001
014
015 package com.liferay.portal.lar;
016
017 import com.liferay.portal.NoSuchTeamException;
018 import com.liferay.portal.kernel.lar.PortletDataContext;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portal.kernel.util.KeyValuePair;
023 import com.liferay.portal.kernel.util.LocalizationUtil;
024 import com.liferay.portal.kernel.xml.Document;
025 import com.liferay.portal.kernel.xml.Element;
026 import com.liferay.portal.kernel.xml.SAXReaderUtil;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.Layout;
030 import com.liferay.portal.model.Portlet;
031 import com.liferay.portal.model.PortletConstants;
032 import com.liferay.portal.model.Resource;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.RoleConstants;
036 import com.liferay.portal.model.Team;
037 import com.liferay.portal.model.User;
038 import com.liferay.portal.service.GroupLocalServiceUtil;
039 import com.liferay.portal.service.PermissionLocalServiceUtil;
040 import com.liferay.portal.service.PortletLocalServiceUtil;
041 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
042 import com.liferay.portal.service.RoleLocalServiceUtil;
043 import com.liferay.portal.service.TeamLocalServiceUtil;
044 import com.liferay.portal.service.permission.PortletPermissionUtil;
045 import com.liferay.portal.util.PropsValues;
046
047 import java.util.ArrayList;
048 import java.util.HashMap;
049 import java.util.List;
050 import java.util.Locale;
051 import java.util.Map;
052
053
064 public class PermissionImporter {
065
066 protected List<String> getActions(Element element) {
067 List<String> actions = new ArrayList<String>();
068
069 List<Element> actionKeyElements = element.elements("action-key");
070
071 for (Element actionKeyElement : actionKeyElements) {
072 actions.add(actionKeyElement.getText());
073 }
074
075 return actions;
076 }
077
078 protected void importGroupPermissions(
079 LayoutCache layoutCache, long companyId, long groupId,
080 String resourceName, String resourcePrimKey, Element parentElement,
081 String elementName, boolean portletActions)
082 throws Exception {
083
084 Element actionElement = parentElement.element(elementName);
085
086 if (actionElement == null) {
087 return;
088 }
089
090 List<String> actions = getActions(actionElement);
091
092 Resource resource = layoutCache.getResource(
093 companyId, groupId, resourceName,
094 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
095 portletActions);
096
097 PermissionLocalServiceUtil.setGroupPermissions(
098 groupId, actions.toArray(new String[actions.size()]),
099 resource.getResourceId());
100 }
101
102 protected void importGroupRoles(
103 LayoutCache layoutCache, long companyId, long groupId,
104 String resourceName, String entityName, Element parentElement)
105 throws Exception {
106
107 Element entityRolesElement = parentElement.element(
108 entityName + "-roles");
109
110 if (entityRolesElement == null) {
111 return;
112 }
113
114 importRolePermissions(
115 layoutCache, companyId, resourceName, ResourceConstants.SCOPE_GROUP,
116 String.valueOf(groupId), entityRolesElement, true);
117 }
118
119 protected void importInheritedPermissions(
120 LayoutCache layoutCache, long companyId, String resourceName,
121 String resourcePrimKey, Element permissionsElement,
122 String entityName, boolean portletActions)
123 throws Exception {
124
125 Element entityPermissionsElement = permissionsElement.element(
126 entityName + "-permissions");
127
128 if (entityPermissionsElement == null) {
129 return;
130 }
131
132 List<Element> actionsElements = entityPermissionsElement.elements(
133 entityName + "-actions");
134
135 for (int i = 0; i < actionsElements.size(); i++) {
136 Element actionElement = actionsElements.get(i);
137
138 String name = actionElement.attributeValue("name");
139
140 long entityGroupId = layoutCache.getEntityGroupId(
