001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.NoSuchPermissionException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.search.SearchEngineUtil;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.Company;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.OrgGroupPermission;
029 import com.liferay.portal.model.Organization;
030 import com.liferay.portal.model.Permission;
031 import com.liferay.portal.model.Resource;
032 import com.liferay.portal.model.ResourceCode;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.RoleConstants;
036 import com.liferay.portal.model.User;
037 import com.liferay.portal.model.UserGroup;
038 import com.liferay.portal.security.permission.PermissionCacheUtil;
039 import com.liferay.portal.security.permission.PermissionCheckerBag;
040 import com.liferay.portal.security.permission.PermissionThreadLocal;
041 import com.liferay.portal.security.permission.ResourceActionsUtil;
042 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044 import com.liferay.portal.util.PropsValues;
045 import com.liferay.portal.util.comparator.PermissionComparator;
046
047 import java.util.ArrayList;
048 import java.util.HashSet;
049 import java.util.Iterator;
050 import java.util.List;
051 import java.util.Map;
052 import java.util.Set;
053
054 import org.apache.commons.lang.time.StopWatch;
055
056
063 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
064
065
081 public Permission addPermission(
082 long companyId, String actionId, long resourceId)
083 throws SystemException {
084
085 Permission permission = permissionPersistence.fetchByA_R(
086 actionId, resourceId);
087
088 if (permission == null) {
089 long permissionId = counterLocalService.increment(
090 Permission.class.getName());
091
092 permission = permissionPersistence.create(permissionId);
093
094 permission.setCompanyId(companyId);
095 permission.setActionId(actionId);
096 permission.setResourceId(resourceId);
097
098 permissionPersistence.update(permission, false);
099 }
100
101 return permission;
102 }
103
104
119 public List<Permission> addPermissions(
120 long companyId, List<String> actionIds, long resourceId)
121 throws SystemException {
122
123 List<Permission> permissions = permissionPersistence.findByResourceId(
124 resourceId);
125
126 permissions = ListUtil.copy(permissions);
127
128 Set<String> actionIdsSet = new HashSet<String>();
129
130 for (Permission permission : permissions) {
131 actionIdsSet.add(permission.getActionId());
132 }
133
134 for (String actionId : actionIds) {
135 if (actionIdsSet.contains(actionId)) {
136 continue;
137 }
138
139 long permissionId = counterLocalService.increment(
140 Permission.class.getName());
141
142 Permission permission = permissionPersistence.create(permissionId);
143
144 permission.setCompanyId(companyId);
145 permission.setActionId(actionId);
146 permission.setResourceId(resourceId);
147
148 try {
149 permissionPersistence.update(permission, false);
150 }
151 catch (SystemException se) {
152 if (_log.isWarnEnabled()) {
153 _log.warn(
154 "Add failed, fetch {actionId=" + actionId +
155 ", resourceId=" + resourceId + "}");
156 }
157
158 permission = permissionPersistence.fetchByA_R(
159 actionId, resourceId, false);
160
161 if (permission == null) {
162 throw se;
163 }
164 }
165
166 permissions.add(permission);
167 }
168
169 return permissions;
170 }
171
172
190 public List<Permission> addPermissions(
191 long companyId, String name, long resourceId,
192 boolean portletActions)
193 throws SystemException {
194
195 List<String> actionIds = null;
196
197 if (portletActions) {
198 actionIds = ResourceActionsUtil.getPortletResourceActions(name);
199 }
200 else {
201 actionIds = ResourceActionsUtil.getModelResourceActions(name);
202 }
203
204 return addPermissions(companyId, actionIds, resourceId);
205 }
206
207
217 public void addUserPermissions(
218 long userId, String[] actionIds, long resourceId)
219 throws PortalException, SystemException {
220
221 User user = userPersistence.findByPrimaryKey(userId);
222
223 List<Permission> permissions = permissionFinder.findByU_R(
224 userId, resourceId);
225
226 permissions = getPermissions(
227 user.getCompanyId(), actionIds, resourceId);
228
229 userPersistence.addPermissions(userId, permissions);
230
231 PermissionCacheUtil.clearCache();
232 }
233
234
243 public void checkPermissions(String name, List<String> actionIds)
244 throws PortalException, SystemException {
