001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchResourceException;
018    import com.liferay.portal.ResourceActionsException;
019    import com.liferay.portal.kernel.exception.PortalException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.search.SearchEngineUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.model.AuditedModel;
026    import com.liferay.portal.model.ClassedModel;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.GroupConstants;
029    import com.liferay.portal.model.GroupedModel;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.PermissionedModel;
032    import com.liferay.portal.model.Resource;
033    import com.liferay.portal.model.ResourceCode;
034    import com.liferay.portal.model.ResourceConstants;
035    import com.liferay.portal.model.ResourcePermission;
036    import com.liferay.portal.model.Role;
037    import com.liferay.portal.model.RoleConstants;
038    import com.liferay.portal.model.impl.ResourceImpl;
039    import com.liferay.portal.security.permission.PermissionCacheUtil;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.PermissionsListFilter;
042    import com.liferay.portal.security.permission.PermissionsListFilterFactory;
043    import com.liferay.portal.security.permission.ResourceActionsUtil;
044    import com.liferay.portal.service.ServiceContext;
045    import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
046    import com.liferay.portal.util.PropsValues;
047    import com.liferay.portal.util.ResourcePermissionsThreadLocal;
048    import com.liferay.portal.util.comparator.ResourceComparator;
049    
050    import java.util.Arrays;
051    import java.util.Iterator;
052    import java.util.List;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Wilson S. Man
057     * @author Raymond Augé
058     * @author Julio Camarero
059     * @author Connor McKay
060     */
061    public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
062    
063            public void addModelResources(
064                            AuditedModel auditedModel, ServiceContext serviceContext)
065                    throws PortalException, SystemException {
066    
067                    ClassedModel classedModel = (ClassedModel)auditedModel;
068    
069                    if (serviceContext.isAddGroupPermissions() ||
070                            serviceContext.isAddGuestPermissions()) {
071    
072                            addResources(
073                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
074                                    auditedModel.getUserId(), classedModel.getModelClassName(),
075                                    String.valueOf(classedModel.getPrimaryKeyObj()), false,
076                                    serviceContext.isAddGroupPermissions(),
077                                    serviceContext.isAddGuestPermissions(),
078                                    getPermissionedModel(auditedModel));
079                    }
080                    else {
081                            if (serviceContext.isDeriveDefaultPermissions()) {
082                                    serviceContext.deriveDefaultPermissions(
083                                            getGroupId(auditedModel), classedModel.getModelClassName());
084                            }
085    
086                            addModelResources(
087                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
088                                    auditedModel.getUserId(), classedModel.getModelClassName(),
089                                    String.valueOf(classedModel.getPrimaryKeyObj()),
090                                    serviceContext.getGroupPermissions(),
091                                    serviceContext.getGuestPermissions(),
092                                    getPermissionedModel(auditedModel));
093                    }
094            }
095    
096            public void addModelResources(
097                            long companyId, long groupId, long userId, String name,
098                            long primKey, String[] groupPermissions, String[] guestPermissions)
099                    throws PortalException, SystemException {
100    
101                    addModelResources(
102                            companyId, groupId, userId, name, String.valueOf(primKey),
103                            groupPermissions, guestPermissions, null);
104            }
105    
106            public void addModelResources(
107                            long companyId, long groupId, long userId, String name,
108                            String primKey, String[] groupPermissions,
109                            String[] guestPermissions)
110                    throws PortalException, SystemException {
111    
112                    addModelResources(
113                            companyId, groupId, userId, name, primKey, groupPermissions,
114                            guestPermissions, null);
115            }
116    
117            public Resource addResource(
118                            long companyId, String name, int scope, String primKey)
119                    throws SystemException {
120    
121                    if (!PermissionThreadLocal.isAddResource()) {
122                            return null;
123                    }
124    
125                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
126                            return addResource_6(companyId, name, scope, primKey);
127                    }
128                    else {
129                            return addResource_1to5(companyId, name, scope, primKey);
130                    }
131            }
132    
133            public void addResources(
134                            long companyId, long groupId, long userId, String name,
135                            long primKey, boolean portletActions,
136                            boolean addGroupPermissions, boolean addGuestPermissions)
137                    throws PortalException, SystemException {
138    
139                    addResources(
140                            companyId, groupId, userId, name, String.valueOf(primKey),
141                            portletActions, addGroupPermissions, addGuestPermissions, null);
142            }
143    
144            public void addResources(
145                            long companyId, long groupId, long userId, String name,
146                            String primKey, boolean portletActions,
147                            boolean addGroupPermissions, boolean addGuestPermissions)
148                    throws PortalException, SystemException {
149    
150                    addResources(
151                            companyId, groupId, userId, name, primKey, portletActions,
152                            addGroupPermissions, addGuestPermissions, null);
153            }
154    
155            public void addResources(
156                            long companyId, long groupId, String name, boolean portletActions)
157                    throws PortalException, SystemException {
158    
159                    addResources(
160                            companyId, groupId, 0, name, null, portletActions, false, false);
161            }
162    
163            public void deleteResource(AuditedModel auditedModel, int scope)
164                    throws PortalException, SystemException {
165    
