001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchResourceException;
018    import com.liferay.portal.ResourceActionsException;
019    import com.liferay.portal.kernel.exception.PortalException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.search.SearchEngineUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.model.AuditedModel;
026    import com.liferay.portal.model.ClassedModel;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.GroupConstants;
029    import com.liferay.portal.model.GroupedModel;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.PermissionedModel;
032    import com.liferay.portal.model.Resource;
033    import com.liferay.portal.model.ResourceCode;
034    import com.liferay.portal.model.ResourceConstants;
035    import com.liferay.portal.model.ResourcePermission;
036    import com.liferay.portal.model.Role;
037    import com.liferay.portal.model.RoleConstants;
038    import com.liferay.portal.model.impl.ResourceImpl;
039    import com.liferay.portal.security.permission.PermissionCacheUtil;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.PermissionsListFilter;
042    import com.liferay.portal.security.permission.PermissionsListFilterFactory;
043    import com.liferay.portal.security.permission.ResourceActionsUtil;
044    import com.liferay.portal.service.ServiceContext;
045    import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
046    import com.liferay.portal.util.PropsValues;
047    import com.liferay.portal.util.ResourcePermissionsThreadLocal;
048    import com.liferay.portal.util.comparator.ResourceComparator;
049    
050    import java.util.Arrays;
051    import java.util.Iterator;
052    import java.util.List;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Wilson S. Man
057     * @author Raymond Augé
058     * @author Julio Camarero
059     * @author Connor McKay
060     */
061    public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
062    
063            public void addModelResources(
064                            AuditedModel auditedModel, ServiceContext serviceContext)
065                    throws PortalException, SystemException {
066    
067                    ClassedModel classedModel = (ClassedModel)auditedModel;
068    
069                    if (serviceContext.getAddGroupPermissions() ||
070                            serviceContext.getAddGuestPermissions()) {
071    
072                            addResources(
073                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
074                                    auditedModel.getUserId(), classedModel.getModelClassName(),
075                                    String.valueOf(classedModel.getPrimaryKeyObj()), false,
076                                    serviceContext.getAddGroupPermissions(),
077                                    serviceContext.getAddGuestPermissions(),
078                                    getPermissionedModel(auditedModel));
079                    }
080                    else {
081                            addModelResources(
082                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
083                                    auditedModel.getUserId(), classedModel.getModelClassName(),
084                                    String.valueOf(classedModel.getPrimaryKeyObj()),
085                                    serviceContext.getGroupPermissions(),
086                                    serviceContext.getGuestPermissions(),
087                                    getPermissionedModel(auditedModel));
088                    }
089            }
090    
091            public void addModelResources(
092                            long companyId, long groupId, long userId, String name,
093                            long primKey, String[] groupPermissions, String[] guestPermissions)
094                    throws PortalException, SystemException {
095    
096                    addModelResources(
097                            companyId, groupId, userId, name, String.valueOf(primKey),
098                            groupPermissions, guestPermissions, null);
099            }
100    
101            public void addModelResources(
102                            long companyId, long groupId, long userId, String name,
103                            String primKey, String[] groupPermissions,
104                            String[] guestPermissions)
105                    throws PortalException, SystemException {
106    
107                    addModelResources(
108                            companyId, groupId, userId, name, primKey, groupPermissions,
109                            guestPermissions, null);
110            }
111    
112            public Resource addResource(
113                            long companyId, String name, int scope, String primKey)
114                    throws SystemException {
115    
116                    if (!PermissionThreadLocal.isAddResource()) {
117                            return null;
118                    }
119    
120                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
121                            return addResource_6(companyId, name, scope, primKey);
122                    }
123                    else {
124                            return addResource_1to5(companyId, name, scope, primKey);
125                    }
126            }
127    
128            public void addResources(
129                            long companyId, long groupId, long userId, String name,
130                            long primKey, boolean portletActions,
131                            boolean addGroupPermissions, boolean addGuestPermissions)
132                    throws PortalException, SystemException {
133    
134                    addResources(
135                            companyId, groupId, userId, name, String.valueOf(primKey),
136                            portletActions, addGroupPermissions, addGuestPermissions, null);
137            }
138    
139            public void addResources(
140                            long companyId, long groupId, long userId, String name,
141                            String primKey, boolean portletActions,
142                            boolean addGroupPermissions, boolean addGuestPermissions)
143                    throws PortalException, SystemException {
144    
145                    addResources(
146                            companyId, groupId, userId, name, primKey, portletActions,
147                            addGroupPermissions, addGuestPermissions, null);
148            }
149    
150            public void addResources(
151                            long companyId, long groupId, String name, boolean portletActions)
152                    throws PortalException, SystemException {
153    
154                    addResources(
155                            companyId, groupId, 0, name, null, portletActions, false, false);
156            }
157    
158            public void deleteResource(AuditedModel auditedModel, int scope)
159                    throws PortalException, SystemException {
160    
161                    ClassedModel classedModel = (ClassedModel)auditedModel;
162    
163                    deleteResource(
