001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchResourceException;
018    import com.liferay.portal.ResourceActionsException;
019    import com.liferay.portal.kernel.exception.PortalException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.search.SearchEngineUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.model.AuditedModel;
026    import com.liferay.portal.model.ClassedModel;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.GroupConstants;
029    import com.liferay.portal.model.GroupedModel;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.PermissionedModel;
032    import com.liferay.portal.model.Resource;
033    import com.liferay.portal.model.ResourceCode;
034    import com.liferay.portal.model.ResourceConstants;
035    import com.liferay.portal.model.ResourcePermission;
036    import com.liferay.portal.model.Role;
037    import com.liferay.portal.model.RoleConstants;
038    import com.liferay.portal.model.impl.ResourceImpl;
039    import com.liferay.portal.security.permission.PermissionCacheUtil;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.PermissionsListFilter;
042    import com.liferay.portal.security.permission.PermissionsListFilterFactory;
043    import com.liferay.portal.security.permission.ResourceActionsUtil;
044    import com.liferay.portal.service.ServiceContext;
045    import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
046    import com.liferay.portal.util.PropsValues;
047    import com.liferay.portal.util.ResourcePermissionsThreadLocal;
048    import com.liferay.portal.util.comparator.ResourceComparator;
049    
050    import java.util.Arrays;
051    import java.util.Iterator;
052    import java.util.List;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Wilson S. Man
057     * @author Raymond Augé
058     * @author Julio Camarero
059     * @author Connor McKay
060     */
061    public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
062    
063            public void addModelResources(
064                            AuditedModel auditedModel, ServiceContext serviceContext)
065                    throws PortalException, SystemException {
066    
067                    ClassedModel classedModel = (ClassedModel)auditedModel;
068    
069                    if (serviceContext.getAddGroupPermissions() ||
070                            serviceContext.getAddGuestPermissions()) {
071    
072                            addResources(
073                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
074                                    auditedModel.getUserId(), classedModel.getModelClassName(),
075                                    String.valueOf(classedModel.getPrimaryKeyObj()), false,
076                                    serviceContext.getAddGroupPermissions(),
077                                    serviceContext.getAddGuestPermissions(),
078                                    getPermissionedModel(auditedModel));
079                    }
080                    else {
081                            addModelResources(
082                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
083                                    auditedModel.getUserId(), classedModel.getModelClassName(),
084                                    String.valueOf(classedModel.getPrimaryKeyObj()),
085                                    serviceContext.getGroupPermissions(),
086                                    serviceContext.getGuestPermissions(),
087                                    getPermissionedModel(auditedModel));
088                    }
089            }
090    
091            public void addModelResources(
092                            long companyId, long groupId, long userId, String name,
093                            long primKey, String[] groupPermissions, String[] guestPermissions)
094                    throws PortalException, SystemException {
095    
096                    addModelResources(
097                            companyId, groupId, userId, name, String.valueOf(primKey),
098                            groupPermissions, guestPermissions, null);
099            }
100    
101            public void addModelResources(
102                            long companyId, long groupId, long userId, String name,
103                            String primKey, String[] groupPermissions,
104                            String[] guestPermissions)
105                    throws PortalException, SystemException {
106    
107                    addModelResources(
108                            companyId, groupId, userId, name, primKey, groupPermissions,
109                            guestPermissions, null);
110            }
111    
112            public Resource addResource(
113                            long companyId, String name, int scope, String primKey)
114                    throws SystemException {
115    
116                    if (!PermissionThreadLocal.isAddResource()) {
117                            return null;
118                    }
119    
120                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
121                            return addResource_6(companyId, name, scope, primKey);
122                    }
123                    else {
124                            return addResource_1to5(companyId, name, scope, primKey);
125                    }
126            }
127    
128            public void addResources(
129                            long companyId, long groupId, long userId, String name,
130                            long primKey, boolean portletActions,
131                            boolean addGroupPermissions, boolean addGuestPermissions)
132                    throws PortalException, SystemException {
133    
134                    addResources(
135                            companyId, groupId, userId, name, String.valueOf(primKey),
136                            portletActions, addGroupPermissions, addGuestPermissions, null);
137            }
138    
139            public void addResources(
140                            long companyId, long groupId, long userId, String name,
141                            String primKey, boolean portletActions,
142                            boolean addGroupPermissions, boolean addGuestPermissions)
143                    throws PortalException, SystemException {
144    
145                    addResources(
146                            companyId, groupId, userId, name, primKey, portletActions,
147                            addGroupPermissions, addGuestPermissions, null);
148            }
149    
150            public void addResources(
151                            long companyId, long groupId, String name, boolean portletActions)
152                    throws PortalException, SystemException {
153    
154                    addResources(
155                            companyId, groupId, 0, name, null, portletActions, false, false);
156            }
157    
158            public void deleteResource(AuditedModel auditedModel, int scope)
159                    throws PortalException, SystemException {
160    
161                    ClassedModel classedModel = (ClassedModel)auditedModel;
162    
163                    deleteResource(
