001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.NoSuchResourceException;
018    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
019    import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
020    import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.model.Group;
025    import com.liferay.portal.model.Layout;
026    import com.liferay.portal.model.Organization;
027    import com.liferay.portal.model.Permission;
028    import com.liferay.portal.model.Resource;
029    import com.liferay.portal.model.ResourceCode;
030    import com.liferay.portal.model.ResourcePermission;
031    import com.liferay.portal.model.Role;
032    import com.liferay.portal.model.RoleConstants;
033    import com.liferay.portal.security.permission.ActionKeys;
034    import com.liferay.portal.security.permission.PermissionCacheUtil;
035    import com.liferay.portal.security.permission.ResourceActionsUtil;
036    import com.liferay.portal.service.LayoutLocalServiceUtil;
037    import com.liferay.portal.service.PermissionLocalServiceUtil;
038    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
039    import com.liferay.portal.service.ResourceCodeLocalServiceUtil;
040    import com.liferay.portal.service.ResourceLocalServiceUtil;
041    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
042    import com.liferay.portal.service.RoleLocalServiceUtil;
043    import com.liferay.portal.service.UserLocalServiceUtil;
044    import com.liferay.portal.util.PortalInstances;
045    import com.liferay.portal.util.PropsValues;
046    
047    import java.util.List;
048    
049    /**
050     * @author Tobias Kaefer
051     * @author Douglas Wong
052     * @author Matthew Kong
053     * @author Raymond Augé
054     */
055    public class VerifyPermission extends VerifyProcess {
056    
057            protected void checkPermissions() throws Exception {
058                    List<String> modelNames = ResourceActionsUtil.getModelNames();
059    
060                    for (String modelName : modelNames) {
061                            List<String> actionIds =
062                                    ResourceActionsUtil.getModelResourceActions(modelName);
063    
064                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
065                                    PermissionLocalServiceUtil.checkPermissions(
066                                            modelName, actionIds);
067                            }
068                            else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
069                                    ResourceActionLocalServiceUtil.checkResourceActions(
070                                            modelName, actionIds, true);
071                            }
072                    }
073            }
074    
075            protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
076                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
077    
078                    for (long companyId : companyIds) {
079                            try {
080                                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
081                                            deleteDefaultPrivateLayoutPermissions_5(companyId);
082                                    }
083                                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
084                                            deleteDefaultPrivateLayoutPermissions_6(companyId);
085                                    }
086                                    else {
087                                            deleteDefaultPrivateLayoutPermissions_1to4(companyId);
088                                    }
089                            }
090                            catch (Exception e) {
091                                    if (_log.isDebugEnabled()) {
092                                            _log.debug(e, e);
093                                    }
094                            }
095                    }
096            }
097    
098            protected void deleteDefaultPrivateLayoutPermissions_1to4(long companyId)
099                    throws Exception {
100    
101                    long defaultUserId = UserLocalServiceUtil.getDefaultUserId(companyId);
102    
103                    List<Permission> permissions =
104                            PermissionLocalServiceUtil.getUserPermissions(defaultUserId);
105    
106                    for (Permission permission : permissions) {
107                            Resource resource = ResourceLocalServiceUtil.getResource(
108                                    permission.getResourceId());
109    
110                            ResourceCode resourceCode =
111                                    ResourceCodeLocalServiceUtil.getResourceCode(
112                                            resource.getCodeId());
113    
114                            if (isPrivateLayout(
115                                            resourceCode.getName(), resource.getPrimKey())) {
116    
117                                    String[] actionIds = new String[] {permission.getActionId()};
118    
119                                    PermissionLocalServiceUtil.unsetUserPermissions(
120                                            defaultUserId, actionIds, permission.getResourceId());
121                            }
122                    }
123            }
124    
125            protected void deleteDefaultPrivateLayoutPermissions_5(long companyId)
126                    throws Exception {
127    
128                    Role role = RoleLocalServiceUtil.getRole(
129                            companyId, RoleConstants.GUEST);
130    
131                    List<Permission> permissions =
132                            PermissionLocalServiceUtil.getRolePermissions(role.getRoleId());
133    
134                    for (Permission permission : permissions) {
135                            Resource resource = ResourceLocalServiceUtil.getResource(
136                                    permission.getResourceId());
137    
138                            ResourceCode resourceCode =
139                                    ResourceCodeLocalServiceUtil.getResourceCode(
140                                            resource.getCodeId());
141    
142                            if (isPrivateLayout(