164                            auditedModel.getCompanyId(), classedModel.getModelClassName(),
165                            scope, String.valueOf(classedModel.getPrimaryKeyObj()),
166                            getPermissionedModel(auditedModel));
167            }
168    
169            @Override
170            public void deleteResource(long resourceId) throws SystemException {
171                    try {
172                            Resource resource = resourcePersistence.findByPrimaryKey(
173                                    resourceId);
174    
175                            deleteResource(resource);
176                    }
177                    catch (NoSuchResourceException nsre) {
178                            if (_log.isWarnEnabled()) {
179                                    _log.warn(nsre);
180                            }
181                    }
182            }
183    
184            public void deleteResource(
185                            long companyId, String name, int scope, long primKey)
186                    throws PortalException, SystemException {
187    
188                    deleteResource(companyId, name, scope, String.valueOf(primKey), null);
189            }
190    
191            public void deleteResource(
192                            long companyId, String name, int scope, String primKey)
193                    throws PortalException, SystemException {
194    
195                    deleteResource(companyId, name, scope, primKey, null);
196            }
197    
198            @Override
199            public void deleteResource(Resource resource) throws SystemException {
200    
201                    // Permissions
202    
203                    List<Permission> permissions = permissionPersistence.findByResourceId(
204                            resource.getResourceId());
205    
206                    for (Permission permission : permissions) {
207                            orgGroupPermissionPersistence.removeByPermissionId(
208                                    permission.getPermissionId());
209                    }
210    
211                    permissionPersistence.removeByResourceId(resource.getResourceId());
212    
213                    // Resource
214    
215                    resourcePersistence.remove(resource);
216            }
217    
218            public void deleteResources(String name) throws SystemException {
219                    List<Resource> resources = resourceFinder.findByName(name);
220    
221                    for (Resource resource : resources) {
222                            deleteResource(resource);
223                    }
224            }
225    
226            public Resource fetchResource(
227                            long companyId, String name, int scope, String primKey)
228                    throws SystemException {
229    
230                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
231                            return getResource_6(companyId, name, scope, primKey);
232                    }
233                    else {
234                            return fetchResource_1to5(companyId, name, scope, primKey);
235                    }
236            }
237    
238            public long getLatestResourceId() throws SystemException {
239                    List<Resource> resources = resourcePersistence.findAll(
240                            0, 1, new ResourceComparator());
241    
242                    if (resources.size() == 0) {
243                            return 0;
244                    }
245                    else {
246                            Resource resource = resources.get(0);
247    
248                            return resource.getResourceId();
249                    }
250            }
251    
252            @Override
253            public Resource getResource(long resourceId)
254                    throws PortalException, SystemException {
255    
256                    return resourcePersistence.findByPrimaryKey(resourceId);
257            }
258    
259            public Resource getResource(
260                            long companyId, String name, int scope, String primKey)
261                    throws PortalException, SystemException {
262    
263                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
264                            return getResource_6(companyId, name, scope, primKey);
265                    }
266                    else {
267                            return getResource_1to5(companyId, name, scope, primKey);
268                    }
269            }
270    
271            public List<Resource> getResources() throws SystemException {
272                    return resourcePersistence.findAll();
273            }
274    
275            public void updateModelResources(
276                            AuditedModel auditedModel, ServiceContext serviceContext)
277                    throws PortalException, SystemException {
278    
279                    ClassedModel classedModel = (ClassedModel)auditedModel;
280    
281                    updateResources(
282                            auditedModel.getCompanyId(), getGroupId(auditedModel),
283                            classedModel.getModelClassName(),
284                            String.valueOf(classedModel.getPrimaryKeyObj()),
285                            serviceContext.getGroupPermissions(),
286                            serviceContext.getGuestPermissions(),
287                            getPermissionedModel(auditedModel));
288            }
289    
290            public void updateResources(
291                            long companyId, long groupId, String name, long primKey,
292                            String[] groupPermissions, String[] guestPermissions)
293                    throws PortalException, SystemException {
294    
295                    updateResources(
296                            companyId, groupId, name, String.valueOf(primKey), groupPermissions,
297                            guestPermissions, null);
298            }
299    
300            public void updateResources(
301                            long companyId, long groupId, String name, String primKey,
302                            String[] groupPermissions, String[] guestPermissions)
303                    throws PortalException, SystemException {
304    
305                    updateResources(
306                            companyId, groupId, name, primKey, groupPermissions,
307                            guestPermissions, null);
308            }
309    
310            public void updateResources(
311                            long companyId, String name, int scope, String primKey,
312                            String newPrimKey)
313                    throws PortalException, SystemException {
314    
315                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
316                            if (resourceBlockLocalService.isSupported(name)) {
317    
318                                    // Assuming that this method is used when the primary key of an
319                                    // existing record is changed, then nothing needs to happen
320                                    // here, as it should still have its resource block ID.
