001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
018 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
019 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.model.Group;
024 import com.liferay.portal.model.Layout;
025 import com.liferay.portal.model.Organization;
026 import com.liferay.portal.model.ResourcePermission;
027 import com.liferay.portal.model.Role;
028 import com.liferay.portal.model.RoleConstants;
029 import com.liferay.portal.security.permission.ActionKeys;
030 import com.liferay.portal.security.permission.PermissionCacheUtil;
031 import com.liferay.portal.security.permission.ResourceActionsUtil;
032 import com.liferay.portal.service.LayoutLocalServiceUtil;
033 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
034 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
035 import com.liferay.portal.service.RoleLocalServiceUtil;
036 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
037 import com.liferay.portal.util.PortalInstances;
038
039 import java.util.List;
040
041
047 public class VerifyPermission extends VerifyProcess {
048
049 protected void checkPermissions() throws Exception {
050 List<String> modelNames = ResourceActionsUtil.getModelNames();
051
052 for (String modelName : modelNames) {
053 List<String> actionIds =
054 ResourceActionsUtil.getModelResourceActions(modelName);
055
056 ResourceActionLocalServiceUtil.checkResourceActions(
057 modelName, actionIds, true);
058 }
059 }
060
061 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
062 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
063
064 for (long companyId : companyIds) {
065 try {
066 deleteDefaultPrivateLayoutPermissions_6(companyId);
067 }
068 catch (Exception e) {
069 if (_log.isDebugEnabled()) {
070 _log.debug(e, e);
071 }
072 }
073 }
074 }
075
076 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
077 throws Exception {
078
079 Role role = RoleLocalServiceUtil.getRole(
080 companyId, RoleConstants.GUEST);
081
082 List<ResourcePermission> resourcePermissions =
083 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
084 role.getRoleId());
085
086 for (ResourcePermission resourcePermission : resourcePermissions) {
087 if (isPrivateLayout(
088 resourcePermission.getName(),
089 resourcePermission.getPrimKey())) {
090
091 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
092 resourcePermission.getResourcePermissionId());
093 }
094 }
095 }
096
097 @Override
098 protected void doVerify() throws Exception {
099 deleteDefaultPrivateLayoutPermissions();
100
101 checkPermissions();
102 fixOrganizationRolePermissions();
103 }
104
105 protected void fixOrganizationRolePermissions() throws Exception {
106 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
107 ResourcePermission.class);
108
109 dynamicQuery.add(
110 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
111
112 List<ResourcePermission> resourcePermissions =
113 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
114
115 for (ResourcePermission resourcePermission : resourcePermissions) {
116 ResourcePermission groupResourcePermission = null;
117
118 try {
119 groupResourcePermission =
120 ResourcePermissionLocalServiceUtil.getResourcePermission(
121 resourcePermission.getCompanyId(),
122 Group.class.getName(), resourcePermission.getScope(),
123 resourcePermission.getPrimKey(),
124 resourcePermission.getRoleId());
125 }
126 catch (Exception e) {
127 ResourcePermissionLocalServiceUtil.setResourcePermissions(
128 resourcePermission.getCompanyId(), Group.class.getName(),
129 resourcePermission.getScope(),
130 resourcePermission.getPrimKey(),
131 resourcePermission.getRoleId(),
132 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
133
134 groupResourcePermission =
135 ResourcePermissionLocalServiceUtil.getResourcePermission(
136 resourcePermission.getCompanyId(),
137 Group.class.getName(), resourcePermission.getScope(),
138 resourcePermission.getPrimKey(),
139 resourcePermission.getRoleId());
140 }
141
142 long organizationActions = resourcePermission.getActionIds();
143 long groupActions = groupResourcePermission.getActionIds();
144
145 for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
146 long organizationActionMask = (Long)actionIdToMask[1];
147 long groupActionMask = (Long)actionIdToMask[2];
148
149 if ((organizationActions & organizationActionMask) ==
150 organizationActionMask) {
151
152 organizationActions =
153 organizationActions & (~organizationActionMask);
154 groupActions = groupActions | groupActionMask;
155 }
156 }
157
158 try {
159 resourcePermission.resetOriginalValues();
160
161 resourcePermission.setActionIds(organizationActions);
162
163 ResourcePermissionLocalServiceUtil.updateResourcePermission(
164 resourcePermission);
165
166 groupResourcePermission.resetOriginalValues();
167 groupResourcePermission.setActionIds(groupActions);
168
169 ResourcePermissionLocalServiceUtil.updateResourcePermission(
170 groupResourcePermission);
171 }
172 catch (Exception e) {
173 _log.error(e, e);
174 }
175 }
176
177 PermissionCacheUtil.clearCache();
178 }
179
180 protected boolean isPrivateLayout(String name, String primKey)
181 throws Exception {
182
183 if (!name.equals(Layout.class.getName())) {
184 return false;
185 }
186
187 long plid = GetterUtil.getLong(primKey);
188
189 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
190
191 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
192 return false;
193 }
194
195 return true;
196 }
197
198 private static final Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS =
199 new Object[][] {
200 new Object[] {"APPROVE_PROPOSAL", 2L, 0L},
201 new Object[] {ActionKeys.ASSIGN_MEMBERS, 4L, 4L},
202 new Object[] {"ASSIGN_REVIEWER", 8L, 0L},
203 new Object[] {ActionKeys.MANAGE_ARCHIVED_SETUPS, 128L, 128L},
204 new Object[] {ActionKeys.MANAGE_LAYOUTS, 256L, 256L},
205 new Object[] {ActionKeys.MANAGE_STAGING, 512L, 512L},
206 new Object[] {ActionKeys.MANAGE_TEAMS, 2048L, 1024L},
207 new Object[] {ActionKeys.PUBLISH_STAGING, 16384L, 4096L}
208 };
209
210 private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
211
212 }