1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.security.permission;
16  
17  import com.liferay.portal.kernel.util.StringBundler;
18  import com.liferay.portal.kernel.util.StringPool;
19  import com.liferay.portal.kernel.util.StringUtil;
20  import com.liferay.portal.kernel.util.Validator;
21  import com.liferay.portal.util.PropsValues;
22  import com.liferay.util.dao.orm.CustomSQLUtil;
23  
24  /**
25   * <a href="InlineSQLHelperImpl.java.html"><b><i>View Source</i></b></a>
26   *
27   * @author Raymond Augé
28   */
29  public class InlineSQLHelperImpl implements InlineSQLHelper {
30  
31      public static final String JOIN_RESOURCE_PERMISSION =
32          InlineSQLHelper.class.getName() + ".joinResourcePermission";
33  
34      public String replacePermissionCheck(
35          String sql, String className, String classPKField, String userIdField) {
36  
37          return replacePermissionCheck(
38              sql, className, classPKField, userIdField, 0, null);
39      }
40  
41      public String replacePermissionCheck(
42          String sql, String className, String classPKField, String userIdField,
43          long groupId) {
44  
45          return replacePermissionCheck(
46              sql, className, classPKField, userIdField, groupId, null);
47      }
48  
49      public String replacePermissionCheck(
50          String sql, String className, String classPKField, String userIdField,
51          long groupId, String bridgeJoin) {
52  
53          if (Validator.isNull(className)) {
54              new IllegalArgumentException("className is null");
55          }
56  
57          if (Validator.isNull(classPKField)) {
58              new IllegalArgumentException("classPKField is null");
59          }
60  
61          if (Validator.isNull(sql)) {
62              return sql;
63          }
64  
65          if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
66              return StringUtil.replace(
67                  sql, "[$PERMISSION_JOIN$]", StringPool.BLANK);
68          }
69  
70          PermissionChecker permissionChecker =
71              PermissionThreadLocal.getPermissionChecker();
72  
73          if (permissionChecker.isCommunityAdmin(groupId) ||
74              permissionChecker.isCommunityOwner(groupId)) {
75  
76              return StringUtil.replace(
77                  sql, "[$PERMISSION_JOIN$]", StringPool.BLANK);
78          }
79  
80          String permissionJoin = StringPool.BLANK;
81  
82          if (Validator.isNotNull(bridgeJoin)) {
83              permissionJoin = bridgeJoin;
84          }
85  
86          permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
87  
88          StringBundler ownerSQL = new StringBundler(5);
89  
90          if (Validator.isNotNull(userIdField)) {
91              ownerSQL.append(" OR (");
92              ownerSQL.append(userIdField);
93              ownerSQL.append(" = ");
94              ownerSQL.append(String.valueOf(getUserId()));
95              ownerSQL.append(")");
96          }
97  
98          permissionJoin = StringUtil.replace(
99              permissionJoin,
100             new String[] {
101                 "[$CLASS_NAME$]",
102                 "[$CLASS_PK_FIELD$]",
103                 "[$OWNER_CHECK$]",
104                 "[$ROLE_IDS$]"
105             },
106             new String[] {
107                 className,
108                 classPKField,
109                 ownerSQL.toString(),
110                 StringUtil.merge(getRoleIds(groupId))
111             });
112 
113         return StringUtil.replace(sql, "[$PERMISSION_JOIN$]", permissionJoin);
114     }
115 
116     public String replacePermissionCheck(
117         String sql, String className, String classPKField, String userIdField,
118         String bridgeJoin) {
119 
120         return replacePermissionCheck(
121             sql, className, classPKField, userIdField, 0, bridgeJoin);
122     }
123 
124     protected long[] getRoleIds(long groupId) {
125         long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
126 
127         PermissionChecker permissionChecker =
128             PermissionThreadLocal.getPermissionChecker();
129 
130         if (permissionChecker != null) {
131             roleIds = permissionChecker.getRoleIds(
132                 permissionChecker.getUserId(), groupId);
133         }
134 
135         return roleIds;
136     }
137 
138     protected long getUserId() {
139         long userId = 0;
140 
141         PermissionChecker permissionChecker =
142             PermissionThreadLocal.getPermissionChecker();
143 
144         if (permissionChecker != null) {
145             userId = permissionChecker.getUserId();
146         }
147 
148         return userId;
149     }
150 
151 }