321    
322                            }
323                            else {
324                                    updateResources_6(companyId, name, scope, primKey, newPrimKey);
325                            }
326                    }
327                    else {
328                            updateResources_1to5(
329                                    companyId, name, scope, primKey, newPrimKey);
330                    }
331            }
332    
333            protected void addGroupPermissions(
334                            long companyId, long groupId, long userId, String name,
335                            Resource resource, boolean portletActions,
336                            PermissionedModel permissionedModel)
337                    throws PortalException, SystemException {
338    
339                    List<String> actions = null;
340    
341                    if (portletActions) {
342                            actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
343                                    name);
344                    }
345                    else {
346                            actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
347                                    name);
348                    }
349    
350                    String[] actionIds = actions.toArray(new String[actions.size()]);
351    
352                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
353                            if (resourceBlockLocalService.isSupported(name)) {
354                                    addGroupPermissions_6Blocks(
355                                            groupId, resource, actions, permissionedModel);
356                            }
357                            else {
358                                    addGroupPermissions_6(groupId, resource, actionIds);
359                            }
360                    }
361                    else {
362                            addGroupPermissions_1to5(
363                                    companyId, groupId, userId, name, resource, portletActions,
364                                    actionIds);
365                    }
366            }
367    
368            protected void addGroupPermissions_1to5(
369                            long companyId, long groupId, long userId, String name,
370                            Resource resource, boolean portletActions, String[] actionIds)
371                    throws PortalException, SystemException {
372    
373                    long resourceId = resource.getResourceId();
374                    String primKey = resource.getPrimKey();
375    
376                    List<Permission> groupPermissionsList =
377                            permissionLocalService.getPermissions(
378                                    companyId, actionIds, resourceId);
379    
380                    PermissionsListFilter permissionsListFilter =
381                            PermissionsListFilterFactory.getInstance();
382    
383                    groupPermissionsList =
384                            permissionsListFilter.filterGroupPermissions(
385                                    companyId, groupId, userId, name, primKey, portletActions,
386                                    groupPermissionsList);
387    
388                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
389                            Role role = roleLocalService.getDefaultGroupRole(groupId);
390    
391                            rolePersistence.addPermissions(
392                                    role.getRoleId(), groupPermissionsList);
393                    }
394                    else {
395                            groupPersistence.addPermissions(groupId, groupPermissionsList);
396                    }
397            }
398    
399            protected void addGroupPermissions_6(
400                            long groupId, Resource resource, String[] actionIds)
401                    throws PortalException, SystemException {
402    
403                    Role role = roleLocalService.getDefaultGroupRole(groupId);
404    
405                    resourcePermissionLocalService.setResourcePermissions(
406                            resource.getCompanyId(), resource.getName(), resource.getScope(),
407                            resource.getPrimKey(), role.getRoleId(), actionIds);
408            }
409    
410            protected void addGroupPermissions_6Blocks(
411                            long groupId, Resource resource, List<String> actionIds,
412                            PermissionedModel permissionedModel)
413                    throws PortalException, SystemException {
414    
415                    if (permissionedModel == null) {
416                            throw new IllegalArgumentException("Permissioned model is null");
417                    }
418    
419                    // Scope is assumed to always be individual
420    
421                    Role role = roleLocalService.getDefaultGroupRole(groupId);
422    
423                    resourceBlockLocalService.setIndividualScopePermissions(
424                            resource.getCompanyId(), groupId, resource.getName(),
425                            permissionedModel, role.getRoleId(), actionIds);
426            }
427    
428            protected void addGuestPermissions(
429                            long companyId, long groupId, long userId, String name,
430                            Resource resource, boolean portletActions,
431                            PermissionedModel permissionedModel)
432                    throws PortalException, SystemException {
433    
434                    List<String> actions = null;
435    
436                    if (portletActions) {
437                            actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
438                                    name);
439                    }
440                    else {
441                            actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
442                                    name);
443                    }
444    
445                    String[] actionIds = actions.toArray(new String[actions.size()]);
446    
447                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
448                            if (resourceBlockLocalService.isSupported(name)) {
449                                    addGuestPermissions_6Blocks(
450                                            companyId, groupId, resource, actions, permissionedModel);
451                            }
452                            else {
453                                    addGuestPermissions_6(companyId, resource, actionIds);
454                            }
455                    }
456                    else {
457                            addGuestPermissions_1to5(
458                                    companyId, groupId, userId, name, resource, portletActions,
459                                    actionIds);
460                    }
461            }
462    
463            protected void addGuestPermissions_1to5(
464                            long companyId, long groupId, long userId, String name,
465                            Resource resource, boolean portletActions, String[] actionIds)
466                    throws PortalException, SystemException {
467    
468                    List<Permission> guestPermissionsList =
469                            permissionLocalService.getPermissions(
470                                    companyId, actionIds, resource.getResourceId());
471    
472                    PermissionsListFilter permissionsListFilter =
473                            PermissionsListFilterFactory.getInstance();
474    
475                    guestPermissionsList =
