001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.DuplicateRoleException; 018 import com.liferay.portal.NoSuchRoleException; 019 import com.liferay.portal.NoSuchShardException; 020 import com.liferay.portal.RequiredRoleException; 021 import com.liferay.portal.RoleNameException; 022 import com.liferay.portal.kernel.cache.Lifecycle; 023 import com.liferay.portal.kernel.cache.ThreadLocalCachable; 024 import com.liferay.portal.kernel.cache.ThreadLocalCache; 025 import com.liferay.portal.kernel.cache.ThreadLocalCacheManager; 026 import com.liferay.portal.kernel.dao.shard.ShardUtil; 027 import com.liferay.portal.kernel.exception.PortalException; 028 import com.liferay.portal.kernel.exception.SystemException; 029 import com.liferay.portal.kernel.lar.ExportImportThreadLocal; 030 import com.liferay.portal.kernel.search.Indexer; 031 import com.liferay.portal.kernel.search.IndexerRegistryUtil; 032 import com.liferay.portal.kernel.spring.aop.Skip; 033 import com.liferay.portal.kernel.transaction.Propagation; 034 import com.liferay.portal.kernel.transaction.Transactional; 035 import com.liferay.portal.kernel.util.CharPool; 036 import com.liferay.portal.kernel.util.GetterUtil; 037 import com.liferay.portal.kernel.util.LocaleUtil; 038 import com.liferay.portal.kernel.util.OrderByComparator; 039 import com.liferay.portal.kernel.util.StringUtil; 040 import com.liferay.portal.kernel.util.Validator; 041 import com.liferay.portal.model.Company; 042 import com.liferay.portal.model.Group; 043 import com.liferay.portal.model.Layout; 044 import com.liferay.portal.model.ResourceAction; 045 import com.liferay.portal.model.ResourceConstants; 046 import com.liferay.portal.model.ResourcePermission; 047 import com.liferay.portal.model.Role; 048 import com.liferay.portal.model.RoleConstants; 049 import com.liferay.portal.model.Shard; 050 import com.liferay.portal.model.Team; 051 import com.liferay.portal.model.User; 052 import com.liferay.portal.security.permission.ActionKeys; 053 import com.liferay.portal.security.permission.PermissionCacheUtil; 054 import com.liferay.portal.service.ServiceContext; 055 import com.liferay.portal.service.base.RoleLocalServiceBaseImpl; 056 import com.liferay.portal.util.PortalUtil; 057 import com.liferay.portal.util.PortletKeys; 058 import com.liferay.portal.util.PropsUtil; 059 import com.liferay.portal.util.PropsValues; 060 import com.liferay.portlet.usersadmin.util.UsersAdminUtil; 061 062 import java.util.ArrayList; 063 import java.util.Arrays; 064 import java.util.Collections; 065 import java.util.Date; 066 import java.util.HashMap; 067 import java.util.LinkedHashMap; 068 import java.util.List; 069 import java.util.Locale; 070 import java.util.Map; 071 072 /** 073 * Provides the local service for accessing, adding, checking, deleting, and 074 * updating roles. 075 * 076 * @author Brian Wing Shun Chan 077 * @author Marcellus Tavares 078 */ 079 public class RoleLocalServiceImpl extends RoleLocalServiceBaseImpl { 080 081 /** 082 * Adds a role. The user is reindexed after role is added. 083 * 084 * @param userId the primary key of the user 085 * @param companyId the primary key of the company 086 * @param name the role's name 087 * @param titleMap the role's localized titles (optionally 088 * <code>null</code>) 089 * @param descriptionMap the role's localized descriptions (optionally 090 * <code>null</code>) 091 * @param type the role's type (optionally <code>0</code>) 092 * @return the role 093 * @throws PortalException if the class name or the role name were 094 * invalid, if the role is a duplicate, or if a user with the 095 * primary key could not be found 096 * @throws SystemException if a system exception occurred 097 * @deprecated As of 6.2.0, replaced by {@link #addRole(long, String, long, 098 * String, Map, Map, int, String, ServiceContext)} 099 */ 100 public Role addRole( 101 long userId, long companyId, String name, 102 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 103 int type) 104 throws PortalException, SystemException { 105 106 return addRole( 107 userId, null, 0, name, titleMap, descriptionMap, type, null, null); 108 } 109 110 /** 111 * Adds a role with additional parameters. The user is reindexed after role 112 * is added. 113 * 114 * @param userId the primary key of the user 115 * @param companyId the primary key of the company 116 * @param name the role's name 117 * @param titleMap the role's localized titles (optionally 118 * <code>null</code>) 119 * @param descriptionMap the role's localized descriptions (optionally 120 * <code>null</code>) 121 * @param type the role's type (optionally <code>0</code>) 122 * @param className the name of the class for which the role is created 123 * (optionally <code>null</code>) 124 * @param classPK the primary key of the class for which the role is 125 * created (optionally <code>0</code>) 126 * @return the role 127 * @throws PortalException if the class name or the role name were 128 * invalid, if the role is a duplicate, or if a user with the 129 * primary key could not be found 130 * @throws SystemException if a system exception occurred 131 * @deprecated As of 6.2.0, replaced by {@link #addRole(long, String, long, 132 * String, Map, Map, int, String, ServiceContext)} 133 */ 134 public Role addRole( 135 long userId, long companyId, String name, 136 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 137 int type, String className, long classPK) 138 throws PortalException, SystemException { 139 140 return addRole( 141 userId, className, classPK, name, titleMap, descriptionMap, type, 142 null, null); 143 } 144 145 /** 146 * Adds a role with additional parameters. The user is reindexed after role 147 * is added. 