001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.RequiredUserException;
018    import com.liferay.portal.ReservedUserEmailAddressException;
019    import com.liferay.portal.UserEmailAddressException;
020    import com.liferay.portal.UserScreenNameException;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.kernel.exception.SystemException;
023    import com.liferay.portal.kernel.search.Indexer;
024    import com.liferay.portal.kernel.search.IndexerRegistryUtil;
025    import com.liferay.portal.kernel.util.ArrayUtil;
026    import com.liferay.portal.kernel.util.ParamUtil;
027    import com.liferay.portal.kernel.workflow.WorkflowConstants;
028    import com.liferay.portal.kernel.workflow.WorkflowThreadLocal;
029    import com.liferay.portal.model.Address;
030    import com.liferay.portal.model.Company;
031    import com.liferay.portal.model.CompanyConstants;
032    import com.liferay.portal.model.Contact;
033    import com.liferay.portal.model.EmailAddress;
034    import com.liferay.portal.model.Group;
035    import com.liferay.portal.model.GroupConstants;
036    import com.liferay.portal.model.Organization;
037    import com.liferay.portal.model.Phone;
038    import com.liferay.portal.model.Role;
039    import com.liferay.portal.model.User;
040    import com.liferay.portal.model.UserGroup;
041    import com.liferay.portal.model.UserGroupRole;
042    import com.liferay.portal.model.Website;
043    import com.liferay.portal.security.auth.PrincipalException;
044    import com.liferay.portal.security.permission.ActionKeys;
045    import com.liferay.portal.security.permission.PermissionChecker;
046    import com.liferay.portal.service.ServiceContext;
047    import com.liferay.portal.service.base.UserServiceBaseImpl;
048    import com.liferay.portal.service.permission.GroupPermissionUtil;
049    import com.liferay.portal.service.permission.OrganizationPermissionUtil;
050    import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
051    import com.liferay.portal.service.permission.PortalPermissionUtil;
052    import com.liferay.portal.service.permission.RolePermissionUtil;
053    import com.liferay.portal.service.permission.TeamPermissionUtil;
054    import com.liferay.portal.service.permission.UserGroupPermissionUtil;
055    import com.liferay.portal.service.permission.UserGroupRolePermissionUtil;
056    import com.liferay.portal.service.permission.UserPermissionUtil;
057    import com.liferay.portal.util.PropsValues;
058    import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
059    import com.liferay.portlet.usersadmin.util.UsersAdminUtil;
060    
061    import java.util.List;
062    import java.util.Locale;
063    
064    /**
065     * The implementation of the user remote service.
066     *
067     * @author Brian Wing Shun Chan
068     * @author Brian Myunghun Kim
069     * @author Scott Lee
070     * @author Jorge Ferrer
071     * @author Julio Camarero
072     */
073    public class UserServiceImpl extends UserServiceBaseImpl {
074    
075            /**
076             * Adds the users to the group.
077             *
078             * @param  groupId the primary key of the group
079             * @param  userIds the primary keys of the users
080             * @param  serviceContext the service context to be applied (optionally
081             *         <code>null</code>)
082             * @throws PortalException if a group or user with the primary key could not
083             *         be found, or if the user did not have permission to assign group
084             *         members
085             * @throws SystemException if a system exception occurred
086             */
087            @Override
088            public void addGroupUsers(
089                            long groupId, long[] userIds, ServiceContext serviceContext)
090                    throws PortalException, SystemException {
091    
092                    try {
093                            GroupPermissionUtil.check(
094                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
095                    }
096                    catch (PrincipalException pe) {
097    
098                            // Allow any user to join open sites
099    
100                            boolean hasPermission = false;
101    
102                            if (userIds.length == 0) {
103                                    hasPermission = true;
104                            }
105                            else if (userIds.length == 1) {
106                                    User user = getUser();
107    
108                                    if (user.getUserId() == userIds[0]) {
109                                            Group group = groupPersistence.findByPrimaryKey(groupId);
110    
111                                            if (user.getCompanyId() == group.getCompanyId()) {
112                                                    int type = group.getType();
113    
114                                                    if (type == GroupConstants.TYPE_SITE_OPEN) {
115                                                            hasPermission = true;
116                                                    }
117                                            }
118                                    }
119                            }
120    
121                            if (!hasPermission) {
122                                    throw new PrincipalException();
123                            }
124                    }
125    
126                    userLocalService.addGroupUsers(groupId, userIds);
127            }
128    
129            /**
130             * Adds the users to the organization.
131             *
132             * @param  organizationId the primary key of the organization
133             * @param  userIds the primary keys of the users
134             * @throws PortalException if an organization or user with the primary key
135             *         could not be found, if the user did not have permission to assign
136             *         organization members, or if current user did not have an
137             *         organization in common with a given user
138             * @throws SystemException if a system exception occurred
139             */
140            @Override
141            public void addOrganizationUsers(long organizationId, long[] userIds)
142                    throws PortalException, SystemException {
143    
144                    OrganizationPermissionUtil.check(
145                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
146    
147                    validateOrganizationUsers(userIds);
148    
149                    userLocalService.addOrganizationUsers(organizationId, userIds);
150            }
151    
152            /**
153             * Assigns the password policy to the users, removing any other currently
154             * assigned password policies.
155             *
156             * @param  passwordPolicyId the primary key of the password policy
157             * @param  userIds the primary keys of the users
158             * @throws PortalException if the user did not have permission to assign
159             *         policy members
160             * @throws SystemException if a system exception occurred
161             */
162            @Override
163            public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
164                    throws PortalException, SystemException {
165    
166                    PasswordPolicyPermissionUtil.check(
167                            getPermissionChecker(), passwordPolicyId,
168                            ActionKeys.ASSIGN_MEMBERS);
169    
170                    userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
171            }
172    
173            /**
174             * Adds the users to the role.
175             *
176             * @param  roleId the primary key of the role
177             * @param  userIds the primary keys of the users
178             * @throws PortalException if a role or user with the primary key could not
179             *         be found or if the user did not have permission to assign role
180             *         members
181             * @throws SystemException if a system exception occurred
182             */
183            @Override
184            public void addRoleUsers(long roleId, long[] userIds)
185                    throws PortalException, SystemException {
186    
187                    RolePermissionUtil.check(
188                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
189    
190                    userLocalService.addRoleUsers(roleId, userIds);
191            }
192    
193            /**
194             * Adds the users to the team.
195             *
196             * @param  teamId the primary key of the team
197             * @param  userIds the primary keys of the users
198             * @throws PortalException if a team or user with the primary key could not
199             *         be found or if the user did not have permission to assign team
200             *         members
201             * @throws SystemException if a system exception occurred
202             */
203            @Override
204            public void addTeamUsers(long teamId, long[] userIds)
205                    throws PortalException, SystemException {
206    
207                    TeamPermissionUtil.check(
208                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
209    
210                    userLocalService.addTeamUsers(teamId, userIds);
211            }
212    
213            /**
214             * Adds a user.
215             *
216             * <p>
217             * This method handles the creation and bookkeeping of the user including
218             * its resources, metadata, and internal data structures. It is not
219             * necessary to make subsequent calls to any methods to setup default
220             * groups, resources, etc.
221             * </p>
222             *
223             * @param  companyId the primary key of the user's company
224             * @param  autoPassword whether a password should be automatically generated
225             *         for the user
226             * @param  password1 the user's password
227             * @param  password2 the user's password confirmation
228             * @param  autoScreenName whether a screen name should be automatically
229             *         generated for the user
230             * @param  screenName the user's screen name
231             * @param  emailAddress the user's email address
232             * @param  facebookId the user's facebook ID
233             * @param  openId the user's OpenID
234             * @param  locale the user's locale
235             * @param  firstName the user's first name
236             * @param  middleName the user's middle name
237             * @param  lastName the user's last name
238             * @param  prefixId the user's name prefix ID
239             * @param  suffixId the user's name suffix ID
240             * @param  male whether the user is male
241             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
242             *         January)
243             * @param  birthdayDay the user's birthday day
244             * @param  birthdayYear the user's birthday year
245             * @param  jobTitle the user's job title
246             * @param  groupIds the primary keys of the user's groups
247             * @param  organizationIds the primary keys of the user's organizations
248             * @param  roleIds the primary keys of the roles this user possesses
249             * @param  userGroupIds the primary keys of the user's user groups
250             * @param  sendEmail whether to send the user an email notification about
251             *         their new account
252             * @param  serviceContext the user's service context (optionally
253             *         <code>null</code>). Can set the universally unique identifier
254             *         (with the <code>uuid</code> attribute), asset category IDs, asset
255             *         tag names, and expando bridge attributes for the user.
256             * @return the new user
257             * @throws PortalException if the user's information was invalid, if the
258             *         creator did not have permission to add users, or if the email
259             *         address was reserved
260             * @throws SystemException if a system exception occurred
261             */
262            @Override
263            public User addUser(
264                            long companyId, boolean autoPassword, String password1,
265                            String password2, boolean autoScreenName, String screenName,
266                            String emailAddress, long facebookId, String openId, Locale locale,
267                            String firstName, String middleName, String lastName, int prefixId,
268                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
269                            int birthdayYear, String jobTitle, long[] groupIds,
270                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
271                            boolean sendEmail, ServiceContext serviceContext)
272                    throws PortalException, SystemException {
273    
274                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
275    
276                    try {
277                            WorkflowThreadLocal.setEnabled(false);
278    
279                            return addUserWithWorkflow(
280                                    companyId, autoPassword, password1, password2, autoScreenName,
281                                    screenName, emailAddress, facebookId, openId, locale, firstName,
282                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
283                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
284                                    roleIds, userGroupIds, sendEmail, serviceContext);
285                    }
286                    finally {
287                            WorkflowThreadLocal.setEnabled(workflowEnabled);
288                    }
289            }
290    
291            /**
292             * Adds a user with additional parameters.