141 companyId, entityName, name);
142
143 if (entityGroupId == 0) {
144 _log.warn(
145 "Ignore inherited permissions for entity " + entityName +
146 " with name " + name);
147 }
148 else {
149 Element parentElement = SAXReaderUtil.createElement("parent");
150
151 parentElement.add(actionElement.createCopy());
152
153 importGroupPermissions(
154 layoutCache, companyId, entityGroupId, resourceName,
155 resourcePrimKey, parentElement, entityName + "-actions",
156 portletActions);
157 }
158 }
159 }
160
161 protected void importInheritedRoles(
162 LayoutCache layoutCache, long companyId, long groupId,
163 String resourceName, String entityName, Element parentElement)
164 throws Exception {
165
166 Element entityRolesElement = parentElement.element(
167 entityName + "-roles");
168
169 if (entityRolesElement == null) {
170 return;
171 }
172
173 List<Element> entityElements = entityRolesElement.elements(entityName);
174
175 for (Element entityElement : entityElements) {
176 String name = entityElement.attributeValue("name");
177
178 long entityGroupId = layoutCache.getEntityGroupId(
179 companyId, entityName, name);
180
181 if (entityGroupId == 0) {
182 _log.warn(
183 "Ignore inherited roles for entity " + entityName +
184 " with name " + name);
185 }
186 else {
187 importRolePermissions(
188 layoutCache, companyId, resourceName,
189 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
190 entityElement, false);
191 }
192 }
193 }
194
195 protected void importLayoutPermissions(
196 LayoutCache layoutCache, long companyId, long groupId, long userId,
197 Layout layout, Element layoutElement, Element parentElement,
198 boolean importUserPermissions)
199 throws Exception {
200
201 Element permissionsElement = layoutElement.element("permissions");
202
203 if (permissionsElement != null) {
204 String resourceName = Layout.class.getName();
205 String resourcePrimKey = String.valueOf(layout.getPlid());
206
207 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
208 importPermissions_5(
209 layoutCache, companyId, groupId, userId, layout,
210 resourceName, resourcePrimKey, permissionsElement, false);
211 }
212 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
213 importPermissions_6(
214 layoutCache, companyId, groupId, userId, layout,
215 resourceName, resourcePrimKey, permissionsElement, false);
216 }
217 else {
218 Group guestGroup = GroupLocalServiceUtil.getGroup(
219 companyId, GroupConstants.GUEST);
220
221 importLayoutPermissions_1to4(
222 layoutCache, companyId, groupId, guestGroup, layout,
223 resourceName, resourcePrimKey, permissionsElement,
224 importUserPermissions);
225 }
226 }
227
228 Element rolesElement = parentElement.element("roles");
229
230 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
231 (rolesElement != null)) {
232
233 importLayoutRoles(layoutCache, companyId, groupId, rolesElement);
234 }
235 }
236
237 protected void importLayoutPermissions_1to4(
238 LayoutCache layoutCache, long companyId, long groupId,
239 Group guestGroup, Layout layout, String resourceName,
240 String resourcePrimKey, Element permissionsElement,
241 boolean importUserPermissions)
242 throws Exception {
243
244 importGroupPermissions(
245 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
246 permissionsElement, "community-actions", false);
247
248 if (groupId != guestGroup.getGroupId()) {
249 importGroupPermissions(
250 layoutCache, companyId, guestGroup.getGroupId(), resourceName,
251 resourcePrimKey, permissionsElement, "guest-actions", false);
252 }
253
254 if (importUserPermissions) {
255 importUserPermissions(
256 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
257 permissionsElement, false);
258 }
259
260 importInheritedPermissions(
261 layoutCache, companyId, resourceName, resourcePrimKey,
262 permissionsElement, "organization", false);
