001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchGroupException;
018    import com.liferay.portal.NoSuchResourceException;
019    import com.liferay.portal.ResourceActionsException;
020    import com.liferay.portal.kernel.dao.jdbc.DataAccess;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.kernel.exception.SystemException;
023    import com.liferay.portal.kernel.log.Log;
024    import com.liferay.portal.kernel.log.LogFactoryUtil;
025    import com.liferay.portal.kernel.search.SearchEngineUtil;
026    import com.liferay.portal.kernel.util.ListUtil;
027    import com.liferay.portal.kernel.util.StringBundler;
028    import com.liferay.portal.model.AuditedModel;
029    import com.liferay.portal.model.ClassedModel;
030    import com.liferay.portal.model.Group;
031    import com.liferay.portal.model.GroupConstants;
032    import com.liferay.portal.model.GroupedModel;
033    import com.liferay.portal.model.Permission;
034    import com.liferay.portal.model.PermissionedModel;
035    import com.liferay.portal.model.Resource;
036    import com.liferay.portal.model.ResourceCode;
037    import com.liferay.portal.model.ResourceConstants;
038    import com.liferay.portal.model.ResourcePermission;
039    import com.liferay.portal.model.Role;
040    import com.liferay.portal.model.RoleConstants;
041    import com.liferay.portal.model.impl.ResourceImpl;
042    import com.liferay.portal.security.permission.PermissionCacheUtil;
043    import com.liferay.portal.security.permission.PermissionThreadLocal;
044    import com.liferay.portal.security.permission.PermissionsListFilter;
045    import com.liferay.portal.security.permission.PermissionsListFilterFactory;
046    import com.liferay.portal.security.permission.ResourceActionsUtil;
047    import com.liferay.portal.service.ServiceContext;
048    import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
049    import com.liferay.portal.util.PropsValues;
050    import com.liferay.portal.util.ResourcePermissionsThreadLocal;
051    import com.liferay.portal.util.comparator.ResourceComparator;
052    
053    import java.sql.Connection;
054    import java.sql.PreparedStatement;
055    import java.sql.ResultSet;
056    import java.sql.SQLException;
057    
058    import java.util.Arrays;
059    import java.util.Iterator;
060    import java.util.List;
061    
062    /**
063     * @author Brian Wing Shun Chan
064     * @author Wilson S. Man
065     * @author Raymond Augé
066     * @author Julio Camarero
067     * @author Connor McKay
068     */
069    public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
070    
071            public void addModelResources(
072                            AuditedModel auditedModel, ServiceContext serviceContext)
073                    throws PortalException, SystemException {
074    
075                    ClassedModel classedModel = (ClassedModel)auditedModel;
076    
077                    if (serviceContext.isAddGroupPermissions() ||
078                            serviceContext.isAddGuestPermissions()) {
079    
080                            addResources(
081                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
082                                    auditedModel.getUserId(), classedModel.getModelClassName(),
083                                    String.valueOf(classedModel.getPrimaryKeyObj()), false,
084                                    serviceContext.isAddGroupPermissions(),
085                                    serviceContext.isAddGuestPermissions(),
086                                    getPermissionedModel(auditedModel));
087                    }
088                    else {
089                            if (serviceContext.isDeriveDefaultPermissions()) {
090                                    serviceContext.deriveDefaultPermissions(
091                                            getGroupId(auditedModel), classedModel.getModelClassName());
092                            }
093    
094                            addModelResources(
095                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
096                                    auditedModel.getUserId(), classedModel.getModelClassName(),
097                                    String.valueOf(classedModel.getPrimaryKeyObj()),
098                                    serviceContext.getGroupPermissions(),
099                                    serviceContext.getGuestPermissions(),
100                                    getPermissionedModel(auditedModel));
101                    }
102            }
103    
104            public void addModelResources(
105                            long companyId, long groupId, long userId, String name,
106                            long primKey, String[] groupPermissions, String[] guestPermissions)
107                    throws PortalException, SystemException {
108    
109                    addModelResources(
110                            companyId, groupId, userId, name, String.valueOf(primKey),
111                            groupPermissions, guestPermissions, null);
112            }
113    
114            public void addModelResources(
115                            long companyId, long groupId, long userId, String name,
116                            String primKey, String[] groupPermissions,
117                            String[] guestPermissions)
118                    throws PortalException, SystemException {
119    
120                    addModelResources(
121                            companyId, groupId, userId, name, primKey, groupPermissions,
122                            guestPermissions, null);
123            }
124    
125            public Resource addResource(
126                            long companyId, String name, int scope, String primKey)
127                    throws SystemException {
128    
129                    if (!PermissionThreadLocal.isAddResource()) {
130                            return null;
131                    }
132    
133                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
134                            return addResource_6(companyId, name, scope, primKey);
135                    }
136                    else {
137                            return addResource_1to5(companyId, name, scope, primKey);
138                    }
139            }
140    
141            public void addResources(
142                            long companyId, long groupId, long userId, String name,
143                            long primKey, boolean portletActions, boolean addGroupPermissions,
144                            boolean addGuestPermissions)
145                    throws PortalException, SystemException {
146    
147                    addResources(
148                            companyId, groupId, userId, name, String.valueOf(primKey),
149                            portletActions, addGroupPermissions, addGuestPermissions, null);
150            }
151    
152            public void addResources(
153                            long companyId, long groupId, long userId, String name,
154                            String primKey, boolean portletActions, boolean addGroupPermissions,
155                            boolean addGuestPermissions)
156                    throws PortalException, SystemException {
157    
158                    addResources(
159                            companyId, groupId, userId, name, primKey, portletActions,
160                            addGroupPermissions, addGuestPermissions, null);
161            }
162    
163            public void addResources(
164                            long companyId, long groupId, String name, boolean portletActions)
