001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.RequiredUserException;
018    import com.liferay.portal.ReservedUserEmailAddressException;
019    import com.liferay.portal.UserEmailAddressException;
020    import com.liferay.portal.UserScreenNameException;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.kernel.exception.SystemException;
023    import com.liferay.portal.kernel.search.Indexer;
024    import com.liferay.portal.kernel.search.IndexerRegistryUtil;
025    import com.liferay.portal.kernel.util.ArrayUtil;
026    import com.liferay.portal.kernel.util.ParamUtil;
027    import com.liferay.portal.kernel.workflow.WorkflowConstants;
028    import com.liferay.portal.kernel.workflow.WorkflowThreadLocal;
029    import com.liferay.portal.model.Address;
030    import com.liferay.portal.model.Company;
031    import com.liferay.portal.model.CompanyConstants;
032    import com.liferay.portal.model.Contact;
033    import com.liferay.portal.model.EmailAddress;
034    import com.liferay.portal.model.Group;
035    import com.liferay.portal.model.GroupConstants;
036    import com.liferay.portal.model.Organization;
037    import com.liferay.portal.model.Phone;
038    import com.liferay.portal.model.Role;
039    import com.liferay.portal.model.RoleConstants;
040    import com.liferay.portal.model.User;
041    import com.liferay.portal.model.UserGroup;
042    import com.liferay.portal.model.UserGroupRole;
043    import com.liferay.portal.model.Website;
044    import com.liferay.portal.security.auth.MembershipPolicyException;
045    import com.liferay.portal.security.auth.MembershipPolicyUtil;
046    import com.liferay.portal.security.auth.PrincipalException;
047    import com.liferay.portal.security.permission.ActionKeys;
048    import com.liferay.portal.security.permission.PermissionChecker;
049    import com.liferay.portal.service.ServiceContext;
050    import com.liferay.portal.service.base.UserServiceBaseImpl;
051    import com.liferay.portal.service.permission.GroupPermissionUtil;
052    import com.liferay.portal.service.permission.OrganizationPermissionUtil;
053    import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
054    import com.liferay.portal.service.permission.PortalPermissionUtil;
055    import com.liferay.portal.service.permission.RolePermissionUtil;
056    import com.liferay.portal.service.permission.TeamPermissionUtil;
057    import com.liferay.portal.service.permission.UserGroupPermissionUtil;
058    import com.liferay.portal.service.permission.UserGroupRolePermissionUtil;
059    import com.liferay.portal.service.permission.UserPermissionUtil;
060    import com.liferay.portal.util.PropsValues;
061    import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
062    import com.liferay.portlet.usersadmin.util.UsersAdminUtil;
063    
064    import java.util.ArrayList;
065    import java.util.List;
066    import java.util.Locale;
067    import java.util.Set;
068    
069    /**
070     * The implementation of the user remote service.
071     *
072     * @author Brian Wing Shun Chan
073     * @author Brian Myunghun Kim
074     * @author Scott Lee
075     * @author Jorge Ferrer
076     * @author Julio Camarero
077     */
078    public class UserServiceImpl extends UserServiceBaseImpl {
079    
080            /**
081             * Adds the users to the group.
082             *
083             * @param  groupId the primary key of the group
084             * @param  userIds the primary keys of the users
085             * @param  serviceContext the service context (optionally <code>null</code>)
086             * @throws PortalException if a group or user with the primary key could not
087             *         be found, if the user did not have permission to assign group
088             *         members, or if the operation was not allowed by the membership
089             *         policy
090             * @throws SystemException if a system exception occurred
091             */
092            public void addGroupUsers(
093                            long groupId, long[] userIds, ServiceContext serviceContext)
094                    throws PortalException, SystemException {
095    
096                    try {
097                            GroupPermissionUtil.check(
098                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
099                    }
100                    catch (PrincipalException pe) {
101    
102                            // Allow any user to join open sites
103    
104                            boolean hasPermission = false;
105    
106                            if (userIds.length == 0) {
107                                    hasPermission = true;
108                            }
109                            else if (userIds.length == 1) {
110                                    User user = getUser();
111    
112                                    if (user.getUserId() == userIds[0]) {
113                                            Group group = groupPersistence.findByPrimaryKey(groupId);
114    
115                                            if (user.getCompanyId() == group.getCompanyId()) {
116                                                    int type = group.getType();
117    
118                                                    if (type == GroupConstants.TYPE_SITE_OPEN) {
119                                                            hasPermission = true;
120                                                    }
121                                            }
122                                    }
123                            }
124    
125                            if (!hasPermission) {
126                                    throw new PrincipalException();
127                            }
128                    }
129    
130                    checkAddGroupUsersMembershipPolicy(groupId, userIds);
131    
132                    userLocalService.addGroupUsers(groupId, userIds);
133            }
134    
135            /**
136             * Adds the users to the organization.
137             *
138             * @param  organizationId the primary key of the organization
139             * @param  userIds the primary keys of the users
140             * @throws PortalException if an organization or user with the primary key
141             *         could not be found, if the user did not have permission to assign
142             *         organization members, if current user did not have an
143             *         organization in common with a given user, or if the operation was
144             *         not allowed by the membership policy
145             * @throws SystemException if a system exception occurred
146             */
147            public void addOrganizationUsers(long organizationId, long[] userIds)
148                    throws PortalException, SystemException {
149    
150                    OrganizationPermissionUtil.check(
151                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
152    
153                    validateOrganizationUsers(userIds);
154    
155                    checkAddOrganizationUsersMembershipPolicy(organizationId, userIds);
156    
157                    userLocalService.addOrganizationUsers(organizationId, userIds);
158            }
159    
160            /**
161             * Assigns the password policy to the users, removing any other currently
162             * assigned password policies.
163             *
164             * @param  passwordPolicyId the primary key of the password policy
165             * @param  userIds the primary keys of the users
166             * @throws PortalException if the user did not have permission to assign
167             *         policy members
168             * @throws SystemException if a system exception occurred
169             */
170            public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
171                    throws PortalException, SystemException {
172    
173                    PasswordPolicyPermissionUtil.check(
174                            getPermissionChecker(), passwordPolicyId,
175                            ActionKeys.ASSIGN_MEMBERS);
176    
177                    userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
178            }
179    
180            /**
181             * Adds the users to the role.
182             *
183             * @param  roleId the primary key of the role
184             * @param  userIds the primary keys of the users
185             * @throws PortalException if a role or user with the primary key could not
186             *         be found, if the user did not have permission to assign role
187             *         members, or if the operation was not allowed by the membership
188             *         policy
189             * @throws SystemException if a system exception occurred
190             */
191            public void addRoleUsers(long roleId, long[] userIds)
192                    throws PortalException, SystemException {
193    
194                    RolePermissionUtil.check(
195                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
196    
197                    checkAddRoleUsersMembershipPolicy(roleId, userIds);
198    
199                    userLocalService.addRoleUsers(roleId, userIds);
200            }
201    
202            /**
203             * Adds the users to the team.
204             *
205             * @param  teamId the primary key of the team
206             * @param  userIds the primary keys of the users
207             * @throws PortalException if a team or user with the primary key could not
208             *         be found or if the user did not have permission to assign team
209             *         members
210             * @throws SystemException if a system exception occurred
211             */
212            public void addTeamUsers(long teamId, long[] userIds)
213                    throws PortalException, SystemException {
214    
215                    TeamPermissionUtil.check(
216                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
217    
218                    userLocalService.addTeamUsers(teamId, userIds);
219            }
220    
221            /**
222             * Adds a user.
223             *
224             * <p>
225             * This method handles the creation and bookkeeping of the user including
226             * its resources, metadata, and internal data structures. It is not
227             * necessary to make subsequent calls to any methods to setup default
228             * groups, resources, etc.
229             * </p>
230             *
231             * @param  companyId the primary key of the user's company
232             * @param  autoPassword whether a password should be automatically generated
233             *         for the user
234             * @param  password1 the user's password
235             * @param  password2 the user's password confirmation
236             * @param  autoScreenName whether a screen name should be automatically
237             *         generated for the user
238             * @param  screenName the user's screen name
239             * @param  emailAddress the user's email address
240             * @param  facebookId the user's facebook ID
241             * @param  openId the user's OpenID
242             * @param  locale the user's locale
243             * @param  firstName the user's first name
244             * @param  middleName the user's middle name
245             * @param  lastName the user's last name
246             * @param  prefixId the user's name prefix ID
247             * @param  suffixId the user's name suffix ID
248             * @param  male whether the user is male
249             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
250             *         January)
251             * @param  birthdayDay the user's birthday day
252             * @param  birthdayYear the user's birthday year
253             * @param  jobTitle the user's job title
254             * @param  groupIds the primary keys of the user's groups
255             * @param  organizationIds the primary keys of the user's organizations
256             * @param  roleIds the primary keys of the roles this user possesses
257             * @param  userGroupIds the primary keys of the user's user groups
258             * @param  sendEmail whether to send the user an email notification about
259             *         their new account
260             * @param  serviceContext the user's service context (optionally
261             *         <code>null</code>). Can set the UUID (with the <code>uuid</code>
262             *         attribute), asset category IDs, asset tag names, and expando
263             *         bridge attributes for the user.
264             * @return the new user
265             * @throws PortalException if the user's information was invalid, if the
266             *         operation was not allowed by the membership policy, if the
267             *         creator did not have permission to add users, or if the email
268             *         address was reserved
269             * @throws SystemException if a system exception occurred
270             */
271            public User addUser(
272                            long companyId, boolean autoPassword, String password1,
273                            String password2, boolean autoScreenName, String screenName,
274                            String emailAddress, long facebookId, String openId, Locale locale,
275                            String firstName, String middleName, String lastName, int prefixId,
276                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
277                            int birthdayYear, String jobTitle, long[] groupIds,
278                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
279                            boolean sendEmail, ServiceContext serviceContext)
280                    throws PortalException, SystemException {
281    
282                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
283    
284                    try {
285                            WorkflowThreadLocal.setEnabled(false);
286    
287                            return addUserWithWorkflow(
288                                    companyId, autoPassword, password1, password2, autoScreenName,
289                                    screenName, emailAddress, facebookId, openId, locale, firstName,
290                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
291                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
292                                    roleIds, userGroupIds, sendEmail, serviceContext);
293                    }
294                    finally {
295                            WorkflowThreadLocal.setEnabled(workflowEnabled);
296                    }
297            }
298    
299            /**
300             * Adds a user with additional parameters.
301             *
302             * <p>
303             * This method handles the creation and bookkeeping of the user including
304             * its resources, metadata, and internal data structures. It is not
305             * necessary to make subsequent calls to any methods to setup default
306             * groups, resources, etc.
307             * </p>
308             *
309             * @param  companyId the primary key of the user's company
310             * @param  autoPassword whether a password should be automatically generated
311             *         for the user
312             * @param  password1 the user's password
313             * @param  password2 the user's password confirmation
314             * @param  autoScreenName whether a screen name should be automatically
315             *         generated for the user
316             * @param  screenName the user's screen name
317             * @param  emailAddress the user's email address
318             * @param  facebookId the user's facebook ID
319             * @param  openId the user's OpenID
320             * @param  locale the user's locale
321             * @param  firstName the user's first name
322             * @param  middleName the user's middle name
323             * @param  lastName the user's last name
324             * @param  prefixId the user's name prefix ID
325             * @param  suffixId the user's name suffix ID
326             * @param  male whether the user is male
327             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
328             *         January)
329             * @param  birthdayDay the user's birthday day
330             * @param  birthdayYear the user's birthday year
331             * @param  jobTitle the user's job title
332             * @param  groupIds the primary keys of the user's groups
333             * @param  organizationIds the primary keys of the user's organizations
334             * @param  roleIds the primary keys of the roles this user possesses
335             * @param  userGroupIds the primary keys of the user's user groups
336             * @param  addresses the user's addresses
337             * @param  emailAddresses the user's email addresses
338             * @param  phones the user's phone numbers
339             * @param  websites the user's websites
340             * @param  announcementsDelivers the announcements deliveries
341             * @param  sendEmail whether to send the user an email notification about
342             *         their new account
343             * @param  serviceContext the user's service context (optionally
344             *         <code>null</code>). Can set the UUID (with the <code>uuid</code>
345             *         attribute), asset category IDs, asset tag names, and expando
346             *         bridge attributes for the user.
