001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.kernel.exception.SystemException; 019 import com.liferay.portal.model.Group; 020 import com.liferay.portal.model.Role; 021 import com.liferay.portal.model.RoleConstants; 022 import com.liferay.portal.model.User; 023 import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil; 024 import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil; 025 import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil; 026 import com.liferay.portal.security.permission.ActionKeys; 027 import com.liferay.portal.service.ServiceContext; 028 import com.liferay.portal.service.base.RoleServiceBaseImpl; 029 import com.liferay.portal.service.permission.PortalPermissionUtil; 030 import com.liferay.portal.service.permission.RolePermissionUtil; 031 import com.liferay.portal.service.permission.UserPermissionUtil; 032 import com.liferay.portlet.expando.model.ExpandoBridge; 033 034 import java.io.Serializable; 035 036 import java.util.ArrayList; 037 import java.util.List; 038 import java.util.Locale; 039 import java.util.Map; 040 041 /** 042 * Provides the remote service for accessing, adding, unassigning, checking, 043 * deleting, and updating roles. Its methods include permission checks. 044 * 045 * @author Brian Wing Shun Chan 046 */ 047 public class RoleServiceImpl extends RoleServiceBaseImpl { 048 049 /** 050 * Adds a role. The user is reindexed after role is added. 051 * 052 * @param className the name of the class for which the role is created 053 * @param classPK the primary key of the class for which the role is 054 * created (optionally <code>0</code>) 055 * @param name the role's name 056 * @param titleMap the role's localized titles (optionally 057 * <code>null</code>) 058 * @param descriptionMap the role's localized descriptions (optionally 059 * <code>null</code>) 060 * @param type the role's type (optionally <code>0</code>) 061 * @param subType the role's subtype (optionally <code>null</code>) 062 * @param serviceContext the service context to be applied (optionally 063 * <code>null</code>). Can set the expando bridge attributes for the 064 * role. 065 * @return the role 066 * @throws PortalException if a user with the primary key could not be 067 * found, if the user did not have permission to add roles, if the 068 * class name or the role name were invalid, or if the role is a 069 * duplicate 070 * @throws SystemException if a system exception occurred 071 */ 072 public Role addRole( 073 String className, long classPK, String name, 074 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 075 int type, String subType, ServiceContext serviceContext) 076 throws PortalException, SystemException { 077 078 PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE); 079 080 User user = getUser(); 081 082 Role role = roleLocalService.addRole( 083 user.getUserId(), className, classPK, name, titleMap, 084 descriptionMap, type, subType, serviceContext); 085 086 if (type == RoleConstants.TYPE_ORGANIZATION) { 087 OrganizationMembershipPolicyUtil.verifyPolicy(role); 088 } 089 else if (type == RoleConstants.TYPE_SITE) { 090 SiteMembershipPolicyUtil.verifyPolicy(role); 091 } 092 else { 093 RoleMembershipPolicyUtil.verifyPolicy(role); 094 } 095 096 return role; 097 } 098 099 /** 100 * Adds a role. The user is reindexed after role is added. 101 * 102 * @param name the role's name 103 * @param titleMap the role's localized titles (optionally 104 * <code>null</code>) 105 * @param descriptionMap the role's localized descriptions (optionally 106 * <code>null</code>) 107 * @param type the role's type (optionally <code>0</code>) 108 * @return the role 109 * @throws PortalException if a user with the primary key could not be 110 * found, if the user did not have permission to add roles, if 111 * the class name or the role name were invalid, or if the role 112 * is a duplicate 113 * @throws SystemException if a system exception occurred 114 * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long, 115 * String, Map, Map, int, String, ServiceContext)} 116 */ 117 public Role addRole( 118 String name, Map<Locale, String> titleMap, 119 Map<Locale, String> descriptionMap, int type) 120 throws PortalException, SystemException { 121 122 return addRole( 123 null, 0, name, titleMap, descriptionMap, type, null, null); 124 } 125 126 /** 127 * Adds the roles to the user. The user is reindexed after the roles are 128 * added. 129 * 130 * @param userId the primary key of the user 131 * @param roleIds the primary keys of the roles 132 * @throws PortalException if a user with the primary key could not be found 133 * or if the user did not have permission to assign members to one 134 * of the roles 135 * @throws SystemException if a system exception occurred 136 */ 137 public void addUserRoles(long userId, long[] roleIds) 138 throws PortalException, SystemException { 139 140 if (roleIds.length == 0) { 141 return; 142 } 143 144 checkUserRolesPermission(userId, roleIds); 145 146 RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null); 147 148 roleLocalService.addUserRoles(userId, roleIds); 149 150 RoleMembershipPolicyUtil.propagateRoles( 151 new long[] {userId}, roleIds, null); 152 } 153 154 /** 155 * Deletes the role with the primary key and its associated permissions. 