001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchPermissionException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.search.SearchEngineUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.OrgGroupPermission;
029    import com.liferay.portal.model.Organization;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.Resource;
032    import com.liferay.portal.model.ResourceCode;
033    import com.liferay.portal.model.ResourceConstants;
034    import com.liferay.portal.model.Role;
035    import com.liferay.portal.model.RoleConstants;
036    import com.liferay.portal.model.User;
037    import com.liferay.portal.model.UserGroup;
038    import com.liferay.portal.security.permission.PermissionCacheUtil;
039    import com.liferay.portal.security.permission.PermissionCheckerBag;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.ResourceActionsUtil;
042    import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043    import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044    import com.liferay.portal.util.PropsValues;
045    import com.liferay.portal.util.comparator.PermissionComparator;
046    
047    import java.util.ArrayList;
048    import java.util.HashSet;
049    import java.util.Iterator;
050    import java.util.List;
051    import java.util.Map;
052    import java.util.Set;
053    
054    import org.apache.commons.lang.time.StopWatch;
055    
056    /**
057     * The implementation of the permission local service.
058     *
059     * @author Charles May
060     * @author Brian Wing Shun Chan
061     * @author Raymond Augé
062     */
063    public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
064    
065            /**
066             * Adds a permission to perform the action on the resource.
067             *
068             * <p>
069             * This method will retrieve the permission of the company, action, and
070             * resource with the primary keys. The method creates the permission if it
071             * fails to retrieve it.
072             * </p>
073             *
074             * @param  companyId the primary key of the company
075             * @param  actionId the action's ID
076             * @param  resourceId the primary key of the resource
077             * @return the permission of the company, action, and resource with the
078             *         primary keys
079             * @throws SystemException if a system exception occurred
080             */
081            public Permission addPermission(
082                            long companyId, String actionId, long resourceId)
083                    throws SystemException {
084    
085                    Permission permission = permissionPersistence.fetchByA_R(
086                            actionId, resourceId);
087    
088                    if (permission == null) {
089                            long permissionId = counterLocalService.increment(
090                                    Permission.class.getName());
091    
092                            permission = permissionPersistence.create(permissionId);
093    
094                            permission.setCompanyId(companyId);
095                            permission.setActionId(actionId);
096                            permission.setResourceId(resourceId);
097    
098                            permissionPersistence.update(permission, false);
099                    }
100    
101                    return permission;
102            }
103    
104            /**
105             * Adds permissions to perform the actions on the resource.
106             *
107             * <p>
108             * This method will retrieve the permissions of the company, actions, and
109             * resource with the primary keys. The method creates any permissions it
110             * fails to retrieve.
111             * </p>
112             *
113             * @param  companyId the primary key of the company
114             * @param  actionIds the primary keys of the actions
115             * @param  resourceId the primary key of the resource
116             * @return the permissions to perform the actions on the resource
117             * @throws SystemException if a system exception occurred
118             */
119            public List<Permission> addPermissions(
120                            long companyId, List<String> actionIds, long resourceId)
121                    throws SystemException {
122    
123                    List<Permission> permissions = permissionPersistence.findByResourceId(
124                            resourceId);
125    
126                    permissions = ListUtil.copy(permissions);
127    
128                    Set<String> actionIdsSet = new HashSet<String>();
129    
130                    for (Permission permission : permissions) {
131                            actionIdsSet.add(permission.getActionId());
132                    }
133    
134                    for (String actionId : actionIds) {
135                            if (actionIdsSet.contains(actionId)) {
136                                    continue;
137                            }
138    
139                            long permissionId = counterLocalService.increment(
140                                    Permission.class.getName());
141    
142                            Permission permission = permissionPersistence.create(permissionId);
143    
144                            permission.setCompanyId(companyId);
145                            permission.setActionId(actionId);
146                            permission.setResourceId(resourceId);
147    
148                            try {
149                                    permissionPersistence.update(permission, false);
150                            }
151                            catch (SystemException se) {
152                                    if (_log.isWarnEnabled()) {
153                                            _log.warn(
154                                                    "Add failed, fetch {actionId=" + actionId +
155                                                            ", resourceId=" + resourceId + "}");
156                                    }
157    
158                                    permission = permissionPersistence.fetchByA_R(
159                                            actionId, resourceId, false);
160    
161                                    if (permission == null) {
162                                            throw se;
163                                    }
164                            }
165    
166                            permissions.add(permission);
167                    }
168    
169                    return permissions;
170            }
171    
172            /**
173             * Adds permissions to perform either the portlet resource actions or model
174             * resource actions on the resource.
175             *
176             * <p>
177             * This method will retrieve the permissions of the company, actions, and
178             * resource with the primary keys. The method creates any permissions it
179             * fails to retrieve.
180             * </p>
181             *
182             * @param  companyId the primary key of the company
183             * @param  name the resource name
184             * @param  resourceId the primary key of the resource
185             * @param  portletActions whether to retrieve the action primary keys from
186             *         the portlet or the model resource
187             * @return the permissions to perform the actions on the resource
188             * @throws SystemException if a system exception occurred
189             */
190            public List<Permission> addPermissions(
191                            long companyId, String name, long resourceId,
192                            boolean portletActions)
193                    throws SystemException {
194    
195                    List<String> actionIds = null;
196    
197                    if (portletActions) {
198                            actionIds = ResourceActionsUtil.getPortletResourceActions(name);
199                    }
200                    else {
201                            actionIds = ResourceActionsUtil.getModelResourceActions(name);
202                    }
203    
204                    return addPermissions(companyId, actionIds, resourceId);
205            }
206    
207            /**
208             * Adds user permissions to perform the actions on the resource.
209             *
210             * @param  userId the primary key of the user
211             * @param  actionIds the primary keys of the actions
212             * @param  resourceId the primary key of the resource
213             * @throws PortalException if a user with the primary key could not be
214             *         found
215             * @throws SystemException if a system exception occurred
216             */
217            public void addUserPermissions(
218                            long userId, String[] actionIds, long resourceId)
219                    throws PortalException, SystemException {
220    
221                    User user = userPersistence.findByPrimaryKey(userId);
222    
223                    List<Permission> permissions = permissionFinder.findByU_R(
224                            userId, resourceId);
225    
226                    permissions = getPermissions(
227                            user.getCompanyId(), actionIds, resourceId);
228    
229                    userPersistence.addPermissions(userId, permissions);
230    
231                    PermissionCacheUtil.clearCache();
232            }
233    
234            /**
235             * Checks to see if the actions are permitted on the named resource.