148 * 149 * @param userId the primary key of the user 150 * @param className the name of the class for which the role is created 151 * (optionally <code>null</code>) 152 * @param classPK the primary key of the class for which the role is 153 * created (optionally <code>0</code>) 154 * @param name the role's name 155 * @param titleMap the role's localized titles (optionally 156 * <code>null</code>) 157 * @param descriptionMap the role's localized descriptions (optionally 158 * <code>null</code>) 159 * @param type the role's type (optionally <code>0</code>) 160 * @param subType the role's subtype (optionally <code>null</code>) 161 * @param serviceContext the service context to be applied (optionally 162 * <code>null</code>). Can set expando bridge attributes for the 163 * role. 164 * @return the role 165 * @throws PortalException if the class name or the role name were invalid, 166 * if the role is a duplicate, or if a user with the primary key 167 * could not be found 168 * @throws SystemException if a system exception occurred 169 */ 170 public Role addRole( 171 long userId, String className, long classPK, String name, 172 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 173 int type, String subType, ServiceContext serviceContext) 174 throws PortalException, SystemException { 175 176 // Role 177 178 User user = userPersistence.findByPrimaryKey(userId); 179 className = GetterUtil.getString(className); 180 long classNameId = PortalUtil.getClassNameId(className); 181 182 long roleId = counterLocalService.increment(); 183 184 if ((classNameId <= 0) || className.equals(Role.class.getName())) { 185 classNameId = PortalUtil.getClassNameId(Role.class); 186 classPK = roleId; 187 } 188 189 Date now = new Date(); 190 191 validate(0, user.getCompanyId(), classNameId, name); 192 193 Role role = rolePersistence.create(roleId); 194 195 if (serviceContext != null) { 196 role.setUuid(serviceContext.getUuid()); 197 } 198 199 role.setCompanyId(user.getCompanyId()); 200 role.setUserId(user.getUserId()); 201 role.setUserName(user.getFullName()); 202 203 if (serviceContext != null) { 204 role.setCreateDate(serviceContext.getCreateDate(now)); 205 role.setModifiedDate(serviceContext.getModifiedDate(now)); 206 } 207 else { 208 role.setCreateDate(now); 209 role.setModifiedDate(now); 210 } 211 212 role.setClassNameId(classNameId); 213 role.setClassPK(classPK); 214 role.setName(name); 215 role.setTitleMap(titleMap); 216 role.setDescriptionMap(descriptionMap); 217 role.setType(type); 218 role.setSubtype(subType); 219 role.setExpandoBridgeAttributes(serviceContext); 220 221 rolePersistence.update(role); 222 223 // Resources 224 225 if (!user.isDefaultUser()) { 226 resourceLocalService.addResources( 227 user.getCompanyId(), 0, userId, Role.class.getName(), 228 role.getRoleId(), false, false, false); 229 230 if (!ExportImportThreadLocal.isImportInProcess()) { 231 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer( 232 User.class); 233 234 indexer.reindex(userId); 235 } 236 } 237 238 return role; 239 } 240 241 /** 242 * Adds the roles to the user. The user is reindexed after the roles are 243 * added. 244 * 245 * @param userId the primary key of the user 246 * @param roleIds the primary keys of the roles 247 * @throws PortalException if a user with the primary key could not be found 248 * @throws SystemException if a system exception occurred 249 * @see com.liferay.portal.service.persistence.UserPersistence#addRoles( 250 * long, long[]) 251 */ 252 @Override 253 public void addUserRoles(long userId, long[] roleIds) 254 throws PortalException, SystemException { 255 256 userPersistence.addRoles(userId, roleIds); 257 258 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 259 260 indexer.reindex(userId); 261 262 PermissionCacheUtil.clearCache(); 263 } 264 265 /** 266 * Checks to ensure that the system roles map has appropriate default roles 267 * in each company. 268 * 269 * @throws PortalException if the current user did not have permission to 270 * set applicable permissions on a role 271 * @throws SystemException if a system exception occurred 272 */ 273 public void checkSystemRoles() throws PortalException, SystemException { 274 List<Company> companies = companyLocalService.getCompanies(); 275 276 String currentShardName = ShardUtil.getCurrentShardName(); 277 278 for (Company company : companies) { 279 String shardName = null; 280 281 try { 282 shardName = company.getShardName(); 283 } 284 catch (NoSuchShardException nsse) { 285 Shard shard = shardLocalService.addShard( 286 Company.class.getName(), company.getCompanyId(), 287 PropsValues.SHARD_DEFAULT_NAME); 288 289 shardName = shard.getName(); 290 } 291 292 if (!ShardUtil.isEnabled() || shardName.equals(currentShardName)) { 293 checkSystemRoles(company.getCompanyId()); 294 } 295 } 296 } 297 298 /** 299 * Checks to ensure that the system roles map has appropriate default roles 300 * in the company. 301 * 302 * @param companyId the primary key of the company 303 * @throws PortalException if the current user did not have permission to 304 * set applicable permissions on a role 305 * @throws SystemException if a system exception occurred 306 */ 307 @Transactional(propagation = Propagation.SUPPORTS, readOnly = true) 308 public void checkSystemRoles(long companyId) 309 throws PortalException, SystemException { 310 311 String companyIdHexString = StringUtil.toHexString(companyId); 312 313 for (Role role : roleFinder.findBySystem(companyId)) { 314 _systemRolesMap.put( 315 companyIdHexString.concat(role.getName()), role); 316 } 317 318 // Regular roles 319 320 String[] systemRoles = PortalUtil.getSystemRoles(); 321 322 for (String name : systemRoles) { 323 String key = 324 "system.role." + 325 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 326 ".description"; 327 328 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 329 330 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 331 332 int type = RoleConstants.TYPE_REGULAR; 333 334 checkSystemRole(companyId, name, descriptionMap, type); 335 } 336 337 // Organization roles 338 339 String[] systemOrganizationRoles = 340 PortalUtil.getSystemOrganizationRoles(); 341 342 for (String name : systemOrganizationRoles) { 343 String key = 344 "system.organization.role." + 345 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 346 ".description"; 347 348 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 349 350 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 351 352 int type = RoleConstants.TYPE_ORGANIZATION; 353 354 checkSystemRole(companyId, name, descriptionMap, type); 355 } 356 357 // Site roles 358 359 String[] systemSiteRoles = PortalUtil.getSystemSiteRoles(); 360 361 for (String name : systemSiteRoles) { 362 String key = 363 "system.site.role." + 364 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 365 ".description"; 366 367 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 368 369 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 370 371 int type = RoleConstants.TYPE_SITE; 372 373 checkSystemRole(companyId, name, descriptionMap, type); 374 } 375 } 376 377 /** 378 * Deletes the role with the primary key and its associated permissions. 