164                            auditedModel.getCompanyId(), classedModel.getModelClassName(),
165                            scope, String.valueOf(classedModel.getPrimaryKeyObj()),
166                            getPermissionedModel(auditedModel));
167            }
168    
169            @Override
170            public void deleteResource(long resourceId) throws SystemException {
171                    try {
172                            Resource resource = resourcePersistence.findByPrimaryKey(
173                                    resourceId);
174    
175                            deleteResource(resource);
176                    }
177                    catch (NoSuchResourceException nsre) {
178                            if (_log.isWarnEnabled()) {
179                                    _log.warn(nsre);
180                            }
181                    }
182            }
183    
184            public void deleteResource(
185                            long companyId, String name, int scope, long primKey)
186                    throws PortalException, SystemException {
187    
188                    deleteResource(companyId, name, scope, String.valueOf(primKey), null);
189            }
190    
191            public void deleteResource(
192                            long companyId, String name, int scope, String primKey)
193                    throws PortalException, SystemException {
194    
195                    deleteResource(companyId, name, scope, primKey, null);
196            }
197    
198            @Override
199            public void deleteResource(Resource resource) throws SystemException {
200    
201                    // Permissions
202    
203                    List<Permission> permissions = permissionPersistence.findByResourceId(
204                            resource.getResourceId());
205    
206                    for (Permission permission : permissions) {
207                            orgGroupPermissionPersistence.removeByPermissionId(
208                                    permission.getPermissionId());
209                    }
210    
211                    permissionPersistence.removeByResourceId(resource.getResourceId());
212    
213                    // Resource
214    
215                    resourcePersistence.remove(resource);
216            }
217    
218            public void deleteResources(String name) throws SystemException {
219                    List<Resource> resources = resourceFinder.findByName(name);
220    
221                    for (Resource resource : resources) {
222                            deleteResource(resource);
223                    }
224            }
225    
226            public Resource fetchResource(
227                            long companyId, String name, int scope, String primKey)
228                    throws SystemException {
229    
230                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
231                            return getResource_6(companyId, name, scope, primKey);
232                    }
233                    else {
234                            return fetchResource_1to5(companyId, name, scope, primKey);
235                    }
236            }
237    
238            public long getLatestResourceId() throws SystemException {
239                    List<Resource> resources = resourcePersistence.findAll(
240                            0, 1, new ResourceComparator());
241    
242                    if (resources.size() == 0) {
243                            return 0;
244                    }
245                    else {
246                            Resource resource = resources.get(0);
247    
248                            return resource.getResourceId();
249                    }
250            }
251    
252            @Override
253            public Resource getResource(long resourceId)
254                    throws PortalException, SystemException {
255    
256                    return resourcePersistence.findByPrimaryKey(resourceId);
257            }
258    
259            public Resource getResource(
260                            long companyId, String name, int scope, String primKey)
261                    throws PortalException, SystemException {
262    
263                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
264                            return getResource_6(companyId, name, scope, primKey);
265                    }
266                    else {
267                            return getResource_1to5(companyId, name, scope, primKey);
268                    }
269            }
270    
271            public List<Resource> getResources() throws SystemException {
272                    return resourcePersistence.findAll();
273            }
274    
275            public void updateModelResources(
276                            AuditedModel auditedModel, ServiceContext serviceContext)
277                    throws PortalException, SystemException {
278    
279                    ClassedModel classedModel = (ClassedModel)auditedModel;
280    
281                    updateResources(
282                            auditedModel.getCompanyId(), getGroupId(auditedModel),
283                            classedModel.getModelClassName(),
284                            String.valueOf(classedModel.getPrimaryKeyObj()),
285                            serviceContext.getGroupPermissions(),
286                            serviceContext.getGuestPermissions(),
287                            getPermissionedModel(auditedModel));
288            }
289    
290            public void updateResources(
291                            long companyId, long groupId, String name, long primKey,
292                            String[] groupPermissions, String[] guestPermissions)
293                    throws PortalException, SystemException {
294    
295                    updateResources(
296                            companyId, groupId, name, String.valueOf(primKey), groupPermissions,
297                            guestPermissions, null);
298            }
299    
300            public void updateResources(
301                            long companyId, long groupId, String name, String primKey,
302                            String[] groupPermissions, String[] guestPermissions)
303                    throws PortalException, SystemException {
304    
305                    updateResources(
306                            companyId, groupId, name, primKey, groupPermissions,
307                            guestPermissions, null);
308            }
309    
310            public void updateResources(
311                            long companyId, String name, int scope, String primKey,
312                            String newPrimKey)
313                    throws PortalException, SystemException {
314    
315                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
316                            if (resourceBlockLocalService.isSupported(name)) {
317    
318                                    // Assuming that this method is used when the primary key of an
319                                    // existing record is changed, then nothing needs to happen
320                                    // here, as it should still have its resource block ID.