263
264 importInheritedPermissions(
265 layoutCache, companyId, resourceName, resourcePrimKey,
266 permissionsElement, "user-group", false);
267 }
268
269 protected void importLayoutRoles(
270 LayoutCache layoutCache, long companyId, long groupId,
271 Element rolesElement)
272 throws Exception {
273
274 String resourceName = Layout.class.getName();
275
276 importGroupRoles(
277 layoutCache, companyId, groupId, resourceName, "community",
278 rolesElement);
279
280 importUserRoles(
281 layoutCache, companyId, groupId, resourceName, rolesElement);
282
283 importInheritedRoles(
284 layoutCache, companyId, groupId, resourceName, "organization",
285 rolesElement);
286
287 importInheritedRoles(
288 layoutCache, companyId, groupId, resourceName, "user-group",
289 rolesElement);
290 }
291
292 protected void importPermissions_5(
293 LayoutCache layoutCache, long companyId, long groupId, long userId,
294 Layout layout, String resourceName, String resourcePrimKey,
295 Element permissionsElement, boolean portletActions)
296 throws Exception {
297
298 Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
299
300 List<Element> roleElements = permissionsElement.elements("role");
301
302 for (Element roleElement : roleElements) {
303 String name = roleElement.attributeValue("name");
304
305 Role role = null;
306
307 if (name.startsWith(PermissionExporter.ROLE_TEAM_PREFIX)) {
308 name = name.substring(
309 PermissionExporter.ROLE_TEAM_PREFIX.length());
310
311 String description = roleElement.attributeValue("description");
312
313 Team team = null;
314
315 try {
316 team = TeamLocalServiceUtil.getTeam(groupId, name);
317 }
318 catch (NoSuchTeamException nste) {
319 team = TeamLocalServiceUtil.addTeam(
320 userId, groupId, name, description);
321 }
322
323 role = RoleLocalServiceUtil.getTeamRole(
324 companyId, team.getTeamId());
325 }
326 else {
327 role = layoutCache.getRole(companyId, name);
328 }
329
330 if (role == null) {
331 String title = roleElement.attributeValue("title");
332
333 Map<Locale, String> titleMap =
334 LocalizationUtil.getLocalizationMap(title);
335
336 String description = roleElement.attributeValue("description");
337
338 Map<Locale, String> descriptionMap =
339 LocalizationUtil.getLocalizationMap(description);
340
341 int type = Integer.valueOf(roleElement.attributeValue("type"));
342 String subType = roleElement.attributeValue("subType");
343
344 role = RoleLocalServiceUtil.addRole(
345 userId, null, 0, name, titleMap, descriptionMap, type,
346 subType);
347 }
348
349 String roleName = role.getName();
350
351 if (!layout.isPrivateLayout() ||
352 !roleName.equals(RoleConstants.GUEST)) {
353
354 List<String> actions = getActions(roleElement);
355
356 roleIdsToActionIds.put(
357 role.getRoleId(),
358 actions.toArray(new String[actions.size()]));
359 }
360 }
361
362 if (roleIdsToActionIds.isEmpty()) {
363 return;
364 }
365
366 PermissionLocalServiceUtil.setRolesPermissions(
367 companyId, roleIdsToActionIds, resourceName,
368 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey);
369 }
370
371 protected void importPermissions_6(
372 LayoutCache layoutCache, long companyId, long groupId, long userId,
373 Layout layout, String resourceName, String resourcePrimKey,
374 Element permissionsElement, boolean portletActions)
375 throws Exception {
376
377 Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
378
379 List<Element> roleElements = permissionsElement.elements("role");
380
381 for (Element roleElement : roleElements) {
382 String name = roleElement.attributeValue("name");
383
384 Role role = null;
385
386 if (name.startsWith(PermissionExporter.ROLE_TEAM_PREFIX)) {
387 name = name.substring(
388 PermissionExporter.ROLE_TEAM_PREFIX.length());
389
390 String description = roleElement.attributeValue("description");
391