293             *
294             * <p>
295             * This method handles the creation and bookkeeping of the user including
296             * its resources, metadata, and internal data structures. It is not
297             * necessary to make subsequent calls to any methods to setup default
298             * groups, resources, etc.
299             * </p>
300             *
301             * @param  companyId the primary key of the user's company
302             * @param  autoPassword whether a password should be automatically generated
303             *         for the user
304             * @param  password1 the user's password
305             * @param  password2 the user's password confirmation
306             * @param  autoScreenName whether a screen name should be automatically
307             *         generated for the user
308             * @param  screenName the user's screen name
309             * @param  emailAddress the user's email address
310             * @param  facebookId the user's facebook ID
311             * @param  openId the user's OpenID
312             * @param  locale the user's locale
313             * @param  firstName the user's first name
314             * @param  middleName the user's middle name
315             * @param  lastName the user's last name
316             * @param  prefixId the user's name prefix ID
317             * @param  suffixId the user's name suffix ID
318             * @param  male whether the user is male
319             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
320             *         January)
321             * @param  birthdayDay the user's birthday day
322             * @param  birthdayYear the user's birthday year
323             * @param  jobTitle the user's job title
324             * @param  groupIds the primary keys of the user's groups
325             * @param  organizationIds the primary keys of the user's organizations
326             * @param  roleIds the primary keys of the roles this user possesses
327             * @param  userGroupIds the primary keys of the user's user groups
328             * @param  addresses the user's addresses
329             * @param  emailAddresses the user's email addresses
330             * @param  phones the user's phone numbers
331             * @param  websites the user's websites
332             * @param  announcementsDelivers the announcements deliveries
333             * @param  sendEmail whether to send the user an email notification about
334             *         their new account
335             * @param  serviceContext the user's service context (optionally
336             *         <code>null</code>). Can set the universally unique identifier
337             *         (with the <code>uuid</code> attribute), asset category IDs, asset
338             *         tag names, and expando bridge attributes for the user.
339             * @return the new user
340             * @throws PortalException if the user's information was invalid, if the
341             *         creator did not have permission to add users, if the email
342             *         address was reserved, or some other portal exception occurred
343             * @throws SystemException if a system exception occurred
344             */
345            @Override
346            public User addUser(
347                            long companyId, boolean autoPassword, String password1,
348                            String password2, boolean autoScreenName, String screenName,
349                            String emailAddress, long facebookId, String openId, Locale locale,
350                            String firstName, String middleName, String lastName, int prefixId,
351                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
352                            int birthdayYear, String jobTitle, long[] groupIds,
353                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
354                            List<Address> addresses, List<EmailAddress> emailAddresses,
355                            List<Phone> phones, List<Website> websites,
356                            List<AnnouncementsDelivery> announcementsDelivers,
357                            boolean sendEmail, ServiceContext serviceContext)
358                    throws PortalException, SystemException {
359    
360                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
361    
362                    try {
363                            WorkflowThreadLocal.setEnabled(false);
364    
365                            return addUserWithWorkflow(
366                                    companyId, autoPassword, password1, password2, autoScreenName,
367                                    screenName, emailAddress, facebookId, openId, locale, firstName,
368                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
369                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
370                                    roleIds, userGroupIds, addresses, emailAddresses, phones,
371                                    websites, announcementsDelivers, sendEmail, serviceContext);
372                    }
373                    finally {
374                            WorkflowThreadLocal.setEnabled(workflowEnabled);
375                    }
376            }
377    
378            /**
379             * Adds the users to the user group.
380             *
381             * @param  userGroupId the primary key of the user group
382             * @param  userIds the primary keys of the users
383             * @throws PortalException if a user group or user with the primary could
384             *         could not be found, or if the current user did not have
385             *         permission to assign group members
386             * @throws SystemException if a system exception occurred
387             */
388            @Override
389            public void addUserGroupUsers(long userGroupId, long[] userIds)
390                    throws PortalException, SystemException {
391    
392                    UserGroupPermissionUtil.check(
393                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
394    
395                    userLocalService.addUserGroupUsers(userGroupId, userIds);
396            }
397    
398            /**
399             * Adds a user with workflow.
400             *
401             * <p>
402             * This method handles the creation and bookkeeping of the user including
403             * its resources, metadata, and internal data structures. It is not
404             * necessary to make subsequent calls to any methods to setup default
405             * groups, resources, etc.
406             * </p>
407             *
408             * @param  companyId the primary key of the user's company
409             * @param  autoPassword whether a password should be automatically generated
410             *         for the user
411             * @param  password1 the user's password
412             * @param  password2 the user's password confirmation
413             * @param  autoScreenName whether a screen name should be automatically
414             *         generated for the user
415             * @param  screenName the user's screen name
416             * @param  emailAddress the user's email address
417             * @param  facebookId the user's facebook ID
418             * @param  openId the user's OpenID
419             * @param  locale the user's locale
420             * @param  firstName the user's first name
421             * @param  middleName the user's middle name
422             * @param  lastName the user's last name
423             * @param  prefixId the user's name prefix ID
424             * @param  suffixId the user's name suffix ID
425             * @param  male whether the user is male
426             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
427             *         January)
428             * @param  birthdayDay the user's birthday day
429             * @param  birthdayYear the user's birthday year
430             * @param  jobTitle the user's job title
431             * @param  groupIds the primary keys of the user's groups
432             * @param  organizationIds the primary keys of the user's organizations
433             * @param  roleIds the primary keys of the roles this user possesses
434             * @param  userGroupIds the primary keys of the user's user groups
435             * @param  sendEmail whether to send the user an email notification about
436             *         their new account
437             * @param  serviceContext the user's service context (optionally
438             *         <code>null</code>). Can set the universally unique identifier
439             *         (with the <code>uuid</code> attribute), asset category IDs, asset
440             *         tag names, and expando bridge attributes for the user.
441             * @return the new user
442             * @throws PortalException if the user's information was invalid, if the
443             *         creator did not have permission to add users, or if the email
444             *         address was reserved
445             * @throws SystemException if a system exception occurred
446             */
447            @Override
448            public User addUserWithWorkflow(
449                            long companyId, boolean autoPassword, String password1,
450                            String password2, boolean autoScreenName, String screenName,
451                            String emailAddress, long facebookId, String openId, Locale locale,
452                            String firstName, String middleName, String lastName, int prefixId,
453                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
454                            int birthdayYear, String jobTitle, long[] groupIds,
455                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
456                            boolean sendEmail, ServiceContext serviceContext)
457                    throws PortalException, SystemException {
458    
459                    long creatorUserId = 0;
460    
461                    try {
462                            creatorUserId = getGuestOrUserId();
463                    }
464                    catch (PrincipalException pe) {
465                    }
466    
467                    checkAddUserPermission(
468                            creatorUserId, companyId, emailAddress, groupIds, organizationIds,
469                            roleIds, userGroupIds, serviceContext);
470    
471                    return userLocalService.addUserWithWorkflow(
472                            creatorUserId, companyId, autoPassword, password1, password2,
473                            autoScreenName, screenName, emailAddress, facebookId, openId,
474                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
475                            birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
476                            organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
477            }
478    
479            /**
480             * Adds a user with workflow and additional parameters.
481             *
482             * <p>
483             * This method handles the creation and bookkeeping of the user including
484             * its resources, metadata, and internal data structures. It is not
485             * necessary to make subsequent calls to any methods to setup default
486             * groups, resources, etc.
487             * </p>
488             *
489             * @param  companyId the primary key of the user's company
490             * @param  autoPassword whether a password should be automatically generated
491             *         for the user
492             * @param  password1 the user's password
493             * @param  password2 the user's password confirmation
494             * @param  autoScreenName whether a screen name should be automatically
495             *         generated for the user
496             * @param  screenName the user's screen name
497             * @param  emailAddress the user's email address
498             * @param  facebookId the user's facebook ID
499             * @param  openId the user's OpenID
500             * @param  locale the user's locale
501             * @param  firstName the user's first name
502             * @param  middleName the user's middle name
503             * @param  lastName the user's last name
504             * @param  prefixId the user's name prefix ID
505             * @param  suffixId the user's name suffix ID
506             * @param  male whether the user is male
507             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
508             *         January)
509             * @param  birthdayDay the user's birthday day
510             * @param  birthdayYear the user's birthday year
511             * @param  jobTitle the user's job title
512             * @param  groupIds the primary keys of the user's groups
513             * @param  organizationIds the primary keys of the user's organizations
514             * @param  roleIds the primary keys of the roles this user possesses
515             * @param  userGroupIds the primary keys of the user's user groups
516             * @param  addresses the user's addresses
517             * @param  emailAddresses the user's email addresses
518             * @param  phones the user's phone numbers
519             * @param  websites the user's websites
520             * @param  announcementsDelivers the announcements deliveries
521             * @param  sendEmail whether to send the user an email notification about
522             *         their new account
523             * @param  serviceContext the user's service context (optionally
524             *         <code>null</code>). Can set the universally unique identifier
525             *         (with the <code>uuid</code> attribute), asset category IDs, asset
526             *         tag names, and expando bridge attributes for the user.
