001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchPermissionException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.search.SearchEngineUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.OrgGroupPermission;
029    import com.liferay.portal.model.Organization;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.Resource;
032    import com.liferay.portal.model.ResourceCode;
033    import com.liferay.portal.model.ResourceConstants;
034    import com.liferay.portal.model.Role;
035    import com.liferay.portal.model.RoleConstants;
036    import com.liferay.portal.model.User;
037    import com.liferay.portal.model.UserGroup;
038    import com.liferay.portal.security.permission.PermissionCacheUtil;
039    import com.liferay.portal.security.permission.PermissionCheckerBag;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.ResourceActionsUtil;
042    import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043    import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044    import com.liferay.portal.util.PortalUtil;
045    import com.liferay.portal.util.PropsValues;
046    import com.liferay.portal.util.comparator.PermissionComparator;
047    
048    import java.util.ArrayList;
049    import java.util.HashSet;
050    import java.util.Iterator;
051    import java.util.List;
052    import java.util.Map;
053    import java.util.Set;
054    
055    import org.apache.commons.lang.time.StopWatch;
056    
057    /**
058     * The implementation of the permission local service.
059     *
060     * @author Charles May
061     * @author Brian Wing Shun Chan
062     * @author Raymond Aug??
063     */
064    public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
065    
066            /**
067             * Adds a permission to perform the action on the resource.
068             *
069             * <p>
070             * This method will retrieve the permission of the company, action, and
071             * resource with the primary keys. The method creates the permission if it
072             * fails to retrieve it.
073             * </p>
074             *
075             * @param  companyId the primary key of the company
076             * @param  actionId the action's ID
077             * @param  resourceId the primary key of the resource
078             * @return the permission of the company, action, and resource with the
079             *         primary keys
080             * @throws SystemException if a system exception occurred
081             */
082            @Override
083            public Permission addPermission(
084                            long companyId, String actionId, long resourceId)
085                    throws SystemException {
086    
087                    Permission permission = permissionPersistence.fetchByA_R(
088                            actionId, resourceId);
089    
090                    if (permission == null) {
091                            long permissionId = counterLocalService.increment(
092                                    Permission.class.getName());
093    
094                            permission = permissionPersistence.create(permissionId);
095    
096                            permission.setCompanyId(companyId);
097                            permission.setActionId(actionId);
098                            permission.setResourceId(resourceId);
099    
100                            permissionPersistence.update(permission, false);
101                    }
102    
103                    return permission;
104            }
105    
106            /**
107             * Adds permissions to perform the actions on the resource.
108             *
109             * <p>
110             * This method will retrieve the permissions of the company, actions, and
111             * resource with the primary keys. The method creates any permissions it
112             * fails to retrieve.
113             * </p>
114             *
115             * @param  companyId the primary key of the company
116             * @param  actionIds the primary keys of the actions
117             * @param  resourceId the primary key of the resource
118             * @return the permissions to perform the actions on the resource
119             * @throws SystemException if a system exception occurred
120             */
121            @Override
122            public List<Permission> addPermissions(
123                            long companyId, List<String> actionIds, long resourceId)
124                    throws SystemException {
125    
126                    List<Permission> permissions = permissionPersistence.findByResourceId(
127                            resourceId);
128    
129                    permissions = ListUtil.copy(permissions);
130    
131                    Set<String> actionIdsSet = new HashSet<String>();
132    
133                    for (Permission permission : permissions) {
134                            actionIdsSet.add(permission.getActionId());
135                    }
136    
137                    for (String actionId : actionIds) {
138                            if (actionIdsSet.contains(actionId)) {
139                                    continue;
140                            }
141    
142                            long permissionId = counterLocalService.increment(
143                                    Permission.class.getName());
144    
145                            Permission permission = permissionPersistence.create(permissionId);
146    
147                            permission.setCompanyId(companyId);
148                            permission.setActionId(actionId);
149                            permission.setResourceId(resourceId);
150    
151                            try {
152                                    permissionPersistence.update(permission, false);
153                            }
154                            catch (SystemException se) {
155                                    if (_log.isWarnEnabled()) {
156                                            _log.warn(
157                                                    "Add failed, fetch {actionId=" + actionId +
158                                                            ", resourceId=" + resourceId + "}");
159                                    }
160    
161                                    permission = permissionPersistence.fetchByA_R(
162                                            actionId, resourceId, false);
163    
164                                    if (permission == null) {
165                                            throw se;
166                                    }
167                            }
168    
169                            permissions.add(permission);
170                    }
171    
172                    return permissions;
173            }
174    
175            /**
176             * Adds permissions to perform either the portlet resource actions or model
177             * resource actions on the resource.
178             *
179             * <p>
180             * This method will retrieve the permissions of the company, actions, and
181             * resource with the primary keys. The method creates any permissions it
182             * fails to retrieve.
183             * </p>
184             *
185             * @param  companyId the primary key of the company
186             * @param  name the resource name
187             * @param  resourceId the primary key of the resource
188             * @param  portletActions whether to retrieve the action primary keys from
189             *         the portlet or the model resource
190             * @return the permissions to perform the actions on the resource
191             * @throws SystemException if a system exception occurred
192             */
193            @Override
194            public List<Permission> addPermissions(
195                            long companyId, String name, long resourceId,
196                            boolean portletActions)
197                    throws SystemException {
198    
199                    List<String> actionIds = null;
200    
201                    if (portletActions) {
202                            actionIds = ResourceActionsUtil.getPortletResourceActions(name);
203                    }
204                    else {
205                            actionIds = ResourceActionsUtil.getModelResourceActions(name);
206                    }
207    
208                    return addPermissions(companyId, actionIds, resourceId);
209            }
210    
211            /**
212             * Adds user permissions to perform the actions on the resource.
213             *
214             * @param  userId the primary key of the user
215             * @param  actionIds the primary keys of the actions
216             * @param  resourceId the primary key of the resource
217             * @throws PortalException if a user with the primary key could not be found
218             * @throws SystemException if a system exception occurred
219             */
220            @Override
221            public void addUserPermissions(
222                            long userId, String[] actionIds, long resourceId)
223                    throws PortalException, SystemException {
224    
225                    User user = userPersistence.findByPrimaryKey(userId);
226    
227                    List<Permission> permissions = permissionFinder.findByU_R(
228                            userId, resourceId);
229    
230                    permissions = getPermissions(
231                            user.getCompanyId(), actionIds, resourceId);
232    
233                    userPersistence.addPermissions(userId, permissions);
234    
235                    PermissionCacheUtil.clearCache();
236            }
237    
238            /**
239             * Checks to see if the actions are permitted on the named resource.
