001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.ArrayUtil;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Role;
022 import com.liferay.portal.model.RoleConstants;
023 import com.liferay.portal.model.User;
024 import com.liferay.portal.security.auth.MembershipPolicyException;
025 import com.liferay.portal.security.auth.MembershipPolicyUtil;
026 import com.liferay.portal.service.base.UserGroupRoleServiceBaseImpl;
027 import com.liferay.portal.service.permission.UserGroupRolePermissionUtil;
028 import com.liferay.portlet.usersadmin.util.UsersAdminUtil;
029
030 import java.util.Set;
031
032
035 public class UserGroupRoleServiceImpl extends UserGroupRoleServiceBaseImpl {
036
037 public void addUserGroupRoles(long userId, long groupId, long[] roleIds)
038 throws PortalException, SystemException {
039
040 for (long roleId : roleIds) {
041 UserGroupRolePermissionUtil.check(
042 getPermissionChecker(), groupId, roleId);
043 }
044
045 checkAddUserGroupRolesMembershipPolicy(
046 new long[] {userId}, groupId, roleIds);
047
048 userGroupRoleLocalService.addUserGroupRoles(userId, groupId, roleIds);
049 }
050
051 public void addUserGroupRoles(long[] userIds, long groupId, long roleId)
052 throws PortalException, SystemException {
053
054 UserGroupRolePermissionUtil.check(
055 getPermissionChecker(), groupId, roleId);
056
057 checkAddUserGroupRolesMembershipPolicy(
058 userIds, groupId, new long[] {roleId});
059
060 userGroupRoleLocalService.addUserGroupRoles(userIds, groupId, roleId);
061 }
062
063 public void deleteUserGroupRoles(long userId, long groupId, long[] roleIds)
064 throws PortalException, SystemException {
065
066 long[] filteredRoleIds = roleIds;
067
068 Group group = groupPersistence.findByPrimaryKey(groupId);
069 User user = userPersistence.findByPrimaryKey(userId);
070
071 for (long roleId : roleIds) {
072 UserGroupRolePermissionUtil.check(
073 getPermissionChecker(), groupId, roleId);
074
075 Role role = roleLocalService.getRole(roleId);
076
077 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
078 (role.getType() == RoleConstants.TYPE_SITE)) {
079
080 if (MembershipPolicyUtil.isMembershipProtected(
081 getPermissionChecker(), group, role, user)) {
082
083 filteredRoleIds = ArrayUtil.remove(filteredRoleIds, roleId);
084 }
085 }
086 }
087
088 if (filteredRoleIds.length == 0) {
089 return;
090 }
091
092 checkDeleteUserGroupRolesMembershipPolicy(
093 new long[] {userId}, groupId, filteredRoleIds);
094
095 userGroupRoleLocalService.deleteUserGroupRoles(
096 userId, groupId, filteredRoleIds);
097 }
098
099 public void deleteUserGroupRoles(long[] userIds, long groupId, long roleId)
100 throws PortalException, SystemException {
101
102 UserGroupRolePermissionUtil.check(
103 getPermissionChecker(), groupId, roleId);
104
105 Role role = roleLocalService.getRole(roleId);
106
107 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
108 (role.getType() == RoleConstants.TYPE_SITE)) {
109
110 userIds = UsersAdminUtil.filterDeleteGroupRoleUserIds(
111 getPermissionChecker(), groupId, role.getRoleId(), userIds);
112 }
113
114 if (userIds.length == 0) {
115 return;
116 }
117
118 checkDeleteUserGroupRolesMembershipPolicy(
119 userIds, groupId, new long[] {roleId});
120
121 userGroupRoleLocalService.deleteUserGroupRoles(
122 userIds, groupId, roleId);
123 }
124
125 protected void checkAddUserGroupRolesMembershipPolicy(
126 long[] userIds, long groupId, long[] roleIds)
127 throws PortalException, SystemException {
128
129 MembershipPolicyException membershipPolicyException = null;
130
131 Group group = groupLocalService.getGroup(groupId);
132
133 for (long roleId : roleIds) {
134 Role role = rolePersistence.findByPrimaryKey(roleId);
135
136 for (long userId : userIds) {
137 User user = userPersistence.findByPrimaryKey(userId);
138
139 if (MembershipPolicyUtil.isMembershipAllowed(
140 group, role, user)) {
141
142 continue;
143 }
144
145 if (membershipPolicyException == null) {
146 membershipPolicyException = new MembershipPolicyException(
147 MembershipPolicyException.ROLE_MEMBERSHIP_NOT_ALLOWED);
148
149 membershipPolicyException.addGroup(group);
150 }
151
152 if (!membershipPolicyException.getUsers().contains(user)) {
153 membershipPolicyException.addUser(user);
154 }
155
156 if (!membershipPolicyException.getRoles().contains(role)) {
157 membershipPolicyException.addRole(role);
158 }
159 }
160 }
161
162 if (membershipPolicyException!= null) {
163 throw membershipPolicyException;
164 }
165 }
166
167 protected void checkDeleteUserGroupRolesMembershipPolicy(
168 long[] userIds, long groupId, long[] roleIds)
169 throws PortalException, SystemException {
170
171 MembershipPolicyException membershipPolicyException = null;
172
173 Group group = groupLocalService.getGroup(groupId);
174
175 for (long roleId : roleIds) {
176 Role role = rolePersistence.findByPrimaryKey(roleId);
177
178 for (long userId : userIds) {
179 User user = userPersistence.findByPrimaryKey(userId);
180
181 Set<Role> mandatoryRoles =
182 MembershipPolicyUtil.getMandatoryRoles(group, user);
183
184 if (!mandatoryRoles.contains(role)) {
185 continue;
186 }
187
188 if (membershipPolicyException == null) {
189 membershipPolicyException = new MembershipPolicyException(
190 MembershipPolicyException.ROLE_MEMBERSHIP_REQUIRED);
191
192 membershipPolicyException.addGroup(group);
193 }
194
195 if (!membershipPolicyException.getUsers().contains(user)) {
196 membershipPolicyException.addUser(user);
197 }
198
199 if (!membershipPolicyException.getRoles().contains(role)) {
200 membershipPolicyException.addRole(role);
201 }
202 }
203 }
204
205 if (membershipPolicyException!= null) {
206 throw membershipPolicyException;
207 }
208 }
209
210 }