392 Team team = null;
393
394 try {
395 team = TeamLocalServiceUtil.getTeam(groupId, name);
396 }
397 catch (NoSuchTeamException nste) {
398 team = TeamLocalServiceUtil.addTeam(
399 userId, groupId, name, description);
400 }
401
402 role = RoleLocalServiceUtil.getTeamRole(
403 companyId, team.getTeamId());
404 }
405 else {
406 role = layoutCache.getRole(companyId, name);
407 }
408
409 if (role == null) {
410 String title = roleElement.attributeValue("title");
411
412 Map<Locale, String> titleMap =
413 LocalizationUtil.getLocalizationMap(title);
414
415 String description = roleElement.attributeValue("description");
416
417 Map<Locale, String> descriptionMap =
418 LocalizationUtil.getLocalizationMap(description);
419
420 int type = GetterUtil.getInteger(
421 roleElement.attributeValue("type"));
422 String subType = roleElement.attributeValue("subType");
423
424 role = RoleLocalServiceUtil.addRole(
425 userId, null, 0, name, titleMap, descriptionMap, type,
426 subType);
427 }
428
429 String roleName = role.getName();
430
431 if (!layout.isPrivateLayout() ||
432 !roleName.equals(RoleConstants.GUEST)) {
433
434 List<String> actions = getActions(roleElement);
435
436 roleIdsToActionIds.put(
437 role.getRoleId(),
438 actions.toArray(new String[actions.size()]));
439 }
440 }
441
442 if (roleIdsToActionIds.isEmpty()) {
443 return;
444 }
445
446 ResourcePermissionLocalServiceUtil.setResourcePermissions(
447 companyId, resourceName, ResourceConstants.SCOPE_INDIVIDUAL,
448 resourcePrimKey, roleIdsToActionIds);
449 }
450
451 protected void importPortletPermissions(
452 LayoutCache layoutCache, long companyId, long groupId, long userId,
453 Layout layout, Element portletElement, String portletId,
454 boolean importUserPermissions)
455 throws Exception {
456
457 Element permissionsElement = portletElement.element("permissions");
458
459 if (permissionsElement != null) {
460 String resourceName = PortletConstants.getRootPortletId(portletId);
461
462 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
463 layout.getPlid(), portletId);
464
465 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
466 importPermissions_5(
467 layoutCache, companyId, groupId, userId, layout,
468 resourceName, resourcePrimKey, permissionsElement, true);
469 }
470 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
471 importPermissions_6(
472 layoutCache, companyId, groupId, userId, layout,
473 resourceName, resourcePrimKey, permissionsElement, true);
474 }
475 else {
476 Group guestGroup = GroupLocalServiceUtil.getGroup(
477 companyId, GroupConstants.GUEST);
478
479 importPortletPermissions_1to4(
480 layoutCache, companyId, groupId, guestGroup, layout,
481 permissionsElement, importUserPermissions);
482 }
483 }
484
485 Element rolesElement = portletElement.element("roles");
486
487 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
488 (rolesElement != null)) {
489
490 importPortletRoles(layoutCache, companyId, groupId, portletElement);
491 importPortletRoles(
492 layoutCache, companyId, groupId, portletId, rolesElement);
493 }
494 }
495
496 protected void importPortletPermissions_1to4(
497 LayoutCache layoutCache, long companyId, long groupId,
498 Group guestGroup, Layout layout, Element permissionsElement,
499 boolean importUserPermissions)
500 throws Exception {
501
502 List<Element> portletElements = permissionsElement.elements("portlet");
503
504 for (Element portletElement : portletElements) {
505 String portletId = portletElement.attributeValue("portlet-id");
506
507 String resourceName = PortletConstants.getRootPortletId(portletId);
508 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
509 layout.getPlid(), portletId);
510
511 Portlet portlet = PortletLocalServiceUtil.getPortletById(
512 companyId, resourceName);
513
514 if (portlet == null) {
515 if (_log.isDebugEnabled()) {