165                    throws PortalException, SystemException {
166    
167                    addResources(
168                            companyId, groupId, 0, name, null, portletActions, false, false);
169            }
170    
171            public void deleteResource(AuditedModel auditedModel, int scope)
172                    throws PortalException, SystemException {
173    
174                    ClassedModel classedModel = (ClassedModel)auditedModel;
175    
176                    deleteResource(
177                            auditedModel.getCompanyId(), classedModel.getModelClassName(),
178                            scope, String.valueOf(classedModel.getPrimaryKeyObj()),
179                            getPermissionedModel(auditedModel));
180            }
181    
182            @Override
183            public Resource deleteResource(long resourceId) throws SystemException {
184                    Resource resource = null;
185    
186                    try {
187                            resource = resourcePersistence.findByPrimaryKey(resourceId);
188    
189                            deleteResource(resource);
190                    }
191                    catch (NoSuchResourceException nsre) {
192                            if (_log.isWarnEnabled()) {
193                                    _log.warn(nsre);
194                            }
195                    }
196    
197                    return resource;
198            }
199    
200            public void deleteResource(
201                            long companyId, String name, int scope, long primKey)
202                    throws PortalException, SystemException {
203    
204                    deleteResource(companyId, name, scope, String.valueOf(primKey), null);
205            }
206    
207            public void deleteResource(
208                            long companyId, String name, int scope, String primKey)
209                    throws PortalException, SystemException {
210    
211                    deleteResource(companyId, name, scope, primKey, null);
212            }
213    
214            @Override
215            public Resource deleteResource(Resource resource) throws SystemException {
216    
217                    // Permissions
218    
219                    List<Permission> permissions = permissionPersistence.findByResourceId(
220                            resource.getResourceId());
221    
222                    for (Permission permission : permissions) {
223                            orgGroupPermissionPersistence.removeByPermissionId(
224                                    permission.getPermissionId());
225                    }
226    
227                    permissionPersistence.removeByResourceId(resource.getResourceId());
228    
229                    // Resource
230    
231                    return resourcePersistence.remove(resource);
232            }
233    
234            public void deleteResources(String name) throws SystemException {
235                    List<Resource> resources = resourceFinder.findByName(name);
236    
237                    for (Resource resource : resources) {
238                            deleteResource(resource);
239                    }
240            }
241    
242            public Resource fetchResource(
243                            long companyId, String name, int scope, String primKey)
244                    throws SystemException {
245    
246                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
247                            return getResource_6(companyId, name, scope, primKey);
248                    }
249                    else {
250                            return fetchResource_1to5(companyId, name, scope, primKey);
251                    }
252            }
253    
254            public long getLatestResourceId() throws SystemException {
255                    List<Resource> resources = resourcePersistence.findAll(
256                            0, 1, new ResourceComparator());
257    
258                    if (resources.size() == 0) {
259                            return 0;
260                    }
261                    else {
262                            Resource resource = resources.get(0);
263    
264                            return resource.getResourceId();
265                    }
266            }
267    
268            public Resource getResource(
269                            long companyId, String name, int scope, String primKey)
270                    throws PortalException, SystemException {
271    
272                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
273                            return getResource_6(companyId, name, scope, primKey);
274                    }
275                    else {
276                            return getResource_1to5(companyId, name, scope, primKey);
277                    }
278            }
279    
280            public List<Resource> getResources() throws SystemException {
281                    return resourcePersistence.findAll();
282            }
283    
284            public void updateModelResources(
285                            AuditedModel auditedModel, ServiceContext serviceContext)
286                    throws PortalException, SystemException {
287    
288                    ClassedModel classedModel = (ClassedModel)auditedModel;
289    
290                    updateResources(
291                            auditedModel.getCompanyId(), getGroupId(auditedModel),
292                            classedModel.getModelClassName(),
293                            String.valueOf(classedModel.getPrimaryKeyObj()),
294                            serviceContext.getGroupPermissions(),
295                            serviceContext.getGuestPermissions(),
296                            getPermissionedModel(auditedModel));
297            }
298    
299            public void updateResources(
300                            long companyId, long groupId, String name, long primKey,
301                            String[] groupPermissions, String[] guestPermissions)
302                    throws PortalException, SystemException {
303    
304                    updateResources(
305                            companyId, groupId, name, String.valueOf(primKey), groupPermissions,
306                            guestPermissions, null);
307            }
308    
309            public void updateResources(
310                            long companyId, long groupId, String name, String primKey,
311                            String[] groupPermissions, String[] guestPermissions)
312                    throws PortalException, SystemException {
313    
314                    updateResources(
315                            companyId, groupId, name, primKey, groupPermissions,
316                            guestPermissions, null);
317            }
318    
319            public void updateResources(
320                            long companyId, String name, int scope, String primKey,
321                            String newPrimKey)
322                    throws PortalException, SystemException {
323    
324                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
325                            if (resourceBlockLocalService.isSupported(name)) {
326    
327                                    // Assuming that this method is used when the primary key of an
328                                    // existing record is changed, then nothing needs to happen
329                                    // here, as it should still have its resource block ID.
