001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.OrderByComparator;
020    import com.liferay.portal.model.Group;
021    import com.liferay.portal.model.Role;
022    import com.liferay.portal.model.RoleConstants;
023    import com.liferay.portal.model.User;
024    import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil;
025    import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil;
026    import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil;
027    import com.liferay.portal.security.permission.ActionKeys;
028    import com.liferay.portal.service.ServiceContext;
029    import com.liferay.portal.service.base.RoleServiceBaseImpl;
030    import com.liferay.portal.service.permission.PortalPermissionUtil;
031    import com.liferay.portal.service.permission.RolePermissionUtil;
032    import com.liferay.portal.service.permission.UserPermissionUtil;
033    import com.liferay.portlet.expando.model.ExpandoBridge;
034    
035    import java.io.Serializable;
036    
037    import java.util.ArrayList;
038    import java.util.LinkedHashMap;
039    import java.util.List;
040    import java.util.Locale;
041    import java.util.Map;
042    
043    /**
044     * Provides the remote service for accessing, adding, unassigning, checking,
045     * deleting, and updating roles. Its methods include permission checks.
046     *
047     * @author Brian Wing Shun Chan
048     */
049    public class RoleServiceImpl extends RoleServiceBaseImpl {
050    
051            /**
052             * Adds a role. The user is reindexed after role is added.
053             *
054             * @param  className the name of the class for which the role is created
055             * @param  classPK the primary key of the class for which the role is
056             *         created (optionally <code>0</code>)
057             * @param  name the role's name
058             * @param  titleMap the role's localized titles (optionally
059             *         <code>null</code>)
060             * @param  descriptionMap the role's localized descriptions (optionally
061             *         <code>null</code>)
062             * @param  type the role's type (optionally <code>0</code>)
063             * @param  subtype the role's subtype (optionally <code>null</code>)
064             * @param  serviceContext the service context to be applied (optionally
065             *         <code>null</code>). Can set the expando bridge attributes for the
066             *         role.
067             * @return the role
068             * @throws PortalException if a user with the primary key could not be
069             *         found, if the user did not have permission to add roles, if the
070             *         class name or the role name were invalid, or if the role is a
071             *         duplicate
072             * @throws SystemException if a system exception occurred
073             */
074            @Override
075            public Role addRole(
076                            String className, long classPK, String name,
077                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
078                            int type, String subtype, ServiceContext serviceContext)
079                    throws PortalException, SystemException {
080    
081                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
082    
083                    User user = getUser();
084    
085                    Role role = roleLocalService.addRole(
086                            user.getUserId(), className, classPK, name, titleMap,
087                            descriptionMap, type, subtype, serviceContext);
088    
089                    if (type == RoleConstants.TYPE_ORGANIZATION) {
090                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
091                    }
092                    else if (type == RoleConstants.TYPE_SITE) {
093                            SiteMembershipPolicyUtil.verifyPolicy(role);
094                    }
095                    else {
096                            RoleMembershipPolicyUtil.verifyPolicy(role);
097                    }
098    
099                    return role;
100            }
101    
102            /**
103             * Adds a role. The user is reindexed after role is added.
104             *
105             * @param      name the role's name
106             * @param      titleMap the role's localized titles (optionally
107             *             <code>null</code>)
108             * @param      descriptionMap the role's localized descriptions (optionally
109             *             <code>null</code>)
110             * @param      type the role's type (optionally <code>0</code>)
111             * @return     the role
112             * @throws     PortalException if a user with the primary key could not be
113             *             found, if the user did not have permission to add roles, if
114             *             the class name or the role name were invalid, or if the role
115             *             is a duplicate
116             * @throws     SystemException if a system exception occurred
117             * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long,
118             *             String, Map, Map, int, String, ServiceContext)}
119             */
120            @Override
121            public Role addRole(
122                            String name, Map<Locale, String> titleMap,
123                            Map<Locale, String> descriptionMap, int type)
124                    throws PortalException, SystemException {
125    
126                    return addRole(
127                            null, 0, name, titleMap, descriptionMap, type, null, null);
128            }
129    
130            /**
131             * Adds the roles to the user. The user is reindexed after the roles are
132             * added.
