001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.RequiredUserException;
018    import com.liferay.portal.ReservedUserEmailAddressException;
019    import com.liferay.portal.UserEmailAddressException;
020    import com.liferay.portal.UserScreenNameException;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.kernel.exception.SystemException;
023    import com.liferay.portal.kernel.search.Indexer;
024    import com.liferay.portal.kernel.search.IndexerRegistryUtil;
025    import com.liferay.portal.kernel.util.ArrayUtil;
026    import com.liferay.portal.kernel.util.ParamUtil;
027    import com.liferay.portal.kernel.workflow.WorkflowConstants;
028    import com.liferay.portal.kernel.workflow.WorkflowThreadLocal;
029    import com.liferay.portal.model.Address;
030    import com.liferay.portal.model.Company;
031    import com.liferay.portal.model.CompanyConstants;
032    import com.liferay.portal.model.Contact;
033    import com.liferay.portal.model.EmailAddress;
034    import com.liferay.portal.model.Group;
035    import com.liferay.portal.model.GroupConstants;
036    import com.liferay.portal.model.Organization;
037    import com.liferay.portal.model.Phone;
038    import com.liferay.portal.model.Role;
039    import com.liferay.portal.model.User;
040    import com.liferay.portal.model.UserGroup;
041    import com.liferay.portal.model.UserGroupRole;
042    import com.liferay.portal.model.Website;
043    import com.liferay.portal.security.auth.PrincipalException;
044    import com.liferay.portal.security.permission.ActionKeys;
045    import com.liferay.portal.security.permission.PermissionChecker;
046    import com.liferay.portal.service.ServiceContext;
047    import com.liferay.portal.service.base.UserServiceBaseImpl;
048    import com.liferay.portal.service.permission.GroupPermissionUtil;
049    import com.liferay.portal.service.permission.OrganizationPermissionUtil;
050    import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
051    import com.liferay.portal.service.permission.PortalPermissionUtil;
052    import com.liferay.portal.service.permission.RolePermissionUtil;
053    import com.liferay.portal.service.permission.TeamPermissionUtil;
054    import com.liferay.portal.service.permission.UserGroupPermissionUtil;
055    import com.liferay.portal.service.permission.UserGroupRolePermissionUtil;
056    import com.liferay.portal.service.permission.UserPermissionUtil;
057    import com.liferay.portal.util.PropsValues;
058    import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
059    import com.liferay.portlet.usersadmin.util.UsersAdminUtil;
060    
061    import java.util.List;
062    import java.util.Locale;
063    
064    /**
065     * The implementation of the user remote service.
066     *
067     * @author Brian Wing Shun Chan
068     * @author Brian Myunghun Kim
069     * @author Scott Lee
070     * @author Jorge Ferrer
071     * @author Julio Camarero
072     */
073    public class UserServiceImpl extends UserServiceBaseImpl {
074    
075            /**
076             * Adds the users to the group.
077             *
078             * @param  groupId the primary key of the group
079             * @param  userIds the primary keys of the users
080             * @param  serviceContext the service context (optionally <code>null</code>)
081             * @throws PortalException if a group or user with the primary key could not
082             *         be found, or if the user did not have permission to assign group
083             *         members
084             * @throws SystemException if a system exception occurred
085             */
086            public void addGroupUsers(
087                            long groupId, long[] userIds, ServiceContext serviceContext)
088                    throws PortalException, SystemException {
089    
090                    try {
091                            GroupPermissionUtil.check(
092                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
093                    }
094                    catch (PrincipalException pe) {
095    
096                            // Allow any user to join open sites
097    
098                            boolean hasPermission = false;
099    
100                            if (userIds.length == 0) {
101                                    hasPermission = true;
102                            }
103                            else if (userIds.length == 1) {
104                                    User user = getUser();
105    
106                                    if (user.getUserId() == userIds[0]) {
107                                            Group group = groupPersistence.findByPrimaryKey(groupId);
108    
109                                            if (user.getCompanyId() == group.getCompanyId()) {
110                                                    int type = group.getType();
111    
112                                                    if (type == GroupConstants.TYPE_SITE_OPEN) {
113                                                            hasPermission = true;
114                                                    }
115                                            }
116                                    }
117                            }
118    
119                            if (!hasPermission) {
120                                    throw new PrincipalException();
121                            }
122                    }
123    
124                    userLocalService.addGroupUsers(groupId, userIds);
125            }
126    
127            /**
128             * Adds the users to the organization.
129             *
130             * @param  organizationId the primary key of the organization
131             * @param  userIds the primary keys of the users
132             * @throws PortalException if an organization or user with the primary key
133             *         could not be found, if the user did not have permission to assign
134             *         organization members, or if current user did not have an
135             *         organization in common with a given user
136             * @throws SystemException if a system exception occurred
137             */
138            public void addOrganizationUsers(long organizationId, long[] userIds)
139                    throws PortalException, SystemException {
140    
141                    OrganizationPermissionUtil.check(
142                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
143    
144                    validateOrganizationUsers(userIds);
145    
146                    userLocalService.addOrganizationUsers(organizationId, userIds);
147            }
148    
149            /**
150             * Assigns the password policy to the users, removing any other currently
151             * assigned password policies.
152             *
153             * @param  passwordPolicyId the primary key of the password policy
154             * @param  userIds the primary keys of the users
155             * @throws PortalException if the user did not have permission to assign
156             *         policy members
157             * @throws SystemException if a system exception occurred
158             */
159            public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
160                    throws PortalException, SystemException {
161    
162                    PasswordPolicyPermissionUtil.check(
163                            getPermissionChecker(), passwordPolicyId,
164                            ActionKeys.ASSIGN_MEMBERS);
165    
166                    userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
167            }
168    
169            /**
170             * Adds the users to the role.
171             *
172             * @param  roleId the primary key of the role
173             * @param  userIds the primary keys of the users
174             * @throws PortalException if a role or user with the primary key could not
175             *         be found or if the user did not have permission to assign role
176             *         members
177             * @throws SystemException if a system exception occurred
178             */
179            public void addRoleUsers(long roleId, long[] userIds)
180                    throws PortalException, SystemException {
181    
182                    RolePermissionUtil.check(
183                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
184    
185                    userLocalService.addRoleUsers(roleId, userIds);
186            }
187    
188            /**
189             * Adds the users to the team.
190             *
191             * @param  teamId the primary key of the team
192             * @param  userIds the primary keys of the users
193             * @throws PortalException if a team or user with the primary key could not
194             *         be found or if the user did not have permission to assign team
195             *         members
196             * @throws SystemException if a system exception occurred
197             */
198            public void addTeamUsers(long teamId, long[] userIds)
199                    throws PortalException, SystemException {
200    
201                    TeamPermissionUtil.check(
202                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
203    
204                    userLocalService.addTeamUsers(teamId, userIds);
205            }
206    
207            /**
208             * Adds a user.
209             *
210             * <p>
211             * This method handles the creation and bookkeeping of the user including
212             * its resources, metadata, and internal data structures. It is not
213             * necessary to make subsequent calls to any methods to setup default
214             * groups, resources, etc.
215             * </p>
216             *
217             * @param  companyId the primary key of the user's company
218             * @param  autoPassword whether a password should be automatically generated
219             *         for the user
220             * @param  password1 the user's password
221             * @param  password2 the user's password confirmation
222             * @param  autoScreenName whether a screen name should be automatically
223             *         generated for the user
224             * @param  screenName the user's screen name
225             * @param  emailAddress the user's email address
226             * @param  facebookId the user's facebook ID
227             * @param  openId the user's OpenID
228             * @param  locale the user's locale
229             * @param  firstName the user's first name
230             * @param  middleName the user's middle name
231             * @param  lastName the user's last name
232             * @param  prefixId the user's name prefix ID
233             * @param  suffixId the user's name suffix ID
234             * @param  male whether the user is male
235             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
236             *         January)
237             * @param  birthdayDay the user's birthday day
238             * @param  birthdayYear the user's birthday year
239             * @param  jobTitle the user's job title
240             * @param  groupIds the primary keys of the user's groups
241             * @param  organizationIds the primary keys of the user's organizations
242             * @param  roleIds the primary keys of the roles this user possesses
243             * @param  userGroupIds the primary keys of the user's user groups
244             * @param  sendEmail whether to send the user an email notification about
245             *         their new account
246             * @param  serviceContext the user's service context (optionally
247             *         <code>null</code>). Can set the universally unique identifier
248             *         (with the <code>uuid</code> attribute), asset category IDs, asset
249             *         tag names, and expando bridge attributes for the user.
