001 /** 002 * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.DuplicateRoleException; 018 import com.liferay.portal.NoSuchRoleException; 019 import com.liferay.portal.NoSuchShardException; 020 import com.liferay.portal.RequiredRoleException; 021 import com.liferay.portal.RoleNameException; 022 import com.liferay.portal.kernel.cache.Lifecycle; 023 import com.liferay.portal.kernel.cache.ThreadLocalCachable; 024 import com.liferay.portal.kernel.cache.ThreadLocalCache; 025 import com.liferay.portal.kernel.cache.ThreadLocalCacheManager; 026 import com.liferay.portal.kernel.dao.shard.ShardUtil; 027 import com.liferay.portal.kernel.exception.PortalException; 028 import com.liferay.portal.kernel.exception.SystemException; 029 import com.liferay.portal.kernel.lar.ExportImportThreadLocal; 030 import com.liferay.portal.kernel.search.Indexer; 031 import com.liferay.portal.kernel.search.IndexerRegistryUtil; 032 import com.liferay.portal.kernel.spring.aop.Skip; 033 import com.liferay.portal.kernel.transaction.Propagation; 034 import com.liferay.portal.kernel.transaction.Transactional; 035 import com.liferay.portal.kernel.util.CharPool; 036 import com.liferay.portal.kernel.util.GetterUtil; 037 import com.liferay.portal.kernel.util.LocaleUtil; 038 import com.liferay.portal.kernel.util.OrderByComparator; 039 import com.liferay.portal.kernel.util.StringUtil; 040 import com.liferay.portal.kernel.util.Validator; 041 import com.liferay.portal.model.Company; 042 import com.liferay.portal.model.Group; 043 import com.liferay.portal.model.Layout; 044 import com.liferay.portal.model.ResourceAction; 045 import com.liferay.portal.model.ResourceConstants; 046 import com.liferay.portal.model.ResourcePermission; 047 import com.liferay.portal.model.Role; 048 import com.liferay.portal.model.RoleConstants; 049 import com.liferay.portal.model.Shard; 050 import com.liferay.portal.model.Team; 051 import com.liferay.portal.model.User; 052 import com.liferay.portal.security.auth.MembershipPolicyUtil; 053 import com.liferay.portal.security.permission.ActionKeys; 054 import com.liferay.portal.security.permission.PermissionCacheUtil; 055 import com.liferay.portal.service.ServiceContext; 056 import com.liferay.portal.service.base.RoleLocalServiceBaseImpl; 057 import com.liferay.portal.util.PortalUtil; 058 import com.liferay.portal.util.PortletKeys; 059 import com.liferay.portal.util.PropsUtil; 060 import com.liferay.portal.util.PropsValues; 061 import com.liferay.portlet.usersadmin.util.UsersAdminUtil; 062 063 import java.util.ArrayList; 064 import java.util.Arrays; 065 import java.util.Collections; 066 import java.util.HashMap; 067 import java.util.LinkedHashMap; 068 import java.util.List; 069 import java.util.Locale; 070 import java.util.Map; 071 import java.util.Set; 072 073 /** 074 * The implementation of the role local service. 075 * 076 * @author Brian Wing Shun Chan 077 * @author Marcellus Tavares 078 */ 079 public class RoleLocalServiceImpl extends RoleLocalServiceBaseImpl { 080 081 /** 082 * Adds a role. The user is reindexed after role is added. 083 * 084 * @param userId the primary key of the user 085 * @param companyId the primary key of the company 086 * @param name the role's name 087 * @param titleMap the role's localized titles (optionally 088 * <code>null</code>) 089 * @param descriptionMap the role's localized descriptions (optionally 090 * <code>null</code>) 091 * @param type the role's type (optionally <code>0</code>) 092 * @return the role 093 * @throws PortalException if the class name or the role name were 094 * invalid, if the role is a duplicate, or if a user with the 095 * primary key could not be found 096 * @throws SystemException if a system exception occurred 097 * @deprecated {@link #addRole(long, String, long, String, Map, Map, int, 098 * String, ServiceContext)} 099 */ 100 public Role addRole( 101 long userId, long companyId, String name, 102 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 103 int type) 104 throws PortalException, SystemException { 105 106 return addRole( 107 userId, null, 0, name, titleMap, descriptionMap, type, null, null); 108 } 109 110 /** 111 * Adds a role with additional parameters. The user is reindexed after role 112 * is added. 113 * 114 * @param userId the primary key of the user 115 * @param companyId the primary key of the company 116 * @param name the role's name 117 * @param titleMap the role's localized titles (optionally 118 * <code>null</code>) 119 * @param descriptionMap the role's localized descriptions (optionally 120 * <code>null</code>) 121 * @param type the role's type (optionally <code>0</code>) 122 * @param className the name of the class for which the role is created 123 * (optionally <code>null</code>) 124 * @param classPK the primary key of the class for which the role is 125 * created (optionally <code>0</code>) 126 * @return the role 127 * @throws PortalException if the class name or the role name were 128 * invalid, if the role is a duplicate, or if a user with the 129 * primary key could not be found 130 * @throws SystemException if a system exception occurred 131 * @deprecated {@link #addRole(long, String, long, String, Map, Map, int, 132 * String, ServiceContext)} 133 */ 134 public Role addRole( 135 long userId, long companyId, String name, 136 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 137 int type, String className, long classPK) 138 throws PortalException, SystemException { 139 140 return addRole( 141 userId, className, classPK, name, titleMap, descriptionMap, type, 142 null, null); 143 } 144 145 /** 146 * Adds a role with additional parameters. The user is reindexed after role 147 * is added. 