330    
331                            }
332                            else {
333                                    updateResources_6(companyId, name, scope, primKey, newPrimKey);
334                            }
335                    }
336                    else {
337                            updateResources_1to5(companyId, name, scope, primKey, newPrimKey);
338                    }
339            }
340    
341            protected void addGroupPermissions(
342                            long companyId, long groupId, long userId, String name,
343                            Resource resource, boolean portletActions,
344                            PermissionedModel permissionedModel)
345                    throws PortalException, SystemException {
346    
347                    List<String> actions = null;
348    
349                    if (portletActions) {
350                            actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
351                                    name);
352                    }
353                    else {
354                            actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
355                                    name);
356                    }
357    
358                    String[] actionIds = actions.toArray(new String[actions.size()]);
359    
360                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
361                            if (resourceBlockLocalService.isSupported(name)) {
362                                    addGroupPermissions_6Blocks(
363                                            groupId, resource, actions, permissionedModel);
364                            }
365                            else {
366                                    addGroupPermissions_6(groupId, resource, actionIds);
367                            }
368                    }
369                    else {
370                            addGroupPermissions_1to5(
371                                    companyId, groupId, userId, name, resource, portletActions,
372                                    actionIds);
373                    }
374            }
375    
376            protected void addGroupPermissions_1to5(
377                            long companyId, long groupId, long userId, String name,
378                            Resource resource, boolean portletActions, String[] actionIds)
379                    throws PortalException, SystemException {
380    
381                    long resourceId = resource.getResourceId();
382                    String primKey = resource.getPrimKey();
383    
384                    List<Permission> groupPermissionsList =
385                            permissionLocalService.getPermissions(
386                                    companyId, actionIds, resourceId);
387    
388                    PermissionsListFilter permissionsListFilter =
389                            PermissionsListFilterFactory.getInstance();
390    
391                    groupPermissionsList = permissionsListFilter.filterGroupPermissions(
392                            companyId, groupId, userId, name, primKey, portletActions,
393                            groupPermissionsList);
394    
395                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
396                            Role role = roleLocalService.getDefaultGroupRole(groupId);
397    
398                            rolePersistence.addPermissions(
399                                    role.getRoleId(), groupPermissionsList);
400                    }
401                    else {
402                            groupPersistence.addPermissions(groupId, groupPermissionsList);
403                    }
404            }
405    
406            protected void addGroupPermissions_6(
407                            long groupId, Resource resource, String[] actionIds)
408                    throws PortalException, SystemException {
409    
410                    Role role = roleLocalService.getDefaultGroupRole(groupId);
411    
412                    resourcePermissionLocalService.setResourcePermissions(
413                            resource.getCompanyId(), resource.getName(), resource.getScope(),
414                            resource.getPrimKey(), role.getRoleId(), actionIds);
415            }
416    
417            protected void addGroupPermissions_6Blocks(
418                            long groupId, Resource resource, List<String> actionIds,
419                            PermissionedModel permissionedModel)
420                    throws PortalException, SystemException {
421    
422                    if (permissionedModel == null) {
423                            throw new IllegalArgumentException("Permissioned model is null");
424                    }
425    
426                    // Scope is assumed to always be individual
427    
428                    Role role = roleLocalService.getDefaultGroupRole(groupId);
429    
430                    resourceBlockLocalService.setIndividualScopePermissions(
431                            resource.getCompanyId(), groupId, resource.getName(),
432                            permissionedModel, role.getRoleId(), actionIds);
433            }
434    
435            protected void addGuestPermissions(
436                            long companyId, long groupId, long userId, String name,
437                            Resource resource, boolean portletActions,
438                            PermissionedModel permissionedModel)
439                    throws PortalException, SystemException {
440    
441                    List<String> actions = null;
442    
443                    if (portletActions) {
444                            actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
445                                    name);
446                    }
447                    else {
448                            actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
449                                    name);
450                    }
451    
452                    String[] actionIds = actions.toArray(new String[actions.size()]);
453    
454                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
455                            if (resourceBlockLocalService.isSupported(name)) {
456                                    addGuestPermissions_6Blocks(
457                                            companyId, groupId, resource, actions, permissionedModel);
458                            }
459                            else {
460                                    addGuestPermissions_6(companyId, resource, actionIds);
461                            }
462                    }
463                    else {
464                            addGuestPermissions_1to5(
465                                    companyId, groupId, userId, name, resource, portletActions,
466                                    actionIds);
467                    }
468            }
469    
470            protected void addGuestPermissions_1to5(
471                            long companyId, long groupId, long userId, String name,
472                            Resource resource, boolean portletActions, String[] actionIds)
473                    throws PortalException, SystemException {
474    
475                    List<Permission> guestPermissionsList =
476                            permissionLocalService.getPermissions(
477                                    companyId, actionIds, resource.getResourceId());
478    
479                    PermissionsListFilter permissionsListFilter =
480                            PermissionsListFilterFactory.getInstance();
481    
482                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
483                            companyId, groupId, userId, name, resource.getPrimKey(),
484                            portletActions, guestPermissionsList);
485    
486                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
487                            Role guestRole = roleLocalService.getRole(
488                                    companyId, RoleConstants.GUEST);
489    
490                            rolePersistence.addPermissions(