166                    ClassedModel classedModel = (ClassedModel)auditedModel;
167    
168                    deleteResource(
169                            auditedModel.getCompanyId(), classedModel.getModelClassName(),
170                            scope, String.valueOf(classedModel.getPrimaryKeyObj()),
171                            getPermissionedModel(auditedModel));
172            }
173    
174            @Override
175            public void deleteResource(long resourceId) throws SystemException {
176                    try {
177                            Resource resource = resourcePersistence.findByPrimaryKey(
178                                    resourceId);
179    
180                            deleteResource(resource);
181                    }
182                    catch (NoSuchResourceException nsre) {
183                            if (_log.isWarnEnabled()) {
184                                    _log.warn(nsre);
185                            }
186                    }
187            }
188    
189            public void deleteResource(
190                            long companyId, String name, int scope, long primKey)
191                    throws PortalException, SystemException {
192    
193                    deleteResource(companyId, name, scope, String.valueOf(primKey), null);
194            }
195    
196            public void deleteResource(
197                            long companyId, String name, int scope, String primKey)
198                    throws PortalException, SystemException {
199    
200                    deleteResource(companyId, name, scope, primKey, null);
201            }
202    
203            @Override
204            public void deleteResource(Resource resource) throws SystemException {
205    
206                    // Permissions
207    
208                    List<Permission> permissions = permissionPersistence.findByResourceId(
209                            resource.getResourceId());
210    
211                    for (Permission permission : permissions) {
212                            orgGroupPermissionPersistence.removeByPermissionId(
213                                    permission.getPermissionId());
214                    }
215    
216                    permissionPersistence.removeByResourceId(resource.getResourceId());
217    
218                    // Resource
219    
220                    resourcePersistence.remove(resource);
221            }
222    
223            public void deleteResources(String name) throws SystemException {
224                    List<Resource> resources = resourceFinder.findByName(name);
225    
226                    for (Resource resource : resources) {
227                            deleteResource(resource);
228                    }
229            }
230    
231            public Resource fetchResource(
232                            long companyId, String name, int scope, String primKey)
233                    throws SystemException {
234    
235                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
236                            return getResource_6(companyId, name, scope, primKey);
237                    }
238                    else {
239                            return fetchResource_1to5(companyId, name, scope, primKey);
240                    }
241            }
242    
243            public long getLatestResourceId() throws SystemException {
244                    List<Resource> resources = resourcePersistence.findAll(
245                            0, 1, new ResourceComparator());
246    
247                    if (resources.size() == 0) {
248                            return 0;
249                    }
250                    else {
251                            Resource resource = resources.get(0);
252    
253                            return resource.getResourceId();
254                    }
255            }
256    
257            @Override
258            public Resource getResource(long resourceId)
259                    throws PortalException, SystemException {
260    
261                    return resourcePersistence.findByPrimaryKey(resourceId);
262            }
263    
264            public Resource getResource(
265                            long companyId, String name, int scope, String primKey)
266                    throws PortalException, SystemException {
267    
268                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
269                            return getResource_6(companyId, name, scope, primKey);
270                    }
271                    else {
272                            return getResource_1to5(companyId, name, scope, primKey);
273                    }
274            }
275    
276            public List<Resource> getResources() throws SystemException {
277                    return resourcePersistence.findAll();
278            }
279    
280            public void updateModelResources(
281                            AuditedModel auditedModel, ServiceContext serviceContext)
282                    throws PortalException, SystemException {
283    
284                    ClassedModel classedModel = (ClassedModel)auditedModel;
285    
286                    updateResources(
287                            auditedModel.getCompanyId(), getGroupId(auditedModel),
288                            classedModel.getModelClassName(),
289                            String.valueOf(classedModel.getPrimaryKeyObj()),
290                            serviceContext.getGroupPermissions(),
291                            serviceContext.getGuestPermissions(),
292                            getPermissionedModel(auditedModel));
293            }
294    
295            public void updateResources(
296                            long companyId, long groupId, String name, long primKey,
297                            String[] groupPermissions, String[] guestPermissions)
298                    throws PortalException, SystemException {
299    
300                    updateResources(
301                            companyId, groupId, name, String.valueOf(primKey), groupPermissions,
302                            guestPermissions, null);
303            }
304    
305            public void updateResources(
306                            long companyId, long groupId, String name, String primKey,
307                            String[] groupPermissions, String[] guestPermissions)
308                    throws PortalException, SystemException {
309    
310                    updateResources(
311                            companyId, groupId, name, primKey, groupPermissions,
312                            guestPermissions, null);
313            }
314    
315            public void updateResources(
316                            long companyId, String name, int scope, String primKey,
317                            String newPrimKey)
318                    throws PortalException, SystemException {
319    
320                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
321                            if (resourceBlockLocalService.isSupported(name)) {
322    
323                                    // Assuming that this method is used when the primary key of an
324                                    // existing record is changed, then nothing needs to happen
325                                    // here, as it should still have its resource block ID.