240             *
241             * @param  name the resource name
242             * @param  actionIds the primary keys of the actions
243             * @throws PortalException if the resource company or name could not be
244             *         found or were invalid
245             * @throws SystemException if a system exception occurred
246             */
247            @Override
248            public void checkPermissions(String name, List<String> actionIds)
249                    throws PortalException, SystemException {
250    
251                    List<String> groupDefaultActions =
252                            ResourceActionsUtil.getModelResourceGroupDefaultActions(name);
253                    List<String> guestDefaultActions =
254                            ResourceActionsUtil.getModelResourceGuestDefaultActions(name);
255    
256                    List<Company> companies = companyPersistence.findAll();
257    
258                    for (Company company : companies) {
259                            long companyId = company.getCompanyId();
260    
261                            ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
262                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
263    
264                            if (resourceCode == null) {
265                                    continue;
266                            }
267    
268                            Role guestRole = rolePersistence.fetchByC_N(
269                                    companyId, RoleConstants.GUEST);
270                            Role ownerRole = rolePersistence.fetchByC_N(
271                                    companyId, RoleConstants.OWNER);
272                            Role siteMemberRole = rolePersistence.fetchByC_N(
273                                    companyId, RoleConstants.SITE_MEMBER);
274    
275                            for (String actionId : actionIds) {
276                                    List<Resource> resources = resourceFinder.findByNoActions(
277                                            resourceCode.getCodeId(), actionId);
278    
279                                    List<Permission> permissions = new ArrayList<Permission>(
280                                            resources.size());
281    
282                                    for (Resource resource : resources) {
283                                            long permissionId = counterLocalService.increment(
284                                                    Permission.class.getName());
285    
286                                            Permission permission = permissionPersistence.create(
287                                                    permissionId);
288    
289                                            permission.setCompanyId(companyId);
290                                            permission.setActionId(actionId);
291                                            permission.setResourceId(resource.getResourceId());
292    
293                                            permissionPersistence.update(permission, false);
294    
295                                            permissions.add(permission);
296                                    }
297    
298                                    if ((guestRole != null) &&
299                                            guestDefaultActions.contains(actionId)) {
300    
301                                            rolePersistence.addPermissions(
302                                                    guestRole.getRoleId(), permissions);
303                                    }
304    
305                                    if (ownerRole != null) {
306                                            rolePersistence.addPermissions(
307                                                    ownerRole.getRoleId(), permissions);
308                                    }
309    
310                                    if ((siteMemberRole != null) &&
311                                            groupDefaultActions.contains(actionId)) {
312    
313                                            rolePersistence.addPermissions(
314                                                    siteMemberRole.getRoleId(), permissions);
315                                    }
316    
317                                    for (Resource resource : resources) {
318                                            SearchEngineUtil.updatePermissionFields(
319                                                    resource.getResourceId());
320                                    }
321                            }
322                    }
323    
324                    PermissionCacheUtil.clearCache();
325            }
326    
327            /**
328             * Returns the IDs of all the actions belonging to the permissions.
329             *
330             * @param  permissions the permissions
331             * @return the IDs of all the actions belonging to the permissions
332             */
333            @Override
334            public List<String> getActions(List<Permission> permissions) {
335                    List<String> actionIds = new ArrayList<String>();
336    
337                    Iterator<Permission> itr = permissions.iterator();
338    
339                    while (itr.hasNext()) {
340                            Permission permission = itr.next();
341    
342                            actionIds.add(permission.getActionId());
343                    }
344    
345                    return actionIds;
346            }
347    
348            /**
349             * Returns all the group's permissions on the resource.
350             *
351             * @param  groupId the primary key of the group
352             * @param  resourceId the primary key of the resource
353             * @return the group's permissions on the resource
354             * @throws SystemException if a system exception occurred
355             */
356            @Override
357            public List<Permission> getGroupPermissions(long groupId, long resourceId)
358                    throws SystemException {
359    
360                    return permissionFinder.findByG_R(groupId, resourceId);
361            }
362    
363            /**
364             * Returns all the group's permissions on the named resource with the scope
365             * and primKey.
366             *
367             * @param  groupId the primary key of the group
368             * @param  companyId the primary key of the company
369             * @param  name the resource name
370             * @param  scope the resource scope
371             * @param  primKey the resource primKey
372             * @return the group's permissions on the named resource with the scope and
373             *         primKey
374             * @throws SystemException if a system exception occurred
375             */
376            @Override
377            public List<Permission> getGroupPermissions(
378                            long groupId, long companyId, String name, int scope,
379                            String primKey)
380                    throws SystemException {
381    
382                    return permissionFinder.findByG_C_N_S_P(
383                            groupId, companyId, name, scope, primKey);
384            }
385    
386            /**
387             * Returns the primary key of the latest permission created.
388             *
389             * @return the primary key of the latest permission created
390             * @throws SystemException if a system exception occurred
391             */
392            @Override
393            public long getLatestPermissionId() throws SystemException {
394                    List<Permission> permissions = permissionPersistence.findAll(
395                            0, 1, new PermissionComparator());
396    
397                    if (permissions.size() == 0) {
398                            return 0;
399                    }
400                    else {
401                            Permission permission = permissions.get(0);
402    
403                            return permission.getPermissionId();
404                    }
405            }
406    
407            /**
408             * Returns all the permissions of the organization's group with respect to
409             * the resource.
410             *
411             * @param  organizationId the primary key of the organization
412             * @param  groupId the primary key of the group
413             * @param  resourceId the primary key of the resource
414             * @return the permissions of the organization's group with respect to the
415             *         resource
416             * @throws SystemException if a system exception occurred
417             */
418            @Override
419            public List<Permission> getOrgGroupPermissions(
420                            long organizationId, long groupId, long resourceId)
421                    throws SystemException {
422    
423                    return permissionFinder.findByO_G_R(
424                            organizationId, groupId, resourceId);
425            }
426    
427            /**
428             * Returns all the permissions to perform the actions on the resource,
429             * creating new permissions for any permissions not found.
