001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.NoSuchPermissionException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.search.SearchEngineUtil;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.Company;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.OrgGroupPermission;
029 import com.liferay.portal.model.Organization;
030 import com.liferay.portal.model.Permission;
031 import com.liferay.portal.model.Resource;
032 import com.liferay.portal.model.ResourceCode;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.RoleConstants;
036 import com.liferay.portal.model.User;
037 import com.liferay.portal.model.UserGroup;
038 import com.liferay.portal.security.permission.PermissionCacheUtil;
039 import com.liferay.portal.security.permission.PermissionCheckerBag;
040 import com.liferay.portal.security.permission.PermissionThreadLocal;
041 import com.liferay.portal.security.permission.ResourceActionsUtil;
042 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044 import com.liferay.portal.util.PortalUtil;
045 import com.liferay.portal.util.PropsValues;
046 import com.liferay.portal.util.comparator.PermissionComparator;
047
048 import java.util.ArrayList;
049 import java.util.HashSet;
050 import java.util.Iterator;
051 import java.util.List;
052 import java.util.Map;
053 import java.util.Set;
054
055 import org.apache.commons.lang.time.StopWatch;
056
057
064 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
065
066
082 @Override
083 public Permission addPermission(
084 long companyId, String actionId, long resourceId)
085 throws SystemException {
086
087 Permission permission = permissionPersistence.fetchByA_R(
088 actionId, resourceId);
089
090 if (permission == null) {
091 long permissionId = counterLocalService.increment(
092 Permission.class.getName());
093
094 permission = permissionPersistence.create(permissionId);
095
096 permission.setCompanyId(companyId);
097 permission.setActionId(actionId);
098 permission.setResourceId(resourceId);
099
100 permissionPersistence.update(permission, false);
101 }
102
103 return permission;
104 }
105
106
121 @Override
122 public List<Permission> addPermissions(
123 long companyId, List<String> actionIds, long resourceId)
124 throws SystemException {
125
126 List<Permission> permissions = permissionPersistence.findByResourceId(
127 resourceId);
128
129 permissions = ListUtil.copy(permissions);
130
131 Set<String> actionIdsSet = new HashSet<String>();
132
133 for (Permission permission : permissions) {
134 actionIdsSet.add(permission.getActionId());
135 }
136
137 for (String actionId : actionIds) {
138 if (actionIdsSet.contains(actionId)) {
139 continue;
140 }
141
142 long permissionId = counterLocalService.increment(
143 Permission.class.getName());
144
145 Permission permission = permissionPersistence.create(permissionId);
146
147 permission.setCompanyId(companyId);
148 permission.setActionId(actionId);
149 permission.setResourceId(resourceId);
150
151 try {
152 permissionPersistence.update(permission, false);
153 }
154 catch (SystemException se) {
155 if (_log.isWarnEnabled()) {
156 _log.warn(
157 "Add failed, fetch {actionId=" + actionId +
158 ", resourceId=" + resourceId + "}");
159 }
160
161 permission = permissionPersistence.fetchByA_R(
162 actionId, resourceId, false);
163
164 if (permission == null) {
165 throw se;
166 }
167 }
168
169 permissions.add(permission);
170 }
171
172 return permissions;
173 }
174
175
193 @Override
194 public List<Permission> addPermissions(
195 long companyId, String name, long resourceId,
196 boolean portletActions)
197 throws SystemException {
198
199 List<String> actionIds = null;
200
201 if (portletActions) {
202 actionIds = ResourceActionsUtil.getPortletResourceActions(name);
203 }
204 else {
205 actionIds = ResourceActionsUtil.getModelResourceActions(name);
206 }
207
208 return addPermissions(companyId, actionIds, resourceId);
209 }
210
211
220 @Override
221 public void addUserPermissions(
222 long userId, String[] actionIds, long resourceId)