491                                    guestRole.getRoleId(), guestPermissionsList);
492                    }
493                    else {
494                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
495    
496                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
497                    }
498            }
499    
500            protected void addGuestPermissions_6(
501                            long companyId, Resource resource, String[] actionIds)
502                    throws PortalException, SystemException {
503    
504                    Role guestRole = roleLocalService.getRole(
505                            companyId, RoleConstants.GUEST);
506    
507                    resourcePermissionLocalService.setResourcePermissions(
508                            resource.getCompanyId(), resource.getName(), resource.getScope(),
509                            resource.getPrimKey(), guestRole.getRoleId(), actionIds);
510            }
511    
512            protected void addGuestPermissions_6Blocks(
513                            long companyId, long groupId, Resource resource,
514                            List<String> actionIds, PermissionedModel permissionedModel)
515                    throws PortalException, SystemException {
516    
517                    if (permissionedModel == null) {
518                            throw new IllegalArgumentException("Permissioned model is null");
519                    }
520    
521                    // Scope is assumed to always be individual
522    
523                    Role guestRole = roleLocalService.getRole(
524                            companyId, RoleConstants.GUEST);
525    
526                    resourceBlockLocalService.setIndividualScopePermissions(
527                            resource.getCompanyId(), groupId, resource.getName(),
528                            permissionedModel, guestRole.getRoleId(), actionIds);
529            }
530    
531            protected void addModelResources(
532                            long companyId, long groupId, long userId, String name,
533                            String primKey, String[] groupPermissions,
534                            String[] guestPermissions, PermissionedModel permissionedModel)
535                    throws PortalException, SystemException {
536    
537                    if (!PermissionThreadLocal.isAddResource()) {
538                            return;
539                    }
540    
541                    validate(name, false);
542    
543                    // Company
544    
545                    addResource(
546                            companyId, name, ResourceConstants.SCOPE_COMPANY,
547                            String.valueOf(companyId));
548    
549                    // Guest
550    
551                    long guestGroupId = getGuestGroupId(companyId);
552    
553                    addResource(
554                            companyId, name, ResourceConstants.SCOPE_GROUP,
555                            String.valueOf(guestGroupId));
556    
557                    // Group
558    
559                    if ((groupId > 0) && (guestGroupId != groupId)) {
560                            addResource(
561                                    companyId, name, ResourceConstants.SCOPE_GROUP,
562                                    String.valueOf(groupId));
563                    }
564    
565                    if (primKey == null) {
566                            return;
567                    }
568    
569                    // Individual
570    
571                    Resource resource = addResource(
572                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
573    
574                    // Permissions
575    
576                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
577    
578                    PermissionThreadLocal.setIndexEnabled(false);
579    
580                    try {
581                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
582                                    addModelResources_6(
583                                            companyId, groupId, userId, resource, groupPermissions,
584                                            guestPermissions, permissionedModel);
585                            }
586                            else {
587                                    addModelResources_1to5(
588                                            companyId, groupId, userId, resource, groupPermissions,
589                                            guestPermissions);
590                            }
591                    }
592                    finally {
593                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
594    
595                            PermissionCacheUtil.clearCache();
596    
597                            SearchEngineUtil.updatePermissionFields(name, primKey);
598                    }
599            }
600    
601            protected void addModelResources_1to5(
602                            long companyId, long groupId, long userId, Resource resource,
603                            String[] groupPermissions, String[] guestPermissions)
604                    throws PortalException, SystemException {
605    
606                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
607    
608                    PermissionsListFilter permissionsListFilter =
609                            PermissionsListFilterFactory.getInstance();
610    
611                    List<Permission> permissionsList =
612                            permissionLocalService.addPermissions(
613                                    companyId, resource.getName(), resource.getResourceId(), false);
614    
615                    List<Permission> userPermissionsList =
616                            permissionsListFilter.filterUserPermissions(
617                                    companyId, groupId, userId, resource.getName(),
618                                    resource.getPrimKey(), false, permissionsList);
619    
620                    filterOwnerPermissions(resource.getName(), userPermissionsList);
621    
622                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
623    
624                            // Owner permissions
625    
626                            Role ownerRole = roleLocalService.getRole(
627                                    companyId, RoleConstants.OWNER);
628    
629                            rolePersistence.addPermissions(
630                                    ownerRole.getRoleId(), userPermissionsList);
631                    }
632                    else {
633    
634                            // User permissions
635    
636                            if ((userId > 0) && (userId != defaultUserId)) {
637                                    userPersistence.addPermissions(userId, userPermissionsList);
638                            }
639                    }
640    
641                    // Group permissions
642    
643                    if (groupId > 0) {
644                            if (groupPermissions == null) {
645                                    groupPermissions = new String[0];
646                            }
647    
648                            List<Permission> groupPermissionsList =
649                                    permissionLocalService.getPermissions(
650                                            companyId, groupPermissions, resource.getResourceId());
651    
652                            groupPermissionsList = permissionsListFilter.filterGroupPermissions(
653                                    companyId, groupId, userId, resource.getName(),
654                                    resource.getPrimKey(), false, groupPermissionsList);
655    
656                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
657                                    Role role = roleLocalService.getDefaultGroupRole(groupId);
658    
659                                    rolePersistence.addPermissions(
660                                            role.getRoleId(), groupPermissionsList);
661                            }
662                            else {