236             *
237             * @param  name the resource name
238             * @param  actionIds the primary keys of the actions
239             * @throws PortalException if the resource company or name could not be
240             *         found or were invalid
241             * @throws SystemException if a system exception occurred
242             */
243            public void checkPermissions(String name, List<String> actionIds)
244                    throws PortalException, SystemException {
245    
246                    List<Resource> resources = resourceFinder.findByN_S(
247                            name, ResourceConstants.SCOPE_INDIVIDUAL);
248    
249                    for (Resource resource : resources) {
250                            for (String actionId : actionIds) {
251                                    Permission permission = permissionPersistence.fetchByA_R(
252                                            actionId, resource.getResourceId());
253    
254                                    if (permission != null) {
255                                            continue;
256                                    }
257    
258                                    checkPermission(resource, actionId);
259                            }
260                    }
261    
262                    PermissionCacheUtil.clearCache();
263            }
264    
265            /**
266             * Returns the IDs of all the actions belonging to the permissions.
267             *
268             * @param  permissions the permissions
269             * @return the IDs of all the actions belonging to the permissions
270             */
271            public List<String> getActions(List<Permission> permissions) {
272                    List<String> actionIds = new ArrayList<String>();
273    
274                    Iterator<Permission> itr = permissions.iterator();
275    
276                    while (itr.hasNext()) {
277                            Permission permission = itr.next();
278    
279                            actionIds.add(permission.getActionId());
280                    }
281    
282                    return actionIds;
283            }
284    
285            /**
286             * Returns all the group's permissions on the resource.
287             *
288             * @param  groupId the primary key of the group
289             * @param  resourceId the primary key of the resource
290             * @return the group's permissions on the resource
291             * @throws SystemException if a system exception occurred
292             */
293            public List<Permission> getGroupPermissions(long groupId, long resourceId)
294                    throws SystemException {
295    
296                    return permissionFinder.findByG_R(groupId, resourceId);
297            }
298    
299            /**
300             * Returns all the group's permissions on the named resource with the scope
301             * and primKey.
302             *
303             * @param  groupId the primary key of the group
304             * @param  companyId the primary key of the company
305             * @param  name the resource name
306             * @param  scope the resource scope
307             * @param  primKey the resource primKey
308             * @return the group's permissions on the named resource with the scope and
309             *         primKey
310             * @throws SystemException if a system exception occurred
311             */
312            public List<Permission> getGroupPermissions(
313                            long groupId, long companyId, String name, int scope,
314                            String primKey)
315                    throws SystemException {
316    
317                    return permissionFinder.findByG_C_N_S_P(
318                            groupId, companyId, name, scope, primKey);
319            }
320    
321            /**
322             * Returns the primary key of the latest permission created.
323             *
324             * @return the primary key of the latest permission created
325             * @throws SystemException if a system exception occurred
326             */
327            public long getLatestPermissionId() throws SystemException {
328                    List<Permission> permissions = permissionPersistence.findAll(
329                            0, 1, new PermissionComparator());
330    
331                    if (permissions.size() == 0) {
332                            return 0;
333                    }
334                    else {
335                            Permission permission = permissions.get(0);
336    
337                            return permission.getPermissionId();
338                    }
339            }
340    
341            /**
342             * Returns all the permissions of the organization's group with respect to
343             * the resource.
344             *
345             * @param  organizationId the primary key of the organization
346             * @param  groupId the primary key of the group
347             * @param  resourceId the primary key of the resource
348             * @return the permissions of the organization's group with respect to the
349             *         resource
350             * @throws SystemException if a system exception occurred
351             */
352            public List<Permission> getOrgGroupPermissions(
353                            long organizationId, long groupId, long resourceId)
354                    throws SystemException {
355    
356                    return permissionFinder.findByO_G_R(
357                            organizationId, groupId, resourceId);
358            }
359    
360            /**
361             * Returns all the permissions to perform the actions on the resource,
362             * creating new permissions for any permissions not found.
363             *
364             * @param  companyId the primary key of the company
365             * @param  actionIds the primary keys of the actions
366             * @param  resourceId the primary key of the resource
367             * @return the permissions to perform the actions on the resource
368             * @throws SystemException if a system exception occurred
369             * @see    #addPermission(long, String, long)
370             */
371            public List<Permission> getPermissions(
372                            long companyId, String[] actionIds, long resourceId)
373                    throws SystemException {
374    
375                    List<Permission> permissions = new ArrayList<Permission>();
376    
377                    for (String actionId : actionIds) {
378                            Permission permission = addPermission(
379                                    companyId, actionId, resourceId);
380    
381                            permissions.add(permission);
382                    }
383    
384                    return permissions;
385            }
386    
387            /**
388             * Returns all the role's permissions.
389             *
390             * @param  roleId the primary key of the role
391             * @return the role's permissions
392             * @throws SystemException if a system exception occurred
393             */
394            public List<Permission> getRolePermissions(long roleId)
395                    throws SystemException {
396    
397                    return rolePersistence.getPermissions(roleId);
398            }
399    
400            public List<Permission> getRolePermissions(long roleId, int[] scopes)
401                    throws SystemException {
402    
403                    return permissionFinder.findByR_S(roleId, scopes);
404            }
405    
406            /**
407             * Returns all the role's permissions on the resource.
408             *
409             * @param  roleId the primary key of the role
410             * @param  resourceId the primary key of the resource
411             * @return the role's permissions on the resource
412             * @throws SystemException if a system exception occurred
413             */
414            public List<Permission> getRolePermissions(long roleId, long resourceId)
415                    throws SystemException {
416    
417                    return permissionFinder.findByR_R(roleId, resourceId);
418            }
419    
420            /**
421             * Returns all the user's permissions.
