001
014
015 package com.liferay.portal.lar;
016
017 import com.liferay.portal.NoSuchTeamException;
018 import com.liferay.portal.kernel.lar.PortletDataContext;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portal.kernel.util.KeyValuePair;
023 import com.liferay.portal.kernel.util.LocalizationUtil;
024 import com.liferay.portal.kernel.xml.Document;
025 import com.liferay.portal.kernel.xml.Element;
026 import com.liferay.portal.kernel.xml.SAXReaderUtil;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.Layout;
030 import com.liferay.portal.model.Portlet;
031 import com.liferay.portal.model.PortletConstants;
032 import com.liferay.portal.model.Resource;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.Team;
036 import com.liferay.portal.model.User;
037 import com.liferay.portal.service.GroupLocalServiceUtil;
038 import com.liferay.portal.service.PermissionLocalServiceUtil;
039 import com.liferay.portal.service.PortletLocalServiceUtil;
040 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
041 import com.liferay.portal.service.RoleLocalServiceUtil;
042 import com.liferay.portal.service.TeamLocalServiceUtil;
043 import com.liferay.portal.service.permission.PortletPermissionUtil;
044 import com.liferay.portal.util.PropsValues;
045
046 import java.util.ArrayList;
047 import java.util.HashMap;
048 import java.util.List;
049 import java.util.Locale;
050 import java.util.Map;
051
052
063 public class PermissionImporter {
064
065 protected List<String> getActions(Element element) {
066 List<String> actions = new ArrayList<String>();
067
068 List<Element> actionKeyElements = element.elements("action-key");
069
070 for (Element actionKeyElement : actionKeyElements) {
071 actions.add(actionKeyElement.getText());
072 }
073
074 return actions;
075 }
076
077 protected void importGroupPermissions(
078 LayoutCache layoutCache, long companyId, long groupId,
079 String resourceName, String resourcePrimKey, Element parentElement,
080 String elementName, boolean portletActions)
081 throws Exception {
082
083 Element actionElement = parentElement.element(elementName);
084
085 if (actionElement == null) {
086 return;
087 }
088
089 List<String> actions = getActions(actionElement);
090
091 Resource resource = layoutCache.getResource(
092 companyId, groupId, resourceName,
093 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
094 portletActions);
095
096 PermissionLocalServiceUtil.setGroupPermissions(
097 groupId, actions.toArray(new String[actions.size()]),
098 resource.getResourceId());
099 }
100
101 protected void importGroupRoles(
102 LayoutCache layoutCache, long companyId, long groupId,
103 String resourceName, String entityName,
104 Element parentElement)
105 throws Exception {
106
107 Element entityRolesElement = parentElement.element(
108 entityName + "-roles");
109
110 if (entityRolesElement == null) {
111 return;
112 }
113
114 importRolePermissions(
115 layoutCache, companyId, resourceName, ResourceConstants.SCOPE_GROUP,
116 String.valueOf(groupId), entityRolesElement, true);
117 }
118
119 protected void importInheritedPermissions(
120 LayoutCache layoutCache, long companyId, String resourceName,
121 String resourcePrimKey, Element permissionsElement,
122 String entityName, boolean portletActions)
123 throws Exception {
124
125 Element entityPermissionsElement = permissionsElement.element(
126 entityName + "-permissions");
127
128 if (entityPermissionsElement == null) {
129 return;
130 }
131
132 List<Element> actionsElements = entityPermissionsElement.elements(
133 entityName + "-actions");
134
135 for (int i = 0; i < actionsElements.size(); i++) {
136 Element actionElement = actionsElements.get(i);
137
138 String name = actionElement.attributeValue("name");
139
140 long entityGroupId = layoutCache.getEntityGroupId(
141 companyId, entityName, name);
142
143 if (entityGroupId == 0) {
144 _log.warn(
145 "Ignore inherited permissions for entity " + entityName +
146 " with name " + name);
147 }
148 else {
149 Element parentElement = SAXReaderUtil.createElement("parent");
150
151 parentElement.add(actionElement.createCopy());
152
153 importGroupPermissions(
154 layoutCache, companyId, entityGroupId, resourceName,
155 resourcePrimKey, parentElement, entityName + "-actions",
156 portletActions);
157 }
158 }
159 }
160
161 protected void importInheritedRoles(
162 LayoutCache layoutCache, long companyId, long groupId,