133             *
134             * @param  userId the primary key of the user
135             * @param  roleIds the primary keys of the roles
136             * @throws PortalException if a user with the primary key could not be found
137             *         or if the user did not have permission to assign members to one
138             *         of the roles
139             * @throws SystemException if a system exception occurred
140             */
141            @Override
142            public void addUserRoles(long userId, long[] roleIds)
143                    throws PortalException, SystemException {
144    
145                    if (roleIds.length == 0) {
146                            return;
147                    }
148    
149                    checkUserRolesPermission(userId, roleIds);
150    
151                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
152    
153                    roleLocalService.addUserRoles(userId, roleIds);
154    
155                    RoleMembershipPolicyUtil.propagateRoles(
156                            new long[] {userId}, roleIds, null);
157            }
158    
159            /**
160             * Deletes the role with the primary key and its associated permissions.
161             *
162             * @param  roleId the primary key of the role
163             * @throws PortalException if the user did not have permission to delete the
164             *         role, if a role with the primary key could not be found, if the
165             *         role is a default system role, or if the role's resource could
166             *         not be found
167             * @throws SystemException if a system exception occurred
168             */
169            @Override
170            public void deleteRole(long roleId)
171                    throws PortalException, SystemException {
172    
173                    RolePermissionUtil.check(
174                            getPermissionChecker(), roleId, ActionKeys.DELETE);
175    
176                    roleLocalService.deleteRole(roleId);
177            }
178    
179            /**
180             * Returns all the roles associated with the group.
181             *
182             * @param  groupId the primary key of the group
183             * @return the roles associated with the group
184             * @throws PortalException if a portal exception occurred
185             * @throws SystemException if a system exception occurred
186             */
187            @Override
188            public List<Role> getGroupRoles(long groupId)
189                    throws PortalException, SystemException {
190    
191                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
192    
193                    return filterRoles(roles);
194            }
195    
196            @Override
197            public List<Role> getGroupRolesAndTeamRoles(
198                            long companyId, String keywords, List<String> excludedNames,
199                            int[] types, long excludedTeamRoleId, long teamGroupId, int start,
200                            int end)
201                    throws SystemException {
202    
203                    return roleFinder.filterFindByGroupRoleAndTeamRole(
204                            companyId, keywords, excludedNames, types, excludedTeamRoleId,
205                            teamGroupId, start, end);
206            }
207    
208            @Override
209            public int getGroupRolesAndTeamRolesCount(
210                            long companyId, String keywords, List<String> excludedNames,
211                            int[] types, long excludedTeamRoleId, long teamGroupId)
212                    throws SystemException {
213    
214                    return roleFinder.filterCountByGroupRoleAndTeamRole(
215                            companyId, keywords, excludedNames, types, excludedTeamRoleId,
216                            teamGroupId);
217            }
218    
219            /**
220             * Returns the role with the primary key.
221             *
222             * @param  roleId the primary key of the role
223             * @return the role with the primary key
224             * @throws PortalException if a role with the primary key could not be found
225             *         or if the user did not have permission to view the role
226             * @throws SystemException if a system exception occurred
227             */
228            @Override
229            public Role getRole(long roleId) throws PortalException, SystemException {
230                    RolePermissionUtil.check(
231                            getPermissionChecker(), roleId, ActionKeys.VIEW);
232    
233                    return roleLocalService.getRole(roleId);
234            }
235    
236            /**
237             * Returns the role with the name in the company.
238             *
239             * <p>
240             * The method searches the system roles map first for default roles. If a
241             * role with the name is not found, then the method will query the database.
242             * </p>
243             *
244             * @param  companyId the primary key of the company
245             * @param  name the role's name
246             * @return the role with the name
247             * @throws PortalException if a role with the name could not be found in the
248             *         company or if the user did not have permission to view the role
249             * @throws SystemException if a system exception occurred
250             */
251            @Override
252            public Role getRole(long companyId, String name)
253                    throws PortalException, SystemException {
254    
255                    Role role = roleLocalService.getRole(companyId, name);
256    
257                    RolePermissionUtil.check(
258                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
259    
260                    return role;
261            }
262    
263            /**
264             * Returns all the user's roles within the user group.
