001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchPermissionException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.search.SearchEngineUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Group;
027    import com.liferay.portal.model.OrgGroupPermission;
028    import com.liferay.portal.model.Organization;
029    import com.liferay.portal.model.Permission;
030    import com.liferay.portal.model.Resource;
031    import com.liferay.portal.model.ResourceCode;
032    import com.liferay.portal.model.ResourceConstants;
033    import com.liferay.portal.model.Role;
034    import com.liferay.portal.model.User;
035    import com.liferay.portal.model.UserGroup;
036    import com.liferay.portal.security.permission.PermissionCacheUtil;
037    import com.liferay.portal.security.permission.PermissionCheckerBag;
038    import com.liferay.portal.security.permission.ResourceActionsUtil;
039    import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
040    import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
041    import com.liferay.portal.util.PropsValues;
042    import com.liferay.portal.util.comparator.PermissionComparator;
043    
044    import java.util.ArrayList;
045    import java.util.HashSet;
046    import java.util.Iterator;
047    import java.util.List;
048    import java.util.Set;
049    
050    import org.apache.commons.lang.time.StopWatch;
051    
052    /**
053     * @author Charles May
054     * @author Brian Wing Shun Chan
055     * @author Raymond Augé
056     */
057    public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
058    
059            public Permission addPermission(
060                            long companyId, String actionId, long resourceId)
061                    throws SystemException {
062    
063                    Permission permission = permissionPersistence.fetchByA_R(
064                            actionId, resourceId);
065    
066                    if (permission == null) {
067                            long permissionId = counterLocalService.increment(
068                                    Permission.class.getName());
069    
070                            permission = permissionPersistence.create(permissionId);
071    
072                            permission.setCompanyId(companyId);
073                            permission.setActionId(actionId);
074                            permission.setResourceId(resourceId);
075    
076                            permissionPersistence.update(permission, false);
077                    }
078    
079                    return permission;
080            }
081    
082            public List<Permission> addPermissions(
083                            long companyId, String name, long resourceId,
084                            boolean portletActions)
085                    throws SystemException {
086    
087                    List<String> actionIds = null;
088    
089                    if (portletActions) {
090                            actionIds = ResourceActionsUtil.getPortletResourceActions(name);
091                    }
092                    else {
093                            actionIds = ResourceActionsUtil.getModelResourceActions(name);
094                    }
095    
096                    return addPermissions(companyId, actionIds, resourceId);
097            }
098    
099            public List<Permission> addPermissions(
100                            long companyId, List<String> actionIds, long resourceId)
101                    throws SystemException {
102    
103                    List<Permission> permissions = permissionPersistence.findByResourceId(
104                            resourceId);
105    
106                    permissions = ListUtil.copy(permissions);
107    
108                    Set<String> actionIdsSet = new HashSet<String>();
109    
110                    for (Permission permission : permissions) {
111                            actionIdsSet.add(permission.getActionId());
112                    }
113    
114                    for (String actionId : actionIds) {
115                            if (actionIdsSet.contains(actionId)) {
116                                    continue;
117                            }
118    
119                            long permissionId = counterLocalService.increment(
120                                    Permission.class.getName());
121    
122                            Permission permission = permissionPersistence.create(permissionId);
123    
124                            permission.setCompanyId(companyId);
125                            permission.setActionId(actionId);
126                            permission.setResourceId(resourceId);
127    
128                            try {
129                                    permissionPersistence.update(permission, false);
130                            }
131                            catch (SystemException se) {
132                                    if (_log.isWarnEnabled()) {
133                                            _log.warn(
134                                                    "Add failed, fetch {actionId=" + actionId +
135                                                            ", resourceId=" + resourceId + "}");
136                                    }
137    
138                                    permission = permissionPersistence.fetchByA_R(
139                                            actionId, resourceId, false);
140    
141                                    if (permission == null) {
142                                            throw se;
143                                    }
144                            }
145    
146                            permissions.add(permission);
147                    }
148    
149                    return permissions;
150            }
151    