148 * 149 * @param userId the primary key of the user 150 * @param className the name of the class for which the role is created 151 * (optionally <code>null</code>) 152 * @param classPK the primary key of the class for which the role is 153 * created (optionally <code>0</code>) 154 * @param name the role's name 155 * @param titleMap the role's localized titles (optionally 156 * <code>null</code>) 157 * @param descriptionMap the role's localized descriptions (optionally 158 * <code>null</code>) 159 * @param type the role's type (optionally <code>0</code>) 160 * @param subType the role's subtype (optionally <code>null</code>) 161 * @param serviceContext the roles's service context (optionally 162 * <code>null</code>). Can set expando bridge attributes for the 163 * role. 164 * @return the role 165 * @throws PortalException if the class name or the role name were invalid, 166 * if the role is a duplicate, or if a user with the primary key 167 * could not be found 168 * @throws SystemException if a system exception occurred 169 */ 170 public Role addRole( 171 long userId, String className, long classPK, String name, 172 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 173 int type, String subType, ServiceContext serviceContext) 174 throws PortalException, SystemException { 175 176 // Role 177 178 User user = userPersistence.findByPrimaryKey(userId); 179 className = GetterUtil.getString(className); 180 long classNameId = PortalUtil.getClassNameId(className); 181 182 long roleId = counterLocalService.increment(); 183 184 if ((classNameId <= 0) || className.equals(Role.class.getName())) { 185 classNameId = PortalUtil.getClassNameId(Role.class); 186 classPK = roleId; 187 } 188 189 validate(0, user.getCompanyId(), classNameId, name); 190 191 Role role = rolePersistence.create(roleId); 192 193 role.setCompanyId(user.getCompanyId()); 194 role.setClassNameId(classNameId); 195 role.setClassPK(classPK); 196 role.setName(name); 197 role.setTitleMap(titleMap); 198 role.setDescriptionMap(descriptionMap); 199 role.setType(type); 200 role.setSubtype(subType); 201 role.setExpandoBridgeAttributes(serviceContext); 202 203 rolePersistence.update(role); 204 205 // Resources 206 207 if (!user.isDefaultUser()) { 208 resourceLocalService.addResources( 209 user.getCompanyId(), 0, userId, Role.class.getName(), 210 role.getRoleId(), false, false, false); 211 212 if (!ExportImportThreadLocal.isImportInProcess()) { 213 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer( 214 User.class); 215 216 indexer.reindex(userId); 217 } 218 } 219 220 return role; 221 } 222 223 /** 224 * Adds the roles to the user. The user is reindexed after the roles are 225 * added. 226 * 227 * @param userId the primary key of the user 228 * @param roleIds the primary keys of the roles 229 * @throws PortalException if a user with the primary key could not be found 230 * @throws SystemException if a system exception occurred 231 * @see com.liferay.portal.service.persistence.UserPersistence#addRoles( 232 * long, long[]) 233 */ 234 public void addUserRoles(long userId, long[] roleIds) 235 throws PortalException, SystemException { 236 237 userPersistence.addRoles(userId, roleIds); 238 239 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 240 241 indexer.reindex(userId); 242 243 PermissionCacheUtil.clearCache(); 244 } 245 246 public void checkMembershipPolicy(User user) 247 throws PortalException, SystemException { 248 249 List<Role> roles = getUserRoles(user.getUserId()); 250 251 for (Role role : roles) { 252 if (!MembershipPolicyUtil.isMembershipAllowed(role, user)) { 253 unsetUserRoles(user.getUserId(), new long[] {role.getRoleId()}); 254 } 255 } 256 257 Set<Role> mandatoryRoles = MembershipPolicyUtil.getMandatoryRoles(user); 258 259 for (Role role : mandatoryRoles) { 260 if (!hasUserRole(user.getUserId(), role.getRoleId())) { 261 addUserRoles(user.getUserId(), new long[] {role.getRoleId()}); 262 } 263 } 264 } 265 266 /** 267 * Checks to ensure that the system roles map has appropriate default roles 268 * in each company. 269 * 270 * @throws PortalException if the current user did not have permission to 271 * set applicable permissions on a role 272 * @throws SystemException if a system exception occurred 273 */ 274 public void checkSystemRoles() throws PortalException, SystemException { 275 List<Company> companies = companyLocalService.getCompanies(); 276 277 String currentShardName = ShardUtil.getCurrentShardName(); 278 279 for (Company company : companies) { 280 String shardName = null; 281 282 try { 283 shardName = company.getShardName(); 284 } 285 catch (NoSuchShardException nsse) { 286 Shard shard = shardLocalService.addShard( 287 Company.class.getName(), company.getCompanyId(), 288 PropsValues.SHARD_DEFAULT_NAME); 289 290 shardName = shard.getName(); 291 } 292 293 if (!ShardUtil.isEnabled() || shardName.equals(currentShardName)) { 294 checkSystemRoles(company.getCompanyId()); 295 } 296 } 297 } 298 299 /** 300 * Checks to ensure that the system roles map has appropriate default roles 301 * in the company. 302 * 303 * @param companyId the primary key of the company 304 * @throws PortalException if the current user did not have permission to 305 * set applicable permissions on a role 306 * @throws SystemException if a system exception occurred 307 */ 308 @Transactional(propagation = Propagation.SUPPORTS, readOnly = true) 309 public void checkSystemRoles(long companyId) 310 throws PortalException, SystemException { 311 312 String companyIdHexString = StringUtil.toHexString(companyId); 313 314 for (Role role : roleFinder.findBySystem(companyId)) { 315 _systemRolesMap.put( 316 companyIdHexString.concat(role.getName()), role); 317 } 318 319 // Regular roles 320 321 String[] systemRoles = PortalUtil.getSystemRoles(); 322 323 for (String name : systemRoles) { 324 String key = 325 "system.role." + 326 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 327 ".description"; 328 329 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 330 331 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 332 333 int type = RoleConstants.TYPE_REGULAR; 334 335 checkSystemRole(companyId, name, descriptionMap, type); 336 } 337 338 // Organization roles 339 340 String[] systemOrganizationRoles = 341 PortalUtil.getSystemOrganizationRoles(); 342 343 for (String name : systemOrganizationRoles) { 344 String key = 345 "system.organization.role." + 346 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 347 ".description"; 348 349 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 350 351 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 352 353 int type = RoleConstants.TYPE_ORGANIZATION; 354 355 checkSystemRole(companyId, name, descriptionMap, type); 356 } 357 358 // Site roles 359 360 String[] systemSiteRoles = PortalUtil.getSystemSiteRoles(); 361 362 for (String name : systemSiteRoles) { 363 String key = 364 "system.site.role." + 365 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 366 ".description"; 367 368 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 369 370 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 371 372 int type = RoleConstants.TYPE_SITE; 373 374 checkSystemRole(companyId, name, descriptionMap, type); 375 } 376 } 377 378 /** 379 * Deletes the role with the primary key and its associated permissions. 