527             * @return the new user
528             * @throws PortalException if the user's information was invalid, if the
529             *         creator did not have permission to add users, if the email
530             *         address was reserved, or some other portal exception occurred
531             * @throws SystemException if a system exception occurred
532             */
533            @Override
534            public User addUserWithWorkflow(
535                            long companyId, boolean autoPassword, String password1,
536                            String password2, boolean autoScreenName, String screenName,
537                            String emailAddress, long facebookId, String openId, Locale locale,
538                            String firstName, String middleName, String lastName, int prefixId,
539                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
540                            int birthdayYear, String jobTitle, long[] groupIds,
541                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
542                            List<Address> addresses, List<EmailAddress> emailAddresses,
543                            List<Phone> phones, List<Website> websites,
544                            List<AnnouncementsDelivery> announcementsDelivers,
545                            boolean sendEmail, ServiceContext serviceContext)
546                    throws PortalException, SystemException {
547    
548                    boolean indexingEnabled = serviceContext.isIndexingEnabled();
549    
550                    serviceContext.setIndexingEnabled(false);
551    
552                    try {
553                            User user = addUserWithWorkflow(
554                                    companyId, autoPassword, password1, password2, autoScreenName,
555                                    screenName, emailAddress, facebookId, openId, locale, firstName,
556                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
557                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
558                                    roleIds, userGroupIds, sendEmail, serviceContext);
559    
560                            UsersAdminUtil.updateAddresses(
561                                    Contact.class.getName(), user.getContactId(), addresses);
562    
563                            UsersAdminUtil.updateEmailAddresses(
564                                    Contact.class.getName(), user.getContactId(), emailAddresses);
565    
566                            UsersAdminUtil.updatePhones(
567                                    Contact.class.getName(), user.getContactId(), phones);
568    
569                            UsersAdminUtil.updateWebsites(
570                                    Contact.class.getName(), user.getContactId(), websites);
571    
572                            updateAnnouncementsDeliveries(
573                                    user.getUserId(), announcementsDelivers);
574    
575                            if (indexingEnabled) {
576                                    Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(
577                                            User.class);
578    
579                                    indexer.reindex(user);
580                            }
581    
582                            return user;
583                    }
584                    finally {
585                            serviceContext.setIndexingEnabled(indexingEnabled);
586                    }
587            }
588    
589            /**
590             * Deletes the user's portrait image.
591             *
592             * @param  userId the primary key of the user
593             * @throws PortalException if a user with the primary key could not be
594             *         found, if the user's portrait could not be found, or if the
595             *         current user did not have permission to update the user
596             * @throws SystemException if a system exception occurred
597             */
598            @Override
599            public void deletePortrait(long userId)
600                    throws PortalException, SystemException {
601    
602                    UserPermissionUtil.check(
603                            getPermissionChecker(), userId, ActionKeys.UPDATE);
604    
605                    userLocalService.deletePortrait(userId);
606            }
607    
608            /**
609             * Removes the user from the role.
610             *
611             * @param  roleId the primary key of the role
612             * @param  userId the primary key of the user
613             * @throws PortalException if a role or user with the primary key could not
614             *         be found, or if the current user did not have permission to
615             *         assign role members
616             * @throws SystemException if a system exception occurred
617             */
618            @Override
619            public void deleteRoleUser(long roleId, long userId)
620                    throws PortalException, SystemException {
621    
622                    RolePermissionUtil.check(
623                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
624    
625                    userLocalService.deleteRoleUser(roleId, userId);
626            }
627    
628            /**
629             * Deletes the user.
630             *
631             * @param  userId the primary key of the user
632             * @throws PortalException if a user with the primary key could not be found
633             *         or if the current user did not have permission to delete the user
634             * @throws SystemException if a system exception occurred
635             */
636            @Override
637            public void deleteUser(long userId)
638                    throws PortalException, SystemException {
639    
640                    if (getUserId() == userId) {
641                            throw new RequiredUserException();
642                    }
643    
644                    UserPermissionUtil.check(
645                            getPermissionChecker(), userId, ActionKeys.DELETE);
646    
647                    userLocalService.deleteUser(userId);
648            }
649    
650            @Override
651            public List<User> getCompanyUsers(long companyId, int start, int end)
652                    throws PortalException, SystemException {
653    
654                    PermissionChecker permissionChecker = getPermissionChecker();
655    
656                    if (!permissionChecker.isCompanyAdmin(companyId)) {
657                            throw new PrincipalException();
658                    }
659    
660                    return userPersistence.findByCompanyId(companyId, start, end);
661            }
662    
663            @Override
664            public int getCompanyUsersCount(long companyId)
665                    throws PortalException, SystemException {
666    
667                    PermissionChecker permissionChecker = getPermissionChecker();
668    
669                    if (!permissionChecker.isCompanyAdmin(companyId)) {
670                            throw new PrincipalException();
671                    }
672    
673                    return userPersistence.countByCompanyId(companyId);
674            }
675    
676            /**
677             * Returns the primary key of the default user for the company.
678             *
679             * @param  companyId the primary key of the company
680             * @return the primary key of the default user for the company
681             * @throws PortalException if a default user for the company could not be
682             *         found
683             * @throws SystemException if a system exception occurred
684             */
685            @Override
686            public long getDefaultUserId(long companyId)
687                    throws PortalException, SystemException {
688    
689                    return userLocalService.getDefaultUserId(companyId);
690            }
691    
692            /**
693             * Returns the primary keys of all the users belonging to the group.
694             *
695             * @param  groupId the primary key of the group
696             * @return the primary keys of the users belonging to the group
697             * @throws PortalException if the current user did not have permission to
698             *         view group assignments
699             * @throws SystemException if a system exception occurred
700             */
701            @Override
702            public long[] getGroupUserIds(long groupId)
703                    throws PortalException, SystemException {
704    
705                    GroupPermissionUtil.check(
706                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
707    
708                    return userLocalService.getGroupUserIds(groupId);
709            }
710    
711            /**
712             * Returns all the users belonging to the group.
713             *
714             * @param  groupId the primary key of the group
715             * @return the users belonging to the group
716             * @throws PortalException if the current user did not have permission to
717             *         view group assignments
718             * @throws SystemException if a system exception occurred
719             */
720            @Override
721            public List<User> getGroupUsers(long groupId)
722                    throws PortalException, SystemException {
723    
724                    GroupPermissionUtil.check(
725                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
726    
727                    return userLocalService.getGroupUsers(groupId);
728            }
729    
730            /**
731             * Returns the primary keys of all the users belonging to the organization.
732             *
733             * @param  organizationId the primary key of the organization
734             * @return the primary keys of the users belonging to the organization
735             * @throws PortalException if the current user did not have permission to
736             *         view organization assignments
737             * @throws SystemException if a system exception occurred
738             */
739            @Override
740            public long[] getOrganizationUserIds(long organizationId)
741                    throws PortalException, SystemException {
742    
743                    OrganizationPermissionUtil.check(
744                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
745    
746                    return userLocalService.getOrganizationUserIds(organizationId);
747            }
748    
749            /**
750             * Returns all the users belonging to the organization.
751             *
752             * @param  organizationId the primary key of the organization
753             * @return users belonging to the organization
754             * @throws PortalException if the current user did not have permission to
755             *         view organization assignments
756             * @throws SystemException if a system exception occurred
757             */
758            @Override
759            public List<User> getOrganizationUsers(long organizationId)
760                    throws PortalException, SystemException {
761    
762                    OrganizationPermissionUtil.check(
763                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
764    
765                    return userLocalService.getOrganizationUsers(organizationId);
766            }
767    
768            /**
769             * Returns the primary keys of all the users belonging to the role.
770             *
771             * @param  roleId the primary key of the role
772             * @return the primary keys of the users belonging to the role
773             * @throws PortalException if the current user did not have permission to
774             *         view role members
775             * @throws SystemException if a system exception occurred
776             */
777            @Override
778            public long[] getRoleUserIds(long roleId)
779                    throws PortalException, SystemException {
780    
781                    RolePermissionUtil.check(
782                            getPermissionChecker(), roleId, ActionKeys.VIEW);
783    
784                    return userLocalService.getRoleUserIds(roleId);
785            }
786    
787            /**
788             * Returns the user with the email address.
789             *
790             * @param  companyId the primary key of the user's company
791             * @param  emailAddress the user's email address
792             * @return the user with the email address
793             * @throws PortalException if a user with the email address could not be
794             *         found or if the current user did not have permission to view the
795             *         user
796             * @throws SystemException if a system exception occurred
797             */
798            @Override
799            public User getUserByEmailAddress(long companyId, String emailAddress)
800                    throws PortalException, SystemException {
801    
802                    User user = userLocalService.getUserByEmailAddress(
803                            companyId, emailAddress);
804    
805                    UserPermissionUtil.check(
806                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
807    
808                    return user;
809            }
810    
811            /**
812             * Returns the user with the primary key.