321    
322                            }
323                            else {
324                                    updateResources_6(companyId, name, scope, primKey, newPrimKey);
325                            }
326                    }
327                    else {
328                            updateResources_1to5(companyId, name, scope, primKey, newPrimKey);
329                    }
330            }
331    
332            protected void addGroupPermissions(
333                            long companyId, long groupId, long userId, String name,
334                            Resource resource, boolean portletActions,
335                            PermissionedModel permissionedModel)
336                    throws PortalException, SystemException {
337    
338                    List<String> actions = null;
339    
340                    if (portletActions) {
341                            actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
342                                    name);
343                    }
344                    else {
345                            actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
346                                    name);
347                    }
348    
349                    String[] actionIds = actions.toArray(new String[actions.size()]);
350    
351                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
352                            if (resourceBlockLocalService.isSupported(name)) {
353                                    addGroupPermissions_6Blocks(
354                                            groupId, resource, actions, permissionedModel);
355                            }
356                            else {
357                                    addGroupPermissions_6(groupId, resource, actionIds);
358                            }
359                    }
360                    else {
361                            addGroupPermissions_1to5(
362                                    companyId, groupId, userId, name, resource, portletActions,
363                                    actionIds);
364                    }
365            }
366    
367            protected void addGroupPermissions_1to5(
368                            long companyId, long groupId, long userId, String name,
369                            Resource resource, boolean portletActions, String[] actionIds)
370                    throws PortalException, SystemException {
371    
372                    long resourceId = resource.getResourceId();
373                    String primKey = resource.getPrimKey();
374    
375                    List<Permission> groupPermissionsList =
376                            permissionLocalService.getPermissions(
377                                    companyId, actionIds, resourceId);
378    
379                    PermissionsListFilter permissionsListFilter =
380                            PermissionsListFilterFactory.getInstance();
381    
382                    groupPermissionsList =
383                            permissionsListFilter.filterGroupPermissions(
384                                    companyId, groupId, userId, name, primKey, portletActions,
385                                    groupPermissionsList);
386    
387                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
388                            Role role = roleLocalService.getDefaultGroupRole(groupId);
389    
390                            rolePersistence.addPermissions(
391                                    role.getRoleId(), groupPermissionsList);
392                    }
393                    else {
394                            groupPersistence.addPermissions(groupId, groupPermissionsList);
395                    }
396            }
397    
398            protected void addGroupPermissions_6(
399                            long groupId, Resource resource, String[] actionIds)
400                    throws PortalException, SystemException {
401    
402                    Role role = roleLocalService.getDefaultGroupRole(groupId);
403    
404                    resourcePermissionLocalService.setResourcePermissions(
405                            resource.getCompanyId(), resource.getName(), resource.getScope(),
406                            resource.getPrimKey(), role.getRoleId(), actionIds);
407            }
408    
409            protected void addGroupPermissions_6Blocks(
410                            long groupId, Resource resource, List<String> actionIds,
411                            PermissionedModel permissionedModel)
412                    throws PortalException, SystemException {
413    
414                    if (permissionedModel == null) {
415                            throw new IllegalArgumentException("Permissioned model is null");
416                    }
417    
418                    // Scope is assumed to always be individual
419    
420                    Role role = roleLocalService.getDefaultGroupRole(groupId);
421    
422                    resourceBlockLocalService.setIndividualScopePermissions(
423                            resource.getCompanyId(), groupId, resource.getName(),
424                            permissionedModel, role.getRoleId(), actionIds);
425            }
426    
427            protected void addGuestPermissions(
428                            long companyId, long groupId, long userId, String name,
429                            Resource resource, boolean portletActions,
430                            PermissionedModel permissionedModel)
431                    throws PortalException, SystemException {
432    
433                    List<String> actions = null;
434    
435                    if (portletActions) {
436                            actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
437                                    name);
438                    }
439                    else {
440                            actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
441                                    name);
442                    }
443    
444                    String[] actionIds = actions.toArray(new String[actions.size()]);
445    
446                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
447                            if (resourceBlockLocalService.isSupported(name)) {
448                                    addGuestPermissions_6Blocks(
449                                            companyId, groupId, resource, actions, permissionedModel);
450                            }
451                            else {
452                                    addGuestPermissions_6(companyId, resource, actionIds);
453                            }
454                    }
455                    else {
456                            addGuestPermissions_1to5(
457                                    companyId, groupId, userId, name, resource, portletActions,
458                                    actionIds);
459                    }
460            }
461    
462            protected void addGuestPermissions_1to5(
463                            long companyId, long groupId, long userId, String name,
464                            Resource resource, boolean portletActions, String[] actionIds)
465                    throws PortalException, SystemException {
466    
467                    List<Permission> guestPermissionsList =
468                            permissionLocalService.getPermissions(
469                                    companyId, actionIds, resource.getResourceId());
470    
471                    PermissionsListFilter permissionsListFilter =
472                            PermissionsListFilterFactory.getInstance();
473    
474                    guestPermissionsList =