250             * @return the new user
251             * @throws PortalException if the user's information was invalid, if the
252             *         creator did not have permission to add users, or if the email
253             *         address was reserved
254             * @throws SystemException if a system exception occurred
255             */
256            public User addUser(
257                            long companyId, boolean autoPassword, String password1,
258                            String password2, boolean autoScreenName, String screenName,
259                            String emailAddress, long facebookId, String openId, Locale locale,
260                            String firstName, String middleName, String lastName, int prefixId,
261                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
262                            int birthdayYear, String jobTitle, long[] groupIds,
263                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
264                            boolean sendEmail, ServiceContext serviceContext)
265                    throws PortalException, SystemException {
266    
267                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
268    
269                    try {
270                            WorkflowThreadLocal.setEnabled(false);
271    
272                            return addUserWithWorkflow(
273                                    companyId, autoPassword, password1, password2, autoScreenName,
274                                    screenName, emailAddress, facebookId, openId, locale, firstName,
275                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
276                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
277                                    roleIds, userGroupIds, sendEmail, serviceContext);
278                    }
279                    finally {
280                            WorkflowThreadLocal.setEnabled(workflowEnabled);
281                    }
282            }
283    
284            /**
285             * Adds a user with additional parameters.
286             *
287             * <p>
288             * This method handles the creation and bookkeeping of the user including
289             * its resources, metadata, and internal data structures. It is not
290             * necessary to make subsequent calls to any methods to setup default
291             * groups, resources, etc.
292             * </p>
293             *
294             * @param  companyId the primary key of the user's company
295             * @param  autoPassword whether a password should be automatically generated
296             *         for the user
297             * @param  password1 the user's password
298             * @param  password2 the user's password confirmation
299             * @param  autoScreenName whether a screen name should be automatically
300             *         generated for the user
301             * @param  screenName the user's screen name
302             * @param  emailAddress the user's email address
303             * @param  facebookId the user's facebook ID
304             * @param  openId the user's OpenID
305             * @param  locale the user's locale
306             * @param  firstName the user's first name
307             * @param  middleName the user's middle name
308             * @param  lastName the user's last name
309             * @param  prefixId the user's name prefix ID
310             * @param  suffixId the user's name suffix ID
311             * @param  male whether the user is male
312             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
313             *         January)
314             * @param  birthdayDay the user's birthday day
315             * @param  birthdayYear the user's birthday year
316             * @param  jobTitle the user's job title
317             * @param  groupIds the primary keys of the user's groups
318             * @param  organizationIds the primary keys of the user's organizations
319             * @param  roleIds the primary keys of the roles this user possesses
320             * @param  userGroupIds the primary keys of the user's user groups
321             * @param  addresses the user's addresses
322             * @param  emailAddresses the user's email addresses
323             * @param  phones the user's phone numbers
324             * @param  websites the user's websites
325             * @param  announcementsDelivers the announcements deliveries
326             * @param  sendEmail whether to send the user an email notification about
327             *         their new account
328             * @param  serviceContext the user's service context (optionally
329             *         <code>null</code>). Can set the universally unique identifier
330             *         (with the <code>uuid</code> attribute), asset category IDs, asset
331             *         tag names, and expando bridge attributes for the user.
332             * @return the new user
333             * @throws PortalException if the user's information was invalid, if the
334             *         creator did not have permission to add users, if the email
335             *         address was reserved, or some other portal exception occurred
336             * @throws SystemException if a system exception occurred
337             */
338            public User addUser(
339                            long companyId, boolean autoPassword, String password1,
340                            String password2, boolean autoScreenName, String screenName,
341                            String emailAddress, long facebookId, String openId, Locale locale,
342                            String firstName, String middleName, String lastName, int prefixId,
343                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
344                            int birthdayYear, String jobTitle, long[] groupIds,
345                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
346                            List<Address> addresses, List<EmailAddress> emailAddresses,
347                            List<Phone> phones, List<Website> websites,
348                            List<AnnouncementsDelivery> announcementsDelivers,
349                            boolean sendEmail, ServiceContext serviceContext)
350                    throws PortalException, SystemException {
351    
352                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
353    
354                    try {
355                            WorkflowThreadLocal.setEnabled(false);
356    
357                            return addUserWithWorkflow(
358                                    companyId, autoPassword, password1, password2, autoScreenName,
359                                    screenName, emailAddress, facebookId, openId, locale, firstName,
360                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
361                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
362                                    roleIds, userGroupIds, addresses, emailAddresses, phones,
363                                    websites, announcementsDelivers, sendEmail, serviceContext);
364                    }
365                    finally {
366                            WorkflowThreadLocal.setEnabled(workflowEnabled);
367                    }
368            }
369    
370            /**
371             * Adds the users to the user group.
372             *
373             * @param  userGroupId the primary key of the user group
374             * @param  userIds the primary keys of the users
375             * @throws PortalException if a user group or user with the primary could
376             *         could not be found, or if the current user did not have
377             *         permission to assign group members
378             * @throws SystemException if a system exception occurred
379             */
380            public void addUserGroupUsers(long userGroupId, long[] userIds)
381                    throws PortalException, SystemException {
382    
383                    UserGroupPermissionUtil.check(
384                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
385    
386                    userLocalService.addUserGroupUsers(userGroupId, userIds);
387            }
388    
389            /**
390             * Adds a user with workflow.
391             *
392             * <p>
393             * This method handles the creation and bookkeeping of the user including
394             * its resources, metadata, and internal data structures. It is not
395             * necessary to make subsequent calls to any methods to setup default
396             * groups, resources, etc.
397             * </p>
398             *
399             * @param  companyId the primary key of the user's company
400             * @param  autoPassword whether a password should be automatically generated
401             *         for the user
402             * @param  password1 the user's password
403             * @param  password2 the user's password confirmation
404             * @param  autoScreenName whether a screen name should be automatically
405             *         generated for the user
406             * @param  screenName the user's screen name
407             * @param  emailAddress the user's email address
408             * @param  facebookId the user's facebook ID
409             * @param  openId the user's OpenID
410             * @param  locale the user's locale
411             * @param  firstName the user's first name
412             * @param  middleName the user's middle name
413             * @param  lastName the user's last name
414             * @param  prefixId the user's name prefix ID
415             * @param  suffixId the user's name suffix ID
416             * @param  male whether the user is male
417             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
418             *         January)
419             * @param  birthdayDay the user's birthday day
420             * @param  birthdayYear the user's birthday year
421             * @param  jobTitle the user's job title
422             * @param  groupIds the primary keys of the user's groups
423             * @param  organizationIds the primary keys of the user's organizations
424             * @param  roleIds the primary keys of the roles this user possesses
425             * @param  userGroupIds the primary keys of the user's user groups
426             * @param  sendEmail whether to send the user an email notification about
427             *         their new account
428             * @param  serviceContext the user's service context (optionally
429             *         <code>null</code>). Can set the universally unique identifier
430             *         (with the <code>uuid</code> attribute), asset category IDs, asset
431             *         tag names, and expando bridge attributes for the user.
432             * @return the new user
433             * @throws PortalException if the user's information was invalid, if the
434             *         creator did not have permission to add users, or if the email
435             *         address was reserved
436             * @throws SystemException if a system exception occurred
437             */
438            public User addUserWithWorkflow(
439                            long companyId, boolean autoPassword, String password1,
440                            String password2, boolean autoScreenName, String screenName,
441                            String emailAddress, long facebookId, String openId, Locale locale,
442                            String firstName, String middleName, String lastName, int prefixId,
443                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
444                            int birthdayYear, String jobTitle, long[] groupIds,
445                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
446                            boolean sendEmail, ServiceContext serviceContext)
447                    throws PortalException, SystemException {
448    
449                    long creatorUserId = 0;
450    
451                    try {
452                            creatorUserId = getGuestOrUserId();
453                    }
454                    catch (PrincipalException pe) {
455                    }
456    
457                    checkAddUserPermission(
458                            creatorUserId, companyId, emailAddress, groupIds, organizationIds,
459                            roleIds, userGroupIds, serviceContext);
460    
461                    return userLocalService.addUserWithWorkflow(
462                            creatorUserId, companyId, autoPassword, password1, password2,
463                            autoScreenName, screenName, emailAddress, facebookId, openId,
464                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
465                            birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
466                            organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
467            }
468    
469            /**
470             * Adds a user with workflow and additional parameters.
471             *
472             * <p>
473             * This method handles the creation and bookkeeping of the user including
474             * its resources, metadata, and internal data structures. It is not
475             * necessary to make subsequent calls to any methods to setup default
476             * groups, resources, etc.
477             * </p>
478             *
479             * @param  companyId the primary key of the user's company
480             * @param  autoPassword whether a password should be automatically generated
481             *         for the user
482             * @param  password1 the user's password
483             * @param  password2 the user's password confirmation
484             * @param  autoScreenName whether a screen name should be automatically
485             *         generated for the user
486             * @param  screenName the user's screen name
487             * @param  emailAddress the user's email address
488             * @param  facebookId the user's facebook ID
489             * @param  openId the user's OpenID
490             * @param  locale the user's locale
491             * @param  firstName the user's first name
492             * @param  middleName the user's middle name
493             * @param  lastName the user's last name
494             * @param  prefixId the user's name prefix ID
495             * @param  suffixId the user's name suffix ID
496             * @param  male whether the user is male
497             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
498             *         January)
499             * @param  birthdayDay the user's birthday day
500             * @param  birthdayYear the user's birthday year
501             * @param  jobTitle the user's job title
502             * @param  groupIds the primary keys of the user's groups
503             * @param  organizationIds the primary keys of the user's organizations
504             * @param  roleIds the primary keys of the roles this user possesses
505             * @param  userGroupIds the primary keys of the user's user groups
506             * @param  addresses the user's addresses
507             * @param  emailAddresses the user's email addresses
508             * @param  phones the user's phone numbers
509             * @param  websites the user's websites
510             * @param  announcementsDelivers the announcements deliveries
511             * @param  sendEmail whether to send the user an email notification about
512             *         their new account
513             * @param  serviceContext the user's service context (optionally
514             *         <code>null</code>). Can set the universally unique identifier
515             *         (with the <code>uuid</code> attribute), asset category IDs, asset
516             *         tag names, and expando bridge attributes for the user.