813             *
814             * @param  userId the primary key of the user
815             * @return the user with the primary key
816             * @throws PortalException if a user with the primary key could not be found
817             *         or if the current user did not have permission to view the user
818             * @throws SystemException if a system exception occurred
819             */
820            @Override
821            public User getUserById(long userId)
822                    throws PortalException, SystemException {
823    
824                    User user = userPersistence.findByPrimaryKey(userId);
825    
826                    UserPermissionUtil.check(
827                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
828    
829                    return user;
830            }
831    
832            /**
833             * Returns the user with the screen name.
834             *
835             * @param  companyId the primary key of the user's company
836             * @param  screenName the user's screen name
837             * @return the user with the screen name
838             * @throws PortalException if a user with the screen name could not be found
839             *         or if the current user did not have permission to veiw the user
840             * @throws SystemException if a system exception occurred
841             */
842            @Override
843            public User getUserByScreenName(long companyId, String screenName)
844                    throws PortalException, SystemException {
845    
846                    User user = userLocalService.getUserByScreenName(companyId, screenName);
847    
848                    UserPermissionUtil.check(
849                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
850    
851                    return user;
852            }
853    
854            @Override
855            public List<User> getUserGroupUsers(long userGroupId)
856                    throws PortalException, SystemException {
857    
858                    UserGroupPermissionUtil.check(
859                            getPermissionChecker(), userGroupId, ActionKeys.VIEW_MEMBERS);
860    
861                    return userGroupPersistence.getUsers(userGroupId);
862            }
863    
864            /**
865             * Returns the primary key of the user with the email address.
866             *
867             * @param  companyId the primary key of the user's company
868             * @param  emailAddress the user's email address
869             * @return the primary key of the user with the email address
870             * @throws PortalException if a user with the email address could not be
871             *         found
872             * @throws SystemException if a system exception occurred
873             */
874            @Override
875            public long getUserIdByEmailAddress(long companyId, String emailAddress)
876                    throws PortalException, SystemException {
877    
878                    User user = getUserByEmailAddress(companyId, emailAddress);
879    
880                    UserPermissionUtil.check(
881                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
882    
883                    return user.getUserId();
884            }
885    
886            /**
887             * Returns the primary key of the user with the screen name.
888             *
889             * @param  companyId the primary key of the user's company
890             * @param  screenName the user's screen name
891             * @return the primary key of the user with the screen name
892             * @throws PortalException if a user with the screen name could not be found
893             * @throws SystemException if a system exception occurred
894             */
895            @Override
896            public long getUserIdByScreenName(long companyId, String screenName)
897                    throws PortalException, SystemException {
898    
899                    User user = getUserByScreenName(companyId, screenName);
900    
901                    UserPermissionUtil.check(
902                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
903    
904                    return user.getUserId();
905            }
906    
907            /**
908             * Returns <code>true</code> if the user is a member of the group.
909             *
910             * @param  groupId the primary key of the group
911             * @param  userId the primary key of the user
912             * @return <code>true</code> if the user is a member of the group;
913             *         <code>false</code> otherwise
914             * @throws PortalException if the current user did not have permission to
915             *         view the user or group members
916             * @throws SystemException if a system exception occurred
917             */
918            @Override
919            public boolean hasGroupUser(long groupId, long userId)
920                    throws PortalException, SystemException {
921    
922                    try {
923                            UserPermissionUtil.check(
924                                    getPermissionChecker(), userId, ActionKeys.VIEW);
925                    }
926                    catch (PrincipalException pe) {
927                            GroupPermissionUtil.check(
928                                    getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
929                    }
930    
931                    return userLocalService.hasGroupUser(groupId, userId);
932            }
933    
934            /**
935             * Returns <code>true</code> if the user is a member of the role.
936             *
937             * @param  roleId the primary key of the role
938             * @param  userId the primary key of the user
939             * @return <code>true</code> if the user is a member of the role;
940             *         <code>false</code> otherwise
941             * @throws PortalException if the current user did not have permission to
942             *         view the user or role members
943             * @throws SystemException if a system exception occurred
944             */
945            @Override
946            public boolean hasRoleUser(long roleId, long userId)
947                    throws PortalException, SystemException {
948    
949                    try {
950                            UserPermissionUtil.check(
951                                    getPermissionChecker(), userId, ActionKeys.VIEW);
952                    }
953                    catch (PrincipalException pe) {
954                            RolePermissionUtil.check(
955                                    getPermissionChecker(), roleId, ActionKeys.VIEW_MEMBERS);
956                    }
957    
958                    return userLocalService.hasRoleUser(roleId, userId);
959            }
960    
961            /**
962             * Returns <code>true</code> if the user has the role with the name,
963             * optionally through inheritance.
964             *
965             * @param  companyId the primary key of the role's company
966             * @param  name the name of the role (must be a regular role, not an
967             *         organization, site or provider role)
968             * @param  userId the primary key of the user
969             * @param  inherited whether to include roles inherited from organizations,
970             *         sites, etc.
971             * @return <code>true</code> if the user has the role; <code>false</code>
972             *         otherwise
973             * @throws PortalException if a role with the name could not be found
974             * @throws SystemException if a system exception occurred
975             */
976            @Override
977            public boolean hasRoleUser(
978                            long companyId, String name, long userId, boolean inherited)
979                    throws PortalException, SystemException {
980    
981                    try {
982                            UserPermissionUtil.check(
983                                    getPermissionChecker(), userId, ActionKeys.VIEW);
984                    }
985                    catch (PrincipalException pe) {
986                            Role role = roleLocalService.getRole(companyId, name);
987    
988                            RolePermissionUtil.check(
989                                    getPermissionChecker(), role.getRoleId(),
990                                    ActionKeys.VIEW_MEMBERS);
991                    }
992    
993                    return userLocalService.hasRoleUser(companyId, name, userId, inherited);
994            }
995    
996            /**
997             * Sets the users in the role, removing and adding users to the role as
998             * necessary.
999             *
1000             * @param  roleId the primary key of the role
1001             * @param  userIds the primary keys of the users
1002             * @throws PortalException if the current user did not have permission to
1003             *         assign role members
1004             * @throws SystemException if a system exception occurred
1005             */
1006            @Override
1007            public void setRoleUsers(long roleId, long[] userIds)
1008                    throws PortalException, SystemException {
1009    
1010                    RolePermissionUtil.check(
1011                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
1012    
1013                    userLocalService.setRoleUsers(roleId, userIds);
1014            }
1015    
1016            /**
1017             * Sets the users in the user group, removing and adding users to the user
1018             * group as necessary.
1019             *
1020             * @param  userGroupId the primary key of the user group
1021             * @param  userIds the primary keys of the users
1022             * @throws PortalException if the current user did not have permission to
1023             *         assign group members
1024             * @throws SystemException if a system exception occurred
1025             */
1026            @Override
1027            public void setUserGroupUsers(long userGroupId, long[] userIds)
1028                    throws PortalException, SystemException {
1029    
1030                    UserGroupPermissionUtil.check(
1031                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
1032    
1033                    userLocalService.setUserGroupUsers(userGroupId, userIds);
1034            }
1035    
1036            /**
1037             * Removes the users from the teams of a group.
1038             *
1039             * @param  groupId the primary key of the group
1040             * @param  userIds the primary keys of the users
1041             * @throws PortalException if the current user did not have permission to
1042             *         modify user group assignments
1043             * @throws SystemException if a system exception occurred
1044             */
1045            @Override
1046            public void unsetGroupTeamsUsers(long groupId, long[] userIds)
1047                    throws PortalException, SystemException {
1048    
1049                    UserGroupPermissionUtil.check(
1050                            getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1051    
1052                    userLocalService.unsetGroupTeamsUsers(groupId, userIds);
1053            }
1054    
1055            /**
1056             * Removes the users from the group.
1057             *
1058             * @param  groupId the primary key of the group
1059             * @param  userIds the primary keys of the users
1060             * @param  serviceContext the service context to be applied (optionally
1061             *         <code>null</code>)
1062             * @throws PortalException if the current user did not have permission to
1063             *         modify group assignments
1064             * @throws SystemException if a system exception occurred
1065             */
1066            @Override
1067            public void unsetGroupUsers(
1068                            long groupId, long[] userIds, ServiceContext serviceContext)
1069                    throws PortalException, SystemException {
1070    
1071                    try {
1072                            GroupPermissionUtil.check(
1073                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1074                    }
1075                    catch (PrincipalException pe) {
1076    
1077                            // Allow any user to leave open and restricted sites
1078    
1079                            boolean hasPermission = false;
1080    
1081                            if (userIds.length == 0) {
1082                                    hasPermission = true;
1083                            }
1084                            else if (userIds.length == 1) {
1085                                    User user = getUser();
1086    
1087                                    if (user.getUserId() == userIds[0]) {
1088                                            Group group = groupPersistence.findByPrimaryKey(groupId);
1089    
1090                                            if (user.getCompanyId() == group.getCompanyId()) {
1091                                                    int type = group.getType();
1092    
1093                                                    if ((type == GroupConstants.TYPE_SITE_OPEN) ||
1094                                                            (type == GroupConstants.TYPE_SITE_RESTRICTED)) {
1095    
1096                                                            hasPermission = true;
1097                                                    }
1098                                            }
1099                                    }
1100                            }
1101    
1102                            if (!hasPermission) {
1103                                    throw new PrincipalException();
1104                            }
1105                    }
1106    
1107                    userLocalService.unsetGroupUsers(groupId, userIds, serviceContext);
1108            }
1109    
1110            /**
1111             * Removes the users from the organization.