223 throws PortalException, SystemException {
224
225 User user = userPersistence.findByPrimaryKey(userId);
226
227 List<Permission> permissions = permissionFinder.findByU_R(
228 userId, resourceId);
229
230 permissions = getPermissions(
231 user.getCompanyId(), actionIds, resourceId);
232
233 userPersistence.addPermissions(userId, permissions);
234
235 PermissionCacheUtil.clearCache();
236 }
237
238
247 @Override
248 public void checkPermissions(String name, List<String> actionIds)
249 throws PortalException, SystemException {
250
251 List<String> groupDefaultActions =
252 ResourceActionsUtil.getModelResourceGroupDefaultActions(name);
253 List<String> guestDefaultActions =
254 ResourceActionsUtil.getModelResourceGuestDefaultActions(name);
255
256 List<Company> companies = companyPersistence.findAll();
257
258 for (Company company : companies) {
259 long companyId = company.getCompanyId();
260
261 ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
262 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
263
264 if (resourceCode == null) {
265 continue;
266 }
267
268 Role guestRole = rolePersistence.fetchByC_N(
269 companyId, RoleConstants.GUEST);
270 Role ownerRole = rolePersistence.fetchByC_N(
271 companyId, RoleConstants.OWNER);
272 Role siteMemberRole = rolePersistence.fetchByC_N(
273 companyId, RoleConstants.SITE_MEMBER);
274
275 for (String actionId : actionIds) {
276 List<Resource> resources = resourceFinder.findByNoActions(
277 resourceCode.getCodeId(), actionId);
278
279 List<Permission> permissions = new ArrayList<Permission>(
280 resources.size());
281
282 for (Resource resource : resources) {
283 long permissionId = counterLocalService.increment(
284 Permission.class.getName());
285
286 Permission permission = permissionPersistence.create(
287 permissionId);
288
289 permission.setCompanyId(companyId);
290 permission.setActionId(actionId);
291 permission.setResourceId(resource.getResourceId());
292
293 permissionPersistence.update(permission, false);
294
295 permissions.add(permission);
296 }
297
298 if ((guestRole != null) &&
299 guestDefaultActions.contains(actionId)) {
300
301 rolePersistence.addPermissions(
302 guestRole.getRoleId(), permissions);
303 }
304
305 if (ownerRole != null) {
306 rolePersistence.addPermissions(
307 ownerRole.getRoleId(), permissions);
308 }
309
310 if ((siteMemberRole != null) &&
311 groupDefaultActions.contains(actionId)) {
312
313 rolePersistence.addPermissions(
314 siteMemberRole.getRoleId(), permissions);
315 }
316
317 for (Resource resource : resources) {
318 SearchEngineUtil.updatePermissionFields(
319 resource.getResourceId());
320 }
321 }
322 }
323
324 PermissionCacheUtil.clearCache();
325 }
326
327
333 @Override
334 public List<String> getActions(List<Permission> permissions) {
335 List<String> actionIds = new ArrayList<String>();
336
337 Iterator<Permission> itr = permissions.iterator();
338
339 while (itr.hasNext()) {
340 Permission permission = itr.next();
341
342 actionIds.add(permission.getActionId());
343 }
344
345 return actionIds;
346 }
347
348
356 @Override
357 public List<Permission> getGroupPermissions(long groupId, long resourceId)
358 throws SystemException {
359
360 return permissionFinder.findByG_R(groupId, resourceId);
361 }
362
363
376 @Override
377 public List<Permission> getGroupPermissions(
378 long groupId, long companyId, String name, int scope,
379 String primKey)
380 throws SystemException {
381
382 return permissionFinder.findByG_C_N_S_P(
383 groupId, companyId, name, scope, primKey);
384 }
385
386
392 @Override
393 public long getLatestPermissionId() throws SystemException {
394 List<Permission> permissions = permissionPersistence.findAll(
395 0, 1, new PermissionComparator());
396
397 if (permissions.size() == 0) {
398 return 0;
399 }
400 else {
401 Permission permission = permissions.get(0);
402
403 return permission.getPermissionId();
404 }
405 }
406
407
418 @Override
419 public List<Permission> getOrgGroupPermissions(