326    
327                            }
328                            else {
329                                    updateResources_6(companyId, name, scope, primKey, newPrimKey);
330                            }
331                    }
332                    else {
333                            updateResources_1to5(companyId, name, scope, primKey, newPrimKey);
334                    }
335            }
336    
337            protected void addGroupPermissions(
338                            long companyId, long groupId, long userId, String name,
339                            Resource resource, boolean portletActions,
340                            PermissionedModel permissionedModel)
341                    throws PortalException, SystemException {
342    
343                    List<String> actions = null;
344    
345                    if (portletActions) {
346                            actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
347                                    name);
348                    }
349                    else {
350                            actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
351                                    name);
352                    }
353    
354                    String[] actionIds = actions.toArray(new String[actions.size()]);
355    
356                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
357                            if (resourceBlockLocalService.isSupported(name)) {
358                                    addGroupPermissions_6Blocks(
359                                            groupId, resource, actions, permissionedModel);
360                            }
361                            else {
362                                    addGroupPermissions_6(groupId, resource, actionIds);
363                            }
364                    }
365                    else {
366                            addGroupPermissions_1to5(
367                                    companyId, groupId, userId, name, resource, portletActions,
368                                    actionIds);
369                    }
370            }
371    
372            protected void addGroupPermissions_1to5(
373                            long companyId, long groupId, long userId, String name,
374                            Resource resource, boolean portletActions, String[] actionIds)
375                    throws PortalException, SystemException {
376    
377                    long resourceId = resource.getResourceId();
378                    String primKey = resource.getPrimKey();
379    
380                    List<Permission> groupPermissionsList =
381                            permissionLocalService.getPermissions(
382                                    companyId, actionIds, resourceId);
383    
384                    PermissionsListFilter permissionsListFilter =
385                            PermissionsListFilterFactory.getInstance();
386    
387                    groupPermissionsList =
388                            permissionsListFilter.filterGroupPermissions(
389                                    companyId, groupId, userId, name, primKey, portletActions,
390                                    groupPermissionsList);
391    
392                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
393                            Role role = roleLocalService.getDefaultGroupRole(groupId);
394    
395                            rolePersistence.addPermissions(
396                                    role.getRoleId(), groupPermissionsList);
397                    }
398                    else {
399                            groupPersistence.addPermissions(groupId, groupPermissionsList);
400                    }
401            }
402    
403            protected void addGroupPermissions_6(
404                            long groupId, Resource resource, String[] actionIds)
405                    throws PortalException, SystemException {
406    
407                    Role role = roleLocalService.getDefaultGroupRole(groupId);
408    
409                    resourcePermissionLocalService.setResourcePermissions(
410                            resource.getCompanyId(), resource.getName(), resource.getScope(),
411                            resource.getPrimKey(), role.getRoleId(), actionIds);
412            }
413    
414            protected void addGroupPermissions_6Blocks(
415                            long groupId, Resource resource, List<String> actionIds,
416                            PermissionedModel permissionedModel)
417                    throws PortalException, SystemException {
418    
419                    if (permissionedModel == null) {
420                            throw new IllegalArgumentException("Permissioned model is null");
421                    }
422    
423                    // Scope is assumed to always be individual
424    
425                    Role role = roleLocalService.getDefaultGroupRole(groupId);
426    
427                    resourceBlockLocalService.setIndividualScopePermissions(
428                            resource.getCompanyId(), groupId, resource.getName(),
429                            permissionedModel, role.getRoleId(), actionIds);
430            }
431    
432            protected void addGuestPermissions(
433                            long companyId, long groupId, long userId, String name,
434                            Resource resource, boolean portletActions,
435                            PermissionedModel permissionedModel)
436                    throws PortalException, SystemException {
437    
438                    List<String> actions = null;
439    
440                    if (portletActions) {
441                            actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
442                                    name);
443                    }
444                    else {
445                            actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
446                                    name);
447                    }
448    
449                    String[] actionIds = actions.toArray(new String[actions.size()]);
450    
451                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
452                            if (resourceBlockLocalService.isSupported(name)) {
453                                    addGuestPermissions_6Blocks(
454                                            companyId, groupId, resource, actions, permissionedModel);
455                            }
456                            else {
457                                    addGuestPermissions_6(companyId, resource, actionIds);
458                            }
459                    }
460                    else {
461                            addGuestPermissions_1to5(
462                                    companyId, groupId, userId, name, resource, portletActions,
463                                    actionIds);
464                    }
465            }
466    
467            protected void addGuestPermissions_1to5(
468                            long companyId, long groupId, long userId, String name,
469                            Resource resource, boolean portletActions, String[] actionIds)
470                    throws PortalException, SystemException {
471    
472                    List<Permission> guestPermissionsList =
473                            permissionLocalService.getPermissions(
474                                    companyId, actionIds, resource.getResourceId());
475    
476                    PermissionsListFilter permissionsListFilter =
477                            PermissionsListFilterFactory.getInstance();
478    
479                    guestPermissionsList =