152            public void addUserPermissions(
153                            long userId, String[] actionIds, long resourceId)
154                    throws PortalException, SystemException {
155    
156                    User user = userPersistence.findByPrimaryKey(userId);
157    
158                    List<Permission> permissions = permissionFinder.findByU_R(
159                            userId, resourceId);
160    
161                    permissions = getPermissions(
162                            user.getCompanyId(), actionIds, resourceId);
163    
164                    userPersistence.addPermissions(userId, permissions);
165    
166                    PermissionCacheUtil.clearCache();
167            }
168    
169            public List<String> getActions(List<Permission> permissions) {
170                    List<String> actionIds = new ArrayList<String>();
171    
172                    Iterator<Permission> itr = permissions.iterator();
173    
174                    while (itr.hasNext()) {
175                            Permission permission = itr.next();
176    
177                            actionIds.add(permission.getActionId());
178                    }
179    
180                    return actionIds;
181            }
182    
183            public List<Permission> getGroupPermissions(long groupId, long resourceId)
184                    throws SystemException {
185    
186                    return permissionFinder.findByG_R(groupId, resourceId);
187            }
188    
189            public List<Permission> getGroupPermissions(
190                            long groupId, long companyId, String name, int scope,
191                            String primKey)
192                    throws SystemException {
193    
194                    return permissionFinder.findByG_C_N_S_P(
195                            groupId, companyId, name, scope, primKey);
196            }
197    
198            public List<Permission> getOrgGroupPermissions(
199                            long organizationId, long groupId, long resourceId)
200                    throws SystemException {
201    
202                    return permissionFinder.findByO_G_R(
203                            organizationId, groupId, resourceId);
204            }
205    
206            public long getLatestPermissionId() throws SystemException {
207                    List<Permission> permissions = permissionPersistence.findAll(
208                            0, 1, new PermissionComparator());
209    
210                    if (permissions.size() == 0) {
211                            return 0;
212                    }
213                    else {
214                            Permission permission = permissions.get(0);
215    
216                            return permission.getPermissionId();
217                    }
218            }
219    
220            public List<Permission> getPermissions(
221                            long companyId, String[] actionIds, long resourceId)
222                    throws SystemException {
223    
224                    List<Permission> permissions = new ArrayList<Permission>();
225    
226                    for (int i = 0; i < actionIds.length; i++) {
227                            Permission permission = addPermission(
228                                    companyId, actionIds[i], resourceId);
229    
230                            permissions.add(permission);
231                    }
232    
233                    return permissions;
234            }
235    
236            public List<Permission> getRolePermissions(long roleId)
237                    throws SystemException {
238    
239                    return rolePersistence.getPermissions(roleId);
240            }
241    
242            public List<Permission> getRolePermissions(long roleId, long resourceId)
243                    throws SystemException {
244    
245                    return permissionFinder.findByR_R(roleId, resourceId);
246            }
247    
248            public List<Permission> getUserPermissions(long userId, long resourceId)
249                    throws SystemException {
250    
251                    return permissionFinder.findByU_R(userId, resourceId);
252            }
253    
254            public List<Permission> getUserPermissions(
255                            long userId, long companyId, String name, int scope, String primKey)
256                    throws SystemException {
257    
258                    return permissionFinder.findByU_C_N_S_P(
259                            userId, companyId, name, scope, primKey);
260            }
261    
262            public boolean hasGroupPermission(
263                            long groupId, String actionId, long resourceId)
264                    throws SystemException {
265    
266                    Permission permission = permissionPersistence.fetchByA_R(
267                            actionId, resourceId);
268    
269                    // Return false if there is no permission based on the given action
270                    // id and resource id
271    
272                    if (permission == null) {
273                            return false;
274                    }
275    
276                    return groupPersistence.containsPermission(
277                            groupId, permission.getPermissionId());
278            }
279    
280            public boolean hasRolePermission(
281                            long roleId, long companyId, String name, int scope,
282                            String actionId)
283                    throws SystemException {
284    
285                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
286                            companyId, name, scope);
287    
288                    List<Resource> resources = resourcePersistence.findByCodeId(
289                            resourceCode.getCodeId());