1112             *
1113             * @param  organizationId the primary key of the organization
1114             * @param  userIds the primary keys of the users
1115             * @throws PortalException if the current user did not have permission to
1116             *         modify organization assignments
1117             * @throws SystemException if a system exception occurred
1118             */
1119            @Override
1120            public void unsetOrganizationUsers(long organizationId, long[] userIds)
1121                    throws PortalException, SystemException {
1122    
1123                    OrganizationPermissionUtil.check(
1124                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
1125    
1126                    userLocalService.unsetOrganizationUsers(organizationId, userIds);
1127            }
1128    
1129            /**
1130             * Removes the users from the password policy.
1131             *
1132             * @param  passwordPolicyId the primary key of the password policy
1133             * @param  userIds the primary keys of the users
1134             * @throws PortalException if the current user did not have permission to
1135             *         modify policy assignments
1136             * @throws SystemException if a system exception occurred
1137             */
1138            @Override
1139            public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
1140                    throws PortalException, SystemException {
1141    
1142                    PasswordPolicyPermissionUtil.check(
1143                            getPermissionChecker(), passwordPolicyId,
1144                            ActionKeys.ASSIGN_MEMBERS);
1145    
1146                    userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
1147            }
1148    
1149            /**
1150             * Removes the users from the role.
1151             *
1152             * @param  roleId the primary key of the role
1153             * @param  userIds the primary keys of the users
1154             * @throws PortalException if the current user did not have permission to
1155             *         modify role assignments
1156             * @throws SystemException if a system exception occurred
1157             */
1158            @Override
1159            public void unsetRoleUsers(long roleId, long[] userIds)
1160                    throws PortalException, SystemException {
1161    
1162                    RolePermissionUtil.check(
1163                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
1164    
1165                    userLocalService.unsetRoleUsers(roleId, userIds);
1166            }
1167    
1168            /**
1169             * Removes the users from the team.
1170             *
1171             * @param  teamId the primary key of the team
1172             * @param  userIds the primary keys of the users
1173             * @throws PortalException if the current user did not have permission to
1174             *         modify team assignments
1175             * @throws SystemException if a system exception occurred
1176             */
1177            @Override
1178            public void unsetTeamUsers(long teamId, long[] userIds)
1179                    throws PortalException, SystemException {
1180    
1181                    TeamPermissionUtil.check(
1182                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
1183    
1184                    userLocalService.unsetTeamUsers(teamId, userIds);
1185            }
1186    
1187            /**
1188             * Removes the users from the user group.
1189             *
1190             * @param  userGroupId the primary key of the user group
1191             * @param  userIds the primary keys of the users
1192             * @throws PortalException if the current user did not have permission to
1193             *         modify user group assignments
1194             * @throws SystemException if a system exception occurred
1195             */
1196            @Override
1197            public void unsetUserGroupUsers(long userGroupId, long[] userIds)
1198                    throws PortalException, SystemException {
1199    
1200                    UserGroupPermissionUtil.check(
1201                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
1202    
1203                    userLocalService.unsetUserGroupUsers(userGroupId, userIds);
1204            }
1205    
1206            /**
1207             * Updates the user's response to the terms of use agreement.
1208             *
1209             * @param  userId the primary key of the user
1210             * @param  agreedToTermsOfUse whether the user has agree to the terms of use
1211             * @return the user
1212             * @throws PortalException if the current user did not have permission to
1213             *         update the user's agreement to terms-of-use
1214             * @throws SystemException if a system exception occurred
1215             */
1216            @Override
1217            public User updateAgreedToTermsOfUse(
1218                            long userId, boolean agreedToTermsOfUse)
1219                    throws PortalException, SystemException {
1220    
1221                    UserPermissionUtil.check(
1222                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1223    
1224                    return userLocalService.updateAgreedToTermsOfUse(
1225                            userId, agreedToTermsOfUse);
1226            }
1227    
1228            /**
1229             * Updates the user's email address.
1230             *
1231             * @param  userId the primary key of the user
1232             * @param  password the user's password
1233             * @param  emailAddress1 the user's new email address
1234             * @param  emailAddress2 the user's new email address confirmation
1235             * @param  serviceContext the service context to be applied. Must set the
1236             *         portal URL, main path, primary key of the layout, remote address,
1237             *         remote host, and agent for the user.
1238             * @return the user
1239             * @throws PortalException if a user with the primary key could not be found
1240             *         or if the current user did not have permission to update the user
1241             * @throws SystemException if a system exception occurred
1242             */
1243            @Override
1244            public User updateEmailAddress(
1245                            long userId, String password, String emailAddress1,
1246                            String emailAddress2, ServiceContext serviceContext)
1247                    throws PortalException, SystemException {
1248    
1249                    UserPermissionUtil.check(
1250                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1251    
1252                    User user = userPersistence.findByPrimaryKey(userId);
1253    
1254                    validateEmailAddress(user, emailAddress2);
1255    
1256                    return userLocalService.updateEmailAddress(
1257                            userId, password, emailAddress1, emailAddress2, serviceContext);
1258            }
1259    
1260            /**
1261             * Updates a user account that was automatically created when a guest user
1262             * participated in an action (e.g. posting a comment) and only provided his
1263             * name and email address.
1264             *
1265             * @param  companyId the primary key of the user's company
1266             * @param  autoPassword whether a password should be automatically generated
1267             *         for the user
1268             * @param  password1 the user's password
1269             * @param  password2 the user's password confirmation
1270             * @param  autoScreenName whether a screen name should be automatically
1271             *         generated for the user
1272             * @param  screenName the user's screen name
1273             * @param  emailAddress the user's email address
1274             * @param  facebookId the user's facebook ID
1275             * @param  openId the user's OpenID
1276             * @param  locale the user's locale
1277             * @param  firstName the user's first name
1278             * @param  middleName the user's middle name
1279             * @param  lastName the user's last name
1280             * @param  prefixId the user's name prefix ID
1281             * @param  suffixId the user's name suffix ID
1282             * @param  male whether the user is male
1283             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
1284             *         January)
1285             * @param  birthdayDay the user's birthday day
1286             * @param  birthdayYear the user's birthday year
1287             * @param  jobTitle the user's job title
1288             * @param  updateUserInformation whether to update the user's information
1289             * @param  sendEmail whether to send the user an email notification about
1290             *         their new account
1291             * @param  serviceContext the user's service context (optionally
1292             *         <code>null</code>). Can set the expando bridge attributes for the
1293             *         user.
1294             * @return the user
1295             * @throws PortalException if the user's information was invalid or if the
1296             *         email address was reserved
1297             * @throws SystemException if a system exception occurred
1298             */
1299            @Override
1300            public User updateIncompleteUser(
1301                            long companyId, boolean autoPassword, String password1,
1302                            String password2, boolean autoScreenName, String screenName,
1303                            String emailAddress, long facebookId, String openId, Locale locale,
1304                            String firstName, String middleName, String lastName, int prefixId,
1305                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
1306                            int birthdayYear, String jobTitle, boolean updateUserInformation,
1307                            boolean sendEmail, ServiceContext serviceContext)
1308                    throws PortalException, SystemException {
1309    
1310                    long creatorUserId = 0;
1311    
1312                    try {
1313                            creatorUserId = getGuestOrUserId();
1314                    }
1315                    catch (PrincipalException pe) {
1316                    }
1317    
1318                    checkAddUserPermission(
1319                            creatorUserId, companyId, emailAddress, null, null, null, null,
1320                            serviceContext);
1321    
1322                    return userLocalService.updateIncompleteUser(
1323                            creatorUserId, companyId, autoPassword, password1, password2,
1324                            autoScreenName, screenName, emailAddress, facebookId, openId,
1325                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
1326                            birthdayMonth, birthdayDay, birthdayYear, jobTitle,
1327                            updateUserInformation, sendEmail, serviceContext);
1328            }
1329    
1330            /**
1331             * Updates whether the user is locked out from logging in.
1332             *
1333             * @param  userId the primary key of the user
1334             * @param  lockout whether the user is locked out
1335             * @return the user
1336             * @throws PortalException if the user did not have permission to lock out
1337             *         the user
1338             * @throws SystemException if a system exception occurred
1339             */
1340            @Override
1341            public User updateLockoutById(long userId, boolean lockout)
1342                    throws PortalException, SystemException {
1343    
1344                    UserPermissionUtil.check(
1345                            getPermissionChecker(), userId, ActionKeys.DELETE);
1346    
1347                    return userLocalService.updateLockoutById(userId, lockout);
1348            }
1349    
1350            /**
1351             * Updates the user's OpenID.
1352             *
1353             * @param  userId the primary key of the user
1354             * @param  openId the new OpenID
1355             * @return the user
1356             * @throws PortalException if a user with the primary key could not be found
1357             *         or if the current user did not have permission to update the user
1358             * @throws SystemException if a system exception occurred
1359             */
1360            @Override
1361            public User updateOpenId(long userId, String openId)
1362                    throws PortalException, SystemException {
1363    
1364                    UserPermissionUtil.check(
1365                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1366    
1367                    return userLocalService.updateOpenId(userId, openId);
1368            }
1369    
1370            /**
1371             * Sets the organizations that the user is in, removing and adding
1372             * organizations as necessary.
