001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.admin.util;
016    
017    import com.liferay.portal.model.Group;
018    import com.liferay.portal.model.GroupConstants;
019    import com.liferay.portal.model.Permission;
020    import com.liferay.portal.model.ResourceConstants;
021    import com.liferay.portal.model.ResourcePermission;
022    import com.liferay.portal.model.Role;
023    import com.liferay.portal.model.RoleConstants;
024    import com.liferay.portal.security.permission.ActionKeys;
025    import com.liferay.portal.service.GroupLocalServiceUtil;
026    import com.liferay.portal.service.PermissionLocalServiceUtil;
027    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
028    import com.liferay.portal.service.RoleLocalServiceUtil;
029    import com.liferay.portal.util.PortalUtil;
030    import com.liferay.portal.util.PropsValues;
031    
032    import java.util.List;
033    
034    import javax.portlet.ActionRequest;
035    
036    /**
037     * @author Raymond Augé
038     */
039    public class CleanUpPermissionsUtil {
040    
041            public static void cleanUpAddToPagePermissions(ActionRequest actionRequest)
042                    throws Exception {
043    
044                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
045                            _cleanUpAddToPagePermissions_5(actionRequest);
046                    }
047                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
048                            _cleanUpAddToPagePermissions_6(actionRequest);
049                    }
050            }
051    
052            private static void _cleanUpAddToPagePermissions_5(
053                            ActionRequest actionRequest)
054                    throws Exception {
055    
056                    long companyId = PortalUtil.getCompanyId(actionRequest);
057    
058                    Role role = RoleLocalServiceUtil.getRole(
059                            companyId, RoleConstants.GUEST);
060    
061                    _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), false);
062    
063                    role = RoleLocalServiceUtil.getRole(
064                            companyId, RoleConstants.POWER_USER);
065    
066                    _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), false);
067    
068                    role = RoleLocalServiceUtil.getRole(
069                            companyId, RoleConstants.USER);
070    
071                    _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), true);
072            }
073    
074            private static void _cleanUpAddToPagePermissions_5(
075                            long companyId, long roleId, boolean limitScope)
076                    throws Exception {
077    
078                    List<Permission> rolePermissions =
079                            PermissionLocalServiceUtil.getRolePermissions(roleId);
080    
081                    Group userPersonalSite = GroupLocalServiceUtil.getGroup(
082                            companyId, GroupConstants.USER_PERSONAL_SITE);
083    
084                    String groupIdString = String.valueOf(userPersonalSite.getGroupId());
085    
086                    for (Permission permission : rolePermissions) {
087                            if (permission.getActionId() != ActionKeys.ADD_TO_PAGE) {
088                                    continue;
089                            }
090    
091                            PermissionLocalServiceUtil.unsetRolePermission(
092                                    roleId, companyId, permission.getName(), permission.getScope(),
093                                    permission.getPrimKey(), ActionKeys.ADD_TO_PAGE);
094    
095                            if (!limitScope || groupIdString.equals(permission.getPrimKey())) {
096                                    continue;
097                            }
098    
099                            PermissionLocalServiceUtil.setRolePermission(
100                                    roleId, companyId, permission.getName(),
101                                    ResourceConstants.SCOPE_GROUP, groupIdString,
102                                    ActionKeys.ADD_TO_PAGE);
103                    }
104            }
105    
106            private static void _cleanUpAddToPagePermissions_6(
107                            ActionRequest actionRequest)
108                    throws Exception {
109    
110                    long companyId = PortalUtil.getCompanyId(actionRequest);
111    
112                    Role role = RoleLocalServiceUtil.getRole(
113                            companyId, RoleConstants.GUEST);
114    
115                    _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), false);
116    
117                    role = RoleLocalServiceUtil.getRole(
118                            companyId, RoleConstants.POWER_USER);
119    
120                    _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), false);
121    
122                    role = RoleLocalServiceUtil.getRole(
123                            companyId, RoleConstants.USER);
124    
125                    _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), true);
126            }
127    
128            private static void _cleanUpAddToPagePermissions_6(
129                            long companyId, long roleId, boolean limitScope)
130                    throws Exception {
131    
132                    List<ResourcePermission> roleResourcePermissions =
133                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
134                                    roleId);
135    
136                    Group userPersonalSite = GroupLocalServiceUtil.getGroup(
137                            companyId, GroupConstants.USER_PERSONAL_SITE);
138    
139                    String groupIdString = String.valueOf(userPersonalSite.getGroupId());
140    
141                    for (ResourcePermission resourcePermission : roleResourcePermissions) {
142                            if (!resourcePermission.hasActionId(ActionKeys.ADD_TO_PAGE)) {
143                                    continue;
144                            }
145    
146                            ResourcePermissionLocalServiceUtil.removeResourcePermission(
147                                    companyId, resourcePermission.getName(),
148                                    resourcePermission.getScope(), resourcePermission.getPrimKey(),
149                                    roleId, ActionKeys.ADD_TO_PAGE);
150    
151                            if (!limitScope ||
152                                    groupIdString.equals(resourcePermission.getPrimKey())) {
153    
154                                    continue;
155                            }
156    
157                            ResourcePermissionLocalServiceUtil.addResourcePermission(
158                                    companyId, resourcePermission.getName(),
159                                    ResourceConstants.SCOPE_GROUP, groupIdString, roleId,
160                                    ActionKeys.ADD_TO_PAGE);
161                    }
162            }
163    
164    }