422             *
423             * @param  userId the primary key of the user
424             * @return the user's permissions
425             * @throws SystemException if a system exception occurred
426             */
427            public List<Permission> getUserPermissions(long userId)
428                    throws SystemException {
429    
430                    return userPersistence.getPermissions(userId);
431            }
432    
433            /**
434             * Returns all the user's permissions on the resource.
435             *
436             * @param  userId the primary key of the user
437             * @param  resourceId the primary key of the resource
438             * @return the user's permissions on the resource
439             * @throws SystemException if a system exception occurred
440             */
441            public List<Permission> getUserPermissions(long userId, long resourceId)
442                    throws SystemException {
443    
444                    return permissionFinder.findByU_R(userId, resourceId);
445            }
446    
447            /**
448             * Returns all the user's permissions on the named resource with the scope
449             * and primKey.
450             *
451             * @param  userId the primary key of the user
452             * @param  companyId the primary key of the company
453             * @param  name the resource name
454             * @param  scope the resource scope
455             * @param  primKey the resource primKey
456             * @return the user permissions of the resource name, scope, and primKey
457             * @throws SystemException if a system exception occurred
458             */
459            public List<Permission> getUserPermissions(
460                            long userId, long companyId, String name, int scope, String primKey)
461                    throws SystemException {
462    
463                    return permissionFinder.findByU_C_N_S_P(
464                            userId, companyId, name, scope, primKey);
465            }
466    
467            /**
468             * Returns <code>true</code> if the group has permission to perform the
469             * action on the resource.
470             *
471             * @param  groupId the primary key of the group
472             * @param  actionId the action's ID
473             * @param  resourceId the primary key of the resource
474             * @return <code>true</code> if the group has permission to perform the
475             *         action on the resource; <code>false</code> otherwise
476             * @throws SystemException if a system exception occurred
477             */
478            public boolean hasGroupPermission(
479                            long groupId, String actionId, long resourceId)
480                    throws SystemException {
481    
482                    Permission permission = permissionPersistence.fetchByA_R(
483                            actionId, resourceId);
484    
485                    // Return false if there is no permission based on the given action
486                    // id and resource id
487    
488                    if (permission == null) {
489                            return false;
490                    }
491    
492                    return groupPersistence.containsPermission(
493                            groupId, permission.getPermissionId());
494            }
495    
496            /**
497             * Returns <code>true</code> if the role has permission to perform the
498             * action on the named resource with the scope.
499             *
500             * @param  roleId the primary key of the role
501             * @param  companyId the primary key of the company
502             * @param  name the resource name
503             * @param  scope the resource scope
504             * @param  actionId the action's ID
505             * @return <code>true</code> if the role has permission to perform the
506             *         action on the named resource with the scope; <code>false</code>
507             *         otherwise
508             * @throws SystemException if a system exception occurred
509             */
510            public boolean hasRolePermission(
511                            long roleId, long companyId, String name, int scope,
512                            String actionId)
513                    throws SystemException {
514    
515                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
516                            companyId, name, scope);
517    
518                    if (permissionFinder.countByR_A_C(
519                                    roleId, actionId, resourceCode.getCodeId()) > 0) {
520    
521                            return true;
522                    }
523                    else {
524                            return false;
525                    }
526            }
527    
528            /**
529             * Returns <code>true</code> if the role has permission to perform the
530             * action on the named resource with the scope and primKey.
531             *
532             * @param  roleId the primary key of the role
533             * @param  companyId the primary key of the company
534             * @param  name the resource name
535             * @param  scope the resource scope
536             * @param  primKey the resource primKey
537             * @param  actionId the action's ID
538             * @return <code>true</code> if the role has permission to perform the
539             *         action on the named resource with the scope and primKey;
540             *         <code>false</code> otherwise
541             * @throws SystemException if a system exception occurred
542             */
543            public boolean hasRolePermission(
544                            long roleId, long companyId, String name, int scope, String primKey,
545                            String actionId)
546                    throws SystemException {
547    
548                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
549                            companyId, name, scope);
550    
551                    Resource resource = resourcePersistence.fetchByC_P(
552                            resourceCode.getCodeId(), primKey);
553    
554                    if (resource == null) {
555                            return false;
556                    }
557    
558                    Permission permission = permissionPersistence.fetchByA_R(
559                            actionId, resource.getResourceId());
560    
561                    if (permission == null) {
562                            return false;
563                    }
564    
565                    return rolePersistence.containsPermission(
566                            roleId, permission.getPermissionId());
567            }
568    
569            /**
570             * Returns <code>true</code> if the user has permission to perform the
571             * action on the resource.
572             *
573             * @param  userId the primary key of the user
574             * @param  actionId the action's ID
575             * @param  resourceId the primary key of the resource
576             * @return <code>true</code> if the user has permission to perform the
577             *         action on the resource; <code>false</code> otherwise
578             * @throws SystemException if a system exception occurred
579             */
580            public boolean hasUserPermission(
581                            long userId, String actionId, long resourceId)
582                    throws SystemException {
583    
584                    Permission permission = permissionPersistence.fetchByA_R(
585                            actionId, resourceId);
586    
587                    // Return false if there is no permission based on the given action
588                    // id and resource id
589    
590                    if (permission == null) {
591                            return false;
592                    }
593    
594                    return userPersistence.containsPermission(
595                            userId, permission.getPermissionId());
596            }
597    
598            /**
599             * Returns <code>true</code> if the user has permission to perform the
600             * action on the resources.
601             *
602             * <p>
603             * This method does not support resources managed by the resource block
604             * system.