1373             *
1374             * @param  userId the primary key of the user
1375             * @param  organizationIds the primary keys of the organizations
1376             * @param  serviceContext the service context to be applied. Must set
1377             *         whether user indexing is enabled.
1378             * @throws PortalException if a user with the primary key could not be found
1379             *         or if the current user did not have permission to update the user
1380             * @throws SystemException if a system exception occurred
1381             */
1382            @Override
1383            public void updateOrganizations(
1384                            long userId, long[] organizationIds, ServiceContext serviceContext)
1385                    throws PortalException, SystemException {
1386    
1387                    UserPermissionUtil.check(
1388                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1389    
1390                    checkOrganizations(userId, organizationIds);
1391    
1392                    userLocalService.updateOrganizations(
1393                            userId, organizationIds, serviceContext);
1394            }
1395    
1396            /**
1397             * Updates the user's password without tracking or validation of the change.
1398             *
1399             * @param  userId the primary key of the user
1400             * @param  password1 the user's new password
1401             * @param  password2 the user's new password confirmation
1402             * @param  passwordReset whether the user should be asked to reset their
1403             *         password the next time they log in
1404             * @return the user
1405             * @throws PortalException if a user with the primary key could not be found
1406             *         or if the current user did not have permission to update the user
1407             * @throws SystemException if a system exception occurred
1408             */
1409            @Override
1410            public User updatePassword(
1411                            long userId, String password1, String password2,
1412                            boolean passwordReset)
1413                    throws PortalException, SystemException {
1414    
1415                    UserPermissionUtil.check(
1416                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1417    
1418                    return userLocalService.updatePassword(
1419                            userId, password1, password2, passwordReset);
1420            }
1421    
1422            /**
1423             * Updates the user's portrait image.
1424             *
1425             * @param  userId the primary key of the user
1426             * @param  bytes the new portrait image data
1427             * @return the user
1428             * @throws PortalException if a user with the primary key could not be
1429             *         found, if the new portrait was invalid, or if the current user
1430             *         did not have permission to update the user
1431             * @throws SystemException if a system exception occurred
1432             */
1433            @Override
1434            public User updatePortrait(long userId, byte[] bytes)
1435                    throws PortalException, SystemException {
1436    
1437                    UserPermissionUtil.check(
1438                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1439    
1440                    return userLocalService.updatePortrait(userId, bytes);
1441            }
1442    
1443            /**
1444             * Updates the user's password reset question and answer.
1445             *
1446             * @param  userId the primary key of the user
1447             * @param  question the user's new password reset question
1448             * @param  answer the user's new password reset answer
1449             * @return the user
1450             * @throws PortalException if a user with the primary key could not be
1451             *         found, if the new question or answer were invalid, or if the
1452             *         current user did not have permission to update the user
1453             * @throws SystemException if a system exception occurred
1454             */
1455            @Override
1456            public User updateReminderQuery(long userId, String question, String answer)
1457                    throws PortalException, SystemException {
1458    
1459                    UserPermissionUtil.check(
1460                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1461    
1462                    return userLocalService.updateReminderQuery(userId, question, answer);
1463            }
1464    
1465            /**
1466             * Updates the user's screen name.
1467             *
1468             * @param  userId the primary key of the user
1469             * @param  screenName the user's new screen name
1470             * @return the user
1471             * @throws PortalException if a user with the primary key could not be
1472             *         found, if the new screen name was invalid, or if the current user
1473             *         did not have permission to update the user
1474             * @throws SystemException if a system exception occurred
1475             */
1476            @Override
1477            public User updateScreenName(long userId, String screenName)
1478                    throws PortalException, SystemException {
1479    
1480                    UserPermissionUtil.check(
1481                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1482    
1483                    return userLocalService.updateScreenName(userId, screenName);
1484            }
1485    
1486            /**
1487             * Updates the user's workflow status.
1488             *
1489             * @param  userId the primary key of the user
1490             * @param  status the user's new workflow status
1491             * @return the user
1492             * @throws PortalException if a user with the primary key could not be
1493             *         found, if the current user was updating her own status to
1494             *         anything but {@link WorkflowConstants.STATUS_APPROVED}, or if the
1495             *         current user did not have permission to update the user's
1496             *         workflow status.
1497             * @throws SystemException if a system exception occurred
1498             */
1499            @Override
1500            public User updateStatus(long userId, int status)
1501                    throws PortalException, SystemException {
1502    
1503                    if ((getUserId() == userId) &&
1504                            (status != WorkflowConstants.STATUS_APPROVED)) {
1505    
1506                            throw new RequiredUserException();
1507                    }
1508    
1509                    UserPermissionUtil.check(
1510                            getPermissionChecker(), userId, ActionKeys.DELETE);
1511    
1512                    return userLocalService.updateStatus(userId, status);
1513            }
1514    
1515            /**
1516             * Updates the user with additional parameters.
1517             *
1518             * @param  userId the primary key of the user
1519             * @param  oldPassword the user's old password
1520             * @param  newPassword1 the user's new password (optionally
1521             *         <code>null</code>)
1522             * @param  newPassword2 the user's new password confirmation (optionally
1523             *         <code>null</code>)
1524             * @param  passwordReset whether the user should be asked to reset their
1525             *         password the next time they login
1526             * @param  reminderQueryQuestion the user's new password reset question
1527             * @param  reminderQueryAnswer the user's new password reset answer
1528             * @param  screenName the user's new screen name
1529             * @param  emailAddress the user's new email address
1530             * @param  facebookId the user's new Facebook ID
1531             * @param  openId the user's new OpenID
1532             * @param  languageId the user's new language ID
1533             * @param  timeZoneId the user's new time zone ID
1534             * @param  greeting the user's new greeting
1535             * @param  comments the user's new comments
1536             * @param  firstName the user's new first name
1537             * @param  middleName the user's new middle name
1538             * @param  lastName the user's new last name
1539             * @param  prefixId the user's new name prefix ID
1540             * @param  suffixId the user's new name suffix ID
1541             * @param  male whether user is male
1542             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1543             *         for January)
1544             * @param  birthdayDay the user's new birthday day
1545             * @param  birthdayYear the user's birthday year
1546             * @param  smsSn the user's new SMS screen name
1547             * @param  aimSn the user's new AIM screen name
1548             * @param  facebookSn the user's new Facebook screen name
1549             * @param  icqSn the user's new ICQ screen name
1550             * @param  jabberSn the user's new Jabber screen name
1551             * @param  msnSn the user's new MSN screen name
1552             * @param  mySpaceSn the user's new MySpace screen name
1553             * @param  skypeSn the user's new Skype screen name
1554             * @param  twitterSn the user's new Twitter screen name
1555             * @param  ymSn the user's new Yahoo! Messenger screen name
1556             * @param  jobTitle the user's new job title
1557             * @param  groupIds the primary keys of the user's groups
1558             * @param  organizationIds the primary keys of the user's organizations
1559             * @param  roleIds the primary keys of the user's roles
1560             * @param  userGroupRoles the user user's group roles
1561             * @param  userGroupIds the primary keys of the user's user groups
1562             * @param  addresses the user's addresses
1563             * @param  emailAddresses the user's email addresses
1564             * @param  phones the user's phone numbers
1565             * @param  websites the user's websites
1566             * @param  announcementsDelivers the announcements deliveries
1567             * @param  serviceContext the user's service context (optionally
1568             *         <code>null</code>). Can set the universally unique identifier
1569             *         (with the <code>uuid</code> attribute), asset category IDs, asset
1570             *         tag names, and expando bridge attributes for the user.