163 String resourceName, String entityName, Element parentElement)
164 throws Exception {
165
166 Element entityRolesElement = parentElement.element(
167 entityName + "-roles");
168
169 if (entityRolesElement == null) {
170 return;
171 }
172
173 List<Element> entityElements = entityRolesElement.elements(entityName);
174
175 for (Element entityElement : entityElements) {
176 String name = entityElement.attributeValue("name");
177
178 long entityGroupId = layoutCache.getEntityGroupId(
179 companyId, entityName, name);
180
181 if (entityGroupId == 0) {
182 _log.warn(
183 "Ignore inherited roles for entity " + entityName +
184 " with name " + name);
185 }
186 else {
187 importRolePermissions(
188 layoutCache, companyId, resourceName,
189 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
190 entityElement, false);
191 }
192 }
193 }
194
195 protected void importLayoutPermissions(
196 LayoutCache layoutCache, long companyId, long groupId, long userId,
197 Layout layout, Element layoutElement, Element parentElement,
198 boolean importUserPermissions)
199 throws Exception {
200
201 Element permissionsElement = layoutElement.element("permissions");
202
203 if (permissionsElement != null) {
204 String resourceName = Layout.class.getName();
205 String resourcePrimKey = String.valueOf(layout.getPlid());
206
207 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
208 importPermissions_5(
209 layoutCache, companyId, groupId, userId, resourceName,
210 resourcePrimKey, permissionsElement, false);
211 }
212 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
213 importPermissions_6(
214 layoutCache, companyId, groupId, userId, resourceName,
215 resourcePrimKey, permissionsElement, false);
216 }
217 else {
218 Group guestGroup = GroupLocalServiceUtil.getGroup(
219 companyId, GroupConstants.GUEST);
220
221 importLayoutPermissions_1to4(
222 layoutCache, companyId, groupId, guestGroup, layout,
223 resourceName, resourcePrimKey, permissionsElement,
224 importUserPermissions);
225 }
226 }
227
228 Element rolesElement = parentElement.element("roles");
229
230 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
231 (rolesElement != null)) {
232
233 importLayoutRoles(layoutCache, companyId, groupId, rolesElement);
234 }
235 }
236
237 protected void importLayoutPermissions_1to4(
238 LayoutCache layoutCache, long companyId, long groupId,
239 Group guestGroup, Layout layout, String resourceName,
240 String resourcePrimKey, Element permissionsElement,
241 boolean importUserPermissions)
242 throws Exception {
243
244 importGroupPermissions(
245 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
246 permissionsElement, "community-actions", false);
247
248 if (groupId != guestGroup.getGroupId()) {
249 importGroupPermissions(
250 layoutCache, companyId, guestGroup.getGroupId(), resourceName,
251 resourcePrimKey, permissionsElement, "guest-actions", false);
252 }
253
254 if (importUserPermissions) {
255 importUserPermissions(
256 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
257 permissionsElement, false);
258 }
259
260 importInheritedPermissions(
261 layoutCache, companyId, resourceName, resourcePrimKey,
262 permissionsElement, "organization", false);
263
264 importInheritedPermissions(
265 layoutCache, companyId, resourceName, resourcePrimKey,
266 permissionsElement, "user-group", false);
267 }
268
269 protected void importLayoutRoles(
270 LayoutCache layoutCache, long companyId, long groupId,
271 Element rolesElement)
272 throws Exception {
273
274 String resourceName = Layout.class.getName();
275
276 importGroupRoles(
277 layoutCache, companyId, groupId, resourceName, "community",
278 rolesElement);
279
280 importUserRoles(
281 layoutCache, companyId, groupId, resourceName, rolesElement);
282
283 importInheritedRoles(
284 layoutCache, companyId, groupId, resourceName, "organization",
285 rolesElement);
286
287 importInheritedRoles(
288 layoutCache, companyId, groupId, resourceName, "user-group",
289 rolesElement);
290 }
291
292 protected void importPermissions_5(
293 LayoutCache layoutCache, long companyId, long groupId, long userId,
294 String resourceName, String resourcePrimKey,
295 Element permissionsElement, boolean portletActions)
296 throws Exception {
297
298 Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
299
300 List<Element> roleElements = permissionsElement.elements("role");
301
302 for (Element roleElement : roleElements) {