476                            permissionsListFilter.filterGuestPermissions(
477                                    companyId, groupId, userId, name, resource.getPrimKey(),
478                                    portletActions, guestPermissionsList);
479    
480                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
481                            Role guestRole = roleLocalService.getRole(
482                                    companyId, RoleConstants.GUEST);
483    
484                            rolePersistence.addPermissions(
485                                    guestRole.getRoleId(), guestPermissionsList);
486                    }
487                    else {
488                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
489    
490                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
491                    }
492            }
493    
494            protected void addGuestPermissions_6(
495                            long companyId, Resource resource, String[] actionIds)
496                    throws PortalException, SystemException {
497    
498                    Role guestRole = roleLocalService.getRole(
499                            companyId, RoleConstants.GUEST);
500    
501                    resourcePermissionLocalService.setResourcePermissions(
502                            resource.getCompanyId(), resource.getName(), resource.getScope(),
503                            resource.getPrimKey(), guestRole.getRoleId(), actionIds);
504            }
505    
506            protected void addGuestPermissions_6Blocks(
507                            long companyId, long groupId, Resource resource,
508                            List<String> actionIds, PermissionedModel permissionedModel)
509                    throws PortalException, SystemException {
510    
511                    if (permissionedModel == null) {
512                            throw new IllegalArgumentException("Permissioned model is null");
513                    }
514    
515                    // Scope is assumed to always be individual
516    
517                    Role guestRole = roleLocalService.getRole(
518                            companyId, RoleConstants.GUEST);
519    
520                    resourceBlockLocalService.setIndividualScopePermissions(
521                            resource.getCompanyId(), groupId, resource.getName(),
522                            permissionedModel, guestRole.getRoleId(), actionIds);
523            }
524    
525            protected void addModelResources(
526                            long companyId, long groupId, long userId, String name,
527                            String primKey, String[] groupPermissions,
528                            String[] guestPermissions, PermissionedModel permissionedModel)
529                    throws PortalException, SystemException {
530    
531                    if (!PermissionThreadLocal.isAddResource()) {
532                            return;
533                    }
534    
535                    validate(name, false);
536    
537                    // Company
538    
539                    addResource(
540                            companyId, name, ResourceConstants.SCOPE_COMPANY,
541                            String.valueOf(companyId));
542    
543                    // Guest
544    
545                    Group guestGroup = groupLocalService.getGroup(
546                            companyId, GroupConstants.GUEST);
547    
548                    addResource(
549                            companyId, name, ResourceConstants.SCOPE_GROUP,
550                            String.valueOf(guestGroup.getGroupId()));
551    
552                    // Group
553    
554                    if ((groupId > 0) && (guestGroup.getGroupId() != groupId)) {
555                            addResource(
556                                    companyId, name, ResourceConstants.SCOPE_GROUP,
557                                    String.valueOf(groupId));
558                    }
559    
560                    if (primKey == null) {
561                            return;
562                    }
563    
564                    // Individual
565    
566                    Resource resource = addResource(
567                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
568    
569                    // Permissions
570    
571                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
572    
573                    PermissionThreadLocal.setIndexEnabled(false);
574    
575                    try {
576                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
577                                    addModelResources_6(
578                                            companyId, groupId, userId, resource, groupPermissions,
579                                            guestPermissions, permissionedModel);
580                            }
581                            else {
582                                    addModelResources_1to5(
583                                            companyId, groupId, userId, resource, groupPermissions,
584                                            guestPermissions);
585                            }
586                    }
587                    finally {
588                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
589    
590                            PermissionCacheUtil.clearCache();
591    
592                            SearchEngineUtil.updatePermissionFields(name, primKey);
593                    }
594            }
595    
596            protected void addModelResources_1to5(
597                            long companyId, long groupId, long userId, Resource resource,
598                            String[] groupPermissions, String[] guestPermissions)
599                    throws PortalException, SystemException {
600    
601                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
602    
603                    PermissionsListFilter permissionsListFilter =
604                            PermissionsListFilterFactory.getInstance();
605    
606                    List<Permission> permissionsList =
607                            permissionLocalService.addPermissions(
608                                    companyId, resource.getName(), resource.getResourceId(), false);
609    
610                    List<Permission> userPermissionsList =
611                            permissionsListFilter.filterUserPermissions(
612                                    companyId, groupId, userId, resource.getName(),
613                                    resource.getPrimKey(), false, permissionsList);
614    
615                    filterOwnerPermissions(resource.getName(), userPermissionsList);
616    
617                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
618    
619                            // Owner permissions
620    
621                            Role ownerRole = roleLocalService.getRole(
622                                    companyId, RoleConstants.OWNER);
623    
624                            rolePersistence.addPermissions(
625                                    ownerRole.getRoleId(), userPermissionsList);
626                    }
627                    else {
628    
629                            // User permissions
630    
631                            if ((userId > 0) && (userId != defaultUserId)) {
632                                    userPersistence.addPermissions(userId, userPermissionsList);
633                            }
634                    }
635    
636                    // Group permissions
637    
638                    if (groupId > 0) {
639                            if (groupPermissions == null) {