420 long organizationId, long groupId, long resourceId)
421 throws SystemException {
422
423 return permissionFinder.findByO_G_R(
424 organizationId, groupId, resourceId);
425 }
426
427
438 @Override
439 public List<Permission> getPermissions(
440 long companyId, String[] actionIds, long resourceId)
441 throws SystemException {
442
443 List<Permission> permissions = new ArrayList<Permission>();
444
445 for (String actionId : actionIds) {
446 Permission permission = addPermission(
447 companyId, actionId, resourceId);
448
449 permissions.add(permission);
450 }
451
452 return permissions;
453 }
454
455
462 @Override
463 public List<Permission> getRolePermissions(long roleId)
464 throws SystemException {
465
466 return rolePersistence.getPermissions(roleId);
467 }
468
469 @Override
470 public List<Permission> getRolePermissions(long roleId, int[] scopes)
471 throws SystemException {
472
473 return permissionFinder.findByR_S(roleId, scopes);
474 }
475
476
484 @Override
485 public List<Permission> getRolePermissions(long roleId, long resourceId)
486 throws SystemException {
487
488 return permissionFinder.findByR_R(roleId, resourceId);
489 }
490
491
498 @Override
499 public List<Permission> getUserPermissions(long userId)
500 throws SystemException {
501
502 return userPersistence.getPermissions(userId);
503 }
504
505
513 @Override
514 public List<Permission> getUserPermissions(long userId, long resourceId)
515 throws SystemException {
516
517 return permissionFinder.findByU_R(userId, resourceId);
518 }
519
520
532 @Override
533 public List<Permission> getUserPermissions(
534 long userId, long companyId, String name, int scope, String primKey)
535 throws SystemException {
536
537 return permissionFinder.findByU_C_N_S_P(
538 userId, companyId, name, scope, primKey);
539 }
540
541
552 @Override
553 public boolean hasGroupPermission(
554 long groupId, String actionId, long resourceId)
555 throws SystemException {
556
557 Permission permission = permissionPersistence.fetchByA_R(
558 actionId, resourceId);
559
560
561
562
563 if (permission == null) {
564 return false;
565 }
566
567 return groupPersistence.containsPermission(
568 groupId, permission.getPermissionId());
569 }
570
571
585 @Override
586 public boolean hasRolePermission(
587 long roleId, long companyId, String name, int scope,
588 String actionId)
589 throws SystemException {
590
591 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
592 companyId, name, scope);
593
594 if (permissionFinder.countByR_A_C(
595 roleId, actionId, resourceCode.getCodeId()) > 0) {
596
597 return true;
598 }
599 else {
600 return false;
601 }
602 }
603
604
619 @Override
620 public boolean hasRolePermission(
621 long roleId, long companyId, String name, int scope, String primKey,
622 String actionId)
623 throws SystemException {
624
625 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
626 companyId, name, scope);
627
628 Resource resource = resourcePersistence.fetchByC_P(
629 resourceCode.getCodeId(), primKey);
630
631 if (resource == null) {
632 return false;
633 }
634
635 Permission permission = permissionPersistence.fetchByA_R(
636 actionId, resource.getResourceId());
637
638 if (permission == null) {
639 return false;
640 }
641
642 return rolePersistence.containsPermission(
643 roleId, permission.getPermissionId());
644 }
645
646
657 @Override
658 public boolean hasUserPermission(
659 long userId, String actionId, long resourceId)
660 throws SystemException {
661
662 Permission permission = permissionPersistence.fetchByA_R(
663 actionId, resourceId);
664
665
666
667
668 if (permission == null) {
669 return false;
670 }
671
672 return userPersistence.containsPermission(
673 userId, permission.getPermissionId());
674 }
675
676
699 @Override
700 public boolean hasUserPermissions(
701 long userId, long groupId, List<Resource> resources,
702 String actionId, PermissionCheckerBag permissionCheckerBag)
703 throws PortalException, SystemException {
704
705 StopWatch stopWatch = null;