605             * </p>
606             *
607             * @param  userId the primary key of the user
608             * @param  groupId the primary key of the group containing the resource
609             * @param  resources representations of the resource at each scope level
610             *         returned by {@link
611             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
612             *         long, long, String, String, String)}
613             * @param  actionId the action's ID
614             * @param  permissionCheckerBag the permission checker bag
615             * @return <code>true</code> if the user has permission to perform the
616             *         action on the resources; <code>false</code> otherwise
617             * @throws PortalException if a resource action based on any one of the
618             *         resources and the action ID could not be found
619             * @throws SystemException if a system exception occurred
620             */
621            public boolean hasUserPermissions(
622                            long userId, long groupId, List<Resource> resources,
623                            String actionId, PermissionCheckerBag permissionCheckerBag)
624                    throws PortalException, SystemException {
625    
626                    StopWatch stopWatch = null;
627    
628                    if (_log.isDebugEnabled()) {
629                            stopWatch = new StopWatch();
630    
631                            stopWatch.start();
632                    }
633    
634                    int block = 1;
635    
636                    // Return false if there are no resources
637    
638                    if (Validator.isNull(actionId) || resources.isEmpty()) {
639                            return false;
640                    }
641    
642                    long[] resourceIds = null;
643    
644                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
645                            resourceIds = new long[resources.size()];
646    
647                            for (int i = 0; i < resources.size(); i++) {
648                                    Resource resource = resources.get(i);
649    
650                                    resourceIds[i] = resource.getResourceId();
651                            }
652                    }
653    
654                    List<Permission> permissions = null;
655    
656                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
657                            permissions = permissionFinder.findByA_R(actionId, resourceIds);
658    
659                            // Return false if there are no permissions
660    
661                            if (permissions.size() == 0) {
662                                    return false;
663                            }
664                    }
665    
666                    // Record logs with the first resource id
667    
668                    long resourceId = 0;
669    
670                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
671                            resourceId = resourceIds[0];
672                    }
673                    else {
674                            resourceId = resources.get(0).getResourceId();
675                    }
676    
677                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
678    
679                    //List<Group> userGroups = permissionCheckerBag.getUserGroups();
680                    //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
681                    //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
682                    //List<Group> userUserGroupGroups =
683                    //        permissionCheckerBag.getUserUserGroupGroups();
684                    List<Group> groups = permissionCheckerBag.getGroups();
685                    List<Role> roles = permissionCheckerBag.getRoles();
686    
687                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
688    
689                    // Check the organization and group intersection table. Break out of
690                    // this method if the user has one of the permissions set at the
691                    // intersection because that takes priority.
692    
693                    //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
694                    //        return true;
695                    //}
696    
697                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
698    
699                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
700                            return hasUserPermissions_1(
701                                    userId, resourceId, actionId, permissions, groups, groupId,
702                                    stopWatch, block);
703                    }
704                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
705                            return hasUserPermissions_2(
706                                    userId, resourceId, actionId, permissions, groups, groupId,
707                                    stopWatch, block);
708                    }
709                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
710                            return hasUserPermissions_3(
711                                    userId, resourceId, actionId, permissions, groups, roles,
712                                    stopWatch, block);
713                    }
714                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
715                            return hasUserPermissions_4(
716                                    userId, resourceId, actionId, permissions, groups, roles,
717                                    stopWatch, block);
718                    }
719                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
720                            return hasUserPermissions_5(
721                                    userId, resourceId, actionId, permissions, roles, stopWatch,
722                                    block);
723                    }
724                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
725                            return hasUserPermissions_6(
726                                    userId, resourceId, resources, actionId,
727                                    permissionCheckerBag.getRoleIds(), stopWatch, block);
728                    }
729    
730                    return false;
731            }
732    
733            /**
734             * Sets the container wide permissions of either the role or the default
735             * user of each company to perform the actions on the named resource.
736             *
737             * @param  name the resource name
738             * @param  roleName the role name. Supported role names include {@link
739             *         com.liferay.portal.model.RoleConstants#ORGANIZATION_USER},
740             *         {@link com.liferay.portal.model.RoleConstants#OWNER}, and {@link
741             *         com.liferay.portal.model.RoleConstants#SITE_MEMBER}.
742             * @param  actionId the action's ID
743             * @throws PortalException if a matching role could not be found or if a
744             *         default user for the company could not be found
745             * @throws SystemException if a system exception occurred
746             */
747            public void setContainerResourcePermissions(
748                            String name, String roleName, String actionId)
749                    throws PortalException, SystemException {
750    
751                    List<Company> companies = companyPersistence.findAll();
752    
753                    for (Company company : companies) {
754                            setContainerResourcePermissions(
755                                    company.getCompanyId(), name, roleName, actionId);
756                    }
757            }
758    
759            /**
760             * Sets the group's permissions to perform the actions on the resource,
761             * replacing the group's existing permissions on the resource.
762             *
763             * @param  groupId the primary key of the group
764             * @param  actionIds the primary keys of the actions
765             * @param  resourceId the primary key of the resource
766             * @throws PortalException if a group with the primary key could not be
767             *         found
768             * @throws SystemException if a system exception occurred
769             */
770            public void setGroupPermissions(
771                            long groupId, String[] actionIds, long resourceId)
772                    throws PortalException, SystemException {
773    
774                    Group group = groupPersistence.findByPrimaryKey(groupId);
775    
776                    List<Permission> permissions = permissionFinder.findByG_R(
777                            groupId, resourceId);
778    
779                    for (Permission permission : permissions) {
780                            groupPersistence.removePermission(groupId, permission);
781                    }
782    
783                    permissions = getPermissions(
784                            group.getCompanyId(), actionIds, resourceId);
785    
786                    groupPersistence.addPermissions(groupId, permissions);
787    
788                    PermissionCacheUtil.clearCache();
789            }
790    
791            /**
792             * Sets the entity's group permissions to perform the actions on the
793             * resource, replacing the entity's existing group permissions on the
794             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
795             * com.liferay.portal.model.UserGroup} class entities are supported.
