001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.upgrade.v6_1_0;
016    
017    import com.liferay.portal.kernel.dao.jdbc.DataAccess;
018    import com.liferay.portal.kernel.upgrade.UpgradeProcess;
019    import com.liferay.portal.kernel.util.ArrayUtil;
020    import com.liferay.portal.kernel.util.StringBundler;
021    import com.liferay.portal.model.GroupConstants;
022    import com.liferay.portal.model.ResourceConstants;
023    import com.liferay.portal.model.ResourcePermission;
024    import com.liferay.portal.security.permission.ActionKeys;
025    import com.liferay.portal.util.PortalInstances;
026    import com.liferay.portal.util.PortletKeys;
027    import com.liferay.portal.util.PropsValues;
028    
029    import java.sql.Connection;
030    import java.sql.PreparedStatement;
031    import java.sql.ResultSet;
032    
033    import java.util.ArrayList;
034    import java.util.List;
035    
036    /**
037     * @author Juan Fern??ndez
038     */
039    public class UpgradeAdminPortlets extends UpgradeProcess {
040    
041            protected void addResource(long resourceId, long codeId, String primKey)
042                    throws Exception {
043    
044                    Connection con = null;
045                    PreparedStatement ps = null;
046    
047                    try {
048                            con = DataAccess.getUpgradeOptimizedConnection();
049    
050                            ps = con.prepareStatement(
051                                    "insert into Resource_ (resourceId, codeId, primKey) values " +
052                                            "(?, ?, ?)");
053    
054                            ps.setLong(1, resourceId);
055                            ps.setLong(2, codeId);
056                            ps.setString(3, primKey);
057    
058                            ps.executeUpdate();
059                    }
060                    finally {
061                            DataAccess.cleanUp(con, ps);
062                    }
063            }
064    
065            protected long[] addResourceIds(long companyId, String name)
066                    throws Exception {
067    
068                    long[] resourceIds = new long[2];
069    
070                    // Company scope
071    
072                    long codeId = increment();
073    
074                    runSQL(
075                            "insert into ResourceCode (codeId, companyId, name, scope) values" +
076                                    " (" + codeId + ", " + companyId + ", '" + name + "', " +
077                                            ResourceConstants.SCOPE_COMPANY + ")");
078    
079                    long resourceId = increment();
080    
081                    addResource(resourceId, codeId, String.valueOf(companyId));
082    
083                    resourceIds[0] = resourceId;
084    
085                    // Individual scope
086    
087                    codeId = increment();
088    
089                    runSQL(
090                            "insert into ResourceCode (codeId, companyId, name, scope) values" +
091                                    " (" + codeId + ", " + companyId + ", '" + name + "', " +
092                                            ResourceConstants.SCOPE_INDIVIDUAL + ")");
093    
094                    resourceId = increment();
095    
096                    long controlPanelGroupId = getControlPanelGroupId();
097    
098                    addResource(resourceId, codeId, String.valueOf(controlPanelGroupId));
099    
100                    resourceIds[1] = resourceId;
101    
102                    return resourceIds;
103            }
104    
105            protected void addResourcePermission(
106                            long resourcePermissionId, long companyId, String name, int scope,
107                            String primKey, long roleId, long actionIds)
108                    throws Exception {
109    
110                    Connection con = null;
111                    PreparedStatement ps = null;
112    
113                    try {
114                            con = DataAccess.getUpgradeOptimizedConnection();
115    
116                            ps = con.prepareStatement(
117                                    "insert into ResourcePermission (resourcePermissionId, " +
118                                            "companyId, name, scope, primKey, roleId, actionIds) " +
119                                                    "values (?, ?, ?, ?, ?, ?, ?)");
120    
121                            ps.setLong(1, resourcePermissionId);
122                            ps.setLong(2, companyId);
123                            ps.setString(3, name);
124                            ps.setInt(4, scope);
125                            ps.setString(5, primKey);
126                            ps.setLong(6, roleId);
127                            ps.setLong(7, actionIds);
128    
129                            ps.executeUpdate();
130                    }
131                    finally {
132                            DataAccess.cleanUp(con, ps);
133                    }
134            }
135    
136            @Override
137            protected void doUpgrade() throws Exception {
138                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
139                            updateAccessInControlPanelPermission_5(
140                                    PortletKeys.BLOGS, PortletKeys.BLOGS_ADMIN);
141    
142                            updateAccessInControlPanelPermission_5(
143                                    PortletKeys.MESSAGE_BOARDS, PortletKeys.MESSAGE_BOARDS_ADMIN);
144                    }
145                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
146                            updateAccessInControlPanelPermission_6(
147                                    PortletKeys.BLOGS, PortletKeys.BLOGS_ADMIN);
148    
149                            updateAccessInControlPanelPermission_6(
150                                    PortletKeys.MESSAGE_BOARDS, PortletKeys.MESSAGE_BOARDS_ADMIN);
151                    }
152            }
153    
154            protected long getBitwiseValue(String name, String actionId)
155                    throws Exception {
156    
157                    Connection con = null;
158                    PreparedStatement ps = null;
159                    ResultSet rs = null;
160    
161                    try {
162                            con = DataAccess.getUpgradeOptimizedConnection();
163    
164                            ps = con.prepareStatement(
165                                    "select bitwiseValue from ResourceAction where name = ? and " +
166                                            "actionId = ?");
167    
168                            ps.setString(1, name);
169                            ps.setString(2, actionId);
170    
171                            rs = ps.executeQuery();
172    
173                            if (rs.next()) {
174                                    return rs.getLong("bitwiseValue");
175                            }
176    
177                            return 0;
178                    }
179                    finally {
180                            DataAccess.cleanUp(con, ps, rs);
181                    }
182            }
183    
184            protected long getControlPanelGroupId() throws Exception {
185                    Connection con = null;
186                    PreparedStatement ps = null;