475                            permissionsListFilter.filterGuestPermissions(
476                                    companyId, groupId, userId, name, resource.getPrimKey(),
477                                    portletActions, guestPermissionsList);
478    
479                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
480                            Role guestRole = roleLocalService.getRole(
481                                    companyId, RoleConstants.GUEST);
482    
483                            rolePersistence.addPermissions(
484                                    guestRole.getRoleId(), guestPermissionsList);
485                    }
486                    else {
487                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
488    
489                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
490                    }
491            }
492    
493            protected void addGuestPermissions_6(
494                            long companyId, Resource resource, String[] actionIds)
495                    throws PortalException, SystemException {
496    
497                    Role guestRole = roleLocalService.getRole(
498                            companyId, RoleConstants.GUEST);
499    
500                    resourcePermissionLocalService.setResourcePermissions(
501                            resource.getCompanyId(), resource.getName(), resource.getScope(),
502                            resource.getPrimKey(), guestRole.getRoleId(), actionIds);
503            }
504    
505            protected void addGuestPermissions_6Blocks(
506                            long companyId, long groupId, Resource resource,
507                            List<String> actionIds, PermissionedModel permissionedModel)
508                    throws PortalException, SystemException {
509    
510                    if (permissionedModel == null) {
511                            throw new IllegalArgumentException("Permissioned model is null");
512                    }
513    
514                    // Scope is assumed to always be individual
515    
516                    Role guestRole = roleLocalService.getRole(
517                            companyId, RoleConstants.GUEST);
518    
519                    resourceBlockLocalService.setIndividualScopePermissions(
520                            resource.getCompanyId(), groupId, resource.getName(),
521                            permissionedModel, guestRole.getRoleId(), actionIds);
522            }
523    
524            protected void addModelResources(
525                            long companyId, long groupId, long userId, String name,
526                            String primKey, String[] groupPermissions,
527                            String[] guestPermissions, PermissionedModel permissionedModel)
528                    throws PortalException, SystemException {
529    
530                    if (!PermissionThreadLocal.isAddResource()) {
531                            return;
532                    }
533    
534                    validate(name, false);
535    
536                    // Company
537    
538                    addResource(
539                            companyId, name, ResourceConstants.SCOPE_COMPANY,
540                            String.valueOf(companyId));
541    
542                    // Guest
543    
544                    Group guestGroup = groupLocalService.getGroup(
545                            companyId, GroupConstants.GUEST);
546    
547                    addResource(
548                            companyId, name, ResourceConstants.SCOPE_GROUP,
549                            String.valueOf(guestGroup.getGroupId()));
550    
551                    // Group
552    
553                    if ((groupId > 0) && (guestGroup.getGroupId() != groupId)) {
554                            addResource(
555                                    companyId, name, ResourceConstants.SCOPE_GROUP,
556                                    String.valueOf(groupId));
557                    }
558    
559                    if (primKey == null) {
560                            return;
561                    }
562    
563                    // Individual
564    
565                    Resource resource = addResource(
566                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
567    
568                    // Permissions
569    
570                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
571    
572                    PermissionThreadLocal.setIndexEnabled(false);
573    
574                    try {
575                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
576                                    addModelResources_6(
577                                            companyId, groupId, userId, resource, groupPermissions,
578                                            guestPermissions, permissionedModel);
579                            }
580                            else {
581                                    addModelResources_1to5(
582                                            companyId, groupId, userId, resource, groupPermissions,
583                                            guestPermissions);
584                            }
585                    }
586                    finally {
587                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
588    
589                            PermissionCacheUtil.clearCache();
590    
591                            SearchEngineUtil.updatePermissionFields(name, primKey);
592                    }
593            }
594    
595            protected void addModelResources_1to5(
596                            long companyId, long groupId, long userId, Resource resource,
597                            String[] groupPermissions, String[] guestPermissions)
598                    throws PortalException, SystemException {
599    
600                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
601    
602                    PermissionsListFilter permissionsListFilter =
603                            PermissionsListFilterFactory.getInstance();
604    
605                    List<Permission> permissionsList =
606                            permissionLocalService.addPermissions(
607                                    companyId, resource.getName(), resource.getResourceId(), false);
608    
609                    List<Permission> userPermissionsList =
610                            permissionsListFilter.filterUserPermissions(
611                                    companyId, groupId, userId, resource.getName(),
612                                    resource.getPrimKey(), false, permissionsList);
613    
614                    filterOwnerPermissions(resource.getName(), userPermissionsList);
615    
616                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
617    
618                            // Owner permissions
619    
620                            Role ownerRole = roleLocalService.getRole(
621                                    companyId, RoleConstants.OWNER);
622    
623                            rolePersistence.addPermissions(
624                                    ownerRole.getRoleId(), userPermissionsList);
625                    }
626                    else {
627    
628                            // User permissions
629    
630                            if ((userId > 0) && (userId != defaultUserId)) {
631                                    userPersistence.addPermissions(userId, userPermissionsList);
632                            }
633                    }
634    
635                    // Group permissions
636    
637                    if (groupId > 0) {
638                            if (groupPermissions == null) {