245
246 List<Resource> resources = resourceFinder.findByN_S(
247 name, ResourceConstants.SCOPE_INDIVIDUAL);
248
249 for (Resource resource : resources) {
250 for (String actionId : actionIds) {
251 Permission permission = permissionPersistence.fetchByA_R(
252 actionId, resource.getResourceId());
253
254 if (permission != null) {
255 continue;
256 }
257
258 checkPermission(resource, actionId);
259 }
260 }
261
262 PermissionCacheUtil.clearCache();
263 }
264
265
271 public List<String> getActions(List<Permission> permissions) {
272 List<String> actionIds = new ArrayList<String>();
273
274 Iterator<Permission> itr = permissions.iterator();
275
276 while (itr.hasNext()) {
277 Permission permission = itr.next();
278
279 actionIds.add(permission.getActionId());
280 }
281
282 return actionIds;
283 }
284
285
293 public List<Permission> getGroupPermissions(long groupId, long resourceId)
294 throws SystemException {
295
296 return permissionFinder.findByG_R(groupId, resourceId);
297 }
298
299
312 public List<Permission> getGroupPermissions(
313 long groupId, long companyId, String name, int scope,
314 String primKey)
315 throws SystemException {
316
317 return permissionFinder.findByG_C_N_S_P(
318 groupId, companyId, name, scope, primKey);
319 }
320
321
327 public long getLatestPermissionId() throws SystemException {
328 List<Permission> permissions = permissionPersistence.findAll(
329 0, 1, new PermissionComparator());
330
331 if (permissions.size() == 0) {
332 return 0;
333 }
334 else {
335 Permission permission = permissions.get(0);
336
337 return permission.getPermissionId();
338 }
339 }
340
341
352 public List<Permission> getOrgGroupPermissions(
353 long organizationId, long groupId, long resourceId)
354 throws SystemException {
355
356 return permissionFinder.findByO_G_R(
357 organizationId, groupId, resourceId);
358 }
359
360
371 public List<Permission> getPermissions(
372 long companyId, String[] actionIds, long resourceId)
373 throws SystemException {
374
375 List<Permission> permissions = new ArrayList<Permission>();
376
377 for (String actionId : actionIds) {
378 Permission permission = addPermission(
379 companyId, actionId, resourceId);
380
381 permissions.add(permission);
382 }
383
384 return permissions;
385 }
386
387
394 public List<Permission> getRolePermissions(long roleId)
395 throws SystemException {
396
397 return rolePersistence.getPermissions(roleId);
398 }
399
400 public List<Permission> getRolePermissions(long roleId, int[] scopes)
401 throws SystemException {
402
403 return permissionFinder.findByR_S(roleId, scopes);
404 }
405
406
414 public List<Permission> getRolePermissions(long roleId, long resourceId)
415 throws SystemException {
416
417 return permissionFinder.findByR_R(roleId, resourceId);
418 }
419
420
427 public List<Permission> getUserPermissions(long userId)
428 throws SystemException {
429
430 return userPersistence.getPermissions(userId);
431 }
432
433
441 public List<Permission> getUserPermissions(long userId, long resourceId)
442 throws SystemException {
443
444 return permissionFinder.findByU_R(userId, resourceId);
445 }
446
447
459 public List<Permission> getUserPermissions(
460 long userId, long companyId, String name, int scope, String primKey)
461 throws SystemException {
462
463 return permissionFinder.findByU_C_N_S_P(
464 userId, companyId, name, scope, primKey);
465 }
466
467
478 public boolean hasGroupPermission(
479 long groupId, String actionId, long resourceId)
480 throws SystemException {
481
482 Permission permission = permissionPersistence.fetchByA_R(
483 actionId, resourceId);
484
485
486
487
488 if (permission == null) {
489 return false;
490 }
491
492 return groupPersistence.containsPermission(
493 groupId, permission.getPermissionId());
494 }
495
496
510 public boolean hasRolePermission(
511 long roleId, long companyId, String name, int scope,
512 String actionId)
513 throws SystemException {
514
515 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
516 companyId, name, scope);
517
518 if (permissionFinder.countByR_A_C(
519 roleId, actionId, resourceCode.getCodeId()) > 0) {
520
521 return true;
522 }
523 else {
524 return false;
525 }
526 }
527
528
543 public boolean hasRolePermission(
544 long roleId, long companyId, String name, int scope, String primKey,
545 String actionId)
546 throws SystemException {
547
548 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