480                            permissionsListFilter.filterGuestPermissions(
481                                    companyId, groupId, userId, name, resource.getPrimKey(),
482                                    portletActions, guestPermissionsList);
483    
484                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
485                            Role guestRole = roleLocalService.getRole(
486                                    companyId, RoleConstants.GUEST);
487    
488                            rolePersistence.addPermissions(
489                                    guestRole.getRoleId(), guestPermissionsList);
490                    }
491                    else {
492                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
493    
494                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
495                    }
496            }
497    
498            protected void addGuestPermissions_6(
499                            long companyId, Resource resource, String[] actionIds)
500                    throws PortalException, SystemException {
501    
502                    Role guestRole = roleLocalService.getRole(
503                            companyId, RoleConstants.GUEST);
504    
505                    resourcePermissionLocalService.setResourcePermissions(
506                            resource.getCompanyId(), resource.getName(), resource.getScope(),
507                            resource.getPrimKey(), guestRole.getRoleId(), actionIds);
508            }
509    
510            protected void addGuestPermissions_6Blocks(
511                            long companyId, long groupId, Resource resource,
512                            List<String> actionIds, PermissionedModel permissionedModel)
513                    throws PortalException, SystemException {
514    
515                    if (permissionedModel == null) {
516                            throw new IllegalArgumentException("Permissioned model is null");
517                    }
518    
519                    // Scope is assumed to always be individual
520    
521                    Role guestRole = roleLocalService.getRole(
522                            companyId, RoleConstants.GUEST);
523    
524                    resourceBlockLocalService.setIndividualScopePermissions(
525                            resource.getCompanyId(), groupId, resource.getName(),
526                            permissionedModel, guestRole.getRoleId(), actionIds);
527            }
528    
529            protected void addModelResources(
530                            long companyId, long groupId, long userId, String name,
531                            String primKey, String[] groupPermissions,
532                            String[] guestPermissions, PermissionedModel permissionedModel)
533                    throws PortalException, SystemException {
534    
535                    if (!PermissionThreadLocal.isAddResource()) {
536                            return;
537                    }
538    
539                    validate(name, false);
540    
541                    // Company
542    
543                    addResource(
544                            companyId, name, ResourceConstants.SCOPE_COMPANY,
545                            String.valueOf(companyId));
546    
547                    // Guest
548    
549                    Group guestGroup = groupLocalService.getGroup(
550                            companyId, GroupConstants.GUEST);
551    
552                    addResource(
553                            companyId, name, ResourceConstants.SCOPE_GROUP,
554                            String.valueOf(guestGroup.getGroupId()));
555    
556                    // Group
557    
558                    if ((groupId > 0) && (guestGroup.getGroupId() != groupId)) {
559                            addResource(
560                                    companyId, name, ResourceConstants.SCOPE_GROUP,
561                                    String.valueOf(groupId));
562                    }
563    
564                    if (primKey == null) {
565                            return;
566                    }
567    
568                    // Individual
569    
570                    Resource resource = addResource(
571                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
572    
573                    // Permissions
574    
575                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
576    
577                    PermissionThreadLocal.setIndexEnabled(false);
578    
579                    try {
580                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
581                                    addModelResources_6(
582                                            companyId, groupId, userId, resource, groupPermissions,
583                                            guestPermissions, permissionedModel);
584                            }
585                            else {
586                                    addModelResources_1to5(
587                                            companyId, groupId, userId, resource, groupPermissions,
588                                            guestPermissions);
589                            }
590                    }
591                    finally {
592                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
593    
594                            PermissionCacheUtil.clearCache();
595    
596                            SearchEngineUtil.updatePermissionFields(name, primKey);
597                    }
598            }
599    
600            protected void addModelResources_1to5(
601                            long companyId, long groupId, long userId, Resource resource,
602                            String[] groupPermissions, String[] guestPermissions)
603                    throws PortalException, SystemException {
604    
605                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
606    
607                    PermissionsListFilter permissionsListFilter =
608                            PermissionsListFilterFactory.getInstance();
609    
610                    List<Permission> permissionsList =
611                            permissionLocalService.addPermissions(
612                                    companyId, resource.getName(), resource.getResourceId(), false);
613    
614                    List<Permission> userPermissionsList =
615                            permissionsListFilter.filterUserPermissions(
616                                    companyId, groupId, userId, resource.getName(),
617                                    resource.getPrimKey(), false, permissionsList);
618    
619                    filterOwnerPermissions(resource.getName(), userPermissionsList);
620    
621                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
622    
623                            // Owner permissions
624    
625                            Role ownerRole = roleLocalService.getRole(
626                                    companyId, RoleConstants.OWNER);
627    
628                            rolePersistence.addPermissions(
629                                    ownerRole.getRoleId(), userPermissionsList);
630                    }
631                    else {
632    
633                            // User permissions
634    
635                            if ((userId > 0) && (userId != defaultUserId)) {
636                                    userPersistence.addPermissions(userId, userPermissionsList);
637                            }
638                    }
639    
640                    // Group permissions
641    
642                    if (groupId > 0) {
643                            if (groupPermissions == null) {
644                                    groupPermissions = new String[0];