347             * @return the new user
348             * @throws PortalException if the user's information was invalid, if the
349             *         creator did not have permission to add users, if the email
350             *         address was reserved, if the operation was not allowed by the
351             *         membership policy, or if some other portal exception occurred
352             * @throws SystemException if a system exception occurred
353             */
354            public User addUser(
355                            long companyId, boolean autoPassword, String password1,
356                            String password2, boolean autoScreenName, String screenName,
357                            String emailAddress, long facebookId, String openId, Locale locale,
358                            String firstName, String middleName, String lastName, int prefixId,
359                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
360                            int birthdayYear, String jobTitle, long[] groupIds,
361                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
362                            List<Address> addresses, List<EmailAddress> emailAddresses,
363                            List<Phone> phones, List<Website> websites,
364                            List<AnnouncementsDelivery> announcementsDelivers,
365                            boolean sendEmail, ServiceContext serviceContext)
366                    throws PortalException, SystemException {
367    
368                    boolean workflowEnabled = WorkflowThreadLocal.isEnabled();
369    
370                    try {
371                            WorkflowThreadLocal.setEnabled(false);
372    
373                            return addUserWithWorkflow(
374                                    companyId, autoPassword, password1, password2, autoScreenName,
375                                    screenName, emailAddress, facebookId, openId, locale, firstName,
376                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
377                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
378                                    roleIds, userGroupIds, addresses, emailAddresses, phones,
379                                    websites, announcementsDelivers, sendEmail, serviceContext);
380                    }
381                    finally {
382                            WorkflowThreadLocal.setEnabled(workflowEnabled);
383                    }
384            }
385    
386            /**
387             * Adds the users to the user group.
388             *
389             * @param  userGroupId the primary key of the user group
390             * @param  userIds the primary keys of the users
391             * @throws PortalException if a user group or user with the primary could
392             *         could not be found, if the current user did not have permission
393             *         to assign group members, or if the operation was not allowed by
394             *         the membership policy
395             * @throws SystemException if a system exception occurred
396             */
397            public void addUserGroupUsers(long userGroupId, long[] userIds)
398                    throws PortalException, SystemException {
399    
400                    UserGroupPermissionUtil.check(
401                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
402    
403                    checkAddUserGroupUsersMembershipPolicy(userGroupId, userIds);
404    
405                    userLocalService.addUserGroupUsers(userGroupId, userIds);
406            }
407    
408            /**
409             * Adds a user with workflow.
410             *
411             * <p>
412             * This method handles the creation and bookkeeping of the user including
413             * its resources, metadata, and internal data structures. It is not
414             * necessary to make subsequent calls to any methods to setup default
415             * groups, resources, etc.
416             * </p>
417             *
418             * @param  companyId the primary key of the user's company
419             * @param  autoPassword whether a password should be automatically generated
420             *         for the user
421             * @param  password1 the user's password
422             * @param  password2 the user's password confirmation
423             * @param  autoScreenName whether a screen name should be automatically
424             *         generated for the user
425             * @param  screenName the user's screen name
426             * @param  emailAddress the user's email address
427             * @param  facebookId the user's facebook ID
428             * @param  openId the user's OpenID
429             * @param  locale the user's locale
430             * @param  firstName the user's first name
431             * @param  middleName the user's middle name
432             * @param  lastName the user's last name
433             * @param  prefixId the user's name prefix ID
434             * @param  suffixId the user's name suffix ID
435             * @param  male whether the user is male
436             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
437             *         January)
438             * @param  birthdayDay the user's birthday day
439             * @param  birthdayYear the user's birthday year
440             * @param  jobTitle the user's job title
441             * @param  groupIds the primary keys of the user's groups
442             * @param  organizationIds the primary keys of the user's organizations
443             * @param  roleIds the primary keys of the roles this user possesses
444             * @param  userGroupIds the primary keys of the user's user groups
445             * @param  sendEmail whether to send the user an email notification about
446             *         their new account
447             * @param  serviceContext the user's service context (optionally
448             *         <code>null</code>). Can set the UUID (with the <code>uuid</code>
449             *         attribute), asset category IDs, asset tag names, and expando
450             *         bridge attributes for the user.
451             * @return the new user
452             * @throws PortalException if the user's information was invalid, if the
453             *         operation was not allowed by the membership policy, if the
454             *         creator did not have permission to add users, or if the email
455             *         address was reserved
456             * @throws SystemException if a system exception occurred
457             */
458            public User addUserWithWorkflow(
459                            long companyId, boolean autoPassword, String password1,
460                            String password2, boolean autoScreenName, String screenName,
461                            String emailAddress, long facebookId, String openId, Locale locale,
462                            String firstName, String middleName, String lastName, int prefixId,
463                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
464                            int birthdayYear, String jobTitle, long[] groupIds,
465                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
466                            boolean sendEmail, ServiceContext serviceContext)
467                    throws PortalException, SystemException {
468    
469                    long creatorUserId = 0;
470    
471                    try {
472                            creatorUserId = getGuestOrUserId();
473                    }
474                    catch (PrincipalException pe) {
475                    }
476    
477                    checkAddUserPermission(
478                            creatorUserId, companyId, emailAddress, groupIds, organizationIds,
479                            roleIds, userGroupIds, serviceContext);
480    
481                    return userLocalService.addUserWithWorkflow(
482                            creatorUserId, companyId, autoPassword, password1, password2,
483                            autoScreenName, screenName, emailAddress, facebookId, openId,
484                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
485                            birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
486                            organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
487            }
488    
489            /**
490             * Adds a user with workflow and additional parameters.
491             *
492             * <p>
493             * This method handles the creation and bookkeeping of the user including
494             * its resources, metadata, and internal data structures. It is not
495             * necessary to make subsequent calls to any methods to setup default
496             * groups, resources, etc.
497             * </p>
498             *
499             * @param  companyId the primary key of the user's company
500             * @param  autoPassword whether a password should be automatically generated
501             *         for the user
502             * @param  password1 the user's password
503             * @param  password2 the user's password confirmation
504             * @param  autoScreenName whether a screen name should be automatically
505             *         generated for the user
506             * @param  screenName the user's screen name
507             * @param  emailAddress the user's email address
508             * @param  facebookId the user's facebook ID
509             * @param  openId the user's OpenID
510             * @param  locale the user's locale
511             * @param  firstName the user's first name
512             * @param  middleName the user's middle name
513             * @param  lastName the user's last name
514             * @param  prefixId the user's name prefix ID
515             * @param  suffixId the user's name suffix ID
516             * @param  male whether the user is male
517             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
518             *         January)
519             * @param  birthdayDay the user's birthday day
520             * @param  birthdayYear the user's birthday year
521             * @param  jobTitle the user's job title
522             * @param  groupIds the primary keys of the user's groups
523             * @param  organizationIds the primary keys of the user's organizations
524             * @param  roleIds the primary keys of the roles this user possesses
525             * @param  userGroupIds the primary keys of the user's user groups
526             * @param  addresses the user's addresses
527             * @param  emailAddresses the user's email addresses
528             * @param  phones the user's phone numbers
529             * @param  websites the user's websites
530             * @param  announcementsDelivers the announcements deliveries
531             * @param  sendEmail whether to send the user an email notification about
532             *         their new account
533             * @param  serviceContext the user's service context (optionally
534             *         <code>null</code>). Can set the UUID (with the <code>uuid</code>
535             *         attribute), asset category IDs, asset tag names, and expando
536             *         bridge attributes for the user.
537             * @return the new user
538             * @throws PortalException if the user's information was invalid, if the
539             *         operation was not allowed by the membership policy, if the
540             *         creator did not have permission to add users, if the email
541             *         address was reserved, or if some other portal exception occurred
542             * @throws SystemException if a system exception occurred
543             */
544            public User addUserWithWorkflow(
545                            long companyId, boolean autoPassword, String password1,
546                            String password2, boolean autoScreenName, String screenName,
547                            String emailAddress, long facebookId, String openId, Locale locale,
548                            String firstName, String middleName, String lastName, int prefixId,
549                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
550                            int birthdayYear, String jobTitle, long[] groupIds,
551                            long[] organizationIds, long[] roleIds, long[] userGroupIds,
552                            List<Address> addresses, List<EmailAddress> emailAddresses,
553                            List<Phone> phones, List<Website> websites,
554                            List<AnnouncementsDelivery> announcementsDelivers,
555                            boolean sendEmail, ServiceContext serviceContext)
556                    throws PortalException, SystemException {
557    
558                    boolean indexingEnabled = serviceContext.isIndexingEnabled();
559    
560                    serviceContext.setIndexingEnabled(false);
561    
562                    try {
563                            User user = addUserWithWorkflow(
564                                    companyId, autoPassword, password1, password2, autoScreenName,
565                                    screenName, emailAddress, facebookId, openId, locale, firstName,
566                                    middleName, lastName, prefixId, suffixId, male, birthdayMonth,
567                                    birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
568                                    roleIds, userGroupIds, sendEmail, serviceContext);
569    
570                            UsersAdminUtil.updateAddresses(
571                                    Contact.class.getName(), user.getContactId(), addresses);
572    
573                            UsersAdminUtil.updateEmailAddresses(
574                                    Contact.class.getName(), user.getContactId(), emailAddresses);
575    
576                            UsersAdminUtil.updatePhones(
577                                    Contact.class.getName(), user.getContactId(), phones);
578    
579                            UsersAdminUtil.updateWebsites(
580                                    Contact.class.getName(), user.getContactId(), websites);
581    
582                            updateAnnouncementsDeliveries(
583                                    user.getUserId(), announcementsDelivers);
584    
585                            if (indexingEnabled) {
586                                    Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(
587                                            User.class);
588    
589                                    indexer.reindex(user);
590                            }
591    
592                            return user;
593                    }
594                    finally {
595                            serviceContext.setIndexingEnabled(indexingEnabled);
596                    }
597            }
598    
599            /**
600             * Deletes the user's portrait image.
601             *
602             * @param  userId the primary key of the user
603             * @throws PortalException if a user with the primary key could not be
604             *         found, if the user's portrait could not be found, or if the
605             *         current user did not have permission to update the user
606             * @throws SystemException if a system exception occurred
607             */
608            public void deletePortrait(long userId)
609                    throws PortalException, SystemException {
610    
611                    UserPermissionUtil.check(
612                            getPermissionChecker(), userId, ActionKeys.UPDATE);
613    
614                    userLocalService.deletePortrait(userId);
615            }
616    
617            /**
618             * Removes the user from the role.
619             *
620             * @param  roleId the primary key of the role
621             * @param  userId the primary key of the user
622             * @throws PortalException if a role or user with the primary key could not
623             *         be found, or if the current user did not have permission to
624             *         assign role members
625             * @throws SystemException if a system exception occurred
626             */
627            public void deleteRoleUser(long roleId, long userId)
628                    throws PortalException, SystemException {
629    
630                    RolePermissionUtil.check(
631                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
632    
633                    userLocalService.deleteRoleUser(roleId, userId);
634            }
635    
636            /**
637             * Deletes the user.