430             *
431             * @param  companyId the primary key of the company
432             * @param  actionIds the primary keys of the actions
433             * @param  resourceId the primary key of the resource
434             * @return the permissions to perform the actions on the resource
435             * @throws SystemException if a system exception occurred
436             * @see    #addPermission(long, String, long)
437             */
438            @Override
439            public List<Permission> getPermissions(
440                            long companyId, String[] actionIds, long resourceId)
441                    throws SystemException {
442    
443                    List<Permission> permissions = new ArrayList<Permission>();
444    
445                    for (String actionId : actionIds) {
446                            Permission permission = addPermission(
447                                    companyId, actionId, resourceId);
448    
449                            permissions.add(permission);
450                    }
451    
452                    return permissions;
453            }
454    
455            /**
456             * Returns all the role's permissions.
457             *
458             * @param  roleId the primary key of the role
459             * @return the role's permissions
460             * @throws SystemException if a system exception occurred
461             */
462            @Override
463            public List<Permission> getRolePermissions(long roleId)
464                    throws SystemException {
465    
466                    return rolePersistence.getPermissions(roleId);
467            }
468    
469            @Override
470            public List<Permission> getRolePermissions(long roleId, int[] scopes)
471                    throws SystemException {
472    
473                    return permissionFinder.findByR_S(roleId, scopes);
474            }
475    
476            /**
477             * Returns all the role's permissions on the resource.
478             *
479             * @param  roleId the primary key of the role
480             * @param  resourceId the primary key of the resource
481             * @return the role's permissions on the resource
482             * @throws SystemException if a system exception occurred
483             */
484            @Override
485            public List<Permission> getRolePermissions(long roleId, long resourceId)
486                    throws SystemException {
487    
488                    return permissionFinder.findByR_R(roleId, resourceId);
489            }
490    
491            /**
492             * Returns all the user's permissions.
493             *
494             * @param  userId the primary key of the user
495             * @return the user's permissions
496             * @throws SystemException if a system exception occurred
497             */
498            @Override
499            public List<Permission> getUserPermissions(long userId)
500                    throws SystemException {
501    
502                    return userPersistence.getPermissions(userId);
503            }
504    
505            /**
506             * Returns all the user's permissions on the resource.
507             *
508             * @param  userId the primary key of the user
509             * @param  resourceId the primary key of the resource
510             * @return the user's permissions on the resource
511             * @throws SystemException if a system exception occurred
512             */
513            @Override
514            public List<Permission> getUserPermissions(long userId, long resourceId)
515                    throws SystemException {
516    
517                    return permissionFinder.findByU_R(userId, resourceId);
518            }
519    
520            /**
521             * Returns all the user's permissions on the named resource with the scope
522             * and primKey.
523             *
524             * @param  userId the primary key of the user
525             * @param  companyId the primary key of the company
526             * @param  name the resource name
527             * @param  scope the resource scope
528             * @param  primKey the resource primKey
529             * @return the user permissions of the resource name, scope, and primKey
530             * @throws SystemException if a system exception occurred
531             */
532            @Override
533            public List<Permission> getUserPermissions(
534                            long userId, long companyId, String name, int scope, String primKey)
535                    throws SystemException {
536    
537                    return permissionFinder.findByU_C_N_S_P(
538                            userId, companyId, name, scope, primKey);
539            }
540    
541            /**
542             * Returns <code>true</code> if the group has permission to perform the
543             * action on the resource.
544             *
545             * @param  groupId the primary key of the group
546             * @param  actionId the action's ID
547             * @param  resourceId the primary key of the resource
548             * @return <code>true</code> if the group has permission to perform the
549             *         action on the resource; <code>false</code> otherwise
550             * @throws SystemException if a system exception occurred
551             */
552            @Override
553            public boolean hasGroupPermission(
554                            long groupId, String actionId, long resourceId)
555                    throws SystemException {
556    
557                    Permission permission = permissionPersistence.fetchByA_R(
558                            actionId, resourceId);
559    
560                    // Return false if there is no permission based on the given action id
561                    // and resource id
562    
563                    if (permission == null) {
564                            return false;
565                    }
566    
567                    return groupPersistence.containsPermission(
568                            groupId, permission.getPermissionId());
569            }
570    
571            /**
572             * Returns <code>true</code> if the role has permission to perform the
573             * action on the named resource with the scope.
574             *
575             * @param  roleId the primary key of the role
576             * @param  companyId the primary key of the company
577             * @param  name the resource name
578             * @param  scope the resource scope
579             * @param  actionId the action's ID
580             * @return <code>true</code> if the role has permission to perform the
581             *         action on the named resource with the scope; <code>false</code>
582             *         otherwise
583             * @throws SystemException if a system exception occurred
584             */
585            @Override
586            public boolean hasRolePermission(
587                            long roleId, long companyId, String name, int scope,
588                            String actionId)
589                    throws SystemException {
590    
591                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
592                            companyId, name, scope);
593    
594                    if (permissionFinder.countByR_A_C(
595                                    roleId, actionId, resourceCode.getCodeId()) > 0) {
596    
597                            return true;
598                    }
599                    else {
600                            return false;
601                    }
602            }
603    
604            /**
605             * Returns <code>true</code> if the role has permission to perform the
606             * action on the named resource with the scope and primKey.
607             *
608             * @param  roleId the primary key of the role
609             * @param  companyId the primary key of the company
610             * @param  name the resource name
611             * @param  scope the resource scope
612             * @param  primKey the resource primKey
613             * @param  actionId the action's ID
614             * @return <code>true</code> if the role has permission to perform the
615             *         action on the named resource with the scope and primKey;
616             *         <code>false</code> otherwise
617             * @throws SystemException if a system exception occurred
618             */
619            @Override
620            public boolean hasRolePermission(
621                            long roleId, long companyId, String name, int scope, String primKey,
622                            String actionId)
623                    throws SystemException {
624    
625                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
626                            companyId, name, scope);
627    
628                    Resource resource = resourcePersistence.fetchByC_P(
629                            resourceCode.getCodeId(), primKey);
630    
631                    if (resource == null) {
632                            return false;
633                    }
634    
635                    Permission permission = permissionPersistence.fetchByA_R(
636                            actionId, resource.getResourceId());
637    
638                    if (permission == null) {
639                            return false;
640                    }
641    
642                    return rolePersistence.containsPermission(
643                            roleId, permission.getPermissionId());
644            }
645    
646            /**
647             * Returns <code>true</code> if the user has permission to perform the
648             * action on the resource.
