1
14
15 package com.liferay.portal.security.permission;
16
17 import com.liferay.portal.kernel.util.StringBundler;
18 import com.liferay.portal.kernel.util.StringPool;
19 import com.liferay.portal.kernel.util.StringUtil;
20 import com.liferay.portal.kernel.util.Validator;
21 import com.liferay.portal.util.PropsValues;
22 import com.liferay.util.dao.orm.CustomSQLUtil;
23
24
29 public class InlineSQLHelperImpl implements InlineSQLHelper {
30
31 public static final String JOIN_RESOURCE_PERMISSION =
32 InlineSQLHelper.class.getName() + ".joinResourcePermission";
33
34 public String replacePermissionCheck(
35 String sql, String className, String classPKField, String userIdField) {
36
37 return replacePermissionCheck(
38 sql, className, classPKField, userIdField, 0, null);
39 }
40
41 public String replacePermissionCheck(
42 String sql, String className, String classPKField, String userIdField,
43 long groupId) {
44
45 return replacePermissionCheck(
46 sql, className, classPKField, userIdField, groupId, null);
47 }
48
49 public String replacePermissionCheck(
50 String sql, String className, String classPKField, String userIdField,
51 long groupId, String bridgeJoin) {
52
53 if (Validator.isNull(className)) {
54 new IllegalArgumentException("className is null");
55 }
56
57 if (Validator.isNull(classPKField)) {
58 new IllegalArgumentException("classPKField is null");
59 }
60
61 if (Validator.isNull(sql)) {
62 return sql;
63 }
64
65 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
66 return StringUtil.replace(
67 sql, "[$PERMISSION_JOIN$]", StringPool.BLANK);
68 }
69
70 PermissionChecker permissionChecker =
71 PermissionThreadLocal.getPermissionChecker();
72
73 if (permissionChecker.isCommunityAdmin(groupId) ||
74 permissionChecker.isCommunityOwner(groupId)) {
75
76 return StringUtil.replace(
77 sql, "[$PERMISSION_JOIN$]", StringPool.BLANK);
78 }
79
80 String permissionJoin = StringPool.BLANK;
81
82 if (Validator.isNotNull(bridgeJoin)) {
83 permissionJoin = bridgeJoin;
84 }
85
86 permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
87
88 StringBundler ownerSQL = new StringBundler(5);
89
90 if (Validator.isNotNull(userIdField)) {
91 ownerSQL.append(" OR (");
92 ownerSQL.append(userIdField);
93 ownerSQL.append(" = ");
94 ownerSQL.append(String.valueOf(getUserId()));
95 ownerSQL.append(")");
96 }
97
98 permissionJoin = StringUtil.replace(
99 permissionJoin,
100 new String[] {
101 "[$CLASS_NAME$]",
102 "[$CLASS_PK_FIELD$]",
103 "[$OWNER_CHECK$]",
104 "[$ROLE_IDS$]"
105 },
106 new String[] {
107 className,
108 classPKField,
109 ownerSQL.toString(),
110 StringUtil.merge(getRoleIds(groupId))
111 });
112
113 return StringUtil.replace(sql, "[$PERMISSION_JOIN$]", permissionJoin);
114 }
115
116 public String replacePermissionCheck(
117 String sql, String className, String classPKField, String userIdField,
118 String bridgeJoin) {
119
120 return replacePermissionCheck(
121 sql, className, classPKField, userIdField, 0, bridgeJoin);
122 }
123
124 protected long[] getRoleIds(long groupId) {
125 long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
126
127 PermissionChecker permissionChecker =
128 PermissionThreadLocal.getPermissionChecker();
129
130 if (permissionChecker != null) {
131 roleIds = permissionChecker.getRoleIds(
132 permissionChecker.getUserId(), groupId);
133 }
134
135 return roleIds;
136 }
137
138 protected long getUserId() {
139 long userId = 0;
140
141 PermissionChecker permissionChecker =
142 PermissionThreadLocal.getPermissionChecker();
143
144 if (permissionChecker != null) {
145 userId = permissionChecker.getUserId();
146 }
147
148 return userId;
149 }
150
151 }