663                                    groupPersistence.addPermissions(groupId, groupPermissionsList);
664                            }
665                    }
666    
667                    // Guest permissions
668    
669                    if (guestPermissions == null) {
670                            guestPermissions = new String[0];
671                    }
672    
673                    List<Permission> guestPermissionsList =
674                            permissionLocalService.getPermissions(
675                                    companyId, guestPermissions, resource.getResourceId());
676    
677                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
678                            companyId, groupId, userId, resource.getName(),
679                            resource.getPrimKey(), false, guestPermissionsList);
680    
681                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
682                            Role guestRole = roleLocalService.getRole(
683                                    companyId, RoleConstants.GUEST);
684    
685                            rolePersistence.addPermissions(
686                                    guestRole.getRoleId(), guestPermissionsList);
687                    }
688                    else {
689                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
690                    }
691            }
692    
693            protected void addModelResources_6(
694                            long companyId, long groupId, long userId, Resource resource,
695                            String[] groupPermissions, String[] guestPermissions,
696                            PermissionedModel permissionedModel)
697                    throws PortalException, SystemException {
698    
699                    // Owner permissions
700    
701                    Role ownerRole = roleLocalService.getRole(
702                            companyId, RoleConstants.OWNER);
703    
704                    List<String> ownerActionIds =
705                            ResourceActionsUtil.getModelResourceActions(resource.getName());
706    
707                    ownerActionIds = ListUtil.copy(ownerActionIds);
708    
709                    filterOwnerActions(resource.getName(), ownerActionIds);
710    
711                    String[] ownerPermissions = ownerActionIds.toArray(
712                            new String[ownerActionIds.size()]);
713    
714                    // Group permissions
715    
716                    Role defaultGroupRole = null;
717    
718                    if (groupId > 0) {
719                            defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
720    
721                            if (groupPermissions == null) {
722                                    groupPermissions = new String[0];
723                            }
724                    }
725    
726                    // Guest permissions
727    
728                    Role guestRole = roleLocalService.getRole(
729                            companyId, RoleConstants.GUEST);
730    
731                    if (guestPermissions == null) {
732                            guestPermissions = new String[0];
733                    }
734    
735                    if (resourceBlockLocalService.isSupported(resource.getName())) {
736    
737                            if (permissionedModel == null) {
738                                    throw new IllegalArgumentException(
739                                            "Permissioned model is null");
740                            }
741    
742                            // Scope is assumed to always be individual
743    
744                            resourceBlockLocalService.setIndividualScopePermissions(
745                                    resource.getCompanyId(), groupId, resource.getName(),
746                                    permissionedModel, ownerRole.getRoleId(), ownerActionIds);
747    
748                            if (groupId > 0) {
749                                    resourceBlockLocalService.setIndividualScopePermissions(
750                                            resource.getCompanyId(), groupId, resource.getName(),
751                                            permissionedModel, defaultGroupRole.getRoleId(),
752                                            Arrays.asList(groupPermissions));
753                            }
754    
755                            resourceBlockLocalService.setIndividualScopePermissions(
756                                    resource.getCompanyId(), groupId, resource.getName(),
757                                    permissionedModel, guestRole.getRoleId(),
758                                    Arrays.asList(guestPermissions));
759                    }
760                    else {
761                            resourcePermissionLocalService.setOwnerResourcePermissions(
762                                    resource.getCompanyId(), resource.getName(),
763                                    resource.getScope(), resource.getPrimKey(),
764                                    ownerRole.getRoleId(), userId, ownerPermissions);
765    
766                            if (groupId > 0) {
767                                    resourcePermissionLocalService.setResourcePermissions(
768                                            resource.getCompanyId(), resource.getName(),
769                                            resource.getScope(), resource.getPrimKey(),
770                                            defaultGroupRole.getRoleId(), groupPermissions);
771                            }
772    
773                            resourcePermissionLocalService.setResourcePermissions(
774                                    resource.getCompanyId(), resource.getName(),
775                                    resource.getScope(), resource.getPrimKey(),
776                                    guestRole.getRoleId(), guestPermissions);
777                    }
778            }
779    
780            protected Resource addResource_1to5(
781                            long companyId, String name, int scope, String primKey)
782                    throws SystemException {
783    
784                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
785                            companyId, name, scope);
786    
787                    long codeId = resourceCode.getCodeId();
788    
789                    Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
790    
791                    if (resource == null) {
792                            long resourceId = counterLocalService.increment(
793                                    Resource.class.getName());
794    
795                            resource = resourcePersistence.create(resourceId);
796    
797                            resource.setCodeId(codeId);
798                            resource.setPrimKey(primKey);
799    
800                            try {
801                                    resourcePersistence.update(resource, false);
802                            }
803                            catch (SystemException se) {
804                                    if (_log.isWarnEnabled()) {
805                                            _log.warn(
806                                                    "Add failed, fetch {codeId=" + codeId + ", primKey=" +
807                                                            primKey + "}");
808                                    }
809    
810                                    resource = resourcePersistence.fetchByC_P(
811                                            codeId, primKey, false);
812    
813                                    if (resource == null) {
814                                            throw se;
815                                    }
816                            }
817                    }
818    
819                    return resource;
820            }
821    
822            protected Resource addResource_6(
823                    long companyId, String name, int scope, String primKey) {
824    
825                    Resource resource = new ResourceImpl();
826    
827                    resource.setCompanyId(companyId);