303 String name = roleElement.attributeValue("name");
304
305 Role role = null;
306
307 if (name.startsWith(PermissionExporter.ROLE_TEAM_PREFIX)) {
308 name = name.substring(
309 PermissionExporter.ROLE_TEAM_PREFIX.length());
310
311 String description = roleElement.attributeValue("description");
312
313 Team team = null;
314
315 try {
316 team = TeamLocalServiceUtil.getTeam(groupId, name);
317 }
318 catch (NoSuchTeamException nste) {
319 team = TeamLocalServiceUtil.addTeam(
320 userId, groupId, name, description);
321 }
322
323 role = RoleLocalServiceUtil.getTeamRole(
324 companyId, team.getTeamId());
325 }
326 else {
327 role = layoutCache.getRole(companyId, name);
328 }
329
330 if (role == null) {
331 String description = roleElement.attributeValue("description");
332
333 Map<Locale, String> descriptionMap =
334 LocalizationUtil.getLocalizationMap(description);
335
336 int type = Integer.valueOf(roleElement.attributeValue("type"));
337
338 role = RoleLocalServiceUtil.addRole(
339 userId, companyId, name, null, descriptionMap, type);
340 }
341
342 List<String> actions = getActions(roleElement);
343
344 roleIdsToActionIds.put(
345 role.getRoleId(), actions.toArray(new String[actions.size()]));
346 }
347
348 if (roleIdsToActionIds.isEmpty()) {
349 return;
350 }
351
352 PermissionLocalServiceUtil.setRolesPermissions(
353 companyId, roleIdsToActionIds, resourceName,
354 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey);
355 }
356
357 protected void importPermissions_6(
358 LayoutCache layoutCache, long companyId, long groupId, long userId,
359 String resourceName, String resourcePrimKey,
360 Element permissionsElement, boolean portletActions)
361 throws Exception {
362
363 Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
364
365 List<Element> roleElements = permissionsElement.elements("role");
366
367 for (Element roleElement : roleElements) {
368 String name = roleElement.attributeValue("name");
369 int type = GetterUtil.getInteger(
370 roleElement.attributeValue("type"));
371
372 Role role = null;
373
374 if (name.startsWith(PermissionExporter.ROLE_TEAM_PREFIX)) {
375 name = name.substring(
376 PermissionExporter.ROLE_TEAM_PREFIX.length());
377
378 String description = roleElement.attributeValue("description");
379
380 Team team = null;
381
382 try {
383 team = TeamLocalServiceUtil.getTeam(groupId, name);
384 }
385 catch (NoSuchTeamException nste) {
386 team = TeamLocalServiceUtil.addTeam(
387 userId, groupId, name, description);
388 }
389
390 role = RoleLocalServiceUtil.getTeamRole(
391 companyId, team.getTeamId());
392 }
393 else {
394 role = layoutCache.getRole(companyId, name);
395 }
396
397 if (role == null) {
398 String description = roleElement.attributeValue("description");
399
400 Map<Locale, String> descriptionMap =
401 LocalizationUtil.getLocalizationMap(description);
402
403 role = RoleLocalServiceUtil.addRole(
404 userId, companyId, name, null, descriptionMap, type);
405 }
406
407 List<String> actions = getActions(roleElement);
408
409 roleIdsToActionIds.put(
410 role.getRoleId(), actions.toArray(new String[actions.size()]));
411 }
412
413 if (roleIdsToActionIds.isEmpty()) {
414 return;
415 }
416
417 ResourcePermissionLocalServiceUtil.setResourcePermissions(
418 companyId, resourceName, ResourceConstants.SCOPE_INDIVIDUAL,
419 resourcePrimKey, roleIdsToActionIds);
420 }
421
422 protected void importPortletPermissions(
423 LayoutCache layoutCache, long companyId, long groupId, long userId,
424 Layout layout, Element portletElement, String portletId,
425 boolean importUserPermissions)
426 throws Exception {
427
428 Element permissionsElement = portletElement.element("permissions");
429
430 if (permissionsElement != null) {
431 String resourceName = PortletConstants.getRootPortletId(portletId);
432
433 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
434 layout.getPlid(), portletId);
435
436 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
437 importPermissions_5(
438 layoutCache, companyId, groupId, userId, resourceName,
439 resourcePrimKey, permissionsElement, true);
440 }
441 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
442 importPermissions_6(
443 layoutCache, companyId, groupId, userId, resourceName,
444 resourcePrimKey, permissionsElement, true);
445 }
446 else {
447 Group guestGroup = GroupLocalServiceUtil.getGroup(
448 companyId, GroupConstants.GUEST);
449
450 importPortletPermissions_1to4(
