001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.db.DB;
018 import com.liferay.portal.kernel.dao.db.DBFactoryUtil;
019 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
020 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
021 import com.liferay.portal.kernel.dao.orm.EntityCacheUtil;
022 import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
023 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
024 import com.liferay.portal.kernel.log.Log;
025 import com.liferay.portal.kernel.log.LogFactoryUtil;
026 import com.liferay.portal.kernel.util.GetterUtil;
027 import com.liferay.portal.kernel.util.StringBundler;
028 import com.liferay.portal.kernel.util.StringPool;
029 import com.liferay.portal.model.Group;
030 import com.liferay.portal.model.Layout;
031 import com.liferay.portal.model.LayoutConstants;
032 import com.liferay.portal.model.Organization;
033 import com.liferay.portal.model.PortletConstants;
034 import com.liferay.portal.model.ResourceConstants;
035 import com.liferay.portal.model.ResourcePermission;
036 import com.liferay.portal.model.Role;
037 import com.liferay.portal.model.RoleConstants;
038 import com.liferay.portal.model.User;
039 import com.liferay.portal.model.UserGroup;
040 import com.liferay.portal.security.permission.ActionKeys;
041 import com.liferay.portal.security.permission.PermissionCacheUtil;
042 import com.liferay.portal.security.permission.ResourceActionsUtil;
043 import com.liferay.portal.service.LayoutLocalServiceUtil;
044 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
045 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
046 import com.liferay.portal.service.RoleLocalServiceUtil;
047 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
048 import com.liferay.portal.util.PortalInstances;
049 import com.liferay.portal.util.PortalUtil;
050
051 import java.util.ArrayList;
052 import java.util.List;
053
054
060 public class VerifyPermission extends VerifyProcess {
061
062 protected void checkPermissions() throws Exception {
063 List<String> modelNames = ResourceActionsUtil.getModelNames();
064
065 for (String modelName : modelNames) {
066 List<String> actionIds =
067 ResourceActionsUtil.getModelResourceActions(modelName);
068
069 ResourceActionLocalServiceUtil.checkResourceActions(
070 modelName, actionIds, true);
071 }
072
073 List<String> portletNames = ResourceActionsUtil.getPortletNames();
074
075 for (String portletName : portletNames) {
076 List<String> actionIds =
077 ResourceActionsUtil.getPortletResourceActions(portletName);
078
079 ResourceActionLocalServiceUtil.checkResourceActions(
080 portletName, actionIds, true);
081 }
082 }
083
084 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
085 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
086
087 for (long companyId : companyIds) {
088 try {
089 deleteDefaultPrivateLayoutPermissions_6(companyId);
090 }
091 catch (Exception e) {
092 if (_log.isDebugEnabled()) {
093 _log.debug(e, e);
094 }
095 }
096 }
097 }
098
099 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
100 throws Exception {
101
102 Role role = RoleLocalServiceUtil.getRole(
103 companyId, RoleConstants.GUEST);
104
105 List<ResourcePermission> resourcePermissions =
106 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
107 role.getRoleId());
108
109 for (ResourcePermission resourcePermission : resourcePermissions) {
110 if (isPrivateLayout(
111 resourcePermission.getName(),
112 resourcePermission.getPrimKey())) {
113
114 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
115 resourcePermission.getResourcePermissionId());
116 }
117 }
118 }
119
120 @Override
121 protected void doVerify() throws Exception {
122 deleteDefaultPrivateLayoutPermissions();
123
124 checkPermissions();
125 fixOrganizationRolePermissions();
126 fixUserDefaultRolePermissions();
127 }
128
129 protected void fixOrganizationRolePermissions() throws Exception {
130 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
131 ResourcePermission.class);
132
133 dynamicQuery.add(
134 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
135
136 List<ResourcePermission> resourcePermissions =
137 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
138
139 for (ResourcePermission resourcePermission : resourcePermissions) {
140 ResourcePermission groupResourcePermission = null;
141
142 try {
143 groupResourcePermission =
144 ResourcePermissionLocalServiceUtil.getResourcePermission(
145 resourcePermission.getCompanyId(),
146 Group.class.getName(), resourcePermission.getScope(),
147 resourcePermission.getPrimKey(),
148 resourcePermission.getRoleId());
149 }
150 catch (Exception e) {
151 ResourcePermissionLocalServiceUtil.setResourcePermissions(
152 resourcePermission.getCompanyId(), Group.class.getName(),
153 resourcePermission.getScope(),
154 resourcePermission.getPrimKey(),
155 resourcePermission.getRoleId(),
156 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
157
158 groupResourcePermission =
159 ResourcePermissionLocalServiceUtil.getResourcePermission(
160 resourcePermission.getCompanyId(),
161 Group.class.getName(), resourcePermission.getScope(),