517             * @return the new user
518             * @throws PortalException if the user's information was invalid, if the
519             *         creator did not have permission to add users, if the email
520             *         address was reserved, or some other portal exception occurred
521             * @throws SystemException if a system exception occurred
522             */
523            public User addUserWithWorkflow(
524                            long companyId, boolean autoPassword, String password1,
525                            String password2, boolean autoScreenName, String screenName,
526                            String emailAddress, long facebookId, String openId, Locale locale,
527                            String firstName, String middleName, String lastName, int prefixId,
528                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
529                            int birthdayYear, String jobTitle, long[] groupIds,
530                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
531                            List<Address> addresses, List<EmailAddress> emailAddresses,
532                            List<Phone> phones, List<Website> websites,
533                            List<AnnouncementsDelivery> announcementsDelivers,
534                            boolean sendEmail, ServiceContext serviceContext)
535                    throws PortalException, SystemException {
536    
537                    boolean indexingEnabled = serviceContext.isIndexingEnabled();
538    
539                    serviceContext.setIndexingEnabled(false);
540    
541                    try {
542                            User user = addUserWithWorkflow(
543                                    companyId, autoPassword, password1, password2, autoScreenName,
544                                    screenName, emailAddress, facebookId, openId, locale, firstName,
545                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
546                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
547                                    roleIds, userGroupIds, sendEmail, serviceContext);
548    
549                            UsersAdminUtil.updateAddresses(
550                                    Contact.class.getName(), user.getContactId(), addresses);
551    
552                            UsersAdminUtil.updateEmailAddresses(
553                                    Contact.class.getName(), user.getContactId(), emailAddresses);
554    
555                            UsersAdminUtil.updatePhones(
556                                    Contact.class.getName(), user.getContactId(), phones);
557    
558                            UsersAdminUtil.updateWebsites(
559                                    Contact.class.getName(), user.getContactId(), websites);
560    
561                            updateAnnouncementsDeliveries(
562                                    user.getUserId(), announcementsDelivers);
563    
564                            if (indexingEnabled) {
565                                    Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(
566                                            User.class);
567    
568                                    indexer.reindex(user);
569                            }
570    
571                            return user;
572                    }
573                    finally {
574                            serviceContext.setIndexingEnabled(indexingEnabled);
575                    }
576            }
577    
578            /**
579             * Deletes the user's portrait image.
580             *
581             * @param  userId the primary key of the user
582             * @throws PortalException if a user with the primary key could not be
583             *         found, if the user's portrait could not be found, or if the
584             *         current user did not have permission to update the user
585             * @throws SystemException if a system exception occurred
586             */
587            public void deletePortrait(long userId)
588                    throws PortalException, SystemException {
589    
590                    UserPermissionUtil.check(
591                            getPermissionChecker(), userId, ActionKeys.UPDATE);
592    
593                    userLocalService.deletePortrait(userId);
594            }
595    
596            /**
597             * Removes the user from the role.
598             *
599             * @param  roleId the primary key of the role
600             * @param  userId the primary key of the user
601             * @throws PortalException if a role or user with the primary key could not
602             *         be found, or if the current user did not have permission to
603             *         assign role members
604             * @throws SystemException if a system exception occurred
605             */
606            public void deleteRoleUser(long roleId, long userId)
607                    throws PortalException, SystemException {
608    
609                    RolePermissionUtil.check(
610                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
611    
612                    userLocalService.deleteRoleUser(roleId, userId);
613            }
614    
615            /**
616             * Deletes the user.
617             *
618             * @param  userId the primary key of the user
619             * @throws PortalException if a user with the primary key could not be found
620             *         or if the current user did not have permission to delete the user
621             * @throws SystemException if a system exception occurred
622             */
623            public void deleteUser(long userId)
624                    throws PortalException, SystemException {
625    
626                    if (getUserId() == userId) {
627                            throw new RequiredUserException();
628                    }
629    
630                    UserPermissionUtil.check(
631                            getPermissionChecker(), userId, ActionKeys.DELETE);
632    
633                    userLocalService.deleteUser(userId);
634            }
635    
636            public List<User> getCompanyUsers(long companyId, int start, int end)
637                    throws PortalException, SystemException {
638    
639                    PermissionChecker permissionChecker = getPermissionChecker();
640    
641                    if (!permissionChecker.isCompanyAdmin(companyId)) {
642                            throw new PrincipalException();
643                    }
644    
645                    return userPersistence.findByCompanyId(companyId, start, end);
646            }
647    
648            public int getCompanyUsersCount(long companyId)
649                    throws PortalException, SystemException {
650    
651                    PermissionChecker permissionChecker = getPermissionChecker();
652    
653                    if (!permissionChecker.isCompanyAdmin(companyId)) {
654                            throw new PrincipalException();
655                    }
656    
657                    return userPersistence.countByCompanyId(companyId);
658            }
659    
660            /**
661             * Returns the primary keys of all the users belonging to the group.
662             *
663             * @param  groupId the primary key of the group
664             * @return the primary keys of the users belonging to the group
665             * @throws PortalException if the current user did not have permission to
666             *         view group assignments
667             * @throws SystemException if a system exception occurred
668             */
669            public long[] getGroupUserIds(long groupId)
670                    throws PortalException, SystemException {
671    
672                    GroupPermissionUtil.check(
673                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
674    
675                    return userLocalService.getGroupUserIds(groupId);
676            }
677    
678            /**
679             * Returns all the users belonging to the group.
680             *
681             * @param  groupId the primary key of the group
682             * @return the users belonging to the group
683             * @throws PortalException if the current user did not have permission to
684             *         view group assignments
685             * @throws SystemException if a system exception occurred
686             */
687            public List<User> getGroupUsers(long groupId)
688                    throws PortalException, SystemException {
689    
690                    GroupPermissionUtil.check(
691                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
692    
693                    return userLocalService.getGroupUsers(groupId);
694            }
695    
696            /**
697             * Returns the primary keys of all the users belonging to the organization.
698             *
699             * @param  organizationId the primary key of the organization
700             * @return the primary keys of the users belonging to the organization
701             * @throws PortalException if the current user did not have permission to
702             *         view organization assignments
703             * @throws SystemException if a system exception occurred
704             */
705            public long[] getOrganizationUserIds(long organizationId)
706                    throws PortalException, SystemException {
707    
708                    OrganizationPermissionUtil.check(
709                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
710    
711                    return userLocalService.getOrganizationUserIds(organizationId);
712            }
713    
714            /**
715             * Returns all the users belonging to the organization.
716             *
717             * @param  organizationId the primary key of the organization
718             * @return users belonging to the organization
719             * @throws PortalException if the current user did not have permission to
720             *         view organization assignments
721             * @throws SystemException if a system exception occurred
722             */
723            public List<User> getOrganizationUsers(long organizationId)
724                    throws PortalException, SystemException {
725    
726                    OrganizationPermissionUtil.check(
727                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
728    
729                    return userLocalService.getOrganizationUsers(organizationId);
730            }
731    
732            /**
733             * Returns the primary keys of all the users belonging to the role.
734             *
735             * @param  roleId the primary key of the role
736             * @return the primary keys of the users belonging to the role
737             * @throws PortalException if the current user did not have permission to
738             *         view role members
739             * @throws SystemException if a system exception occurred
740             */
741            public long[] getRoleUserIds(long roleId) throws
742                    PortalException, SystemException {
743    
744                    RolePermissionUtil.check(
745                            getPermissionChecker(), roleId, ActionKeys.VIEW);
746    
747                    return userLocalService.getRoleUserIds(roleId);
748            }
749    
750            /**
751             * Returns the user with the email address.
752             *
753             * @param  companyId the primary key of the user's company
754             * @param  emailAddress the user's email address
755             * @return the user with the email address
756             * @throws PortalException if a user with the email address could not be
757             *         found or if the current user did not have permission to view the
758             *         user
759             * @throws SystemException if a system exception occurred
760             */
761            public User getUserByEmailAddress(long companyId, String emailAddress)
762                    throws PortalException, SystemException {
763    
764                    User user = userLocalService.getUserByEmailAddress(
765                            companyId, emailAddress);
766    
767                    UserPermissionUtil.check(
768                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
769    
770                    return user;
771            }
772    
773            /**
774             * Returns the user with the primary key.
775             *
776             * @param  userId the primary key of the user
777             * @return the user with the primary key
778             * @throws PortalException if a user with the primary key could not be found
779             *         or if the current user did not have permission to view the user
780             * @throws SystemException if a system exception occurred
781             */
782            public User getUserById(long userId)
783                    throws PortalException, SystemException {
784    
785                    User user = userPersistence.findByPrimaryKey(userId);
786    
787                    UserPermissionUtil.check(
788                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
789    
790                    return user;
791            }
792    
793            /**
794             * Returns the user with the screen name.