638             *
639             * @param  userId the primary key of the user
640             * @throws PortalException if a user with the primary key could not be found
641             *         or if the current user did not have permission to delete the user
642             * @throws SystemException if a system exception occurred
643             */
644            public void deleteUser(long userId)
645                    throws PortalException, SystemException {
646    
647                    if (getUserId() == userId) {
648                            throw new RequiredUserException();
649                    }
650    
651                    UserPermissionUtil.check(
652                            getPermissionChecker(), userId, ActionKeys.DELETE);
653    
654                    userLocalService.deleteUser(userId);
655            }
656    
657            public List<User> getCompanyUsers(long companyId, int start, int end)
658                    throws PortalException, SystemException {
659    
660                    PermissionChecker permissionChecker = getPermissionChecker();
661    
662                    if (!permissionChecker.isCompanyAdmin(companyId)) {
663                            throw new PrincipalException();
664                    }
665    
666                    return userPersistence.findByCompanyId(companyId, start, end);
667            }
668    
669            public int getCompanyUsersCount(long companyId)
670                    throws PortalException, SystemException {
671    
672                    PermissionChecker permissionChecker = getPermissionChecker();
673    
674                    if (!permissionChecker.isCompanyAdmin(companyId)) {
675                            throw new PrincipalException();
676                    }
677    
678                    return userPersistence.countByCompanyId(companyId);
679            }
680    
681            /**
682             * Returns the primary keys of all the users belonging to the group.
683             *
684             * @param  groupId the primary key of the group
685             * @return the primary keys of the users belonging to the group
686             * @throws PortalException if the current user did not have permission to
687             *         view group assignments
688             * @throws SystemException if a system exception occurred
689             */
690            public long[] getGroupUserIds(long groupId)
691                    throws PortalException, SystemException {
692    
693                    GroupPermissionUtil.check(
694                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
695    
696                    return userLocalService.getGroupUserIds(groupId);
697            }
698    
699            /**
700             * Returns all the users belonging to the group.
701             *
702             * @param  groupId the primary key of the group
703             * @return the users belonging to the group
704             * @throws PortalException if the current user did not have permission to
705             *         view group assignments
706             * @throws SystemException if a system exception occurred
707             */
708            public List<User> getGroupUsers(long groupId)
709                    throws PortalException, SystemException {
710    
711                    GroupPermissionUtil.check(
712                            getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
713    
714                    return userLocalService.getGroupUsers(groupId);
715            }
716    
717            /**
718             * Returns the primary keys of all the users belonging to the organization.
719             *
720             * @param  organizationId the primary key of the organization
721             * @return the primary keys of the users belonging to the organization
722             * @throws PortalException if the current user did not have permission to
723             *         view organization assignments
724             * @throws SystemException if a system exception occurred
725             */
726            public long[] getOrganizationUserIds(long organizationId)
727                    throws PortalException, SystemException {
728    
729                    OrganizationPermissionUtil.check(
730                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
731    
732                    return userLocalService.getOrganizationUserIds(organizationId);
733            }
734    
735            /**
736             * Returns all the users belonging to the organization.
737             *
738             * @param  organizationId the primary key of the organization
739             * @return users belonging to the organization
740             * @throws PortalException if the current user did not have permission to
741             *         view organization assignments
742             * @throws SystemException if a system exception occurred
743             */
744            public List<User> getOrganizationUsers(long organizationId)
745                    throws PortalException, SystemException {
746    
747                    OrganizationPermissionUtil.check(
748                            getPermissionChecker(), organizationId, ActionKeys.VIEW_MEMBERS);
749    
750                    return userLocalService.getOrganizationUsers(organizationId);
751            }
752    
753            /**
754             * Returns the primary keys of all the users belonging to the role.
755             *
756             * @param  roleId the primary key of the role
757             * @return the primary keys of the users belonging to the role
758             * @throws PortalException if the current user did not have permission to
759             *         view role members
760             * @throws SystemException if a system exception occurred
761             */
762            public long[] getRoleUserIds(long roleId) throws
763                    PortalException, SystemException {
764    
765                    RolePermissionUtil.check(
766                            getPermissionChecker(), roleId, ActionKeys.VIEW);
767    
768                    return userLocalService.getRoleUserIds(roleId);
769            }
770    
771            /**
772             * Returns the user with the email address.
773             *
774             * @param  companyId the primary key of the user's company
775             * @param  emailAddress the user's email address
776             * @return the user with the email address
777             * @throws PortalException if a user with the email address could not be
778             *         found or if the current user did not have permission to view the
779             *         user
780             * @throws SystemException if a system exception occurred
781             */
782            public User getUserByEmailAddress(long companyId, String emailAddress)
783                    throws PortalException, SystemException {
784    
785                    User user = userLocalService.getUserByEmailAddress(
786                            companyId, emailAddress);
787    
788                    UserPermissionUtil.check(
789                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
790    
791                    return user;
792            }
793    
794            /**
795             * Returns the user with the primary key.
796             *
797             * @param  userId the primary key of the user
798             * @return the user with the primary key
799             * @throws PortalException if a user with the primary key could not be found
800             *         or if the current user did not have permission to view the user
801             * @throws SystemException if a system exception occurred
802             */
803            public User getUserById(long userId)
804                    throws PortalException, SystemException {
805    
806                    User user = userPersistence.findByPrimaryKey(userId);
807    
808                    UserPermissionUtil.check(
809                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
810    
811                    return user;
812            }
813    
814            /**
815             * Returns the user with the screen name.
816             *
817             * @param  companyId the primary key of the user's company
818             * @param  screenName the user's screen name
819             * @return the user with the screen name
820             * @throws PortalException if a user with the screen name could not be found
821             *         or if the current user did not have permission to view the user
822             * @throws SystemException if a system exception occurred
823             */
824            public User getUserByScreenName(long companyId, String screenName)
825                    throws PortalException, SystemException {
826    
827                    User user = userLocalService.getUserByScreenName(companyId, screenName);
828    
829                    UserPermissionUtil.check(
830                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
831    
832                    return user;
833            }
834    
835            public List<User> getUserGroupUsers(long userGroupId)
836                    throws PortalException, SystemException {
837    
838                    UserGroupPermissionUtil.check(
839                            getPermissionChecker(), userGroupId, ActionKeys.VIEW_MEMBERS);
840    
841                    return userGroupPersistence.getUsers(userGroupId);
842            }
843    
844            /**
845             * Returns the primary key of the user with the email address.
846             *
847             * @param  companyId the primary key of the user's company
848             * @param  emailAddress the user's email address
849             * @return the primary key of the user with the email address
850             * @throws PortalException if a user with the email address could not be
851             *         found
852             * @throws SystemException if a system exception occurred
853             */
854            public long getUserIdByEmailAddress(long companyId, String emailAddress)
855                    throws PortalException, SystemException {
856    
857                    User user = getUserByEmailAddress(companyId, emailAddress);
858    
859                    UserPermissionUtil.check(
860                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
861    
862                    return user.getUserId();
863            }
864    
865            /**
866             * Returns the primary key of the user with the screen name.
867             *
868             * @param  companyId the primary key of the user's company
869             * @param  screenName the user's screen name
870             * @return the primary key of the user with the screen name
871             * @throws PortalException if a user with the screen name could not be found
872             * @throws SystemException if a system exception occurred
873             */
874            public long getUserIdByScreenName(long companyId, String screenName)
875                    throws PortalException, SystemException {
876    
877                    User user = getUserByScreenName(companyId, screenName);
878    
879                    UserPermissionUtil.check(
880                            getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
881    
882                    return user.getUserId();
883            }
884    
885            /**
886             * Returns <code>true</code> if the user is a member of the group.
887             *
888             * @param  groupId the primary key of the group
889             * @param  userId the primary key of the user
890             * @return <code>true</code> if the user is a member of the group;
891             *         <code>false</code> otherwise
892             * @throws PortalException if the current user did not have permission to
893             *         view the user or group members
894             * @throws SystemException if a system exception occurred
895             */
896            public boolean hasGroupUser(long groupId, long userId)
897                    throws PortalException, SystemException {
898    
899                    try {
900                            UserPermissionUtil.check(
901                                    getPermissionChecker(), userId, ActionKeys.VIEW);
902                    }
903                    catch (PrincipalException e) {
904                            GroupPermissionUtil.check(
905                                    getPermissionChecker(), groupId, ActionKeys.VIEW_MEMBERS);
906                    }
907    
908                    return userLocalService.hasGroupUser(groupId, userId);
909            }
910    
911            /**
912             * Returns <code>true</code> if the user is a member of the role.
913             *
914             * @param  roleId the primary key of the role
915             * @param  userId the primary key of the user
916             * @return <code>true</code> if the user is a member of the role;
917             *         <code>false</code> otherwise
918             * @throws PortalException if the current user did not have permission to
919             *         view the user or role members
920             * @throws SystemException if a system exception occurred
921             */
922            public boolean hasRoleUser(long roleId, long userId)
923                    throws PortalException, SystemException {
924    
925                    try {
926                            UserPermissionUtil.check(
927                                    getPermissionChecker(), userId, ActionKeys.VIEW);
928                    }
929                    catch (PrincipalException e) {
930                            RolePermissionUtil.check(
931                                    getPermissionChecker(), roleId, ActionKeys.VIEW_MEMBERS);
932                    }
933    
934                    return userLocalService.hasRoleUser(roleId, userId);
935            }
936    
937            /**
938             * Returns <code>true</code> if the user has the role with the name,
939             * optionally through inheritance.
940             *
941             * @param  companyId the primary key of the role's company
942             * @param  name the name of the role (must be a regular role, not an
943             *         organization, site or provider role)
944             * @param  userId the primary key of the user
945             * @param  inherited whether to include roles inherited from organizations,
946             *         sites, etc.
947             * @return <code>true</code> if the user has the role; <code>false</code>
948             *         otherwise
949             * @throws PortalException if a role with the name could not be found
950             * @throws SystemException if a system exception occurred
951             */
952            public boolean hasRoleUser(
953                            long companyId, String name, long userId, boolean inherited)
954                    throws PortalException, SystemException {
955    
956                    try {
957                            UserPermissionUtil.check(
958                                    getPermissionChecker(), userId, ActionKeys.VIEW);
959                    }
960                    catch (PrincipalException e) {
961                            Role role = roleLocalService.getRole(companyId, name);
962    
963                            RolePermissionUtil.check(
964                                    getPermissionChecker(), role.getRoleId(),
965                                    ActionKeys.VIEW_MEMBERS);
966                    }
967    
968                    return userLocalService.hasRoleUser(companyId, name, userId, inherited);
969            }
970    
971            /**
972             * Sets the users in the role, removing and adding users to the role as
973             * necessary.
974             *
975             * @param  roleId the primary key of the role
976             * @param  userIds the primary keys of the users
977             * @throws PortalException if the current user did not have permission to
978             *         assign role members or if the operation was not allowed by the
979             *         membership policy
980             * @throws SystemException if a system exception occurred
981             */
982            public void setRoleUsers(long roleId, long[] userIds)
983                    throws PortalException, SystemException {
984    
985                    RolePermissionUtil.check(
986                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
987    
988                    checkSetRoleUsersMembershipPolicy(roleId, userIds);
989    
990                    userLocalService.setRoleUsers(roleId, userIds);
991            }
992    
993            /**
994             * Sets the users in the user group, removing and adding users to the user
995             * group as necessary.
996             *
997             * @param  userGroupId the primary key of the user group
998             * @param  userIds the primary keys of the users
999             * @throws PortalException if the current user did not have permission to
1000             *         assign group members
1001             * @throws SystemException if a system exception occurred
1002             */
1003            public void setUserGroupUsers(long userGroupId, long[] userIds)
1004                    throws PortalException, SystemException {
1005    
1006                    UserGroupPermissionUtil.check(
1007                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
1008    
1009                    checkSetUserGroupUsersMembershipPolicy(userGroupId, userIds);
1010    
1011                    userLocalService.setUserGroupUsers(userGroupId, userIds);
1012            }
1013    
1014            /**
1015             * Removes the users from the teams of a group.
1016             *
1017             * @param  groupId the primary key of the group
1018             * @param  userIds the primary keys of the users
1019             * @throws PortalException if the current user did not have permission to
1020             *         modify user group assignments
1021             * @throws SystemException if a system exception occurred
1022             */
1023            public void unsetGroupTeamsUsers(long groupId, long[] userIds)
1024                    throws PortalException, SystemException {
1025    
1026                    UserGroupPermissionUtil.check(
1027                            getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1028    
1029                    userLocalService.unsetGroupTeamsUsers(groupId, userIds);
1030            }
1031    
1032            /**
1033             * Removes the users from the group.