143                                            resourceCode.getName(), resource.getPrimKey())) {
144    
145                                    PermissionLocalServiceUtil.unsetRolePermission(
146                                            role.getRoleId(), permission.getPermissionId());
147                            }
148                    }
149            }
150    
151            protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
152                    throws Exception {
153    
154                    Role role = RoleLocalServiceUtil.getRole(
155                            companyId, RoleConstants.GUEST);
156    
157                    List<ResourcePermission> resourcePermissions =
158                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
159                                    role.getRoleId());
160    
161                    for (ResourcePermission resourcePermission : resourcePermissions) {
162                            if (isPrivateLayout(
163                                            resourcePermission.getName(),
164                                            resourcePermission.getPrimKey())) {
165    
166                                    ResourcePermissionLocalServiceUtil.deleteResourcePermission(
167                                            resourcePermission.getResourcePermissionId());
168                            }
169                    }
170            }
171    
172            @Override
173            protected void doVerify() throws Exception {
174                    deleteDefaultPrivateLayoutPermissions();
175    
176                    if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 5) &&
177                            (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6)) {
178    
179                            return;
180                    }
181    
182                    checkPermissions();
183                    fixOrganizationRolePermissions();
184            }
185    
186            protected void fixOrganizationRolePermissions() throws Exception {
187                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
188                            fixOrganizationRolePermissions_5();
189                    }
190                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
191                            fixOrganizationRolePermissions_6();
192                    }
193    
194                    PermissionCacheUtil.clearCache();
195            }
196    
197            protected void fixOrganizationRolePermissions_5() throws Exception {
198                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
199                            ResourceCode.class);
200    
201                    dynamicQuery.add(
202                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
203    
204                    List<ResourceCode> resouceCodes =
205                            ResourceCodeLocalServiceUtil.dynamicQuery(dynamicQuery);
206    
207                    for (ResourceCode resourceCode : resouceCodes) {
208                            dynamicQuery = DynamicQueryFactoryUtil.forClass(Resource.class);
209    
210                            dynamicQuery.add(
211                                    RestrictionsFactoryUtil.eq("codeId", resourceCode.getCodeId()));
212    
213                            List<Resource> resources = ResourceLocalServiceUtil.dynamicQuery(
214                                    dynamicQuery);
215    
216                            for (Resource resource : resources) {
217                                    dynamicQuery = DynamicQueryFactoryUtil.forClass(
218                                            Permission.class);
219    
220                                    dynamicQuery.add(
221                                            RestrictionsFactoryUtil.eq(
222                                                    "resourceId", resource.getResourceId()));
223    
224                                    List<Permission> permissions =
225                                            PermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
226    
227                                    processPermissions(resource, permissions);
228                            }
229                    }
230            }
231    
232            protected void fixOrganizationRolePermissions_6() throws Exception {
233                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
234                            ResourcePermission.class);
235    
236                    dynamicQuery.add(
237                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
238    
239                    List<ResourcePermission> resourcePermissions =
240                            ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
241    
242                    for (ResourcePermission resourcePermission : resourcePermissions) {
243                            ResourcePermission groupResourcePermission = null;
244    
245                            try {
246                                    groupResourcePermission =
247                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
248                                                    resourcePermission.getCompanyId(),
249                                                    Group.class.getName(), resourcePermission.getScope(),
250                                                    resourcePermission.getPrimKey(),
251                                                    resourcePermission.getRoleId());
252                            }
253                            catch (Exception e) {
254                                    ResourcePermissionLocalServiceUtil.setResourcePermissions(
255                                            resourcePermission.getCompanyId(), Group.class.getName(),
256                                            resourcePermission.getScope(),
257                                            resourcePermission.getPrimKey(),
258                                            resourcePermission.getRoleId(), new String[0]);
259    
260                                    groupResourcePermission =
261                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
262                                                    resourcePermission.getCompanyId(),
263                                                    Group.class.getName(), resourcePermission.getScope(),