380 * 381 * @param roleId the primary key of the role 382 * @return the deleted role 383 * @throws PortalException if a role with the primary key could not be 384 * found, if the role is a default system role, or if the role's 385 * resource could not be found 386 * @throws SystemException if a system exception occurred 387 */ 388 @Override 389 public Role deleteRole(long roleId) 390 throws PortalException, SystemException { 391 392 Role role = rolePersistence.findByPrimaryKey(roleId); 393 394 return deleteRole(role); 395 } 396 397 /** 398 * Deletes the role and its associated permissions. 399 * 400 * @param role the role 401 * @return the deleted role 402 * @throws PortalException if the role is a default system role or if the 403 * role's resource could not be found 404 * @throws SystemException if a system exception occurred 405 */ 406 @Override 407 public Role deleteRole(Role role) throws PortalException, SystemException { 408 if (PortalUtil.isSystemRole(role.getName())) { 409 throw new RequiredRoleException(); 410 } 411 412 // Resources 413 414 List<ResourcePermission> resourcePermissions = 415 resourcePermissionPersistence.findByRoleId(role.getRoleId()); 416 417 for (ResourcePermission resourcePermission : resourcePermissions) { 418 resourcePermissionLocalService.deleteResourcePermission( 419 resourcePermission); 420 } 421 422 String className = role.getClassName(); 423 long classNameId = role.getClassNameId(); 424 425 if ((classNameId <= 0) || className.equals(Role.class.getName())) { 426 resourceLocalService.deleteResource( 427 role.getCompanyId(), Role.class.getName(), 428 ResourceConstants.SCOPE_INDIVIDUAL, role.getRoleId()); 429 } 430 431 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) || 432 (role.getType() == RoleConstants.TYPE_SITE)) { 433 434 userGroupRoleLocalService.deleteUserGroupRolesByRoleId( 435 role.getRoleId()); 436 437 userGroupGroupRoleLocalService.deleteUserGroupGroupRolesByRoleId( 438 role.getRoleId()); 439 } 440 441 // Role 442 443 rolePersistence.remove(role); 444 445 // Expando 446 447 expandoValueLocalService.deleteValues( 448 Role.class.getName(), role.getRoleId()); 449 450 // Permission cache 451 452 PermissionCacheUtil.clearCache(); 453 454 return role; 455 } 456 457 /** 458 * Returns the role with the name in the company. 459 * 460 * <p> 461 * The method searches the system roles map first for default roles. If a 462 * role with the name is not found, then the method will query the database. 463 * </p> 464 * 465 * @param companyId the primary key of the company 466 * @param name the role's name 467 * @return Returns the role with the name or <code>null</code> if a role 468 * with the name could not be found in the company 469 * @throws SystemException if a system exception occurred 470 */ 471 @Skip 472 public Role fetchRole(long companyId, String name) throws SystemException { 473 String companyIdHexString = StringUtil.toHexString(companyId); 474 475 Role role = _systemRolesMap.get(companyIdHexString.concat(name)); 476 477 if (role != null) { 478 return role; 479 } 480 481 return roleLocalService.loadFetchRole(companyId, name); 482 } 483 484 /** 485 * Returns the default role for the group with the primary key. 486 * 487 * <p> 488 * If the group is a site, then the default role is {@link 489 * com.liferay.portal.model.RoleConstants#SITE_MEMBER}. If the group is an 490 * organization, then the default role is {@link 491 * com.liferay.portal.model.RoleConstants#ORGANIZATION_USER}. If the group 492 * is a user or user group, then the default role is {@link 493 * com.liferay.portal.model.RoleConstants#POWER_USER}. For all other group 494 * types, the default role is {@link 495 * com.liferay.portal.model.RoleConstants#USER}. 496 * </p> 497 * 498 * @param groupId the primary key of the group 499 * @return the default role for the group with the primary key 500 * @throws PortalException if a group with the primary key could not be 501 * found, or if a default role could not be found for the group 502 * @throws SystemException if a system exception occurred 503 */ 504 public Role getDefaultGroupRole(long groupId) 505 throws PortalException, SystemException { 506 507 Group group = groupPersistence.findByPrimaryKey(groupId); 508 509 if (group.isLayout()) { 510 Layout layout = layoutLocalService.getLayout(group.getClassPK()); 511 512 group = layout.getGroup(); 513 } 514 515 if (group.isStagingGroup()) { 516 group = group.getLiveGroup(); 517 } 518 519 Role role = null; 520 521 if (group.isCompany()) { 522 role = getRole(group.getCompanyId(), RoleConstants.USER); 523 } 524 else if (group.isLayoutPrototype() || group.isLayoutSetPrototype() || 525 group.isRegularSite() || group.isSite()) { 526 527 role = getRole(group.getCompanyId(), RoleConstants.SITE_MEMBER); 528 } 529 else if (group.isOrganization()) { 530 role = getRole( 531 group.getCompanyId(), RoleConstants.ORGANIZATION_USER); 532 } 533 else if (group.isUser() || group.isUserGroup()) { 534 role = getRole(group.getCompanyId(), RoleConstants.POWER_USER); 535 } 536 else { 537 role = getRole(group.getCompanyId(), RoleConstants.USER); 538 } 539 540 return role; 541 } 542 543 /** 544 * Returns all the roles associated with the group. 