1034             *
1035             * @param  groupId the primary key of the group
1036             * @param  userIds the primary keys of the users
1037             * @param  serviceContext the service context (optionally <code>null</code>)
1038             * @throws PortalException if the current user did not have permission to
1039             *         modify group assignments or if the operation was not allowed by
1040             *         the membership policy
1041             * @throws SystemException if a system exception occurred
1042             */
1043            public void unsetGroupUsers(
1044                            long groupId, long[] userIds, ServiceContext serviceContext)
1045                    throws PortalException, SystemException {
1046    
1047                    try {
1048                            userIds = UsersAdminUtil.filterUnsetGroupUserIds(
1049                                    getPermissionChecker(), groupId, userIds);
1050    
1051                            if (userIds.length == 0) {
1052                                    return;
1053                            }
1054    
1055                            GroupPermissionUtil.check(
1056                                    getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
1057                    }
1058                    catch (PrincipalException pe) {
1059    
1060                            // Allow any user to leave open and restricted sites
1061    
1062                            boolean hasPermission = false;
1063    
1064                            if (userIds.length == 0) {
1065                                    hasPermission = true;
1066                            }
1067                            else if (userIds.length == 1) {
1068                                    User user = getUser();
1069    
1070                                    if (user.getUserId() == userIds[0]) {
1071                                            Group group = groupPersistence.findByPrimaryKey(groupId);
1072    
1073                                            if (user.getCompanyId() == group.getCompanyId()) {
1074                                                    int type = group.getType();
1075    
1076                                                    if ((type == GroupConstants.TYPE_SITE_OPEN) ||
1077                                                            (type == GroupConstants.TYPE_SITE_RESTRICTED)) {
1078    
1079                                                            hasPermission = true;
1080                                                    }
1081                                            }
1082                                    }
1083                            }
1084    
1085                            if (!hasPermission) {
1086                                    throw new PrincipalException();
1087                            }
1088                    }
1089    
1090                    checkUnsetGroupUsersMembershipPolicy(groupId, userIds);
1091    
1092                    userLocalService.unsetGroupUsers(groupId, userIds, serviceContext);
1093            }
1094    
1095            /**
1096             * Removes the users from the organization.
1097             *
1098             * @param  organizationId the primary key of the organization
1099             * @param  userIds the primary keys of the users
1100             * @throws PortalException if the current user did not have permission to
1101             *         modify organization assignments or if the operation was not
1102             *         allowed by the membership policy
1103             * @throws SystemException if a system exception occurred
1104             */
1105            public void unsetOrganizationUsers(long organizationId, long[] userIds)
1106                    throws PortalException, SystemException {
1107    
1108                    User user = getUser();
1109    
1110                    Group group = groupLocalService.getOrganizationGroup(
1111                            user.getCompanyId(), organizationId);
1112    
1113                    userIds = UsersAdminUtil.filterUnsetGroupUserIds(
1114                            getPermissionChecker(), group.getGroupId(), userIds);
1115    
1116                    if (userIds.length == 0) {
1117                            return;
1118                    }
1119    
1120                    OrganizationPermissionUtil.check(
1121                            getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
1122    
1123                    checkUnsetOrganizationUsersMembershipPolicy(organizationId, userIds);
1124    
1125                    userLocalService.unsetOrganizationUsers(organizationId, userIds);
1126            }
1127    
1128            /**
1129             * Removes the users from the password policy.
1130             *
1131             * @param  passwordPolicyId the primary key of the password policy
1132             * @param  userIds the primary keys of the users
1133             * @throws PortalException if the current user did not have permission to
1134             *         modify policy assignments
1135             * @throws SystemException if a system exception occurred
1136             */
1137            public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
1138                    throws PortalException, SystemException {
1139    
1140                    PasswordPolicyPermissionUtil.check(
1141                            getPermissionChecker(), passwordPolicyId,
1142                            ActionKeys.ASSIGN_MEMBERS);
1143    
1144                    userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
1145            }
1146    
1147            /**
1148             * Removes the users from the role.
1149             *
1150             * @param  roleId the primary key of the role
1151             * @param  userIds the primary keys of the users
1152             * @throws PortalException if the current user did not have permission to
1153             *         modify role assignments or if the operation was not allowed by
1154             *         the membership policy
1155             * @throws SystemException if a system exception occurred
1156             */
1157            public void unsetRoleUsers(long roleId, long[] userIds)
1158                    throws PortalException, SystemException {
1159    
1160                    RolePermissionUtil.check(
1161                            getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
1162    
1163                    checkUnsetRoleUsersMembershipPolicy(roleId, userIds);
1164    
1165                    userLocalService.unsetRoleUsers(roleId, userIds);
1166            }
1167    
1168            /**
1169             * Removes the users from the team.
1170             *
1171             * @param  teamId the primary key of the team
1172             * @param  userIds the primary keys of the users
1173             * @throws PortalException if the current user did not have permission to
1174             *         modify team assignments
1175             * @throws SystemException if a system exception occurred
1176             */
1177            public void unsetTeamUsers(long teamId, long[] userIds)
1178                    throws PortalException, SystemException {
1179    
1180                    TeamPermissionUtil.check(
1181                            getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
1182    
1183                    userLocalService.unsetTeamUsers(teamId, userIds);
1184            }
1185    
1186            /**
1187             * Removes the users from the user group.
1188             *
1189             * @param  userGroupId the primary key of the user group
1190             * @param  userIds the primary keys of the users
1191             * @throws PortalException if the current user did not have permission to
1192             *         modify user group assignments or if the operation was not allowed
1193             *         by the membership policy
1194             * @throws SystemException if a system exception occurred
1195             */
1196            public void unsetUserGroupUsers(long userGroupId, long[] userIds)
1197                    throws PortalException, SystemException {
1198    
1199                    UserGroupPermissionUtil.check(
1200                            getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
1201    
1202                    checkUnsetUserGroupUsersMembershipPolicy(userGroupId, userIds);
1203    
1204                    userLocalService.unsetUserGroupUsers(userGroupId, userIds);
1205            }
1206    
1207            /**
1208             * Updates the user's response to the terms of use agreement.
1209             *
1210             * @param  userId the primary key of the user
1211             * @param  agreedToTermsOfUse whether the user has agree to the terms of use
1212             * @return the user
1213             * @throws PortalException if the current user did not have permission to
1214             *         update the user's agreement to terms-of-use
1215             * @throws SystemException if a system exception occurred
1216             */
1217            public User updateAgreedToTermsOfUse(
1218                            long userId, boolean agreedToTermsOfUse)
1219                    throws PortalException, SystemException {
1220    
1221                    UserPermissionUtil.check(
1222                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1223    
1224                    return userLocalService.updateAgreedToTermsOfUse(
1225                            userId, agreedToTermsOfUse);
1226            }
1227    
1228            /**
1229             * Updates the user's email address.
1230             *
1231             * @param  userId the primary key of the user
1232             * @param  password the user's password
1233             * @param  emailAddress1 the user's new email address
1234             * @param  emailAddress2 the user's new email address confirmation
1235             * @param  serviceContext the service context. Must set the portal URL, main
1236             *         path, primary key of the layout, remote address, remote host, and
1237             *         agent for the user.
1238             * @return the user
1239             * @throws PortalException if a user with the primary key could not be found
1240             *         or if the current user did not have permission to update the user
1241             * @throws SystemException if a system exception occurred
1242             */
1243            public User updateEmailAddress(
1244                            long userId, String password, String emailAddress1,
1245                            String emailAddress2, ServiceContext serviceContext)
1246                    throws PortalException, SystemException {
1247    
1248                    UserPermissionUtil.check(
1249                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1250    
1251                    return userLocalService.updateEmailAddress(
1252                            userId, password, emailAddress1, emailAddress2, serviceContext);
1253            }
1254    
1255            /**
1256             * Updates a user account that was automatically created when a guest user
1257             * participated in an action (e.g. posting a comment) and only provided his
1258             * name and email address.
1259             *
1260             * @param  companyId the primary key of the user's company
1261             * @param  autoPassword whether a password should be automatically generated
1262             *         for the user
1263             * @param  password1 the user's password
1264             * @param  password2 the user's password confirmation
1265             * @param  autoScreenName whether a screen name should be automatically
1266             *         generated for the user
1267             * @param  screenName the user's screen name
1268             * @param  emailAddress the user's email address
1269             * @param  facebookId the user's facebook ID
1270             * @param  openId the user's OpenID
1271             * @param  locale the user's locale
1272             * @param  firstName the user's first name
1273             * @param  middleName the user's middle name
1274             * @param  lastName the user's last name
1275             * @param  prefixId the user's name prefix ID
1276             * @param  suffixId the user's name suffix ID
1277             * @param  male whether the user is male
1278             * @param  birthdayMonth the user's birthday month (0-based, meaning 0 for
1279             *         January)
1280             * @param  birthdayDay the user's birthday day
1281             * @param  birthdayYear the user's birthday year
1282             * @param  jobTitle the user's job title
1283             * @param  updateUserInformation whether to update the user's information
1284             * @param  sendEmail whether to send the user an email notification about
1285             *         their new account
1286             * @param  serviceContext the user's service context (optionally
1287             *         <code>null</code>). Can set the expando bridge attributes for the
1288             *         user.
1289             * @return the user
1290             * @throws PortalException if the user's information was invalid or if the
1291             *         email address was reserved
1292             * @throws SystemException if a system exception occurred
1293             */
1294            public User updateIncompleteUser(
1295                            long companyId, boolean autoPassword, String password1,
1296                            String password2, boolean autoScreenName, String screenName,
1297                            String emailAddress, long facebookId, String openId, Locale locale,
1298                            String firstName, String middleName, String lastName, int prefixId,
1299                            int suffixId, boolean male, int birthdayMonth, int birthdayDay,
1300                            int birthdayYear, String jobTitle, boolean updateUserInformation,
1301                            boolean sendEmail, ServiceContext serviceContext)
1302                    throws PortalException, SystemException {
1303    
1304                    long creatorUserId = 0;
1305    
1306                    try {
1307                            creatorUserId = getGuestOrUserId();
1308                    }
1309                    catch (PrincipalException pe) {
1310                    }
1311    
1312                    checkAddUserPermission(
1313                            creatorUserId, companyId, emailAddress, null, null, null, null,
1314                            serviceContext);
1315    
1316                    return userLocalService.updateIncompleteUser(
1317                            creatorUserId, companyId, autoPassword, password1, password2,
1318                            autoScreenName, screenName, emailAddress, facebookId, openId,
1319                            locale, firstName, middleName, lastName, prefixId, suffixId, male,
1320                            birthdayMonth, birthdayDay, birthdayYear, jobTitle,
1321                            updateUserInformation, sendEmail, serviceContext);
1322            }
1323    
1324            /**
1325             * Updates whether the user is locked out from logging in.
1326             *
1327             * @param  userId the primary key of the user
1328             * @param  lockout whether the user is locked out
1329             * @return the user
1330             * @throws PortalException if the user did not have permission to lock out
1331             *         the user
1332             * @throws SystemException if a system exception occurred
1333             */
1334            public User updateLockoutById(long userId, boolean lockout)
1335                    throws PortalException, SystemException {
1336    
1337                    UserPermissionUtil.check(
1338                            getPermissionChecker(), userId, ActionKeys.DELETE);
1339    
1340                    return userLocalService.updateLockoutById(userId, lockout);
1341            }
1342    
1343            /**
1344             * Updates the user's OpenID.
1345             *
1346             * @param  userId the primary key of the user
1347             * @param  openId the new OpenID
1348             * @return the user
1349             * @throws PortalException if a user with the primary key could not be found
1350             *         or if the current user did not have permission to update the user
1351             * @throws SystemException if a system exception occurred
1352             */
1353            public User updateOpenId(long userId, String openId)
1354                    throws PortalException, SystemException {
1355    
1356                    UserPermissionUtil.check(
1357                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1358    
1359                    return userLocalService.updateOpenId(userId, openId);
1360            }
1361    
1362            /**
1363             * Sets the organizations that the user is in, removing and adding
1364             * organizations as necessary.