265             *
266             * @param  userId the primary key of the user
267             * @param  groupId the primary key of the group
268             * @return the user's roles within the user group
269             * @throws PortalException if a portal exception occurred
270             * @throws SystemException if a system exception occurred
271             */
272            @Override
273            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
274                    throws PortalException, SystemException {
275    
276                    UserPermissionUtil.check(
277                            getPermissionChecker(), userId, ActionKeys.VIEW);
278    
279                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
280                            userId, groupId);
281    
282                    return filterRoles(roles);
283            }
284    
285            /**
286             * Returns all the user's roles within the user group.
287             *
288             * @param  userId the primary key of the user
289             * @param  groupId the primary key of the group
290             * @return the user's roles within the user group
291             * @throws PortalException if a portal exception occurred
292             * @throws SystemException if a system exception occurred
293             */
294            @Override
295            public List<Role> getUserGroupRoles(long userId, long groupId)
296                    throws PortalException, SystemException {
297    
298                    UserPermissionUtil.check(
299                            getPermissionChecker(), userId, ActionKeys.VIEW);
300    
301                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
302    
303                    return filterRoles(roles);
304            }
305    
306            /**
307             * Returns the union of all the user's roles within the groups.
308             *
309             * @param  userId the primary key of the user
310             * @param  groups the groups (optionally <code>null</code>)
311             * @return the union of all the user's roles within the groups
312             * @throws PortalException if a portal exception occurred
313             * @throws SystemException if a system exception occurred
314             */
315            @Override
316            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
317                    throws PortalException, SystemException {
318    
319                    UserPermissionUtil.check(
320                            getPermissionChecker(), userId, ActionKeys.VIEW);
321    
322                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
323    
324                    return filterRoles(roles);
325            }
326    
327            /**
328             * Returns all the roles associated with the user.
329             *
330             * @param  userId the primary key of the user
331             * @return the roles associated with the user
332             * @throws PortalException if a portal exception occurred
333             * @throws SystemException if a system exception occurred
334             */
335            @Override
336            public List<Role> getUserRoles(long userId)
337                    throws PortalException, SystemException {
338    
339                    UserPermissionUtil.check(
340                            getPermissionChecker(), userId, ActionKeys.VIEW);
341    
342                    List<Role> roles = roleLocalService.getUserRoles(userId);
343    
344                    return filterRoles(roles);
345            }
346    
347            /**
348             * Returns <code>true</code> if the user is associated with the named
349             * regular role.
350             *
351             * @param  userId the primary key of the user
352             * @param  companyId the primary key of the company
353             * @param  name the name of the role
354             * @param  inherited whether to include the user's inherited roles in the
355             *         search
356             * @return <code>true</code> if the user is associated with the regular
357             *         role; <code>false</code> otherwise
358             * @throws PortalException if a role with the name could not be found in the
359             *         company or if a default user for the company could not be found
360             * @throws SystemException if a system exception occurred
361             */
362            @Override
363            public boolean hasUserRole(
364                            long userId, long companyId, String name, boolean inherited)
365                    throws PortalException, SystemException {
366    
367                    UserPermissionUtil.check(
368                            getPermissionChecker(), userId, ActionKeys.VIEW);
369    
370                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
371            }
372    
373            /**
374             * Returns <code>true</code> if the user has any one of the named regular
375             * roles.
376             *
377             * @param  userId the primary key of the user
378             * @param  companyId the primary key of the company
379             * @param  names the names of the roles
380             * @param  inherited whether to include the user's inherited roles in the
381             *         search
382             * @return <code>true</code> if the user has any one of the regular roles;
383             *         <code>false</code> otherwise
384             * @throws PortalException if any one of the roles with the names could not
385             *         be found in the company or if the default user for the company
386             *         could not be found
387             * @throws SystemException if a system exception occurred
388             */
389            @Override
390            public boolean hasUserRoles(
391                            long userId, long companyId, String[] names, boolean inherited)
392                    throws PortalException, SystemException {
393    
394                    UserPermissionUtil.check(
395                            getPermissionChecker(), userId, ActionKeys.VIEW);
396    
397                    return roleLocalService.hasUserRoles(
398                            userId, companyId, names, inherited);
399            }
400    
401            @Override
402            public List<Role> search(
403                            long companyId, String keywords, Integer[] types,
404                            LinkedHashMap<String, Object> params, int start, int end,
405                            OrderByComparator obc)
406                    throws SystemException {
407    
408                    return roleFinder.filterFindByKeywords(
409                            companyId, keywords, types, params, start, end, obc);
410            }
411    
412            @Override
413            public int searchCount(
414                            long companyId, String keywords, Integer[] types,
415                            LinkedHashMap<String, Object> params)
416                    throws SystemException {
417    
418                    return roleFinder.filterCountByKeywords(
419                            companyId, keywords, types, params);
420            }
421    
422            /**
423             * Removes the matching roles associated with the user. The user is
424             * reindexed after the roles are removed.