795             *
796             * @param  companyId the primary key of the user's company
797             * @param  screenName the user's screen name
798             * @return the user with the screen name
799             * @throws PortalException if a user with the screen name could not be found
800             *         or if the current user did not have permission to view the user
801             * @throws SystemException if a system exception occurred
802             */
803            public User getUserByScreenName(long companyId, String screenName)
804                    throws PortalException, SystemException {
805    
806                    User user = userLocalService.getUserByScreenName(companyId, screenName);
807    
808                    UserPermissionUtil.check(
809                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
810    
811                    return user;
812            }
813    
814            public List<User> getUserGroupUsers(long userGroupId)
815                    throws PortalException, SystemException {
816    
817                    UserGroupPermissionUtil.check(
818                            getPermissionChecker(), userGroupId, ActionKeys.VIEW_MEMBERS);
819    
820                    return userGroupPersistence.getUsers(userGroupId);
821            }
822    
823            /**
824             * Returns the primary key of the user with the email address.
825             *
826             * @param  companyId the primary key of the user's company
827             * @param  emailAddress the user's email address
828             * @return the primary key of the user with the email address
829             * @throws PortalException if a user with the email address could not be
830             *         found
831             * @throws SystemException if a system exception occurred
832             */
833            public long getUserIdByEmailAddress(long companyId, String emailAddress)
834                    throws PortalException, SystemException {
835    
836                    User user = getUserByEmailAddress(companyId, emailAddress);
837    
838                    UserPermissionUtil.check(
839                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
840    
841                    return user.getUserId();
842            }
843    
844            /**
845             * Returns the primary key of the user with the screen name.
846             *
847             * @param  companyId the primary key of the user's company
848             * @param  screenName the user's screen name
849             * @return the primary key of the user with the screen name
850             * @throws PortalException if a user with the screen name could not be found
851             * @throws SystemException if a system exception occurred
852             */
853            public long getUserIdByScreenName(long companyId, String screenName)
854                    throws PortalException, SystemException {
855    
856                    User user = getUserByScreenName(companyId, screenName);
857    
858                    UserPermissionUtil.check(
859                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
860    
861                    return user.getUserId();
862            }
863    
864            /**
865             * Returns <code>true</code> if the user is a member of the group.
866             *
867             * @param  groupId the primary key of the group
868             * @param  userId the primary key of the user
869             * @return <code>true</code> if the user is a member of the group;
870             *         <code>false</code> otherwise
871             * @throws PortalException if the current user did not have permission to
872             *         view the user or group members
873             * @throws SystemException if a system exception occurred
874             */
875            public boolean hasGroupUser(long groupId, long userId)
876                    throws PortalException, SystemException {
877    
878                    try {
879                            UserPermissionUtil.check(
880                                    getPermissionChecker(), userId, ActionKeys.VIEW);
881                    }
882                    catch (PrincipalException e) {
883                            GroupPermissionUtil.check(
884                                    getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
885                    }
886    
887                    return userLocalService.hasGroupUser(groupId, userId);
888            }
889    
890            /**
891             * Returns <code>true</code> if the user is a member of the role.
892             *
893             * @param  roleId the primary key of the role
894             * @param  userId the primary key of the user
895             * @return <code>true</code> if the user is a member of the role;
896             *         <code>false</code> otherwise
897             * @throws PortalException if the current user did not have permission to
898             *         view the user or role members
899             * @throws SystemException if a system exception occurred
900             */
901            public boolean hasRoleUser(long roleId, long userId)
902                    throws PortalException, SystemException {
903    
904                    try {
905                            UserPermissionUtil.check(
906                                    getPermissionChecker(), userId, ActionKeys.VIEW);
907                    }
908                    catch (PrincipalException e) {
909                            RolePermissionUtil.check(
910                                    getPermissionChecker(), roleId, ActionKeys.VIEW_MEMBERS);
911                    }
912    
913                    return userLocalService.hasRoleUser(roleId, userId);
914            }
915    
916            /**
917             * Returns <code>true</code> if the user has the role with the name,
918             * optionally through inheritance.
919             *
920             * @param  companyId the primary key of the role's company
921             * @param  name the name of the role (must be a regular role, not an
922             *         organization, site or provider role)
923             * @param  userId the primary key of the user
924             * @param  inherited whether to include roles inherited from organizations,
925             *         sites, etc.
926             * @return <code>true</code> if the user has the role; <code>false</code>
927             *         otherwise
928             * @throws PortalException if a role with the name could not be found
929             * @throws SystemException if a system exception occurred
930             */
931            public boolean hasRoleUser(
932                            long companyId, String name, long userId, boolean inherited)
933                    throws PortalException, SystemException {
934    
935                    try {
936                            UserPermissionUtil.check(
937                                    getPermissionChecker(), userId, ActionKeys.VIEW);
938                    }
939                    catch (PrincipalException e) {
940                            Role role = roleLocalService.getRole(companyId, name);
941    
942                            RolePermissionUtil.check(
943                                    getPermissionChecker(), role.getRoleId(),
944                                    ActionKeys.VIEW_MEMBERS);
945                    }
946    
947                    return userLocalService.hasRoleUser(companyId, name, userId, inherited);
948            }
949    
950            /**
951             * Sets the users in the role, removing and adding users to the role as
952             * necessary.
953             *
954             * @param  roleId the primary key of the role
955             * @param  userIds the primary keys of the users
956             * @throws PortalException if the current user did not have permission to
957             *         assign role members
958             * @throws SystemException if a system exception occurred
959             */
960            public void setRoleUsers(long roleId, long[] userIds)
961                    throws PortalException, SystemException {
962    
963                    RolePermissionUtil.check(
964                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
965    
966                    userLocalService.setRoleUsers(roleId, userIds);
967            }
968    
969            /**
970             * Sets the users in the user group, removing and adding users to the user
971             * group as necessary.
972             *
973             * @param  userGroupId the primary key of the user group
974             * @param  userIds the primary keys of the users
975             * @throws PortalException if the current user did not have permission to
976             *         assign group members
977             * @throws SystemException if a system exception occurred
978             */
979            public void setUserGroupUsers(long userGroupId, long[] userIds)
980                    throws PortalException, SystemException {
981    
982                    UserGroupPermissionUtil.check(
983                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
984    
985                    userLocalService.setUserGroupUsers(userGroupId, userIds);
986            }
987    
988            /**
989             * Removes the users from the teams of a group.
990             *
991             * @param  groupId the primary key of the group
992             * @param  userIds the primary keys of the users
993             * @throws PortalException if the current user did not have permission to
994             *         modify user group assignments
995             * @throws SystemException if a system exception occurred
996             */
997            public void unsetGroupTeamsUsers(long groupId, long[] userIds)
998                    throws PortalException, SystemException {
999    
1000                    UserGroupPermissionUtil.check(
1001                            getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1002    
1003                    userLocalService.unsetGroupTeamsUsers(groupId, userIds);
1004            }
1005    
1006            /**
1007             * Removes the users from the group.
1008             *
1009             * @param  groupId the primary key of the group
1010             * @param  userIds the primary keys of the users
1011             * @param  serviceContext the service context (optionally <code>null</code>)
1012             * @throws PortalException if the current user did not have permission to
1013             *         modify group assignments
1014             * @throws SystemException if a system exception occurred
1015             */
1016            public void unsetGroupUsers(
1017                            long groupId, long[] userIds, ServiceContext serviceContext)
1018                    throws PortalException, SystemException {
1019    
1020                    try {
1021                            GroupPermissionUtil.check(
1022                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1023                    }
1024                    catch (PrincipalException pe) {
1025    
1026                            // Allow any user to leave open and restricted sites
1027    
1028                            boolean hasPermission = false;
1029    
1030                            if (userIds.length == 0) {
1031                                    hasPermission = true;
1032                            }
1033                            else if (userIds.length == 1) {
1034                                    User user = getUser();
1035    
1036                                    if (user.getUserId() == userIds[0]) {
1037                                            Group group = groupPersistence.findByPrimaryKey(groupId);
1038    
1039                                            if (user.getCompanyId() == group.getCompanyId()) {
1040                                                    int type = group.getType();
1041    
1042                                                    if ((type == GroupConstants.TYPE_SITE_OPEN) ||
1043                                                            (type == GroupConstants.TYPE_SITE_RESTRICTED)) {
1044    
1045                                                            hasPermission = true;
1046                                                    }
1047                                            }
1048                                    }
1049                            }
1050    
1051                            if (!hasPermission) {
1052                                    throw new PrincipalException();
1053                            }
1054                    }
1055    
1056                    userLocalService.unsetGroupUsers(groupId, userIds, serviceContext);
1057            }
1058    
1059            /**
1060             * Removes the users from the organization.