1365             *
1366             * @param  userId the primary key of the user
1367             * @param  organizationIds the primary keys of the organizations
1368             * @param  serviceContext the service context. Must set whether user
1369             *         indexing is enabled.
1370             * @throws PortalException if a user with the primary key could not be found
1371             *         or if the current user did not have permission to update the user
1372             * @throws SystemException if a system exception occurred
1373             */
1374            public void updateOrganizations(
1375                            long userId, long[] organizationIds, ServiceContext serviceContext)
1376                    throws PortalException, SystemException {
1377    
1378                    UserPermissionUtil.check(
1379                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1380    
1381                    checkOrganizations(userId, organizationIds);
1382    
1383                    userLocalService.updateOrganizations(
1384                            userId, organizationIds, serviceContext);
1385            }
1386    
1387            /**
1388             * Updates the user's password without tracking or validation of the change.
1389             *
1390             * @param  userId the primary key of the user
1391             * @param  password1 the user's new password
1392             * @param  password2 the user's new password confirmation
1393             * @param  passwordReset whether the user should be asked to reset their
1394             *         password the next time they log in
1395             * @return the user
1396             * @throws PortalException if a user with the primary key could not be found
1397             *         or if the current user did not have permission to update the user
1398             * @throws SystemException if a system exception occurred
1399             */
1400            public User updatePassword(
1401                            long userId, String password1, String password2,
1402                            boolean passwordReset)
1403                    throws PortalException, SystemException {
1404    
1405                    UserPermissionUtil.check(
1406                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1407    
1408                    return userLocalService.updatePassword(
1409                            userId, password1, password2, passwordReset);
1410            }
1411    
1412            /**
1413             * Updates the user's portrait image.
1414             *
1415             * @param  userId the primary key of the user
1416             * @param  bytes the new portrait image data
1417             * @return the user
1418             * @throws PortalException if a user with the primary key could not be
1419             *         found, if the new portrait was invalid, or if the current user
1420             *         did not have permission to update the user
1421             * @throws SystemException if a system exception occurred
1422             */
1423            public User updatePortrait(long userId, byte[] bytes)
1424                    throws PortalException, SystemException {
1425    
1426                    UserPermissionUtil.check(
1427                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1428    
1429                    return userLocalService.updatePortrait(userId, bytes);
1430            }
1431    
1432            /**
1433             * Updates the user's password reset question and answer.
1434             *
1435             * @param  userId the primary key of the user
1436             * @param  question the user's new password reset question
1437             * @param  answer the user's new password reset answer
1438             * @return the user
1439             * @throws PortalException if a user with the primary key could not be
1440             *         found, if the new question or answer were invalid, or if the
1441             *         current user did not have permission to update the user
1442             * @throws SystemException if a system exception occurred
1443             */
1444            public User updateReminderQuery(long userId, String question, String answer)
1445                    throws PortalException, SystemException {
1446    
1447                    UserPermissionUtil.check(
1448                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1449    
1450                    return userLocalService.updateReminderQuery(userId, question, answer);
1451            }
1452    
1453            /**
1454             * Updates the user's screen name.
1455             *
1456             * @param  userId the primary key of the user
1457             * @param  screenName the user's new screen name
1458             * @return the user
1459             * @throws PortalException if a user with the primary key could not be
1460             *         found, if the new screen name was invalid, or if the current user
1461             *         did not have permission to update the user
1462             * @throws SystemException if a system exception occurred
1463             */
1464            public User updateScreenName(long userId, String screenName)
1465                    throws PortalException, SystemException {
1466    
1467                    UserPermissionUtil.check(
1468                            getPermissionChecker(), userId, ActionKeys.UPDATE);
1469    
1470                    return userLocalService.updateScreenName(userId, screenName);
1471            }
1472    
1473            /**
1474             * Updates the user's workflow status.
1475             *
1476             * @param  userId the primary key of the user
1477             * @param  status the user's new workflow status
1478             * @return the user
1479             * @throws PortalException if a user with the primary key could not be
1480             *         found, if the current user was updating her own status to
1481             *         anything but {@link
1482             *         com.liferay.portal.kernel.workflow.WorkflowConstants#STATUS_APPROVED},
1483             *         or if the current user did not have permission to update the
1484             *         user's workflow status.
1485             * @throws SystemException if a system exception occurred
1486             */
1487            public User updateStatus(long userId, int status)
1488                    throws PortalException, SystemException {
1489    
1490                    if ((getUserId() == userId) &&
1491                            (status != WorkflowConstants.STATUS_APPROVED)) {
1492    
1493                            throw new RequiredUserException();
1494                    }
1495    
1496                    UserPermissionUtil.check(
1497                            getPermissionChecker(), userId, ActionKeys.DELETE);
1498    
1499                    return userLocalService.updateStatus(userId, status);
1500            }
1501    
1502            /**
1503             * Updates the user with additional parameters.
1504             *
1505             * @param  userId the primary key of the user
1506             * @param  oldPassword the user's old password
1507             * @param  newPassword1 the user's new password (optionally
1508             *         <code>null</code>)
1509             * @param  newPassword2 the user's new password confirmation (optionally
1510             *         <code>null</code>)
1511             * @param  passwordReset whether the user should be asked to reset their
1512             *         password the next time they login
1513             * @param  reminderQueryQuestion the user's new password reset question
1514             * @param  reminderQueryAnswer the user's new password reset answer
1515             * @param  screenName the user's new screen name
1516             * @param  emailAddress the user's new email address
1517             * @param  facebookId the user's new Facebook ID
1518             * @param  openId the user's new OpenID
1519             * @param  languageId the user's new language ID
1520             * @param  timeZoneId the user's new time zone ID
1521             * @param  greeting the user's new greeting
1522             * @param  comments the user's new comments
1523             * @param  firstName the user's new first name
1524             * @param  middleName the user's new middle name
1525             * @param  lastName the user's new last name
1526             * @param  prefixId the user's new name prefix ID
1527             * @param  suffixId the user's new name suffix ID
1528             * @param  male whether user is male
1529             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1530             *         for January)
1531             * @param  birthdayDay the user's new birthday day
1532             * @param  birthdayYear the user's birthday year
1533             * @param  smsSn the user's new SMS screen name
1534             * @param  aimSn the user's new AIM screen name
1535             * @param  facebookSn the user's new Facebook screen name
1536             * @param  icqSn the user's new ICQ screen name
1537             * @param  jabberSn the user's new Jabber screen name
1538             * @param  msnSn the user's new MSN screen name
1539             * @param  mySpaceSn the user's new MySpace screen name
1540             * @param  skypeSn the user's new Skype screen name
1541             * @param  twitterSn the user's new Twitter screen name
1542             * @param  ymSn the user's new Yahoo! Messenger screen name
1543             * @param  jobTitle the user's new job title
1544             * @param  groupIds the primary keys of the user's groups
1545             * @param  organizationIds the primary keys of the user's organizations
1546             * @param  roleIds the primary keys of the user's roles
1547             * @param  userGroupRoles the user user's group roles
1548             * @param  userGroupIds the primary keys of the user's user groups
1549             * @param  addresses the user's addresses
1550             * @param  emailAddresses the user's email addresses
1551             * @param  phones the user's phone numbers
1552             * @param  websites the user's websites
1553             * @param  announcementsDelivers the announcements deliveries
1554             * @param  serviceContext the user's service context (optionally
1555             *         <code>null</code>). Can set the UUID (with the <code>uuid</code>
1556             *         attribute), asset category IDs, asset tag names, and expando
1557             *         bridge attributes for the user.
1558             * @return the user
1559             * @throws PortalException if a user with the primary key could not be
1560             *         found, if the new information was invalid, if the current user
1561             *         did not have permission to update the user, or if the operation
1562             *         was not allowed by the membership policy
1563             * @throws SystemException if a system exception occurred
1564             */
1565            public User updateUser(
1566                            long userId, String oldPassword, String newPassword1,
1567                            String newPassword2, boolean passwordReset,
1568                            String reminderQueryQuestion, String reminderQueryAnswer,
1569                            String screenName, String emailAddress, long facebookId,
1570                            String openId, String languageId, String timeZoneId,
1571                            String greeting, String comments, String firstName,
1572                            String middleName, String lastName, int prefixId, int suffixId,
1573                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1574                            String smsSn, String aimSn, String facebookSn, String icqSn,
1575                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1576                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1577                            long[] organizationIds, long[] roleIds,
1578                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1579                            List<Address> addresses, List<EmailAddress> emailAddresses,
1580                            List<Phone> phones, List<Website> websites,
1581                            List<AnnouncementsDelivery> announcementsDelivers,
1582                            ServiceContext serviceContext)
1583                    throws PortalException, SystemException {
1584    
1585                    UserPermissionUtil.check(
1586                            getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
1587    
1588                    User user = userPersistence.findByPrimaryKey(userId);
1589    
1590                    if (addresses != null) {
1591                            UsersAdminUtil.updateAddresses(
1592                                    Contact.class.getName(), user.getContactId(), addresses);
1593                    }
1594    
1595                    if (emailAddresses != null) {
1596                            UsersAdminUtil.updateEmailAddresses(
1597                                    Contact.class.getName(), user.getContactId(), emailAddresses);
1598                    }
1599    
1600                    if (phones != null) {
1601                            UsersAdminUtil.updatePhones(
1602                                    Contact.class.getName(), user.getContactId(), phones);
1603                    }
1604    
1605                    if (websites != null) {
1606                            UsersAdminUtil.updateWebsites(
1607                                    Contact.class.getName(), user.getContactId(), websites);
1608                    }
1609    
1610                    if (announcementsDelivers != null) {
1611                            updateAnnouncementsDeliveries(
1612                                    user.getUserId(), announcementsDelivers);
1613                    }
1614    
1615                    long curUserId = getUserId();
1616    
1617                    if (curUserId == userId) {
1618                            screenName = screenName.trim().toLowerCase();
1619    
1620                            if (!screenName.equalsIgnoreCase(user.getScreenName())) {
1621                                    validateScreenName(user, screenName);
1622                            }
1623    
1624                            emailAddress = emailAddress.trim().toLowerCase();
1625    
1626                            if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
1627                                    validateEmailAddress(user, emailAddress);
1628                            }
1629                    }
1630    
1631                    if (groupIds != null) {
1632                            groupIds = checkGroups(userId, groupIds);
1633                    }
1634    
1635                    if (organizationIds != null) {
1636                            organizationIds = checkOrganizations(userId, organizationIds);
1637                    }
1638    
1639                    if (roleIds != null) {
1640                            roleIds = checkRoles(userId, roleIds);
1641                    }
1642    
1643                    if (userGroupRoles != null) {
1644                            userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
1645                    }
1646    
1647                    if (userGroupIds != null) {
1648                            userGroupIds = checkUserGroupIds(userId, userGroupIds);
1649                    }
1650    
1651                    return userLocalService.updateUser(
1652                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1653                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1654                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1655                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1656                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1657                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1658                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1659                            userGroupIds, serviceContext);
1660            }
1661    
1662            /**
1663             * Updates the user.