516 _log.debug(
517 "Do not import portlet permissions for " + portletId +
518 " because the portlet does not exist");
519 }
520 }
521 else {
522 importGroupPermissions(
523 layoutCache, companyId, groupId, resourceName,
524 resourcePrimKey, portletElement, "community-actions", true);
525
526 if (groupId != guestGroup.getGroupId()) {
527 importGroupPermissions(
528 layoutCache, companyId, guestGroup.getGroupId(),
529 resourceName, resourcePrimKey, portletElement,
530 "guest-actions", true);
531 }
532
533 if (importUserPermissions) {
534 importUserPermissions(
535 layoutCache, companyId, groupId, resourceName,
536 resourcePrimKey, portletElement, true);
537 }
538
539 importInheritedPermissions(
540 layoutCache, companyId, resourceName, resourcePrimKey,
541 portletElement, "organization", true);
542
543 importInheritedPermissions(
544 layoutCache, companyId, resourceName, resourcePrimKey,
545 portletElement, "user-group", true);
546 }
547 }
548 }
549
550 protected void importPortletRoles(
551 LayoutCache layoutCache, long companyId, long groupId,
552 Element rolesElement)
553 throws Exception {
554
555 List<Element> portletElements = rolesElement.elements("portlet");
556
557 for (Element portletElement : portletElements) {
558 String portletId = portletElement.attributeValue("portlet-id");
559
560 String resourceName = PortletConstants.getRootPortletId(portletId);
561
562 Portlet portlet = PortletLocalServiceUtil.getPortletById(
563 companyId, resourceName);
564
565 if (portlet == null) {
566 if (_log.isDebugEnabled()) {
567 _log.debug(
568 "Do not import portlet roles for " + portletId +
569 " because the portlet does not exist");
570 }
571 }
572 else {
573 importGroupRoles(
574 layoutCache, companyId, groupId, resourceName, "community",
575 portletElement);
576
577 importUserRoles(
578 layoutCache, companyId, groupId, resourceName,
579 portletElement);
580
581 importInheritedRoles(
582 layoutCache, companyId, groupId, resourceName,
583 "organization", portletElement);
584
585 importInheritedRoles(
586 layoutCache, companyId, groupId, resourceName, "user-group",
587 portletElement);
588 }
589 }
590 }
591
592 protected void importPortletRoles(
593 LayoutCache layoutCache, long companyId, long groupId,
594 String portletId, Element rolesElement)
595 throws Exception {
596
597 String resourceName = PortletConstants.getRootPortletId(portletId);
598
599 Portlet portlet = PortletLocalServiceUtil.getPortletById(
600 companyId, resourceName);
601
602 if (portlet == null) {
603 if (_log.isDebugEnabled()) {
604 _log.debug(
605 "Do not import portlet roles for " + portletId +
606 " because the portlet does not exist");
607 }
608 }
609 else {
610 importGroupRoles(
611 layoutCache, companyId, groupId, resourceName, "community",
612 rolesElement);
613
614 importUserRoles(
615 layoutCache, companyId, groupId, resourceName, rolesElement);
616
617 importInheritedRoles(
618 layoutCache, companyId, groupId, resourceName, "organization",
619 rolesElement);
620
621 importInheritedRoles(
622 layoutCache, companyId, groupId, resourceName, "user-group",
623 rolesElement);
624 }
625 }
626
627 protected void importRolePermissions(
628 LayoutCache layoutCache, long companyId, String resourceName,
629 int scope, String resourcePrimKey, Element parentElement,
630 boolean communityRole)
631 throws Exception {
632
633 List<Element> roleElements = parentElement.elements("role");
634
635 for (Element roleElement : roleElements) {
636 String roleName = roleElement.attributeValue("name");
637
638 Role role = layoutCache.getRole(companyId, roleName);
639
640 if (role == null) {
641 _log.warn(
642 "Ignoring permissions for role with name " + roleName);
643 }
644 else {
645 List<String> actions = getActions(roleElement);
646
647 PermissionLocalServiceUtil.setRolePermissions(
