||
1778                                    !ArrayUtil.contains(oldGroupIds, groupId)) {
1779    
1780                                    GroupPermissionUtil.check(
1781                                            permissionChecker, groupId, ActionKeys.ASSIGN_MEMBERS);
1782                            }
1783                    }
1784    
1785                    return groupIds;
1786            }
1787    
1788            protected long[] checkOrganizations(long userId, long[] organizationIds)
1789                    throws PortalException, SystemException {
1790    
1791                    long[] oldOrganizationIds = null;
1792    
1793                    PermissionChecker permissionChecker = getPermissionChecker();
1794    
1795                    if (userId != CompanyConstants.SYSTEM) {
1796    
1797                            // Add back any organizations that the administrator does not have
1798                            // the rights to remove and check that he has the permission to add
1799                            // a new organization
1800    
1801                            List<Organization> oldOrganizations =
1802                                    organizationLocalService.getUserOrganizations(userId);
1803    
1804                            oldOrganizationIds = new long[oldOrganizations.size()];
1805    
1806                            for (int i = 0; i < oldOrganizations.size(); i++) {
1807                                    Organization organization = oldOrganizations.get(i);
1808    
1809                                    if (!ArrayUtil.contains(
1810                                                    organizationIds, organization.getOrganizationId()) &&
1811                                            !OrganizationPermissionUtil.contains(
1812                                                    permissionChecker, organization.getOrganizationId(),
1813                                                    ActionKeys.ASSIGN_MEMBERS)) {
1814    
1815                                            organizationIds = ArrayUtil.append(
1816                                                    organizationIds, organization.getOrganizationId());
1817                                    }
1818    
1819                                    oldOrganizationIds[i] = organization.getOrganizationId();
1820                            }
1821                    }
1822    
1823                    for (long organizationId : organizationIds) {
1824                            if ((oldOrganizationIds == null) ||
1825                                    !ArrayUtil.contains(oldOrganizationIds, organizationId)) {
1826    
1827                                    OrganizationPermissionUtil.check(
1828                                            permissionChecker, organizationId,
1829                                            ActionKeys.ASSIGN_MEMBERS);
1830                            }
1831                    }
1832    
1833                    return organizationIds;
1834            }
1835    
1836            protected long[] checkRoles(long userId, long[] roleIds)
1837                    throws PrincipalException, SystemException {
1838    
1839                    long[] oldRoleIds = null;
1840    
1841                    PermissionChecker permissionChecker = getPermissionChecker();
1842    
1843                    if (userId != CompanyConstants.SYSTEM) {
1844    
1845                            // Add back any roles that the administrator does not have the
1846                            // rights to remove and check that he has the permission to add a
1847                            // new role
1848    
1849                            List<Role> oldRoles = roleLocalService.getUserRoles(userId);
1850    
1851                            oldRoleIds = new long[oldRoles.size()];
1852    
1853                            for (int i = 0; i < oldRoles.size(); i++) {
1854                                    Role role = oldRoles.get(i);
1855    
1856                                    if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
1857                                            !RolePermissionUtil.contains(
1858                                                    permissionChecker, role.getRoleId(),
1859                                                    ActionKeys.ASSIGN_MEMBERS)) {
1860    
1861                                            roleIds = ArrayUtil.append(roleIds, role.getRoleId());
1862                                    }
1863    
1864                                    oldRoleIds[i] = role.getRoleId();
1865                            }
1866                    }
1867    
1868                    for (long roleId : roleIds) {
1869                            if ((oldRoleIds == null) ||
1870                                    !ArrayUtil.contains(oldRoleIds, roleId)) {
1871    
1872                                    RolePermissionUtil.check(
1873                                            permissionChecker, roleId, ActionKeys.ASSIGN_MEMBERS);
1874                            }
1875                    }
1876    
1877                    return roleIds;
1878            }
1879    
1880            protected long[] checkUserGroupIds(long userId, long[] userGroupIds)
1881                    throws PortalException, SystemException {
1882    
1883                    long[] oldUserGroupIds = null;
1884    
1885                    PermissionChecker permissionChecker = getPermissionChecker();
1886    
1887                    if (userId != CompanyConstants.SYSTEM) {
1888    
1889                            // Add back any user groups that the administrator does not have the
1890                            // rights to remove and check that he has the permission to add a
1891                            // new user group
1892    
1893                            List<UserGroup> oldUserGroups =
1894                                    userGroupLocalService.getUserUserGroups(userId);
1895    
1896                            oldUserGroupIds = new long[oldUserGroups.size()];
1897    
1898                            for (int i = 0; i < oldUserGroups.size(); i++) {
1899                                    UserGroup userGroup = oldUserGroups.get(i);
1900    
1901                                    if (!ArrayUtil.contains(
1902                                                    userGroupIds, userGroup.getUserGroupId()) &&
1903                                            !UserGroupPermissionUtil.contains(
1904                                                    permissionChecker, userGroup.getUserGroupId(),
1905                                                    ActionKeys.ASSIGN_MEMBERS)) {
1906    
1907                                            userGroupIds = ArrayUtil.append(