1664             *
1665             * @param  userId the primary key of the user
1666             * @param  oldPassword the user's old password
1667             * @param  newPassword1 the user's new password (optionally
1668             *         <code>null</code>)
1669             * @param  newPassword2 the user's new password confirmation (optionally
1670             *         <code>null</code>)
1671             * @param  passwordReset whether the user should be asked to reset their
1672             *         password the next time they login
1673             * @param  reminderQueryQuestion the user's new password reset question
1674             * @param  reminderQueryAnswer the user's new password reset answer
1675             * @param  screenName the user's new screen name
1676             * @param  emailAddress the user's new email address
1677             * @param  facebookId the user's new Facebook ID
1678             * @param  openId the user's new OpenID
1679             * @param  languageId the user's new language ID
1680             * @param  timeZoneId the user's new time zone ID
1681             * @param  greeting the user's new greeting
1682             * @param  comments the user's new comments
1683             * @param  firstName the user's new first name
1684             * @param  middleName the user's new middle name
1685             * @param  lastName the user's new last name
1686             * @param  prefixId the user's new name prefix ID
1687             * @param  suffixId the user's new name suffix ID
1688             * @param  male whether user is male
1689             * @param  birthdayMonth the user's new birthday month (0-based, meaning 0
1690             *         for January)
1691             * @param  birthdayDay the user's new birthday day
1692             * @param  birthdayYear the user's birthday year
1693             * @param  smsSn the user's new SMS screen name
1694             * @param  aimSn the user's new AIM screen name
1695             * @param  facebookSn the user's new Facebook screen name
1696             * @param  icqSn the user's new ICQ screen name
1697             * @param  jabberSn the user's new Jabber screen name
1698             * @param  msnSn the user's new MSN screen name
1699             * @param  mySpaceSn the user's new MySpace screen name
1700             * @param  skypeSn the user's new Skype screen name
1701             * @param  twitterSn the user's new Twitter screen name
1702             * @param  ymSn the user's new Yahoo! Messenger screen name
1703             * @param  jobTitle the user's new job title
1704             * @param  groupIds the primary keys of the user's groups
1705             * @param  organizationIds the primary keys of the user's organizations
1706             * @param  roleIds the primary keys of the user's roles
1707             * @param  userGroupRoles the user user's group roles
1708             * @param  userGroupIds the primary keys of the user's user groups
1709             * @param  serviceContext the user's service context (optionally
1710             *         <code>null</code>). Can set the UUID (with the <code>uuid</code>
1711             *         attribute), asset category IDs, asset tag names, and expando
1712             *         bridge attributes for the user.
1713             * @return the user
1714             * @throws PortalException if a user with the primary key could not be
1715             *         found, if the new information was invalid, if the current user
1716             *         did not have permission to update the user, or if the operation
1717             *         was not allowed by the membership policy
1718             * @throws SystemException if a system exception occurred
1719             */
1720            public User updateUser(
1721                            long userId, String oldPassword, String newPassword1,
1722                            String newPassword2, boolean passwordReset,
1723                            String reminderQueryQuestion, String reminderQueryAnswer,
1724                            String screenName, String emailAddress, long facebookId,
1725                            String openId, String languageId, String timeZoneId,
1726                            String greeting, String comments, String firstName,
1727                            String middleName, String lastName, int prefixId, int suffixId,
1728                            boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
1729                            String smsSn, String aimSn, String facebookSn, String icqSn,
1730                            String jabberSn, String msnSn, String mySpaceSn, String skypeSn,
1731                            String twitterSn, String ymSn, String jobTitle, long[] groupIds,
1732                            long[] organizationIds, long[] roleIds,
1733                            List<UserGroupRole> userGroupRoles, long[] userGroupIds,
1734                            ServiceContext serviceContext)
1735                    throws PortalException, SystemException {
1736    
1737                    return updateUser(
1738                            userId, oldPassword, newPassword1, newPassword2, passwordReset,
1739                            reminderQueryQuestion, reminderQueryAnswer, screenName,
1740                            emailAddress, facebookId, openId, languageId, timeZoneId, greeting,
1741                            comments, firstName, middleName, lastName, prefixId, suffixId, male,
1742                            birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
1743                            icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
1744                            jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
1745                            userGroupIds, null, null, null, null, null, serviceContext);
1746            }
1747    
1748            protected void checkAddGroupUsersMembershipPolicy(
1749                            long groupId, long[] userIds)
1750                    throws PortalException, SystemException {
1751    
1752                    MembershipPolicyException membershipPolicyException = null;
1753    
1754                    Group group = groupPersistence.findByPrimaryKey(groupId);
1755    
1756                    for (long userId : userIds) {
1757                            User user = userPersistence.findByPrimaryKey(userId);
1758    
1759                            if (MembershipPolicyUtil.isMembershipAllowed(group, user)) {
1760                                    continue;
1761                            }
1762    
1763                            if (membershipPolicyException == null) {
1764                                    membershipPolicyException = new MembershipPolicyException(
1765                                            MembershipPolicyException.GROUP_MEMBERSHIP_NOT_ALLOWED);
1766    
1767                                    membershipPolicyException.addGroup(group);
1768                            }
1769    
1770                            membershipPolicyException.addUser(user);
1771                    }
1772    
1773                    if (membershipPolicyException != null) {
1774                            throw membershipPolicyException;
1775                    }
1776            }
1777    
1778            protected void checkAddOrganizationUsersMembershipPolicy(
1779                            long organizationId, long[] userIds)
1780                    throws PortalException, SystemException {
1781    
1782                    MembershipPolicyException membershipPolicyException = null;
1783    
1784                    Organization organization = organizationPersistence.findByPrimaryKey(
1785                            organizationId);
1786    
1787                    for (long userId : userIds) {
1788                            User user = userPersistence.findByPrimaryKey(userId);
1789    
1790                            if (MembershipPolicyUtil.isMembershipAllowed(organization, user)) {
1791                                    continue;
1792                            }
1793    
1794                            if (membershipPolicyException == null) {
1795                                    membershipPolicyException = new MembershipPolicyException(
1796                                            MembershipPolicyException.
1797                                                    ORGANIZATION_MEMBERSHIP_NOT_ALLOWED);
1798    
1799                                    membershipPolicyException.addOrganization(organization);
1800                            }
1801    
1802                            membershipPolicyException.addUser(user);
1803                    }
1804    
1805                    if (membershipPolicyException != null) {
1806                            throw membershipPolicyException;
1807                    }
1808            }
1809    
1810            protected void checkAddRoleUsersMembershipPolicy(
1811                            long roleId, long[] userIds)
1812                    throws PortalException, SystemException {
1813    
1814                    MembershipPolicyException membershipPolicyException = null;
1815    
1816                    Role role = rolePersistence.findByPrimaryKey(roleId);
1817    
1818                    for (long userId : userIds) {
1819                            User user = userPersistence.findByPrimaryKey(userId);
1820    
1821                            if (MembershipPolicyUtil.isMembershipAllowed(role, user)) {
1822                                    continue;
1823                            }
1824    
1825                            if (membershipPolicyException == null) {
1826                                    membershipPolicyException = new MembershipPolicyException(
1827                                            MembershipPolicyException.ROLE_MEMBERSHIP_NOT_ALLOWED);
1828    
1829                                    membershipPolicyException.addRole(role);
1830                            }
1831    
1832                            membershipPolicyException.addUser(user);
1833                    }
1834    
1835                    if (membershipPolicyException != null) {
1836                            throw membershipPolicyException;
1837                    }
1838            }
1839    
1840            protected void checkAddUserGroupUsersMembershipPolicy(
1841                            long userGroupId, long[] userIds)
1842                    throws PortalException, SystemException {
1843    
1844                    MembershipPolicyException membershipPolicyException = null;
1845    
1846                    UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
1847                            userGroupId);
1848    
1849                    for (long userId : userIds) {
1850                            User user = userPersistence.findByPrimaryKey(userId);
1851    
1852                            if (MembershipPolicyUtil.isMembershipAllowed(userGroup, user)) {
1853                                    continue;
1854                            }
1855    
1856                            if (membershipPolicyException == null) {
1857                                    membershipPolicyException = new MembershipPolicyException(
1858                                            MembershipPolicyException.
1859                                                    USER_GROUP_MEMBERSHIP_NOT_ALLOWED);
1860    
1861                                    membershipPolicyException.addUserGroup(userGroup);
1862                            }
1863    
1864                            membershipPolicyException.addUser(user);
1865                    }
1866    
1867                    if (membershipPolicyException != null) {
1868                            throw membershipPolicyException;
1869                    }
1870            }
1871    
1872            protected void checkAddUserPermission(
1873                            long creatorUserId, long companyId, String emailAddress,
1874                            long[] groupIds, long[] organizationIds, long[] roleIds,
1875                            long[] userGroupIds, ServiceContext serviceContext)
1876                    throws PortalException, SystemException {
1877    
1878                    Company company = companyPersistence.findByPrimaryKey(companyId);
1879    
1880                    if (groupIds != null) {
1881                            checkGroups(0, groupIds);
1882                    }
1883    
1884                    if (organizationIds != null) {
1885                            checkOrganizations(0, organizationIds);
1886                    }
1887    
1888                    if (roleIds != null) {
1889                            checkRoles(0, roleIds);
1890                    }
1891    
1892                    if (userGroupIds != null) {
1893                            checkUserGroupIds(0, userGroupIds);
1894                    }
1895    
1896                    boolean anonymousUser = ParamUtil.getBoolean(
1897                            serviceContext, "anonymousUser");
1898    
1899                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
1900    
1901                    if (((creatorUserId != 0) && (creatorUserId != defaultUserId)) ||
1902                            (!company.isStrangers() && !anonymousUser)) {
1903    
1904                            if (!PortalPermissionUtil.contains(
1905                                            getPermissionChecker(), ActionKeys.ADD_USER) &&
1906                                    !OrganizationPermissionUtil.contains(
1907                                            getPermissionChecker(), organizationIds,
1908                                            ActionKeys.ASSIGN_MEMBERS)) {
1909    
1910                                    throw new PrincipalException();
1911                            }
1912                    }
1913    
1914                    if ((creatorUserId == 0) || (creatorUserId == defaultUserId)) {
1915                            if (!company.isStrangersWithMx() &&
1916                                    company.hasCompanyMx(emailAddress)) {
1917    
1918                                    throw new ReservedUserEmailAddressException();
1919                            }
1920                    }
1921            }
1922    
1923            protected long[] checkGroups(long userId, long[] groupIds)
1924                    throws PortalException, SystemException {
1925    
1926                    long[] oldGroupIds = null;
1927    
1928                    PermissionChecker permissionChecker = getPermissionChecker();
1929    
1930                    User user = null;
1931    
1932                    if (userId != CompanyConstants.SYSTEM) {
1933    
1934                            // Add back any mandatory groups or groups that the administrator
1935                            // does not have the rights to remove and check that he has the
1936                            // permission to add a new group
1937    
1938                            user = userPersistence.findByPrimaryKey(userId);
1939    
1940                            Set<Group> mandatoryGroups =
1941                                    MembershipPolicyUtil.getMandatoryGroups(user);
1942    
1943                            List<Group> oldGroups = groupLocalService.getUserGroups(userId);
1944    
1945                            oldGroupIds = new long[oldGroups.size()];
1946    
1947                            for (int i = 0; i < oldGroups.size(); i++) {
1948                                    Group group = oldGroups.get(i);
1949    
1950                                    if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
1951                                            (!GroupPermissionUtil.contains(
1952                                                    permissionChecker, group.getGroupId(),
1953                                                    ActionKeys.ASSIGN_MEMBERS) ||
1954                                             MembershipPolicyUtil.isMembershipProtected(
1955                                                    permissionChecker, group, user) ||
1956                                             mandatoryGroups.contains(group))) {
1957    
1958                                            groupIds = ArrayUtil.append(groupIds, group.getGroupId());
1959                                    }
1960    
1961                                    oldGroupIds[i] = group.getGroupId();
1962                            }
1963                    }
1964    
1965                    // Check that the administrator has the permission to add a new group
1966                    // and that the group membership is allowed
1967    
1968                    MembershipPolicyException membershipPolicyException = null;
1969    
1970                    for (long groupId : groupIds) {
1971                            if ((oldGroupIds != null) &&
1972                                    ArrayUtil.contains(oldGroupIds, groupId)) {
1973    
1974                                    continue;
1975                            }
1976    
1977                            Group group = groupPersistence.findByPrimaryKey(groupId);
1978    
1979                            GroupPermissionUtil.check(
1980                                    permissionChecker, group, ActionKeys.ASSIGN_MEMBERS);
1981    
1982                            if (user == null) {
1983                                    continue;
1984                            }
1985    
1986                            if (MembershipPolicyUtil.isMembershipAllowed(group, user)) {
1987                                    continue;
1988                            }
1989    
1990                            if (membershipPolicyException == null) {
1991                                    membershipPolicyException = new MembershipPolicyException(
1992                                            MembershipPolicyException.GROUP_MEMBERSHIP_NOT_ALLOWED);
1993    
1994                                    membershipPolicyException.addUser(user);
1995                            }
1996    
1997                            membershipPolicyException.addGroup(group);
1998                    }
1999    
2000                    if (membershipPolicyException != null) {
2001                            throw membershipPolicyException;
2002                    }
2003    
2004                    return groupIds;
2005            }
2006    
2007            protected long[] checkOrganizations(long userId, long[] organizationIds)
2008                    throws PortalException, SystemException {
2009    
2010                    long[] oldOrganizationIds = null;
2011    
2012                    PermissionChecker permissionChecker = getPermissionChecker();
2013    
2014                    User user = null;
2015    
2016                    if (userId != CompanyConstants.SYSTEM) {
2017    
2018                            // Add back any mandatory organizations or organizations that the
2019                            // administrator does not have the rights to remove and check that
2020                            // he has the permission to add a new organization
2021    
2022                            user = userPersistence.findByPrimaryKey(userId);
2023    
2024                            Set<Organization> mandatoryOrganizations =
2025                                    MembershipPolicyUtil.getMandatoryOrganizations(user);
2026    
2027                            List<Organization> oldOrganizations =
2028                                    organizationLocalService.getUserOrganizations(userId);
2029    
2030                            oldOrganizationIds = new long[oldOrganizations.size()];
2031    
2032                            for (int i = 0; i < oldOrganizations.size(); i++) {
2033                                    Organization organization = oldOrganizations.get(i);
2034    
2035                                    if (!ArrayUtil.contains(
2036                                                    organizationIds, organization.getOrganizationId()) &&
2037                                            (!OrganizationPermissionUtil.contains(
2038                                                    permissionChecker, organization.getOrganizationId(),
2039                                                    ActionKeys.ASSIGN_MEMBERS) ||
2040                                             MembershipPolicyUtil.isMembershipProtected(
2041                                                     permissionChecker, organization, user) ||
2042                                             mandatoryOrganizations.contains(organization))) {
2043    
2044                                            organizationIds = ArrayUtil.append(
2045                                                    organizationIds, organization.getOrganizationId());
2046                                    }
2047    
2048                                    oldOrganizationIds[i] = organization.getOrganizationId();
2049                            }
2050                    }
2051    
2052                    // Check that the administrator has the permission to add a new
2053                    // organization and that the organization membership is allowed
2054    
2055                    MembershipPolicyException membershipPolicyException = null;
2056    
2057                    for (long organizationId : organizationIds) {
2058                            if ((oldOrganizationIds != null) &&
2059                                    ArrayUtil.contains(oldOrganizationIds, organizationId)) {
2060    
2061                                    continue;
2062                            }
2063    
2064                            Organization organization =
2065                                    organizationPersistence.findByPrimaryKey(organizationId);
2066    
2067                            OrganizationPermissionUtil.check(
2068                                    permissionChecker, organization, ActionKeys.ASSIGN_MEMBERS);
2069    
2070                            if (user == null) {
2071                                    continue;
2072                            }
2073    
2074                            if (MembershipPolicyUtil.isMembershipAllowed(organization, user)) {
2075                                    continue;
2076                            }
2077    
2078                            if (membershipPolicyException == null) {
2079                                    membershipPolicyException = new MembershipPolicyException(