640                                    groupPermissions = new String[0];
641                            }
642    
643                            List<Permission> groupPermissionsList =
644                                    permissionLocalService.getPermissions(
645                                            companyId, groupPermissions, resource.getResourceId());
646    
647                            groupPermissionsList =
648                                    permissionsListFilter.filterGroupPermissions(
649                                            companyId, groupId, userId, resource.getName(),
650                                            resource.getPrimKey(), false, groupPermissionsList);
651    
652                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
653                                    Role role = roleLocalService.getDefaultGroupRole(groupId);
654    
655                                    rolePersistence.addPermissions(
656                                            role.getRoleId(), groupPermissionsList);
657                            }
658                            else {
659                                    groupPersistence.addPermissions(
660                                            groupId, groupPermissionsList);
661                            }
662                    }
663    
664                    // Guest permissions
665    
666                    if (guestPermissions == null) {
667                            guestPermissions = new String[0];
668                    }
669    
670                    List<Permission> guestPermissionsList =
671                            permissionLocalService.getPermissions(
672                                    companyId, guestPermissions, resource.getResourceId());
673    
674                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
675                            companyId, groupId, userId, resource.getName(),
676                            resource.getPrimKey(), false, guestPermissionsList);
677    
678                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
679                            Role guestRole = roleLocalService.getRole(
680                                    companyId, RoleConstants.GUEST);
681    
682                            rolePersistence.addPermissions(
683                                    guestRole.getRoleId(), guestPermissionsList);
684                    }
685                    else {
686                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
687                    }
688            }
689    
690            protected void addModelResources_6(
691                            long companyId, long groupId, long userId, Resource resource,
692                            String[] groupPermissions, String[] guestPermissions,
693                            PermissionedModel permissionedModel)
694                    throws PortalException, SystemException {
695    
696                    // Owner permissions
697    
698                    Role ownerRole = roleLocalService.getRole(
699                            companyId, RoleConstants.OWNER);
700    
701                    List<String> ownerActionIds =
702                            ResourceActionsUtil.getModelResourceActions(resource.getName());
703    
704                    ownerActionIds = ListUtil.copy(ownerActionIds);
705    
706                    filterOwnerActions(resource.getName(), ownerActionIds);
707    
708                    String[] ownerPermissions =
709                            ownerActionIds.toArray(new String[ownerActionIds.size()]);
710    
711                    // Group permissions
712    
713                    Role defaultGroupRole = null;
714    
715                    if (groupId > 0) {
716                            defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
717    
718                            if (groupPermissions == null) {
719                                    groupPermissions = new String[0];
720                            }
721                    }
722    
723                    // Guest permissions
724    
725                    Role guestRole = roleLocalService.getRole(
726                            companyId, RoleConstants.GUEST);
727    
728                    if (guestPermissions == null) {
729                            guestPermissions = new String[0];
730                    }
731    
732                    if (resourceBlockLocalService.isSupported(resource.getName())) {
733    
734                            if (permissionedModel == null) {
735                                    throw new IllegalArgumentException(
736                                            "Permissioned model is null");
737                            }
738    
739                            // Scope is assumed to always be individual
740    
741                            resourceBlockLocalService.setIndividualScopePermissions(
742                                    resource.getCompanyId(), groupId, resource.getName(),
743                                    permissionedModel, ownerRole.getRoleId(), ownerActionIds);
744    
745                            if (groupId > 0) {
746                                    resourceBlockLocalService.setIndividualScopePermissions(
747                                            resource.getCompanyId(), groupId, resource.getName(),
748                                            permissionedModel, defaultGroupRole.getRoleId(),
749                                            Arrays.asList(groupPermissions));
750                            }
751    
752                            resourceBlockLocalService.setIndividualScopePermissions(
753                                    resource.getCompanyId(), groupId, resource.getName(),
754                                    permissionedModel, guestRole.getRoleId(),
755                                    Arrays.asList(guestPermissions));
756                    }
757                    else {
758                            resourcePermissionLocalService.setOwnerResourcePermissions(
759                                    resource.getCompanyId(), resource.getName(),
760                                    resource.getScope(), resource.getPrimKey(),
761                                    ownerRole.getRoleId(), userId, ownerPermissions);
762    
763                            if (groupId > 0) {
764                                    resourcePermissionLocalService.setResourcePermissions(
765                                            resource.getCompanyId(), resource.getName(),
766                                            resource.getScope(), resource.getPrimKey(),
767                                            defaultGroupRole.getRoleId(), groupPermissions);
768                            }
769    
770                            resourcePermissionLocalService.setResourcePermissions(
771                                    resource.getCompanyId(), resource.getName(),
772                                    resource.getScope(), resource.getPrimKey(),
773                                    guestRole.getRoleId(), guestPermissions);
774                    }
775            }
776    
777            protected Resource addResource_1to5(
778                            long companyId, String name, int scope, String primKey)
779                    throws SystemException {
780    
781                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
782                            companyId, name, scope);
783    
784                    long codeId = resourceCode.getCodeId();
785    
786                    Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
787    
788                    if (resource == null) {
789                            long resourceId = counterLocalService.increment(