645                            }
646    
647                            List<Permission> groupPermissionsList =
648                                    permissionLocalService.getPermissions(
649                                            companyId, groupPermissions, resource.getResourceId());
650    
651                            groupPermissionsList =
652                                    permissionsListFilter.filterGroupPermissions(
653                                            companyId, groupId, userId, resource.getName(),
654                                            resource.getPrimKey(), false, groupPermissionsList);
655    
656                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
657                                    Role role = roleLocalService.getDefaultGroupRole(groupId);
658    
659                                    rolePersistence.addPermissions(
660                                            role.getRoleId(), groupPermissionsList);
661                            }
662                            else {
663                                    groupPersistence.addPermissions(groupId, groupPermissionsList);
664                            }
665                    }
666    
667                    // Guest permissions
668    
669                    if (guestPermissions == null) {
670                            guestPermissions = new String[0];
671                    }
672    
673                    List<Permission> guestPermissionsList =
674                            permissionLocalService.getPermissions(
675                                    companyId, guestPermissions, resource.getResourceId());
676    
677                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
678                            companyId, groupId, userId, resource.getName(),
679                            resource.getPrimKey(), false, guestPermissionsList);
680    
681                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
682                            Role guestRole = roleLocalService.getRole(
683                                    companyId, RoleConstants.GUEST);
684    
685                            rolePersistence.addPermissions(
686                                    guestRole.getRoleId(), guestPermissionsList);
687                    }
688                    else {
689                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
690                    }
691            }
692    
693            protected void addModelResources_6(
694                            long companyId, long groupId, long userId, Resource resource,
695                            String[] groupPermissions, String[] guestPermissions,
696                            PermissionedModel permissionedModel)
697                    throws PortalException, SystemException {
698    
699                    // Owner permissions
700    
701                    Role ownerRole = roleLocalService.getRole(
702                            companyId, RoleConstants.OWNER);
703    
704                    List<String> ownerActionIds =
705                            ResourceActionsUtil.getModelResourceActions(resource.getName());
706    
707                    ownerActionIds = ListUtil.copy(ownerActionIds);
708    
709                    filterOwnerActions(resource.getName(), ownerActionIds);
710    
711                    String[] ownerPermissions =
712                            ownerActionIds.toArray(new String[ownerActionIds.size()]);
713    
714                    // Group permissions
715    
716                    Role defaultGroupRole = null;
717    
718                    if (groupId > 0) {
719                            defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
720    
721                            if (groupPermissions == null) {
722                                    groupPermissions = new String[0];
723                            }
724                    }
725    
726                    // Guest permissions
727    
728                    Role guestRole = roleLocalService.getRole(
729                            companyId, RoleConstants.GUEST);
730    
731                    if (guestPermissions == null) {
732                            guestPermissions = new String[0];
733                    }
734    
735                    if (resourceBlockLocalService.isSupported(resource.getName())) {
736    
737                            if (permissionedModel == null) {
738                                    throw new IllegalArgumentException(
739                                            "Permissioned model is null");
740                            }
741    
742                            // Scope is assumed to always be individual
743    
744                            resourceBlockLocalService.setIndividualScopePermissions(
745                                    resource.getCompanyId(), groupId, resource.getName(),
746                                    permissionedModel, ownerRole.getRoleId(), ownerActionIds);
747    
748                            if (groupId > 0) {
749                                    resourceBlockLocalService.setIndividualScopePermissions(
750                                            resource.getCompanyId(), groupId, resource.getName(),
751                                            permissionedModel, defaultGroupRole.getRoleId(),
752                                            Arrays.asList(groupPermissions));
753                            }
754    
755                            resourceBlockLocalService.setIndividualScopePermissions(
756                                    resource.getCompanyId(), groupId, resource.getName(),
757                                    permissionedModel, guestRole.getRoleId(),
758                                    Arrays.asList(guestPermissions));
759                    }
760                    else {
761                            resourcePermissionLocalService.setOwnerResourcePermissions(
762                                    resource.getCompanyId(), resource.getName(),
763                                    resource.getScope(), resource.getPrimKey(),
764                                    ownerRole.getRoleId(), userId, ownerPermissions);
765    
766                            if (groupId > 0) {
767                                    resourcePermissionLocalService.setResourcePermissions(
768                                            resource.getCompanyId(), resource.getName(),
769                                            resource.getScope(), resource.getPrimKey(),
770                                            defaultGroupRole.getRoleId(), groupPermissions);
771                            }
772    
773                            resourcePermissionLocalService.setResourcePermissions(
774                                    resource.getCompanyId(), resource.getName(),
775                                    resource.getScope(), resource.getPrimKey(),
776                                    guestRole.getRoleId(), guestPermissions);
777                    }
778            }
779    
780            protected Resource addResource_1to5(
781                            long companyId, String name, int scope, String primKey)
782                    throws SystemException {
783    
784                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
785                            companyId, name, scope);
786    
787                    long codeId = resourceCode.getCodeId();
788    
789                    Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
790    
791                    if (resource == null) {
792                            long resourceId = counterLocalService.increment(
793                                    Resource.class.getName());