549 companyId, name, scope);
550
551 Resource resource = resourcePersistence.fetchByC_P(
552 resourceCode.getCodeId(), primKey);
553
554 if (resource == null) {
555 return false;
556 }
557
558 Permission permission = permissionPersistence.fetchByA_R(
559 actionId, resource.getResourceId());
560
561 if (permission == null) {
562 return false;
563 }
564
565 return rolePersistence.containsPermission(
566 roleId, permission.getPermissionId());
567 }
568
569
580 public boolean hasUserPermission(
581 long userId, String actionId, long resourceId)
582 throws SystemException {
583
584 Permission permission = permissionPersistence.fetchByA_R(
585 actionId, resourceId);
586
587
588
589
590 if (permission == null) {
591 return false;
592 }
593
594 return userPersistence.containsPermission(
595 userId, permission.getPermissionId());
596 }
597
598
621 public boolean hasUserPermissions(
622 long userId, long groupId, List<Resource> resources,
623 String actionId, PermissionCheckerBag permissionCheckerBag)
624 throws PortalException, SystemException {
625
626 StopWatch stopWatch = null;
627
628 if (_log.isDebugEnabled()) {
629 stopWatch = new StopWatch();
630
631 stopWatch.start();
632 }
633
634 int block = 1;
635
636
637
638 if (Validator.isNull(actionId) || resources.isEmpty()) {
639 return false;
640 }
641
642 long[] resourceIds = null;
643
644 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
645 resourceIds = new long[resources.size()];
646
647 for (int i = 0; i < resources.size(); i++) {
648 Resource resource = resources.get(i);
649
650 resourceIds[i] = resource.getResourceId();
651 }
652 }
653
654 List<Permission> permissions = null;
655
656 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
657 permissions = permissionFinder.findByA_R(actionId, resourceIds);
658
659
660
661 if (permissions.size() == 0) {
662 return false;
663 }
664 }
665
666
667
668 long resourceId = 0;
669
670 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
671 resourceId = resourceIds[0];
672 }
673 else {
674 resourceId = resources.get(0).getResourceId();
675 }
676
677 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
678
679
680
681
682
683
684 List<Group> groups = permissionCheckerBag.getGroups();
685 List<Role> roles = permissionCheckerBag.getRoles();
686
687 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
688
689
690
691
692
693
694
695
696
697 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
698
699 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
700 return hasUserPermissions_1(
701 userId, resourceId, actionId, permissions, groups, groupId,
702 stopWatch, block);
703 }
704 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
705 return hasUserPermissions_2(
706 userId, resourceId, actionId, permissions, groups, groupId,
707 stopWatch, block);
708 }
709 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
710 return hasUserPermissions_3(
711 userId, resourceId, actionId, permissions, groups, roles,
712 stopWatch, block);
713 }
714 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
715 return hasUserPermissions_4(
716 userId, resourceId, actionId, permissions, groups, roles,
717 stopWatch, block);
718 }
719 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
720 return hasUserPermissions_5(
721 userId, resourceId, actionId, permissions, roles, stopWatch,
722 block);
723 }
724 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
725 return hasUserPermissions_6(
726 userId, resourceId, resources, actionId,
727 permissionCheckerBag.getRoleIds(), stopWatch, block);
728 }
729
730 return false;
731 }
732
733
747 public void setContainerResourcePermissions(
748 String name, String roleName, String actionId)
749 throws PortalException, SystemException {
750
751 List<Company> companies = companyPersistence.findAll();
752
753 for (Company company : companies) {
754 setContainerResourcePermissions(
755 company.getCompanyId(), name, roleName, actionId);
756 }
757 }
758
759
770 public void setGroupPermissions(
771 long groupId, String[] actionIds, long resourceId)
772 throws PortalException, SystemException {
773
774 Group group = groupPersistence.findByPrimaryKey(groupId);
775
776 List<Permission> permissions = permissionFinder.findByG_R(
777 groupId, resourceId);
778
779 for (Permission permission : permissions) {
780 groupPersistence.removePermission(groupId, permission);
781 }
782
783 permissions = getPermissions(
784 group.getCompanyId(), actionIds, resourceId);