545 * 546 * @param groupId the primary key of the group 547 * @return the roles associated with the group 548 * @throws SystemException if a system exception occurred 549 */ 550 public List<Role> getGroupRoles(long groupId) throws SystemException { 551 return groupPersistence.getRoles(groupId); 552 } 553 554 public List<Role> getResourceBlockRoles( 555 long resourceBlockId, String className, String actionId) 556 throws SystemException { 557 558 return roleFinder.findByR_N_A(resourceBlockId, className, actionId); 559 } 560 561 /** 562 * Returns a map of role names to associated action IDs for the named 563 * resource in the company within the permission scope. 564 * 565 * @param companyId the primary key of the company 566 * @param name the resource name 567 * @param scope the permission scope 568 * @param primKey the primary key of the resource's class 569 * @return the role names and action IDs 570 * @throws SystemException if a system exception occurred 571 * @see com.liferay.portal.service.persistence.RoleFinder#findByC_N_S_P( 572 * long, String, int, String) 573 */ 574 public Map<String, List<String>> getResourceRoles( 575 long companyId, String name, int scope, String primKey) 576 throws SystemException { 577 578 return roleFinder.findByC_N_S_P(companyId, name, scope, primKey); 579 } 580 581 /** 582 * Returns all the roles associated with the action ID in the company within 583 * the permission scope. 584 * 585 * @param companyId the primary key of the company 586 * @param name the resource name 587 * @param scope the permission scope 588 * @param primKey the primary key of the resource's class 589 * @param actionId the name of the resource action 590 * @return the roles 591 * @throws SystemException if a system exception occurred 592 * @see com.liferay.portal.service.persistence.RoleFinder#findByC_N_S_P_A( 593 * long, String, int, String, String) 594 */ 595 public List<Role> getResourceRoles( 596 long companyId, String name, int scope, String primKey, 597 String actionId) 598 throws SystemException { 599 600 return roleFinder.findByC_N_S_P_A( 601 companyId, name, scope, primKey, actionId); 602 } 603 604 /** 605 * Returns the role with the name in the company. 606 * 607 * <p> 608 * The method searches the system roles map first for default roles. If a 609 * role with the name is not found, then the method will query the database. 610 * </p> 611 * 612 * @param companyId the primary key of the company 613 * @param name the role's name 614 * @return the role with the name 615 * @throws PortalException if a role with the name could not be found in the 616 * company 617 * @throws SystemException if a system exception occurred 618 */ 619 @Skip 620 public Role getRole(long companyId, String name) 621 throws PortalException, SystemException { 622 623 String companyIdHexString = StringUtil.toHexString(companyId); 624 625 Role role = _systemRolesMap.get(companyIdHexString.concat(name)); 626 627 if (role != null) { 628 return role; 629 } 630 631 return roleLocalService.loadGetRole(companyId, name); 632 } 633 634 /** 635 * Returns all the roles of the type and subtype. 636 * 637 * @param type the role's type (optionally <code>0</code>) 638 * @param subtype the role's subtype (optionally <code>null</code>) 639 * @return the roles of the type and subtype 640 * @throws SystemException if a system exception occurred 641 */ 642 public List<Role> getRoles(int type, String subtype) 643 throws SystemException { 644 645 return rolePersistence.findByT_S(type, subtype); 646 } 647 648 /** 649 * Returns all the roles in the company. 650 * 651 * @param companyId the primary key of the company 652 * @return the roles in the company 653 * @throws SystemException if a system exception occurred 654 */ 655 public List<Role> getRoles(long companyId) throws SystemException { 656 return rolePersistence.findByCompanyId(companyId); 657 } 658 659 /** 660 * Returns all the roles with the primary keys. 661 * 662 * @param roleIds the primary keys of the roles 663 * @return the roles with the primary keys 664 * @throws PortalException if any one of the roles with the primary keys 665 * could not be found 666 * @throws SystemException if a system exception occurred 667 */ 668 public List<Role> getRoles(long[] roleIds) 669 throws PortalException, SystemException { 670 671 List<Role> roles = new ArrayList<Role>(roleIds.length); 672 673 for (long roleId : roleIds) { 674 Role role = getRole(roleId); 675 676 roles.add(role); 677 } 678 679 return roles; 680 } 681 682 /** 683 * Returns all the roles of the subtype. 684 * 685 * @param subtype the role's subtype (optionally <code>null</code>) 686 * @return the roles of the subtype 687 * @throws SystemException if a system exception occurred 688 */ 689 public List<Role> getSubtypeRoles(String subtype) throws SystemException { 690 return rolePersistence.findBySubtype(subtype); 691 } 692 693 /** 694 * Returns the number of roles of the subtype. 695 * 696 * @param subtype the role's subtype (optionally <code>null</code>) 697 * @return the number of roles of the subtype 698 * @throws SystemException if a system exception occurred 699 */ 700 public int getSubtypeRolesCount(String subtype) throws SystemException { 701 return rolePersistence.countBySubtype(subtype); 702 } 703 704 /** 705 * Returns the team role in the company. 706 * 707 * @param companyId the primary key of the company 708 * @param teamId the primary key of the team 709 * @return the team role in the company 710 * @throws PortalException if a role could not be found in the team and 711 * company 712 * @throws SystemException if a system exception occurred 713 */ 714 public Role getTeamRole(long companyId, long teamId) 715 throws PortalException, SystemException { 716 717 long classNameId = PortalUtil.getClassNameId(Team.class); 718 719 return rolePersistence.findByC_C_C(companyId, classNameId, teamId); 720 } 721 722 /** 723 * Returns all the user's roles within the user group. 