290    
291                    for (Resource resource : resources) {
292                            Permission permission = permissionPersistence.fetchByA_R(
293                                    actionId, resource.getResourceId());
294    
295                            if (permission != null) {
296                                    if (rolePersistence.containsPermission(
297                                                    roleId, permission.getPermissionId())) {
298    
299                                            return true;
300                                    }
301                            }
302                    }
303    
304                    return false;
305            }
306    
307            public boolean hasRolePermission(
308                            long roleId, long companyId, String name, int scope, String primKey,
309                            String actionId)
310                    throws SystemException {
311    
312                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
313                            companyId, name, scope);
314    
315                    Resource resource = resourcePersistence.fetchByC_P(
316                            resourceCode.getCodeId(), primKey);
317    
318                    if (resource == null) {
319                            return false;
320                    }
321    
322                    Permission permission = permissionPersistence.fetchByA_R(
323                            actionId, resource.getResourceId());
324    
325                    if (permission == null) {
326                            return false;
327                    }
328    
329                    return rolePersistence.containsPermission(
330                            roleId, permission.getPermissionId());
331            }
332    
333            public boolean hasUserPermission(
334                            long userId, String actionId, long resourceId)
335                    throws SystemException {
336    
337                    Permission permission = permissionPersistence.fetchByA_R(
338                            actionId, resourceId);
339    
340                    // Return false if there is no permission based on the given action
341                    // id and resource id
342    
343                    if (permission == null) {
344                            return false;
345                    }
346    
347                    return userPersistence.containsPermission(
348                            userId, permission.getPermissionId());
349            }
350    
351            public boolean hasUserPermissions(
352                            long userId, long groupId, List<Resource> resources,
353                            String actionId, PermissionCheckerBag permissionCheckerBag)
354                    throws PortalException, SystemException {
355    
356                    StopWatch stopWatch = null;
357    
358                    if (_log.isDebugEnabled()) {
359                            stopWatch = new StopWatch();
360    
361                            stopWatch.start();
362                    }
363    
364                    int block = 1;
365    
366                    // Return false if there are no resources
367    
368                    if (Validator.isNull(actionId) || resources.isEmpty()) {
369                            return false;
370                    }
371    
372                    long[] resourceIds = null;
373    
374                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
375                            resourceIds = new long[resources.size()];
376    
377                            for (int i = 0; i < resources.size(); i++) {
378                                    Resource resource = resources.get(i);
379    
380                                    resourceIds[i] = resource.getResourceId();
381                            }
382                    }
383    
384                    List<Permission> permissions = null;
385    
386                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
387                            permissions = permissionFinder.findByA_R(actionId, resourceIds);
388    
389                            // Return false if there are no permissions
390    
391                            if (permissions.size() == 0) {
392                                    return false;
393                            }
394                    }
395    
396                    // Record logs with the first resource id
397    
398                    long resourceId = 0;
399    
400                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
401                            resourceId = resourceIds[0];
402                    }
403                    else {
404                            resourceId = resources.get(0).getResourceId();
405                    }
406    
407                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
408    
409                    //List<Group> userGroups = permissionCheckerBag.getUserGroups();
410                    //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
411                    //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
412                    //List<Group> userUserGroupGroups =
413                    //        permissionCheckerBag.getUserUserGroupGroups();
414                    List<Group> groups = permissionCheckerBag.getGroups();
415                    List<Role> roles = permissionCheckerBag.getRoles();
416    
417                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
418    
419                    // Check the organization and community intersection table. Break out of
420                    // this method if the user has one of the permissions set at the
421                    // intersection because that takes priority.