639                                    groupPermissions = new String[0];
640                            }
641    
642                            List<Permission> groupPermissionsList =
643                                    permissionLocalService.getPermissions(
644                                            companyId, groupPermissions, resource.getResourceId());
645    
646                            groupPermissionsList =
647                                    permissionsListFilter.filterGroupPermissions(
648                                            companyId, groupId, userId, resource.getName(),
649                                            resource.getPrimKey(), false, groupPermissionsList);
650    
651                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
652                                    Role role = roleLocalService.getDefaultGroupRole(groupId);
653    
654                                    rolePersistence.addPermissions(
655                                            role.getRoleId(), groupPermissionsList);
656                            }
657                            else {
658                                    groupPersistence.addPermissions(groupId, groupPermissionsList);
659                            }
660                    }
661    
662                    // Guest permissions
663    
664                    if (guestPermissions == null) {
665                            guestPermissions = new String[0];
666                    }
667    
668                    List<Permission> guestPermissionsList =
669                            permissionLocalService.getPermissions(
670                                    companyId, guestPermissions, resource.getResourceId());
671    
672                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
673                            companyId, groupId, userId, resource.getName(),
674                            resource.getPrimKey(), false, guestPermissionsList);
675    
676                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
677                            Role guestRole = roleLocalService.getRole(
678                                    companyId, RoleConstants.GUEST);
679    
680                            rolePersistence.addPermissions(
681                                    guestRole.getRoleId(), guestPermissionsList);
682                    }
683                    else {
684                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
685                    }
686            }
687    
688            protected void addModelResources_6(
689                            long companyId, long groupId, long userId, Resource resource,
690                            String[] groupPermissions, String[] guestPermissions,
691                            PermissionedModel permissionedModel)
692                    throws PortalException, SystemException {
693    
694                    // Owner permissions
695    
696                    Role ownerRole = roleLocalService.getRole(
697                            companyId, RoleConstants.OWNER);
698    
699                    List<String> ownerActionIds =
700                            ResourceActionsUtil.getModelResourceActions(resource.getName());
701    
702                    ownerActionIds = ListUtil.copy(ownerActionIds);
703    
704                    filterOwnerActions(resource.getName(), ownerActionIds);
705    
706                    String[] ownerPermissions =
707                            ownerActionIds.toArray(new String[ownerActionIds.size()]);
708    
709                    // Group permissions
710    
711                    Role defaultGroupRole = null;
712    
713                    if (groupId > 0) {
714                            defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
715    
716                            if (groupPermissions == null) {
717                                    groupPermissions = new String[0];
718                            }
719                    }
720    
721                    // Guest permissions
722    
723                    Role guestRole = roleLocalService.getRole(
724                            companyId, RoleConstants.GUEST);
725    
726                    if (guestPermissions == null) {
727                            guestPermissions = new String[0];
728                    }
729    
730                    if (resourceBlockLocalService.isSupported(resource.getName())) {
731    
732                            if (permissionedModel == null) {
733                                    throw new IllegalArgumentException(
734                                            "Permissioned model is null");
735                            }
736    
737                            // Scope is assumed to always be individual
738    
739                            resourceBlockLocalService.setIndividualScopePermissions(
740                                    resource.getCompanyId(), groupId, resource.getName(),
741                                    permissionedModel, ownerRole.getRoleId(), ownerActionIds);
742    
743                            if (groupId > 0) {
744                                    resourceBlockLocalService.setIndividualScopePermissions(
745                                            resource.getCompanyId(), groupId, resource.getName(),
746                                            permissionedModel, defaultGroupRole.getRoleId(),
747                                            Arrays.asList(groupPermissions));
748                            }
749    
750                            resourceBlockLocalService.setIndividualScopePermissions(
751                                    resource.getCompanyId(), groupId, resource.getName(),
752                                    permissionedModel, guestRole.getRoleId(),
753                                    Arrays.asList(guestPermissions));
754                    }
755                    else {
756                            resourcePermissionLocalService.setOwnerResourcePermissions(
757                                    resource.getCompanyId(), resource.getName(),
758                                    resource.getScope(), resource.getPrimKey(),
759                                    ownerRole.getRoleId(), userId, ownerPermissions);
760    
761                            if (groupId > 0) {
762                                    resourcePermissionLocalService.setResourcePermissions(
763                                            resource.getCompanyId(), resource.getName(),
764                                            resource.getScope(), resource.getPrimKey(),
765                                            defaultGroupRole.getRoleId(), groupPermissions);
766                            }
767    
768                            resourcePermissionLocalService.setResourcePermissions(
769                                    resource.getCompanyId(), resource.getName(),
770                                    resource.getScope(), resource.getPrimKey(),
771                                    guestRole.getRoleId(), guestPermissions);
772                    }
773            }
774    
775            protected Resource addResource_1to5(
776                            long companyId, String name, int scope, String primKey)
777                    throws SystemException {
778    
779                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
780                            companyId, name, scope);
781    
782                    long codeId = resourceCode.getCodeId();
783    
784                    Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
785    
786                    if (resource == null) {
787                            long resourceId = counterLocalService.increment(
788                                    Resource.class.getName());
