001
014
015 package com.liferay.portal.upgrade.v6_1_0;
016
017 import com.liferay.portal.kernel.dao.jdbc.DataAccess;
018 import com.liferay.portal.kernel.upgrade.UpgradeProcess;
019 import com.liferay.portal.kernel.util.ArrayUtil;
020 import com.liferay.portal.kernel.util.StringBundler;
021 import com.liferay.portal.model.GroupConstants;
022 import com.liferay.portal.model.ResourceConstants;
023 import com.liferay.portal.model.ResourcePermission;
024 import com.liferay.portal.security.permission.ActionKeys;
025 import com.liferay.portal.util.PortalInstances;
026 import com.liferay.portal.util.PortletKeys;
027 import com.liferay.portal.util.PropsValues;
028
029 import java.sql.Connection;
030 import java.sql.PreparedStatement;
031 import java.sql.ResultSet;
032
033 import java.util.ArrayList;
034 import java.util.List;
035
036
039 public class UpgradeAdminPortlets extends UpgradeProcess {
040
041 protected void addResource(long resourceId, long codeId, String primKey)
042 throws Exception {
043
044 Connection con = null;
045 PreparedStatement ps = null;
046
047 try {
048 con = DataAccess.getUpgradeOptimizedConnection();
049
050 ps = con.prepareStatement(
051 "insert into Resource_ (resourceId, codeId, primKey) values " +
052 "(?, ?, ?)");
053
054 ps.setLong(1, resourceId);
055 ps.setLong(2, codeId);
056 ps.setString(3, primKey);
057
058 ps.executeUpdate();
059 }
060 finally {
061 DataAccess.cleanUp(con, ps);
062 }
063 }
064
065 protected long[] addResourceIds(long companyId, String name)
066 throws Exception {
067
068 long[] resourceIds = new long[2];
069
070
071
072 long codeId = increment();
073
074 runSQL(
075 "insert into ResourceCode (codeId, companyId, name, scope) values" +
076 " (" + codeId + ", " + companyId + ", '" + name + "', " +
077 ResourceConstants.SCOPE_COMPANY + ")");
078
079 long resourceId = increment();
080
081 addResource(resourceId, codeId, String.valueOf(companyId));
082
083 resourceIds[0] = resourceId;
084
085
086
087 codeId = increment();
088
089 runSQL(
090 "insert into ResourceCode (codeId, companyId, name, scope) values" +
091 " (" + codeId + ", " + companyId + ", '" + name + "', " +
092 ResourceConstants.SCOPE_INDIVIDUAL + ")");
093
094 resourceId = increment();
095
096 long controlPanelGroupId = getControlPanelGroupId();
097
098 addResource(resourceId, codeId, String.valueOf(controlPanelGroupId));
099
100 resourceIds[1] = resourceId;
101
102 return resourceIds;
103 }
104
105 protected void addResourcePermission(
106 long resourcePermissionId, long companyId, String name, int scope,
107 String primKey, long roleId, long actionIds)
108 throws Exception {
109
110 Connection con = null;
111 PreparedStatement ps = null;
112
113 try {
114 con = DataAccess.getUpgradeOptimizedConnection();
115
116 ps = con.prepareStatement(
117 "insert into ResourcePermission (resourcePermissionId, " +
118 "companyId, name, scope, primKey, roleId, actionIds) " +
119 "values (?, ?, ?, ?, ?, ?, ?)");
120
121 ps.setLong(1, resourcePermissionId);
122 ps.setLong(2, companyId);
123 ps.setString(3, name);
124 ps.setInt(4, scope);
125 ps.setString(5, primKey);
126 ps.setLong(6, roleId);
127 ps.setLong(7, actionIds);
128
129 ps.executeUpdate();
130 }
131 finally {
132 DataAccess.cleanUp(con, ps);
133 }
134 }
135
136 @Override
137 protected void doUpgrade() throws Exception {
138 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
139 updateAccessInControlPanelPermission_5(
140 PortletKeys.BLOGS, PortletKeys.BLOGS_ADMIN);
141
142 updateAccessInControlPanelPermission_5(
143 PortletKeys.MESSAGE_BOARDS, PortletKeys.MESSAGE_BOARDS_ADMIN);
144 }
145 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
146 updateAccessInControlPanelPermission_6(
147 PortletKeys.BLOGS, PortletKeys.BLOGS_ADMIN);
148
149 updateAccessInControlPanelPermission_6(
150 PortletKeys.MESSAGE_BOARDS, PortletKeys.MESSAGE_BOARDS_ADMIN);
151 }
152 }
153
154 protected long getBitwiseValue(String name, String actionId)
155 throws Exception {
156
157 Connection con = null;
158 PreparedStatement ps = null;
159 ResultSet rs = null;
160
161 try {
162 con = DataAccess.getUpgradeOptimizedConnection();
163
164 ps = con.prepareStatement(
165 "select bitwiseValue from ResourceAction where name = ? and " +
166 "actionId = ?");
167
168 ps.setString(1, name);
169 ps.setString(2, actionId);
170