1061             *
1062             * @param  organizationId the primary key of the organization
1063             * @param  userIds the primary keys of the users
1064             * @throws PortalException if the current user did not have permission to
1065             *         modify organization assignments
1066             * @throws SystemException if a system exception occurred
1067             */
1068            public void unsetOrganizationUsers(long organizationId, long[] userIds)
1069                    throws PortalException, SystemException {
1070    
1071                    OrganizationPermissionUtil.check(
1072                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
1073    
1074                    userLocalService.unsetOrganizationUsers(organizationId, userIds);
1075            }
1076    
1077            /**
1078             * Removes the users from the password policy.
1079             *
1080             * @param  passwordPolicyId the primary key of the password policy
1081             * @param  userIds the primary keys of the users
1082             * @throws PortalException if the current user did not have permission to
1083             *         modify policy assignments
1084             * @throws SystemException if a system exception occurred
1085             */
1086            public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
1087                    throws PortalException, SystemException {
1088    
1089                    PasswordPolicyPermissionUtil.check(
1090                            getPermissionChecker(), passwordPolicyId,
1091                            ActionKeys.ASSIGN_MEMBERS);
1092    
1093                    userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
1094            }
1095    
1096            /**
1097             * Removes the users from the role.
1098             *
1099             * @param  roleId the primary key of the role
1100             * @param  userIds the primary keys of the users
1101             * @throws PortalException if the current user did not have permission to
1102             *         modify role assignments
1103             * @throws SystemException if a system exception occurred
1104             */
1105            public void unsetRoleUsers(long roleId, long[] userIds)
1106                    throws PortalException, SystemException {
1107    
1108                    RolePermissionUtil.check(
1109                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
1110    
1111                    userLocalService.unsetRoleUsers(roleId, userIds);
1112            }
1113    
1114            /**
1115             * Removes the users from the team.
1116             *
1117             * @param  teamId the primary key of the team
1118             * @param  userIds the primary keys of the users
1119             * @throws PortalException if the current user did not have permission to
1120             *         modify team assignments
1121             * @throws SystemException if a system exception occurred
1122             */
1123            public void unsetTeamUsers(long teamId, long[] userIds)
1124                    throws PortalException, SystemException {
1125    
1126                    TeamPermissionUtil.check(
1127                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
1128    
1129                    userLocalService.unsetTeamUsers(teamId, userIds);
1130            }
1131    
1132            /**
1133             * Removes the users from the user group.
1134             *
1135             * @param  userGroupId the primary key of the user group
1136             * @param  userIds the primary keys of the users
1137             * @throws PortalException if the current user did not have permission to
1138             *         modify user group assignments
1139             * @throws SystemException if a system exception occurred
1140             */
1141            public void unsetUserGroupUsers(long userGroupId, long[] userIds)
1142                    throws PortalException, SystemException {
1143    
1144                    UserGroupPermissionUtil.check(
1145                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
1146    
1147                    userLocalService.unsetUserGroupUsers(userGroupId, userIds);
1148            }
1149    
1150            /**
1151             * Updates the user's response to the terms of use agreement.
1152             *
1153             * @param  userId the primary key of the user
1154             * @param  agreedToTermsOfUse whether the user has agree to the terms of use
1155             * @return the user
1156             * @throws PortalException if the current user did not have permission to
1157             *         update the user's agreement to terms-of-use
1158             * @throws SystemException if a system exception occurred
1159             */
1160            public User updateAgreedToTermsOfUse(
1161                            long userId, boolean agreedToTermsOfUse)
1162                    throws PortalException, SystemException {
1163    
1164                    UserPermissionUtil.check(
1165                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1166    
1167                    return userLocalService.updateAgreedToTermsOfUse(
1168                            userId, agreedToTermsOfUse);
1169            }
1170    
1171            /**
1172             * Updates the user's email address.
1173             *
1174             * @param  userId the primary key of the user
1175             * @param  password the user's password
1176             * @param  emailAddress1 the user's new email address
1177             * @param  emailAddress2 the user's new email address confirmation
1178             * @param  serviceContext the service context. Must set the portal URL, main
1179             *         path, primary key of the layout, remote address, remote host, and
1180             *         agent for the user.
1181             * @return the user
1182             * @throws PortalException if a user with the primary key could not be found
1183             *         or if the current user did not have permission to update the user
1184             * @throws SystemException if a system exception occurred
1185             */
1186            public User updateEmailAddress(
1187                            long userId, String password, String emailAddress1,
1188                            String emailAddress2, ServiceContext serviceContext)
1189                    throws PortalException, SystemException {
1190    
1191                    UserPermissionUtil.check(
1192                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1193    
1194                    return userLocalService.updateEmailAddress(
1195                            userId, password, emailAddress1, emailAddress2, serviceContext);
1196            }
1197    
1198            /**
1199             * Updates a user account that was automatically created when a guest user
1200             * participated in an action (e.g. posting a comment) and only provided his
1201             * name and email address.
1202             *
1203             * @param  companyId the primary key of the user's company
1204             * @param  autoPassword whether a password should be automatically generated
1205             *         for the user
1206             * @param  password1 the user's password
1207             * @param  password2 the user's password confirmation
1208             * @param  autoScreenName whether a screen name should be automatically
1209             *         generated for the user
1210             * @param  screenName the user's screen name
1211             * @param  emailAddress the user's email address
1212             * @param  facebookId the user's facebook ID
1213             * @param  openId the user's OpenID
1214             * @param  locale the user's locale
1215             * @param  firstName the user's first name
1216             * @param  middleName the user's middle name
1217             * @param  lastName the user's last name
1218             * @param  prefixId the user's name prefix ID
1219             * @param  suffixId the user's name suffix ID
1220             * @param  male whether the user is male
1221             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
1222             *         January)
1223             * @param  birthdayDay the user's birthday day
1224             * @param  birthdayYear the user's birthday year
1225             * @param  jobTitle the user's job title
1226             * @param  updateUserInformation whether to update the user's information
1227             * @param  sendEmail whether to send the user an email notification about
1228             *         their new account
1229             * @param  serviceContext the user's service context (optionally
1230             *         <code>null</code>). Can set the expando bridge attributes for the
1231             *         user.
1232             * @return the user
1233             * @throws PortalException if the user's information was invalid or if the
1234             *         email address was reserved
1235             * @throws SystemException if a system exception occurred
1236             */
1237            public User updateIncompleteUser(
1238                            long companyId, boolean autoPassword, String password1,
1239                            String password2, boolean autoScreenName, String screenName,
1240                            String emailAddress, long facebookId, String openId, Locale locale,
1241                            String firstName, String middleName, String lastName, int prefixId,
1242                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
1243                            int birthdayYear, String jobTitle, boolean updateUserInformation,
1244                            boolean sendEmail, ServiceContext serviceContext)
1245                    throws PortalException, SystemException {
1246    
1247                    long creatorUserId = 0;
1248    
1249                    try {
1250                            creatorUserId = getGuestOrUserId();
1251                    }
1252                    catch (PrincipalException pe) {
1253                    }
1254    
1255                    checkAddUserPermission(
1256                            creatorUserId, companyId, emailAddress, null, null, null, null,
1257                            serviceContext);
1258    
1259                    return userLocalService.updateIncompleteUser(
1260                            creatorUserId, companyId, autoPassword, password1, password2,
1261                            autoScreenName, screenName, emailAddress, facebookId, openId,
1262                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
1263                            birthdayMonth, birthdayDay, birthdayYear, jobTitle,
1264                            updateUserInformation, sendEmail, serviceContext);
1265            }
1266    
1267            /**
1268             * Updates whether the user is locked out from logging in.
1269             *
1270             * @param  userId the primary key of the user
1271             * @param  lockout whether the user is locked out
1272             * @return the user
1273             * @throws PortalException if the user did not have permission to lock out
1274             *         the user
1275             * @throws SystemException if a system exception occurred
1276             */
1277            public User updateLockoutById(long userId, boolean lockout)
1278                    throws PortalException, SystemException {
1279    
1280                    UserPermissionUtil.check(
1281                            getPermissionChecker(), userId, ActionKeys.DELETE);
1282    
1283                    return userLocalService.updateLockoutById(userId, lockout);
1284            }
1285    
1286            /**
1287             * Updates the user's OpenID.
1288             *
1289             * @param  userId the primary key of the user
1290             * @param  openId the new OpenID
1291             * @return the user
1292             * @throws PortalException if a user with the primary key could not be found
1293             *         or if the current user did not have permission to update the user
1294             * @throws SystemException if a system exception occurred
1295             */
1296            public User updateOpenId(long userId, String openId)
1297                    throws PortalException, SystemException {
1298    
1299                    UserPermissionUtil.check(
1300                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1301    
1302                    return userLocalService.updateOpenId(userId, openId);
1303            }
1304    
1305            /**
1306             * Sets the organizations that the user is in, removing and adding
1307             * organizations as necessary.
1308             *
1309             * @param  userId the primary key of the user
1310             * @param  organizationIds the primary keys of the organizations
1311             * @param  serviceContext the service context. Must set whether user
1312             *         indexing is enabled.