789    
790                            resource = resourcePersistence.create(resourceId);
791    
792                            resource.setCodeId(codeId);
793                            resource.setPrimKey(primKey);
794    
795                            try {
796                                    resourcePersistence.update(resource, false);
797                            }
798                            catch (SystemException se) {
799                                    if (_log.isWarnEnabled()) {
800                                            _log.warn(
801                                                    "Add failed, fetch {codeId=" + codeId + ", primKey=" +
802                                                            primKey + "}");
803                                    }
804    
805                                    resource = resourcePersistence.fetchByC_P(
806                                            codeId, primKey, false);
807    
808                                    if (resource == null) {
809                                            throw se;
810                                    }
811                            }
812                    }
813    
814                    return resource;
815            }
816    
817            protected Resource addResource_6(
818                    long companyId, String name, int scope, String primKey) {
819    
820                    Resource resource = new ResourceImpl();
821    
822                    resource.setCompanyId(companyId);
823                    resource.setName(name);
824                    resource.setScope(scope);
825                    resource.setPrimKey(primKey);
826    
827                    return resource;
828            }
829    
830            protected void addResources(
831                            long companyId, long groupId, long userId, String name,
832                            String primKey, boolean portletActions, boolean addGroupPermissions,
833                            boolean addGuestPermissions, PermissionedModel permissionedModel)
834                    throws PortalException, SystemException {
835    
836                    if (!PermissionThreadLocal.isAddResource()) {
837                            return;
838                    }
839    
840                    validate(name, portletActions);
841    
842                    // Company
843    
844                    addResource(
845                            companyId, name, ResourceConstants.SCOPE_COMPANY,
846                            String.valueOf(companyId));
847    
848                    if (groupId > 0) {
849                            addResource(
850                                    companyId, name, ResourceConstants.SCOPE_GROUP,
851                                    String.valueOf(groupId));
852                    }
853    
854                    if (primKey == null) {
855                            return;
856                    }
857    
858                    // Individual
859    
860                    Resource resource = addResource(
861                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
862    
863                    // Permissions
864    
865                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
866    
867                    PermissionThreadLocal.setIndexEnabled(false);
868    
869                    List<ResourcePermission> resourcePermissions =
870                            resourcePermissionPersistence.findByC_N_S_P(
871                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
872    
873                    ResourcePermissionsThreadLocal.setResourcePermissions(
874                            resourcePermissions);
875    
876                    try {
877                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
878                                    addResources_6(
879                                            companyId, groupId, userId, resource, portletActions,
880                                            permissionedModel);
881                            }
882                            else {
883                                    addResources_1to5(
884                                            companyId, groupId, userId, resource, portletActions);
885                            }
886    
887                            // Group permissions
888    
889                            if ((groupId > 0) && addGroupPermissions) {
890                                    addGroupPermissions(
891                                            companyId, groupId, userId, name, resource, portletActions,
892                                            permissionedModel);
893                            }
894    
895                            // Guest permissions
896    
897                            if (addGuestPermissions) {
898    
899                                    // Don't add guest permissions when you've already added group
900                                    // permissions and the given group is the guest group.
901    
902                                    addGuestPermissions(
903                                            companyId, groupId, userId, name, resource, portletActions,
904                                            permissionedModel);
905                            }
906                    }
907                    finally {
908                            ResourcePermissionsThreadLocal.setResourcePermissions(null);
909    
910                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
911    
912                            PermissionCacheUtil.clearCache();
913    
914                            SearchEngineUtil.updatePermissionFields(name, primKey);
915                    }
916            }
917    
918            protected void addResources_1to5(
919                            long companyId, long groupId, long userId, Resource resource,
920                            boolean portletActions)
921                    throws PortalException, SystemException {
922    
923                    List<Permission> permissionsList =
924                            permissionLocalService.addPermissions(
925                                    companyId, resource.getName(), resource.getResourceId(),
926                                    portletActions);
927    
928                    PermissionsListFilter permissionsListFilter =
929                            PermissionsListFilterFactory.getInstance();
930    
931                    List<Permission> userPermissionsList =
932                            permissionsListFilter.filterUserPermissions(
933                                    companyId, groupId, userId, resource.getName(),
934                                    resource.getPrimKey(), portletActions, permissionsList);
935    
936                    filterOwnerPermissions(resource.getName(), userPermissionsList);
937    
938                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
939    
940                            // Owner permissions
941    
942                            Role ownerRole = roleLocalService.getRole(
943                                    companyId, RoleConstants.OWNER);
944    
945                            rolePersistence.addPermissions(
946                                    ownerRole.getRoleId(), userPermissionsList);
947                    }
948                    else {
949    
950                            // User permissions
951    
952                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
953    
954                            if ((userId > 0) && (userId != defaultUserId)) {
955                                    userPersistence.addPermissions(userId, userPermissionsList);