649             *
650             * @param  userId the primary key of the user
651             * @param  actionId the action's ID
652             * @param  resourceId the primary key of the resource
653             * @return <code>true</code> if the user has permission to perform the
654             *         action on the resource; <code>false</code> otherwise
655             * @throws SystemException if a system exception occurred
656             */
657            @Override
658            public boolean hasUserPermission(
659                            long userId, String actionId, long resourceId)
660                    throws SystemException {
661    
662                    Permission permission = permissionPersistence.fetchByA_R(
663                            actionId, resourceId);
664    
665                    // Return false if there is no permission based on the given action id
666                    // and resource id
667    
668                    if (permission == null) {
669                            return false;
670                    }
671    
672                    return userPersistence.containsPermission(
673                            userId, permission.getPermissionId());
674            }
675    
676            /**
677             * Returns <code>true</code> if the user has permission to perform the
678             * action on the resources.
679             *
680             * <p>
681             * This method does not support resources managed by the resource block
682             * system.
683             * </p>
684             *
685             * @param  userId the primary key of the user
686             * @param  groupId the primary key of the group containing the resource
687             * @param  resources representations of the resource at each scope level
688             *         returned by {@link
689             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
690             *         long, long, String, String, String)}
691             * @param  actionId the action's ID
692             * @param  permissionCheckerBag the permission checker bag
693             * @return <code>true</code> if the user has permission to perform the
694             *         action on the resources; <code>false</code> otherwise
695             * @throws PortalException if a resource action based on any one of the
696             *         resources and the action ID could not be found
697             * @throws SystemException if a system exception occurred
698             */
699            @Override
700            public boolean hasUserPermissions(
701                            long userId, long groupId, List<Resource> resources,
702                            String actionId, PermissionCheckerBag permissionCheckerBag)
703                    throws PortalException, SystemException {
704    
705                    StopWatch stopWatch = null;
706    
707                    if (_log.isDebugEnabled()) {
708                            stopWatch = new StopWatch();
709    
710                            stopWatch.start();
711                    }
712    
713                    int block = 1;
714    
715                    // Return false if there are no resources
716    
717                    if (Validator.isNull(actionId) || resources.isEmpty()) {
718                            return false;
719                    }
720    
721                    long[] resourceIds = null;
722    
723                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
724                            resourceIds = new long[resources.size()];
725    
726                            for (int i = 0; i < resources.size(); i++) {
727                                    Resource resource = resources.get(i);
728    
729                                    resourceIds[i] = resource.getResourceId();
730                            }
731                    }
732    
733                    List<Permission> permissions = null;
734    
735                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
736                            permissions = permissionFinder.findByA_R(actionId, resourceIds);
737    
738                            // Return false if there are no permissions
739    
740                            if (permissions.size() == 0) {
741                                    return false;
742                            }
743                    }
744    
745                    // Record logs with the first resource id
746    
747                    long resourceId = 0;
748    
749                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
750                            resourceId = resourceIds[0];
751                    }
752                    else {
753                            resourceId = resources.get(0).getResourceId();
754                    }
755    
756                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
757    
758                    //List<Group> userGroups = permissionCheckerBag.getUserGroups();
759                    //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
760                    //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
761                    //List<Group> userUserGroupGroups =
762                    //        permissionCheckerBag.getUserUserGroupGroups();
763                    List<Group> groups = permissionCheckerBag.getGroups();
764                    List<Role> roles = permissionCheckerBag.getRoles();
765    
766                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
767    
768                    // Check the organization and group intersection table. Break out of
769                    // this method if the user has one of the permissions set at the
770                    // intersection because that takes priority.
771    
772                    //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
773                    //        return true;
774                    //}
775    
776                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
777    
778                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
779                            return hasUserPermissions_1(
780                                    userId, resourceId, actionId, permissions, groups, groupId,
781                                    stopWatch, block);
782                    }
783                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
784                            return hasUserPermissions_2(
785                                    userId, resourceId, actionId, permissions, groups, groupId,
786                                    stopWatch, block);
787                    }
788                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
789                            return hasUserPermissions_3(
790                                    userId, resourceId, actionId, permissions, groups, roles,
791                                    stopWatch, block);
792                    }
793                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
794                            return hasUserPermissions_4(
795                                    userId, resourceId, actionId, permissions, groups, roles,
796                                    stopWatch, block);
797                    }
798                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
799                            return hasUserPermissions_5(
800                                    userId, resourceId, actionId, permissions, roles, stopWatch,
801                                    block);
802                    }
803                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
804                            return hasUserPermissions_6(
805                                    userId, resourceId, resources, actionId,
806                                    permissionCheckerBag.getRoleIds(), stopWatch, block);
807                    }
808    
809                    return false;
810            }
811    
812            /**
813             * Sets the container wide permissions of either the role or the default
814             * user of each company to perform the actions on the named resource.
815             *
816             * @param  name the resource name
817             * @param  roleName the role name. Supported role names include {@link
818             *         com.liferay.portal.model.RoleConstants#ORGANIZATION_USER}, {@link
819             *         com.liferay.portal.model.RoleConstants#OWNER}, and {@link
820             *         com.liferay.portal.model.RoleConstants#SITE_MEMBER}.
821             * @param  actionId the action's ID
822             * @throws PortalException if a matching role could not be found or if a
823             *         default user for the company could not be found
824             * @throws SystemException if a system exception occurred
825             */
826            @Override
827            public void setContainerResourcePermissions(
828                            String name, String roleName, String actionId)
829                    throws PortalException, SystemException {
830    
831                    List<Company> companies = companyPersistence.findAll();
832    
833                    for (Company company : companies) {
834                            setContainerResourcePermissions(
835                                    company.getCompanyId(), name, roleName, actionId);
836                    }
837            }
838    
839            /**
840             * Sets the group's permissions to perform the actions on the resource,
841             * replacing the group's existing permissions on the resource.
