001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.NoSuchResourceException;
018 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
019 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
020 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
021 import com.liferay.portal.kernel.log.Log;
022 import com.liferay.portal.kernel.log.LogFactoryUtil;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.model.Group;
025 import com.liferay.portal.model.Layout;
026 import com.liferay.portal.model.Organization;
027 import com.liferay.portal.model.Permission;
028 import com.liferay.portal.model.Resource;
029 import com.liferay.portal.model.ResourceCode;
030 import com.liferay.portal.model.ResourcePermission;
031 import com.liferay.portal.model.Role;
032 import com.liferay.portal.model.RoleConstants;
033 import com.liferay.portal.security.permission.ActionKeys;
034 import com.liferay.portal.security.permission.PermissionCacheUtil;
035 import com.liferay.portal.security.permission.ResourceActionsUtil;
036 import com.liferay.portal.service.LayoutLocalServiceUtil;
037 import com.liferay.portal.service.PermissionLocalServiceUtil;
038 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
039 import com.liferay.portal.service.ResourceCodeLocalServiceUtil;
040 import com.liferay.portal.service.ResourceLocalServiceUtil;
041 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
042 import com.liferay.portal.service.RoleLocalServiceUtil;
043 import com.liferay.portal.service.UserLocalServiceUtil;
044 import com.liferay.portal.util.PortalInstances;
045 import com.liferay.portal.util.PropsValues;
046
047 import java.util.List;
048
049
055 public class VerifyPermission extends VerifyProcess {
056
057 protected void checkPermissions() throws Exception {
058 List<String> modelNames = ResourceActionsUtil.getModelNames();
059
060 for (String modelName : modelNames) {
061 List<String> actionIds =
062 ResourceActionsUtil.getModelResourceActions(modelName);
063
064 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
065 PermissionLocalServiceUtil.checkPermissions(
066 modelName, actionIds);
067 }
068 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
069 ResourceActionLocalServiceUtil.checkResourceActions(
070 modelName, actionIds, true);
071 }
072 }
073 }
074
075 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
076 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
077
078 for (long companyId : companyIds) {
079 try {
080 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
081 deleteDefaultPrivateLayoutPermissions_5(companyId);
082 }
083 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
084 deleteDefaultPrivateLayoutPermissions_6(companyId);
085 }
086 else {
087 deleteDefaultPrivateLayoutPermissions_1to4(companyId);
088 }
089 }
090 catch (Exception e) {
091 if (_log.isDebugEnabled()) {
092 _log.debug(e, e);
093 }
094 }
095 }
096 }
097
098 protected void deleteDefaultPrivateLayoutPermissions_1to4(long companyId)
099 throws Exception {
100
101 long defaultUserId = UserLocalServiceUtil.getDefaultUserId(companyId);
102
103 List<Permission> permissions =
104 PermissionLocalServiceUtil.getUserPermissions(defaultUserId);
105
106 for (Permission permission : permissions) {
107 Resource resource = ResourceLocalServiceUtil.getResource(
108 permission.getResourceId());
109
110 ResourceCode resourceCode =
111 ResourceCodeLocalServiceUtil.getResourceCode(
112 resource.getCodeId());
113
114 if (isPrivateLayout(
115 resourceCode.getName(), resource.getPrimKey())) {
116
117 String[] actionIds = new String[] {permission.getActionId()};
118
119 PermissionLocalServiceUtil.unsetUserPermissions(
120 defaultUserId, actionIds, permission.getResourceId());
121 }
122 }
123 }
124
125 protected void deleteDefaultPrivateLayoutPermissions_5(long companyId)
126 throws Exception {
127
128 Role role = RoleLocalServiceUtil.getRole(
129 companyId, RoleConstants.GUEST);
130
131 List<Permission> permissions =
132 PermissionLocalServiceUtil.getRolePermissions(role.getRoleId());
133
134 for (Permission permission : permissions) {
135 Resource resource = ResourceLocalServiceUtil.getResource(
136 permission.getResourceId());
137
138 ResourceCode resourceCode =
139 ResourceCodeLocalServiceUtil.getResourceCode(
140 resource.getCodeId());
141
142 if (isPrivateLayout(
143 resourceCode.getName(), resource.getPrimKey())) {
144
145 PermissionLocalServiceUtil.unsetRolePermission(
146 role.getRoleId(), permission.getPermissionId());
147 }
148 }
149 }
150
151 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
152 throws Exception {
153
154 Role role = RoleLocalServiceUtil.getRole(
155 companyId, RoleConstants.GUEST);
156
157 List<ResourcePermission> resourcePermissions =
158 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
159 role.getRoleId());
160
161 for (ResourcePermission resourcePermission : resourcePermissions) {
162 if (isPrivateLayout(
163 resourcePermission.getName(),
164 resourcePermission.getPrimKey())) {
165
166 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
167 resourcePermission.getResourcePermissionId());
168 }
169 }
170 }
171
172 @Override
173 protected void doVerify() throws Exception {
174 deleteDefaultPrivateLayoutPermissions();
175
176 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 5) &&
177 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6)) {
178
179 return;
180 }
181
182 checkPermissions();
183 fixOrganizationRolePermissions();
184 }
185
186 protected void fixOrganizationRolePermissions() throws Exception {
187 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
188 fixOrganizationRolePermissions_5();
189 }
190 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
191 fixOrganizationRolePermissions_6();
192 }
193