422    
423                    //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
424                    //        return true;
425                    //}
426    
427                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
428    
429                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
430                            return hasUserPermissions_1(
431                                    userId, resourceId, actionId, permissions, groups, groupId,
432                                    stopWatch, block);
433                    }
434                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
435                            return hasUserPermissions_2(
436                                    userId, resourceId, actionId, permissions, groups, groupId,
437                                    stopWatch, block);
438                    }
439                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
440                            return hasUserPermissions_3(
441                                    userId, resourceId, actionId, permissions, groups, roles,
442                                    stopWatch, block);
443                    }
444                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
445                            return hasUserPermissions_4(
446                                    userId, resourceId, actionId, permissions, groups, roles,
447                                    stopWatch, block);
448                    }
449                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
450                            return hasUserPermissions_5(
451                                    userId, resourceId, actionId, permissions, roles, stopWatch,
452                                    block);
453                    }
454                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
455                            return hasUserPermissions_6(
456                                    userId, resourceId, resources, actionId, roles, stopWatch,
457                                    block);
458                    }
459    
460                    return false;
461            }
462    
463            public void setGroupPermissions(
464                            long groupId, String[] actionIds, long resourceId)
465                    throws PortalException, SystemException {
466    
467                    Group group = groupPersistence.findByPrimaryKey(groupId);
468    
469                    List<Permission> permissions = permissionFinder.findByG_R(
470                            groupId, resourceId);
471    
472                    for (Permission permission : permissions) {
473                            groupPersistence.removePermission(groupId, permission);
474                    }
475    
476                    permissions = getPermissions(
477                            group.getCompanyId(), actionIds, resourceId);
478    
479                    groupPersistence.addPermissions(groupId, permissions);
480    
481                    PermissionCacheUtil.clearCache();
482            }
483    
484            public void setGroupPermissions(
485                            String className, String classPK, long groupId,
486                            String[] actionIds, long resourceId)
487                    throws PortalException, SystemException {
488    
489                    long associatedGroupId = 0;
490    
491                    if (className.equals(Organization.class.getName())) {
492                            long organizationId = GetterUtil.getLong(classPK);
493    
494                            Organization organization =
495                                    organizationPersistence.findByPrimaryKey(organizationId);
496    
497                            orgGroupPermissionFinder.removeByO_G_R(
498                                    organizationId, groupId, resourceId);
499    
500                            associatedGroupId = organization.getGroup().getGroupId();
501                    }
502                    else if (className.equals(UserGroup.class.getName())) {
503                            long userGroupId = GetterUtil.getLong(classPK);
504    
505                            UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
506                                    userGroupId);
507    
508                            associatedGroupId = userGroup.getGroup().getGroupId();
509                    }
510    
511                    setGroupPermissions(associatedGroupId, actionIds, resourceId);
512            }
513    
514            public void setOrgGroupPermissions(
515                            long organizationId, long groupId, String[] actionIds,
516                            long resourceId)
517                    throws PortalException, SystemException {
518    
519                    Organization organization =
520                            organizationPersistence.findByPrimaryKey(organizationId);
521    
522                    long orgGroupId = organization.getGroup().getGroupId();
523    
524                    List<Permission> permissions = permissionPersistence.findByResourceId(
525                            resourceId);
526    
527                    for (Permission permission : permissions) {
528                            groupPersistence.removePermission(orgGroupId, permission);
529                    }
530    
531                    permissions = getPermissions(
532                            organization.getCompanyId(), actionIds, resourceId);
533    
534                    orgGroupPermissionFinder.removeByO_G_R(
535                            organizationId, groupId, resourceId);
536    
537                    for (Permission permission : permissions) {
538                            OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
539                                    organizationId, groupId, permission.getPermissionId());
540    
541                            OrgGroupPermission orgGroupPermission =
542                                    orgGroupPermissionPersistence.create(pk);
543    
544                            orgGroupPermissionPersistence.update(orgGroupPermission, false);
545                    }
546    
547                    PermissionCacheUtil.clearCache();
548            }
549    
550            public void setRolePermission(