842             *
843             * @param  groupId the primary key of the group
844             * @param  actionIds the primary keys of the actions
845             * @param  resourceId the primary key of the resource
846             * @throws PortalException if a group with the primary key could not be
847             *         found
848             * @throws SystemException if a system exception occurred
849             */
850            @Override
851            public void setGroupPermissions(
852                            long groupId, String[] actionIds, long resourceId)
853                    throws PortalException, SystemException {
854    
855                    Group group = groupPersistence.findByPrimaryKey(groupId);
856    
857                    List<Permission> permissions = permissionFinder.findByG_R(
858                            groupId, resourceId);
859    
860                    for (Permission permission : permissions) {
861                            groupPersistence.removePermission(groupId, permission);
862                    }
863    
864                    permissions = getPermissions(
865                            group.getCompanyId(), actionIds, resourceId);
866    
867                    groupPersistence.addPermissions(groupId, permissions);
868    
869                    PermissionCacheUtil.clearCache();
870            }
871    
872            /**
873             * Sets the entity's group permissions to perform the actions on the
874             * resource, replacing the entity's existing group permissions on the
875             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
876             * com.liferay.portal.model.UserGroup} class entities are supported.
877             *
878             * @param  className the class name of an organization or user group
879             * @param  classPK the primary key of the class
880             * @param  groupId the primary key of the group
881             * @param  actionIds the primary keys of the actions
882             * @param  resourceId the primary key of the resource
883             * @throws PortalException if an entity with the class name and primary key
884             *         could not be found or if the entity's associated group could not
885             *         be found
886             * @throws SystemException if a system exception occurred
887             */
888            @Override
889            public void setGroupPermissions(
890                            String className, String classPK, long groupId, String[] actionIds,
891                            long resourceId)
892                    throws PortalException, SystemException {
893    
894                    long associatedGroupId = 0;
895    
896                    if (className.equals(Organization.class.getName())) {
897                            long organizationId = GetterUtil.getLong(classPK);
898    
899                            Organization organization =
900                                    organizationPersistence.findByPrimaryKey(organizationId);
901    
902                            orgGroupPermissionFinder.removeByO_G_R(
903                                    organizationId, groupId, resourceId);
904    
905                            associatedGroupId = organization.getGroup().getGroupId();
906                    }
907                    else if (className.equals(UserGroup.class.getName())) {
908                            long userGroupId = GetterUtil.getLong(classPK);
909    
910                            UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
911                                    userGroupId);
912    
913                            associatedGroupId = userGroup.getGroup().getGroupId();
914                    }
915    
916                    setGroupPermissions(associatedGroupId, actionIds, resourceId);
917            }
918    
919            /**
920             * Sets the organization's group permissions to perform the actions on the
921             * resource, replacing the organization's existing group permissions on the
922             * resource.
923             *
924             * @param  organizationId the primary key of the organization
925             * @param  groupId the primary key of the group in which to scope the
926             *         permissions
927             * @param  actionIds the primary keys of the actions
928             * @param  resourceId the primary key of the resource
929             * @throws PortalException if an organization with the primary key could not
930             *         be found
931             * @throws SystemException if a system exception occurred
932             */
933            @Override
934            public void setOrgGroupPermissions(
935                            long organizationId, long groupId, String[] actionIds,
936                            long resourceId)
937                    throws PortalException, SystemException {
938    
939                    Organization organization = organizationPersistence.findByPrimaryKey(
940                            organizationId);
941    
942                    long orgGroupId = organization.getGroup().getGroupId();
943    
944                    List<Permission> permissions = permissionPersistence.findByResourceId(
945                            resourceId);
946    
947                    for (Permission permission : permissions) {
948                            groupPersistence.removePermission(orgGroupId, permission);
949                    }
950    
951                    permissions = getPermissions(
952                            organization.getCompanyId(), actionIds, resourceId);
953    
954                    orgGroupPermissionFinder.removeByO_G_R(
955                            organizationId, groupId, resourceId);
956    
957                    for (Permission permission : permissions) {
958                            OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
959                                    organizationId, groupId, permission.getPermissionId());
960    
961                            OrgGroupPermission orgGroupPermission =
962                                    orgGroupPermissionPersistence.create(pk);
963    
964                            orgGroupPermissionPersistence.update(orgGroupPermission, false);
965                    }
966    
967                    PermissionCacheUtil.clearCache();
968            }
969    
970            /**
971             * Sets the role's permissions to perform the action on the named resource,
972             * replacing the role's existing permissions on the resource.
973             *
974             * @param  roleId the primary key of the role
975             * @param  companyId the primary key of the company
976             * @param  name the resource name
977             * @param  scope the resource scope
978             * @param  primKey the resource primKey
979             * @param  actionId the action's ID
980             * @throws PortalException if the scope was {@link
981             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
982             * @throws SystemException if a system exception occurred
983             */
984            @Override
985            public void setRolePermission(
986                            long roleId, long companyId, String name, int scope, String primKey,
987                            String actionId)
988                    throws PortalException, SystemException {
989    
990                    if (scope == ResourceConstants.SCOPE_COMPANY) {
991    
992                            // Remove group permission
993    
994                            unsetRolePermissions(
995                                    roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
996                                    actionId);
997                    }
998                    else if (scope == ResourceConstants.SCOPE_GROUP) {
999    
1000                            // Remove company permission
1001    
1002                            unsetRolePermissions(
1003                                    roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
1004                                    actionId);
1005                    }
1006                    else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
1007                            throw new NoSuchPermissionException();
1008                    }
1009    
1010                    Resource resource = resourceLocalService.addResource(
1011                            companyId, name, scope, primKey);
1012    
1013                    long resourceId = resource.getResourceId();
1014    
1015                    Permission permission = permissionPersistence.fetchByA_R(
1016                            actionId, resourceId);
1017    
1018                    if (permission == null) {
1019                            long permissionId = counterLocalService.increment(
1020                                    Permission.class.getName());
1021    
1022                            permission = permissionPersistence.create(permissionId);
1023    
1024                            permission.setCompanyId(companyId);
1025                            permission.setActionId(actionId);
1026                            permission.setResourceId(resourceId);
1027    
1028                            permissionPersistence.update(permission, false);
1029                    }
1030    
1031                    rolePersistence.addPermission(roleId, permission);
1032    
1033                    PermissionCacheUtil.clearCache();
1034    
1035                    SearchEngineUtil.updatePermissionFields(resourceId);
1036            }
1037    
1038            /**
1039             * Sets the role's permissions to perform the actions on the named resource,
1040             * replacing the role's existing permission for each of these actions on the
1041             * resource.