194 PermissionCacheUtil.clearCache();
195 }
196
197 protected void fixOrganizationRolePermissions_5() throws Exception {
198 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
199 ResourceCode.class);
200
201 dynamicQuery.add(
202 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
203
204 List<ResourceCode> resouceCodes =
205 ResourceCodeLocalServiceUtil.dynamicQuery(dynamicQuery);
206
207 for (ResourceCode resourceCode : resouceCodes) {
208 dynamicQuery = DynamicQueryFactoryUtil.forClass(Resource.class);
209
210 dynamicQuery.add(
211 RestrictionsFactoryUtil.eq("codeId", resourceCode.getCodeId()));
212
213 List<Resource> resources = ResourceLocalServiceUtil.dynamicQuery(
214 dynamicQuery);
215
216 for (Resource resource : resources) {
217 dynamicQuery = DynamicQueryFactoryUtil.forClass(
218 Permission.class);
219
220 dynamicQuery.add(
221 RestrictionsFactoryUtil.eq(
222 "resourceId", resource.getResourceId()));
223
224 List<Permission> permissions =
225 PermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
226
227 processPermissions(resource, permissions);
228 }
229 }
230 }
231
232 protected void fixOrganizationRolePermissions_6() throws Exception {
233 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
234 ResourcePermission.class);
235
236 dynamicQuery.add(
237 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
238
239 List<ResourcePermission> resourcePermissions =
240 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
241
242 for (ResourcePermission resourcePermission : resourcePermissions) {
243 ResourcePermission groupResourcePermission = null;
244
245 try {
246 groupResourcePermission =
247 ResourcePermissionLocalServiceUtil.getResourcePermission(
248 resourcePermission.getCompanyId(),
249 Group.class.getName(), resourcePermission.getScope(),
250 resourcePermission.getPrimKey(),
251 resourcePermission.getRoleId());
252 }
253 catch (Exception e) {
254 ResourcePermissionLocalServiceUtil.setResourcePermissions(
255 resourcePermission.getCompanyId(), Group.class.getName(),
256 resourcePermission.getScope(),
257 resourcePermission.getPrimKey(),
258 resourcePermission.getRoleId(), new String[0]);
259
260 groupResourcePermission =
261 ResourcePermissionLocalServiceUtil.getResourcePermission(
262 resourcePermission.getCompanyId(),
263 Group.class.getName(), resourcePermission.getScope(),
264 resourcePermission.getPrimKey(),
265 resourcePermission.getRoleId());
266 }
267
268 long organizationActions = resourcePermission.getActionIds();
269 long groupActions = groupResourcePermission.getActionIds();
270
271 for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
272 long organizationActionMask = (Long)actionIdToMask[1];
273 long groupActionMask = (Long)actionIdToMask[2];
274
275 if ((organizationActions & organizationActionMask) ==
276 organizationActionMask) {
277
278 organizationActions =
279 organizationActions & (~organizationActionMask);
280 groupActions = groupActions | groupActionMask;
281 }
282 }
283
284 try {
285 resourcePermission.resetOriginalValues();
286
287 resourcePermission.setActionIds(organizationActions);
288
289 ResourcePermissionLocalServiceUtil.updateResourcePermission(
290 resourcePermission, false);
291
292 groupResourcePermission.resetOriginalValues();
293 groupResourcePermission.setActionIds(groupActions);
294
295 ResourcePermissionLocalServiceUtil.updateResourcePermission(
296 groupResourcePermission, false);
297 }
298 catch (Exception e) {
299 _log.error(e, e);
300 }
301 }
302 }
303
304 protected boolean isPrivateLayout(String name, String primKey)
305 throws Exception {
306
307 if (!name.equals(Layout.class.getName())) {
308 return false;
309 }
310
311 long plid = GetterUtil.getLong(primKey);
312
313 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
314
315 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
316 return false;
317 }
318
319 return true;
320 }
321
322 protected void processPermissions(
323 Resource resource, List<Permission> permissions)
324 throws Exception {
325
326 Resource groupResource = null;
327
328 try {
329 groupResource = ResourceLocalServiceUtil.getResource(
330 resource.getCompanyId(), Group.class.getName(),
331 resource.getScope(), resource.getPrimKey());
332 }
333 catch (NoSuchResourceException nsre) {
334 groupResource = ResourceLocalServiceUtil.addResource(
335 resource.getCompanyId(), Group.class.getName(),
336 resource.getScope(), resource.getPrimKey());
337 }
338
339 for (Permission permission : permissions) {
340 for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
341 String actionId = (String)actionIdToMask[0];
342 long mask = (Long)actionIdToMask[2];
343
344 if (!actionId.equals(permission.getActionId())) {
345 continue;
346 }
347
348 try {
349 if (mask != 0L) {
350 permission.resetOriginalValues();
351
352 permission.setResourceId(groupResource.getResourceId());
353
354 PermissionLocalServiceUtil.updatePermission(
355 permission, false);
356 }
357 else {
358 PermissionLocalServiceUtil.deletePermission(
359 permission.getPermissionId());
360 }
361 }
362 catch (Exception e) {
363 _log.error(e, e);
364 }
365
366 break;
367 }
368 }
369 }
370
371 private static Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS =
372 new Object[][] {
373 new Object[] {"APPROVE_PROPOSAL", 2L, 0L},
374 new Object[] {ActionKeys.ASSIGN_MEMBERS, 4L, 4L},
375 new Object[] {"ASSIGN_REVIEWER", 8L, 0L},
376 new Object[] {ActionKeys.MANAGE_ARCHIVED_SETUPS, 128L, 128L},
377 new Object[] {ActionKeys.MANAGE_LAYOUTS, 256L, 256L},
378 new Object[] {ActionKeys.MANAGE_STAGING, 512L, 512L},
379 new Object[] {ActionKeys.MANAGE_TEAMS, 2048L, 1024L},
380 new Object[] {ActionKeys.PUBLISH_STAGING, 16384L, 4096L}
381 };
382
383 private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
384
385 }