785
786 groupPersistence.addPermissions(groupId, permissions);
787
788 PermissionCacheUtil.clearCache();
789 }
790
791
807 public void setGroupPermissions(
808 String className, String classPK, long groupId,
809 String[] actionIds, long resourceId)
810 throws PortalException, SystemException {
811
812 long associatedGroupId = 0;
813
814 if (className.equals(Organization.class.getName())) {
815 long organizationId = GetterUtil.getLong(classPK);
816
817 Organization organization =
818 organizationPersistence.findByPrimaryKey(organizationId);
819
820 orgGroupPermissionFinder.removeByO_G_R(
821 organizationId, groupId, resourceId);
822
823 associatedGroupId = organization.getGroup().getGroupId();
824 }
825 else if (className.equals(UserGroup.class.getName())) {
826 long userGroupId = GetterUtil.getLong(classPK);
827
828 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
829 userGroupId);
830
831 associatedGroupId = userGroup.getGroup().getGroupId();
832 }
833
834 setGroupPermissions(associatedGroupId, actionIds, resourceId);
835 }
836
837
851 public void setOrgGroupPermissions(
852 long organizationId, long groupId, String[] actionIds,
853 long resourceId)
854 throws PortalException, SystemException {
855
856 Organization organization =
857 organizationPersistence.findByPrimaryKey(organizationId);
858
859 long orgGroupId = organization.getGroup().getGroupId();
860
861 List<Permission> permissions = permissionPersistence.findByResourceId(
862 resourceId);
863
864 for (Permission permission : permissions) {
865 groupPersistence.removePermission(orgGroupId, permission);
866 }
867
868 permissions = getPermissions(
869 organization.getCompanyId(), actionIds, resourceId);
870
871 orgGroupPermissionFinder.removeByO_G_R(
872 organizationId, groupId, resourceId);
873
874 for (Permission permission : permissions) {
875 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
876 organizationId, groupId, permission.getPermissionId());
877
878 OrgGroupPermission orgGroupPermission =
879 orgGroupPermissionPersistence.create(pk);
880
881 orgGroupPermissionPersistence.update(orgGroupPermission, false);
882 }
883
884 PermissionCacheUtil.clearCache();
885 }
886
887
901 public void setRolePermission(
902 long roleId, long companyId, String name, int scope, String primKey,
903 String actionId)
904 throws PortalException, SystemException {
905
906 if (scope == ResourceConstants.SCOPE_COMPANY) {
907
908
909
910 unsetRolePermissions(
911 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
912 actionId);
913 }
914 else if (scope == ResourceConstants.SCOPE_GROUP) {
915
916
917
918 unsetRolePermissions(
919 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
920 actionId);
921 }
922 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
923 throw new NoSuchPermissionException();
924 }
925
926 Resource resource = resourceLocalService.addResource(
927 companyId, name, scope, primKey);
928
929 long resourceId = resource.getResourceId();
930
931 Permission permission = permissionPersistence.fetchByA_R(
932 actionId, resourceId);
933
934 if (permission == null) {
935 long permissionId = counterLocalService.increment(
936 Permission.class.getName());
937
938 permission = permissionPersistence.create(permissionId);
939
940 permission.setCompanyId(companyId);
941 permission.setActionId(actionId);
942 permission.setResourceId(resourceId);
943
944 permissionPersistence.update(permission, false);
945 }
946
947 rolePersistence.addPermission(roleId, permission);
948
949 PermissionCacheUtil.clearCache();
950
951 SearchEngineUtil.updatePermissionFields(resourceId);
952 }
953
954
969 public void setRolePermissions(
970 long roleId, long companyId, String name, int scope, String primKey,
971 String[] actionIds)
972 throws PortalException, SystemException {
973
974 for (String actionId : actionIds) {
975 setRolePermission(
976 roleId, companyId, name, scope, primKey, actionId);
977 }
978 }
979
980
991 public void setRolePermissions(
992 long roleId, String[] actionIds, long resourceId)
993 throws PortalException, SystemException {
994
995 Role role = rolePersistence.findByPrimaryKey(roleId);
996
997 List<Permission> permissions = permissionFinder.findByR_R(
998 roleId, resourceId);
999
1000 rolePersistence.removePermissions(roleId, permissions);
1001
1002 permissions = getPermissions(
1003 role.getCompanyId(), actionIds, resourceId);
1004