796             *
797             * @param  className the class name of an organization or user group
798             * @param  classPK the primary key of the class
799             * @param  groupId the primary key of the group
800             * @param  actionIds the primary keys of the actions
801             * @param  resourceId the primary key of the resource
802             * @throws PortalException if an entity with the class name and primary key
803             *         could not be found or if the entity's associated group could not
804             *         be found
805             * @throws SystemException if a system exception occurred
806             */
807            public void setGroupPermissions(
808                            String className, String classPK, long groupId,
809                            String[] actionIds, long resourceId)
810                    throws PortalException, SystemException {
811    
812                    long associatedGroupId = 0;
813    
814                    if (className.equals(Organization.class.getName())) {
815                            long organizationId = GetterUtil.getLong(classPK);
816    
817                            Organization organization =
818                                    organizationPersistence.findByPrimaryKey(organizationId);
819    
820                            orgGroupPermissionFinder.removeByO_G_R(
821                                    organizationId, groupId, resourceId);
822    
823                            associatedGroupId = organization.getGroup().getGroupId();
824                    }
825                    else if (className.equals(UserGroup.class.getName())) {
826                            long userGroupId = GetterUtil.getLong(classPK);
827    
828                            UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
829                                    userGroupId);
830    
831                            associatedGroupId = userGroup.getGroup().getGroupId();
832                    }
833    
834                    setGroupPermissions(associatedGroupId, actionIds, resourceId);
835            }
836    
837            /**
838             * Sets the organization's group permissions to perform the actions on the
839             * resource, replacing the organization's existing group permissions on the
840             * resource.
841             *
842             * @param  organizationId the primary key of the organization
843             * @param  groupId the primary key of the group in which to scope the
844             *         permissions
845             * @param  actionIds the primary keys of the actions
846             * @param  resourceId the primary key of the resource
847             * @throws PortalException if an organization with the primary key could
848             *         not be found
849             * @throws SystemException if a system exception occurred
850             */
851            public void setOrgGroupPermissions(
852                            long organizationId, long groupId, String[] actionIds,
853                            long resourceId)
854                    throws PortalException, SystemException {
855    
856                    Organization organization =
857                            organizationPersistence.findByPrimaryKey(organizationId);
858    
859                    long orgGroupId = organization.getGroup().getGroupId();
860    
861                    List<Permission> permissions = permissionPersistence.findByResourceId(
862                            resourceId);
863    
864                    for (Permission permission : permissions) {
865                            groupPersistence.removePermission(orgGroupId, permission);
866                    }
867    
868                    permissions = getPermissions(
869                            organization.getCompanyId(), actionIds, resourceId);
870    
871                    orgGroupPermissionFinder.removeByO_G_R(
872                            organizationId, groupId, resourceId);
873    
874                    for (Permission permission : permissions) {
875                            OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
876                                    organizationId, groupId, permission.getPermissionId());
877    
878                            OrgGroupPermission orgGroupPermission =
879                                    orgGroupPermissionPersistence.create(pk);
880    
881                            orgGroupPermissionPersistence.update(orgGroupPermission, false);
882                    }
883    
884                    PermissionCacheUtil.clearCache();
885            }
886    
887            /**
888             * Sets the role's permissions to perform the action on the named resource,
889             * replacing the role's existing permissions on the resource.
890             *
891             * @param  roleId the primary key of the role
892             * @param  companyId the primary key of the company
893             * @param  name the resource name
894             * @param  scope the resource scope
895             * @param  primKey the resource primKey
896             * @param  actionId the action's ID
897             * @throws PortalException if the scope was {@link
898             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
899             * @throws SystemException if a system exception occurred
900             */
901            public void setRolePermission(
902                            long roleId, long companyId, String name, int scope, String primKey,
903                            String actionId)
904                    throws PortalException, SystemException {
905    
906                    if (scope == ResourceConstants.SCOPE_COMPANY) {
907    
908                            // Remove group permission
909    
910                            unsetRolePermissions(
911                                    roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
912                                    actionId);
913                    }
914                    else if (scope == ResourceConstants.SCOPE_GROUP) {
915    
916                            // Remove company permission
917    
918                            unsetRolePermissions(
919                                    roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
920                                    actionId);
921                    }
922                    else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
923                            throw new NoSuchPermissionException();
924                    }
925    
926                    Resource resource = resourceLocalService.addResource(
927                            companyId, name, scope, primKey);
928    
929                    long resourceId = resource.getResourceId();
930    
931                    Permission permission = permissionPersistence.fetchByA_R(
932                            actionId, resourceId);
933    
934                    if (permission == null) {
935                            long permissionId = counterLocalService.increment(
936                                    Permission.class.getName());
937    
938                            permission = permissionPersistence.create(permissionId);
939    
940                            permission.setCompanyId(companyId);
941                            permission.setActionId(actionId);
942                            permission.setResourceId(resourceId);
943    
944                            permissionPersistence.update(permission, false);
945                    }
946    
947                    rolePersistence.addPermission(roleId, permission);
948    
949                    PermissionCacheUtil.clearCache();
950    
951                    SearchEngineUtil.updatePermissionFields(resourceId);
952            }
953    
954            /**
955             * Sets the role's permissions to perform the actions on the named
956             * resource, replacing the role's existing permission for each of these
957             * actions on the resource.
958             *
959             * @param  roleId the primary key of the role
960             * @param  companyId the primary key of the company
961             * @param  name the resource name
962             * @param  scope the resource scope
963             * @param  primKey the resource primKey
964             * @param  actionIds the primary keys of the actions
965             * @throws PortalException if the scope was {@link
966             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
967             * @throws SystemException if a system exception occurred
968             */
969            public void setRolePermissions(
970                            long roleId, long companyId, String name, int scope, String primKey,
971                            String[] actionIds)
972                    throws PortalException, SystemException {
973    
974                    for (String actionId : actionIds) {
975                            setRolePermission(
976                                    roleId, companyId, name, scope, primKey, actionId);
977                    }
978            }
979    
980            /**
981             * Sets the role's permissions to perform the actions on the resource,
982             * replacing the role's existing permissions on the resource.
983             *
984             * @param  roleId the primary key of the role
985             * @param  actionIds the primary keys of the actions
986             * @param  resourceId the primary key of the resource
987             * @throws PortalException if a role with the primary key could not be
988             *         found
989             * @throws SystemException if a system exception occurred
990             */
991            public void setRolePermissions(
992                            long roleId, String[] actionIds, long resourceId)
993                    throws PortalException, SystemException {
994    
995                    Role role = rolePersistence.findByPrimaryKey(roleId);
996    
997                    List<Permission> permissions = permissionFinder.findByR_R(
998                            roleId, resourceId);
999    
1000                    rolePersistence.removePermissions(roleId, permissions);
1001    
1002                    permissions = getPermissions(
1003                            role.getCompanyId(), actionIds, resourceId);
1004    
1005                    rolePersistence.addPermissions(roleId, permissions);
1006    
1007                    PermissionCacheUtil.clearCache();
1008    
1009                    SearchEngineUtil.updatePermissionFields(resourceId);
1010            }
1011    
1012            /**
1013             * Sets the permissions of each role to perform respective actions on the
1014             * resource, replacing the existing permissions of each role on the
1015             * resource.