425             *
426             * @param  userId the primary key of the user
427             * @param  roleIds the primary keys of the roles
428             * @throws PortalException if a user with the primary key could not be
429             *         found, if the user did not have permission to remove members from
430             *         a role, or if a role with any one of the primary keys could not
431             *         be found
432             * @throws SystemException if a system exception occurred
433             */
434            @Override
435            public void unsetUserRoles(long userId, long[] roleIds)
436                    throws PortalException, SystemException {
437    
438                    if (roleIds.length == 0) {
439                            return;
440                    }
441    
442                    checkUserRolesPermission(userId, roleIds);
443    
444                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
445    
446                    roleLocalService.unsetUserRoles(userId, roleIds);
447    
448                    RoleMembershipPolicyUtil.propagateRoles(
449                            new long[] {userId}, null, roleIds);
450            }
451    
452            /**
453             * Updates the role with the primary key.
454             *
455             * @param  roleId the primary key of the role
456             * @param  name the role's new name
457             * @param  titleMap the new localized titles (optionally <code>null</code>)
458             *         to replace those existing for the role
459             * @param  descriptionMap the new localized descriptions (optionally
460             *         <code>null</code>) to replace those existing for the role
461             * @param  subtype the role's new subtype (optionally <code>null</code>)
462             * @param  serviceContext the service context to be applied (optionally
463             *         <code>null</code>). Can set the expando bridge attributes for the
464             *         role.
465             * @return the role with the primary key
466             * @throws PortalException if the user did not have permission to update the
467             *         role, if a role with the primary could not be found, or if the
468             *         role's name was invalid
469             * @throws SystemException if a system exception occurred
470             */
471            @Override
472            public Role updateRole(
473                            long roleId, String name, Map<Locale, String> titleMap,
474                            Map<Locale, String> descriptionMap, String subtype,
475                            ServiceContext serviceContext)
476                    throws PortalException, SystemException {
477    
478                    RolePermissionUtil.check(
479                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
480    
481                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
482    
483                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
484    
485                    Map<String, Serializable> oldExpandoAttributes =
486                            oldExpandoBridge.getAttributes();
487    
488                    Role role = roleLocalService.updateRole(
489                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
490    
491                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
492                            OrganizationMembershipPolicyUtil.verifyPolicy(
493                                    role, oldRole, oldExpandoAttributes);
494                    }
495                    else if (role.getType() == RoleConstants.TYPE_SITE) {
496                            SiteMembershipPolicyUtil.verifyPolicy(
497                                    role, oldRole, oldExpandoAttributes);
498                    }
499                    else {
500                            RoleMembershipPolicyUtil.verifyPolicy(
501                                    role, oldRole, oldExpandoAttributes);
502                    }
503    
504                    return role;
505            }
506    
507            protected void checkUserRolesPermission(long userId, long[] roleIds)
508                    throws PortalException {
509    
510                    for (int i = 0; i < roleIds.length; i++) {
511                            RolePermissionUtil.check(
512                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
513                    }
514            }
515    
516            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
517                    List<Role> filteredRoles = new ArrayList<Role>();
518    
519                    for (Role role : roles) {
520                            if (RolePermissionUtil.contains(
521                                            getPermissionChecker(), role.getRoleId(),
522                                            ActionKeys.VIEW)) {
523    
524                                    filteredRoles.add(role);
525                            }
526                    }
527    
528                    return filteredRoles;
529            }
530    
531    }