706
707 if (_log.isDebugEnabled()) {
708 stopWatch = new StopWatch();
709
710 stopWatch.start();
711 }
712
713 int block = 1;
714
715
716
717 if (Validator.isNull(actionId) || resources.isEmpty()) {
718 return false;
719 }
720
721 long[] resourceIds = null;
722
723 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
724 resourceIds = new long[resources.size()];
725
726 for (int i = 0; i < resources.size(); i++) {
727 Resource resource = resources.get(i);
728
729 resourceIds[i] = resource.getResourceId();
730 }
731 }
732
733 List<Permission> permissions = null;
734
735 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
736 permissions = permissionFinder.findByA_R(actionId, resourceIds);
737
738
739
740 if (permissions.size() == 0) {
741 return false;
742 }
743 }
744
745
746
747 long resourceId = 0;
748
749 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
750 resourceId = resourceIds[0];
751 }
752 else {
753 resourceId = resources.get(0).getResourceId();
754 }
755
756 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
757
758
759
760
761
762
763 List<Group> groups = permissionCheckerBag.getGroups();
764 List<Role> roles = permissionCheckerBag.getRoles();
765
766 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
767
768
769
770
771
772
773
774
775
776 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
777
778 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
779 return hasUserPermissions_1(
780 userId, resourceId, actionId, permissions, groups, groupId,
781 stopWatch, block);
782 }
783 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
784 return hasUserPermissions_2(
785 userId, resourceId, actionId, permissions, groups, groupId,
786 stopWatch, block);
787 }
788 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
789 return hasUserPermissions_3(
790 userId, resourceId, actionId, permissions, groups, roles,
791 stopWatch, block);
792 }
793 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
794 return hasUserPermissions_4(
795 userId, resourceId, actionId, permissions, groups, roles,
796 stopWatch, block);
797 }
798 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
799 return hasUserPermissions_5(
800 userId, resourceId, actionId, permissions, roles, stopWatch,
801 block);
802 }
803 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
804 return hasUserPermissions_6(
805 userId, resourceId, resources, actionId,
806 permissionCheckerBag.getRoleIds(), stopWatch, block);
807 }
808
809 return false;
810 }
811
812
826 @Override
827 public void setContainerResourcePermissions(
828 String name, String roleName, String actionId)
829 throws PortalException, SystemException {
830
831 List<Company> companies = companyPersistence.findAll();
832
833 for (Company company : companies) {
834 setContainerResourcePermissions(
835 company.getCompanyId(), name, roleName, actionId);
836 }
837 }
838
839
850 @Override
851 public void setGroupPermissions(
852 long groupId, String[] actionIds, long resourceId)
853 throws PortalException, SystemException {
854
855 Group group = groupPersistence.findByPrimaryKey(groupId);
856
857 List<Permission> permissions = permissionFinder.findByG_R(
858 groupId, resourceId);
859
860 for (Permission permission : permissions) {
861 groupPersistence.removePermission(groupId, permission);
862 }
863
864 permissions = getPermissions(
865 group.getCompanyId(), actionIds, resourceId);
866
867 groupPersistence.addPermissions(groupId, permissions);
868
869 PermissionCacheUtil.clearCache();
870 }
871
872
888 @Override
889 public void setGroupPermissions(
890 String className, String classPK, long groupId, String[] actionIds,
891 long resourceId)
892 throws PortalException, SystemException {
893
894 long associatedGroupId = 0;
895
896 if (className.equals(Organization.class.getName())) {
897 long organizationId = GetterUtil.getLong(classPK);
898
899 Organization organization =
900 organizationPersistence.findByPrimaryKey(organizationId);
901
902 orgGroupPermissionFinder.removeByO_G_R(