1571             * @return the user
1572             * @throws PortalException if a user with the primary key could not be
1573             *         found, if the new information was invalid, or if the current user
1574             *         did not have permission to update the user
1575             * @throws SystemException if a system exception occurred
1576             */
1577            @Override
1578            public User updateUser(
1579                            long userId, String oldPassword, String newPassword1,
1580                            String newPassword2, boolean passwordReset,
1581                            String reminderQueryQuestion, String reminderQueryAnswer,
1582                            String screenName, String emailAddress, long facebookId,
1583                            String openId, String languageId, String timeZoneId,
1584                            String greeting, String comments, String firstName,
1585                            String middleName, String lastName, int prefixId, int suffixId,
1586                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1587                            String smsSn, String aimSn, String facebookSn, String icqSn,
1588                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1589                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1590                            long[] organizationIds, long[] roleIds,
1591                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1592                            List<Address> addresses, List<EmailAddress> emailAddresses,
1593                            List<Phone> phones, List<Website> websites,
1594                            List<AnnouncementsDelivery> announcementsDelivers,
1595                            ServiceContext serviceContext)
1596                    throws PortalException, SystemException {
1597    
1598                    UserPermissionUtil.check(
1599                            getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
1600    
1601                    User user = userPersistence.findByPrimaryKey(userId);
1602    
1603                    if (addresses != null) {
1604                            UsersAdminUtil.updateAddresses(
1605                                    Contact.class.getName(), user.getContactId(), addresses);
1606                    }
1607    
1608                    if (emailAddresses != null) {
1609                            UsersAdminUtil.updateEmailAddresses(
1610                                    Contact.class.getName(), user.getContactId(), emailAddresses);
1611                    }
1612    
1613                    if (phones != null) {
1614                            UsersAdminUtil.updatePhones(
1615                                    Contact.class.getName(), user.getContactId(), phones);
1616                    }
1617    
1618                    if (websites != null) {
1619                            UsersAdminUtil.updateWebsites(
1620                                    Contact.class.getName(), user.getContactId(), websites);
1621                    }
1622    
1623                    if (announcementsDelivers != null) {
1624                            updateAnnouncementsDeliveries(
1625                                    user.getUserId(), announcementsDelivers);
1626                    }
1627    
1628                    long curUserId = getUserId();
1629    
1630                    if (curUserId == userId) {
1631                            screenName = screenName.trim().toLowerCase();
1632    
1633                            if (!screenName.equalsIgnoreCase(user.getScreenName())) {
1634                                    validateScreenName(user, screenName);
1635                            }
1636    
1637                            emailAddress = emailAddress.trim().toLowerCase();
1638    
1639                            if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
1640                                    validateEmailAddress(user, emailAddress);
1641                            }
1642                    }
1643    
1644                    if (groupIds != null) {
1645                            groupIds = checkGroups(userId, groupIds);
1646                    }
1647    
1648                    if (organizationIds != null) {
1649                            organizationIds = checkOrganizations(userId, organizationIds);
1650                    }
1651    
1652                    if (roleIds != null) {
1653                            roleIds = checkRoles(userId, roleIds);
1654                    }
1655    
1656                    if (userGroupRoles != null) {
1657                            userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
1658                    }
1659    
1660                    if (userGroupIds != null) {
1661                            userGroupIds = checkUserGroupIds(userId, userGroupIds);
1662                    }
1663    
1664                    return userLocalService.updateUser(
1665                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1666                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1667                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1668                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1669                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1670                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1671                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1672                            userGroupIds, serviceContext);
1673            }
1674    
1675            /**
1676             * Updates the user.
1677             *
1678             * @param  userId the primary key of the user
1679             * @param  oldPassword the user's old password
1680             * @param  newPassword1 the user's new password (optionally
1681             *         <code>null</code>)
1682             * @param  newPassword2 the user's new password confirmation (optionally
1683             *         <code>null</code>)
1684             * @param  passwordReset whether the user should be asked to reset their
1685             *         password the next time they login
1686             * @param  reminderQueryQuestion the user's new password reset question
1687             * @param  reminderQueryAnswer the user's new password reset answer
1688             * @param  screenName the user's new screen name
1689             * @param  emailAddress the user's new email address
1690             * @param  facebookId the user's new Facebook ID
1691             * @param  openId the user's new OpenID
1692             * @param  languageId the user's new language ID
1693             * @param  timeZoneId the user's new time zone ID
1694             * @param  greeting the user's new greeting
1695             * @param  comments the user's new comments
1696             * @param  firstName the user's new first name
1697             * @param  middleName the user's new middle name
1698             * @param  lastName the user's new last name
1699             * @param  prefixId the user's new name prefix ID
1700             * @param  suffixId the user's new name suffix ID
1701             * @param  male whether user is male
1702             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1703             *         for January)
1704             * @param  birthdayDay the user's new birthday day
1705             * @param  birthdayYear the user's birthday year
1706             * @param  smsSn the user's new SMS screen name
1707             * @param  aimSn the user's new AIM screen name
1708             * @param  facebookSn the user's new Facebook screen name
1709             * @param  icqSn the user's new ICQ screen name
1710             * @param  jabberSn the user's new Jabber screen name
1711             * @param  msnSn the user's new MSN screen name
1712             * @param  mySpaceSn the user's new MySpace screen name
1713             * @param  skypeSn the user's new Skype screen name
1714             * @param  twitterSn the user's new Twitter screen name
1715             * @param  ymSn the user's new Yahoo! Messenger screen name
1716             * @param  jobTitle the user's new job title
1717             * @param  groupIds the primary keys of the user's groups
1718             * @param  organizationIds the primary keys of the user's organizations
1719             * @param  roleIds the primary keys of the user's roles
1720             * @param  userGroupRoles the user user's group roles
1721             * @param  userGroupIds the primary keys of the user's user groups
1722             * @param  serviceContext the user's service context (optionally
1723             *         <code>null</code>). Can set the universally unique identifier
1724             *         (with the <code>uuid</code> attribute), asset category IDs, asset
1725             *         tag names, and expando bridge attributes for the user.
1726             * @return the user
1727             * @throws PortalException if a user with the primary key could not be
1728             *         found, if the new information was invalid, or if the current user
1729             *         did not have permission to update the user
1730             * @throws SystemException if a system exception occurred
1731             */
1732            @Override
1733            public User updateUser(
1734                            long userId, String oldPassword, String newPassword1,
1735                            String newPassword2, boolean passwordReset,
1736                            String reminderQueryQuestion, String reminderQueryAnswer,
1737                            String screenName, String emailAddress, long facebookId,
1738                            String openId, String languageId, String timeZoneId,
1739                            String greeting, String comments, String firstName,
1740                            String middleName, String lastName, int prefixId, int suffixId,
1741                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1742                            String smsSn, String aimSn, String facebookSn, String icqSn,
1743                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1744                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1745                            long[] organizationIds, long[] roleIds,
1746                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1747                            ServiceContext serviceContext)
1748                    throws PortalException, SystemException {
1749    
1750                    return updateUser(
1751                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1752                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1753                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1754                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1755                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1756                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1757                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1758                            userGroupIds, null, null, null, null, null, serviceContext);
1759            }
1760    
1761            protected void checkAddUserPermission(
1762                            long creatorUserId, long companyId, String emailAddress,
1763                            long[] groupIds, long[] organizationIds, long[] roleIds,
1764                            long[] userGroupIds, ServiceContext serviceContext)
1765                    throws PortalException, SystemException {
1766    
1767                    Company company = companyPersistence.findByPrimaryKey(companyId);
1768    
1769                    if (groupIds != null) {
1770                            checkGroups(CompanyConstants.SYSTEM, groupIds);
1771                    }
1772    
1773                    if (organizationIds != null) {
1774                            checkOrganizations(CompanyConstants.SYSTEM, organizationIds);
1775                    }
1776    
1777                    if (roleIds != null) {
1778                            checkRoles(CompanyConstants.SYSTEM, roleIds);
1779                    }
1780    
1781                    if (userGroupIds != null) {
1782                            checkUserGroupIds(CompanyConstants.SYSTEM, userGroupIds);
1783                    }
1784    
1785                    boolean anonymousUser = ParamUtil.getBoolean(
1786                            serviceContext, "anonymousUser");
1787    
1788                    if (((creatorUserId != 0) &&
1789                             (creatorUserId != getDefaultUserId(companyId))) ||
1790                            (!company.isStrangers() && !anonymousUser)) {
1791    
1792                            if (!PortalPermissionUtil.contains(
1793                                            getPermissionChecker(), ActionKeys.ADD_USER) &&
1794                                    !OrganizationPermissionUtil.contains(
1795                                            getPermissionChecker(), organizationIds,
1796                                            ActionKeys.ASSIGN_MEMBERS)) {
1797    
1798                                    throw new PrincipalException();
1799                            }
1800                    }
1801    
1802                    if ((creatorUserId == 0) ||
1803                            (creatorUserId == getDefaultUserId(companyId))) {
1804    
1805                            if (!company.isStrangersWithMx() &&
1806                                    company.hasCompanyMx(emailAddress)) {
1807    
1808                                    throw new ReservedUserEmailAddressException();
1809                            }
1810                    }
1811            }
1812    
1813            protected long[] checkGroups(long userId, long[] groupIds)
1814                    throws PortalException, SystemException {
1815    
1816                    long[] oldGroupIds = null;
1817    
1818                    PermissionChecker permissionChecker = getPermissionChecker();
1819    
1820                    if (userId != CompanyConstants.SYSTEM) {
1821    
1822                            // Add back any groups that the administrator does not have the
1823                            // rights to remove and check that he has the permission to add a
1824                            // new group
1825    
1826                            List<Group> oldGroups = groupLocalService.getUserGroups(userId);
