001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.ArrayUtil;
020    import com.liferay.portal.model.Group;
021    import com.liferay.portal.model.Role;
022    import com.liferay.portal.model.RoleConstants;
023    import com.liferay.portal.model.User;
024    import com.liferay.portal.security.auth.MembershipPolicyException;
025    import com.liferay.portal.security.auth.MembershipPolicyUtil;
026    import com.liferay.portal.service.base.UserGroupRoleServiceBaseImpl;
027    import com.liferay.portal.service.permission.UserGroupRolePermissionUtil;
028    import com.liferay.portlet.usersadmin.util.UsersAdminUtil;
029    
030    import java.util.Set;
031    
032    /**
033     * @author Brian Wing Shun Chan
034     */
035    public class UserGroupRoleServiceImpl extends UserGroupRoleServiceBaseImpl {
036    
037            public void addUserGroupRoles(long userId, long groupId, long[] roleIds)
038                    throws PortalException, SystemException {
039    
040                    for (long roleId : roleIds) {
041                            UserGroupRolePermissionUtil.check(
042                                    getPermissionChecker(), groupId, roleId);
043                    }
044    
045                    checkAddUserGroupRolesMembershipPolicy(
046                            new long[] {userId}, groupId, roleIds);
047    
048                    userGroupRoleLocalService.addUserGroupRoles(userId, groupId, roleIds);
049            }
050    
051            public void addUserGroupRoles(long[] userIds, long groupId, long roleId)
052                    throws PortalException, SystemException {
053    
054                    UserGroupRolePermissionUtil.check(
055                            getPermissionChecker(), groupId, roleId);
056    
057                    checkAddUserGroupRolesMembershipPolicy(
058                            userIds, groupId, new long[] {roleId});
059    
060                    userGroupRoleLocalService.addUserGroupRoles(userIds, groupId, roleId);
061            }
062    
063            public void deleteUserGroupRoles(long userId, long groupId, long[] roleIds)
064                    throws PortalException, SystemException {
065    
066                    long[] filteredRoleIds = roleIds;
067    
068                    Group group = groupPersistence.findByPrimaryKey(groupId);
069                    User user = userPersistence.findByPrimaryKey(userId);
070    
071                    for (long roleId : roleIds) {
072                            UserGroupRolePermissionUtil.check(
073                                    getPermissionChecker(), groupId, roleId);
074    
075                            Role role = roleLocalService.getRole(roleId);
076    
077                            if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
078                                    (role.getType() == RoleConstants.TYPE_SITE)) {
079    
080                                    if (MembershipPolicyUtil.isMembershipProtected(
081                                                    getPermissionChecker(), group, role, user)) {
082    
083                                            filteredRoleIds = ArrayUtil.remove(filteredRoleIds, roleId);
084                                    }
085                            }
086                    }
087    
088                    if (filteredRoleIds.length == 0) {
089                            return;
090                    }
091    
092                    checkDeleteUserGroupRolesMembershipPolicy(
093                            new long[] {userId}, groupId, filteredRoleIds);
094    
095                    userGroupRoleLocalService.deleteUserGroupRoles(
096                            userId, groupId, filteredRoleIds);
097            }
098    
099            public void deleteUserGroupRoles(long[] userIds, long groupId, long roleId)
100                    throws PortalException, SystemException {
101    
102                    UserGroupRolePermissionUtil.check(
103                            getPermissionChecker(), groupId, roleId);
104    
105                    Role role = roleLocalService.getRole(roleId);
106    
107                    if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
108                            (role.getType() == RoleConstants.TYPE_SITE)) {
109    
110                            userIds = UsersAdminUtil.filterDeleteGroupRoleUserIds(
111                                    getPermissionChecker(), groupId, role.getRoleId(), userIds);
112                    }
113    
114                    if (userIds.length == 0) {
115                            return;
116                    }
117    
118                    checkDeleteUserGroupRolesMembershipPolicy(
119                            userIds, groupId, new long[] {roleId});
120    
121                    userGroupRoleLocalService.deleteUserGroupRoles(
122                            userIds, groupId, roleId);
123            }
124    
125            protected void checkAddUserGroupRolesMembershipPolicy(
126                            long[] userIds, long groupId, long[] roleIds)
127                    throws PortalException, SystemException {
128    
129                    MembershipPolicyException membershipPolicyException = null;
130    
131                    Group group = groupLocalService.getGroup(groupId);
132    
133                    for (long roleId : roleIds) {
134                            Role role = rolePersistence.findByPrimaryKey(roleId);
135    
136                            for (long userId : userIds) {
137                                    User user = userPersistence.findByPrimaryKey(userId);
138    
139                                    if (MembershipPolicyUtil.isMembershipAllowed(
140                                                    group, role, user)) {
141    
142                                            continue;
143                                    }
144    
145                                    if (membershipPolicyException == null) {
146                                            membershipPolicyException = new MembershipPolicyException(
147                                                    MembershipPolicyException.ROLE_MEMBERSHIP_NOT_ALLOWED);
148    
149                                            membershipPolicyException.addGroup(group);
150                                    }
151    
152                                    if (!membershipPolicyException.getUsers().contains(user)) {
153                                            membershipPolicyException.addUser(user);
154                                    }
155    
156                                    if (!membershipPolicyException.getRoles().contains(role)) {
157                                            membershipPolicyException.addRole(role);
158                                    }
159                            }
160                    }
161    
162                    if (membershipPolicyException!= null) {
163                            throw membershipPolicyException;
164                    }
165            }
166    
167            protected void checkDeleteUserGroupRolesMembershipPolicy(
168                            long[] userIds, long groupId, long[] roleIds)
169                    throws PortalException, SystemException {
170    
171                    MembershipPolicyException membershipPolicyException = null;
172    
173                    Group group = groupLocalService.getGroup(groupId);
174    
175                    for (long roleId : roleIds) {
176                            Role role = rolePersistence.findByPrimaryKey(roleId);
177    
178                            for (long userId : userIds) {
179                                    User user = userPersistence.findByPrimaryKey(userId);
180    
181                                    Set<Role> mandatoryRoles =
182                                            MembershipPolicyUtil.getMandatoryRoles(group, user);
183    
184                                    if (!mandatoryRoles.contains(role)) {
185                                            continue;
186                                    }
187    
188                                    if (membershipPolicyException == null) {
189                                            membershipPolicyException = new MembershipPolicyException(
190                                                    MembershipPolicyException.ROLE_MEMBERSHIP_REQUIRED);
191    
192                                            membershipPolicyException.addGroup(group);
193                                    }
194    
195                                    if (!membershipPolicyException.getUsers().contains(user)) {
196                                            membershipPolicyException.addUser(user);
197                                    }
198    
199                                    if (!membershipPolicyException.getRoles().contains(role)) {
200                                            membershipPolicyException.addRole(role);
201                                    }
202                            }
203                    }
204    
205                    if (membershipPolicyException!= null) {
206                            throw membershipPolicyException;
207                    }
208            }
209    
210    }