379 * 380 * @param roleId the primary key of the role 381 * @return the deleted role 382 * @throws PortalException if a role with the primary key could not be 383 * found, if the role is a default system role, or if the role's 384 * resource could not be found 385 * @throws SystemException if a system exception occurred 386 */ 387 @Override 388 public Role deleteRole(long roleId) 389 throws PortalException, SystemException { 390 391 Role role = rolePersistence.findByPrimaryKey(roleId); 392 393 return deleteRole(role); 394 } 395 396 /** 397 * Deletes the role and its associated permissions. 398 * 399 * @param role the role 400 * @return the deleted role 401 * @throws PortalException if the role is a default system role or if the 402 * role's resource could not be found 403 * @throws SystemException if a system exception occurred 404 */ 405 @Override 406 public Role deleteRole(Role role) throws PortalException, SystemException { 407 if (PortalUtil.isSystemRole(role.getName())) { 408 throw new RequiredRoleException(); 409 } 410 411 // Resources 412 413 List<ResourcePermission> resourcePermissions = 414 resourcePermissionPersistence.findByRoleId(role.getRoleId()); 415 416 for (ResourcePermission resourcePermission : resourcePermissions) { 417 resourcePermissionLocalService.deleteResourcePermission( 418 resourcePermission); 419 } 420 421 String className = role.getClassName(); 422 long classNameId = role.getClassNameId(); 423 424 if ((classNameId <= 0) || className.equals(Role.class.getName())) { 425 resourceLocalService.deleteResource( 426 role.getCompanyId(), Role.class.getName(), 427 ResourceConstants.SCOPE_INDIVIDUAL, role.getRoleId()); 428 } 429 430 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) || 431 (role.getType() == RoleConstants.TYPE_SITE)) { 432 433 userGroupRoleLocalService.deleteUserGroupRolesByRoleId( 434 role.getRoleId()); 435 436 userGroupGroupRoleLocalService.deleteUserGroupGroupRolesByRoleId( 437 role.getRoleId()); 438 } 439 440 // Role 441 442 rolePersistence.remove(role); 443 444 // Expando 445 446 expandoValueLocalService.deleteValues( 447 Role.class.getName(), role.getRoleId()); 448 449 // Permission cache 450 451 PermissionCacheUtil.clearCache(); 452 453 return role; 454 } 455 456 /** 457 * Returns the role with the name in the company. 458 * 459 * <p> 460 * The method searches the system roles map first for default roles. If a 461 * role with the name is not found, then the method will query the database. 462 * </p> 463 * 464 * @param companyId the primary key of the company 465 * @param name the role's name 466 * @return Returns the role with the name or <code>null</code> if a role 467 * with the name could not be found in the company 468 * @throws SystemException if a system exception occurred 469 */ 470 @Skip 471 public Role fetchRole(long companyId, String name) throws SystemException { 472 String companyIdHexString = StringUtil.toHexString(companyId); 473 474 Role role = _systemRolesMap.get(companyIdHexString.concat(name)); 475 476 if (role != null) { 477 return role; 478 } 479 480 return roleLocalService.loadFetchRole(companyId, name); 481 } 482 483 public Role fetchRoleByUuidAndCompanyId(String uuid, long companyId) 484 throws SystemException { 485 486 return rolePersistence.fetchByUuid_C_First(uuid, companyId, null); 487 } 488 489 /** 490 * Returns the default role for the group with the primary key. 491 * 492 * <p> 493 * If the group is a site, then the default role is {@link 494 * com.liferay.portal.model.RoleConstants#SITE_MEMBER}. If the group is an 495 * organization, then the default role is {@link 496 * com.liferay.portal.model.RoleConstants#ORGANIZATION_USER}. If the group 497 * is a user or user group, then the default role is {@link 498 * com.liferay.portal.model.RoleConstants#POWER_USER}. For all other group 499 * types, the default role is {@link 500 * com.liferay.portal.model.RoleConstants#USER}. 501 * </p> 502 * 503 * @param groupId the primary key of the group 504 * @return the default role for the group with the primary key 505 * @throws PortalException if a group with the primary key could not be 506 * found, or if a default role could not be found for the group 507 * @throws SystemException if a system exception occurred 508 */ 509 public Role getDefaultGroupRole(long groupId) 510 throws PortalException, SystemException { 511 512 Group group = groupPersistence.findByPrimaryKey(groupId); 513 514 if (group.isLayout()) { 515 Layout layout = layoutLocalService.getLayout(group.getClassPK()); 516 517 group = layout.getGroup(); 518 } 519 520 if (group.isStagingGroup()) { 521 group = group.getLiveGroup(); 522 } 523 524 Role role = null; 525 526 if (group.isCompany()) { 527 role = getRole(group.getCompanyId(), RoleConstants.USER); 528 } 529 else if (group.isLayoutPrototype() || group.isLayoutSetPrototype() || 530 group.isRegularSite() || group.isSite()) { 531 532 role = getRole(group.getCompanyId(), RoleConstants.SITE_MEMBER); 533 } 534 else if (group.isOrganization()) { 535 role = getRole( 536 group.getCompanyId(), RoleConstants.ORGANIZATION_USER); 537 } 538 else if (group.isUser() || group.isUserGroup()) { 539 role = getRole(group.getCompanyId(), RoleConstants.POWER_USER); 540 } 541 else { 542 role = getRole(group.getCompanyId(), RoleConstants.USER); 543 } 544 545 return role; 546 } 547 548 public List<Role> getResourceBlockRoles( 549 long resourceBlockId, String className, String actionId) 550 throws SystemException { 551 552 return roleFinder.findByR_N_A(resourceBlockId, className, actionId); 553 } 554 555 /** 556 * Returns a map of role names to associated action IDs for the named 557 * resource in the company within the permission scope. 