1908                                                    userGroupIds, userGroup.getUserGroupId());
1909                                    }
1910    
1911                                    oldUserGroupIds[i] = userGroup.getUserGroupId();
1912                            }
1913                    }
1914    
1915                    for (long userGroupId : userGroupIds) {
1916                            if ((oldUserGroupIds == null) ||
1917                                    !ArrayUtil.contains(oldUserGroupIds, userGroupId)) {
1918    
1919                                    UserGroupPermissionUtil.check(
1920                                            permissionChecker, userGroupId, ActionKeys.ASSIGN_MEMBERS);
1921                            }
1922                    }
1923    
1924                    return userGroupIds;
1925            }
1926    
1927            protected List<UserGroupRole> checkUserGroupRoles(
1928                            long userId, List<UserGroupRole> userGroupRoles)
1929                    throws PortalException, SystemException {
1930    
1931                    List<UserGroupRole> oldUserGroupRoles = null;
1932    
1933                    PermissionChecker permissionChecker = getPermissionChecker();
1934    
1935                    if (userId != CompanyConstants.SYSTEM) {
1936    
1937                            // Add back any user group roles that the administrator does not
1938                            // have the rights to remove and check that he has the permission to
1939                            // add a new user group role
1940    
1941                            oldUserGroupRoles = userGroupRoleLocalService.getUserGroupRoles(
1942                                    userId);
1943    
1944                            for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
1945                                    if (!userGroupRoles.contains(oldUserGroupRole) &&
1946                                            !UserGroupRolePermissionUtil.contains(
1947                                                    permissionChecker, oldUserGroupRole.getGroupId(),
1948                                                    oldUserGroupRole.getRoleId())) {
1949    
1950                                            userGroupRoles.add(oldUserGroupRole);
1951                                    }
1952                            }
1953                    }
1954    
1955                    for (UserGroupRole userGroupRole : userGroupRoles) {
1956                            if ((oldUserGroupRoles == null) ||
1957                                    !oldUserGroupRoles.contains(userGroupRole)) {
1958    
1959                                    UserGroupRolePermissionUtil.check(
1960                                            permissionChecker, userGroupRole.getGroupId(),
1961                                            userGroupRole.getRoleId());
1962                            }
1963                    }
1964    
1965                    return userGroupRoles;
1966            }
1967    
1968            protected void updateAnnouncementsDeliveries(
1969                            long userId, List<AnnouncementsDelivery> announcementsDeliveries)
1970                    throws PortalException, SystemException {
1971    
1972                    for (AnnouncementsDelivery announcementsDelivery :
1973                                    announcementsDeliveries) {
1974    
1975                            announcementsDeliveryService.updateDelivery(
1976                                    userId, announcementsDelivery.getType(),
1977                                    announcementsDelivery.getEmail(),
1978                                    announcementsDelivery.getSms(),
1979                                    announcementsDelivery.getWebsite());
1980                    }
1981            }
1982    
1983            protected void validateEmailAddress(User user, String emailAddress)
1984                    throws PortalException, SystemException {
1985    
1986                    PermissionChecker permissionChecker = getPermissionChecker();
1987    
1988                    if (!UsersAdminUtil.hasUpdateEmailAddress(permissionChecker, user)) {
1989                            throw new UserEmailAddressException();
1990                    }
1991    
1992                    if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
1993                            Company company = companyPersistence.findByPrimaryKey(
1994                                    user.getCompanyId());
1995    
1996                            if (!company.isStrangersWithMx()) {
1997                                    throw new ReservedUserEmailAddressException();
1998                            }
1999                    }
2000            }
2001    
2002            protected void validateOrganizationUsers(long[] userIds)
2003                    throws PortalException, SystemException {
2004    
2005                    PermissionChecker permissionChecker = getPermissionChecker();
2006    
2007                    if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
2008                            permissionChecker.isCompanyAdmin()) {
2009    
2010                            return;
2011                    }
2012    
2013                    for (long userId : userIds) {
2014                            boolean allowed = false;
2015    
2016                            List<Organization> organizations =
2017                                    organizationLocalService.getUserOrganizations(userId);
2018    
2019                            for (Organization organization : organizations) {
2020                                    if (OrganizationPermissionUtil.contains(
2021                                                    permissionChecker, organization,
2022                                                    ActionKeys.MANAGE_USERS)) {
2023    
2024                                            allowed = true;
2025    
2026                                            break;
2027                                    }
2028                            }
2029    
2030                            if (!allowed) {
2031                                    throw new PrincipalException();
2032                            }
2033                    }
2034            }
2035    
2036            protected void validateScreenName(User user, String screenName)
2037                    throws PortalException, SystemException {
2038    
2039                    PermissionChecker permissionChecker = getPermissionChecker();
2040    
2041                    if (!UsersAdminUtil.hasUpdateScreenName(permissionChecker, user)) {
2042                            throw new UserScreenNameException();
2043                    }
2044            }
2045    
2046    }