187                    ResultSet rs = null;
188    
189                    try {
190                            con = DataAccess.getUpgradeOptimizedConnection();
191    
192                            ps = con.prepareStatement(
193                                    "select groupId from Group_ where name = '" +
194                                            GroupConstants.CONTROL_PANEL + "'");
195    
196                            rs = ps.executeQuery();
197    
198                            if (rs.next()) {
199                                    return rs.getLong("groupId");
200                            }
201    
202                            return 0;
203                    }
204                    finally {
205                            DataAccess.cleanUp(con, ps, rs);
206                    }
207            }
208    
209            protected long[] getOldResourceIds(String name) throws Exception {
210                    Connection con = null;
211                    PreparedStatement ps = null;
212                    ResultSet rs = null;
213    
214                    try {
215                            con = DataAccess.getUpgradeOptimizedConnection();
216    
217                            StringBundler sb = new StringBundler(8);
218    
219                            sb.append("select Permission_.resourceId from Permission_ ");
220                            sb.append("inner join Resource_ on Permission_.resourceId = ");
221                            sb.append("Resource_.resourceId and Permission_.actionId = ");
222                            sb.append("'ACCESS_IN_CONTROL_PANEL' inner join ResourceCode on ");
223                            sb.append("ResourceCode.codeId = Resource_.codeId and ");
224                            sb.append("ResourceCode.name = '");
225                            sb.append(name);
226                            sb.append("'");
227    
228                            String sql = sb.toString();
229    
230                            ps = con.prepareStatement(sql);
231    
232                            rs = ps.executeQuery();
233    
234                            List<Long> resourceIds = new ArrayList<Long>();
235    
236                            while (rs.next()) {
237                                    long resourceId = rs.getLong("resourceId");
238    
239                                    resourceIds.add(resourceId);
240                            }
241    
242                            return ArrayUtil.toArray(
243                                    resourceIds.toArray(new Long[resourceIds.size()]));
244                    }
245                    finally {
246                            DataAccess.cleanUp(con, ps, rs);
247                    }
248            }
249    
250            protected void updateAccessInControlPanelPermission_5(
251                            String portletFrom, String portletTo)
252                    throws Exception {
253    
254                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
255    
256                    if (companyIds.length == 0) {
257                            return;
258                    }
259    
260                    for (long companyId : companyIds) {
261                            long[] newResourceIds = addResourceIds(companyId, portletTo);
262                            long[] oldResourceIds = getOldResourceIds(portletFrom);
263    
264                            updatePermission(oldResourceIds, newResourceIds);
265                    }
266            }
267    
268            protected void updateAccessInControlPanelPermission_6(
269                            String portletFrom, String portletTo)
270                    throws Exception {
271    
272                    long bitwiseValue = getBitwiseValue(
273                            portletFrom, ActionKeys.ACCESS_IN_CONTROL_PANEL);
274    
275                    Connection con = null;
276                    PreparedStatement ps = null;
277                    ResultSet rs = null;
278    
279                    try {
280                            con = DataAccess.getUpgradeOptimizedConnection();
281    
282                            ps = con.prepareStatement(
283                                    "select * from ResourcePermission where name = ?");
284    
285                            ps.setString(1, portletFrom);
286    
287                            rs = ps.executeQuery();
288    
289                            while (rs.next()) {
290                                    long resourcePermissionId = rs.getLong("resourcePermissionId");
291                                    long actionIds = rs.getLong("actionIds");
292    
293                                    if ((actionIds & bitwiseValue) != 0) {
294                                            actionIds = actionIds & (~bitwiseValue);
295    
296                                            runSQL(
297                                                    "update ResourcePermission set actionIds = " +
298                                                            actionIds + " where resourcePermissionId = " +
299                                                                    resourcePermissionId);
300    
301                                            resourcePermissionId = increment(
302                                                    ResourcePermission.class.getName());
303    
304                                            long companyId = rs.getLong("companyId");
305                                            int scope = rs.getInt("scope");
306                                            String primKey = rs.getString("primKey");
307                                            long roleId = rs.getLong("roleId");
308    
309                                            actionIds = rs.getLong("actionIds");
310    
311                                            actionIds |= bitwiseValue;
312    
313                                            addResourcePermission(
314                                                    resourcePermissionId, companyId, portletTo, scope,
315                                                    primKey, roleId, actionIds);
316                                    }
317                            }
318                    }
319                    finally {
320                            DataAccess.cleanUp(con, ps, rs);
321                    }
322            }
323    
324            protected void updatePermission(
325                            long[] oldResourceIds, long[] newResourceIds)
326                    throws Exception {
327    
328                    for (int i = 0; i < newResourceIds.length; i++) {
329                            try {
330                                    long newResourceId = newResourceIds[i];
331                                    long oldResourceId = oldResourceIds[i];
332    
333                                    runSQL(
334                                            "update Permission_ set resourceId = " + newResourceId +
335                                                    " where actionId = 'ACCESS_IN_CONTROL_PANEL' and " +
336                                                            "resourceId = " + oldResourceId);
337                            }
338                            catch (ArrayIndexOutOfBoundsException aioobe) {
339                                    return;
340                            }
341                    }
342            }
343    
344    }