1016             *
1017             * @param  companyId the primary key of the company
1018             * @param  roleIdsToActionIds the map of roles to their new actions on the
1019             *         resource
1020             * @param  resourceId the primary key of the resource
1021             * @throws SystemException if a system exception occurred
1022             */
1023            public void setRolesPermissions(
1024                            long companyId, Map<Long, String[]> roleIdsToActionIds,
1025                            long resourceId)
1026                    throws SystemException {
1027    
1028                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1029    
1030                    PermissionThreadLocal.setIndexEnabled(false);
1031    
1032                    try {
1033                            for (Map.Entry<Long, String[]> entry :
1034                                            roleIdsToActionIds.entrySet()) {
1035    
1036                                    long roleId = entry.getKey();
1037                                    String[] actionIds = entry.getValue();
1038    
1039                                    List<Permission> permissions = permissionFinder.findByR_R(
1040                                            roleId, resourceId);
1041    
1042                                    rolePersistence.removePermissions(roleId, permissions);
1043    
1044                                    permissions = getPermissions(companyId, actionIds, resourceId);
1045    
1046                                    rolePersistence.addPermissions(roleId, permissions);
1047                            }
1048                    }
1049                    finally {
1050                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
1051    
1052                            PermissionCacheUtil.clearCache();
1053    
1054                            SearchEngineUtil.updatePermissionFields(resourceId);
1055                    }
1056            }
1057    
1058            /**
1059             * Sets the permissions of each role to perform respective actions on the
1060             * named resource, replacing the existing permissions of each role on the
1061             * resource.
1062             *
1063             * @param  companyId the primary key of the company
1064             * @param  roleIdsToActionIds the map of roles to their new actions on the
1065             *         resource
1066             * @param  name the resource name
1067             * @param  scope the resource scope
1068             * @param  primKey the resource primKey
1069             * @throws SystemException if a system exception occurred
1070             */
1071            public void setRolesPermissions(
1072                            long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1073                            int scope, String primKey)
1074                    throws SystemException {
1075    
1076                    Resource resource = resourceLocalService.fetchResource(
1077                            companyId, name, scope, String.valueOf(primKey));
1078    
1079                    if (resource == null) {
1080                            resource = resourceLocalService.addResource(
1081                                    companyId, name, scope, String.valueOf(primKey));
1082                    }
1083    
1084                    if (resource == null) {
1085                            return;
1086                    }
1087    
1088                    setRolesPermissions(
1089                            companyId, roleIdsToActionIds, resource.getResourceId());
1090            }
1091    
1092            /**
1093             * Sets the user's permissions to perform the actions on the resource,
1094             * replacing the user's existing permissions on the resource.
1095             *
1096             * @param  userId the primary key of the user
1097             * @param  actionIds the primary keys of the actions
1098             * @param  resourceId the primary key of the resource
1099             * @throws PortalException if a user with the primary key could not be
1100             *         found
1101             * @throws SystemException if a system exception occurred
1102             */
1103            public void setUserPermissions(
1104                            long userId, String[] actionIds, long resourceId)
1105                    throws PortalException, SystemException {
1106    
1107                    User user = userPersistence.findByPrimaryKey(userId);
1108    
1109                    List<Permission> permissions = permissionFinder.findByU_R(
1110                            userId, resourceId);
1111    
1112                    userPersistence.removePermissions(userId, permissions);
1113    
1114                    permissions = getPermissions(
1115                            user.getCompanyId(), actionIds, resourceId);
1116    
1117                    userPersistence.addPermissions(userId, permissions);
1118    
1119                    PermissionCacheUtil.clearCache();
1120            }
1121    
1122            /**
1123             * Removes the permission from the role.
1124             *
1125             * @param  roleId the primary key of the role
1126             * @param  permissionId the primary key of the permission
1127             * @throws SystemException if a system exception occurred
1128             */
1129            public void unsetRolePermission(long roleId, long permissionId)
1130                    throws SystemException {
1131    
1132                    Permission permission = permissionPersistence.fetchByPrimaryKey(
1133                            permissionId);
1134    
1135                    if (permission != null) {
1136                            rolePersistence.removePermission(roleId, permission);
1137                    }
1138    
1139                    PermissionCacheUtil.clearCache();
1140            }
1141    
1142            /**
1143             * Removes the role's permissions to perform the action on the named
1144             * resource with the scope and primKey.
1145             *
1146             * @param  roleId the primary key of the role
1147             * @param  companyId the primary key of the company
1148             * @param  name the resource name
1149             * @param  scope the resource scope
1150             * @param  primKey the resource primKey
1151             * @param  actionId the action's ID
1152             * @throws SystemException if a system exception occurred
1153             */
1154            public void unsetRolePermission(
1155                            long roleId, long companyId, String name, int scope, String primKey,
1156                            String actionId)
1157                    throws SystemException {
1158    
1159                    ResourceCode resourceCode =
1160                            resourceCodeLocalService.getResourceCode(
1161                                    companyId, name, scope);
1162    
1163                    Resource resource = resourcePersistence.fetchByC_P(
1164                            resourceCode.getCodeId(), primKey);
1165    
1166                    if (resource != null) {
1167                            Permission permission = permissionPersistence.fetchByA_R(
1168                                    actionId, resource.getResourceId());
1169    
1170                            if (permission != null) {
1171                                    rolePersistence.removePermission(roleId, permission);
1172                            }
1173                    }
1174    
1175                    PermissionCacheUtil.clearCache();
1176            }
1177    
1178            /**
1179             * Removes the role's permissions to perform the action on the named
1180             * resource.