956                            }
957                    }
958            }
959    
960            protected void addResources_6(
961                            long companyId, long groupId, long userId, Resource resource,
962                            boolean portletActions, PermissionedModel permissionedModel)
963                    throws PortalException, SystemException {
964    
965                    List<String> actionIds = null;
966    
967                    if (portletActions) {
968                            actionIds = ResourceActionsUtil.getPortletResourceActions(
969                                    resource.getName());
970                    }
971                    else {
972                            actionIds = ResourceActionsUtil.getModelResourceActions(
973                                    resource.getName());
974    
975                            actionIds = ListUtil.copy(actionIds);
976    
977                            filterOwnerActions(resource.getName(), actionIds);
978                    }
979    
980                    Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
981    
982                    if (resourceBlockLocalService.isSupported(resource.getName())) {
983                            if (permissionedModel == null) {
984                                    throw new IllegalArgumentException(
985                                            "Permissioned model is null");
986                            }
987    
988                            // Scope is assumed to always be individual
989    
990                            resourceBlockLocalService.setIndividualScopePermissions(
991                                    resource.getCompanyId(), groupId, resource.getName(),
992                                    permissionedModel, role.getRoleId(), actionIds);
993                    }
994                    else {
995                            resourcePermissionLocalService.setOwnerResourcePermissions(
996                                    resource.getCompanyId(), resource.getName(),
997                                    resource.getScope(), resource.getPrimKey(), role.getRoleId(),
998                                    userId, actionIds.toArray(new String[actionIds.size()]));
999                    }
1000            }
1001    
1002            protected void deleteResource(
1003                            long companyId, String name, int scope, String primKey,
1004                            PermissionedModel permissionedModel)
1005                    throws PortalException, SystemException{
1006    
1007                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1008                            if (resourceBlockLocalService.isSupported(name)) {
1009                                    if (permissionedModel == null) {
1010                                            throw new IllegalArgumentException(
1011                                                    "Permissioned model is null");
1012                                    }
1013    
1014                                    resourceBlockLocalService.releasePermissionedModelResourceBlock(
1015                                            permissionedModel);
1016    
1017                                    return;
1018                            }
1019                            else {
1020                                    resourcePermissionLocalService.deleteResourcePermissions(
1021                                            companyId, name, scope, primKey);
1022    
1023                                    return;
1024                            }
1025                    }
1026    
1027                    try {
1028                            Resource resource = getResource(companyId, name, scope, primKey);
1029    
1030                            deleteResource(resource.getResourceId());
1031                    }
1032                    catch (NoSuchResourceException nsre) {
1033                            if (_log.isWarnEnabled()) {
1034                                    _log.warn(nsre);
1035                            }
1036                    }
1037            }
1038    
1039            protected Resource fetchResource_1to5(
1040                            long companyId, String name, int scope, String primKey)
1041                    throws SystemException {
1042    
1043                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1044                            companyId, name, scope);
1045    
1046                    return resourcePersistence.fetchByC_P(
1047                            resourceCode.getCodeId(), primKey);
1048            }
1049    
1050            protected void filterOwnerActions(String name, List<String> actionIds) {
1051                    List<String> defaultOwnerActions =
1052                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1053    
1054                    if (defaultOwnerActions.isEmpty()) {
1055                            return;
1056                    }
1057    
1058                    Iterator<String> itr = actionIds.iterator();
1059    
1060                    while (itr.hasNext()) {
1061                            String actionId = itr.next();
1062    
1063                            if (!defaultOwnerActions.contains(actionId)) {
1064                                    itr.remove();
1065                            }
1066                    }
1067            }
1068    
1069            protected void filterOwnerPermissions(
1070                    String name, List<Permission> permissions) {
1071    
1072                    List<String> defaultOwnerActions =
1073                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1074    
1075                    if (defaultOwnerActions.isEmpty()) {
1076                            return;
1077                    }
1078    
1079                    Iterator<Permission> itr = permissions.iterator();
1080    
1081                    while (itr.hasNext()) {
1082                            Permission permission = itr.next();
1083    
1084                            String actionId = permission.getActionId();
1085    
1086                            if (!defaultOwnerActions.contains(actionId)) {
1087                                    itr.remove();
1088                            }
1089                    }
1090            }
1091    
1092            protected long getGroupId(AuditedModel auditedModel) {
1093                    long groupId = 0;
1094    
1095                    if (auditedModel instanceof GroupedModel) {
1096                            GroupedModel groupedModel = (GroupedModel)auditedModel;
1097    
1098                            groupId = groupedModel.getGroupId();
1099                    }
1100    
1101                    return groupId;
1102            }
1103    
1104            protected PermissionedModel getPermissionedModel(
1105                    AuditedModel auditedModel) {
1106    
1107                    PermissionedModel permissionedModel = null;
1108    
1109                    if (auditedModel instanceof PermissionedModel) {
1110                            permissionedModel = (PermissionedModel)auditedModel;
1111                    }
1112    
1113                    return permissionedModel;
1114            }
1115    
1116            protected Resource getResource_1to5(
1117                            long companyId, String name, int scope, String primKey)
1118                    throws PortalException, SystemException {
1119    
1120                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1121                            companyId, name, scope);
1122    
1123                    return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1124            }
1125    