828                    resource.setName(name);
829                    resource.setScope(scope);
830                    resource.setPrimKey(primKey);
831    
832                    return resource;
833            }
834    
835            protected void addResources(
836                            long companyId, long groupId, long userId, String name,
837                            String primKey, boolean portletActions, boolean addGroupPermissions,
838                            boolean addGuestPermissions, PermissionedModel permissionedModel)
839                    throws PortalException, SystemException {
840    
841                    if (!PermissionThreadLocal.isAddResource()) {
842                            return;
843                    }
844    
845                    validate(name, portletActions);
846    
847                    // Company
848    
849                    addResource(
850                            companyId, name, ResourceConstants.SCOPE_COMPANY,
851                            String.valueOf(companyId));
852    
853                    if (groupId > 0) {
854                            addResource(
855                                    companyId, name, ResourceConstants.SCOPE_GROUP,
856                                    String.valueOf(groupId));
857                    }
858    
859                    if (primKey == null) {
860                            return;
861                    }
862    
863                    // Individual
864    
865                    Resource resource = addResource(
866                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
867    
868                    // Permissions
869    
870                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
871    
872                    PermissionThreadLocal.setIndexEnabled(false);
873    
874                    List<ResourcePermission> resourcePermissions =
875                            resourcePermissionPersistence.findByC_N_S_P(
876                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
877    
878                    ResourcePermissionsThreadLocal.setResourcePermissions(
879                            resourcePermissions);
880    
881                    try {
882                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
883                                    addResources_6(
884                                            companyId, groupId, userId, resource, portletActions,
885                                            permissionedModel);
886                            }
887                            else {
888                                    addResources_1to5(
889                                            companyId, groupId, userId, resource, portletActions);
890                            }
891    
892                            // Group permissions
893    
894                            if ((groupId > 0) && addGroupPermissions) {
895                                    addGroupPermissions(
896                                            companyId, groupId, userId, name, resource, portletActions,
897                                            permissionedModel);
898                            }
899    
900                            // Guest permissions
901    
902                            if (addGuestPermissions) {
903    
904                                    // Don't add guest permissions when you've already added group
905                                    // permissions and the given group is the guest group.
906    
907                                    addGuestPermissions(
908                                            companyId, groupId, userId, name, resource, portletActions,
909                                            permissionedModel);
910                            }
911                    }
912                    finally {
913                            ResourcePermissionsThreadLocal.setResourcePermissions(null);
914    
915                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
916    
917                            PermissionCacheUtil.clearCache();
918    
919                            SearchEngineUtil.updatePermissionFields(name, primKey);
920                    }
921            }
922    
923            protected void addResources_1to5(
924                            long companyId, long groupId, long userId, Resource resource,
925                            boolean portletActions)
926                    throws PortalException, SystemException {
927    
928                    List<Permission> permissionsList =
929                            permissionLocalService.addPermissions(
930                                    companyId, resource.getName(), resource.getResourceId(),
931                                    portletActions);
932    
933                    PermissionsListFilter permissionsListFilter =
934                            PermissionsListFilterFactory.getInstance();
935    
936                    List<Permission> userPermissionsList =
937                            permissionsListFilter.filterUserPermissions(
938                                    companyId, groupId, userId, resource.getName(),
939                                    resource.getPrimKey(), portletActions, permissionsList);
940    
941                    filterOwnerPermissions(resource.getName(), userPermissionsList);
942    
943                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
944    
945                            // Owner permissions
946    
947                            Role ownerRole = roleLocalService.getRole(
948                                    companyId, RoleConstants.OWNER);
949    
950                            rolePersistence.addPermissions(
951                                    ownerRole.getRoleId(), userPermissionsList);
952                    }
953                    else {
954    
955                            // User permissions
956    
957                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
958    
959                            if ((userId > 0) && (userId != defaultUserId)) {
960                                    userPersistence.addPermissions(userId, userPermissionsList);
961                            }
962                    }
963            }
964    
965            protected void addResources_6(
966                            long companyId, long groupId, long userId, Resource resource,
967                            boolean portletActions, PermissionedModel permissionedModel)
968                    throws PortalException, SystemException {
969    
970                    List<String> actionIds = null;
971    
972                    if (portletActions) {
973                            actionIds = ResourceActionsUtil.getPortletResourceActions(
974                                    resource.getName());
975                    }
976                    else {
977                            actionIds = ResourceActionsUtil.getModelResourceActions(
978                                    resource.getName());
979    
980                            actionIds = ListUtil.copy(actionIds);
981    
982                            filterOwnerActions(resource.getName(), actionIds);
983                    }
984    
985                    Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
986    
987                    if (resourceBlockLocalService.isSupported(resource.getName())) {
988                            if (permissionedModel == null) {
989                                    throw new IllegalArgumentException(
990                                            "Permissioned model is null");
991                            }
992    
993                            // Scope is assumed to always be individual
994    
995                            resourceBlockLocalService.setIndividualScopePermissions(
996                                    resource.getCompanyId(), groupId, resource.getName(),
997                                    permissionedModel, role.getRoleId(), actionIds);
998                    }
999                    else {
1000                            resourcePermissionLocalService.setOwnerResourcePermissions(