264                                                    resourcePermission.getPrimKey(),
265                                                    resourcePermission.getRoleId());
266                            }
267    
268                            long organizationActions = resourcePermission.getActionIds();
269                            long groupActions =  groupResourcePermission.getActionIds();
270    
271                            for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
272                                    long organizationActionMask = (Long)actionIdToMask[1];
273                                    long groupActionMask = (Long)actionIdToMask[2];
274    
275                                    if ((organizationActions & organizationActionMask) ==
276                                                    organizationActionMask) {
277    
278                                            organizationActions =
279                                                    organizationActions & (~organizationActionMask);
280                                            groupActions = groupActions | groupActionMask;
281                                    }
282                            }
283    
284                            try {
285                                    resourcePermission.resetOriginalValues();
286    
287                                    resourcePermission.setActionIds(organizationActions);
288    
289                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
290                                            resourcePermission, false);
291    
292                                    groupResourcePermission.resetOriginalValues();
293                                    groupResourcePermission.setActionIds(groupActions);
294    
295                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
296                                            groupResourcePermission, false);
297                            }
298                            catch (Exception e) {
299                                    _log.error(e, e);
300                            }
301                    }
302            }
303    
304            protected boolean isPrivateLayout(String name, String primKey)
305                    throws Exception {
306    
307                    if (!name.equals(Layout.class.getName())) {
308                            return false;
309                    }
310    
311                    long plid = GetterUtil.getLong(primKey);
312    
313                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
314    
315                    if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
316                            return false;
317                    }
318    
319                    return true;
320            }
321    
322            protected void processPermissions(
323                            Resource resource, List<Permission> permissions)
324                    throws Exception {
325    
326                    Resource groupResource = null;
327    
328                    try {
329                            groupResource = ResourceLocalServiceUtil.getResource(
330                                    resource.getCompanyId(), Group.class.getName(),
331                                    resource.getScope(), resource.getPrimKey());
332                    }
333                    catch (NoSuchResourceException nsre) {
334                            groupResource = ResourceLocalServiceUtil.addResource(
335                                    resource.getCompanyId(), Group.class.getName(),
336                                    resource.getScope(), resource.getPrimKey());
337                    }
338    
339                    for (Permission permission : permissions) {
340                            for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
341                                    String actionId = (String)actionIdToMask[0];
342                                    long mask = (Long)actionIdToMask[2];
343    
344                                    if (!actionId.equals(permission.getActionId())) {
345                                            continue;
346                                    }
347    
348                                    try {
349                                            if (mask != 0L) {
350                                                    permission.resetOriginalValues();
351    
352                                                    permission.setResourceId(groupResource.getResourceId());
353    
354                                                    PermissionLocalServiceUtil.updatePermission(
355                                                            permission, false);
356                                            }
357                                            else {
358                                                    PermissionLocalServiceUtil.deletePermission(
359                                                            permission.getPermissionId());
360                                            }
361                                    }
362                                    catch (Exception e) {
363                                            _log.error(e, e);
364                                    }
365    
366                                    break;
367                            }
368                    }
369            }
370    
371            private static Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS =
372                    new Object[][] {
373                            new Object[] {"APPROVE_PROPOSAL", 2L, 0L},
374                            new Object[] {ActionKeys.ASSIGN_MEMBERS, 4L, 4L},
375                            new Object[] {"ASSIGN_REVIEWER", 8L, 0L},
376                            new Object[] {ActionKeys.MANAGE_ARCHIVED_SETUPS, 128L, 128L},
377                            new Object[] {ActionKeys.MANAGE_LAYOUTS, 256L, 256L},
378                            new Object[] {ActionKeys.MANAGE_STAGING, 512L, 512L},
379                            new Object[] {ActionKeys.MANAGE_TEAMS, 2048L, 1024L},
380                            new Object[] {ActionKeys.PUBLISH_STAGING, 16384L, 4096L}
381                    };
382    
383            private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
384    
385    }