451 layoutCache, companyId, groupId, guestGroup, layout,
452 permissionsElement, importUserPermissions);
453 }
454 }
455
456 Element rolesElement = portletElement.element("roles");
457
458 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
459 (rolesElement != null)) {
460
461 importPortletRoles(layoutCache, companyId, groupId, portletElement);
462 importPortletRoles(
463 layoutCache, companyId, groupId, portletId, rolesElement);
464 }
465 }
466
467 protected void importPortletPermissions_1to4(
468 LayoutCache layoutCache, long companyId, long groupId,
469 Group guestGroup, Layout layout, Element permissionsElement,
470 boolean importUserPermissions)
471 throws Exception {
472
473 List<Element> portletElements = permissionsElement.elements("portlet");
474
475 for (Element portletElement : portletElements) {
476 String portletId = portletElement.attributeValue("portlet-id");
477
478 String resourceName = PortletConstants.getRootPortletId(portletId);
479 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
480 layout.getPlid(), portletId);
481
482 Portlet portlet = PortletLocalServiceUtil.getPortletById(
483 companyId, resourceName);
484
485 if (portlet == null) {
486 if (_log.isDebugEnabled()) {
487 _log.debug(
488 "Do not import portlet permissions for " + portletId +
489 " because the portlet does not exist");
490 }
491 }
492 else {
493 importGroupPermissions(
494 layoutCache, companyId, groupId, resourceName,
495 resourcePrimKey, portletElement, "community-actions", true);
496
497 if (groupId != guestGroup.getGroupId()) {
498 importGroupPermissions(
499 layoutCache, companyId, guestGroup.getGroupId(),
500 resourceName, resourcePrimKey, portletElement,
501 "guest-actions", true);
502 }
503
504 if (importUserPermissions) {
505 importUserPermissions(
506 layoutCache, companyId, groupId, resourceName,
507 resourcePrimKey, portletElement, true);
508 }
509
510 importInheritedPermissions(
511 layoutCache, companyId, resourceName, resourcePrimKey,
512 portletElement, "organization", true);
513
514 importInheritedPermissions(
515 layoutCache, companyId, resourceName, resourcePrimKey,
516 portletElement, "user-group", true);
517 }
518 }
519 }
520
521 protected void importPortletRoles(
522 LayoutCache layoutCache, long companyId, long groupId,
523 String portletId, Element rolesElement)
524 throws Exception {
525
526 String resourceName = PortletConstants.getRootPortletId(portletId);
527
528 Portlet portlet = PortletLocalServiceUtil.getPortletById(
529 companyId, resourceName);
530
531 if (portlet == null) {
532 if (_log.isDebugEnabled()) {
533 _log.debug(
534 "Do not import portlet roles for " + portletId +
535 " because the portlet does not exist");
536 }
537 }
538 else {
539 importGroupRoles(
540 layoutCache, companyId, groupId, resourceName, "community",
541 rolesElement);
542
543 importUserRoles(
544 layoutCache, companyId, groupId, resourceName, rolesElement);
545
546 importInheritedRoles(
547 layoutCache, companyId, groupId, resourceName,
548 "organization", rolesElement);
549
550 importInheritedRoles(
551 layoutCache, companyId, groupId, resourceName, "user-group",
552 rolesElement);
553 }
554 }
555
556 protected void importPortletRoles(
557 LayoutCache layoutCache, long companyId, long groupId,
558 Element rolesElement)
559 throws Exception {
560
561 List<Element> portletElements = rolesElement.elements("portlet");
562
563 for (Element portletElement : portletElements) {
564 String portletId = portletElement.attributeValue("portlet-id");
565
566 String resourceName = PortletConstants.getRootPortletId(portletId);
567
568 Portlet portlet = PortletLocalServiceUtil.getPortletById(
569 companyId, resourceName);
570
571 if (portlet == null) {
572 if (_log.isDebugEnabled()) {
573 _log.debug(
574 "Do not import portlet roles for " + portletId +
575 " because the portlet does not exist");
576 }
577 }
578 else {
579 importGroupRoles(
580 layoutCache, companyId, groupId, resourceName, "community",
581 portletElement);
582
583 importUserRoles(
584 layoutCache, companyId, groupId, resourceName,
585 portletElement);
586
587 importInheritedRoles(
588 layoutCache, companyId, groupId, resourceName,
589 "organization", portletElement);
590
591 importInheritedRoles(
592 layoutCache, companyId, groupId, resourceName, "user-group",
593 portletElement);
594 }
595 }
596 }
597
598 protected void importRolePermissions(
599 LayoutCache layoutCache, long companyId, String resourceName,