903 organizationId, groupId, resourceId);
904
905 associatedGroupId = organization.getGroup().getGroupId();
906 }
907 else if (className.equals(UserGroup.class.getName())) {
908 long userGroupId = GetterUtil.getLong(classPK);
909
910 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
911 userGroupId);
912
913 associatedGroupId = userGroup.getGroup().getGroupId();
914 }
915
916 setGroupPermissions(associatedGroupId, actionIds, resourceId);
917 }
918
919
933 @Override
934 public void setOrgGroupPermissions(
935 long organizationId, long groupId, String[] actionIds,
936 long resourceId)
937 throws PortalException, SystemException {
938
939 Organization organization = organizationPersistence.findByPrimaryKey(
940 organizationId);
941
942 long orgGroupId = organization.getGroup().getGroupId();
943
944 List<Permission> permissions = permissionPersistence.findByResourceId(
945 resourceId);
946
947 for (Permission permission : permissions) {
948 groupPersistence.removePermission(orgGroupId, permission);
949 }
950
951 permissions = getPermissions(
952 organization.getCompanyId(), actionIds, resourceId);
953
954 orgGroupPermissionFinder.removeByO_G_R(
955 organizationId, groupId, resourceId);
956
957 for (Permission permission : permissions) {
958 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
959 organizationId, groupId, permission.getPermissionId());
960
961 OrgGroupPermission orgGroupPermission =
962 orgGroupPermissionPersistence.create(pk);
963
964 orgGroupPermissionPersistence.update(orgGroupPermission, false);
965 }
966
967 PermissionCacheUtil.clearCache();
968 }
969
970
984 @Override
985 public void setRolePermission(
986 long roleId, long companyId, String name, int scope, String primKey,
987 String actionId)
988 throws PortalException, SystemException {
989
990 if (scope == ResourceConstants.SCOPE_COMPANY) {
991
992
993
994 unsetRolePermissions(
995 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
996 actionId);
997 }
998 else if (scope == ResourceConstants.SCOPE_GROUP) {
999
1000
1001
1002 unsetRolePermissions(
1003 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
1004 actionId);
1005 }
1006 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
1007 throw new NoSuchPermissionException();
1008 }
1009
1010 Resource resource = resourceLocalService.addResource(
1011 companyId, name, scope, primKey);
1012
1013 long resourceId = resource.getResourceId();
1014
1015 Permission permission = permissionPersistence.fetchByA_R(
1016 actionId, resourceId);
1017
1018 if (permission == null) {
1019 long permissionId = counterLocalService.increment(
1020 Permission.class.getName());
1021
1022 permission = permissionPersistence.create(permissionId);
1023
1024 permission.setCompanyId(companyId);
1025 permission.setActionId(actionId);
1026 permission.setResourceId(resourceId);
1027
1028 permissionPersistence.update(permission, false);
1029 }
1030
1031 rolePersistence.addPermission(roleId, permission);
1032
1033 PermissionCacheUtil.clearCache();
1034
1035 SearchEngineUtil.updatePermissionFields(resourceId);
1036 }
1037
1038
1053 @Override
1054 public void setRolePermissions(
1055 long roleId, long companyId, String name, int scope, String primKey,
1056 String[] actionIds)
1057 throws PortalException, SystemException {
1058
1059 for (String actionId : actionIds) {
1060 setRolePermission(
1061 roleId, companyId, name, scope, primKey, actionId);
1062 }
1063 }
1064
1065
1075 @Override
1076 public void setRolePermissions(
1077 long roleId, String[] actionIds, long resourceId)
1078 throws PortalException, SystemException {
1079
1080 Role role = rolePersistence.findByPrimaryKey(roleId);
1081
1082 List<Permission> permissions = permissionFinder.findByR_R(
1083 roleId, resourceId);
1084
1085 rolePersistence.removePermissions(roleId, permissions);
1086
1087 permissions = getPermissions(
1088 role.getCompanyId(), actionIds, resourceId);
1089
1090 rolePersistence.addPermissions(roleId, permissions);
1091
1092 PermissionCacheUtil.clearCache();