551                            long roleId, long companyId, String name, int scope, String primKey,
552                            String actionId)
553                    throws PortalException, SystemException {
554    
555                    if (scope == ResourceConstants.SCOPE_COMPANY) {
556    
557                            // Remove group permission
558    
559                            unsetRolePermissions(
560                                    roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
561                                    actionId);
562                    }
563                    else if (scope == ResourceConstants.SCOPE_GROUP) {
564    
565                            // Remove company permission
566    
567                            unsetRolePermissions(
568                                    roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
569                                    actionId);
570                    }
571                    else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
572                            throw new NoSuchPermissionException();
573                    }
574    
575                    Resource resource = resourceLocalService.addResource(
576                            companyId, name, scope, primKey);
577    
578                    long resourceId = resource.getResourceId();
579    
580                    Permission permission = permissionPersistence.fetchByA_R(
581                            actionId, resourceId);
582    
583                    if (permission == null) {
584                            long permissionId = counterLocalService.increment(
585                                    Permission.class.getName());
586    
587                            permission = permissionPersistence.create(permissionId);
588    
589                            permission.setCompanyId(companyId);
590                            permission.setActionId(actionId);
591                            permission.setResourceId(resourceId);
592    
593                            permissionPersistence.update(permission, false);
594                    }
595    
596                    rolePersistence.addPermission(roleId, permission);
597    
598                    PermissionCacheUtil.clearCache();
599    
600                    SearchEngineUtil.updatePermissionFields(resourceId);
601            }
602    
603            public void setRolePermissions(
604                            long roleId, long companyId, String name, int scope, String primKey,
605                            String[] actionIds)
606                    throws PortalException, SystemException {
607    
608                    for (int i = 0; i < actionIds.length; i++) {
609                            String actionId = actionIds[i];
610    
611                            setRolePermission(
612                                    roleId, companyId, name, scope, primKey, actionId);
613                    }
614            }
615    
616            public void setRolePermissions(
617                            long roleId, String[] actionIds, long resourceId)
618                    throws PortalException, SystemException {
619    
620                    Role role = rolePersistence.findByPrimaryKey(roleId);
621    
622                    List<Permission> permissions = permissionFinder.findByR_R(
623                            roleId, resourceId);
624    
625                    rolePersistence.removePermissions(roleId, permissions);
626    
627                    permissions = getPermissions(
628                            role.getCompanyId(), actionIds, resourceId);
629    
630                    rolePersistence.addPermissions(roleId, permissions);
631    
632                    PermissionCacheUtil.clearCache();
633    
634                    SearchEngineUtil.updatePermissionFields(resourceId);
635            }
636    
637            public void setUserPermissions(
638                            long userId, String[] actionIds, long resourceId)
639                    throws PortalException, SystemException {
640    
641                    User user = userPersistence.findByPrimaryKey(userId);
642    
643                    List<Permission> permissions = permissionFinder.findByU_R(
644                            userId, resourceId);
645    
646                    userPersistence.removePermissions(userId, permissions);
647    
648                    permissions = getPermissions(
649                            user.getCompanyId(), actionIds, resourceId);
650    
651                    userPersistence.addPermissions(userId, permissions);
652    
653                    PermissionCacheUtil.clearCache();
654            }
655    
656            public void unsetRolePermission(long roleId, long permissionId)
657                    throws SystemException {
658    
659                    Permission permission = permissionPersistence.fetchByPrimaryKey(
660                            permissionId);
661    
662                    if (permission != null) {
663                            rolePersistence.removePermission(roleId, permission);
664                    }
665    
666                    PermissionCacheUtil.clearCache();
667            }
668    
669            public void unsetRolePermission(
670                            long roleId, long companyId, String name, int scope, String primKey,
671                            String actionId)
672                    throws SystemException {
673    
674                    ResourceCode resourceCode =
675                            resourceCodeLocalService.getResourceCode(
676                                    companyId, name, scope);
677    
678                    Resource resource = resourcePersistence.fetchByC_P(
679                            resourceCode.getCodeId(), primKey);
680    
681                    if (resource != null) {
682                            Permission permission = permissionPersistence.fetchByA_R(
683                                    actionId, resource.getResourceId());
684    
685                            if (permission != null) {
686                                    rolePersistence.removePermission(roleId, permission);
687                            }
688                    }
689    
690                    PermissionCacheUtil.clearCache();
691            }
692    