1042             *
1043             * @param  roleId the primary key of the role
1044             * @param  companyId the primary key of the company
1045             * @param  name the resource name
1046             * @param  scope the resource scope
1047             * @param  primKey the resource primKey
1048             * @param  actionIds the primary keys of the actions
1049             * @throws PortalException if the scope was {@link
1050             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
1051             * @throws SystemException if a system exception occurred
1052             */
1053            @Override
1054            public void setRolePermissions(
1055                            long roleId, long companyId, String name, int scope, String primKey,
1056                            String[] actionIds)
1057                    throws PortalException, SystemException {
1058    
1059                    for (String actionId : actionIds) {
1060                            setRolePermission(
1061                                    roleId, companyId, name, scope, primKey, actionId);
1062                    }
1063            }
1064    
1065            /**
1066             * Sets the role's permissions to perform the actions on the resource,
1067             * replacing the role's existing permissions on the resource.
1068             *
1069             * @param  roleId the primary key of the role
1070             * @param  actionIds the primary keys of the actions
1071             * @param  resourceId the primary key of the resource
1072             * @throws PortalException if a role with the primary key could not be found
1073             * @throws SystemException if a system exception occurred
1074             */
1075            @Override
1076            public void setRolePermissions(
1077                            long roleId, String[] actionIds, long resourceId)
1078                    throws PortalException, SystemException {
1079    
1080                    Role role = rolePersistence.findByPrimaryKey(roleId);
1081    
1082                    List<Permission> permissions = permissionFinder.findByR_R(
1083                            roleId, resourceId);
1084    
1085                    rolePersistence.removePermissions(roleId, permissions);
1086    
1087                    permissions = getPermissions(
1088                            role.getCompanyId(), actionIds, resourceId);
1089    
1090                    rolePersistence.addPermissions(roleId, permissions);
1091    
1092                    PermissionCacheUtil.clearCache();
1093    
1094                    SearchEngineUtil.updatePermissionFields(resourceId);
1095            }
1096    
1097            /**
1098             * Sets the permissions of each role to perform respective actions on the
1099             * resource, replacing the existing permissions of each role on the
1100             * resource.
1101             *
1102             * @param  companyId the primary key of the company
1103             * @param  roleIdsToActionIds the map of roles to their new actions on the
1104             *         resource
1105             * @param  resourceId the primary key of the resource
1106             * @throws SystemException if a system exception occurred
1107             */
1108            @Override
1109            public void setRolesPermissions(
1110                            long companyId, Map<Long, String[]> roleIdsToActionIds,
1111                            long resourceId)
1112                    throws SystemException {
1113    
1114                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1115    
1116                    PermissionThreadLocal.setIndexEnabled(false);
1117    
1118                    try {
1119                            for (Map.Entry<Long, String[]> entry :
1120                                            roleIdsToActionIds.entrySet()) {
1121    
1122                                    long roleId = entry.getKey();
1123                                    String[] actionIds = entry.getValue();
1124    
1125                                    List<Permission> permissions = permissionFinder.findByR_R(
1126                                            roleId, resourceId);
1127    
1128                                    rolePersistence.removePermissions(roleId, permissions);
1129    
1130                                    permissions = getPermissions(companyId, actionIds, resourceId);
1131    
1132                                    rolePersistence.addPermissions(roleId, permissions);
1133                            }
1134                    }
1135                    finally {
1136                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
1137    
1138                            PermissionCacheUtil.clearCache();
1139    
1140                            SearchEngineUtil.updatePermissionFields(resourceId);
1141                    }
1142            }
1143    
1144            /**
1145             * Sets the permissions of each role to perform respective actions on the
1146             * named resource, replacing the existing permissions of each role on the
1147             * resource.
1148             *
1149             * @param  companyId the primary key of the company
1150             * @param  roleIdsToActionIds the map of roles to their new actions on the
1151             *         resource
1152             * @param  name the resource name
1153             * @param  scope the resource scope
1154             * @param  primKey the resource primKey
1155             * @throws SystemException if a system exception occurred
1156             */
1157            @Override
1158            public void setRolesPermissions(
1159                            long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1160                            int scope, String primKey)
1161                    throws SystemException {
1162    
1163                    Resource resource = resourceLocalService.fetchResource(
1164                            companyId, name, scope, String.valueOf(primKey));
1165    
1166                    if (resource == null) {
1167                            resource = resourceLocalService.addResource(
1168                                    companyId, name, scope, String.valueOf(primKey));
1169                    }
1170    
1171                    if (resource == null) {
1172                            return;
1173                    }
1174    
1175                    setRolesPermissions(
1176                            companyId, roleIdsToActionIds, resource.getResourceId());
1177            }
1178    
1179            /**
1180             * Sets the user's permissions to perform the actions on the resource,
1181             * replacing the user's existing permissions on the resource.
1182             *
1183             * @param  userId the primary key of the user
1184             * @param  actionIds the primary keys of the actions
1185             * @param  resourceId the primary key of the resource
1186             * @throws PortalException if a user with the primary key could not be found
1187             * @throws SystemException if a system exception occurred
1188             */
1189            @Override
1190            public void setUserPermissions(
1191                            long userId, String[] actionIds, long resourceId)
1192                    throws PortalException, SystemException {
1193    
1194                    User user = userPersistence.findByPrimaryKey(userId);
1195    
1196                    List<Permission> permissions = permissionFinder.findByU_R(
1197                            userId, resourceId);
1198    
1199                    userPersistence.removePermissions(userId, permissions);
1200    
1201                    permissions = getPermissions(
1202                            user.getCompanyId(), actionIds, resourceId);
1203    
1204                    userPersistence.addPermissions(userId, permissions);
1205    
1206                    PermissionCacheUtil.clearCache();
1207            }
1208    
1209            /**
1210             * Removes the permission from the role.