1093
1094 SearchEngineUtil.updatePermissionFields(resourceId);
1095 }
1096
1097
1108 @Override
1109 public void setRolesPermissions(
1110 long companyId, Map<Long, String[]> roleIdsToActionIds,
1111 long resourceId)
1112 throws SystemException {
1113
1114 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1115
1116 PermissionThreadLocal.setIndexEnabled(false);
1117
1118 try {
1119 for (Map.Entry<Long, String[]> entry :
1120 roleIdsToActionIds.entrySet()) {
1121
1122 long roleId = entry.getKey();
1123 String[] actionIds = entry.getValue();
1124
1125 List<Permission> permissions = permissionFinder.findByR_R(
1126 roleId, resourceId);
1127
1128 rolePersistence.removePermissions(roleId, permissions);
1129
1130 permissions = getPermissions(companyId, actionIds, resourceId);
1131
1132 rolePersistence.addPermissions(roleId, permissions);
1133 }
1134 }
1135 finally {
1136 PermissionThreadLocal.setIndexEnabled(flushEnabled);
1137
1138 PermissionCacheUtil.clearCache();
1139
1140 SearchEngineUtil.updatePermissionFields(resourceId);
1141 }
1142 }
1143
1144
1157 @Override
1158 public void setRolesPermissions(
1159 long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1160 int scope, String primKey)
1161 throws SystemException {
1162
1163 Resource resource = resourceLocalService.fetchResource(
1164 companyId, name, scope, String.valueOf(primKey));
1165
1166 if (resource == null) {
1167 resource = resourceLocalService.addResource(
1168 companyId, name, scope, String.valueOf(primKey));
1169 }
1170
1171 if (resource == null) {
1172 return;
1173 }
1174
1175 setRolesPermissions(
1176 companyId, roleIdsToActionIds, resource.getResourceId());
1177 }
1178
1179
1189 @Override
1190 public void setUserPermissions(
1191 long userId, String[] actionIds, long resourceId)
1192 throws PortalException, SystemException {
1193
1194 User user = userPersistence.findByPrimaryKey(userId);
1195
1196 List<Permission> permissions = permissionFinder.findByU_R(
1197 userId, resourceId);
1198
1199 userPersistence.removePermissions(userId, permissions);
1200
1201 permissions = getPermissions(
1202 user.getCompanyId(), actionIds, resourceId);
1203
1204 userPersistence.addPermissions(userId, permissions);
1205
1206 PermissionCacheUtil.clearCache();
1207 }
1208
1209
1216 @Override
1217 public void unsetRolePermission(long roleId, long permissionId)
1218 throws SystemException {
1219
1220 Permission permission = permissionPersistence.fetchByPrimaryKey(
1221 permissionId);
1222
1223 if (permission != null) {
1224 rolePersistence.removePermission(roleId, permission);
1225 }
1226
1227 PermissionCacheUtil.clearCache();
1228 }
1229
1230
1242 @Override
1243 public void unsetRolePermission(
1244 long roleId, long companyId, String name, int scope, String primKey,
1245 String actionId)
1246 throws SystemException {
1247
1248 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1249 companyId, name, scope);
1250
1251 Resource resource = resourcePersistence.fetchByC_P(
1252 resourceCode.getCodeId(), primKey);
1253
1254 if (resource != null) {
1255 Permission permission = permissionPersistence.fetchByA_R(
1256 actionId, resource.getResourceId());
1257
1258 if (permission != null) {
1259 rolePersistence.removePermission(roleId, permission);
1260 }
1261 }
1262
1263 PermissionCacheUtil.clearCache();
1264 }
1265
1266
1277 @Override
1278 public void unsetRolePermissions(
1279 long roleId, long companyId, String name, int scope,
1280 String actionId)
1281 throws SystemException {
1282
1283 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1284 companyId, name, scope);
1285
1286 List<Permission> permissions = permissionFinder.findByA_C(
1287 actionId, resourceCode.getCodeId());
1288
1289 for (Permission permission : permissions) {
1290 rolePersistence.removePermission(roleId, permission);
1291 }
1292
1293 PermissionCacheUtil.clearCache();
1294 }
1295
1296
1304 @Override
1305 public void unsetUserPermissions(
1306 long userId, String[] actionIds, long resourceId)