1001                                    resource.getCompanyId(), resource.getName(),
1002                                    resource.getScope(), resource.getPrimKey(), role.getRoleId(),
1003                                    userId, actionIds.toArray(new String[actionIds.size()]));
1004                    }
1005            }
1006    
1007            protected void deleteResource(
1008                            long companyId, String name, int scope, String primKey,
1009                            PermissionedModel permissionedModel)
1010                    throws PortalException, SystemException {
1011    
1012                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1013                            if (resourceBlockLocalService.isSupported(name)) {
1014                                    if (permissionedModel == null) {
1015                                            throw new IllegalArgumentException(
1016                                                    "Permissioned model is null");
1017                                    }
1018    
1019                                    resourceBlockLocalService.releasePermissionedModelResourceBlock(
1020                                            permissionedModel);
1021    
1022                                    return;
1023                            }
1024                            else {
1025                                    resourcePermissionLocalService.deleteResourcePermissions(
1026                                            companyId, name, scope, primKey);
1027    
1028                                    return;
1029                            }
1030                    }
1031    
1032                    try {
1033                            Resource resource = getResource(companyId, name, scope, primKey);
1034    
1035                            deleteResource(resource.getResourceId());
1036                    }
1037                    catch (NoSuchResourceException nsre) {
1038                            if (_log.isWarnEnabled()) {
1039                                    _log.warn(nsre);
1040                            }
1041                    }
1042            }
1043    
1044            protected Resource fetchResource_1to5(
1045                            long companyId, String name, int scope, String primKey)
1046                    throws SystemException {
1047    
1048                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1049                            companyId, name, scope);
1050    
1051                    return resourcePersistence.fetchByC_P(
1052                            resourceCode.getCodeId(), primKey);
1053            }
1054    
1055            protected void filterOwnerActions(String name, List<String> actionIds) {
1056                    List<String> defaultOwnerActions =
1057                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1058    
1059                    if (defaultOwnerActions.isEmpty()) {
1060                            return;
1061                    }
1062    
1063                    Iterator<String> itr = actionIds.iterator();
1064    
1065                    while (itr.hasNext()) {
1066                            String actionId = itr.next();
1067    
1068                            if (!defaultOwnerActions.contains(actionId)) {
1069                                    itr.remove();
1070                            }
1071                    }
1072            }
1073    
1074            protected void filterOwnerPermissions(
1075                    String name, List<Permission> permissions) {
1076    
1077                    List<String> defaultOwnerActions =
1078                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1079    
1080                    if (defaultOwnerActions.isEmpty()) {
1081                            return;
1082                    }
1083    
1084                    Iterator<Permission> itr = permissions.iterator();
1085    
1086                    while (itr.hasNext()) {
1087                            Permission permission = itr.next();
1088    
1089                            String actionId = permission.getActionId();
1090    
1091                            if (!defaultOwnerActions.contains(actionId)) {
1092                                    itr.remove();
1093                            }
1094                    }
1095            }
1096    
1097            protected long getGroupId(AuditedModel auditedModel) {
1098                    long groupId = 0;
1099    
1100                    if (auditedModel instanceof GroupedModel) {
1101                            GroupedModel groupedModel = (GroupedModel)auditedModel;
1102    
1103                            groupId = groupedModel.getGroupId();
1104                    }
1105    
1106                    return groupId;
1107            }
1108    
1109            protected long getGuestGroupId(long companyId) throws NoSuchGroupException {
1110                    long guestGroupId = 0;
1111    
1112                    try {
1113                            Group guestGroup = groupLocalService.getGroup(
1114                                    companyId, GroupConstants.GUEST);
1115    
1116                            return guestGroup.getGroupId();
1117                    }
1118                    catch (Exception e) {
1119                            if (_log.isWarnEnabled()) {
1120                                    _log.warn(e.getMessage());
1121                            }
1122                    }
1123    
1124                    // LPS-27795
1125    
1126                    guestGroupId = getGuestGroupIdBySQL(companyId);
1127    
1128                    if (guestGroupId > 0) {
1129                            return guestGroupId;
1130                    }
1131    
1132                    StringBundler sb = new StringBundler(5);
1133    
1134                    sb.append("No Group exists with the key {companyId=");
1135                    sb.append(companyId);
1136                    sb.append(", name=");
1137                    sb.append(GroupConstants.GUEST);
1138                    sb.append("}");
1139    
1140                    throw new NoSuchGroupException(sb.toString());
1141            }
1142    
1143            protected long getGuestGroupIdBySQL(long companyId) {
1144                    Connection con = null;
1145                    PreparedStatement ps = null;
1146                    ResultSet rs = null;
1147    
1148                    try {
1149                            con = DataAccess.getConnection();
1150    
1151                            StringBundler sb = new StringBundler(5);
1152    
1153                            sb.append("select groupId from Group_ where companyId = ");
1154                            sb.append(companyId);
1155                            sb.append(" and name = '");
1156                            sb.append(GroupConstants.GUEST);
1157                            sb.append("'");
1158    
1159                            ps = con.prepareStatement(sb.toString());
1160    
1161                            rs = ps.executeQuery();
1162    
1163                            if (rs.next()) {
1164                                    return rs.getLong("groupId");
1165                            }
1166                    }
1167                    catch (SQLException sqle) {
1168                            _log.error(sqle, sqle);
1169                    }
1170                    finally {
1171                            DataAccess.cleanUp(con, ps, rs);
1172                    }
1173    
1174                    return 0;
1175            }
1176    
1177            protected PermissionedModel getPermissionedModel(
1178                    AuditedModel auditedModel) {
1179    
1180                    PermissionedModel permissionedModel = null;
1181    
1182                    if (auditedModel instanceof PermissionedModel) {
1183                            permissionedModel = (PermissionedModel)auditedModel;
1184                    }
1185    
1186                    return permissionedModel;
1187            }
1188    
1189            protected Resource getResource_1to5(
