001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.kernel.dao.db.DB;
018    import com.liferay.portal.kernel.dao.db.DBFactoryUtil;
019    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
020    import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
021    import com.liferay.portal.kernel.dao.orm.EntityCacheUtil;
022    import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
023    import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
024    import com.liferay.portal.kernel.log.Log;
025    import com.liferay.portal.kernel.log.LogFactoryUtil;
026    import com.liferay.portal.kernel.util.GetterUtil;
027    import com.liferay.portal.kernel.util.StringBundler;
028    import com.liferay.portal.kernel.util.StringPool;
029    import com.liferay.portal.model.Group;
030    import com.liferay.portal.model.Layout;
031    import com.liferay.portal.model.LayoutConstants;
032    import com.liferay.portal.model.Organization;
033    import com.liferay.portal.model.PortletConstants;
034    import com.liferay.portal.model.ResourceConstants;
035    import com.liferay.portal.model.ResourcePermission;
036    import com.liferay.portal.model.Role;
037    import com.liferay.portal.model.RoleConstants;
038    import com.liferay.portal.model.User;
039    import com.liferay.portal.model.UserGroup;
040    import com.liferay.portal.security.permission.ActionKeys;
041    import com.liferay.portal.security.permission.PermissionCacheUtil;
042    import com.liferay.portal.security.permission.ResourceActionsUtil;
043    import com.liferay.portal.service.LayoutLocalServiceUtil;
044    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
045    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
046    import com.liferay.portal.service.RoleLocalServiceUtil;
047    import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
048    import com.liferay.portal.util.PortalInstances;
049    import com.liferay.portal.util.PortalUtil;
050    
051    import java.util.ArrayList;
052    import java.util.List;
053    
054    /**
055     * @author Tobias Kaefer
056     * @author Douglas Wong
057     * @author Matthew Kong
058     * @author Raymond Aug??
059     */
060    public class VerifyPermission extends VerifyProcess {
061    
062            protected void checkPermissions() throws Exception {
063                    List<String> modelNames = ResourceActionsUtil.getModelNames();
064    
065                    for (String modelName : modelNames) {
066                            List<String> actionIds =
067                                    ResourceActionsUtil.getModelResourceActions(modelName);
068    
069                                    ResourceActionLocalServiceUtil.checkResourceActions(
070                                            modelName, actionIds, true);
071                    }
072    
073                    List<String> portletNames = ResourceActionsUtil.getPortletNames();
074    
075                    for (String portletName : portletNames) {
076                            List<String> actionIds =
077                                    ResourceActionsUtil.getPortletResourceActions(portletName);
078    
079                            ResourceActionLocalServiceUtil.checkResourceActions(
080                                    portletName, actionIds, true);
081                    }
082            }
083    
084            protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
085                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
086    
087                    for (long companyId : companyIds) {
088                            try {
089                                    deleteDefaultPrivateLayoutPermissions_6(companyId);
090                            }
091                            catch (Exception e) {
092                                    if (_log.isDebugEnabled()) {
093                                            _log.debug(e, e);
094                                    }
095                            }
096                    }
097            }
098    
099            protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
100                    throws Exception {
101    
102                    Role role = RoleLocalServiceUtil.getRole(
103                            companyId, RoleConstants.GUEST);
104    
105                    List<ResourcePermission> resourcePermissions =
106                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
107                                    role.getRoleId());
108    
109                    for (ResourcePermission resourcePermission : resourcePermissions) {
110                            if (isPrivateLayout(
111                                            resourcePermission.getName(),
112                                            resourcePermission.getPrimKey())) {
113    
114                                    ResourcePermissionLocalServiceUtil.deleteResourcePermission(
115                                            resourcePermission.getResourcePermissionId());
116                            }
117                    }
118            }
119    
120            @Override
121            protected void doVerify() throws Exception {
122                    deleteDefaultPrivateLayoutPermissions();
123    
124                    checkPermissions();
125                    fixOrganizationRolePermissions();
126                    fixUserDefaultRolePermissions();
127            }
128    
129            protected void fixOrganizationRolePermissions() throws Exception {
130                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
131                            ResourcePermission.class);
132    
133                    dynamicQuery.add(
134                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
135    
136                    List<ResourcePermission> resourcePermissions =
137                            ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
138    
139                    for (ResourcePermission resourcePermission : resourcePermissions) {
140                            ResourcePermission groupResourcePermission = null;
141    
142                            try {
143                                    groupResourcePermission =
144                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
145                                                    resourcePermission.getCompanyId(),
146                                                    Group.class.getName(), resourcePermission.getScope(),
147                                                    resourcePermission.getPrimKey(),
148                                                    resourcePermission.getRoleId());
149                            }
150                            catch (Exception e) {
151                                    ResourcePermissionLocalServiceUtil.setResourcePermissions(
152                                            resourcePermission.getCompanyId(), Group.class.getName(),
153                                            resourcePermission.getScope(),
154                                            resourcePermission.getPrimKey(),
155                                            resourcePermission.getRoleId(),
156                                            ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
157    
158                                    groupResourcePermission =
159                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
160                                                    resourcePermission.getCompanyId(),
161                                                    Group.class.getName(), resourcePermission.getScope(),
162                                                    resourcePermission.getPrimKey(),
163                                                    resourcePermission.getRoleId());
164                            }
165    
166                            for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