558 * 559 * @param companyId the primary key of the company 560 * @param name the resource name 561 * @param scope the permission scope 562 * @param primKey the primary key of the resource's class 563 * @return the role names and action IDs 564 * @throws SystemException if a system exception occurred 565 * @see com.liferay.portal.service.persistence.RoleFinder#findByC_N_S_P( 566 * long, String, int, String) 567 */ 568 public Map<String, List<String>> getResourceRoles( 569 long companyId, String name, int scope, String primKey) 570 throws SystemException { 571 572 return roleFinder.findByC_N_S_P(companyId, name, scope, primKey); 573 } 574 575 /** 576 * Returns all the roles associated with the action ID in the company within 577 * the permission scope. 578 * 579 * @param companyId the primary key of the company 580 * @param name the resource name 581 * @param scope the permission scope 582 * @param primKey the primary key of the resource's class 583 * @param actionId the name of the resource action 584 * @return the roles 585 * @throws SystemException if a system exception occurred 586 * @see com.liferay.portal.service.persistence.RoleFinder#findByC_N_S_P_A( 587 * long, String, int, String, String) 588 */ 589 public List<Role> getResourceRoles( 590 long companyId, String name, int scope, String primKey, 591 String actionId) 592 throws SystemException { 593 594 return roleFinder.findByC_N_S_P_A( 595 companyId, name, scope, primKey, actionId); 596 } 597 598 /** 599 * Returns the role with the name in the company. 600 * 601 * <p> 602 * The method searches the system roles map first for default roles. If a 603 * role with the name is not found, then the method will query the database. 604 * </p> 605 * 606 * @param companyId the primary key of the company 607 * @param name the role's name 608 * @return the role with the name 609 * @throws PortalException if a role with the name could not be found in the 610 * company 611 * @throws SystemException if a system exception occurred 612 */ 613 @Skip 614 public Role getRole(long companyId, String name) 615 throws PortalException, SystemException { 616 617 String companyIdHexString = StringUtil.toHexString(companyId); 618 619 Role role = _systemRolesMap.get(companyIdHexString.concat(name)); 620 621 if (role != null) { 622 return role; 623 } 624 625 return roleLocalService.loadGetRole(companyId, name); 626 } 627 628 /** 629 * Returns all the roles of the type and subtype. 630 * 631 * @param type the role's type (optionally <code>0</code>) 632 * @param subtype the role's subtype (optionally <code>null</code>) 633 * @return the roles of the type and subtype 634 * @throws SystemException if a system exception occurred 635 */ 636 public List<Role> getRoles(int type, String subtype) 637 throws SystemException { 638 639 return rolePersistence.findByT_S(type, subtype); 640 } 641 642 /** 643 * Returns all the roles in the company. 644 * 645 * @param companyId the primary key of the company 646 * @return the roles in the company 647 * @throws SystemException if a system exception occurred 648 */ 649 public List<Role> getRoles(long companyId) throws SystemException { 650 return rolePersistence.findByCompanyId(companyId); 651 } 652 653 /** 654 * Returns all the roles with the primary keys. 655 * 656 * @param roleIds the primary keys of the roles 657 * @return the roles with the primary keys 658 * @throws PortalException if any one of the roles with the primary keys 659 * could not be found 660 * @throws SystemException if a system exception occurred 661 */ 662 public List<Role> getRoles(long[] roleIds) 663 throws PortalException, SystemException { 664 665 List<Role> roles = new ArrayList<Role>(roleIds.length); 666 667 for (long roleId : roleIds) { 668 Role role = getRole(roleId); 669 670 roles.add(role); 671 } 672 673 return roles; 674 } 675 676 /** 677 * Returns all the roles of the subtype. 678 * 679 * @param subtype the role's subtype (optionally <code>null</code>) 680 * @return the roles of the subtype 681 * @throws SystemException if a system exception occurred 682 */ 683 public List<Role> getSubtypeRoles(String subtype) throws SystemException { 684 return rolePersistence.findBySubtype(subtype); 685 } 686 687 /** 688 * Returns the number of roles of the subtype. 689 * 690 * @param subtype the role's subtype (optionally <code>null</code>) 691 * @return the number of roles of the subtype 692 * @throws SystemException if a system exception occurred 693 */ 694 public int getSubtypeRolesCount(String subtype) throws SystemException { 695 return rolePersistence.countBySubtype(subtype); 696 } 697 698 /** 699 * Returns the team role in the company. 700 * 701 * @param companyId the primary key of the company 702 * @param teamId the primary key of the team 703 * @return the team role in the company 704 * @throws PortalException if a role could not be found in the team and 705 * company 706 * @throws SystemException if a system exception occurred 707 */ 708 public Role getTeamRole(long companyId, long teamId) 709 throws PortalException, SystemException { 710 711 long classNameId = PortalUtil.getClassNameId(Team.class); 712 713 return rolePersistence.findByC_C_C(companyId, classNameId, teamId); 714 } 715 716 /** 717 * Returns all the roles of the type. 718 * 719 * @param type the role's type (optionally <code>0</code>) 720 * @return the range of the roles of the type 721 * @throws SystemException if a system exception occurred 722 */ 723 public List<Role> getTypeRoles(int type) throws SystemException { 724 return rolePersistence.findByType(type); 725 } 726 727 /** 728 * Returns a range of all the roles of the type. 729 * 730 * @param type the role's type (optionally <code>0</code>) 731 * @param start the lower bound of the range of roles to return 732 * @param end the upper bound of the range of roles to return (not 733 * inclusive) 734 * @return the range of the roles of the type 735 * @throws SystemException if a system exception occurred 736 */ 737 public List<Role> getTypeRoles(int type, int start, int end) 738 throws SystemException { 739 740 return rolePersistence.findByType(type, start, end); 741 } 742 743 /** 744 * Returns the number of roles of the type. 745 * 746 * @param type the role's type (optionally <code>0</code>) 747 * @return the number of roles of the type 748 * @throws SystemException if a system exception occurred 749 */ 750 public int getTypeRolesCount(int type) throws SystemException { 751 return rolePersistence.countByType(type); 752 } 753 754 /** 755 * Returns all the user's roles within the user group. 