001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.portletconfiguration.action;
016    
017    import com.liferay.portal.kernel.servlet.SessionErrors;
018    import com.liferay.portal.kernel.util.GetterUtil;
019    import com.liferay.portal.kernel.util.ParamUtil;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.kernel.util.Validator;
022    import com.liferay.portal.model.Layout;
023    import com.liferay.portal.model.Portlet;
024    import com.liferay.portal.model.PortletConstants;
025    import com.liferay.portal.security.auth.PrincipalException;
026    import com.liferay.portal.security.permission.PermissionPropagator;
027    import com.liferay.portal.service.LayoutLocalServiceUtil;
028    import com.liferay.portal.service.PermissionServiceUtil;
029    import com.liferay.portal.service.PortletLocalServiceUtil;
030    import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
031    import com.liferay.portal.service.ResourceBlockServiceUtil;
032    import com.liferay.portal.service.ResourcePermissionServiceUtil;
033    import com.liferay.portal.theme.ThemeDisplay;
034    import com.liferay.portal.util.PropsValues;
035    import com.liferay.portal.util.WebKeys;
036    
037    import java.util.ArrayList;
038    import java.util.Date;
039    import java.util.Enumeration;
040    import java.util.HashMap;
041    import java.util.List;
042    import java.util.Map;
043    
044    import javax.portlet.ActionRequest;
045    import javax.portlet.ActionResponse;
046    import javax.portlet.PortletConfig;
047    import javax.portlet.RenderRequest;
048    import javax.portlet.RenderResponse;
049    
050    import org.apache.struts.action.ActionForm;
051    import org.apache.struts.action.ActionForward;
052    import org.apache.struts.action.ActionMapping;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Connor McKay
057     */
058    public class EditPermissionsAction extends EditConfigurationAction {
059    
060            @Override
061            public void processAction(
062                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
063                            ActionRequest actionRequest, ActionResponse actionResponse)
064                    throws Exception {
065    
066                    try {
067                            updateRolePermissions(actionRequest);
068    
069                            addSuccessMessage(actionRequest, actionResponse);
070                    }
071                    catch (Exception e) {
072                            if (e instanceof PrincipalException) {
073                                    SessionErrors.add(actionRequest, e.getClass());
074    
075                                    setForward(
076                                            actionRequest, "portlet.portlet_configuration.error");
077                            }
078                            else {
079                                    throw e;
080                            }
081                    }
082            }
083    
084            @Override
085            public ActionForward render(
086                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
087                            RenderRequest renderRequest, RenderResponse renderResponse)
088                    throws Exception {
089    
090                    ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
091                            WebKeys.THEME_DISPLAY);
092    
093                    long groupId = ParamUtil.getLong(
094                            renderRequest, "resourceGroupId", themeDisplay.getScopeGroupId());
095    
096                    String portletResource = ParamUtil.getString(
097                            renderRequest, "portletResource");
098                    String modelResource = ParamUtil.getString(
099                            renderRequest, "modelResource");
100                    String resourcePrimKey = ParamUtil.getString(
101                            renderRequest, "resourcePrimKey");
102    
103                    String selResource = portletResource;
104    
105                    if (Validator.isNotNull(modelResource)) {
106                            selResource = modelResource;
107                    }
108    
109                    try {
110                            PermissionServiceUtil.checkPermission(
111                                    groupId, selResource, resourcePrimKey);
112                    }
113                    catch (PrincipalException pe) {
114                            SessionErrors.add(
115                                    renderRequest, PrincipalException.class.getName());
116    
117                            setForward(renderRequest, "portlet.portlet_configuration.error");
118                    }
119    
120                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
121                            themeDisplay.getCompanyId(), portletResource);
122    
123                    if (portlet != null) {
124                            renderResponse.setTitle(getTitle(portlet, renderRequest));
125                    }
126    
127                    return mapping.findForward(
128                            getForward(
129                                    renderRequest,
130                                    "portlet.portlet_configuration.edit_permissions"));
131            }
132    
133            protected String[] getActionIds(
134                    ActionRequest actionRequest, long roleId, boolean includePreselected) {
135    
136                    List<String> actionIds = getActionIdsList(
137                            actionRequest, roleId, includePreselected);
138    