1307 throws SystemException {
1308
1309 List<Permission> permissions = permissionFinder.findByU_A_R(
1310 userId, actionIds, resourceId);
1311
1312 userPersistence.removePermissions(userId, permissions);
1313
1314 PermissionCacheUtil.clearCache();
1315 }
1316
1317 protected boolean checkOrgGroupPermission(
1318 List<Organization> organizations, List<Group> groups,
1319 List<Permission> permissions)
1320 throws PortalException, SystemException {
1321
1322 for (Permission permission : permissions) {
1323 if (checkOrgGroupPermission(organizations, groups, permission)) {
1324 return true;
1325 }
1326 }
1327
1328 return false;
1329 }
1330
1331 protected boolean checkOrgGroupPermission(
1332 List<Organization> organizations, List<Group> groups,
1333 Permission permission)
1334 throws PortalException, SystemException {
1335
1336
1337
1338
1339 if ((organizations.size() == 0) || (groups.size() == 0)) {
1340 return false;
1341 }
1342
1343
1344
1345
1346 List<OrgGroupPermission> orgGroupPermissions =
1347 orgGroupPermissionPersistence.findByPermissionId(
1348 permission.getPermissionId());
1349
1350 if (orgGroupPermissions.size() == 0) {
1351 return false;
1352 }
1353
1354 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1355 if (orgGroupPermission.containsOrganization(organizations) &&
1356 orgGroupPermission.containsGroup(groups)) {
1357
1358 return true;
1359 }
1360 }
1361
1362
1363
1364
1365
1366 throw new NoSuchPermissionException(
1367 "User has a permission in OrgGroupPermission that does not match");
1368 }
1369
1370 protected boolean hasUserPermissions_1(
1371 long userId, long resourceId, String actionId,
1372 List<Permission> permissions, List<Group> groups, long groupId,
1373 StopWatch stopWatch, int block)
1374 throws SystemException {
1375
1376
1377
1378
1379 if (groups.size() > 0) {
1380 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1381 return true;
1382 }
1383 }
1384
1385 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1386
1387
1388
1389
1390 if (groups.size() > 0) {
1391 if (permissionFinder.countByGroupsPermissions(
1392 permissions, groups) > 0) {
1393
1394 return true;
1395 }
1396 }
1397
1398 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1399
1400
1401
1402 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1403 return true;
1404 }
1405
1406 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1407
1408
1409
1410 if (permissionFinder.countByUserGroupRole(
1411 permissions, userId, groupId) > 0) {
1412
1413 return true;
1414 }
1415
1416 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1417
1418
1419
1420 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1421 return true;
1422 }
1423
1424 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1425
1426 return false;
1427 }
1428
1429 protected boolean hasUserPermissions_2(
1430 long userId, long resourceId, String actionId,
1431 List<Permission> permissions, List<Group> groups, long groupId,
1432 StopWatch stopWatch, int block)
1433 throws SystemException {
1434
1435
1436
1437
1438 if (permissionFinder.containsPermissions_2(
1439 permissions, userId, groups, groupId)) {
1440
1441 return true;
1442 }
1443
1444 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1445
1446 return false;
1447 }
1448
1449 protected boolean hasUserPermissions_3(
1450 long userId, long resourceId, String actionId,
1451 List<Permission> permissions, List<Group> groups, List<Role> roles,
1452 StopWatch stopWatch, int block)
1453 throws SystemException {
1454
1455
1456
1457
1458 if (groups.size() > 0) {
1459 if (permissionFinder.countByGroupsPermissions(
1460 permissions, groups) > 0) {
1461
1462 return true;
1463 }
1464 }
1465
1466 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1467
1468
1469
1470
1471 if (roles.size() > 0) {
1472 if (permissionFinder.countByRolesPermissions(
1473 permissions, roles) > 0) {
1474
1475 return true;
1476 }
1477 }
1478
1479 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1480
1481
1482