756 * 757 * @param userId the primary key of the user 758 * @param groupId the primary key of the group 759 * @return the user's roles within the user group 760 * @throws SystemException if a system exception occurred 761 * @see com.liferay.portal.service.persistence.RoleFinder#findByUserGroupGroupRole( 762 * long, long) 763 */ 764 public List<Role> getUserGroupGroupRoles(long userId, long groupId) 765 throws SystemException { 766 767 return roleFinder.findByUserGroupGroupRole(userId, groupId); 768 } 769 770 /** 771 * Returns all the user's roles within the user group. 772 * 773 * @param userId the primary key of the user 774 * @param groupId the primary key of the group 775 * @return the user's roles within the user group 776 * @throws SystemException if a system exception occurred 777 * @see com.liferay.portal.service.persistence.RoleFinder#findByUserGroupRole( 778 * long, long) 779 */ 780 public List<Role> getUserGroupRoles(long userId, long groupId) 781 throws SystemException { 782 783 return roleFinder.findByUserGroupRole(userId, groupId); 784 } 785 786 /** 787 * Returns the union of all the user's roles within the groups. 788 * 789 * @param userId the primary key of the user 790 * @param groups the groups (optionally <code>null</code>) 791 * @return the union of all the user's roles within the groups 792 * @throws SystemException if a system exception occurred 793 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 794 * long, List) 795 */ 796 public List<Role> getUserRelatedRoles(long userId, List<Group> groups) 797 throws SystemException { 798 799 if ((groups == null) || groups.isEmpty()) { 800 return Collections.emptyList(); 801 } 802 803 return roleFinder.findByU_G(userId, groups); 804 } 805 806 /** 807 * Returns all the user's roles within the group. 808 * 809 * @param userId the primary key of the user 810 * @param groupId the primary key of the group 811 * @return the user's roles within the group 812 * @throws SystemException if a system exception occurred 813 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 814 * long, long) 815 */ 816 public List<Role> getUserRelatedRoles(long userId, long groupId) 817 throws SystemException { 818 819 return roleFinder.findByU_G(userId, groupId); 820 } 821 822 /** 823 * Returns the union of all the user's roles within the groups. 824 * 825 * @param userId the primary key of the user 826 * @param groupIds the primary keys of the groups 827 * @return the union of all the user's roles within the groups 828 * @throws SystemException if a system exception occurred 829 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 830 * long, long[]) 831 */ 832 public List<Role> getUserRelatedRoles(long userId, long[] groupIds) 833 throws SystemException { 834 835 return roleFinder.findByU_G(userId, groupIds); 836 } 837 838 /** 839 * Returns <code>true</code> if the user is associated with the named 840 * regular role. 841 * 842 * @param userId the primary key of the user 843 * @param companyId the primary key of the company 844 * @param name the name of the role 845 * @param inherited whether to include the user's inherited roles in the 846 * search 847 * @return <code>true</code> if the user is associated with the regular 848 * role; <code>false</code> otherwise 849 * @throws PortalException if a default user for the company could not be 850 * found 851 * @throws SystemException if a system exception occurred 852 */ 853 @ThreadLocalCachable 854 public boolean hasUserRole( 855 long userId, long companyId, String name, boolean inherited) 856 throws PortalException, SystemException { 857 858 Role role = rolePersistence.fetchByC_N(companyId, name); 859 860 if (role == null) { 861 return false; 862 } 863 864 if (role.getType() != RoleConstants.TYPE_REGULAR) { 865 throw new IllegalArgumentException(name + " is not a regular role"); 866 } 867 868 long defaultUserId = userLocalService.getDefaultUserId(companyId); 869 870 if (userId == defaultUserId) { 871 if (name.equals(RoleConstants.GUEST)) { 872 return true; 873 } 874 else { 875 return false; 876 } 877 } 878 879 if (inherited) { 880 if (userPersistence.containsRole(userId, role.getRoleId())) { 881 return true; 882 } 883 884 ThreadLocalCache<Integer> threadLocalCache = 885 ThreadLocalCacheManager.getThreadLocalCache( 886 Lifecycle.REQUEST, RoleLocalServiceImpl.class.getName()); 887 888 String key = String.valueOf(role.getRoleId()).concat( 889 String.valueOf(userId)); 890 891 Integer value = threadLocalCache.get(key); 892 893 if (value == null) { 894 value = roleFinder.countByR_U(role.getRoleId(), userId); 895 896 threadLocalCache.put(key, value); 897 } 898 899 if (value > 0) { 900 return true; 901 } 902 else { 903 return false; 904 } 905 } 906 else { 907 return userPersistence.containsRole(userId, role.getRoleId()); 908 } 909 } 910 911 /** 912 * Returns <code>true</code> if the user has any one of the named regular 913 * roles. 914 * 915 * @param userId the primary key of the user 916 * @param companyId the primary key of the company 917 * @param names the names of the roles 918 * @param inherited whether to include the user's inherited roles in the 919 * search 920 * @return <code>true</code> if the user has any one of the regular roles; 921 * <code>false</code> otherwise 922 * @throws PortalException if any one of the roles with the names could not 923 * be found in the company or if the default user for the company 924 * could not be found 925 * @throws SystemException if a system exception occurred 926 */ 927 public boolean hasUserRoles( 928 long userId, long companyId, String[] names, boolean inherited) 929 throws PortalException, SystemException { 930 931 for (String name : names) { 932 if (hasUserRole(userId, companyId, name, inherited)) { 933 return true; 934 } 935 } 936 937 return false; 938 } 939 940 /** 941 * Returns a role with the name in the company. 