693            public void unsetRolePermissions(
694                            long roleId, long companyId, String name, int scope,
695                            String actionId)
696                    throws SystemException {
697    
698                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
699                            companyId, name, scope);
700    
701                    List<Resource> resources = resourcePersistence.findByCodeId(
702                            resourceCode.getCodeId());
703    
704                    for (Resource resource : resources) {
705                            Permission permission = permissionPersistence.fetchByA_R(
706                                    actionId, resource.getResourceId());
707    
708                            if (permission != null) {
709                                    rolePersistence.removePermission(roleId, permission);
710                            }
711                    }
712    
713                    PermissionCacheUtil.clearCache();
714            }
715    
716            public void unsetUserPermissions(
717                            long userId, String[] actionIds, long resourceId)
718                    throws SystemException {
719    
720                    List<Permission> permissions = permissionFinder.findByU_A_R(
721                            userId, actionIds, resourceId);
722    
723                    userPersistence.removePermissions(userId, permissions);
724    
725                    PermissionCacheUtil.clearCache();
726            }
727    
728            protected boolean checkOrgGroupPermission(
729                            List<Organization> organizations, List<Group> groups,
730                            List<Permission> permissions)
731                    throws PortalException, SystemException {
732    
733                    for (Permission permission : permissions) {
734                            if (checkOrgGroupPermission(organizations, groups, permission)) {
735                                    return true;
736                            }
737                    }
738    
739                    return false;
740            }
741    
742            protected boolean checkOrgGroupPermission(
743                            List<Organization> organizations, List<Group> groups,
744                            Permission permission)
745                    throws PortalException, SystemException {
746    
747                    // Do not check for an OrgGroupPermission intersection unless there is
748                    // at least one organization and one group to check
749    
750                    if ((organizations.size() == 0) || (groups.size() == 0)) {
751                            return false;
752                    }
753    
754                    // Do not check unless the OrgGroupPermission intersection contains at
755                    // least one permission
756    
757                    List<OrgGroupPermission> orgGroupPermissions =
758                            orgGroupPermissionPersistence.findByPermissionId(
759                                    permission.getPermissionId());
760    
761                    if (orgGroupPermissions.size() == 0) {
762                            return false;
763                    }
764    
765                    for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
766                            if (orgGroupPermission.containsOrganization(organizations) &&
767                                    orgGroupPermission.containsGroup(groups)) {
768    
769                                    return true;
770                            }
771                    }
772    
773                    // Throw an exception so that we do not continue checking permissions.
774                    // The user has a specific permission given in the OrgGroupPermission
775                    // intersection that prohibits him from going further.
776    
777                    throw new NoSuchPermissionException(
778                            "User has a permission in OrgGroupPermission that does not match");
779            }
780    
781            protected boolean hasUserPermissions_1(
782                            long userId, long resourceId, String actionId,
783                            List<Permission> permissions, List<Group> groups, long groupId,
784                            StopWatch stopWatch, int block)
785                    throws SystemException {
786    
787                    // Is the user connected to one of the permissions via group or
788                    // organization roles?
789    
790                    if (groups.size() > 0) {
791                            if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
792                                    return true;
793                            }
794                    }
795    
796                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
797    
798                    // Is the user associated with groups or organizations that are directly
799                    // connected to one of the permissions?
800    
801                    if (groups.size() > 0) {
802                            if (permissionFinder.countByGroupsPermissions(
803                                            permissions, groups) > 0) {
804    
805                                    return true;
806                            }
807                    }
808    
809                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
810    
811                    // Is the user connected to one of the permissions via user roles?
812    
813                    if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
814                            return true;
815                    }
816    
817                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
818    
819                    // Is the user connected to one of the permissions via user group roles?
820    
821                    if (permissionFinder.countByUserGroupRole(
822                                    permissions, userId, groupId) > 0) {
823    
824                            return true;
825                    }
826    
827                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
828    
829                    // Is the user directly connected to one of the permissions?