790                                    Resource.class.getName());
791    
792                            resource = resourcePersistence.create(resourceId);
793    
794                            resource.setCodeId(codeId);
795                            resource.setPrimKey(primKey);
796    
797                            try {
798                                    resourcePersistence.update(resource, false);
799                            }
800                            catch (SystemException se) {
801                                    if (_log.isWarnEnabled()) {
802                                            _log.warn(
803                                                    "Add failed, fetch {codeId=" + codeId + ", primKey=" +
804                                                            primKey + "}");
805                                    }
806    
807                                    resource = resourcePersistence.fetchByC_P(
808                                            codeId, primKey, false);
809    
810                                    if (resource == null) {
811                                            throw se;
812                                    }
813                            }
814                    }
815    
816                    return resource;
817            }
818    
819            protected Resource addResource_6(
820                    long companyId, String name, int scope, String primKey) {
821    
822                    Resource resource = new ResourceImpl();
823    
824                    resource.setCompanyId(companyId);
825                    resource.setName(name);
826                    resource.setScope(scope);
827                    resource.setPrimKey(primKey);
828    
829                    return resource;
830            }
831    
832            protected void addResources(
833                            long companyId, long groupId, long userId, String name,
834                            String primKey, boolean portletActions, boolean addGroupPermissions,
835                            boolean addGuestPermissions, PermissionedModel permissionedModel)
836                    throws PortalException, SystemException {
837    
838                    if (!PermissionThreadLocal.isAddResource()) {
839                            return;
840                    }
841    
842                    validate(name, portletActions);
843    
844                    // Company
845    
846                    addResource(
847                            companyId, name, ResourceConstants.SCOPE_COMPANY,
848                            String.valueOf(companyId));
849    
850                    if (groupId > 0) {
851                            addResource(
852                                    companyId, name, ResourceConstants.SCOPE_GROUP,
853                                    String.valueOf(groupId));
854                    }
855    
856                    if (primKey == null) {
857                            return;
858                    }
859    
860                    // Individual
861    
862                    Resource resource = addResource(
863                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
864    
865                    // Permissions
866    
867                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
868    
869                    PermissionThreadLocal.setIndexEnabled(false);
870    
871                    List<ResourcePermission> resourcePermissions =
872                            resourcePermissionPersistence.findByC_N_S_P(
873                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
874    
875                    ResourcePermissionsThreadLocal.setResourcePermissions(
876                            resourcePermissions);
877    
878                    try {
879                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
880                                    addResources_6(
881                                            companyId, groupId, userId, resource, portletActions,
882                                            permissionedModel);
883                            }
884                            else {
885                                    addResources_1to5(
886                                            companyId, groupId, userId, resource, portletActions);
887                            }
888    
889                            // Group permissions
890    
891                            if ((groupId > 0) && addGroupPermissions) {
892                                    addGroupPermissions(
893                                            companyId, groupId, userId, name, resource, portletActions,
894                                            permissionedModel);
895                            }
896    
897                            // Guest permissions
898    
899                            if (addGuestPermissions) {
900    
901                                    // Don't add guest permissions when you've already added group
902                                    // permissions and the given group is the guest group.
903    
904                                    addGuestPermissions(
905                                            companyId, groupId, userId, name, resource, portletActions,
906                                            permissionedModel);
907                            }
908                    }
909                    finally {
910                            ResourcePermissionsThreadLocal.setResourcePermissions(null);
911    
912                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
913    
914                            PermissionCacheUtil.clearCache();
915    
916                            SearchEngineUtil.updatePermissionFields(name, primKey);
917                    }
918            }
919    
920            protected void addResources_1to5(
921                            long companyId, long groupId, long userId, Resource resource,
922                            boolean portletActions)
923                    throws PortalException, SystemException {
924    
925                    List<Permission> permissionsList =
926                            permissionLocalService.addPermissions(
927                                    companyId, resource.getName(), resource.getResourceId(),
928                                    portletActions);
929    
930                    PermissionsListFilter permissionsListFilter =
931                            PermissionsListFilterFactory.getInstance();
932    
933                    List<Permission> userPermissionsList =
934                            permissionsListFilter.filterUserPermissions(
935                                    companyId, groupId, userId, resource.getName(),
936                                    resource.getPrimKey(), portletActions, permissionsList);
937    
938                    filterOwnerPermissions(resource.getName(), userPermissionsList);
939    
940                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
941    
942                            // Owner permissions
943    
944                            Role ownerRole = roleLocalService.getRole(
945                                    companyId, RoleConstants.OWNER);
946    
947                            rolePersistence.addPermissions(
948                                    ownerRole.getRoleId(), userPermissionsList);
949                    }
950                    else {
951    
952                            // User permissions
953    
954                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
955    
956                            if ((userId > 0) && (userId != defaultUserId)) {
957                                    userPersistence.addPermissions(userId, userPermissionsList);