1313             * @throws PortalException if a user with the primary key could not be found
1314             *         or if the current user did not have permission to update the user
1315             * @throws SystemException if a system exception occurred
1316             */
1317            public void updateOrganizations(
1318                            long userId, long[] organizationIds, ServiceContext serviceContext)
1319                    throws PortalException, SystemException {
1320    
1321                    UserPermissionUtil.check(
1322                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1323    
1324                    checkOrganizations(userId, organizationIds);
1325    
1326                    userLocalService.updateOrganizations(
1327                            userId, organizationIds, serviceContext);
1328            }
1329    
1330            /**
1331             * Updates the user's password without tracking or validation of the change.
1332             *
1333             * @param  userId the primary key of the user
1334             * @param  password1 the user's new password
1335             * @param  password2 the user's new password confirmation
1336             * @param  passwordReset whether the user should be asked to reset their
1337             *         password the next time they log in
1338             * @return the user
1339             * @throws PortalException if a user with the primary key could not be found
1340             *         or if the current user did not have permission to update the user
1341             * @throws SystemException if a system exception occurred
1342             */
1343            public User updatePassword(
1344                            long userId, String password1, String password2,
1345                            boolean passwordReset)
1346                    throws PortalException, SystemException {
1347    
1348                    UserPermissionUtil.check(
1349                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1350    
1351                    return userLocalService.updatePassword(
1352                            userId, password1, password2, passwordReset);
1353            }
1354    
1355            /**
1356             * Updates the user's portrait image.
1357             *
1358             * @param  userId the primary key of the user
1359             * @param  bytes the new portrait image data
1360             * @return the user
1361             * @throws PortalException if a user with the primary key could not be
1362             *         found, if the new portrait was invalid, or if the current user
1363             *         did not have permission to update the user
1364             * @throws SystemException if a system exception occurred
1365             */
1366            public User updatePortrait(long userId, byte[] bytes)
1367                    throws PortalException, SystemException {
1368    
1369                    UserPermissionUtil.check(
1370                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1371    
1372                    return userLocalService.updatePortrait(userId, bytes);
1373            }
1374    
1375            /**
1376             * Updates the user's password reset question and answer.
1377             *
1378             * @param  userId the primary key of the user
1379             * @param  question the user's new password reset question
1380             * @param  answer the user's new password reset answer
1381             * @return the user
1382             * @throws PortalException if a user with the primary key could not be
1383             *         found, if the new question or answer were invalid, or if the
1384             *         current user did not have permission to update the user
1385             * @throws SystemException if a system exception occurred
1386             */
1387            public User updateReminderQuery(long userId, String question, String answer)
1388                    throws PortalException, SystemException {
1389    
1390                    UserPermissionUtil.check(
1391                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1392    
1393                    return userLocalService.updateReminderQuery(userId, question, answer);
1394            }
1395    
1396            /**
1397             * Updates the user's screen name.
1398             *
1399             * @param  userId the primary key of the user
1400             * @param  screenName the user's new screen name
1401             * @return the user
1402             * @throws PortalException if a user with the primary key could not be
1403             *         found, if the new screen name was invalid, or if the current user
1404             *         did not have permission to update the user
1405             * @throws SystemException if a system exception occurred
1406             */
1407            public User updateScreenName(long userId, String screenName)
1408                    throws PortalException, SystemException {
1409    
1410                    UserPermissionUtil.check(
1411                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1412    
1413                    return userLocalService.updateScreenName(userId, screenName);
1414            }
1415    
1416            /**
1417             * Updates the user's workflow status.
1418             *
1419             * @param  userId the primary key of the user
1420             * @param  status the user's new workflow status
1421             * @return the user
1422             * @throws PortalException if a user with the primary key could not be
1423             *         found, if the current user was updating her own status to
1424             *         anything but {@link
1425             *         com.liferay.portal.kernel.workflow.WorkflowConstants#STATUS_APPROVED},
1426             *         or if the current user did not have permission to update the
1427             *         user's workflow status.
1428             * @throws SystemException if a system exception occurred
1429             */
1430            public User updateStatus(long userId, int status)
1431                    throws PortalException, SystemException {
1432    
1433                    if ((getUserId() == userId) &&
1434                            (status != WorkflowConstants.STATUS_APPROVED)) {
1435    
1436                            throw new RequiredUserException();
1437                    }
1438    
1439                    UserPermissionUtil.check(
1440                            getPermissionChecker(), userId, ActionKeys.DELETE);
1441    
1442                    return userLocalService.updateStatus(userId, status);
1443            }
1444    
1445            /**
1446             * Updates the user with additional parameters.
1447             *
1448             * @param  userId the primary key of the user
1449             * @param  oldPassword the user's old password
1450             * @param  newPassword1 the user's new password (optionally
1451             *         <code>null</code>)
1452             * @param  newPassword2 the user's new password confirmation (optionally
1453             *         <code>null</code>)
1454             * @param  passwordReset whether the user should be asked to reset their
1455             *         password the next time they login
1456             * @param  reminderQueryQuestion the user's new password reset question
1457             * @param  reminderQueryAnswer the user's new password reset answer
1458             * @param  screenName the user's new screen name
1459             * @param  emailAddress the user's new email address
1460             * @param  facebookId the user's new Facebook ID
1461             * @param  openId the user's new OpenID
1462             * @param  languageId the user's new language ID
1463             * @param  timeZoneId the user's new time zone ID
1464             * @param  greeting the user's new greeting
1465             * @param  comments the user's new comments
1466             * @param  firstName the user's new first name
1467             * @param  middleName the user's new middle name
1468             * @param  lastName the user's new last name
1469             * @param  prefixId the user's new name prefix ID
1470             * @param  suffixId the user's new name suffix ID
1471             * @param  male whether user is male
1472             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1473             *         for January)
1474             * @param  birthdayDay the user's new birthday day
1475             * @param  birthdayYear the user's birthday year
1476             * @param  smsSn the user's new SMS screen name
1477             * @param  aimSn the user's new AIM screen name
1478             * @param  facebookSn the user's new Facebook screen name
1479             * @param  icqSn the user's new ICQ screen name
1480             * @param  jabberSn the user's new Jabber screen name
1481             * @param  msnSn the user's new MSN screen name
1482             * @param  mySpaceSn the user's new MySpace screen name
1483             * @param  skypeSn the user's new Skype screen name
1484             * @param  twitterSn the user's new Twitter screen name
1485             * @param  ymSn the user's new Yahoo! Messenger screen name
1486             * @param  jobTitle the user's new job title
1487             * @param  groupIds the primary keys of the user's groups
1488             * @param  organizationIds the primary keys of the user's organizations
1489             * @param  roleIds the primary keys of the user's roles
1490             * @param  userGroupRoles the user user's group roles
1491             * @param  userGroupIds the primary keys of the user's user groups
1492             * @param  addresses the user's addresses
1493             * @param  emailAddresses the user's email addresses
1494             * @param  phones the user's phone numbers
1495             * @param  websites the user's websites
1496             * @param  announcementsDelivers the announcements deliveries
1497             * @param  serviceContext the user's service context (optionally
1498             *         <code>null</code>). Can set the universally unique identifier
1499             *         (with the <code>uuid</code> attribute), asset category IDs, asset
1500             *         tag names, and expando bridge attributes for the user.
1501             * @return the user
1502             * @throws PortalException if a user with the primary key could not be
1503             *         found, if the new information was invalid, or if the current user
1504             *         did not have permission to update the user
1505             * @throws SystemException if a system exception occurred
1506             */
1507            public User updateUser(
1508                            long userId, String oldPassword, String newPassword1,
1509                            String newPassword2, boolean passwordReset,
1510                            String reminderQueryQuestion, String reminderQueryAnswer,
1511                            String screenName, String emailAddress, long facebookId,
1512                            String openId, String languageId, String timeZoneId,
1513                            String greeting, String comments, String firstName,
1514                            String middleName, String lastName, int prefixId, int suffixId,
1515                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1516                            String smsSn, String aimSn, String facebookSn, String icqSn,
1517                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1518                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1519                            long[] organizationIds, long[] roleIds,
1520                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1521                            List<Address> addresses, List<EmailAddress> emailAddresses,
1522                            List<Phone> phones, List<Website> websites,
1523                            List<AnnouncementsDelivery> announcementsDelivers,
1524                            ServiceContext serviceContext)
1525                    throws PortalException, SystemException {
1526    
1527                    UserPermissionUtil.check(
1528                            getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
1529    
1530                    User user = userPersistence.findByPrimaryKey(userId);
1531    
1532                    if (addresses != null) {
1533                            UsersAdminUtil.updateAddresses(
1534                                    Contact.class.getName(), user.getContactId(), addresses);
1535                    }
1536    
1537                    if (emailAddresses != null) {
1538                            UsersAdminUtil.updateEmailAddresses(
1539                                    Contact.class.getName(), user.getContactId(), emailAddresses);
1540                    }
1541    
1542                    if (phones != null) {
1543                            UsersAdminUtil.updatePhones(
1544                                    Contact.class.getName(), user.getContactId(), phones);
1545                    }
1546    
1547                    if (websites != null) {
1548                            UsersAdminUtil.updateWebsites(
1549                                    Contact.class.getName(), user.getContactId(), websites);
1550                    }
1551    
1552                    if (announcementsDelivers != null) {
1553                            updateAnnouncementsDeliveries(
1554                                    user.getUserId(), announcementsDelivers);
1555                    }
1556    
1557                    long curUserId = getUserId();
1558    
1559                    if (curUserId == userId) {
1560                            screenName = screenName.trim().toLowerCase();
1561    
1562                            if (!screenName.equalsIgnoreCase(user.getScreenName())) {
1563                                    validateScreenName(user, screenName);
1564                            }
1565    
1566                            emailAddress = emailAddress.trim().toLowerCase();
1567    
1568                            if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
1569                                    validateEmailAddress(user, emailAddress);
1570                            }
1571                    }
1572    
1573                    if (groupIds != null) {
1574                            groupIds = checkGroups(userId, groupIds);
1575                    }
1576    
1577                    if (organizationIds != null) {
1578                            organizationIds = checkOrganizations(userId, organizationIds);
1579                    }
1580    
1581                    if (roleIds != null) {
1582                            roleIds = checkRoles(userId, roleIds);
1583                    }
1584    
1585                    if (userGroupRoles != null) {
1586                            userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
1587                    }
1588    
1589                    if (userGroupIds != null) {
1590                            userGroupIds = checkUserGroupIds(userId, userGroupIds);
1591                    }
1592    
1593                    return userLocalService.updateUser(
1594                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1595                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1596                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1597                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1598                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1599                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1600                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1601                            userGroupIds, serviceContext);
1602            }
1603    
1604            /**
1605             * Updates the user.