724 * 725 * @param userId the primary key of the user 726 * @param groupId the primary key of the group 727 * @return the user's roles within the user group 728 * @throws SystemException if a system exception occurred 729 * @see com.liferay.portal.service.persistence.RoleFinder#findByUserGroupGroupRole( 730 * long, long) 731 */ 732 public List<Role> getUserGroupGroupRoles(long userId, long groupId) 733 throws SystemException { 734 735 return roleFinder.findByUserGroupGroupRole(userId, groupId); 736 } 737 738 /** 739 * Returns all the user's roles within the user group. 740 * 741 * @param userId the primary key of the user 742 * @param groupId the primary key of the group 743 * @return the user's roles within the user group 744 * @throws SystemException if a system exception occurred 745 * @see com.liferay.portal.service.persistence.RoleFinder#findByUserGroupRole( 746 * long, long) 747 */ 748 public List<Role> getUserGroupRoles(long userId, long groupId) 749 throws SystemException { 750 751 return roleFinder.findByUserGroupRole(userId, groupId); 752 } 753 754 /** 755 * Returns the union of all the user's roles within the groups. 756 * 757 * @param userId the primary key of the user 758 * @param groups the groups (optionally <code>null</code>) 759 * @return the union of all the user's roles within the groups 760 * @throws SystemException if a system exception occurred 761 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 762 * long, List) 763 */ 764 public List<Role> getUserRelatedRoles(long userId, List<Group> groups) 765 throws SystemException { 766 767 if ((groups == null) || groups.isEmpty()) { 768 return Collections.emptyList(); 769 } 770 771 return roleFinder.findByU_G(userId, groups); 772 } 773 774 /** 775 * Returns all the user's roles within the group. 776 * 777 * @param userId the primary key of the user 778 * @param groupId the primary key of the group 779 * @return the user's roles within the group 780 * @throws SystemException if a system exception occurred 781 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 782 * long, long) 783 */ 784 public List<Role> getUserRelatedRoles(long userId, long groupId) 785 throws SystemException { 786 787 return roleFinder.findByU_G(userId, groupId); 788 } 789 790 /** 791 * Returns the union of all the user's roles within the groups. 792 * 793 * @param userId the primary key of the user 794 * @param groupIds the primary keys of the groups 795 * @return the union of all the user's roles within the groups 796 * @throws SystemException if a system exception occurred 797 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 798 * long, long[]) 799 */ 800 public List<Role> getUserRelatedRoles(long userId, long[] groupIds) 801 throws SystemException { 802 803 return roleFinder.findByU_G(userId, groupIds); 804 } 805 806 /** 807 * Returns all the roles associated with the user. 808 * 809 * @param userId the primary key of the user 810 * @return the roles associated with the user 811 * @throws SystemException if a system exception occurred 812 */ 813 public List<Role> getUserRoles(long userId) throws SystemException { 814 return userPersistence.getRoles(userId); 815 } 816 817 /** 818 * Returns <code>true</code> if the user is associated with the role. 819 * 820 * @param userId the primary key of the user 821 * @param roleId the primary key of the role 822 * @return <code>true</code> if the user is associated with the role; 823 * <code>false</code> otherwise 824 * @throws SystemException if a system exception occurred 825 */ 826 public boolean hasUserRole(long userId, long roleId) 827 throws SystemException { 828 829 return userPersistence.containsRole(userId, roleId); 830 } 831 832 /** 833 * Returns <code>true</code> if the user is associated with the named 834 * regular role. 835 * 836 * @param userId the primary key of the user 837 * @param companyId the primary key of the company 838 * @param name the name of the role 839 * @param inherited whether to include the user's inherited roles in the 840 * search 841 * @return <code>true</code> if the user is associated with the regular 842 * role; <code>false</code> otherwise 843 * @throws PortalException if a role with the name could not be found in the 844 * company or if a default user for the company could not be found 845 * @throws SystemException if a system exception occurred 846 */ 847 @ThreadLocalCachable 848 public boolean hasUserRole( 849 long userId, long companyId, String name, boolean inherited) 850 throws PortalException, SystemException { 851 852 Role role = rolePersistence.findByC_N(companyId, name); 853 854 if (role.getType() != RoleConstants.TYPE_REGULAR) { 855 throw new IllegalArgumentException(name + " is not a regular role"); 856 } 857 858 long defaultUserId = userLocalService.getDefaultUserId(companyId); 859 860 if (userId == defaultUserId) { 861 if (name.equals(RoleConstants.GUEST)) { 862 return true; 863 } 864 else { 865 return false; 866 } 867 } 868 869 if (inherited) { 870 if (userPersistence.containsRole(userId, role.getRoleId())) { 871 return true; 872 } 873 874 ThreadLocalCache<Integer> threadLocalCache = 875 ThreadLocalCacheManager.getThreadLocalCache( 876 Lifecycle.REQUEST, RoleLocalServiceImpl.class.getName()); 877 878 String key = String.valueOf(role.getRoleId()).concat( 879 String.valueOf(userId)); 880 881 Integer value = threadLocalCache.get(key); 882 883 if (value == null) { 884 value = roleFinder.countByR_U(role.getRoleId(), userId); 885 886 threadLocalCache.put(key, value); 887 } 888 889 if (value > 0) { 890 return true; 891 } 892 else { 893 return false; 894 } 895 } 896 else { 897 return userPersistence.containsRole(userId, role.getRoleId()); 898 } 899 } 900 901 /** 902 * Returns <code>true</code> if the user has any one of the named regular 903 * roles. 904 * 905 * @param userId the primary key of the user 906 * @param companyId the primary key of the company 907 * @param names the names of the roles 908 * @param inherited whether to include the user's inherited roles in the 909 * search 910 * @return <code>true</code> if the user has any one of the regular roles; 911 * <code>false</code> otherwise 912 * @throws PortalException if any one of the roles with the names could not 913 * be found in the company or if the default user for the company 914 * could not be found 915 * @throws SystemException if a system exception occurred 916 */ 917 public boolean hasUserRoles( 918 long userId, long companyId, String[] names, boolean inherited) 919 throws PortalException, SystemException { 920 921 for (String name : names) { 922 if (hasUserRole(userId, companyId, name, inherited)) { 923 return true; 924 } 925 } 926 927 return false; 928 } 929 930 /** 931 * Returns a role with the name in the company. 