1181             *
1182             * @param  roleId the primary key of the role
1183             * @param  companyId the primary key of the company
1184             * @param  name the resource name
1185             * @param  scope the resource scope
1186             * @param  actionId the action's ID
1187             * @throws SystemException if a system exception occurred
1188             */
1189            public void unsetRolePermissions(
1190                            long roleId, long companyId, String name, int scope,
1191                            String actionId)
1192                    throws SystemException {
1193    
1194                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1195                            companyId, name, scope);
1196    
1197                    List<Permission> permissions = permissionFinder.findByA_C(
1198                            actionId, resourceCode.getCodeId());
1199    
1200                    for (Permission permission : permissions) {
1201                            rolePersistence.removePermission(roleId, permission);
1202                    }
1203    
1204                    PermissionCacheUtil.clearCache();
1205            }
1206    
1207            /**
1208             * Removes the user's permissions to perform the actions on the resource.
1209             *
1210             * @param  userId the primary key of the user
1211             * @param  actionIds the primary keys of the actions
1212             * @param  resourceId the primary key of the resource
1213             * @throws SystemException if a system exception occurred
1214             */
1215            public void unsetUserPermissions(
1216                            long userId, String[] actionIds, long resourceId)
1217                    throws SystemException {
1218    
1219                    List<Permission> permissions = permissionFinder.findByU_A_R(
1220                            userId, actionIds, resourceId);
1221    
1222                    userPersistence.removePermissions(userId, permissions);
1223    
1224                    PermissionCacheUtil.clearCache();
1225            }
1226    
1227            protected void addRolePermissions(String roleName, Permission permission)
1228                    throws SystemException {
1229    
1230                    List<Role> roles = rolePersistence.findByName(roleName);
1231    
1232                    for (Role role : roles) {
1233                            rolePersistence.addPermission(role.getRoleId(), permission);
1234                    }
1235            }
1236    
1237            protected boolean checkOrgGroupPermission(
1238                            List<Organization> organizations, List<Group> groups,
1239                            List<Permission> permissions)
1240                    throws PortalException, SystemException {
1241    
1242                    for (Permission permission : permissions) {
1243                            if (checkOrgGroupPermission(organizations, groups, permission)) {
1244                                    return true;
1245                            }
1246                    }
1247    
1248                    return false;
1249            }
1250    
1251            protected boolean checkOrgGroupPermission(
1252                            List<Organization> organizations, List<Group> groups,
1253                            Permission permission)
1254                    throws PortalException, SystemException {
1255    
1256                    // Do not check for an OrgGroupPermission intersection unless there is
1257                    // at least one organization and one group to check
1258    
1259                    if ((organizations.size() == 0) || (groups.size() == 0)) {
1260                            return false;
1261                    }
1262    
1263                    // Do not check unless the OrgGroupPermission intersection contains at
1264                    // least one permission
1265    
1266                    List<OrgGroupPermission> orgGroupPermissions =
1267                            orgGroupPermissionPersistence.findByPermissionId(
1268                                    permission.getPermissionId());
1269    
1270                    if (orgGroupPermissions.size() == 0) {
1271                            return false;
1272                    }
1273    
1274                    for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1275                            if (orgGroupPermission.containsOrganization(organizations) &&
1276                                    orgGroupPermission.containsGroup(groups)) {
1277    
1278                                    return true;
1279                            }
1280                    }
1281    
1282                    // Throw an exception so that we do not continue checking permissions.
1283                    // The user has a specific permission given in the OrgGroupPermission
1284                    // intersection that prohibits him from going further.
1285    
1286                    throw new NoSuchPermissionException(
1287                            "User has a permission in OrgGroupPermission that does not match");
1288            }
1289    
1290            protected void checkPermission(Resource resource, String actionId)
1291                    throws PortalException, SystemException {
1292    
1293                    long permissionId = counterLocalService.increment(
1294                            Permission.class.getName());
1295    
1296                    Permission permission = permissionPersistence.create(permissionId);
1297    
1298                    permission.setCompanyId(resource.getCompanyId());
1299                    permission.setActionId(actionId);
1300                    permission.setResourceId(resource.getResourceId());
1301    
1302                    permissionPersistence.update(permission, false);
1303    
1304                    List<String> groupDefaultActions =
1305                            ResourceActionsUtil.getModelResourceGroupDefaultActions(
1306                                    resource.getName());
1307    
1308                    if (groupDefaultActions.contains(actionId)) {
1309                            addRolePermissions(RoleConstants.SITE_MEMBER, permission);
1310                    }
1311    
1312                    List<String> guestDefaultActions =
1313                            ResourceActionsUtil.getModelResourceGuestDefaultActions(
1314                                    resource.getName());
1315    
1316                    if (guestDefaultActions.contains(actionId)) {
1317                            addRolePermissions(RoleConstants.GUEST, permission);
1318                    }
1319    
1320                    addRolePermissions(RoleConstants.OWNER, permission);
1321    
1322                    SearchEngineUtil.updatePermissionFields(
1323                            resource.getResourceId());
1324            }
1325    
1326            protected boolean hasUserPermissions_1(
1327                            long userId, long resourceId, String actionId,
1328                            List<Permission> permissions, List<Group> groups, long groupId,
1329                            StopWatch stopWatch, int block)
1330                    throws SystemException {
1331    
1332                    // Is the user connected to one of the permissions via group or
1333                    // organization roles?
1334    
1335                    if (groups.size() > 0) {
1336                            if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1337                                    return true;
1338                            }
1339                    }
1340    
1341                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1342    
1343                    // Is the user associated with groups or organizations that are directly
1344                    // connected to one of the permissions?
1345    
1346                    if (groups.size() > 0) {
1347                            if (permissionFinder.countByGroupsPermissions(
1348                                            permissions, groups) > 0) {
1349    
1350                                    return true;
1351                            }
1352                    }
1353    
1354                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1355    
1356                    // Is the user connected to one of the permissions via user roles?
1357    
1358                    if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1359                            return true;
1360                    }
1361    
1362                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1363    
1364                    // Is the user connected to one of the permissions via user group roles?