600 int scope, String resourcePrimKey, Element parentElement,
601 boolean communityRole)
602 throws Exception {
603
604 List<Element> roleElements = parentElement.elements("role");
605
606 for (Element roleElement : roleElements) {
607 String roleName = roleElement.attributeValue("name");
608
609 Role role = layoutCache.getRole(companyId, roleName);
610
611 if (role == null) {
612 _log.warn(
613 "Ignoring permissions for role with name " + roleName);
614 }
615 else {
616 List<String> actions = getActions(roleElement);
617
618 PermissionLocalServiceUtil.setRolePermissions(
619 role.getRoleId(), companyId, resourceName, scope,
620 resourcePrimKey,
621 actions.toArray(new String[actions.size()]));
622
623 if (communityRole) {
624 long[] groupIds = {GetterUtil.getLong(resourcePrimKey)};
625
626 GroupLocalServiceUtil.addRoleGroups(
627 role.getRoleId(), groupIds);
628 }
629 }
630 }
631 }
632
633 protected void importUserPermissions(
634 LayoutCache layoutCache, long companyId, long groupId,
635 String resourceName, String resourcePrimKey, Element parentElement,
636 boolean portletActions)
637 throws Exception {
638
639 Element userPermissionsElement = parentElement.element(
640 "user-permissions");
641
642 if (userPermissionsElement == null) {
643 return;
644 }
645
646 List<Element> userActionsElements = userPermissionsElement.elements(
647 "user-actions");
648
649 for (Element userActionsElement : userActionsElements) {
650 String uuid = userActionsElement.attributeValue("uuid");
651
652 User user = layoutCache.getUser(companyId, groupId, uuid);
653
654 if (user == null) {
655 if (_log.isWarnEnabled()) {
656 _log.warn(
657 "Ignoring permissions for user with uuid " + uuid);
658 }
659 }
660 else {
661 List<String> actions = getActions(userActionsElement);
662
663 Resource resource = layoutCache.getResource(
664 companyId, groupId, resourceName,
665 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
666 portletActions);
667
668 PermissionLocalServiceUtil.setUserPermissions(
669 user.getUserId(),
670 actions.toArray(new String[actions.size()]),
671 resource.getResourceId());
672 }
673 }
674 }
675
676 protected void importUserRoles(
677 LayoutCache layoutCache, long companyId, long groupId,
678 String resourceName, Element parentElement)
679 throws Exception {
680
681 Element userRolesElement = parentElement.element("user-roles");
682
683 if (userRolesElement == null) {
684 return;
685 }
686
687 List<Element> userElements = userRolesElement.elements("user");
688
689 for (Element userElement : userElements) {
690 String uuid = userElement.attributeValue("uuid");
691
692 User user = layoutCache.getUser(companyId, groupId, uuid);
693
694 if (user == null) {
695 if (_log.isWarnEnabled()) {
696 _log.warn("Ignoring roles for user with uuid " + uuid);
697 }
698 }
699 else {
700 importRolePermissions(
701 layoutCache, companyId, resourceName,
702 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
703 userElement, false);
704 }
705 }
706 }
707
708 protected void readPortletDataPermissions(
709 PortletDataContext portletDataContext)
710 throws Exception {
711
712 String xml = portletDataContext.getZipEntryAsString(
713 portletDataContext.getSourceRootPath() +
714 "/portlet-data-permissions.xml");
715
716 if (xml == null) {
717 return;
718 }
719
720 Document document = SAXReaderUtil.read(xml);
721
722 Element rootElement = document.getRootElement();
723
724 List<Element> portletDataElements = rootElement.elements(
725 "portlet-data");
726
727 for (Element portletDataElement : portletDataElements) {
728 String resourceName = portletDataElement.attributeValue(
729 "resource-name");
730 long resourcePK = GetterUtil.getLong(
731 portletDataElement.attributeValue("resource-pk"));
732
733 List<KeyValuePair> permissions = new ArrayList<KeyValuePair>();
734
735 List<Element> permissionsElements = portletDataElement.elements(
736 "permissions");
737
738 for (Element permissionsElement : permissionsElements) {
739 String roleName = permissionsElement.attributeValue(
740 "role-name");
741 String actions = permissionsElement.attributeValue("actions");
742
743 KeyValuePair permission = new KeyValuePair(roleName, actions);
744
745 permissions.add(permission);
746 }
747
748 portletDataContext.addPermissions(
749 resourceName, resourcePK, permissions);
750 }
751 }
752
753 private static Log _log = LogFactoryUtil.getLog(PermissionImporter.class);
754
755 }