932 * 933 * @param companyId the primary key of the company 934 * @param name the role's name (optionally <code>null</code>) 935 * @return the role with the name, or <code>null</code> if a role with the 936 * name could not be found in the company 937 * @throws SystemException if a system exception occurred 938 */ 939 public Role loadFetchRole(long companyId, String name) 940 throws SystemException { 941 942 return rolePersistence.fetchByC_N(companyId, name); 943 } 944 945 /** 946 * Returns a role with the name in the company. 947 * 948 * @param companyId the primary key of the company 949 * @param name the role's name 950 * @return the role with the name in the company 951 * @throws PortalException if a role with the name could not be found in the 952 * company 953 * @throws SystemException if a system exception occurred 954 */ 955 public Role loadGetRole(long companyId, String name) 956 throws PortalException, SystemException { 957 958 return rolePersistence.findByC_N(companyId, name); 959 } 960 961 /** 962 * Returns an ordered range of all the roles that match the keywords and 963 * types. 964 * 965 * <p> 966 * Useful when paginating results. Returns a maximum of <code>end - 967 * start</code> instances. <code>start</code> and <code>end</code> are not 968 * primary keys, they are indexes in the result set. Thus, <code>0</code> 969 * refers to the first result in the set. Setting both <code>start</code> 970 * and <code>end</code> to {@link 971 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 972 * result set. 973 * </p> 974 * 975 * @param companyId the primary key of the company 976 * @param keywords the keywords (space separated), which may occur in the 977 * role's name or description (optionally <code>null</code>) 978 * @param types the role types (optionally <code>null</code>) 979 * @param start the lower bound of the range of roles to return 980 * @param end the upper bound of the range of roles to return (not 981 * inclusive) 982 * @param obc the comparator to order the roles (optionally 983 * <code>null</code>) 984 * @return the ordered range of the matching roles, ordered by 985 * <code>obc</code> 986 * @throws SystemException if a system exception occurred 987 * @see com.liferay.portal.service.persistence.RoleFinder 988 */ 989 public List<Role> search( 990 long companyId, String keywords, Integer[] types, int start, 991 int end, OrderByComparator obc) 992 throws SystemException { 993 994 return search( 995 companyId, keywords, types, new LinkedHashMap<String, Object>(), 996 start, end, obc); 997 } 998 999 /** 1000 * Returns an ordered range of all the roles that match the keywords, types, 1001 * and params. 1002 * 1003 * <p> 1004 * Useful when paginating results. Returns a maximum of <code>end - 1005 * start</code> instances. <code>start</code> and <code>end</code> are not 1006 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1007 * refers to the first result in the set. Setting both <code>start</code> 1008 * and <code>end</code> to {@link 1009 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1010 * result set. 1011 * </p> 1012 * 1013 * @param companyId the primary key of the company 1014 * @param keywords the keywords (space separated), which may occur in the 1015 * role's name or description (optionally <code>null</code>) 1016 * @param types the role types (optionally <code>null</code>) 1017 * @param params the finder parameters. Can specify values for the 1018 * "usersRoles" key. For more information, see {@link 1019 * com.liferay.portal.service.persistence.RoleFinder} 1020 * @param start the lower bound of the range of roles to return 1021 * @param end the upper bound of the range of roles to return (not 1022 * inclusive) 1023 * @param obc the comparator to order the roles (optionally 1024 * <code>null</code>) 1025 * @return the ordered range of the matching roles, ordered by 1026 * <code>obc</code> 1027 * @throws SystemException if a system exception occurred 1028 * @see com.liferay.portal.service.persistence.RoleFinder 1029 */ 1030 public List<Role> search( 1031 long companyId, String keywords, Integer[] types, 1032 LinkedHashMap<String, Object> params, int start, int end, 1033 OrderByComparator obc) 1034 throws SystemException { 1035 1036 return roleFinder.findByKeywords( 1037 companyId, keywords, types, params, start, end, obc); 1038 } 1039 1040 /** 1041 * Returns an ordered range of all the roles that match the name, 1042 * description, and types. 1043 * 1044 * <p> 1045 * Useful when paginating results. Returns a maximum of <code>end - 1046 * start</code> instances. <code>start</code> and <code>end</code> are not 1047 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1048 * refers to the first result in the set. Setting both <code>start</code> 1049 * and <code>end</code> to {@link 1050 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1051 * result set. 1052 * </p> 1053 * 1054 * @param companyId the primary key of the company 1055 * @param name the role's name (optionally <code>null</code>) 1056 * @param description the role's description (optionally <code>null</code>) 1057 * @param types the role types (optionally <code>null</code>) 1058 * @param start the lower bound of the range of the roles to return 1059 * @param end the upper bound of the range of the roles to return (not 1060 * inclusive) 1061 * @param obc the comparator to order the roles (optionally 1062 * <code>null</code>) 1063 * @return the ordered range of the matching roles, ordered by 1064 * <code>obc</code> 1065 * @throws SystemException if a system exception occurred 1066 * @see com.liferay.portal.service.persistence.RoleFinder 1067 */ 1068 public List<Role> search( 1069 long companyId, String name, String description, Integer[] types, 1070 int start, int end, OrderByComparator obc) 1071 throws SystemException { 1072 1073 return search( 1074 companyId, name, description, types, 1075 new LinkedHashMap<String, Object>(), start, end, obc); 1076 } 1077 1078 /** 1079 * Returns an ordered range of all the roles that match the name, 1080 * description, types, and params. 