1606             *
1607             * @param  userId the primary key of the user
1608             * @param  oldPassword the user's old password
1609             * @param  newPassword1 the user's new password (optionally
1610             *         <code>null</code>)
1611             * @param  newPassword2 the user's new password confirmation (optionally
1612             *         <code>null</code>)
1613             * @param  passwordReset whether the user should be asked to reset their
1614             *         password the next time they login
1615             * @param  reminderQueryQuestion the user's new password reset question
1616             * @param  reminderQueryAnswer the user's new password reset answer
1617             * @param  screenName the user's new screen name
1618             * @param  emailAddress the user's new email address
1619             * @param  facebookId the user's new Facebook ID
1620             * @param  openId the user's new OpenID
1621             * @param  languageId the user's new language ID
1622             * @param  timeZoneId the user's new time zone ID
1623             * @param  greeting the user's new greeting
1624             * @param  comments the user's new comments
1625             * @param  firstName the user's new first name
1626             * @param  middleName the user's new middle name
1627             * @param  lastName the user's new last name
1628             * @param  prefixId the user's new name prefix ID
1629             * @param  suffixId the user's new name suffix ID
1630             * @param  male whether user is male
1631             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1632             *         for January)
1633             * @param  birthdayDay the user's new birthday day
1634             * @param  birthdayYear the user's birthday year
1635             * @param  smsSn the user's new SMS screen name
1636             * @param  aimSn the user's new AIM screen name
1637             * @param  facebookSn the user's new Facebook screen name
1638             * @param  icqSn the user's new ICQ screen name
1639             * @param  jabberSn the user's new Jabber screen name
1640             * @param  msnSn the user's new MSN screen name
1641             * @param  mySpaceSn the user's new MySpace screen name
1642             * @param  skypeSn the user's new Skype screen name
1643             * @param  twitterSn the user's new Twitter screen name
1644             * @param  ymSn the user's new Yahoo! Messenger screen name
1645             * @param  jobTitle the user's new job title
1646             * @param  groupIds the primary keys of the user's groups
1647             * @param  organizationIds the primary keys of the user's organizations
1648             * @param  roleIds the primary keys of the user's roles
1649             * @param  userGroupRoles the user user's group roles
1650             * @param  userGroupIds the primary keys of the user's user groups
1651             * @param  serviceContext the user's service context (optionally
1652             *         <code>null</code>). Can set the universally unique identifier
1653             *         (with the <code>uuid</code> attribute), asset category IDs, asset
1654             *         tag names, and expando bridge attributes for the user.
1655             * @return the user
1656             * @throws PortalException if a user with the primary key could not be
1657             *         found, if the new information was invalid, or if the current user
1658             *         did not have permission to update the user
1659             * @throws SystemException if a system exception occurred
1660             */
1661            public User updateUser(
1662                            long userId, String oldPassword, String newPassword1,
1663                            String newPassword2, boolean passwordReset,
1664                            String reminderQueryQuestion, String reminderQueryAnswer,
1665                            String screenName, String emailAddress, long facebookId,
1666                            String openId, String languageId, String timeZoneId,
1667                            String greeting, String comments, String firstName,
1668                            String middleName, String lastName, int prefixId, int suffixId,
1669                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1670                            String smsSn, String aimSn, String facebookSn, String icqSn,
1671                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1672                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1673                            long[] organizationIds, long[] roleIds,
1674                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1675                            ServiceContext serviceContext)
1676                    throws PortalException, SystemException {
1677    
1678                    return updateUser(
1679                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1680                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1681                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1682                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1683                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1684                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1685                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1686                            userGroupIds, null, null, null, null, null, serviceContext);
1687            }
1688    
1689            protected void checkAddUserPermission(
1690                            long creatorUserId, long companyId, String emailAddress,
1691                            long[] groupIds, long[] organizationIds, long[] roleIds,
1692                            long[] userGroupIds, ServiceContext serviceContext)
1693                    throws PortalException, SystemException {
1694    
1695                    Company company = companyPersistence.findByPrimaryKey(companyId);
1696    
1697                    if (groupIds != null) {
1698                            checkGroups(CompanyConstants.SYSTEM, groupIds);
1699                    }
1700    
1701                    if (organizationIds != null) {
1702                            checkOrganizations(CompanyConstants.SYSTEM, organizationIds);
1703                    }
1704    
1705                    if (roleIds != null) {
1706                            checkRoles(CompanyConstants.SYSTEM, roleIds);
1707                    }
1708    
1709                    if (userGroupIds != null) {
1710                            checkUserGroupIds(CompanyConstants.SYSTEM, userGroupIds);
1711                    }
1712    
1713                    boolean anonymousUser = ParamUtil.getBoolean(
1714                            serviceContext, "anonymousUser");
1715    
1716                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
1717    
1718                    if (((creatorUserId != 0) && (creatorUserId != defaultUserId)) ||
1719                            (!company.isStrangers() && !anonymousUser)) {
1720    
1721                            if (!PortalPermissionUtil.contains(
1722                                            getPermissionChecker(), ActionKeys.ADD_USER) &&
1723                                    !OrganizationPermissionUtil.contains(
1724                                            getPermissionChecker(), organizationIds,
1725                                            ActionKeys.ASSIGN_MEMBERS)) {
1726    
1727                                    throw new PrincipalException();
1728                            }
1729                    }
1730    
1731                    if ((creatorUserId == 0) || (creatorUserId == defaultUserId)) {
1732                            if (!company.isStrangersWithMx() &&
1733                                    company.hasCompanyMx(emailAddress)) {
1734    
1735                                    throw new ReservedUserEmailAddressException();
1736                            }
1737                    }
1738            }
1739    
1740            protected long[] checkGroups(long userId, long[] groupIds)
1741                    throws PortalException, SystemException {
1742    
1743                    long[] oldGroupIds = null;
1744    
1745                    PermissionChecker permissionChecker = getPermissionChecker();
1746    
1747                    if (userId != CompanyConstants.SYSTEM) {
1748    
1749                            // Add back any groups that the administrator does not have the
1750                            // rights to remove and check that he has the permission to add
1751                            // a new group
1752    
1753                            List<Group> oldGroups = groupLocalService.getUserGroups(userId);
1754    
1755                            oldGroupIds = new long[oldGroups.size()];
1756    
1757                            for (int i = 0; i < oldGroups.size(); i++) {
1758                                    Group group = oldGroups.get(i);
1759    
1760                                    if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
1761                                            !GroupPermissionUtil.contains(
1762                                                    permissionChecker, group.getGroupId(),
1763                                                    ActionKeys.ASSIGN_MEMBERS)) {
1764    
1765                                            groupIds = ArrayUtil.append(groupIds, group.getGroupId());
1766                                    }
1767    
1768                                    oldGroupIds[i] = group.getGroupId();
1769                            }
1770                    }
1771    
1772                    for (long groupId : groupIds) {
1773                            if ((oldGroupIds == null) ||
1774                                    !ArrayUtil.contains(oldGroupIds, groupId)) {
1775    
1776                                    GroupPermissionUtil.check(
1777                                            permissionChecker, groupId, ActionKeys.ASSIGN_MEMBERS);
1778                            }
1779                    }
1780    
1781                    return groupIds;
1782            }
1783    
1784            protected long[] checkOrganizations(long userId, long[] organizationIds)
1785                    throws PortalException, SystemException {
1786    
1787                    long[] oldOrganizationIds = null;
1788    
1789                    PermissionChecker permissionChecker = getPermissionChecker();
1790    
1791                    if (userId != CompanyConstants.SYSTEM) {
1792    
1793                            // Add back any organizations that the administrator does not have
1794                            // the rights to remove and check that he has the permission to add
1795                            // a new organization
1796    
1797                            List<Organization> oldOrganizations =
1798                                    organizationLocalService.getUserOrganizations(userId);
1799    
1800                            oldOrganizationIds = new long[oldOrganizations.size()];
1801    
1802                            for (int i = 0; i < oldOrganizations.size(); i++) {
1803                                    Organization organization = oldOrganizations.get(i);
1804    
1805                                    if (!ArrayUtil.contains(
1806                                                    organizationIds, organization.getOrganizationId()) &&
1807                                            !OrganizationPermissionUtil.contains(