958                            }
959                    }
960            }
961    
962            protected void addResources_6(
963                            long companyId, long groupId, long userId, Resource resource,
964                            boolean portletActions, PermissionedModel permissionedModel)
965                    throws PortalException, SystemException {
966    
967                    List<String> actionIds = null;
968    
969                    if (portletActions) {
970                            actionIds = ResourceActionsUtil.getPortletResourceActions(
971                                    resource.getName());
972                    }
973                    else {
974                            actionIds = ResourceActionsUtil.getModelResourceActions(
975                                    resource.getName());
976    
977                            actionIds = ListUtil.copy(actionIds);
978    
979                            filterOwnerActions(resource.getName(), actionIds);
980                    }
981    
982                    Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
983    
984                    if (resourceBlockLocalService.isSupported(resource.getName())) {
985                            if (permissionedModel == null) {
986                                    throw new IllegalArgumentException(
987                                            "Permissioned model is null");
988                            }
989    
990                            // Scope is assumed to always be individual
991    
992                            resourceBlockLocalService.setIndividualScopePermissions(
993                                    resource.getCompanyId(), groupId, resource.getName(),
994                                    permissionedModel, role.getRoleId(), actionIds);
995                    }
996                    else {
997                            resourcePermissionLocalService.setOwnerResourcePermissions(
998                                    resource.getCompanyId(), resource.getName(),
999                                    resource.getScope(), resource.getPrimKey(), role.getRoleId(),
1000                                    userId, actionIds.toArray(new String[actionIds.size()]));
1001                    }
1002            }
1003    
1004            protected void deleteResource(
1005                            long companyId, String name, int scope, String primKey,
1006                            PermissionedModel permissionedModel)
1007                    throws PortalException, SystemException{
1008    
1009                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1010                            if (resourceBlockLocalService.isSupported(name)) {
1011                                    if (permissionedModel == null) {
1012                                            throw new IllegalArgumentException(
1013                                                    "Permissioned model is null");
1014                                    }
1015    
1016                                    resourceBlockLocalService.releasePermissionedModelResourceBlock(
1017                                            permissionedModel);
1018    
1019                                    return;
1020                            }
1021                            else {
1022                                    resourcePermissionLocalService.deleteResourcePermissions(
1023                                            companyId, name, scope, primKey);
1024    
1025                                    return;
1026                            }
1027                    }
1028    
1029                    try {
1030                            Resource resource = getResource(companyId, name, scope, primKey);
1031    
1032                            deleteResource(resource.getResourceId());
1033                    }
1034                    catch (NoSuchResourceException nsre) {
1035                            if (_log.isWarnEnabled()) {
1036                                    _log.warn(nsre);
1037                            }
1038                    }
1039            }
1040    
1041            protected Resource fetchResource_1to5(
1042                            long companyId, String name, int scope, String primKey)
1043                    throws SystemException {
1044    
1045                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1046                            companyId, name, scope);
1047    
1048                    return resourcePersistence.fetchByC_P(
1049                            resourceCode.getCodeId(), primKey);
1050            }
1051    
1052            protected void filterOwnerActions(String name, List<String> actionIds) {
1053                    List<String> defaultOwnerActions =
1054                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1055    
1056                    if (defaultOwnerActions.isEmpty()) {
1057                            return;
1058                    }
1059    
1060                    Iterator<String> itr = actionIds.iterator();
1061    
1062                    while (itr.hasNext()) {
1063                            String actionId = itr.next();
1064    
1065                            if (!defaultOwnerActions.contains(actionId)) {
1066                                    itr.remove();
1067                            }
1068                    }
1069            }
1070    
1071            protected void filterOwnerPermissions(
1072                    String name, List<Permission> permissions) {
1073    
1074                    List<String> defaultOwnerActions =
1075                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1076    
1077                    if (defaultOwnerActions.isEmpty()) {
1078                            return;
1079                    }
1080    
1081                    Iterator<Permission> itr = permissions.iterator();
1082    
1083                    while (itr.hasNext()) {
1084                            Permission permission = itr.next();
1085    
1086                            String actionId = permission.getActionId();
1087    
1088                            if (!defaultOwnerActions.contains(actionId)) {
1089                                    itr.remove();
1090                            }
1091                    }
1092            }
1093    
1094            protected long getGroupId(AuditedModel auditedModel) {
1095                    long groupId = 0;
1096    
1097                    if (auditedModel instanceof GroupedModel) {
1098                            GroupedModel groupedModel = (GroupedModel)auditedModel;
1099    
1100                            groupId = groupedModel.getGroupId();
1101                    }
1102    
1103                    return groupId;
1104            }
1105    
1106            protected PermissionedModel getPermissionedModel(
1107                    AuditedModel auditedModel) {
1108    
1109                    PermissionedModel permissionedModel = null;
1110    
1111                    if (auditedModel instanceof PermissionedModel) {
1112                            permissionedModel = (PermissionedModel)auditedModel;
1113                    }
1114    
1115                    return permissionedModel;
1116            }
1117    
1118            protected Resource getResource_1to5(
1119                            long companyId, String name, int scope, String primKey)
1120                    throws PortalException, SystemException {
1121    
1122                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1123                            companyId, name, scope);
1124    
1125                    return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1126            }
1127    