1081 * 1082 * <p> 1083 * Useful when paginating results. Returns a maximum of <code>end - 1084 * start</code> instances. <code>start</code> and <code>end</code> are not 1085 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1086 * refers to the first result in the set. Setting both <code>start</code> 1087 * and <code>end</code> to {@link 1088 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1089 * result set. 1090 * </p> 1091 * 1092 * @param companyId the primary key of the company 1093 * @param name the role's name (optionally <code>null</code>) 1094 * @param description the role's description (optionally <code>null</code>) 1095 * @param types the role types (optionally <code>null</code>) 1096 * @param params the finder's parameters. Can specify values for the 1097 * "usersRoles" key. For more information, see {@link 1098 * com.liferay.portal.service.persistence.RoleFinder} 1099 * @param start the lower bound of the range of the roles to return 1100 * @param end the upper bound of the range of the roles to return (not 1101 * inclusive) 1102 * @param obc the comparator to order the roles (optionally 1103 * <code>null</code>) 1104 * @return the ordered range of the matching roles, ordered by 1105 * <code>obc</code> 1106 * @throws SystemException if a system exception occurred 1107 * @see com.liferay.portal.service.persistence.RoleFinder 1108 */ 1109 public List<Role> search( 1110 long companyId, String name, String description, Integer[] types, 1111 LinkedHashMap<String, Object> params, int start, int end, 1112 OrderByComparator obc) 1113 throws SystemException { 1114 1115 return roleFinder.findByC_N_D_T( 1116 companyId, name, description, types, params, true, start, end, obc); 1117 } 1118 1119 /** 1120 * Returns the number of roles that match the keywords and types. 1121 * 1122 * @param companyId the primary key of the company 1123 * @param keywords the keywords (space separated), which may occur in the 1124 * role's name or description (optionally <code>null</code>) 1125 * @param types the role types (optionally <code>null</code>) 1126 * @return the number of matching roles 1127 * @throws SystemException if a system exception occurred 1128 */ 1129 public int searchCount(long companyId, String keywords, Integer[] types) 1130 throws SystemException { 1131 1132 return searchCount( 1133 companyId, keywords, types, new LinkedHashMap<String, Object>()); 1134 } 1135 1136 /** 1137 * Returns the number of roles that match the keywords, types and params. 1138 * 1139 * @param companyId the primary key of the company 1140 * @param keywords the keywords (space separated), which may occur in the 1141 * role's name or description (optionally <code>null</code>) 1142 * @param types the role types (optionally <code>null</code>) 1143 * @param params the finder parameters. For more information, see {@link 1144 * com.liferay.portal.service.persistence.RoleFinder} 1145 * @return the number of matching roles 1146 * @throws SystemException if a system exception occurred 1147 */ 1148 public int searchCount( 1149 long companyId, String keywords, Integer[] types, 1150 LinkedHashMap<String, Object> params) 1151 throws SystemException { 1152 1153 return roleFinder.countByKeywords(companyId, keywords, types, params); 1154 } 1155 1156 /** 1157 * Returns the number of roles that match the name, description, and types. 1158 * 1159 * @param companyId the primary key of the company 1160 * @param name the role's name (optionally <code>null</code>) 1161 * @param description the role's description (optionally <code>null</code>) 1162 * @param types the role types (optionally <code>null</code>) 1163 * @return the number of matching roles 1164 * @throws SystemException if a system exception occurred 1165 */ 1166 public int searchCount( 1167 long companyId, String name, String description, Integer[] types) 1168 throws SystemException { 1169 1170 return searchCount( 1171 companyId, name, description, types, 1172 new LinkedHashMap<String, Object>()); 1173 } 1174 1175 /** 1176 * Returns the number of roles that match the name, description, types, and 1177 * params. 1178 * 1179 * @param companyId the primary key of the company 1180 * @param name the role's name (optionally <code>null</code>) 1181 * @param description the role's description (optionally <code>null</code>) 1182 * @param types the role types (optionally <code>null</code>) 1183 * @param params the finder parameters. Can specify values for the 1184 * "usersRoles" key. For more information, see {@link 1185 * com.liferay.portal.service.persistence.RoleFinder} 1186 * @return the number of matching roles 1187 * @throws SystemException if a system exception occurred 1188 */ 1189 public int searchCount( 1190 long companyId, String name, String description, Integer[] types, 1191 LinkedHashMap<String, Object> params) 1192 throws SystemException { 1193 1194 return roleFinder.countByC_N_D_T( 1195 companyId, name, description, types, params, true); 1196 } 1197 1198 /** 1199 * Sets the roles associated with the user, replacing the user's existing 1200 * roles. The user is reindexed after the roles are set. 1201 * 1202 * @param userId the primary key of the user 1203 * @param roleIds the primary keys of the roles 1204 * @throws PortalException if a user with the primary could not be found or 1205 * if any one of the roles with the primary keys could not be found 1206 * @throws SystemException if a system exception occurred 1207 */ 1208 public void setUserRoles(long userId, long[] roleIds) 1209 throws PortalException, SystemException { 1210 1211 roleIds = UsersAdminUtil.addRequiredRoles(userId, roleIds); 1212 1213 userPersistence.setRoles(userId, roleIds); 1214 1215 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 1216 1217 indexer.reindex(userId); 1218 1219 PermissionCacheUtil.clearCache(); 1220 } 1221 1222 /** 1223 * Removes the matching roles associated with the user. The user is 1224 * reindexed after the roles are removed. 