794    
795                            resource = resourcePersistence.create(resourceId);
796    
797                            resource.setCodeId(codeId);
798                            resource.setPrimKey(primKey);
799    
800                            try {
801                                    resourcePersistence.update(resource, false);
802                            }
803                            catch (SystemException se) {
804                                    if (_log.isWarnEnabled()) {
805                                            _log.warn(
806                                                    "Add failed, fetch {codeId=" + codeId + ", primKey=" +
807                                                            primKey + "}");
808                                    }
809    
810                                    resource = resourcePersistence.fetchByC_P(
811                                            codeId, primKey, false);
812    
813                                    if (resource == null) {
814                                            throw se;
815                                    }
816                            }
817                    }
818    
819                    return resource;
820            }
821    
822            protected Resource addResource_6(
823                    long companyId, String name, int scope, String primKey) {
824    
825                    Resource resource = new ResourceImpl();
826    
827                    resource.setCompanyId(companyId);
828                    resource.setName(name);
829                    resource.setScope(scope);
830                    resource.setPrimKey(primKey);
831    
832                    return resource;
833            }
834    
835            protected void addResources(
836                            long companyId, long groupId, long userId, String name,
837                            String primKey, boolean portletActions, boolean addGroupPermissions,
838                            boolean addGuestPermissions, PermissionedModel permissionedModel)
839                    throws PortalException, SystemException {
840    
841                    if (!PermissionThreadLocal.isAddResource()) {
842                            return;
843                    }
844    
845                    validate(name, portletActions);
846    
847                    // Company
848    
849                    addResource(
850                            companyId, name, ResourceConstants.SCOPE_COMPANY,
851                            String.valueOf(companyId));
852    
853                    if (groupId > 0) {
854                            addResource(
855                                    companyId, name, ResourceConstants.SCOPE_GROUP,
856                                    String.valueOf(groupId));
857                    }
858    
859                    if (primKey == null) {
860                            return;
861                    }
862    
863                    // Individual
864    
865                    Resource resource = addResource(
866                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
867    
868                    // Permissions
869    
870                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
871    
872                    PermissionThreadLocal.setIndexEnabled(false);
873    
874                    List<ResourcePermission> resourcePermissions =
875                            resourcePermissionPersistence.findByC_N_S_P(
876                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
877    
878                    ResourcePermissionsThreadLocal.setResourcePermissions(
879                            resourcePermissions);
880    
881                    try {
882                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
883                                    addResources_6(
884                                            companyId, groupId, userId, resource, portletActions,
885                                            permissionedModel);
886                            }
887                            else {
888                                    addResources_1to5(
889                                            companyId, groupId, userId, resource, portletActions);
890                            }
891    
892                            // Group permissions
893    
894                            if ((groupId > 0) && addGroupPermissions) {
895                                    addGroupPermissions(
896                                            companyId, groupId, userId, name, resource, portletActions,
897                                            permissionedModel);
898                            }
899    
900                            // Guest permissions
901    
902                            if (addGuestPermissions) {
903    
904                                    // Don't add guest permissions when you've already added group
905                                    // permissions and the given group is the guest group.
906    
907                                    addGuestPermissions(
908                                            companyId, groupId, userId, name, resource, portletActions,
909                                            permissionedModel);
910                            }
911                    }
912                    finally {
913                            ResourcePermissionsThreadLocal.setResourcePermissions(null);
914    
915                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
916    
917                            PermissionCacheUtil.clearCache();
918    
919                            SearchEngineUtil.updatePermissionFields(name, primKey);
920                    }
921            }
922    
923            protected void addResources_1to5(
924                            long companyId, long groupId, long userId, Resource resource,
925                            boolean portletActions)
926                    throws PortalException, SystemException {
927    
928                    List<Permission> permissionsList =
929                            permissionLocalService.addPermissions(
930                                    companyId, resource.getName(), resource.getResourceId(),
931                                    portletActions);
932    
933                    PermissionsListFilter permissionsListFilter =
934                            PermissionsListFilterFactory.getInstance();
935    
936                    List<Permission> userPermissionsList =
937                            permissionsListFilter.filterUserPermissions(
938                                    companyId, groupId, userId, resource.getName(),
939                                    resource.getPrimKey(), portletActions, permissionsList);
940    
941                    filterOwnerPermissions(resource.getName(), userPermissionsList);
942    
943                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
944    
945                            // Owner permissions
946    
947                            Role ownerRole = roleLocalService.getRole(
948                                    companyId, RoleConstants.OWNER);
949    
950                            rolePersistence.addPermissions(
951                                    ownerRole.getRoleId(), userPermissionsList);
952                    }
953                    else {
954    
955                            // User permissions
956    
957                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
958    
959                            if ((userId > 0) && (userId != defaultUserId)) {
960                                    userPersistence.addPermissions(userId, userPermissionsList);
961                            }