1128            protected Resource getResource_6(
1129                    long companyId, String name, int scope, String primKey) {
1130    
1131                    Resource resource = new ResourceImpl();
1132    
1133                    resource.setCompanyId(companyId);
1134                    resource.setName(name);
1135                    resource.setScope(scope);
1136                    resource.setPrimKey(primKey);
1137    
1138                    return resource;
1139            }
1140    
1141            protected void updateResources(
1142                            long companyId, long groupId, String name, String primKey,
1143                            String[] groupPermissions, String[] guestPermissions,
1144                            PermissionedModel permissionedModel)
1145                    throws PortalException, SystemException {
1146    
1147                    Resource resource = getResource(
1148                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1149    
1150                    if (groupPermissions == null) {
1151                            groupPermissions = new String[0];
1152                    }
1153    
1154                    if (guestPermissions == null) {
1155                            guestPermissions = new String[0];
1156                    }
1157    
1158                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1159                            if (resourceBlockLocalService.isSupported(name)) {
1160                                    updateResources_6Blocks(
1161                                            companyId, groupId, resource, groupPermissions,
1162                                            guestPermissions, permissionedModel);
1163                            }
1164                            else {
1165                                    updateResources_6(
1166                                            companyId, groupId, resource, groupPermissions,
1167                                            guestPermissions);
1168                            }
1169                    }
1170                    else {
1171                            updateResources_1to5(
1172                                    companyId, groupId, resource, groupPermissions,
1173                                    guestPermissions);
1174                    }
1175            }
1176    
1177            protected void updateResources_1to5(
1178                            long companyId, long groupId, Resource resource,
1179                            String[] groupPermissions, String[] guestPermissions)
1180                    throws PortalException, SystemException {
1181    
1182                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1183    
1184                    permissionLocalService.setRolePermissions(
1185                            role.getRoleId(), groupPermissions, resource.getResourceId());
1186    
1187                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1188    
1189                    permissionLocalService.setRolePermissions(
1190                            role.getRoleId(), guestPermissions, resource.getResourceId());
1191            }
1192    
1193            protected void updateResources_1to5(
1194                            long companyId, String name, int scope, String primKey,
1195                            String newPrimKey)
1196                    throws PortalException, SystemException {
1197    
1198                    Resource resource = getResource(companyId, name, scope, primKey);
1199    
1200                    resource.setPrimKey(newPrimKey);
1201    
1202                    resourcePersistence.update(resource, false);
1203            }
1204    
1205            protected void updateResources_6(
1206                            long companyId, long groupId, Resource resource,
1207                            String[] groupPermissions, String[] guestPermissions)
1208                    throws PortalException, SystemException {
1209    
1210                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1211    
1212                    resourcePermissionLocalService.setResourcePermissions(
1213                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1214                            resource.getPrimKey(), role.getRoleId(), groupPermissions);
1215    
1216                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1217    
1218                    resourcePermissionLocalService.setResourcePermissions(
1219                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1220                            resource.getPrimKey(), role.getRoleId(), guestPermissions);
1221            }
1222    
1223            protected void updateResources_6(
1224                            long companyId, String name, int scope, String primKey,
1225                            String newPrimKey)
1226                    throws SystemException {
1227    
1228                    List<ResourcePermission> resourcePermissions =
1229                            resourcePermissionLocalService.getResourcePermissions(
1230                                    companyId, name, scope, primKey);
1231    
1232                    for (ResourcePermission resourcePermission : resourcePermissions) {
1233                            resourcePermission.setPrimKey(newPrimKey);
1234    
1235                            resourcePermissionPersistence.update(resourcePermission, false);
1236                    }
1237            }
1238    
1239            protected void updateResources_6Blocks(
1240                            long companyId, long groupId, Resource resource,
1241                            String[] groupPermissions, String[] guestPermissions,
1242                            PermissionedModel permissionedModel)
1243                    throws PortalException, SystemException {
1244    
1245                    if (permissionedModel == null) {
1246                            throw new IllegalArgumentException("Permissioned model is null");
1247                    }
1248    
1249                    // Scope is assumed to always be individual
1250    
1251                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1252    
1253                    resourceBlockLocalService.setIndividualScopePermissions(
1254                            companyId, groupId, resource.getName(), permissionedModel,
1255                            role.getRoleId(), Arrays.asList(groupPermissions));
1256    
1257                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1258    
1259                    resourceBlockLocalService.setIndividualScopePermissions(
1260                            companyId, groupId, resource.getName(), permissionedModel,
1261                            role.getRoleId(), Arrays.asList(guestPermissions));
1262            }
1263    
1264            protected void validate(String name, boolean portletActions)
1265                    throws PortalException {
1266    
1267                    List<String> actions = null;
1268    
1269                    if (portletActions) {
1270                            actions = ResourceActionsUtil.getPortletResourceActions(name);
1271                    }
1272                    else {
1273                            actions = ResourceActionsUtil.getModelResourceActions(name);
1274                    }
1275    
1276                    if (actions.size() == 0) {
1277                            throw new ResourceActionsException(
1278                                    "There are no actions associated with the resource " + name);
1279                    }
1280            }
1281    
1282            private static Log _log = LogFactoryUtil.getLog(
1283                    ResourceLocalServiceImpl.class);
1284    
1285    }