162 resourcePermission.getPrimKey(),
163 resourcePermission.getRoleId());
164 }
165
166 for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
167 if (resourcePermission.hasActionId(actionId)) {
168 resourcePermission.removeResourceAction(actionId);
169
170 groupResourcePermission.addResourceAction(actionId);
171 }
172 }
173
174 try {
175 resourcePermission.resetOriginalValues();
176
177 ResourcePermissionLocalServiceUtil.updateResourcePermission(
178 resourcePermission);
179
180 groupResourcePermission.resetOriginalValues();
181
182 ResourcePermissionLocalServiceUtil.updateResourcePermission(
183 groupResourcePermission);
184 }
185 catch (Exception e) {
186 _log.error(e, e);
187 }
188 }
189
190 PermissionCacheUtil.clearCache();
191 }
192
193 protected void fixUserDefaultRolePermissions() throws Exception {
194 long userClassNameId = PortalUtil.getClassNameId(User.class);
195 long userGroupClassNameId = PortalUtil.getClassNameId(UserGroup.class);
196
197 DB db = DBFactoryUtil.getDB();
198
199 String dbType = db.getType();
200
201 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
202
203 for (long companyId : companyIds) {
204 Role powerUserRole = RoleLocalServiceUtil.getRole(
205 companyId, RoleConstants.POWER_USER);
206 Role userRole = RoleLocalServiceUtil.getRole(
207 companyId, RoleConstants.USER);
208
209 StringBundler joinSB = new StringBundler(22);
210
211 joinSB.append("ResourcePermission resourcePermission1 left outer ");
212 joinSB.append("join ResourcePermission resourcePermission2 on ");
213 joinSB.append("resourcePermission1.companyId = ");
214 joinSB.append("resourcePermission2.companyId and ");
215 joinSB.append("resourcePermission1.name = ");
216 joinSB.append("resourcePermission2.name and ");
217 joinSB.append("resourcePermission1.primKey = ");
218 joinSB.append("resourcePermission2.primKey and ");
219 joinSB.append("resourcePermission1.scope = ");
220 joinSB.append("resourcePermission2.scope and ");
221 joinSB.append("resourcePermission2.roleId = ");
222 joinSB.append(userRole.getRoleId());
223 joinSB.append(" inner join Layout on ");
224 joinSB.append("resourcePermission1.companyId = Layout.companyId ");
225 joinSB.append("and resourcePermission1.primKey like ");
226 joinSB.append("replace('[$PLID$]");
227 joinSB.append(PortletConstants.LAYOUT_SEPARATOR);
228 joinSB.append("%', '[$PLID$]', cast_text(Layout.plid)) inner ");
229 joinSB.append("join Group_ on Layout.groupId = ");
230 joinSB.append("Group_.groupId and Layout.type_ = '");
231 joinSB.append(LayoutConstants.TYPE_PORTLET);
232 joinSB.append(StringPool.APOSTROPHE);
233
234 StringBundler whereSB = new StringBundler(12);
235
236 whereSB.append("where resourcePermission1.scope = ");
237 whereSB.append(ResourceConstants.SCOPE_INDIVIDUAL);
238 whereSB.append(" and resourcePermission1.primKey like '%");
239 whereSB.append(PortletConstants.LAYOUT_SEPARATOR);
240 whereSB.append("%' and resourcePermission1.roleId = ");
241 whereSB.append(powerUserRole.getRoleId());
242 whereSB.append(" and resourcePermission2.roleId is null and ");
243 whereSB.append("(Group_.classNameId = ");
244 whereSB.append(userClassNameId);
245 whereSB.append(" or Group_.classNameId = ");
246 whereSB.append(userGroupClassNameId);
247 whereSB.append(StringPool.CLOSE_PARENTHESIS);
248
249 StringBundler sb = new StringBundler(8);
250
251 if (dbType.equals(DB.TYPE_MYSQL)) {
252 sb.append("update ");
253 sb.append(joinSB.toString());
254 sb.append(" set resourcePermission1.roleId = ");
255 sb.append(userRole.getRoleId());
256 sb.append(StringPool.SPACE);
257 sb.append(whereSB.toString());
258 }
259 else {
260 sb.append("update ResourcePermission set roleId = ");
261 sb.append(userRole.getRoleId());
262 sb.append(" where resourcePermissionId in (select ");
263 sb.append("resourcePermission1.resourcePermissionId from ");
264 sb.append(joinSB.toString());
265 sb.append(StringPool.SPACE);
266 sb.append(whereSB.toString());
267 sb.append(StringPool.CLOSE_PARENTHESIS);
268 }
269
270 runSQL(sb.toString());
271 }
272
273 EntityCacheUtil.clearCache();
274 FinderCacheUtil.clearCache();
275 }
276
277 protected boolean isPrivateLayout(String name, String primKey)
278 throws Exception {
279
280 if (!name.equals(Layout.class.getName())) {
281 return false;
282 }
283
284 long plid = GetterUtil.getLong(primKey);
285
286 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
287
288 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
289 return false;
290 }
291
292 return true;
293 }
294
295 private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
296 new ArrayList<String>();
297
298 private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
299
300 static {
301 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
302 ActionKeys.MANAGE_ARCHIVED_SETUPS);
303 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
304 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
305 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
306 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
307 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
308 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
309 }
310
311 }