1827    
1828                            oldGroupIds = new long[oldGroups.size()];
1829    
1830                            for (int i = 0; i < oldGroups.size(); i++) {
1831                                    Group group = oldGroups.get(i);
1832    
1833                                    if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
1834                                            !GroupPermissionUtil.contains(
1835                                                    permissionChecker, group.getGroupId(),
1836                                                    ActionKeys.ASSIGN_MEMBERS)) {
1837    
1838                                            groupIds = ArrayUtil.append(groupIds, group.getGroupId());
1839                                    }
1840    
1841                                    oldGroupIds[i] = group.getGroupId();
1842                            }
1843                    }
1844    
1845                    for (long groupId : groupIds) {
1846                            if ((oldGroupIds == null) ||
1847                                    !ArrayUtil.contains(oldGroupIds, groupId)) {
1848    
1849                                    GroupPermissionUtil.check(
1850                                            permissionChecker, groupId, ActionKeys.ASSIGN_MEMBERS);
1851                            }
1852                    }
1853    
1854                    return groupIds;
1855            }
1856    
1857            protected long[] checkOrganizations(long userId, long[] organizationIds)
1858                    throws PortalException, SystemException {
1859    
1860                    long[] oldOrganizationIds = null;
1861    
1862                    PermissionChecker permissionChecker = getPermissionChecker();
1863    
1864                    if (userId != CompanyConstants.SYSTEM) {
1865    
1866                            // Add back any organizations that the administrator does not have
1867                            // the rights to remove and check that he has the permission to add
1868                            // a new organization
1869    
1870                            List<Organization> oldOrganizations =
1871                                    organizationLocalService.getUserOrganizations(userId);
1872    
1873                            oldOrganizationIds = new long[oldOrganizations.size()];
1874    
1875                            for (int i = 0; i < oldOrganizations.size(); i++) {
1876                                    Organization organization = oldOrganizations.get(i);
1877    
1878                                    if (!ArrayUtil.contains(
1879                                                    organizationIds, organization.getOrganizationId()) &&
1880                                            !OrganizationPermissionUtil.contains(
1881                                                    permissionChecker, organization.getOrganizationId(),
1882                                                    ActionKeys.ASSIGN_MEMBERS)) {
1883    
1884                                            organizationIds = ArrayUtil.append(
1885                                                    organizationIds, organization.getOrganizationId());
1886                                    }
1887    
1888                                    oldOrganizationIds[i] = organization.getOrganizationId();
1889                            }
1890                    }
1891    
1892                    for (long organizationId : organizationIds) {
1893                            if ((oldOrganizationIds == null) ||
1894                                    !ArrayUtil.contains(oldOrganizationIds, organizationId)) {
1895    
1896                                    OrganizationPermissionUtil.check(
1897                                            permissionChecker, organizationId,
1898                                            ActionKeys.ASSIGN_MEMBERS);
1899                            }
1900                    }
1901    
1902                    return organizationIds;
1903            }
1904    
1905            protected long[] checkRoles(long userId, long[] roleIds)
1906                    throws PrincipalException, SystemException {
1907    
1908                    long[] oldRoleIds = null;
1909    
1910                    PermissionChecker permissionChecker = getPermissionChecker();
1911    
1912                    if (userId != CompanyConstants.SYSTEM) {
1913    
1914                            // Add back any roles that the administrator does not have the
1915                            // rights to remove and check that he has the permission to add a
1916                            // new role
1917    
1918                            List<Role> oldRoles = roleLocalService.getUserRoles(userId);
1919    
1920                            oldRoleIds = new long[oldRoles.size()];
1921    
1922                            for (int i = 0; i < oldRoles.size(); i++) {
1923                                    Role role = oldRoles.get(i);
1924    
1925                                    if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
1926                                            !RolePermissionUtil.contains(
1927                                                    permissionChecker, role.getRoleId(),
1928                                                    ActionKeys.ASSIGN_MEMBERS)) {
1929    
1930                                            roleIds = ArrayUtil.append(roleIds, role.getRoleId());
1931                                    }
1932    
1933                                    oldRoleIds[i] = role.getRoleId();
1934                            }
1935                    }
1936    
1937                    for (long roleId : roleIds) {
1938                            if ((oldRoleIds == null) ||
1939                                    !ArrayUtil.contains(oldRoleIds, roleId)) {
1940    
1941                                    RolePermissionUtil.check(
1942                                            permissionChecker, roleId, ActionKeys.ASSIGN_MEMBERS);
1943                            }
1944                    }
1945    
1946                    return roleIds;
1947            }
1948    
1949            protected long[] checkUserGroupIds(long userId, long[] userGroupIds)
1950                    throws PortalException, SystemException {
1951    
1952                    long[] oldUserGroupIds = null;
1953    
1954                    PermissionChecker permissionChecker = getPermissionChecker();
1955    
1956                    if (userId != CompanyConstants.SYSTEM) {
1957    
1958                            // Add back any user groups that the administrator does not have the
1959                            // rights to remove and check that he has the permission to add a
1960                            // new user group
1961    
1962                            List<UserGroup> oldUserGroups =
1963                                    userGroupLocalService.getUserUserGroups(userId);
1964    
1965                            oldUserGroupIds = new long[oldUserGroups.size()];
1966    
1967                            for (int i = 0; i < oldUserGroups.size(); i++) {
1968                                    UserGroup userGroup = oldUserGroups.get(i);
1969    
1970                                    if (!ArrayUtil.contains(
1971                                                    userGroupIds, userGroup.getUserGroupId()) &&
1972                                            !UserGroupPermissionUtil.contains(
1973                                                    permissionChecker, userGroup.getUserGroupId(),
1974                                                    ActionKeys.ASSIGN_MEMBERS)) {
1975    
1976                                            userGroupIds = ArrayUtil.append(
1977                                                    userGroupIds, userGroup.getUserGroupId());
1978                                    }
1979    
1980                                    oldUserGroupIds[i] = userGroup.getUserGroupId();
1981                            }
1982                    }
1983    
1984                    for (long userGroupId : userGroupIds) {
1985                            if ((oldUserGroupIds == null) ||
1986                                    !ArrayUtil.contains(oldUserGroupIds, userGroupId)) {
1987    
1988                                    UserGroupPermissionUtil.check(
1989                                            permissionChecker, userGroupId, ActionKeys.ASSIGN_MEMBERS);
1990                            }
1991                    }
1992    
1993                    return userGroupIds;
1994            }
1995    
1996            protected List<UserGroupRole> checkUserGroupRoles(
1997                            long userId, List<UserGroupRole> userGroupRoles)
1998                    throws PortalException, SystemException {
1999    
2000                    List<UserGroupRole> oldUserGroupRoles = null;
2001    
2002                    PermissionChecker permissionChecker = getPermissionChecker();
2003    
2004                    if (userId != CompanyConstants.SYSTEM) {
2005    
2006                            // Add back any user group roles that the administrator does not
2007                            // have the rights to remove and check that he has the permission to
2008                            // add a new user group role
2009    
2010                            oldUserGroupRoles = userGroupRoleLocalService.getUserGroupRoles(
2011                                    userId);
2012    
2013                            for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
2014                                    if (!userGroupRoles.contains(oldUserGroupRole) &&
2015                                            !UserGroupRolePermissionUtil.contains(
2016                                                    permissionChecker, oldUserGroupRole.getGroupId(),
2017                                                    oldUserGroupRole.getRoleId())) {
2018    
2019                                            userGroupRoles.add(oldUserGroupRole);
2020                                    }
2021                            }
2022                    }
2023    
2024                    for (UserGroupRole userGroupRole : userGroupRoles) {
2025                            if ((oldUserGroupRoles == null) ||
2026                                    !oldUserGroupRoles.contains(userGroupRole)) {
2027    
2028                                    UserGroupRolePermissionUtil.check(
2029                                            permissionChecker, userGroupRole.getGroupId(),
2030                                            userGroupRole.getRoleId());
2031                            }
2032                    }
2033    
2034                    return userGroupRoles;
2035            }
2036    
2037            protected void updateAnnouncementsDeliveries(
2038                            long userId, List<AnnouncementsDelivery> announcementsDeliveries)
2039                    throws PortalException, SystemException {
2040    
2041                    for (AnnouncementsDelivery announcementsDelivery :
2042                                    announcementsDeliveries) {
2043    
2044                            announcementsDeliveryService.updateDelivery(
2045                                    userId, announcementsDelivery.getType(),
2046                                    announcementsDelivery.getEmail(),
2047                                    announcementsDelivery.getSms(),
2048                                    announcementsDelivery.getWebsite());
2049                    }
2050            }
2051    
2052            protected void validateEmailAddress(User user, String emailAddress)
2053                    throws PortalException, SystemException {
2054    
2055                    PermissionChecker permissionChecker = getPermissionChecker();
2056    
2057                    if (!UsersAdminUtil.hasUpdateEmailAddress(permissionChecker, user)) {
2058                            throw new UserEmailAddressException();
2059                    }
2060    
2061                    if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
2062                            Company company = companyPersistence.findByPrimaryKey(
2063                                    user.getCompanyId());
2064    
2065                            if (!company.isStrangersWithMx()) {
2066                                    throw new ReservedUserEmailAddressException();
2067                            }
2068                    }
2069            }
2070    
2071            protected void validateOrganizationUsers(long[] userIds)
2072                    throws PortalException, SystemException {
2073    
2074                    PermissionChecker permissionChecker = getPermissionChecker();
2075    
2076                    if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
2077                            permissionChecker.isCompanyAdmin()) {
2078    
2079                            return;
2080                    }
2081    
2082                    for (long userId : userIds) {
2083                            boolean allowed = false;
2084    
2085                            List<Organization> organizations =
2086                                    organizationLocalService.getUserOrganizations(userId);
2087    
2088                            for (Organization organization : organizations) {
2089                                    if (OrganizationPermissionUtil.contains(
2090                                                    permissionChecker, organization,
2091                                                    ActionKeys.MANAGE_USERS)) {
2092    
2093                                            allowed = true;
2094    
2095                                            break;
2096                                    }
2097                            }
2098    
2099                            if (!allowed) {
2100                                    throw new PrincipalException();
2101                            }
2102                    }
2103            }
2104    
2105            protected void validateScreenName(User user, String screenName)
2106                    throws PortalException, SystemException {
2107    
2108                    PermissionChecker permissionChecker = getPermissionChecker();
2109    
2110                    if (!UsersAdminUtil.hasUpdateScreenName(permissionChecker, user)) {
2111                            throw new UserScreenNameException();
2112                    }
2113            }
2114    
2115    }