1126            protected Resource getResource_6(
1127                    long companyId, String name, int scope, String primKey) {
1128    
1129                    Resource resource = new ResourceImpl();
1130    
1131                    resource.setCompanyId(companyId);
1132                    resource.setName(name);
1133                    resource.setScope(scope);
1134                    resource.setPrimKey(primKey);
1135    
1136                    return resource;
1137            }
1138    
1139            protected void updateResources(
1140                            long companyId, long groupId, String name, String primKey,
1141                            String[] groupPermissions, String[] guestPermissions,
1142                            PermissionedModel permissionedModel)
1143                    throws PortalException, SystemException {
1144    
1145                    Resource resource = getResource(
1146                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1147    
1148                    if (groupPermissions == null) {
1149                            groupPermissions = new String[0];
1150                    }
1151    
1152                    if (guestPermissions == null) {
1153                            guestPermissions = new String[0];
1154                    }
1155    
1156                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1157                            if (resourceBlockLocalService.isSupported(name)) {
1158                                    updateResources_6Blocks(
1159                                            companyId, groupId, resource, groupPermissions,
1160                                            guestPermissions, permissionedModel);
1161                            }
1162                            else {
1163                                    updateResources_6(
1164                                            companyId, groupId, resource, groupPermissions,
1165                                            guestPermissions);
1166                            }
1167                    }
1168                    else {
1169                            updateResources_1to5(
1170                                    companyId, groupId, resource, groupPermissions,
1171                                    guestPermissions);
1172                    }
1173            }
1174    
1175            protected void updateResources_1to5(
1176                            long companyId, long groupId, Resource resource,
1177                            String[] groupPermissions, String[] guestPermissions)
1178                    throws PortalException, SystemException {
1179    
1180                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1181    
1182                    permissionLocalService.setRolePermissions(
1183                            role.getRoleId(), groupPermissions, resource.getResourceId());
1184    
1185                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1186    
1187                    permissionLocalService.setRolePermissions(
1188                            role.getRoleId(), guestPermissions, resource.getResourceId());
1189            }
1190    
1191            protected void updateResources_1to5(
1192                            long companyId, String name, int scope, String primKey,
1193                            String newPrimKey)
1194                    throws PortalException, SystemException {
1195    
1196                    Resource resource = getResource(companyId, name, scope, primKey);
1197    
1198                    resource.setPrimKey(newPrimKey);
1199    
1200                    resourcePersistence.update(resource, false);
1201            }
1202    
1203            protected void updateResources_6(
1204                            long companyId, long groupId, Resource resource,
1205                            String[] groupPermissions, String[] guestPermissions)
1206                    throws PortalException, SystemException {
1207    
1208                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1209    
1210                    resourcePermissionLocalService.setResourcePermissions(
1211                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1212                            resource.getPrimKey(), role.getRoleId(), groupPermissions);
1213    
1214                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1215    
1216                    resourcePermissionLocalService.setResourcePermissions(
1217                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1218                            resource.getPrimKey(), role.getRoleId(), guestPermissions);
1219            }
1220    
1221            protected void updateResources_6(
1222                            long companyId, String name, int scope, String primKey,
1223                            String newPrimKey)
1224                    throws SystemException {
1225    
1226                    List<ResourcePermission> resourcePermissions =
1227                            resourcePermissionLocalService.getResourcePermissions(
1228                                    companyId, name, scope, primKey);
1229    
1230                    for (ResourcePermission resourcePermission : resourcePermissions) {
1231                            resourcePermission.setPrimKey(newPrimKey);
1232    
1233                            resourcePermissionPersistence.update(resourcePermission, false);
1234                    }
1235            }
1236    
1237            protected void updateResources_6Blocks(
1238                            long companyId, long groupId, Resource resource,
1239                            String[] groupPermissions, String[] guestPermissions,
1240                            PermissionedModel permissionedModel)
1241                    throws PortalException, SystemException {
1242    
1243                    if (permissionedModel == null) {
1244                            throw new IllegalArgumentException("Permissioned model is null");
1245                    }
1246    
1247                    // Scope is assumed to always be individual
1248    
1249                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1250    
1251                    resourceBlockLocalService.setIndividualScopePermissions(
1252                            companyId, groupId, resource.getName(), permissionedModel,
1253                            role.getRoleId(), Arrays.asList(groupPermissions));
1254    
1255                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1256    
1257                    resourceBlockLocalService.setIndividualScopePermissions(
1258                            companyId, groupId, resource.getName(), permissionedModel,
1259                            role.getRoleId(), Arrays.asList(guestPermissions));
1260            }
1261    
1262            protected void validate(String name, boolean portletActions)
1263                    throws PortalException {
1264    
1265                    List<String> actions = null;
1266    
1267                    if (portletActions) {
1268                            actions = ResourceActionsUtil.getPortletResourceActions(name);
1269                    }
1270                    else {
1271                            actions = ResourceActionsUtil.getModelResourceActions(name);
1272                    }
1273    
1274                    if (actions.size() == 0) {
1275                            throw new ResourceActionsException(
1276                                    "There are no actions associated with the resource " + name);
1277                    }
1278            }
1279    
1280            private static Log _log = LogFactoryUtil.getLog(
1281                    ResourceLocalServiceImpl.class);
1282    
1283    }