156 * 157 * @param roleId the primary key of the role 158 * @throws PortalException if the user did not have permission to delete the 159 * role, if a role with the primary key could not be found, if the 160 * role is a default system role, or if the role's resource could 161 * not be found 162 * @throws SystemException if a system exception occurred 163 */ 164 public void deleteRole(long roleId) 165 throws PortalException, SystemException { 166 167 RolePermissionUtil.check( 168 getPermissionChecker(), roleId, ActionKeys.DELETE); 169 170 roleLocalService.deleteRole(roleId); 171 } 172 173 /** 174 * Returns all the roles associated with the group. 175 * 176 * @param groupId the primary key of the group 177 * @return the roles associated with the group 178 * @throws PortalException if a portal exception occurred 179 * @throws SystemException if a system exception occurred 180 */ 181 public List<Role> getGroupRoles(long groupId) 182 throws PortalException, SystemException { 183 184 List<Role> roles = roleLocalService.getGroupRoles(groupId); 185 186 return filterRoles(roles); 187 } 188 189 /** 190 * Returns the role with the primary key. 191 * 192 * @param roleId the primary key of the role 193 * @return the role with the primary key 194 * @throws PortalException if a role with the primary key could not be found 195 * or if the user did not have permission to view the role 196 * @throws SystemException if a system exception occurred 197 */ 198 public Role getRole(long roleId) throws PortalException, SystemException { 199 RolePermissionUtil.check( 200 getPermissionChecker(), roleId, ActionKeys.VIEW); 201 202 return roleLocalService.getRole(roleId); 203 } 204 205 /** 206 * Returns the role with the name in the company. 207 * 208 * <p> 209 * The method searches the system roles map first for default roles. If a 210 * role with the name is not found, then the method will query the database. 211 * </p> 212 * 213 * @param companyId the primary key of the company 214 * @param name the role's name 215 * @return the role with the name 216 * @throws PortalException if a role with the name could not be found in the 217 * company or if the user did not have permission to view the role 218 * @throws SystemException if a system exception occurred 219 */ 220 public Role getRole(long companyId, String name) 221 throws PortalException, SystemException { 222 223 Role role = roleLocalService.getRole(companyId, name); 224 225 RolePermissionUtil.check( 226 getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW); 227 228 return role; 229 } 230 231 /** 232 * Returns all the user's roles within the user group. 233 * 234 * @param userId the primary key of the user 235 * @param groupId the primary key of the group 236 * @return the user's roles within the user group 237 * @throws PortalException if a portal exception occurred 238 * @throws SystemException if a system exception occurred 239 */ 240 public List<Role> getUserGroupGroupRoles(long userId, long groupId) 241 throws PortalException, SystemException { 242 243 UserPermissionUtil.check( 244 getPermissionChecker(), userId, ActionKeys.VIEW); 245 246 List<Role> roles = roleLocalService.getUserGroupGroupRoles( 247 userId, groupId); 248 249 return filterRoles(roles); 250 } 251 252 /** 253 * Returns all the user's roles within the user group. 254 * 255 * @param userId the primary key of the user 256 * @param groupId the primary key of the group 257 * @return the user's roles within the user group 258 * @throws PortalException if a portal exception occurred 259 * @throws SystemException if a system exception occurred 260 */ 261 public List<Role> getUserGroupRoles(long userId, long groupId) 262 throws PortalException, SystemException { 263 264 UserPermissionUtil.check( 265 getPermissionChecker(), userId, ActionKeys.VIEW); 266 267 List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId); 268 269 return filterRoles(roles); 270 } 271 272 /** 273 * Returns the union of all the user's roles within the groups. 274 * 275 * @param userId the primary key of the user 276 * @param groups the groups (optionally <code>null</code>) 277 * @return the union of all the user's roles within the groups 278 * @throws PortalException if a portal exception occurred 279 * @throws SystemException if a system exception occurred 280 */ 281 public List<Role> getUserRelatedRoles(long userId, List<Group> groups) 282 throws PortalException, SystemException { 283 284 UserPermissionUtil.check( 285 getPermissionChecker(), userId, ActionKeys.VIEW); 286 287 List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups); 288 289 return filterRoles(roles); 290 } 291 292 /** 293 * Returns all the roles associated with the user. 294 * 295 * @param userId the primary key of the user 296 * @return the roles associated with the user 297 * @throws PortalException if a portal exception occurred 298 * @throws SystemException if a system exception occurred 299 */ 300 public List<Role> getUserRoles(long userId) 301 throws PortalException, SystemException { 302 303 UserPermissionUtil.check( 304 getPermissionChecker(), userId, ActionKeys.VIEW); 305 306 List<Role> roles = roleLocalService.getUserRoles(userId); 307 308 return filterRoles(roles); 309 } 310 311 /** 312 * Returns <code>true</code> if the user is associated with the named 313 * regular role. 314 * 315 * @param userId the primary key of the user 316 * @param companyId the primary key of the company 317 * @param name the name of the role 318 * @param