1225 * 1226 * @param userId the primary key of the user 1227 * @param roleIds the primary keys of the roles 1228 * @throws PortalException if a user with the primary key could not be found 1229 * or if a role with any one of the primary keys could not be found 1230 * @throws SystemException if a system exception occurred 1231 */ 1232 public void unsetUserRoles(long userId, long[] roleIds) 1233 throws PortalException, SystemException { 1234 1235 roleIds = UsersAdminUtil.removeRequiredRoles(userId, roleIds); 1236 1237 userPersistence.removeRoles(userId, roleIds); 1238 1239 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 1240 1241 indexer.reindex(userId); 1242 1243 PermissionCacheUtil.clearCache(); 1244 } 1245 1246 /** 1247 * Updates the role with the primary key. 1248 * 1249 * @param roleId the primary key of the role 1250 * @param name the role's new name 1251 * @param titleMap the new localized titles (optionally <code>null</code>) 1252 * to replace those existing for the role 1253 * @param descriptionMap the new localized descriptions (optionally 1254 * <code>null</code>) to replace those existing for the role 1255 * @param subtype the role's new subtype (optionally <code>null</code>) 1256 * @param serviceContext the roles's service context (optionally 1257 * <code>null</code>). Can set expando bridge attributes for the 1258 * role. 1259 * @return the role with the primary key 1260 * @throws PortalException if a role with the primary could not be found or 1261 * if the role's name was invalid 1262 * @throws SystemException if a system exception occurred 1263 */ 1264 public Role updateRole( 1265 long roleId, String name, Map<Locale, String> titleMap, 1266 Map<Locale, String> descriptionMap, String subtype, 1267 ServiceContext serviceContext) 1268 throws PortalException, SystemException { 1269 1270 Role role = rolePersistence.findByPrimaryKey(roleId); 1271 1272 validate(roleId, role.getCompanyId(), role.getClassNameId(), name); 1273 1274 if (PortalUtil.isSystemRole(role.getName())) { 1275 name = role.getName(); 1276 subtype = null; 1277 } 1278 1279 role.setName(name); 1280 role.setTitleMap(titleMap); 1281 role.setDescriptionMap(descriptionMap); 1282 role.setSubtype(subtype); 1283 role.setExpandoBridgeAttributes(serviceContext); 1284 1285 rolePersistence.update(role); 1286 1287 return role; 1288 } 1289 1290 protected void checkSystemRole( 1291 long companyId, String name, Map<Locale, String> descriptionMap, 1292 int type) 1293 throws PortalException, SystemException { 1294 1295 String companyIdHexString = StringUtil.toHexString(companyId); 1296 1297 String key = companyIdHexString.concat(name); 1298 1299 Role role = _systemRolesMap.get(key); 1300 1301 try { 1302 if (role == null) { 1303 role = rolePersistence.findByC_N(companyId, name); 1304 } 1305 1306 if (!descriptionMap.equals(role.getDescriptionMap())) { 1307 role.setDescriptionMap(descriptionMap); 1308 1309 roleLocalService.updateRole(role); 1310 } 1311 } 1312 catch (NoSuchRoleException nsre) { 1313 User user = userLocalService.getDefaultUser(companyId); 1314 1315 role = roleLocalService.addRole( 1316 user.getUserId(), null, 0, name, null, descriptionMap, type, 1317 null, null); 1318 1319 if (name.equals(RoleConstants.USER)) { 1320 initPersonalControlPanelPortletsPermissions(role); 1321 } 1322 } 1323 1324 _systemRolesMap.put(key, role); 1325 } 1326 1327 protected String[] getDefaultControlPanelPortlets() { 1328 return new String[] { 1329 PortletKeys.MY_ACCOUNT, PortletKeys.MY_PAGES, 1330 PortletKeys.MY_WORKFLOW_INSTANCES, PortletKeys.MY_WORKFLOW_TASKS 1331 }; 1332 } 1333 1334 protected void initPersonalControlPanelPortletsPermissions(Role role) 1335 throws PortalException, SystemException { 1336 1337 for (String portletId : getDefaultControlPanelPortlets()) { 1338 int count = resourcePermissionPersistence.countByC_N_S_P_R( 1339 role.getCompanyId(), portletId, ResourceConstants.SCOPE_COMPANY, 1340 String.valueOf(role.getCompanyId()), role.getRoleId()); 1341 1342 if (count > 0) { 1343 continue; 1344 } 1345 1346 ResourceAction resourceAction = 1347 resourceActionLocalService.fetchResourceAction( 1348 portletId, ActionKeys.ACCESS_IN_CONTROL_PANEL); 1349 1350 if (resourceAction == null) { 1351 continue; 1352 } 1353 1354 setRolePermissions( 1355 role, portletId, 1356 new String[] { 1357 ActionKeys.ACCESS_IN_CONTROL_PANEL 1358 }); 1359 } 1360 } 1361 1362 protected void setRolePermissions( 1363 Role role, String name, String[] actionIds) 1364 throws PortalException, SystemException { 1365 1366 if (resourceBlockLocalService.isSupported(name)) { 1367 resourceBlockLocalService.setCompanyScopePermissions( 1368 role.getCompanyId(), name, role.getRoleId(), 1369 Arrays.asList(actionIds)); 1370 } 1371 else { 1372 resourcePermissionLocalService.setResourcePermissions( 1373 role.getCompanyId(), name, ResourceConstants.SCOPE_COMPANY, 1374 String.valueOf(role.getCompanyId()), role.getRoleId(), 1375 actionIds); 1376 } 1377 } 1378 1379 protected void validate( 1380 long roleId, long companyId, long classNameId, String name) 1381 throws PortalException, SystemException { 1382 1383 if (classNameId == PortalUtil.getClassNameId(Role.class)) { 1384 if (Validator.isNull(name) || 1385 (name.indexOf(CharPool.COMMA) != -1) || 1386 (name.indexOf(CharPool.STAR) != -1)) { 1387 1388 throw new RoleNameException(); 1389 } 1390 1391 if (Validator.isNumber(name) && 1392 !PropsValues.ROLES_NAME_ALLOW_NUMERIC) { 1393 1394 throw new RoleNameException(); 1395 } 1396 } 1397 1398 try { 1399 Role role = roleFinder.findByC_N(companyId, name); 1400 1401 if (role.getRoleId() != roleId) { 1402 throw new DuplicateRoleException(); 1403 } 1404 } 1405 catch (NoSuchRoleException nsre) { 1406 } 1407 } 1408 1409 private Map<String, Role> _systemRolesMap = new HashMap<String, Role>(); 1410 1411 }