942 * 943 * @param companyId the primary key of the company 944 * @param name the role's name (optionally <code>null</code>) 945 * @return the role with the name, or <code>null</code> if a role with the 946 * name could not be found in the company 947 * @throws SystemException if a system exception occurred 948 */ 949 public Role loadFetchRole(long companyId, String name) 950 throws SystemException { 951 952 return rolePersistence.fetchByC_N(companyId, name); 953 } 954 955 /** 956 * Returns a role with the name in the company. 957 * 958 * @param companyId the primary key of the company 959 * @param name the role's name 960 * @return the role with the name in the company 961 * @throws PortalException if a role with the name could not be found in the 962 * company 963 * @throws SystemException if a system exception occurred 964 */ 965 public Role loadGetRole(long companyId, String name) 966 throws PortalException, SystemException { 967 968 return rolePersistence.findByC_N(companyId, name); 969 } 970 971 /** 972 * Returns an ordered range of all the roles that match the keywords and 973 * types. 974 * 975 * <p> 976 * Useful when paginating results. Returns a maximum of <code>end - 977 * start</code> instances. <code>start</code> and <code>end</code> are not 978 * primary keys, they are indexes in the result set. Thus, <code>0</code> 979 * refers to the first result in the set. Setting both <code>start</code> 980 * and <code>end</code> to {@link 981 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 982 * result set. 983 * </p> 984 * 985 * @param companyId the primary key of the company 986 * @param keywords the keywords (space separated), which may occur in the 987 * role's name or description (optionally <code>null</code>) 988 * @param types the role types (optionally <code>null</code>) 989 * @param start the lower bound of the range of roles to return 990 * @param end the upper bound of the range of roles to return (not 991 * inclusive) 992 * @param obc the comparator to order the roles (optionally 993 * <code>null</code>) 994 * @return the ordered range of the matching roles, ordered by 995 * <code>obc</code> 996 * @throws SystemException if a system exception occurred 997 * @see com.liferay.portal.service.persistence.RoleFinder 998 */ 999 public List<Role> search( 1000 long companyId, String keywords, Integer[] types, int start, 1001 int end, OrderByComparator obc) 1002 throws SystemException { 1003 1004 return search( 1005 companyId, keywords, types, new LinkedHashMap<String, Object>(), 1006 start, end, obc); 1007 } 1008 1009 /** 1010 * Returns an ordered range of all the roles that match the keywords, types, 1011 * and params. 1012 * 1013 * <p> 1014 * Useful when paginating results. Returns a maximum of <code>end - 1015 * start</code> instances. <code>start</code> and <code>end</code> are not 1016 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1017 * refers to the first result in the set. Setting both <code>start</code> 1018 * and <code>end</code> to {@link 1019 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1020 * result set. 1021 * </p> 1022 * 1023 * @param companyId the primary key of the company 1024 * @param keywords the keywords (space separated), which may occur in the 1025 * role's name or description (optionally <code>null</code>) 1026 * @param types the role types (optionally <code>null</code>) 1027 * @param params the finder parameters. Can specify values for the 1028 * "usersRoles" key. For more information, see {@link 1029 * com.liferay.portal.service.persistence.RoleFinder} 1030 * @param start the lower bound of the range of roles to return 1031 * @param end the upper bound of the range of roles to return (not 1032 * inclusive) 1033 * @param obc the comparator to order the roles (optionally 1034 * <code>null</code>) 1035 * @return the ordered range of the matching roles, ordered by 1036 * <code>obc</code> 1037 * @throws SystemException if a system exception occurred 1038 * @see com.liferay.portal.service.persistence.RoleFinder 1039 */ 1040 public List<Role> search( 1041 long companyId, String keywords, Integer[] types, 1042 LinkedHashMap<String, Object> params, int start, int end, 1043 OrderByComparator obc) 1044 throws SystemException { 1045 1046 return roleFinder.findByKeywords( 1047 companyId, keywords, types, params, start, end, obc); 1048 } 1049 1050 /** 1051 * Returns an ordered range of all the roles that match the name, 1052 * description, and types. 1053 * 1054 * <p> 1055 * Useful when paginating results. Returns a maximum of <code>end - 1056 * start</code> instances. <code>start</code> and <code>end</code> are not 1057 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1058 * refers to the first result in the set. Setting both <code>start</code> 1059 * and <code>end</code> to {@link 1060 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1061 * result set. 1062 * </p> 1063 * 1064 * @param companyId the primary key of the company 1065 * @param name the role's name (optionally <code>null</code>) 1066 * @param description the role's description (optionally <code>null</code>) 1067 * @param types the role types (optionally <code>null</code>) 1068 * @param start the lower bound of the range of the roles to return 1069 * @param end the upper bound of the range of the roles to return (not 1070 * inclusive) 1071 * @param obc the comparator to order the roles (optionally 1072 * <code>null</code>) 1073 * @return the ordered range of the matching roles, ordered by 1074 * <code>obc</code> 1075 * @throws SystemException if a system exception occurred 1076 * @see com.liferay.portal.service.persistence.RoleFinder 1077 */ 1078 public List<Role> search( 1079 long companyId, String name, String description, Integer[] types, 1080 int start, int end, OrderByComparator obc) 1081 throws SystemException { 1082 1083 return search( 1084 companyId, name, description, types, 1085 new LinkedHashMap<String, Object>(), start, end, obc); 1086 } 1087 1088 /** 1089 * Returns an ordered range of all the roles that match the name, 1090 * description, types, and params. 