1190                            long companyId, String name, int scope, String primKey)
1191                    throws PortalException, SystemException {
1192    
1193                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1194                            companyId, name, scope);
1195    
1196                    return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1197            }
1198    
1199            protected Resource getResource_6(
1200                    long companyId, String name, int scope, String primKey) {
1201    
1202                    Resource resource = new ResourceImpl();
1203    
1204                    resource.setCompanyId(companyId);
1205                    resource.setName(name);
1206                    resource.setScope(scope);
1207                    resource.setPrimKey(primKey);
1208    
1209                    return resource;
1210            }
1211    
1212            protected void updateResources(
1213                            long companyId, long groupId, String name, String primKey,
1214                            String[] groupPermissions, String[] guestPermissions,
1215                            PermissionedModel permissionedModel)
1216                    throws PortalException, SystemException {
1217    
1218                    Resource resource = getResource(
1219                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1220    
1221                    if (groupPermissions == null) {
1222                            groupPermissions = new String[0];
1223                    }
1224    
1225                    if (guestPermissions == null) {
1226                            guestPermissions = new String[0];
1227                    }
1228    
1229                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1230                            if (resourceBlockLocalService.isSupported(name)) {
1231                                    updateResources_6Blocks(
1232                                            companyId, groupId, resource, groupPermissions,
1233                                            guestPermissions, permissionedModel);
1234                            }
1235                            else {
1236                                    updateResources_6(
1237                                            companyId, groupId, resource, groupPermissions,
1238                                            guestPermissions);
1239                            }
1240                    }
1241                    else {
1242                            updateResources_1to5(
1243                                    companyId, groupId, resource, groupPermissions,
1244                                    guestPermissions);
1245                    }
1246            }
1247    
1248            protected void updateResources_1to5(
1249                            long companyId, long groupId, Resource resource,
1250                            String[] groupPermissions, String[] guestPermissions)
1251                    throws PortalException, SystemException {
1252    
1253                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1254    
1255                    permissionLocalService.setRolePermissions(
1256                            role.getRoleId(), groupPermissions, resource.getResourceId());
1257    
1258                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1259    
1260                    permissionLocalService.setRolePermissions(
1261                            role.getRoleId(), guestPermissions, resource.getResourceId());
1262            }
1263    
1264            protected void updateResources_1to5(
1265                            long companyId, String name, int scope, String primKey,
1266                            String newPrimKey)
1267                    throws PortalException, SystemException {
1268    
1269                    Resource resource = getResource(companyId, name, scope, primKey);
1270    
1271                    resource.setPrimKey(newPrimKey);
1272    
1273                    resourcePersistence.update(resource, false);
1274            }
1275    
1276            protected void updateResources_6(
1277                            long companyId, long groupId, Resource resource,
1278                            String[] groupPermissions, String[] guestPermissions)
1279                    throws PortalException, SystemException {
1280    
1281                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1282    
1283                    resourcePermissionLocalService.setResourcePermissions(
1284                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1285                            resource.getPrimKey(), role.getRoleId(), groupPermissions);
1286    
1287                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1288    
1289                    resourcePermissionLocalService.setResourcePermissions(
1290                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1291                            resource.getPrimKey(), role.getRoleId(), guestPermissions);
1292            }
1293    
1294            protected void updateResources_6(
1295                            long companyId, String name, int scope, String primKey,
1296                            String newPrimKey)
1297                    throws SystemException {
1298    
1299                    List<ResourcePermission> resourcePermissions =
1300                            resourcePermissionLocalService.getResourcePermissions(
1301                                    companyId, name, scope, primKey);
1302    
1303                    for (ResourcePermission resourcePermission : resourcePermissions) {
1304                            resourcePermission.setPrimKey(newPrimKey);
1305    
1306                            resourcePermissionPersistence.update(resourcePermission, false);
1307                    }
1308            }
1309    
1310            protected void updateResources_6Blocks(
1311                            long companyId, long groupId, Resource resource,
1312                            String[] groupPermissions, String[] guestPermissions,
1313                            PermissionedModel permissionedModel)
1314                    throws PortalException, SystemException {
1315    
1316                    if (permissionedModel == null) {
1317                            throw new IllegalArgumentException("Permissioned model is null");
1318                    }
1319    
1320                    // Scope is assumed to always be individual
1321    
1322                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1323    
1324                    resourceBlockLocalService.setIndividualScopePermissions(
1325                            companyId, groupId, resource.getName(), permissionedModel,
1326                            role.getRoleId(), Arrays.asList(groupPermissions));
1327    
1328                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1329    
1330                    resourceBlockLocalService.setIndividualScopePermissions(
1331                            companyId, groupId, resource.getName(), permissionedModel,
1332                            role.getRoleId(), Arrays.asList(guestPermissions));
1333            }
1334    
1335            protected void validate(String name, boolean portletActions)
1336                    throws PortalException {
1337    
1338                    List<String> actions = null;
1339    
1340                    if (portletActions) {
1341                            actions = ResourceActionsUtil.getPortletResourceActions(name);
1342                    }
1343                    else {
1344                            actions = ResourceActionsUtil.getModelResourceActions(name);
1345                    }
1346    
1347                    if (actions.size() == 0) {
1348                            throw new ResourceActionsException(
1349                                    "There are no actions associated with the resource " + name);
1350                    }
1351            }
1352    
1353            private static Log _log = LogFactoryUtil.getLog(
1354                    ResourceLocalServiceImpl.class);
1355    
1356    }