1808                                                    permissionChecker, organization.getOrganizationId(),
1809                                                    ActionKeys.ASSIGN_MEMBERS)) {
1810    
1811                                            organizationIds = ArrayUtil.append(
1812                                                    organizationIds, organization.getOrganizationId());
1813                                    }
1814    
1815                                    oldOrganizationIds[i] = organization.getOrganizationId();
1816                            }
1817                    }
1818    
1819                    for (long organizationId : organizationIds) {
1820                            if ((oldOrganizationIds == null) ||
1821                                    !ArrayUtil.contains(oldOrganizationIds, organizationId)) {
1822    
1823                                    OrganizationPermissionUtil.check(
1824                                            permissionChecker, organizationId,
1825                                            ActionKeys.ASSIGN_MEMBERS);
1826                            }
1827                    }
1828    
1829                    return organizationIds;
1830            }
1831    
1832            protected long[] checkRoles(long userId, long[] roleIds)
1833                    throws PrincipalException, SystemException {
1834    
1835                    long[] oldRoleIds = null;
1836    
1837                    PermissionChecker permissionChecker = getPermissionChecker();
1838    
1839                    if (userId != CompanyConstants.SYSTEM) {
1840    
1841                            // Add back any roles that the administrator does not have the
1842                            // rights to remove and check that he has the permission to add a
1843                            // new role
1844    
1845                            List<Role> oldRoles = roleLocalService.getUserRoles(userId);
1846    
1847                            oldRoleIds = new long[oldRoles.size()];
1848    
1849                            for (int i = 0; i < oldRoles.size(); i++) {
1850                                    Role role = oldRoles.get(i);
1851    
1852                                    if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
1853                                            !RolePermissionUtil.contains(
1854                                                    permissionChecker, role.getRoleId(),
1855                                                    ActionKeys.ASSIGN_MEMBERS)) {
1856    
1857                                            roleIds = ArrayUtil.append(roleIds, role.getRoleId());
1858                                    }
1859    
1860                                    oldRoleIds[i] = role.getRoleId();
1861                            }
1862                    }
1863    
1864                    for (long roleId : roleIds) {
1865                            if ((oldRoleIds == null) ||
1866                                    !ArrayUtil.contains(oldRoleIds, roleId)) {
1867    
1868                                    RolePermissionUtil.check(
1869                                            permissionChecker, roleId, ActionKeys.ASSIGN_MEMBERS);
1870                            }
1871                    }
1872    
1873                    return roleIds;
1874            }
1875    
1876            protected long[] checkUserGroupIds(long userId, long[] userGroupIds)
1877                    throws PortalException, SystemException {
1878    
1879                    long[] oldUserGroupIds = null;
1880    
1881                    PermissionChecker permissionChecker = getPermissionChecker();
1882    
1883                    if (userId != CompanyConstants.SYSTEM) {
1884    
1885                            // Add back any user groups that the administrator does not have the
1886                            // rights to remove and check that he has the permission to add a
1887                            // new user group
1888    
1889                            List<UserGroup> oldUserGroups =
1890                                    userGroupLocalService.getUserUserGroups(userId);
1891    
1892                            oldUserGroupIds = new long[oldUserGroups.size()];
1893    
1894                            for (int i = 0; i < oldUserGroups.size(); i++) {
1895                                    UserGroup userGroup = oldUserGroups.get(i);
1896    
1897                                    if (!ArrayUtil.contains(
1898                                                    userGroupIds, userGroup.getUserGroupId()) &&
1899                                            !UserGroupPermissionUtil.contains(
1900                                                    permissionChecker, userGroup.getUserGroupId(),
1901                                                    ActionKeys.ASSIGN_MEMBERS)) {
1902    
1903                                            userGroupIds = ArrayUtil.append(
1904                                                    userGroupIds, userGroup.getUserGroupId());
1905                                    }
1906    
1907                                    oldUserGroupIds[i] = userGroup.getUserGroupId();
1908                            }
1909                    }
1910    
1911                    for (long userGroupId : userGroupIds) {
1912                            if ((oldUserGroupIds == null) ||
1913                                    !ArrayUtil.contains(oldUserGroupIds, userGroupId)) {
1914    
1915                                    UserGroupPermissionUtil.check(
1916                                            permissionChecker, userGroupId, ActionKeys.ASSIGN_MEMBERS);
1917                            }
1918                    }
1919    
1920                    return userGroupIds;
1921            }
1922    
1923            protected List<UserGroupRole> checkUserGroupRoles(
1924                            long userId, List<UserGroupRole> userGroupRoles)
1925                    throws PortalException, SystemException {
1926    
1927                    List<UserGroupRole> oldUserGroupRoles = null;
1928    
1929                    PermissionChecker permissionChecker = getPermissionChecker();
1930    
1931                    if (userId != CompanyConstants.SYSTEM) {
1932    
1933                            // Add back any user group roles that the administrator does not
1934                            // have the rights to remove and check that he has the permission to
1935                            // add a new user group role
1936    
1937                            oldUserGroupRoles = userGroupRoleLocalService.getUserGroupRoles(
1938                                    userId);
1939    
1940                            for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
1941                                    if (!userGroupRoles.contains(oldUserGroupRole) &&
1942                                            !UserGroupRolePermissionUtil.contains(
1943                                                    permissionChecker, oldUserGroupRole.getGroupId(),
1944                                                    oldUserGroupRole.getRoleId())) {
1945    
1946                                            userGroupRoles.add(oldUserGroupRole);
1947                                    }
1948                            }
1949                    }
1950    
1951                    for (UserGroupRole userGroupRole : userGroupRoles) {
1952                            if ((oldUserGroupRoles == null) ||
1953                                    !oldUserGroupRoles.contains(userGroupRole)) {
1954    
1955                                    UserGroupRolePermissionUtil.check(
1956                                            permissionChecker, userGroupRole.getGroupId(),
1957                                            userGroupRole.getRoleId());
1958                            }
1959                    }
1960    
1961                    return userGroupRoles;
1962            }
1963    
1964            protected void updateAnnouncementsDeliveries(
1965                            long userId, List<AnnouncementsDelivery> announcementsDeliveries)
1966                    throws PortalException, SystemException {
1967    
1968                    for (AnnouncementsDelivery announcementsDelivery :
1969                                    announcementsDeliveries) {
1970    
1971                            announcementsDeliveryService.updateDelivery(
1972                                    userId, announcementsDelivery.getType(),
1973                                    announcementsDelivery.getEmail(),
1974                                    announcementsDelivery.getSms(),
1975                                    announcementsDelivery.getWebsite());
1976                    }
1977            }
1978    
1979            protected void validateEmailAddress(User user, String emailAddress)
1980                    throws PortalException, SystemException {
1981    
1982                    PermissionChecker permissionChecker = getPermissionChecker();
1983    
1984                    if (!UsersAdminUtil.hasUpdateEmailAddress(permissionChecker, user)) {
1985                            throw new UserEmailAddressException();
1986                    }
1987    
1988                    if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
1989                            Company company = companyPersistence.findByPrimaryKey(
1990                                    user.getCompanyId());
1991    
1992                            if (!company.isStrangersWithMx()) {
1993                                    throw new ReservedUserEmailAddressException();
1994                            }
1995                    }
1996            }
1997    
1998            protected void validateOrganizationUsers(long[] userIds)
1999                    throws PortalException, SystemException {
2000    
2001                    PermissionChecker permissionChecker = getPermissionChecker();
2002    
2003                    if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
2004                            permissionChecker.isCompanyAdmin()) {
2005    
2006                            return;
2007                    }
2008    
2009                    for (long userId : userIds) {
2010                            boolean allowed = false;
2011    
2012                            List<Organization> organizations =
2013                                    organizationLocalService.getUserOrganizations(userId);
2014    
2015                            for (Organization organization : organizations) {
2016                                    if (OrganizationPermissionUtil.contains(
2017                                                    permissionChecker, organization,
2018                                                    ActionKeys.MANAGE_USERS)) {
2019    
2020                                            allowed = true;
2021    
2022                                            break;
2023                                    }
2024                            }
2025    
2026                            if (!allowed) {
2027                                    throw new PrincipalException();
2028                            }
2029                    }
2030            }
2031    
2032            protected void validateScreenName(User user, String screenName)
2033                    throws PortalException, SystemException {
2034    
2035                    PermissionChecker permissionChecker = getPermissionChecker();
2036    
2037                    if (!UsersAdminUtil.hasUpdateScreenName(permissionChecker, user)) {
2038                            throw new UserScreenNameException();
2039                    }
2040            }
2041    
2042    }