1005 rolePersistence.addPermissions(roleId, permissions);
1006
1007 PermissionCacheUtil.clearCache();
1008
1009 SearchEngineUtil.updatePermissionFields(resourceId);
1010 }
1011
1012
1023 public void setRolesPermissions(
1024 long companyId, Map<Long, String[]> roleIdsToActionIds,
1025 long resourceId)
1026 throws SystemException {
1027
1028 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1029
1030 PermissionThreadLocal.setIndexEnabled(false);
1031
1032 try {
1033 for (Map.Entry<Long, String[]> entry :
1034 roleIdsToActionIds.entrySet()) {
1035
1036 long roleId = entry.getKey();
1037 String[] actionIds = entry.getValue();
1038
1039 List<Permission> permissions = permissionFinder.findByR_R(
1040 roleId, resourceId);
1041
1042 rolePersistence.removePermissions(roleId, permissions);
1043
1044 permissions = getPermissions(companyId, actionIds, resourceId);
1045
1046 rolePersistence.addPermissions(roleId, permissions);
1047 }
1048 }
1049 finally {
1050 PermissionThreadLocal.setIndexEnabled(flushEnabled);
1051
1052 PermissionCacheUtil.clearCache();
1053
1054 SearchEngineUtil.updatePermissionFields(resourceId);
1055 }
1056 }
1057
1058
1071 public void setRolesPermissions(
1072 long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1073 int scope, String primKey)
1074 throws SystemException {
1075
1076 Resource resource = resourceLocalService.fetchResource(
1077 companyId, name, scope, String.valueOf(primKey));
1078
1079 if (resource == null) {
1080 resource = resourceLocalService.addResource(
1081 companyId, name, scope, String.valueOf(primKey));
1082 }
1083
1084 if (resource == null) {
1085 return;
1086 }
1087
1088 setRolesPermissions(
1089 companyId, roleIdsToActionIds, resource.getResourceId());
1090 }
1091
1092
1103 public void setUserPermissions(
1104 long userId, String[] actionIds, long resourceId)
1105 throws PortalException, SystemException {
1106
1107 User user = userPersistence.findByPrimaryKey(userId);
1108
1109 List<Permission> permissions = permissionFinder.findByU_R(
1110 userId, resourceId);
1111
1112 userPersistence.removePermissions(userId, permissions);
1113
1114 permissions = getPermissions(
1115 user.getCompanyId(), actionIds, resourceId);
1116
1117 userPersistence.addPermissions(userId, permissions);
1118
1119 PermissionCacheUtil.clearCache();
1120 }
1121
1122
1129 public void unsetRolePermission(long roleId, long permissionId)
1130 throws SystemException {
1131
1132 Permission permission = permissionPersistence.fetchByPrimaryKey(
1133 permissionId);
1134
1135 if (permission != null) {
1136 rolePersistence.removePermission(roleId, permission);
1137 }
1138
1139 PermissionCacheUtil.clearCache();
1140 }
1141
1142
1154 public void unsetRolePermission(
1155 long roleId, long companyId, String name, int scope, String primKey,
1156 String actionId)
1157 throws SystemException {
1158
1159 ResourceCode resourceCode =
1160 resourceCodeLocalService.getResourceCode(
1161 companyId, name, scope);
1162
1163 Resource resource = resourcePersistence.fetchByC_P(
1164 resourceCode.getCodeId(), primKey);
1165
1166 if (resource != null) {
1167 Permission permission = permissionPersistence.fetchByA_R(
1168 actionId, resource.getResourceId());
1169
1170 if (permission != null) {
1171 rolePersistence.removePermission(roleId, permission);
1172 }
1173 }
1174
1175 PermissionCacheUtil.clearCache();
1176 }
1177
1178
1189 public void unsetRolePermissions(
1190 long roleId, long companyId, String name, int scope,
1191 String actionId)
1192 throws SystemException {
1193
1194 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1195 companyId, name, scope);
1196
1197 List<Permission> permissions = permissionFinder.findByA_C(
1198 actionId, resourceCode.getCodeId());
1199
1200 for (Permission permission : permissions) {
1201 rolePersistence.removePermission(roleId, permission);
1202 }
1203
1204 PermissionCacheUtil.clearCache();
1205 }
1206
1207
1215 public void unsetUserPermissions(
1216 long userId, String[] actionIds, long resourceId)
1217 throws SystemException {
1218
1219 List<Permission> permissions = permissionFinder.findByU_A_R(
1220 userId, actionIds, resourceId);
1221
1222 userPersistence.removePermissions(userId, permissions);
1223
1224 PermissionCacheUtil.clearCache();
1225 }
1226
1227 protected void addRolePermissions(String roleName, Permission permission)
1228 throws SystemException {
1229
1230 List<Role> roles = rolePersistence.findByName(roleName);
1231