1483 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1484 return true;
1485 }
1486
1487 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1488
1489 return false;
1490 }
1491
1492 protected boolean hasUserPermissions_4(
1493 long userId, long resourceId, String actionId,
1494 List<Permission> permissions, List<Group> groups, List<Role> roles,
1495 StopWatch stopWatch, int block)
1496 throws SystemException {
1497
1498
1499
1500
1501 if (permissionFinder.containsPermissions_4(
1502 permissions, userId, groups, roles)) {
1503
1504 return true;
1505 }
1506
1507 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1508
1509 return false;
1510 }
1511
1512 protected boolean hasUserPermissions_5(
1513 long userId, long resourceId, String actionId,
1514 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1515 int block)
1516 throws SystemException {
1517
1518 if (roles.size() > 0) {
1519 if (permissionFinder.countByRolesPermissions(
1520 permissions, roles) > 0) {
1521
1522 return true;
1523 }
1524 }
1525
1526 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1527
1528 return false;
1529 }
1530
1531 protected boolean hasUserPermissions_6(
1532 long userId, long resourceId, List<Resource> resources,
1533 String actionId, long[] roleIds, StopWatch stopWatch, int block)
1534 throws PortalException, SystemException {
1535
1536 boolean hasUserPermissions =
1537 resourcePermissionLocalService.hasResourcePermission(
1538 resources, roleIds, actionId);
1539
1540 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1541
1542 return hasUserPermissions;
1543 }
1544
1545 protected void logHasUserPermissions(
1546 long userId, long resourceId, String actionId, StopWatch stopWatch,
1547 int block) {
1548
1549 if (!_log.isDebugEnabled()) {
1550 return;
1551 }
1552
1553 _log.debug(
1554 "Checking user permissions block " + block + " for " + userId +
1555 " " + resourceId + " " + actionId + " takes " +
1556 stopWatch.getTime() + " ms");
1557 }
1558
1559 protected void setContainerResourcePermissions(
1560 long companyId, String name, String roleName, String actionId)
1561 throws PortalException, SystemException {
1562
1563 ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1564 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1565
1566 if (resourceCode == null) {
1567 return;
1568 }
1569
1570 long classNameId = 0;
1571
1572 Role role = rolePersistence.findByC_N(companyId, roleName);
1573
1574 if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
1575 classNameId = PortalUtil.getClassNameId(Organization.class);
1576 }
1577 else if (role.getType() == RoleConstants.TYPE_SITE) {
1578 classNameId = PortalUtil.getClassNameId(Group.class);
1579 }
1580
1581 List<Resource> resources = resourceFinder.findByContainerResource(
1582 resourceCode.getCodeId(), classNameId);
1583
1584 if (resources.isEmpty()) {
1585 return;
1586 }
1587
1588 List<Permission> permissions = new ArrayList<Permission>(
1589 resources.size());
1590
1591 for (Resource resource : resources) {
1592 Permission permission = permissionPersistence.fetchByA_R(
1593 actionId, resource.getResourceId());
1594
1595 if (permission == null) {
1596 long permissionId = counterLocalService.increment(
1597 Permission.class.getName());
1598
1599 permission = permissionPersistence.create(permissionId);
1600
1601 permission.setCompanyId(companyId);
1602 permission.setActionId(actionId);
1603 permission.setResourceId(resource.getResourceId());
1604
1605 permissionPersistence.update(permission, false);
1606 }
1607
1608 permissions.add(permission);
1609 }
1610
1611 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1612 !roleName.equals(RoleConstants.GUEST)) {
1613
1614 rolePersistence.addPermissions(role.getRoleId(), permissions);
1615 }
1616 else {
1617 long defaultUserId = userLocalService.getDefaultUserId(companyId);
1618
1619 userPersistence.addPermissions(defaultUserId, permissions);
1620 }
1621 }
1622
1623 private static Log _log = LogFactoryUtil.getLog(
1624 PermissionLocalServiceImpl.class);
1625
1626 }