1211             *
1212             * @param  roleId the primary key of the role
1213             * @param  permissionId the primary key of the permission
1214             * @throws SystemException if a system exception occurred
1215             */
1216            @Override
1217            public void unsetRolePermission(long roleId, long permissionId)
1218                    throws SystemException {
1219    
1220                    Permission permission = permissionPersistence.fetchByPrimaryKey(
1221                            permissionId);
1222    
1223                    if (permission != null) {
1224                            rolePersistence.removePermission(roleId, permission);
1225                    }
1226    
1227                    PermissionCacheUtil.clearCache();
1228            }
1229    
1230            /**
1231             * Removes the role's permissions to perform the action on the named
1232             * resource with the scope and primKey.
1233             *
1234             * @param  roleId the primary key of the role
1235             * @param  companyId the primary key of the company
1236             * @param  name the resource name
1237             * @param  scope the resource scope
1238             * @param  primKey the resource primKey
1239             * @param  actionId the action's ID
1240             * @throws SystemException if a system exception occurred
1241             */
1242            @Override
1243            public void unsetRolePermission(
1244                            long roleId, long companyId, String name, int scope, String primKey,
1245                            String actionId)
1246                    throws SystemException {
1247    
1248                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1249                            companyId, name, scope);
1250    
1251                    Resource resource = resourcePersistence.fetchByC_P(
1252                            resourceCode.getCodeId(), primKey);
1253    
1254                    if (resource != null) {
1255                            Permission permission = permissionPersistence.fetchByA_R(
1256                                    actionId, resource.getResourceId());
1257    
1258                            if (permission != null) {
1259                                    rolePersistence.removePermission(roleId, permission);
1260                            }
1261                    }
1262    
1263                    PermissionCacheUtil.clearCache();
1264            }
1265    
1266            /**
1267             * Removes the role's permissions to perform the action on the named
1268             * resource.
1269             *
1270             * @param  roleId the primary key of the role
1271             * @param  companyId the primary key of the company
1272             * @param  name the resource name
1273             * @param  scope the resource scope
1274             * @param  actionId the action's ID
1275             * @throws SystemException if a system exception occurred
1276             */
1277            @Override
1278            public void unsetRolePermissions(
1279                            long roleId, long companyId, String name, int scope,
1280                            String actionId)
1281                    throws SystemException {
1282    
1283                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1284                            companyId, name, scope);
1285    
1286                    List<Permission> permissions = permissionFinder.findByA_C(
1287                            actionId, resourceCode.getCodeId());
1288    
1289                    for (Permission permission : permissions) {
1290                            rolePersistence.removePermission(roleId, permission);
1291                    }
1292    
1293                    PermissionCacheUtil.clearCache();
1294            }
1295    
1296            /**
1297             * Removes the user's permissions to perform the actions on the resource.
1298             *
1299             * @param  userId the primary key of the user
1300             * @param  actionIds the primary keys of the actions
1301             * @param  resourceId the primary key of the resource
1302             * @throws SystemException if a system exception occurred
1303             */
1304            @Override
1305            public void unsetUserPermissions(
1306                            long userId, String[] actionIds, long resourceId)
1307                    throws SystemException {
1308    
1309                    List<Permission> permissions = permissionFinder.findByU_A_R(
1310                            userId, actionIds, resourceId);
1311    
1312                    userPersistence.removePermissions(userId, permissions);
1313    
1314                    PermissionCacheUtil.clearCache();
1315            }
1316    
1317            protected boolean checkOrgGroupPermission(
1318                            List<Organization> organizations, List<Group> groups,
1319                            List<Permission> permissions)
1320                    throws PortalException, SystemException {
1321    
1322                    for (Permission permission : permissions) {
1323                            if (checkOrgGroupPermission(organizations, groups, permission)) {
1324                                    return true;
1325                            }
1326                    }
1327    
1328                    return false;
1329            }
1330    
1331            protected boolean checkOrgGroupPermission(
1332                            List<Organization> organizations, List<Group> groups,
1333                            Permission permission)
1334                    throws PortalException, SystemException {
1335    
1336                    // Do not check for an OrgGroupPermission intersection unless there is
1337                    // at least one organization and one group to check
1338    
1339                    if ((organizations.size() == 0) || (groups.size() == 0)) {
1340                            return false;
1341                    }
1342    
1343                    // Do not check unless the OrgGroupPermission intersection contains at
1344                    // least one permission
1345    
1346                    List<OrgGroupPermission> orgGroupPermissions =
1347                            orgGroupPermissionPersistence.findByPermissionId(
1348                                    permission.getPermissionId());
1349    
1350                    if (orgGroupPermissions.size() == 0) {
1351                            return false;
1352                    }
1353    
1354                    for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1355                            if (orgGroupPermission.containsOrganization(organizations) &&
1356                                    orgGroupPermission.containsGroup(groups)) {
1357    
1358                                    return true;
1359                            }
1360                    }
1361    
1362                    // Throw an exception so that we do not continue checking permissions.
1363                    // The user has a specific permission given in the OrgGroupPermission
1364                    // intersection that prohibits him from going further.
1365    
1366                    throw new NoSuchPermissionException(
1367                            "User has a permission in OrgGroupPermission that does not match");
1368            }
1369    
1370            protected boolean hasUserPermissions_1(
1371                            long userId, long resourceId, String actionId,
1372                            List<Permission> permissions, List<Group> groups, long groupId,
1373                            StopWatch stopWatch, int block)
1374                    throws SystemException {
1375    
1376                    // Is the user connected to one of the permissions via group or
1377                    // organization roles?
1378    
1379                    if (groups.size() > 0) {
1380                            if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1381                                    return true;
1382                            }
1383                    }
1384    
1385                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1386    
1387                    // Is the user associated with groups or organizations that are directly
1388                    // connected to one of the permissions?
1389    
1390                    if (groups.size() > 0) {
1391                            if (permissionFinder.countByGroupsPermissions(
1392                                            permissions, groups) > 0) {
1393    
1394                                    return true;
1395                            }
1396                    }
1397    
1398                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1399    
1400                    // Is the user connected to one of the permissions via user roles?