inherited whether to include the user's inherited roles in the 319 * search 320 * @return <code>true</code> if the user is associated with the regular 321 * role; <code>false</code> otherwise 322 * @throws PortalException if a role with the name could not be found in the 323 * company or if a default user for the company could not be found 324 * @throws SystemException if a system exception occurred 325 */ 326 public boolean hasUserRole( 327 long userId, long companyId, String name, boolean inherited) 328 throws PortalException, SystemException { 329 330 UserPermissionUtil.check( 331 getPermissionChecker(), userId, ActionKeys.VIEW); 332 333 return roleLocalService.hasUserRole(userId, companyId, name, inherited); 334 } 335 336 /** 337 * Returns <code>true</code> if the user has any one of the named regular 338 * roles. 339 * 340 * @param userId the primary key of the user 341 * @param companyId the primary key of the company 342 * @param names the names of the roles 343 * @param inherited whether to include the user's inherited roles in the 344 * search 345 * @return <code>true</code> if the user has any one of the regular roles; 346 * <code>false</code> otherwise 347 * @throws PortalException if any one of the roles with the names could not 348 * be found in the company or if the default user for the company 349 * could not be found 350 * @throws SystemException if a system exception occurred 351 */ 352 public boolean hasUserRoles( 353 long userId, long companyId, String[] names, boolean inherited) 354 throws PortalException, SystemException { 355 356 UserPermissionUtil.check( 357 getPermissionChecker(), userId, ActionKeys.VIEW); 358 359 return roleLocalService.hasUserRoles( 360 userId, companyId, names, inherited); 361 } 362 363 /** 364 * Removes the matching roles associated with the user. The user is 365 * reindexed after the roles are removed. 366 * 367 * @param userId the primary key of the user 368 * @param roleIds the primary keys of the roles 369 * @throws PortalException if a user with the primary key could not be 370 * found, if the user did not have permission to remove members from 371 * a role, or if a role with any one of the primary keys could not 372 * be found 373 * @throws SystemException if a system exception occurred 374 */ 375 public void unsetUserRoles(long userId, long[] roleIds) 376 throws PortalException, SystemException { 377 378 if (roleIds.length == 0) { 379 return; 380 } 381 382 checkUserRolesPermission(userId, roleIds); 383 384 RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds); 385 386 roleLocalService.unsetUserRoles(userId, roleIds); 387 388 RoleMembershipPolicyUtil.propagateRoles( 389 new long[] {userId}, null, roleIds); 390 } 391 392 /** 393 * Updates the role with the primary key. 394 * 395 * @param roleId the primary key of the role 396 * @param name the role's new name 397 * @param titleMap the new localized titles (optionally <code>null</code>) 398 * to replace those existing for the role 399 * @param descriptionMap the new localized descriptions (optionally 400 * <code>null</code>) to replace those existing for the role 401 * @param subtype the role's new subtype (optionally <code>null</code>) 402 * @param serviceContext the service context to be applied (optionally 403 * <code>null</code>). Can set the expando bridge attributes for the 404 * role. 405 * @return the role with the primary key 406 * @throws PortalException if the user did not have permission to update the 407 * role, if a role with the primary could not be found, or if the 408 * role's name was invalid 409 * @throws SystemException if a system exception occurred 410 */ 411 public Role updateRole( 412 long roleId, String name, Map<Locale, String> titleMap, 413 Map<Locale, String> descriptionMap, String subtype, 414 ServiceContext serviceContext) 415 throws PortalException, SystemException { 416 417 RolePermissionUtil.check( 418 getPermissionChecker(), roleId, ActionKeys.UPDATE); 419 420 Role oldRole = rolePersistence.findByPrimaryKey(roleId); 421 422 ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge(); 423 424 Map<String, Serializable> oldExpandoAttributes = 425 oldExpandoBridge.getAttributes(); 426 427 Role role = roleLocalService.updateRole( 428 roleId, name, titleMap, descriptionMap, subtype, serviceContext); 429 430 if (role.getType() == RoleConstants.TYPE_ORGANIZATION) { 431 OrganizationMembershipPolicyUtil.verifyPolicy( 432 role, oldRole, oldExpandoAttributes); 433 } 434 else if (role.getType() == RoleConstants.TYPE_SITE) { 435 SiteMembershipPolicyUtil.verifyPolicy( 436 role, oldRole, oldExpandoAttributes); 437 } 438 else { 439 RoleMembershipPolicyUtil.verifyPolicy( 440 role, oldRole, oldExpandoAttributes); 441 } 442 443 return role; 444 } 445 446 protected void checkUserRolesPermission(long userId, long[] roleIds) 447 throws PortalException { 448 449 for (int i = 0; i < roleIds.length; i++) { 450 RolePermissionUtil.check( 451 getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS); 452 } 453 } 454 455 protected List<Role> filterRoles(List<Role> roles) throws PortalException { 456 List<Role> filteredRoles = new ArrayList<Role>(); 457 458 for (Role role : roles) { 459 if (RolePermissionUtil.contains( 460 getPermissionChecker(), role.getRoleId(), 461 ActionKeys.VIEW)) { 462 463 filteredRoles.add(role); 464 } 465 } 466 467 return filteredRoles; 468 } 469 470 }