001
014
015 package com.liferay.portal.security.membershippolicy;
016
017 import com.liferay.portal.kernel.dao.orm.QueryUtil;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.search.Indexer;
023 import com.liferay.portal.kernel.util.ListUtil;
024 import com.liferay.portal.kernel.util.StringPool;
025 import com.liferay.portal.kernel.util.UnicodeProperties;
026 import com.liferay.portal.model.Group;
027 import com.liferay.portal.model.GroupConstants;
028 import com.liferay.portal.model.User;
029 import com.liferay.portal.service.GroupLocalServiceUtil;
030 import com.liferay.portal.service.UserLocalServiceUtil;
031 import com.liferay.portlet.asset.model.AssetCategory;
032 import com.liferay.portlet.asset.model.AssetTag;
033
034 import java.io.Serializable;
035
036 import java.util.ArrayList;
037 import java.util.LinkedHashMap;
038 import java.util.List;
039 import java.util.Map;
040
041
044 public class DefaultSiteMembershipPolicy extends BaseSiteMembershipPolicy {
045
046 public void checkMembership(
047 long[] userIds, long[] addGroupIds, long[] removeGroupIds)
048 throws PortalException, SystemException {
049
050 if (addGroupIds != null) {
051 checkAddUsersLimitedGroup(userIds, addGroupIds);
052 }
053 }
054
055 @Override
056 public boolean isMembershipAllowed(long userId, long groupId) {
057 try {
058 Group group = GroupLocalServiceUtil.getGroup(groupId);
059
060 if (group.isLimitedToParentSiteMembers()) {
061 if (!GroupLocalServiceUtil.hasUserGroup(
062 userId, group.getParentGroupId(), false)) {
063
064 return false;
065 }
066 }
067 }
068 catch (Exception e) {
069 _log.error(e, e);
070 }
071
072 return true;
073 }
074
075 public void propagateMembership(
076 long[] userIds, long[] addGroupIds, long[] removeGroupIds)
077 throws PortalException, SystemException {
078
079 if (removeGroupIds != null) {
080 for (long removeGroupId : removeGroupIds) {
081 removeUsersFromLimitedChildrenGroups(userIds, removeGroupId);
082 }
083 }
084 }
085
086 @Override
087 public void verifyPolicy(Group group)
088 throws PortalException, SystemException {
089
090 if (group.isLimitedToParentSiteMembers()) {
091 verifyLimitedParentMembership(group);
092 }
093 }
094
095 public void verifyPolicy(
096 Group group, Group oldGroup, List<AssetCategory> oldAssetCategories,
097 List<AssetTag> oldAssetTags,
098 Map<String, Serializable> oldExpandoAttributes,
099 UnicodeProperties oldTypeSettingsProperties)
100 throws PortalException, SystemException {
101
102 if (group.isLimitedToParentSiteMembers()) {
103 if ((group.getParentGroupId() == oldGroup.getParentGroupId()) &&
104 oldGroup.isLimitedToParentSiteMembers()) {
105
106 verifyPolicy(group);
107 }
108 else {
109 List<Group> childrenGroups = getLimitedChildrenGroups(group);
110
111 for (Group childrenGroup : childrenGroups) {
112 verifyPolicy(childrenGroup);
113 }
114 }
115 }
116 }
117
118 protected void checkAddUsersLimitedGroup(long[] userIds, long[] groupIds)
119 throws PortalException, SystemException {
120
121 MembershipPolicyException membershipPolicyException = null;
122
123 for (long groupId : groupIds) {
124 Group group = GroupLocalServiceUtil.getGroup(groupId);
125
126 if (!group.isLimitedToParentSiteMembers()) {
127 continue;
128 }
129
130 for (long userId : userIds) {
131 if (!GroupLocalServiceUtil.hasUserGroup(
132 userId, group.getParentGroupId(), false)) {
133
134 if (membershipPolicyException == null) {
135 membershipPolicyException =
136 new MembershipPolicyException(
137 MembershipPolicyException.
138 SITE_MEMBERSHIP_NOT_ALLOWED);
139 }
140
141 User user = UserLocalServiceUtil.getUser(userId);
142
143 membershipPolicyException.addUser(user);
144 }
145 }
146
147 if (membershipPolicyException != null) {
148 membershipPolicyException.addGroup(group);
149 }
150 }
151
152 if (membershipPolicyException != null) {
153 throw membershipPolicyException;
154 }
155 }
156
157 protected List<Group> getLimitedChildrenGroups(Group group)
158 throws PortalException, SystemException {
159
160 List<Group> parentGroups = new ArrayList<Group>();
161
162 parentGroups.add(group);
163
164 LinkedHashMap<String, Object> groupParams =
165 new LinkedHashMap<String, Object>();
166
167 groupParams.put("groupsTree", parentGroups);
168 groupParams.put("site", Boolean.TRUE);
169 groupParams.put(
170 "type", GroupConstants.TYPE_SITE_LIMITED_TO_PARENT_SITE_MEMBERS);
171
172 List<Group> childrenGroups = GroupLocalServiceUtil.search(
173 group.getCompanyId(), null, StringPool.BLANK, groupParams,
174 QueryUtil.ALL_POS, QueryUtil.ALL_POS);
175
176 List<Group> filteredChildrenGroups = ListUtil.copy(childrenGroups);
177
178 for (Group childrenGroup : childrenGroups) {
179 for (Group ancestorGroup : childrenGroup.getAncestors()) {
180 if ((ancestorGroup.getGroupId() != group.getGroupId()) &&
181 !ancestorGroup.isLimitedToParentSiteMembers()) {
182
183 filteredChildrenGroups.remove(childrenGroup);
184
185 break;
186 }
187 }
188 }
189
190 return filteredChildrenGroups;
191 }
192
193 protected void removeUsersFromLimitedChildrenGroups(
194 long[] userIds, long groupId)
195 throws PortalException, SystemException {
196
197 Group group = GroupLocalServiceUtil.getGroup(groupId);
198
199 List<Group> childrenGroups = getLimitedChildrenGroups(group);
200
201 for (Group childrenGroup : childrenGroups) {
202 if (!childrenGroup.isLimitedToParentSiteMembers()) {
203 continue;
204 }
205
206 for (long userId : userIds) {
207 UserLocalServiceUtil.unsetGroupUsers(
208 childrenGroup.getGroupId(), new long[] {userId}, null);
209 }
210 }
211 }
212
213 protected void verifyLimitedParentMembership(final Group group)
214 throws PortalException, SystemException {
215
216 int count = UserLocalServiceUtil.getGroupUsersCount(group.getGroupId());
217
218 int pages = count / Indexer.DEFAULT_INTERVAL;
219
220 for (int i = 0; i <= pages; i++) {
221 int start = (i * Indexer.DEFAULT_INTERVAL);
222 int end = start + Indexer.DEFAULT_INTERVAL;
223
224 List<User> users = UserLocalServiceUtil.getGroupUsers(
225 group.getGroupId(), start, end);
226
227 for (User user : users) {
228 if (!UserLocalServiceUtil.hasGroupUser(
229 group.getParentGroupId(), user.getUserId())) {
230
231 UserLocalServiceUtil.unsetGroupUsers(
232 group.getGroupId(), new long[] {user.getUserId()},
233 null);
234 }
235 }
236 }
237 }
238
239 private static Log _log = LogFactoryUtil.getLog(
240 DefaultSiteMembershipPolicy.class);
241
242 }