962                    }
963            }
964    
965            protected void addResources_6(
966                            long companyId, long groupId, long userId, Resource resource,
967                            boolean portletActions, PermissionedModel permissionedModel)
968                    throws PortalException, SystemException {
969    
970                    List<String> actionIds = null;
971    
972                    if (portletActions) {
973                            actionIds = ResourceActionsUtil.getPortletResourceActions(
974                                    resource.getName());
975                    }
976                    else {
977                            actionIds = ResourceActionsUtil.getModelResourceActions(
978                                    resource.getName());
979    
980                            actionIds = ListUtil.copy(actionIds);
981    
982                            filterOwnerActions(resource.getName(), actionIds);
983                    }
984    
985                    Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
986    
987                    if (resourceBlockLocalService.isSupported(resource.getName())) {
988                            if (permissionedModel == null) {
989                                    throw new IllegalArgumentException(
990                                            "Permissioned model is null");
991                            }
992    
993                            // Scope is assumed to always be individual
994    
995                            resourceBlockLocalService.setIndividualScopePermissions(
996                                    resource.getCompanyId(), groupId, resource.getName(),
997                                    permissionedModel, role.getRoleId(), actionIds);
998                    }
999                    else {
1000                            resourcePermissionLocalService.setOwnerResourcePermissions(
1001                                    resource.getCompanyId(), resource.getName(),
1002                                    resource.getScope(), resource.getPrimKey(), role.getRoleId(),
1003                                    userId, actionIds.toArray(new String[actionIds.size()]));
1004                    }
1005            }
1006    
1007            protected void deleteResource(
1008                            long companyId, String name, int scope, String primKey,
1009                            PermissionedModel permissionedModel)
1010                    throws PortalException, SystemException{
1011    
1012                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1013                            if (resourceBlockLocalService.isSupported(name)) {
1014                                    if (permissionedModel == null) {
1015                                            throw new IllegalArgumentException(
1016                                                    "Permissioned model is null");
1017                                    }
1018    
1019                                    resourceBlockLocalService.releasePermissionedModelResourceBlock(
1020                                            permissionedModel);
1021    
1022                                    return;
1023                            }
1024                            else {
1025                                    resourcePermissionLocalService.deleteResourcePermissions(
1026                                            companyId, name, scope, primKey);
1027    
1028                                    return;
1029                            }
1030                    }
1031    
1032                    try {
1033                            Resource resource = getResource(companyId, name, scope, primKey);
1034    
1035                            deleteResource(resource.getResourceId());
1036                    }
1037                    catch (NoSuchResourceException nsre) {
1038                            if (_log.isWarnEnabled()) {
1039                                    _log.warn(nsre);
1040                            }
1041                    }
1042            }
1043    
1044            protected Resource fetchResource_1to5(
1045                            long companyId, String name, int scope, String primKey)
1046                    throws SystemException {
1047    
1048                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1049                            companyId, name, scope);
1050    
1051                    return resourcePersistence.fetchByC_P(
1052                            resourceCode.getCodeId(), primKey);
1053            }
1054    
1055            protected void filterOwnerActions(String name, List<String> actionIds) {
1056                    List<String> defaultOwnerActions =
1057                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1058    
1059                    if (defaultOwnerActions.isEmpty()) {
1060                            return;
1061                    }
1062    
1063                    Iterator<String> itr = actionIds.iterator();
1064    
1065                    while (itr.hasNext()) {
1066                            String actionId = itr.next();
1067    
1068                            if (!defaultOwnerActions.contains(actionId)) {
1069                                    itr.remove();
1070                            }
1071                    }
1072            }
1073    
1074            protected void filterOwnerPermissions(
1075                    String name, List<Permission> permissions) {
1076    
1077                    List<String> defaultOwnerActions =
1078                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1079    
1080                    if (defaultOwnerActions.isEmpty()) {
1081                            return;
1082                    }
1083    
1084                    Iterator<Permission> itr = permissions.iterator();
1085    
1086                    while (itr.hasNext()) {
1087                            Permission permission = itr.next();
1088    
1089                            String actionId = permission.getActionId();
1090    
1091                            if (!defaultOwnerActions.contains(actionId)) {
1092                                    itr.remove();
1093                            }
1094                    }
1095            }
1096    
1097            protected long getGroupId(AuditedModel auditedModel) {
1098                    long groupId = 0;
1099    
1100                    if (auditedModel instanceof GroupedModel) {
1101                            GroupedModel groupedModel = (GroupedModel)auditedModel;
1102    
1103                            groupId = groupedModel.getGroupId();
1104                    }
1105    
1106                    return groupId;
1107            }
1108    
1109            protected PermissionedModel getPermissionedModel(
1110                    AuditedModel auditedModel) {
1111    
1112                    PermissionedModel permissionedModel = null;
1113    
1114                    if (auditedModel instanceof PermissionedModel) {
1115                            permissionedModel = (PermissionedModel)auditedModel;
1116                    }
1117    
1118                    return permissionedModel;
1119            }
1120    
1121            protected Resource getResource_1to5(
1122                            long companyId, String name, int scope, String primKey)
1123                    throws PortalException, SystemException {
1124    
1125                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1126                            companyId, name, scope);
1127    
1128                    return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1129            }
1130    