171 rs = ps.executeQuery();
172
173 if (rs.next()) {
174 return rs.getLong("bitwiseValue");
175 }
176
177 return 0;
178 }
179 finally {
180 DataAccess.cleanUp(con, ps, rs);
181 }
182 }
183
184 protected long getControlPanelGroupId() throws Exception {
185 Connection con = null;
186 PreparedStatement ps = null;
187 ResultSet rs = null;
188
189 try {
190 con = DataAccess.getUpgradeOptimizedConnection();
191
192 ps = con.prepareStatement(
193 "select groupId from Group_ where name = '" +
194 GroupConstants.CONTROL_PANEL + "'");
195
196 rs = ps.executeQuery();
197
198 if (rs.next()) {
199 return rs.getLong("groupId");
200 }
201
202 return 0;
203 }
204 finally {
205 DataAccess.cleanUp(con, ps, rs);
206 }
207 }
208
209 protected long[] getOldResourceIds(String name) throws Exception {
210 Connection con = null;
211 PreparedStatement ps = null;
212 ResultSet rs = null;
213
214 try {
215 con = DataAccess.getUpgradeOptimizedConnection();
216
217 StringBundler sb = new StringBundler(8);
218
219 sb.append("select Permission_.resourceId from Permission_ ");
220 sb.append("inner join Resource_ on Permission_.resourceId = ");
221 sb.append("Resource_.resourceId and Permission_.actionId = ");
222 sb.append("'ACCESS_IN_CONTROL_PANEL' inner join ResourceCode on ");
223 sb.append("ResourceCode.codeId = Resource_.codeId and ");
224 sb.append("ResourceCode.name = '");
225 sb.append(name);
226 sb.append("'");
227
228 String sql = sb.toString();
229
230 ps = con.prepareStatement(sql);
231
232 rs = ps.executeQuery();
233
234 List<Long> resourceIds = new ArrayList<Long>();
235
236 while (rs.next()) {
237 long resourceId = rs.getLong("resourceId");
238
239 resourceIds.add(resourceId);
240 }
241
242 return ArrayUtil.toArray(
243 resourceIds.toArray(new Long[resourceIds.size()]));
244 }
245 finally {
246 DataAccess.cleanUp(con, ps, rs);
247 }
248 }
249
250 protected void updateAccessInControlPanelPermission_5(
251 String portletFrom, String portletTo)
252 throws Exception {
253
254 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
255
256 if (companyIds.length == 0) {
257 return;
258 }
259
260 for (long companyId : companyIds) {
261 long[] newResourceIds = addResourceIds(companyId, portletTo);
262 long[] oldResourceIds = getOldResourceIds(portletFrom);
263
264 updatePermission(oldResourceIds, newResourceIds);
265 }
266 }
267
268 protected void updateAccessInControlPanelPermission_6(
269 String portletFrom, String portletTo)
270 throws Exception {
271
272 long bitwiseValue = getBitwiseValue(
273 portletFrom, ActionKeys.ACCESS_IN_CONTROL_PANEL);
274
275 Connection con = null;
276 PreparedStatement ps = null;
277 ResultSet rs = null;
278
279 try {
280 con = DataAccess.getUpgradeOptimizedConnection();
281
282 ps = con.prepareStatement(
283 "select * from ResourcePermission where name = ?");
284
285 ps.setString(1, portletFrom);
286
287 rs = ps.executeQuery();
288
289 while (rs.next()) {
290 long resourcePermissionId = rs.getLong("resourcePermissionId");
291 long actionIds = rs.getLong("actionIds");
292
293 if ((actionIds & bitwiseValue) != 0) {
294 actionIds = actionIds & (~bitwiseValue);
295
296 runSQL(
297 "update ResourcePermission set actionIds = " +
298 actionIds + " where resourcePermissionId = " +
299 resourcePermissionId);
300
301 resourcePermissionId = increment(
302 ResourcePermission.class.getName());
303
304 long companyId = rs.getLong("companyId");
305 int scope = rs.getInt("scope");
306 String primKey = rs.getString("primKey");
307 long roleId = rs.getLong("roleId");
308
309 actionIds = rs.getLong("actionIds");
310
311 actionIds |= bitwiseValue;
312
313 addResourcePermission(
314 resourcePermissionId, companyId, portletTo, scope,
315 primKey, roleId, actionIds);
316 }
317 }
318 }
319 finally {
320 DataAccess.cleanUp(con, ps, rs);
321 }
322 }
323
324 protected void updatePermission(
325 long[] oldResourceIds, long[] newResourceIds)
326 throws Exception {
327
328 for (int i = 0; i < newResourceIds.length; i++) {
329 try {
330 long newResourceId = newResourceIds[i];
331 long oldResourceId = oldResourceIds[i];
332
333 runSQL(
334 "update Permission_ set resourceId = " + newResourceId +
335 " where actionId = 'ACCESS_IN_CONTROL_PANEL' and " +
336 "resourceId = " + oldResourceId);
337 }
338 catch (ArrayIndexOutOfBoundsException aioobe) {
339 return;
340 }
341 }
342 }
343
344 }