1091 * 1092 * <p> 1093 * Useful when paginating results. Returns a maximum of <code>end - 1094 * start</code> instances. <code>start</code> and <code>end</code> are not 1095 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1096 * refers to the first result in the set. Setting both <code>start</code> 1097 * and <code>end</code> to {@link 1098 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1099 * result set. 1100 * </p> 1101 * 1102 * @param companyId the primary key of the company 1103 * @param name the role's name (optionally <code>null</code>) 1104 * @param description the role's description (optionally <code>null</code>) 1105 * @param types the role types (optionally <code>null</code>) 1106 * @param params the finder's parameters. Can specify values for the 1107 * "usersRoles" key. For more information, see {@link 1108 * com.liferay.portal.service.persistence.RoleFinder} 1109 * @param start the lower bound of the range of the roles to return 1110 * @param end the upper bound of the range of the roles to return (not 1111 * inclusive) 1112 * @param obc the comparator to order the roles (optionally 1113 * <code>null</code>) 1114 * @return the ordered range of the matching roles, ordered by 1115 * <code>obc</code> 1116 * @throws SystemException if a system exception occurred 1117 * @see com.liferay.portal.service.persistence.RoleFinder 1118 */ 1119 public List<Role> search( 1120 long companyId, String name, String description, Integer[] types, 1121 LinkedHashMap<String, Object> params, int start, int end, 1122 OrderByComparator obc) 1123 throws SystemException { 1124 1125 return roleFinder.findByC_N_D_T( 1126 companyId, name, description, types, params, true, start, end, obc); 1127 } 1128 1129 /** 1130 * Returns the number of roles that match the keywords and types. 1131 * 1132 * @param companyId the primary key of the company 1133 * @param keywords the keywords (space separated), which may occur in the 1134 * role's name or description (optionally <code>null</code>) 1135 * @param types the role types (optionally <code>null</code>) 1136 * @return the number of matching roles 1137 * @throws SystemException if a system exception occurred 1138 */ 1139 public int searchCount(long companyId, String keywords, Integer[] types) 1140 throws SystemException { 1141 1142 return searchCount( 1143 companyId, keywords, types, new LinkedHashMap<String, Object>()); 1144 } 1145 1146 /** 1147 * Returns the number of roles that match the keywords, types and params. 1148 * 1149 * @param companyId the primary key of the company 1150 * @param keywords the keywords (space separated), which may occur in the 1151 * role's name or description (optionally <code>null</code>) 1152 * @param types the role types (optionally <code>null</code>) 1153 * @param params the finder parameters. For more information, see {@link 1154 * com.liferay.portal.service.persistence.RoleFinder} 1155 * @return the number of matching roles 1156 * @throws SystemException if a system exception occurred 1157 */ 1158 public int searchCount( 1159 long companyId, String keywords, Integer[] types, 1160 LinkedHashMap<String, Object> params) 1161 throws SystemException { 1162 1163 return roleFinder.countByKeywords(companyId, keywords, types, params); 1164 } 1165 1166 /** 1167 * Returns the number of roles that match the name, description, and types. 1168 * 1169 * @param companyId the primary key of the company 1170 * @param name the role's name (optionally <code>null</code>) 1171 * @param description the role's description (optionally <code>null</code>) 1172 * @param types the role types (optionally <code>null</code>) 1173 * @return the number of matching roles 1174 * @throws SystemException if a system exception occurred 1175 */ 1176 public int searchCount( 1177 long companyId, String name, String description, Integer[] types) 1178 throws SystemException { 1179 1180 return searchCount( 1181 companyId, name, description, types, 1182 new LinkedHashMap<String, Object>()); 1183 } 1184 1185 /** 1186 * Returns the number of roles that match the name, description, types, and 1187 * params. 1188 * 1189 * @param companyId the primary key of the company 1190 * @param name the role's name (optionally <code>null</code>) 1191 * @param description the role's description (optionally <code>null</code>) 1192 * @param types the role types (optionally <code>null</code>) 1193 * @param params the finder parameters. Can specify values for the 1194 * "usersRoles" key. For more information, see {@link 1195 * com.liferay.portal.service.persistence.RoleFinder} 1196 * @return the number of matching roles 1197 * @throws SystemException if a system exception occurred 1198 */ 1199 public int searchCount( 1200 long companyId, String name, String description, Integer[] types, 1201 LinkedHashMap<String, Object> params) 1202 throws SystemException { 1203 1204 return roleFinder.countByC_N_D_T( 1205 companyId, name, description, types, params, true); 1206 } 1207 1208 /** 1209 * Sets the roles associated with the user, replacing the user's existing 1210 * roles. The user is reindexed after the roles are set. 1211 * 1212 * @param userId the primary key of the user 1213 * @param roleIds the primary keys of the roles 1214 * @throws PortalException if a user with the primary could not be found or 1215 * if any one of the roles with the primary keys could not be found 1216 * @throws SystemException if a system exception occurred 1217 */ 1218 @Override 1219 public void setUserRoles(long userId, long[] roleIds) 1220 throws PortalException, SystemException { 1221 1222 roleIds = UsersAdminUtil.addRequiredRoles(userId, roleIds); 1223 1224 userPersistence.setRoles(userId, roleIds); 1225 1226 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 1227 1228 indexer.reindex(userId); 1229 1230 PermissionCacheUtil.clearCache(); 1231 } 1232 1233 /** 1234 * Removes the matching roles associated with the user. The user is 1235 * reindexed after the roles are removed. 