830    
831                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
832                            return true;
833                    }
834    
835                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
836    
837                    return false;
838            }
839    
840            protected boolean hasUserPermissions_2(
841                            long userId, long resourceId, String actionId,
842                            List<Permission> permissions, List<Group> groups, long groupId,
843                            StopWatch stopWatch, int block)
844                    throws SystemException {
845    
846                    // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
847                    // countByUserGroupRole, and countByUsersPermissions in one method
848    
849                    if (permissionFinder.containsPermissions_2(
850                                    permissions, userId, groups, groupId)) {
851    
852                            return true;
853                    }
854    
855                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
856    
857                    return false;
858            }
859    
860            protected boolean hasUserPermissions_3(
861                            long userId, long resourceId, String actionId,
862                            List<Permission> permissions, List<Group> groups, List<Role> roles,
863                            StopWatch stopWatch, int block)
864                    throws SystemException {
865    
866                    // Is the user associated with groups or organizations that are directly
867                    // connected to one of the permissions?
868    
869                    if (groups.size() > 0) {
870                            if (permissionFinder.countByGroupsPermissions(
871                                            permissions, groups) > 0) {
872    
873                                    return true;
874                            }
875                    }
876    
877                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
878    
879                    // Is the user associated with a role that is directly connected to one
880                    // of the permissions?
881    
882                    if (roles.size() > 0) {
883                            if (permissionFinder.countByRolesPermissions(
884                                            permissions, roles) > 0) {
885    
886                                    return true;
887                            }
888                    }
889    
890                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
891    
892                    // Is the user directly connected to one of the permissions?
893    
894                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
895                            return true;
896                    }
897    
898                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
899    
900                    return false;
901            }
902    
903            protected boolean hasUserPermissions_4(
904                            long userId, long resourceId, String actionId,
905                            List<Permission> permissions, List<Group> groups, List<Role> roles,
906                            StopWatch stopWatch, int block)
907                    throws SystemException {
908    
909                    // Call countByGroupsPermissions, countByRolesPermissions, and
910                    // countByUsersPermissions in one method
911    
912                    if (permissionFinder.containsPermissions_4(
913                                    permissions, userId, groups, roles)) {
914    
915                            return true;
916                    }
917    
918                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
919    
920                    return false;
921            }
922    
923            protected boolean hasUserPermissions_5(
924                            long userId, long resourceId, String actionId,
925                            List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
926                            int block)
927                    throws SystemException {
928    
929                    if (roles.size() > 0) {
930                            if (permissionFinder.countByRolesPermissions(
931                                            permissions, roles) > 0) {
932    
933                                    return true;
934                            }
935                    }
936    
937                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
938    
939                    return false;
940            }
941    
942            protected boolean hasUserPermissions_6(
943                            long userId, long resourceId, List<Resource> resources,
944                            String actionId, List<Role> roles, StopWatch stopWatch,
945                            int block)
946                    throws PortalException, SystemException {
947    
948                    // Iterate the list of resources in reverse order to test permissions
949                    // from company scope to individual scope because it is more likely that
950                    // a permission is assigned at a higher scope. Optimizing this method
951                    // to one SQL call may actually slow things down since most of the calls
952                    // will pull from the cache after the first request.
953    
954                    for (int i = resources.size() - 1; i >= 0; i--) {
955                            Resource resource = resources.get(i);
956    
957                            for (Role role : roles) {
958                                    if (resourcePermissionLocalService.hasResourcePermission(
959                                                    resource.getCompanyId(), resource.getName(),
960                                                    resource.getScope(), resource.getPrimKey(),
961                                                    role.getRoleId(), actionId)) {
962    
963                                            return true;
964                                    }
965                            }
966                    }
967    
968                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
969    
970                    return false;
971            }
972    
973            protected void logHasUserPermissions(
974                    long userId, long resourceId, String actionId, StopWatch stopWatch,
975                    int block) {
976    
977                    if (!_log.isDebugEnabled()) {
978                            return;
979                    }
980    
981                    _log.debug(
982                            "Checking user permissions block " + block + " for " + userId +
983                                    " " + resourceId + " " + actionId + " takes " +
984                                            stopWatch.getTime() + " ms");
985            }
986    
987            private static Log _log = LogFactoryUtil.getLog(
988                    PermissionLocalServiceImpl.class);
989    
990    }