1131            protected Resource getResource_6(
1132                    long companyId, String name, int scope, String primKey) {
1133    
1134                    Resource resource = new ResourceImpl();
1135    
1136                    resource.setCompanyId(companyId);
1137                    resource.setName(name);
1138                    resource.setScope(scope);
1139                    resource.setPrimKey(primKey);
1140    
1141                    return resource;
1142            }
1143    
1144            protected void updateResources(
1145                            long companyId, long groupId, String name, String primKey,
1146                            String[] groupPermissions, String[] guestPermissions,
1147                            PermissionedModel permissionedModel)
1148                    throws PortalException, SystemException {
1149    
1150                    Resource resource = getResource(
1151                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1152    
1153                    if (groupPermissions == null) {
1154                            groupPermissions = new String[0];
1155                    }
1156    
1157                    if (guestPermissions == null) {
1158                            guestPermissions = new String[0];
1159                    }
1160    
1161                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1162                            if (resourceBlockLocalService.isSupported(name)) {
1163                                    updateResources_6Blocks(
1164                                            companyId, groupId, resource, groupPermissions,
1165                                            guestPermissions, permissionedModel);
1166                            }
1167                            else {
1168                                    updateResources_6(
1169                                            companyId, groupId, resource, groupPermissions,
1170                                            guestPermissions);
1171                            }
1172                    }
1173                    else {
1174                            updateResources_1to5(
1175                                    companyId, groupId, resource, groupPermissions,
1176                                    guestPermissions);
1177                    }
1178            }
1179    
1180            protected void updateResources_1to5(
1181                            long companyId, long groupId, Resource resource,
1182                            String[] groupPermissions, String[] guestPermissions)
1183                    throws PortalException, SystemException {
1184    
1185                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1186    
1187                    permissionLocalService.setRolePermissions(
1188                            role.getRoleId(), groupPermissions, resource.getResourceId());
1189    
1190                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1191    
1192                    permissionLocalService.setRolePermissions(
1193                            role.getRoleId(), guestPermissions, resource.getResourceId());
1194            }
1195    
1196            protected void updateResources_1to5(
1197                            long companyId, String name, int scope, String primKey,
1198                            String newPrimKey)
1199                    throws PortalException, SystemException {
1200    
1201                    Resource resource = getResource(companyId, name, scope, primKey);
1202    
1203                    resource.setPrimKey(newPrimKey);
1204    
1205                    resourcePersistence.update(resource, false);
1206            }
1207    
1208            protected void updateResources_6(
1209                            long companyId, long groupId, Resource resource,
1210                            String[] groupPermissions, String[] guestPermissions)
1211                    throws PortalException, SystemException {
1212    
1213                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1214    
1215                    resourcePermissionLocalService.setResourcePermissions(
1216                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1217                            resource.getPrimKey(), role.getRoleId(), groupPermissions);
1218    
1219                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1220    
1221                    resourcePermissionLocalService.setResourcePermissions(
1222                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1223                            resource.getPrimKey(), role.getRoleId(), guestPermissions);
1224            }
1225    
1226            protected void updateResources_6(
1227                            long companyId, String name, int scope, String primKey,
1228                            String newPrimKey)
1229                    throws SystemException {
1230    
1231                    List<ResourcePermission> resourcePermissions =
1232                            resourcePermissionLocalService.getResourcePermissions(
1233                                    companyId, name, scope, primKey);
1234    
1235                    for (ResourcePermission resourcePermission : resourcePermissions) {
1236                            resourcePermission.setPrimKey(newPrimKey);
1237    
1238                            resourcePermissionPersistence.update(resourcePermission, false);
1239                    }
1240            }
1241    
1242            protected void updateResources_6Blocks(
1243                            long companyId, long groupId, Resource resource,
1244                            String[] groupPermissions, String[] guestPermissions,
1245                            PermissionedModel permissionedModel)
1246                    throws PortalException, SystemException {
1247    
1248                    if (permissionedModel == null) {
1249                            throw new IllegalArgumentException("Permissioned model is null");
1250                    }
1251    
1252                    // Scope is assumed to always be individual
1253    
1254                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1255    
1256                    resourceBlockLocalService.setIndividualScopePermissions(
1257                            companyId, groupId, resource.getName(), permissionedModel,
1258                            role.getRoleId(), Arrays.asList(groupPermissions));
1259    
1260                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1261    
1262                    resourceBlockLocalService.setIndividualScopePermissions(
1263                            companyId, groupId, resource.getName(), permissionedModel,
1264                            role.getRoleId(), Arrays.asList(guestPermissions));
1265            }
1266    
1267            protected void validate(String name, boolean portletActions)
1268                    throws PortalException {
1269    
1270                    List<String> actions = null;
1271    
1272                    if (portletActions) {
1273                            actions = ResourceActionsUtil.getPortletResourceActions(name);
1274                    }
1275                    else {
1276                            actions = ResourceActionsUtil.getModelResourceActions(name);
1277                    }
1278    
1279                    if (actions.size() == 0) {
1280                            throw new ResourceActionsException(
1281                                    "There are no actions associated with the resource " + name);
1282                    }
1283            }
1284    
1285            private static Log _log = LogFactoryUtil.getLog(
1286                    ResourceLocalServiceImpl.class);
1287    
1288    }