2080                                            MembershipPolicyException.
2081                                                    ORGANIZATION_MEMBERSHIP_NOT_ALLOWED);
2082    
2083                                    membershipPolicyException.addUser(user);
2084                            }
2085    
2086                            membershipPolicyException.addOrganization(organization);
2087                    }
2088    
2089                    if (membershipPolicyException != null) {
2090                            throw membershipPolicyException;
2091                    }
2092    
2093                    return organizationIds;
2094            }
2095    
2096            protected long[] checkRoles(long userId, long[] roleIds)
2097                    throws PortalException, SystemException {
2098    
2099                    long[] oldRoleIds = null;
2100    
2101                    PermissionChecker permissionChecker = getPermissionChecker();
2102    
2103                    User user = null;
2104    
2105                    if (userId != CompanyConstants.SYSTEM) {
2106    
2107                            // Add back any mandatory roles or roles that the administrator
2108                            // does not have the rights to remove and check that he has the
2109                            // permission to add a new role
2110    
2111                            user = userPersistence.findByPrimaryKey(userId);
2112    
2113                            Set<Role> mandatoryRoles = MembershipPolicyUtil.getMandatoryRoles(
2114                                    user);
2115    
2116                            List<Role> oldRoles = roleLocalService.getUserRoles(userId);
2117    
2118                            oldRoleIds = new long[oldRoles.size()];
2119    
2120                            for (int i = 0; i < oldRoles.size(); i++) {
2121                                    Role role = oldRoles.get(i);
2122    
2123                                    if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
2124                                            (!RolePermissionUtil.contains(
2125                                                    permissionChecker, role.getRoleId(),
2126                                                    ActionKeys.ASSIGN_MEMBERS) ||
2127                                             mandatoryRoles.contains(role))) {
2128    
2129                                            roleIds = ArrayUtil.append(roleIds, role.getRoleId());
2130                                    }
2131    
2132                                    oldRoleIds[i] = role.getRoleId();
2133                            }
2134                    }
2135    
2136                    // Check that the administrator has the permission to add a new role
2137                    // and that the role membership is allowed
2138    
2139                    MembershipPolicyException membershipPolicyException = null;
2140    
2141                    for (long roleId : roleIds) {
2142                            if ((oldRoleIds != null) &&
2143                                    ArrayUtil.contains(oldRoleIds, roleId)) {
2144    
2145                                    continue;
2146                            }
2147    
2148                            Role role = rolePersistence.findByPrimaryKey(roleId);
2149    
2150                            RolePermissionUtil.check(
2151                                    permissionChecker, role.getRoleId(), ActionKeys.ASSIGN_MEMBERS);
2152    
2153                            if (user == null) {
2154                                    continue;
2155                            }
2156    
2157                            if (MembershipPolicyUtil.isMembershipAllowed(role, user)) {
2158                                    continue;
2159                            }
2160    
2161                            if (membershipPolicyException == null) {
2162                                    membershipPolicyException = new MembershipPolicyException(
2163                                            MembershipPolicyException.ROLE_MEMBERSHIP_NOT_ALLOWED);
2164    
2165                                    membershipPolicyException.addUser(user);
2166                            }
2167    
2168                            membershipPolicyException.addRole(role);
2169                    }
2170    
2171                    if (membershipPolicyException != null) {
2172                            throw membershipPolicyException;
2173                    }
2174    
2175                    return roleIds;
2176            }
2177    
2178            protected void checkSetRoleUsersMembershipPolicy(
2179                            long roleId, long[] userIds)
2180                    throws PortalException, SystemException {
2181    
2182                    List<Long> unsetUserIds = new ArrayList<Long>(userIds.length);
2183    
2184                    List<User> users = rolePersistence.getUsers(roleId);
2185    
2186                    for (User user : users) {
2187                            if (!ArrayUtil.contains(userIds, user.getUserId())) {
2188                                    unsetUserIds.add(user.getUserId());
2189                            }
2190                    }
2191    
2192                    checkUnsetRoleUsersMembershipPolicy(
2193                            roleId, ArrayUtil.toLongArray(unsetUserIds));
2194    
2195                    checkAddRoleUsersMembershipPolicy(roleId, userIds);
2196            }
2197    
2198            protected void checkSetUserGroupUsersMembershipPolicy(
2199                            long userGroupId, long[] userIds)
2200                    throws PortalException, SystemException {
2201    
2202                    List<Long> unsetUserIds = new ArrayList<Long>(userIds.length);
2203    
2204                    List<User> users = userGroupPersistence.getUsers(userGroupId);
2205    
2206                    for (User user : users) {
2207                            if (!ArrayUtil.contains(userIds, user.getUserId())) {
2208                                    unsetUserIds.add(user.getUserId());
2209                            }
2210                    }
2211    
2212                    checkUnsetUserGroupUsersMembershipPolicy(
2213                            userGroupId, ArrayUtil.toLongArray(unsetUserIds));
2214    
2215                    checkAddUserGroupUsersMembershipPolicy(userGroupId, userIds);
2216            }
2217    
2218            protected void checkUnsetGroupUsersMembershipPolicy(
2219                            long groupId, long[] userIds)
2220                    throws PortalException, SystemException {
2221    
2222                    MembershipPolicyException membershipPolicyException = null;
2223    
2224                    Group group = groupPersistence.findByPrimaryKey(groupId);
2225    
2226                    for (long userId : userIds) {
2227                            User user = userPersistence.findByPrimaryKey(userId);
2228    
2229                            Set<Group> mandatoryGroups =
2230                                    MembershipPolicyUtil.getMandatoryGroups(user);
2231    
2232                            if (!mandatoryGroups.contains(group)) {
2233                                    continue;
2234                            }
2235    
2236                            if (membershipPolicyException == null) {
2237                                    membershipPolicyException = new MembershipPolicyException(
2238                                            MembershipPolicyException.GROUP_MEMBERSHIP_REQUIRED);
2239    
2240                                    membershipPolicyException.addGroup(group);
2241                            }
2242    
2243                            membershipPolicyException.addUser(user);
2244                    }
2245    
2246                    if (membershipPolicyException != null) {
2247                            throw membershipPolicyException;
2248                    }
2249            }
2250    
2251            protected void checkUnsetOrganizationUsersMembershipPolicy(
2252                            long organizationId, long[] userIds)
2253                    throws PortalException, SystemException {
2254    
2255                    MembershipPolicyException membershipPolicyException = null;
2256    
2257                    Organization organization = organizationPersistence.findByPrimaryKey(
2258                            organizationId);
2259    
2260                    for (long userId : userIds) {
2261                            User user = userPersistence.findByPrimaryKey(userId);
2262    
2263                            Set<Organization> mandatoryOrganizations =
2264                                    MembershipPolicyUtil.getMandatoryOrganizations(user);
2265    
2266                            if (!mandatoryOrganizations.contains(organization)) {
2267                                    continue;
2268                            }
2269    
2270                            if (membershipPolicyException == null) {
2271                                    membershipPolicyException = new MembershipPolicyException(