167                                    if (resourcePermission.hasActionId(actionId)) {
168                                            resourcePermission.removeResourceAction(actionId);
169    
170                                            groupResourcePermission.addResourceAction(actionId);
171                                    }
172                            }
173    
174                            try {
175                                    resourcePermission.resetOriginalValues();
176    
177                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
178                                            resourcePermission);
179    
180                                    groupResourcePermission.resetOriginalValues();
181    
182                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
183                                            groupResourcePermission);
184                            }
185                            catch (Exception e) {
186                                    _log.error(e, e);
187                            }
188                    }
189    
190                    PermissionCacheUtil.clearCache();
191            }
192    
193            protected void fixUserDefaultRolePermissions() throws Exception {
194                    long userClassNameId = PortalUtil.getClassNameId(User.class);
195                    long userGroupClassNameId = PortalUtil.getClassNameId(UserGroup.class);
196    
197                    DB db = DBFactoryUtil.getDB();
198    
199                    String dbType = db.getType();
200    
201                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
202    
203                    for (long companyId : companyIds) {
204                            Role powerUserRole = RoleLocalServiceUtil.getRole(
205                                    companyId, RoleConstants.POWER_USER);
206                            Role userRole = RoleLocalServiceUtil.getRole(
207                                    companyId, RoleConstants.USER);
208    
209                            StringBundler joinSB = new StringBundler(22);
210    
211                            joinSB.append("ResourcePermission resourcePermission1 left outer ");
212                            joinSB.append("join ResourcePermission resourcePermission2 on ");
213                            joinSB.append("resourcePermission1.companyId = ");
214                            joinSB.append("resourcePermission2.companyId and ");
215                            joinSB.append("resourcePermission1.name = ");
216                            joinSB.append("resourcePermission2.name and ");
217                            joinSB.append("resourcePermission1.primKey = ");
218                            joinSB.append("resourcePermission2.primKey and ");
219                            joinSB.append("resourcePermission1.scope = ");
220                            joinSB.append("resourcePermission2.scope and ");
221                            joinSB.append("resourcePermission2.roleId = ");
222                            joinSB.append(userRole.getRoleId());
223                            joinSB.append(" inner join Layout on ");
224                            joinSB.append("resourcePermission1.companyId = Layout.companyId ");
225                            joinSB.append("and resourcePermission1.primKey like ");
226                            joinSB.append("replace('[$PLID$]");
227                            joinSB.append(PortletConstants.LAYOUT_SEPARATOR);
228                            joinSB.append("%', '[$PLID$]', cast_text(Layout.plid)) inner ");
229                            joinSB.append("join Group_ on Layout.groupId = ");
230                            joinSB.append("Group_.groupId and Layout.type_ = '");
231                            joinSB.append(LayoutConstants.TYPE_PORTLET);
232                            joinSB.append(StringPool.APOSTROPHE);
233    
234                            StringBundler whereSB = new StringBundler(12);
235    
236                            whereSB.append("where resourcePermission1.scope = ");
237                            whereSB.append(ResourceConstants.SCOPE_INDIVIDUAL);
238                            whereSB.append(" and resourcePermission1.primKey like '%");
239                            whereSB.append(PortletConstants.LAYOUT_SEPARATOR);
240                            whereSB.append("%' and resourcePermission1.roleId = ");
241                            whereSB.append(powerUserRole.getRoleId());
242                            whereSB.append(" and resourcePermission2.roleId is null and ");
243                            whereSB.append("(Group_.classNameId = ");
244                            whereSB.append(userClassNameId);
245                            whereSB.append(" or Group_.classNameId = ");
246                            whereSB.append(userGroupClassNameId);
247                            whereSB.append(StringPool.CLOSE_PARENTHESIS);
248    
249                            StringBundler sb = new StringBundler(8);
250    
251                            if (dbType.equals(DB.TYPE_MYSQL)) {
252                                    sb.append("update ");
253                                    sb.append(joinSB.toString());
254                                    sb.append(" set resourcePermission1.roleId = ");
255                                    sb.append(userRole.getRoleId());
256                                    sb.append(StringPool.SPACE);
257                                    sb.append(whereSB.toString());
258                            }
259                            else {
260                                    sb.append("update ResourcePermission set roleId = ");
261                                    sb.append(userRole.getRoleId());
262                                    sb.append(" where resourcePermissionId in (select ");
263                                    sb.append("resourcePermission1.resourcePermissionId from ");
264                                    sb.append(joinSB.toString());
265                                    sb.append(StringPool.SPACE);
266                                    sb.append(whereSB.toString());
267                                    sb.append(StringPool.CLOSE_PARENTHESIS);
268                            }
269    
270                            runSQL(sb.toString());
271                    }
272    
273                    EntityCacheUtil.clearCache();
274                    FinderCacheUtil.clearCache();
275            }
276    
277            protected boolean isPrivateLayout(String name, String primKey)
278                    throws Exception {
279    
280                    if (!name.equals(Layout.class.getName())) {
281                            return false;
282                    }
283    
284                    long plid = GetterUtil.getLong(primKey);
285    
286                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
287    
288                    if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
289                            return false;
290                    }
291    
292                    return true;
293            }
294    
295            private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
296                    new ArrayList<String>();
297    
298            private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
299    
300            static {
301                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
302                            ActionKeys.MANAGE_ARCHIVED_SETUPS);
303                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
304                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
305                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
306                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
307                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
308                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
309            }
310    
311    }