648 role.getRoleId(), companyId, resourceName, scope,
649 resourcePrimKey,
650 actions.toArray(new String[actions.size()]));
651
652 if (communityRole) {
653 long[] groupIds = {GetterUtil.getLong(resourcePrimKey)};
654
655 GroupLocalServiceUtil.addRoleGroups(
656 role.getRoleId(), groupIds);
657 }
658 }
659 }
660 }
661
662 protected void importUserPermissions(
663 LayoutCache layoutCache, long companyId, long groupId,
664 String resourceName, String resourcePrimKey, Element parentElement,
665 boolean portletActions)
666 throws Exception {
667
668 Element userPermissionsElement = parentElement.element(
669 "user-permissions");
670
671 if (userPermissionsElement == null) {
672 return;
673 }
674
675 List<Element> userActionsElements = userPermissionsElement.elements(
676 "user-actions");
677
678 for (Element userActionsElement : userActionsElements) {
679 String uuid = userActionsElement.attributeValue("uuid");
680
681 User user = layoutCache.getUser(companyId, groupId, uuid);
682
683 if (user == null) {
684 if (_log.isWarnEnabled()) {
685 _log.warn(
686 "Ignoring permissions for user with uuid " + uuid);
687 }
688 }
689 else {
690 List<String> actions = getActions(userActionsElement);
691
692 Resource resource = layoutCache.getResource(
693 companyId, groupId, resourceName,
694 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
695 portletActions);
696
697 PermissionLocalServiceUtil.setUserPermissions(
698 user.getUserId(),
699 actions.toArray(new String[actions.size()]),
700 resource.getResourceId());
701 }
702 }
703 }
704
705 protected void importUserRoles(
706 LayoutCache layoutCache, long companyId, long groupId,
707 String resourceName, Element parentElement)
708 throws Exception {
709
710 Element userRolesElement = parentElement.element("user-roles");
711
712 if (userRolesElement == null) {
713 return;
714 }
715
716 List<Element> userElements = userRolesElement.elements("user");
717
718 for (Element userElement : userElements) {
719 String uuid = userElement.attributeValue("uuid");
720
721 User user = layoutCache.getUser(companyId, groupId, uuid);
722
723 if (user == null) {
724 if (_log.isWarnEnabled()) {
725 _log.warn("Ignoring roles for user with uuid " + uuid);
726 }
727 }
728 else {
729 importRolePermissions(
730 layoutCache, companyId, resourceName,
731 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
732 userElement, false);
733 }
734 }
735 }
736
737 protected void readPortletDataPermissions(
738 PortletDataContext portletDataContext)
739 throws Exception {
740
741 String xml = portletDataContext.getZipEntryAsString(
742 portletDataContext.getSourceRootPath() +
743 "/portlet-data-permissions.xml");
744
745 if (xml == null) {
746 return;
747 }
748
749 Document document = SAXReaderUtil.read(xml);
750
751 Element rootElement = document.getRootElement();
752
753 List<Element> portletDataElements = rootElement.elements(
754 "portlet-data");
755
756 for (Element portletDataElement : portletDataElements) {
757 String resourceName = portletDataElement.attributeValue(
758 "resource-name");
759 long resourcePK = GetterUtil.getLong(
760 portletDataElement.attributeValue("resource-pk"));
761
762 List<KeyValuePair> permissions = new ArrayList<KeyValuePair>();
763
764 List<Element> permissionsElements = portletDataElement.elements(
765 "permissions");
766
767 for (Element permissionsElement : permissionsElements) {
768 String roleName = permissionsElement.attributeValue(
769 "role-name");
770 String actions = permissionsElement.attributeValue("actions");
771
772 KeyValuePair permission = new KeyValuePair(roleName, actions);
773
774 permissions.add(permission);
775 }
776
777 portletDataContext.addPermissions(
778 resourceName, resourcePK, permissions);
779 }
780 }
781
782 private static Log _log = LogFactoryUtil.getLog(PermissionImporter.class);
783
784 }