1401    
1402                    if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1403                            return true;
1404                    }
1405    
1406                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1407    
1408                    // Is the user connected to one of the permissions via user group roles?
1409    
1410                    if (permissionFinder.countByUserGroupRole(
1411                                    permissions, userId, groupId) > 0) {
1412    
1413                            return true;
1414                    }
1415    
1416                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1417    
1418                    // Is the user directly connected to one of the permissions?
1419    
1420                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1421                            return true;
1422                    }
1423    
1424                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1425    
1426                    return false;
1427            }
1428    
1429            protected boolean hasUserPermissions_2(
1430                            long userId, long resourceId, String actionId,
1431                            List<Permission> permissions, List<Group> groups, long groupId,
1432                            StopWatch stopWatch, int block)
1433                    throws SystemException {
1434    
1435                    // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
1436                    // countByUserGroupRole, and countByUsersPermissions in one method
1437    
1438                    if (permissionFinder.containsPermissions_2(
1439                                    permissions, userId, groups, groupId)) {
1440    
1441                            return true;
1442                    }
1443    
1444                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1445    
1446                    return false;
1447            }
1448    
1449            protected boolean hasUserPermissions_3(
1450                            long userId, long resourceId, String actionId,
1451                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1452                            StopWatch stopWatch, int block)
1453                    throws SystemException {
1454    
1455                    // Is the user associated with groups or organizations that are directly
1456                    // connected to one of the permissions?
1457    
1458                    if (groups.size() > 0) {
1459                            if (permissionFinder.countByGroupsPermissions(
1460                                            permissions, groups) > 0) {
1461    
1462                                    return true;
1463                            }
1464                    }
1465    
1466                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1467    
1468                    // Is the user associated with a role that is directly connected to one
1469                    // of the permissions?
1470    
1471                    if (roles.size() > 0) {
1472                            if (permissionFinder.countByRolesPermissions(
1473                                            permissions, roles) > 0) {
1474    
1475                                    return true;
1476                            }
1477                    }
1478    
1479                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1480    
1481                    // Is the user directly connected to one of the permissions?
1482    
1483                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1484                            return true;
1485                    }
1486    
1487                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1488    
1489                    return false;
1490            }
1491    
1492            protected boolean hasUserPermissions_4(
1493                            long userId, long resourceId, String actionId,
1494                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1495                            StopWatch stopWatch, int block)
1496                    throws SystemException {
1497    
1498                    // Call countByGroupsPermissions, countByRolesPermissions, and
1499                    // countByUsersPermissions in one method
1500    
1501                    if (permissionFinder.containsPermissions_4(
1502                                    permissions, userId, groups, roles)) {
1503    
1504                            return true;
1505                    }
1506    
1507                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1508    
1509                    return false;
1510            }
1511    
1512            protected boolean hasUserPermissions_5(
1513                            long userId, long resourceId, String actionId,
1514                            List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1515                            int block)
1516                    throws SystemException {
1517    
1518                    if (roles.size() > 0) {
1519                            if (permissionFinder.countByRolesPermissions(
1520                                            permissions, roles) > 0) {
1521    
1522                                    return true;
1523                            }
1524                    }
1525    
1526                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1527    
1528                    return false;
1529            }
1530    
1531            protected boolean hasUserPermissions_6(
1532                            long userId, long resourceId, List<Resource> resources,
1533                            String actionId, long[] roleIds, StopWatch stopWatch, int block)
1534                    throws PortalException, SystemException {
1535    
1536                    boolean hasUserPermissions =
1537                            resourcePermissionLocalService.hasResourcePermission(
1538                                    resources, roleIds, actionId);
1539    
1540                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1541    
1542                    return hasUserPermissions;
1543            }
1544    
1545            protected void logHasUserPermissions(
1546                    long userId, long resourceId, String actionId, StopWatch stopWatch,
1547                    int block) {
1548    
1549                    if (!_log.isDebugEnabled()) {
1550                            return;
1551                    }
1552    
1553                    _log.debug(
1554                            "Checking user permissions block " + block + " for " + userId +
1555                                    " " + resourceId + " " + actionId + " takes " +
1556                                            stopWatch.getTime() + " ms");
1557            }
1558    
1559            protected void setContainerResourcePermissions(
1560                            long companyId, String name, String roleName, String actionId)
1561                    throws PortalException, SystemException {
1562    
1563                    ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1564                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1565    
1566                    if (resourceCode == null) {
1567                            return;
1568                    }
1569    
1570                    long classNameId = 0;
1571    
1572                    Role role = rolePersistence.findByC_N(companyId, roleName);
1573    
1574                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
1575                            classNameId = PortalUtil.getClassNameId(Organization.class);
1576                    }
1577                    else if (role.getType() == RoleConstants.TYPE_SITE) {
1578                            classNameId = PortalUtil.getClassNameId(Group.class);
1579                    }
1580    
1581                    List<Resource> resources = resourceFinder.findByContainerResource(
1582                            resourceCode.getCodeId(), classNameId);
1583    
1584                    if (resources.isEmpty()) {
1585                            return;
1586                    }
1587    
1588                    List<Permission> permissions = new ArrayList<Permission>(
1589                            resources.size());
1590    
1591                    for (Resource resource : resources) {
1592                            Permission permission = permissionPersistence.fetchByA_R(
1593                                    actionId, resource.getResourceId());
1594    
1595                            if (permission == null) {
1596                                    long permissionId = counterLocalService.increment(
1597                                            Permission.class.getName());
1598    
1599                                    permission = permissionPersistence.create(permissionId);
1600    
1601                                    permission.setCompanyId(companyId);
1602                                    permission.setActionId(actionId);
1603                                    permission.setResourceId(resource.getResourceId());
1604    
1605                                    permissionPersistence.update(permission, false);
1606                            }
1607    
1608                            permissions.add(permission);
1609                    }
1610    
1611                    if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1612                            !roleName.equals(RoleConstants.GUEST)) {
1613    
1614                            rolePersistence.addPermissions(role.getRoleId(), permissions);
1615                    }
1616                    else {
1617                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
1618    
1619                            userPersistence.addPermissions(defaultUserId, permissions);
1620                    }
1621            }
1622    
1623            private static Log _log = LogFactoryUtil.getLog(
1624                    PermissionLocalServiceImpl.class);
1625    
1626    }