1236 * 1237 * @param userId the primary key of the user 1238 * @param roleIds the primary keys of the roles 1239 * @throws PortalException if a user with the primary key could not be found 1240 * or if a role with any one of the primary keys could not be found 1241 * @throws SystemException if a system exception occurred 1242 */ 1243 public void unsetUserRoles(long userId, long[] roleIds) 1244 throws PortalException, SystemException { 1245 1246 roleIds = UsersAdminUtil.removeRequiredRoles(userId, roleIds); 1247 1248 userPersistence.removeRoles(userId, roleIds); 1249 1250 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 1251 1252 indexer.reindex(userId); 1253 1254 PermissionCacheUtil.clearCache(); 1255 } 1256 1257 /** 1258 * Updates the role with the primary key. 1259 * 1260 * @param roleId the primary key of the role 1261 * @param name the role's new name 1262 * @param titleMap the new localized titles (optionally <code>null</code>) 1263 * to replace those existing for the role 1264 * @param descriptionMap the new localized descriptions (optionally 1265 * <code>null</code>) to replace those existing for the role 1266 * @param subtype the role's new subtype (optionally <code>null</code>) 1267 * @param serviceContext the service context to be applied (optionally 1268 * <code>null</code>). Can set expando bridge attributes for the 1269 * role. 1270 * @return the role with the primary key 1271 * @throws PortalException if a role with the primary could not be found or 1272 * if the role's name was invalid 1273 * @throws SystemException if a system exception occurred 1274 */ 1275 public Role updateRole( 1276 long roleId, String name, Map<Locale, String> titleMap, 1277 Map<Locale, String> descriptionMap, String subtype, 1278 ServiceContext serviceContext) 1279 throws PortalException, SystemException { 1280 1281 Role role = rolePersistence.findByPrimaryKey(roleId); 1282 1283 validate(roleId, role.getCompanyId(), role.getClassNameId(), name); 1284 1285 if (PortalUtil.isSystemRole(role.getName())) { 1286 name = role.getName(); 1287 subtype = null; 1288 } 1289 1290 role.setModifiedDate(new Date()); 1291 role.setName(name); 1292 role.setTitleMap(titleMap); 1293 role.setDescriptionMap(descriptionMap); 1294 role.setSubtype(subtype); 1295 role.setExpandoBridgeAttributes(serviceContext); 1296 1297 rolePersistence.update(role); 1298 1299 return role; 1300 } 1301 1302 protected void checkSystemRole( 1303 long companyId, String name, Map<Locale, String> descriptionMap, 1304 int type) 1305 throws PortalException, SystemException { 1306 1307 String companyIdHexString = StringUtil.toHexString(companyId); 1308 1309 String key = companyIdHexString.concat(name); 1310 1311 Role role = _systemRolesMap.get(key); 1312 1313 try { 1314 if (role == null) { 1315 role = rolePersistence.findByC_N(companyId, name); 1316 } 1317 1318 if (!descriptionMap.equals(role.getDescriptionMap())) { 1319 role.setDescriptionMap(descriptionMap); 1320 1321 roleLocalService.updateRole(role); 1322 } 1323 } 1324 catch (NoSuchRoleException nsre) { 1325 User user = userLocalService.getDefaultUser(companyId); 1326 1327 role = roleLocalService.addRole( 1328 user.getUserId(), null, 0, name, null, descriptionMap, type, 1329 null, null); 1330 1331 if (name.equals(RoleConstants.USER)) { 1332 initPersonalControlPanelPortletsPermissions(role); 1333 } 1334 } 1335 1336 _systemRolesMap.put(key, role); 1337 } 1338 1339 protected String[] getDefaultControlPanelPortlets() { 1340 return new String[] { 1341 PortletKeys.MY_ACCOUNT, PortletKeys.MY_PAGES, 1342 PortletKeys.MY_WORKFLOW_INSTANCES, PortletKeys.MY_WORKFLOW_TASKS 1343 }; 1344 } 1345 1346 protected void initPersonalControlPanelPortletsPermissions(Role role) 1347 throws PortalException, SystemException { 1348 1349 for (String portletId : getDefaultControlPanelPortlets()) { 1350 int count = resourcePermissionPersistence.countByC_N_S_P_R( 1351 role.getCompanyId(), portletId, ResourceConstants.SCOPE_COMPANY, 1352 String.valueOf(role.getCompanyId()), role.getRoleId()); 1353 1354 if (count > 0) { 1355 continue; 1356 } 1357 1358 ResourceAction resourceAction = 1359 resourceActionLocalService.fetchResourceAction( 1360 portletId, ActionKeys.ACCESS_IN_CONTROL_PANEL); 1361 1362 if (resourceAction == null) { 1363 continue; 1364 } 1365 1366 setRolePermissions( 1367 role, portletId, 1368 new String[] { 1369 ActionKeys.ACCESS_IN_CONTROL_PANEL 1370 }); 1371 } 1372 } 1373 1374 protected void setRolePermissions( 1375 Role role, String name, String[] actionIds) 1376 throws PortalException, SystemException { 1377 1378 if (resourceBlockLocalService.isSupported(name)) { 1379 resourceBlockLocalService.setCompanyScopePermissions( 1380 role.getCompanyId(), name, role.getRoleId(), 1381 Arrays.asList(actionIds)); 1382 } 1383 else { 1384 resourcePermissionLocalService.setResourcePermissions( 1385 role.getCompanyId(), name, ResourceConstants.SCOPE_COMPANY, 1386 String.valueOf(role.getCompanyId()), role.getRoleId(), 1387 actionIds); 1388 } 1389 } 1390 1391 protected void validate( 1392 long roleId, long companyId, long classNameId, String name) 1393 throws PortalException, SystemException { 1394 1395 if (classNameId == PortalUtil.getClassNameId(Role.class)) { 1396 if (Validator.isNull(name) || 1397 (name.indexOf(CharPool.COMMA) != -1) || 1398 (name.indexOf(CharPool.STAR) != -1)) { 1399 1400 throw new RoleNameException(); 1401 } 1402 1403 if (Validator.isNumber(name) && 1404 !PropsValues.ROLES_NAME_ALLOW_NUMERIC) { 1405 1406 throw new RoleNameException(); 1407 } 1408 } 1409 1410 try { 1411 Role role = roleFinder.findByC_N(companyId, name); 1412 1413 if (role.getRoleId() != roleId) { 1414 throw new DuplicateRoleException(); 1415 } 1416 } 1417 catch (NoSuchRoleException nsre) { 1418 } 1419 } 1420 1421 private Map<String, Role> _systemRolesMap = new HashMap<String, Role>(); 1422 1423 }