1232 for (Role role : roles) {
1233 rolePersistence.addPermission(role.getRoleId(), permission);
1234 }
1235 }
1236
1237 protected boolean checkOrgGroupPermission(
1238 List<Organization> organizations, List<Group> groups,
1239 List<Permission> permissions)
1240 throws PortalException, SystemException {
1241
1242 for (Permission permission : permissions) {
1243 if (checkOrgGroupPermission(organizations, groups, permission)) {
1244 return true;
1245 }
1246 }
1247
1248 return false;
1249 }
1250
1251 protected boolean checkOrgGroupPermission(
1252 List<Organization> organizations, List<Group> groups,
1253 Permission permission)
1254 throws PortalException, SystemException {
1255
1256
1257
1258
1259 if ((organizations.size() == 0) || (groups.size() == 0)) {
1260 return false;
1261 }
1262
1263
1264
1265
1266 List<OrgGroupPermission> orgGroupPermissions =
1267 orgGroupPermissionPersistence.findByPermissionId(
1268 permission.getPermissionId());
1269
1270 if (orgGroupPermissions.size() == 0) {
1271 return false;
1272 }
1273
1274 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1275 if (orgGroupPermission.containsOrganization(organizations) &&
1276 orgGroupPermission.containsGroup(groups)) {
1277
1278 return true;
1279 }
1280 }
1281
1282
1283
1284
1285
1286 throw new NoSuchPermissionException(
1287 "User has a permission in OrgGroupPermission that does not match");
1288 }
1289
1290 protected void checkPermission(Resource resource, String actionId)
1291 throws PortalException, SystemException {
1292
1293 long permissionId = counterLocalService.increment(
1294 Permission.class.getName());
1295
1296 Permission permission = permissionPersistence.create(permissionId);
1297
1298 permission.setCompanyId(resource.getCompanyId());
1299 permission.setActionId(actionId);
1300 permission.setResourceId(resource.getResourceId());
1301
1302 permissionPersistence.update(permission, false);
1303
1304 List<String> groupDefaultActions =
1305 ResourceActionsUtil.getModelResourceGroupDefaultActions(
1306 resource.getName());
1307
1308 if (groupDefaultActions.contains(actionId)) {
1309 addRolePermissions(RoleConstants.SITE_MEMBER, permission);
1310 }
1311
1312 List<String> guestDefaultActions =
1313 ResourceActionsUtil.getModelResourceGuestDefaultActions(
1314 resource.getName());
1315
1316 if (guestDefaultActions.contains(actionId)) {
1317 addRolePermissions(RoleConstants.GUEST, permission);
1318 }
1319
1320 addRolePermissions(RoleConstants.OWNER, permission);
1321
1322 SearchEngineUtil.updatePermissionFields(
1323 resource.getResourceId());
1324 }
1325
1326 protected boolean hasUserPermissions_1(
1327 long userId, long resourceId, String actionId,
1328 List<Permission> permissions, List<Group> groups, long groupId,
1329 StopWatch stopWatch, int block)
1330 throws SystemException {
1331
1332
1333
1334
1335 if (groups.size() > 0) {
1336 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1337 return true;
1338 }
1339 }
1340
1341 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1342
1343
1344
1345
1346 if (groups.size() > 0) {
1347 if (permissionFinder.countByGroupsPermissions(
1348 permissions, groups) > 0) {
1349
1350 return true;
1351 }
1352 }
1353
1354 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1355
1356
1357
1358 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1359 return true;
1360 }
1361
1362 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1363
1364
1365
1366 if (permissionFinder.countByUserGroupRole(
1367 permissions, userId, groupId) > 0) {
1368
1369 return true;
1370 }
1371
1372 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1373
1374
1375
1376 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1377 return true;
1378 }
1379
1380 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1381
1382 return false;
1383 }
1384
1385 protected boolean hasUserPermissions_2(
1386 long userId, long resourceId, String actionId,
1387 List<Permission> permissions, List<Group> groups, long groupId,
1388 StopWatch stopWatch, int block)
1389 throws SystemException {
1390
1391
1392
1393
1394 if (permissionFinder.containsPermissions_2(
1395 permissions, userId, groups, groupId)) {
1396
1397 return true;
1398 }
1399
1400 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1401
1402 return false;
1403 }
1404
1405 protected boolean hasUserPermissions_3(
1406 long userId, long resourceId, String actionId,
1407 List<Permission> permissions, List<Group> groups, List<Role> roles,