1365    
1366                    if (permissionFinder.countByUserGroupRole(
1367                                    permissions, userId, groupId) > 0) {
1368    
1369                            return true;
1370                    }
1371    
1372                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1373    
1374                    // Is the user directly connected to one of the permissions?
1375    
1376                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1377                            return true;
1378                    }
1379    
1380                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1381    
1382                    return false;
1383            }
1384    
1385            protected boolean hasUserPermissions_2(
1386                            long userId, long resourceId, String actionId,
1387                            List<Permission> permissions, List<Group> groups, long groupId,
1388                            StopWatch stopWatch, int block)
1389                    throws SystemException {
1390    
1391                    // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
1392                    // countByUserGroupRole, and countByUsersPermissions in one method
1393    
1394                    if (permissionFinder.containsPermissions_2(
1395                                    permissions, userId, groups, groupId)) {
1396    
1397                            return true;
1398                    }
1399    
1400                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1401    
1402                    return false;
1403            }
1404    
1405            protected boolean hasUserPermissions_3(
1406                            long userId, long resourceId, String actionId,
1407                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1408                            StopWatch stopWatch, int block)
1409                    throws SystemException {
1410    
1411                    // Is the user associated with groups or organizations that are directly
1412                    // connected to one of the permissions?
1413    
1414                    if (groups.size() > 0) {
1415                            if (permissionFinder.countByGroupsPermissions(
1416                                            permissions, groups) > 0) {
1417    
1418                                    return true;
1419                            }
1420                    }
1421    
1422                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1423    
1424                    // Is the user associated with a role that is directly connected to one
1425                    // of the permissions?
1426    
1427                    if (roles.size() > 0) {
1428                            if (permissionFinder.countByRolesPermissions(
1429                                            permissions, roles) > 0) {
1430    
1431                                    return true;
1432                            }
1433                    }
1434    
1435                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1436    
1437                    // Is the user directly connected to one of the permissions?
1438    
1439                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1440                            return true;
1441                    }
1442    
1443                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1444    
1445                    return false;
1446            }
1447    
1448            protected boolean hasUserPermissions_4(
1449                            long userId, long resourceId, String actionId,
1450                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1451                            StopWatch stopWatch, int block)
1452                    throws SystemException {
1453    
1454                    // Call countByGroupsPermissions, countByRolesPermissions, and
1455                    // countByUsersPermissions in one method
1456    
1457                    if (permissionFinder.containsPermissions_4(
1458                                    permissions, userId, groups, roles)) {
1459    
1460                            return true;
1461                    }
1462    
1463                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1464    
1465                    return false;
1466            }
1467    
1468            protected boolean hasUserPermissions_5(
1469                            long userId, long resourceId, String actionId,
1470                            List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1471                            int block)
1472                    throws SystemException {
1473    
1474                    if (roles.size() > 0) {
1475                            if (permissionFinder.countByRolesPermissions(
1476                                            permissions, roles) > 0) {
1477    
1478                                    return true;
1479                            }
1480                    }
1481    
1482                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1483    
1484                    return false;
1485            }
1486    
1487            protected boolean hasUserPermissions_6(
1488                            long userId, long resourceId, List<Resource> resources,
1489                            String actionId, long[] roleIds, StopWatch stopWatch,
1490                            int block)
1491                    throws PortalException, SystemException {
1492    
1493                    boolean hasUserPermissions =
1494                            resourcePermissionLocalService.hasResourcePermission(
1495                                    resources, roleIds, actionId);
1496    
1497                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1498    
1499                    return hasUserPermissions;
1500            }
1501    
1502            protected void logHasUserPermissions(
1503                    long userId, long resourceId, String actionId, StopWatch stopWatch,
1504                    int block) {
1505    
1506                    if (!_log.isDebugEnabled()) {
1507                            return;
1508                    }
1509    
1510                    _log.debug(
1511                            "Checking user permissions block " + block + " for " + userId +
1512                                    " " + resourceId + " " + actionId + " takes " +
1513                                            stopWatch.getTime() + " ms");
1514            }
1515    
1516            protected void setContainerResourcePermissions(
1517                            long companyId, String name, String roleName, String actionId)
1518                    throws PortalException, SystemException {
1519    
1520                    ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1521                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1522    
1523                    if (resourceCode == null) {
1524                            return;
1525                    }
1526    
1527                    List<Group> groups = groupPersistence.findByCompanyId(companyId);
1528    
1529                    for (Group group : groups) {
1530                            String primKey = Long.toString(group.getGroupId());
1531    
1532                            Resource resource = resourcePersistence.fetchByC_P(
1533                                    resourceCode.getCodeId(), primKey);
1534    
1535                            if (resource == null) {
1536                                    continue;
1537                            }
1538    
1539                            Permission permission = permissionPersistence.fetchByA_R(
1540                                    actionId, resource.getResourceId());
1541    
1542                            if (permission == null) {
1543                                    long permissionId = counterLocalService.increment(
1544                                            Permission.class.getName());
1545    
1546                                    permission = permissionPersistence.create(permissionId);
1547    
1548                                    permission.setCompanyId(companyId);
1549                                    permission.setActionId(actionId);
1550                                    permission.setResourceId(resource.getResourceId());
1551    
1552                                    permissionPersistence.update(permission, false);
1553                            }
1554    
1555                            if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1556                                    roleName.equals(RoleConstants.ORGANIZATION_USER) ||
1557                                    roleName.equals(RoleConstants.OWNER) ||
1558                                    roleName.equals(RoleConstants.SITE_MEMBER)) {
1559    
1560                                    Role role = rolePersistence.findByC_N(companyId, roleName);
1561    
1562                                    permissionPersistence.addRole(
1563                                            permission.getPermissionId(), role);
1564                            }
1565                            else {
1566                                    long defaultUserId = userLocalService.getDefaultUserId(
1567                                            companyId);
1568    
1569                                    permissionPersistence.addUser(
1570                                            permission.getPermissionId(), defaultUserId);
1571                            }
1572                    }
1573            }
1574    
1575            private static Log _log = LogFactoryUtil.getLog(
1576                    PermissionLocalServiceImpl.class);
1577    
1578    }