139                    return actionIds.toArray(new String[actionIds.size()]);
140            }
141    
142            protected List<String> getActionIdsList(
143                    ActionRequest actionRequest, long roleId, boolean includePreselected) {
144    
145                    List<String> actionIds = new ArrayList<String>();
146    
147                    Enumeration<String> enu = actionRequest.getParameterNames();
148    
149                    while (enu.hasMoreElements()) {
150                            String name = enu.nextElement();
151    
152                            if (name.startsWith(roleId + "_ACTION_")) {
153                                    int pos = name.indexOf("_ACTION_");
154    
155                                    String actionId = name.substring(pos + 8);
156    
157                                    actionIds.add(actionId);
158                            }
159                            else if (includePreselected &&
160                                             name.startsWith(roleId + "_PRESELECTED_")) {
161    
162                                    int pos = name.indexOf("_PRESELECTED_");
163    
164                                    String actionId = name.substring(pos + 13);
165    
166                                    actionIds.add(actionId);
167                            }
168                    }
169    
170                    return actionIds;
171            }
172    
173            protected void updateRolePermissions(ActionRequest actionRequest)
174                    throws Exception {
175    
176                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
177                            WebKeys.THEME_DISPLAY);
178    
179                    String portletResource = ParamUtil.getString(
180                            actionRequest, "portletResource");
181                    String modelResource = ParamUtil.getString(
182                            actionRequest, "modelResource");
183                    long[] roleIds = StringUtil.split(
184                            ParamUtil.getString(
185                                    actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
186    
187                    String selResource = PortletConstants.getRootPortletId(portletResource);
188    
189                    if (Validator.isNotNull(modelResource)) {
190                            selResource = modelResource;
191                    }
192    
193                    long resourceGroupId = ParamUtil.getLong(
194                            actionRequest, "resourceGroupId", themeDisplay.getScopeGroupId());
195                    String resourcePrimKey = ParamUtil.getString(
196                            actionRequest, "resourcePrimKey");
197    
198                    Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
199    
200                    if (ResourceBlockLocalServiceUtil.isSupported(selResource)) {
201                            for (long roleId : roleIds) {
202                                    List<String> actionIds = getActionIdsList(
203                                            actionRequest, roleId, true);
204    
205                                    roleIdsToActionIds.put(
206                                            roleId, actionIds.toArray(new String[actionIds.size()]));
207                            }
208    
209                            ResourceBlockServiceUtil.setIndividualScopePermissions(
210                                    themeDisplay.getCompanyId(), resourceGroupId, selResource,
211                                    GetterUtil.getLong(resourcePrimKey), roleIdsToActionIds);
212                    }
213                    else {
214                            for (long roleId : roleIds) {
215                                    String[] actionIds = getActionIds(actionRequest, roleId, false);
216    
217                                    roleIdsToActionIds.put(roleId, actionIds);
218                            }
219    
220                            ResourcePermissionServiceUtil.setIndividualResourcePermissions(
221                                    resourceGroupId, themeDisplay.getCompanyId(), selResource,
222                                    resourcePrimKey, roleIdsToActionIds);
223                    }
224    
225                    int pos = resourcePrimKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
226    
227                    if (pos != -1) {
228                            long plid = GetterUtil.getLong(resourcePrimKey.substring(0, pos));
229    
230                            Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
231    
232                            if (layout != null) {
233                                    layout.setModifiedDate(new Date());
234    
235                                    LayoutLocalServiceUtil.updateLayout(layout);
236                            }
237                    }
238    
239                    if (PropsValues.PERMISSIONS_PROPAGATION_ENABLED) {
240                            Portlet portlet = PortletLocalServiceUtil.getPortletById(
241                                    themeDisplay.getCompanyId(), portletResource);
242    
243                            PermissionPropagator permissionPropagator =
244                                    portlet.getPermissionPropagatorInstance();
245    
246                            if (permissionPropagator != null) {
247                                    permissionPropagator.propagateRolePermissions(
248                                            actionRequest, modelResource, resourcePrimKey, roleIds);
249                            }
250                    }
251            }
252    
253    }