1408 StopWatch stopWatch, int block)
1409 throws SystemException {
1410
1411
1412
1413
1414 if (groups.size() > 0) {
1415 if (permissionFinder.countByGroupsPermissions(
1416 permissions, groups) > 0) {
1417
1418 return true;
1419 }
1420 }
1421
1422 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1423
1424
1425
1426
1427 if (roles.size() > 0) {
1428 if (permissionFinder.countByRolesPermissions(
1429 permissions, roles) > 0) {
1430
1431 return true;
1432 }
1433 }
1434
1435 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1436
1437
1438
1439 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1440 return true;
1441 }
1442
1443 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1444
1445 return false;
1446 }
1447
1448 protected boolean hasUserPermissions_4(
1449 long userId, long resourceId, String actionId,
1450 List<Permission> permissions, List<Group> groups, List<Role> roles,
1451 StopWatch stopWatch, int block)
1452 throws SystemException {
1453
1454
1455
1456
1457 if (permissionFinder.containsPermissions_4(
1458 permissions, userId, groups, roles)) {
1459
1460 return true;
1461 }
1462
1463 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1464
1465 return false;
1466 }
1467
1468 protected boolean hasUserPermissions_5(
1469 long userId, long resourceId, String actionId,
1470 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1471 int block)
1472 throws SystemException {
1473
1474 if (roles.size() > 0) {
1475 if (permissionFinder.countByRolesPermissions(
1476 permissions, roles) > 0) {
1477
1478 return true;
1479 }
1480 }
1481
1482 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1483
1484 return false;
1485 }
1486
1487 protected boolean hasUserPermissions_6(
1488 long userId, long resourceId, List<Resource> resources,
1489 String actionId, long[] roleIds, StopWatch stopWatch,
1490 int block)
1491 throws PortalException, SystemException {
1492
1493 boolean hasUserPermissions =
1494 resourcePermissionLocalService.hasResourcePermission(
1495 resources, roleIds, actionId);
1496
1497 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1498
1499 return hasUserPermissions;
1500 }
1501
1502 protected void logHasUserPermissions(
1503 long userId, long resourceId, String actionId, StopWatch stopWatch,
1504 int block) {
1505
1506 if (!_log.isDebugEnabled()) {
1507 return;
1508 }
1509
1510 _log.debug(
1511 "Checking user permissions block " + block + " for " + userId +
1512 " " + resourceId + " " + actionId + " takes " +
1513 stopWatch.getTime() + " ms");
1514 }
1515
1516 protected void setContainerResourcePermissions(
1517 long companyId, String name, String roleName, String actionId)
1518 throws PortalException, SystemException {
1519
1520 ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1521 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1522
1523 if (resourceCode == null) {
1524 return;
1525 }
1526
1527 List<Group> groups = groupPersistence.findByCompanyId(companyId);
1528
1529 for (Group group : groups) {
1530 String primKey = Long.toString(group.getGroupId());
1531
1532 Resource resource = resourcePersistence.fetchByC_P(
1533 resourceCode.getCodeId(), primKey);
1534
1535 if (resource == null) {
1536 continue;
1537 }
1538
1539 Permission permission = permissionPersistence.fetchByA_R(
1540 actionId, resource.getResourceId());
1541
1542 if (permission == null) {
1543 long permissionId = counterLocalService.increment(
1544 Permission.class.getName());
1545
1546 permission = permissionPersistence.create(permissionId);
1547
1548 permission.setCompanyId(companyId);
1549 permission.setActionId(actionId);
1550 permission.setResourceId(resource.getResourceId());
1551
1552 permissionPersistence.update(permission, false);
1553 }
1554
1555 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1556 roleName.equals(RoleConstants.ORGANIZATION_USER) ||
1557 roleName.equals(RoleConstants.OWNER) ||
1558 roleName.equals(RoleConstants.SITE_MEMBER)) {
1559
1560 Role role = rolePersistence.findByC_N(companyId, roleName);
1561
1562 permissionPersistence.addRole(
1563 permission.getPermissionId(), role);
1564 }
1565 else {
1566 long defaultUserId = userLocalService.getDefaultUserId(
1567 companyId);
1568
1569 permissionPersistence.addUser(
1570 permission.getPermissionId(), defaultUserId);
1571 }
1572 }
1573 }
1574
1575 private static Log _log = LogFactoryUtil.getLog(
1576 PermissionLocalServiceImpl.class);
1577
1578 }