2272                                            MembershipPolicyException.
2273                                                    ORGANIZATION_MEMBERSHIP_REQUIRED);
2274    
2275                                    membershipPolicyException.addOrganization(organization);
2276                            }
2277    
2278                            membershipPolicyException.addUser(user);
2279                    }
2280    
2281                    if (membershipPolicyException != null) {
2282                            throw membershipPolicyException;
2283                    }
2284            }
2285    
2286            protected void checkUnsetRoleUsersMembershipPolicy(
2287                            long roleId, long[] userIds)
2288                    throws PortalException, SystemException {
2289    
2290                    MembershipPolicyException membershipPolicyException = null;
2291    
2292                    Role role = rolePersistence.findByPrimaryKey(roleId);
2293    
2294                    for (long userId : userIds) {
2295                            User user = userPersistence.findByPrimaryKey(userId);
2296    
2297                            Set<Role> mandatoryRoles = MembershipPolicyUtil.getMandatoryRoles(
2298                                    user);
2299    
2300                            if (!mandatoryRoles.contains(role)) {
2301                                    continue;
2302                            }
2303    
2304                            if (membershipPolicyException == null) {
2305                                    membershipPolicyException = new MembershipPolicyException(
2306                                            MembershipPolicyException.ROLE_MEMBERSHIP_REQUIRED);
2307    
2308                                    membershipPolicyException.addRole(role);
2309                            }
2310    
2311                            membershipPolicyException.addUser(user);
2312                    }
2313    
2314                    if (membershipPolicyException != null) {
2315                            throw membershipPolicyException;
2316                    }
2317            }
2318    
2319            protected void checkUnsetUserGroupUsersMembershipPolicy(
2320                            long userGroupId, long[] userIds)
2321                    throws PortalException, SystemException {
2322    
2323                    MembershipPolicyException membershipPolicyException = null;
2324    
2325                    UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
2326                            userGroupId);
2327    
2328                    for (long userId : userIds) {
2329                            User user = userPersistence.findByPrimaryKey(userId);
2330    
2331                            Set<UserGroup> mandatoryUserGroups =
2332                                    MembershipPolicyUtil.getMandatoryUserGroups(user);
2333    
2334                            if (!mandatoryUserGroups.contains(userGroup)) {
2335                                    continue;
2336                            }
2337    
2338                            if (membershipPolicyException == null) {
2339                                    membershipPolicyException = new MembershipPolicyException(
2340                                            MembershipPolicyException. USER_GROUP_MEMBERSHIP_REQUIRED);
2341    
2342                                    membershipPolicyException.addUserGroup(userGroup);
2343                            }
2344    
2345                            membershipPolicyException.addUser(user);
2346                    }
2347    
2348                    if (membershipPolicyException != null) {
2349                            throw membershipPolicyException;
2350                    }
2351            }
2352    
2353            protected long[] checkUserGroupIds(long userId, long[] userGroupIds)
2354                    throws PortalException, SystemException {
2355    
2356                    long[] oldUserGroupIds = null;
2357    
2358                    PermissionChecker permissionChecker = getPermissionChecker();
2359    
2360                    User user = null;
2361    
2362                    if (userId != CompanyConstants.SYSTEM) {
2363    
2364                            // Add back any user groups that the administrator does not have the
2365                            // rights to remove or that have a mandatory membership
2366    
2367                            user = userPersistence.findByPrimaryKey(userId);
2368    
2369                            Set<UserGroup> mandatoryUserGroups =
2370                                    MembershipPolicyUtil.getMandatoryUserGroups(user);
2371    
2372                            List<UserGroup> oldUserGroups =
2373                                    userGroupLocalService.getUserUserGroups(userId);
2374    
2375                            oldUserGroupIds = new long[oldUserGroups.size()];
2376    
2377                            for (int i = 0; i < oldUserGroups.size(); i++) {
2378                                    UserGroup userGroup = oldUserGroups.get(i);
2379    
2380                                    if (!ArrayUtil.contains(
2381                                                    userGroupIds, userGroup.getUserGroupId()) &&
2382                                            (!UserGroupPermissionUtil.contains(
2383                                                    permissionChecker, userGroup.getUserGroupId(),
2384                                                    ActionKeys.ASSIGN_MEMBERS) ||
2385                                             mandatoryUserGroups.contains(userGroup))) {
2386    
2387                                            userGroupIds = ArrayUtil.append(
2388                                                    userGroupIds, userGroup.getUserGroupId());
2389                                    }
2390    
2391                                    oldUserGroupIds[i] = userGroup.getUserGroupId();
2392                            }
2393                    }
2394    
2395                    MembershipPolicyException membershipPolicyException = null;
2396    
2397                    // Check that the administrator has the permission to add a new user
2398                    // group and that the user group membership is allowed
2399    
2400                    for (long userGroupId : userGroupIds) {
2401                            if ((oldUserGroupIds == null) ||
2402                                    !ArrayUtil.contains(oldUserGroupIds, userGroupId)) {
2403    
2404                                    UserGroupPermissionUtil.check(
2405                                            permissionChecker, userGroupId, ActionKeys.ASSIGN_MEMBERS);
2406    
2407                                    UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
2408                                            userGroupId);
2409    
2410                                    if (!MembershipPolicyUtil.isMembershipAllowed(
2411                                                    userGroup, user)) {
2412    
2413                                            if (membershipPolicyException == null) {
2414                                                    membershipPolicyException =
2415                                                            new MembershipPolicyException(
2416                                                                    MembershipPolicyException.
2417                                                                            USER_GROUP_MEMBERSHIP_NOT_ALLOWED);
2418    
2419                                                    membershipPolicyException.addUser(user);
2420                                            }
2421    
2422                                            membershipPolicyException.addUserGroup(userGroup);
2423                                    }
2424                            }
2425                    }
2426    
2427                    if (membershipPolicyException != null) {
2428                            throw membershipPolicyException;
2429                    }
2430    
2431                    return userGroupIds;
2432            }
2433    
2434            protected List<UserGroupRole> checkUserGroupRoles(
2435                            long userId, List<UserGroupRole> userGroupRoles)
2436                    throws PortalException, SystemException {
2437    
2438                    List<UserGroupRole> oldUserGroupRoles = null;
2439    
2440                    PermissionChecker permissionChecker = getPermissionChecker();
2441    
2442                    User user = userPersistence.findByPrimaryKey(userId);
2443    
2444                    if (userId != CompanyConstants.SYSTEM) {
2445    
2446                            // Add back any user group roles that the administrator does not
2447                            // have the rights to remove or that have a mandatory membership
2448    
2449                            Set<Role> mandatoryRoles = MembershipPolicyUtil.getMandatoryRoles(
2450                                    user.getGroup(), user);
2451    
2452                            oldUserGroupRoles = userGroupRoleLocalService.getUserGroupRoles(
2453                                    userId);
2454    
2455                            for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
2456                                    Role role = oldUserGroupRole.getRole();
2457    
2458                                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
2459                                            Group group = oldUserGroupRole.getGroup();
2460    
2461                                            Organization organization =
2462                                                    organizationPersistence.findByPrimaryKey(
2463                                                            group.getOrganizationId());
2464    
2465                                            Set<Role> mandatoryOrganizationRoles =
2466                                                    MembershipPolicyUtil.getMandatoryRoles(
2467                                                            organization, user);
2468    
2469                                            if (!userGroupRoles.contains(oldUserGroupRole) &&
2470                                                    (!UserGroupRolePermissionUtil.contains(
2471                                                            permissionChecker, oldUserGroupRole.getGroupId(),
2472                                                            oldUserGroupRole.getRoleId()) ||
2473                                                     MembershipPolicyUtil.isMembershipProtected(
2474                                                             getPermissionChecker(),
2475                                                            oldUserGroupRole.getGroup(), role, user) ||
2476                                                     mandatoryOrganizationRoles.contains(role))) {
2477    
2478                                                    userGroupRoles.add(oldUserGroupRole);
2479                                            }
2480                                    }
2481                                    else if (role.getType() == RoleConstants.TYPE_SITE) {
2482                                            if (!userGroupRoles.contains(oldUserGroupRole) &&
2483                                                    (!UserGroupRolePermissionUtil.contains(
2484                                                            permissionChecker, oldUserGroupRole.getGroupId(),
2485                                                            oldUserGroupRole.getRoleId()) ||
2486                                                     MembershipPolicyUtil.isMembershipProtected(
2487                                                             getPermissionChecker(),
2488                                                             oldUserGroupRole.getGroup(), role, user) ||
2489                                                     mandatoryRoles.contains(role))) {
2490    
2491                                                    userGroupRoles.add(oldUserGroupRole);
2492                                            }
2493                                    }
2494                            }
2495                    }
2496    
2497                    MembershipPolicyException membershipPolicyException = null;
2498    
2499                    // Check that the administrator has the permission to add a new user
2500                    // group role and that the user group role membership is allowed
2501    
2502                    for (UserGroupRole userGroupRole : userGroupRoles) {
2503                            Role role = userGroupRole.getRole();
2504    
2505                            if ((oldUserGroupRoles == null) ||
2506                                    !oldUserGroupRoles.contains(userGroupRole)) {
2507    
2508                                    UserGroupRolePermissionUtil.check(
2509                                            permissionChecker, userGroupRole.getGroupId(),
2510                                            userGroupRole.getRoleId());
2511    
2512                                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
2513                                            Group group = userGroupRole.getGroup();
2514    
2515                                            long organizationId = group.getOrganizationId();
2516    
2517                                            Organization organization =
2518                                                    organizationPersistence.findByPrimaryKey(
2519                                                            organizationId);
2520    
2521                                            if (!MembershipPolicyUtil.isMembershipAllowed(
2522                                                            organization, role, user)) {
2523    
2524                                                    if (membershipPolicyException == null) {
2525                                                            membershipPolicyException =
2526                                                                    new MembershipPolicyException(
2527                                                                            MembershipPolicyException.
2528                                                                                    ROLE_MEMBERSHIP_NOT_ALLOWED);
2529    
2530                                                            membershipPolicyException.addUser(user);
2531                                                    }
2532    
2533                                                    membershipPolicyException.addRole(role);
2534                                            }
2535                                    }
2536                                    else if (role.getType() == RoleConstants.TYPE_SITE) {
2537                                            if (!MembershipPolicyUtil.isMembershipAllowed(
2538                                                            userGroupRole.getGroup(), role, user)) {
2539    
2540                                                    if (membershipPolicyException == null) {
2541                                                            membershipPolicyException =
2542                                                                    new MembershipPolicyException(
2543                                                                            MembershipPolicyException.
2544                                                                                    ROLE_MEMBERSHIP_NOT_ALLOWED);
2545    
2546                                                            membershipPolicyException.addUser(user);
2547                                                    }
2548    
2549                                                    membershipPolicyException.addRole(role);
2550                                            }
2551                                    }
2552                            }
2553                    }
2554    
2555                    if (membershipPolicyException != null) {
2556                            throw membershipPolicyException;
2557                    }
2558    
2559                    return userGroupRoles;
2560            }
2561    
2562            protected void updateAnnouncementsDeliveries(
2563                            long userId, List<AnnouncementsDelivery> announcementsDeliveries)
2564                    throws PortalException, SystemException {
2565    
2566                    for (AnnouncementsDelivery announcementsDelivery :
2567                                    announcementsDeliveries) {
2568    
2569                            announcementsDeliveryService.updateDelivery(
2570                                    userId, announcementsDelivery.getType(),
2571                                    announcementsDelivery.getEmail(),
2572                                    announcementsDelivery.getSms(),
2573                                    announcementsDelivery.getWebsite());
2574                    }
2575            }
2576    
2577            protected void validateEmailAddress(User user, String emailAddress)
2578                    throws PortalException, SystemException {
2579    
2580                    PermissionChecker permissionChecker = getPermissionChecker();
2581    
2582                    if (!UsersAdminUtil.hasUpdateEmailAddress(permissionChecker, user)) {
2583                            throw new UserEmailAddressException();
2584                    }
2585    
2586                    if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
2587                            Company company = companyPersistence.findByPrimaryKey(
2588                                    user.getCompanyId());
2589    
2590                            if (!company.isStrangersWithMx()) {
2591                                    throw new ReservedUserEmailAddressException();
2592                            }
2593                    }
2594            }
2595    
2596            protected void validateOrganizationUsers(long[] userIds)
2597                    throws PortalException, SystemException {
2598    
2599                    PermissionChecker permissionChecker = getPermissionChecker();
2600    
2601                    if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
2602                            permissionChecker.isCompanyAdmin()) {
2603    
2604                            return;
2605                    }
2606    
2607                    for (long userId : userIds) {
2608                            boolean allowed = false;
2609    
2610                            List<Organization> organizations =
2611                                    organizationLocalService.getUserOrganizations(userId);
2612    
2613                            for (Organization organization : organizations) {
2614                                    if (OrganizationPermissionUtil.contains(
2615                                                    permissionChecker, organization,
2616                                                    ActionKeys.MANAGE_USERS)) {
2617    
2618                                            allowed = true;
2619    
2620                                            break;
2621                                    }
2622                            }
2623    
2624                            if (!allowed) {
2625                                    throw new PrincipalException();
2626                            }
2627                    }
2628            }
2629    
2630            protected void validateScreenName(User user, String screenName)
2631                    throws PortalException, SystemException {
2632    
2633                    PermissionChecker permissionChecker = getPermissionChecker();
2634    
2635                    if (!UsersAdminUtil.hasUpdateScreenName(permissionChecker, user)) {
2636                            throw new UserScreenNameException();
2637                    }
2638            }
2639    
2640    }