001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Role;
021    import com.liferay.portal.model.RoleConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil;
024    import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil;
025    import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil;
026    import com.liferay.portal.security.permission.ActionKeys;
027    import com.liferay.portal.service.ServiceContext;
028    import com.liferay.portal.service.base.RoleServiceBaseImpl;
029    import com.liferay.portal.service.permission.PortalPermissionUtil;
030    import com.liferay.portal.service.permission.RolePermissionUtil;
031    import com.liferay.portal.service.permission.UserPermissionUtil;
032    import com.liferay.portlet.expando.model.ExpandoBridge;
033    
034    import java.io.Serializable;
035    
036    import java.util.ArrayList;
037    import java.util.List;
038    import java.util.Locale;
039    import java.util.Map;
040    
041    /**
042     * Provides the remote service for accessing, adding, unassigning, checking,
043     * deleting, and updating roles. Its methods include permission checks.
044     *
045     * @author Brian Wing Shun Chan
046     */
047    public class RoleServiceImpl extends RoleServiceBaseImpl {
048    
049            /**
050             * Adds a role. The user is reindexed after role is added.
051             *
052             * @param  className the name of the class for which the role is created
053             * @param  classPK the primary key of the class for which the role is
054             *         created (optionally <code>0</code>)
055             * @param  name the role's name
056             * @param  titleMap the role's localized titles (optionally
057             *         <code>null</code>)
058             * @param  descriptionMap the role's localized descriptions (optionally
059             *         <code>null</code>)
060             * @param  type the role's type (optionally <code>0</code>)
061             * @param  subType the role's subtype (optionally <code>null</code>)
062             * @param  serviceContext the service context to be applied (optionally
063             *         <code>null</code>). Can set the expando bridge attributes for the
064             *         role.
065             * @return the role
066             * @throws PortalException if a user with the primary key could not be
067             *         found, if the user did not have permission to add roles, if the
068             *         class name or the role name were invalid, or if the role is a
069             *         duplicate
070             * @throws SystemException if a system exception occurred
071             */
072            public Role addRole(
073                            String className, long classPK, String name,
074                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
075                            int type, String subType, ServiceContext serviceContext)
076                    throws PortalException, SystemException {
077    
078                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
079    
080                    User user = getUser();
081    
082                    Role role = roleLocalService.addRole(
083                            user.getUserId(), className, classPK, name, titleMap,
084                            descriptionMap, type, subType, serviceContext);
085    
086                    if (type == RoleConstants.TYPE_ORGANIZATION) {
087                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
088                    }
089                    else if (type == RoleConstants.TYPE_SITE) {
090                            SiteMembershipPolicyUtil.verifyPolicy(role);
091                    }
092                    else {
093                            RoleMembershipPolicyUtil.verifyPolicy(role);
094                    }
095    
096                    return role;
097            }
098    
099            /**
100             * Adds a role. The user is reindexed after role is added.
101             *
102             * @param      name the role's name
103             * @param      titleMap the role's localized titles (optionally
104             *             <code>null</code>)
105             * @param      descriptionMap the role's localized descriptions (optionally
106             *             <code>null</code>)
107             * @param      type the role's type (optionally <code>0</code>)
108             * @return     the role
109             * @throws     PortalException if a user with the primary key could not be
110             *             found, if the user did not have permission to add roles, if
111             *             the class name or the role name were invalid, or if the role
112             *             is a duplicate
113             * @throws     SystemException if a system exception occurred
114             * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long,
115             *             String, Map, Map, int, String, ServiceContext)}
116             */
117            public Role addRole(
118                            String name, Map<Locale, String> titleMap,
119                            Map<Locale, String> descriptionMap, int type)
120                    throws PortalException, SystemException {
121    
122                    return addRole(
123                            null, 0, name, titleMap, descriptionMap, type, null, null);
124            }
125    
126            /**
127             * Adds the roles to the user. The user is reindexed after the roles are
128             * added.
129             *
130             * @param  userId the primary key of the user
131             * @param  roleIds the primary keys of the roles
132             * @throws PortalException if a user with the primary key could not be found
133             *         or if the user did not have permission to assign members to one
134             *         of the roles
135             * @throws SystemException if a system exception occurred
136             */
137            public void addUserRoles(long userId, long[] roleIds)
138                    throws PortalException, SystemException {
139    
140                    if (roleIds.length == 0) {
141                            return;
142                    }
143    
144                    checkUserRolesPermission(userId, roleIds);
145    
146                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
147    
148                    roleLocalService.addUserRoles(userId, roleIds);
149    
150                    RoleMembershipPolicyUtil.propagateRoles(
151                            new long[] {userId}, roleIds, null);
152            }
153    
154            /**
155             * Deletes the role with the primary key and its associated permissions.
156             *
157             * @param  roleId the primary key of the role
158             * @throws PortalException if the user did not have permission to delete the
159             *         role, if a role with the primary key could not be found, if the
160             *         role is a default system role, or if the role's resource could
161             *         not be found
162             * @throws SystemException if a system exception occurred
163             */
164            public void deleteRole(long roleId)
165                    throws PortalException, SystemException {
166    
167                    RolePermissionUtil.check(
168                            getPermissionChecker(), roleId, ActionKeys.DELETE);
169    
170                    roleLocalService.deleteRole(roleId);
171            }
172    
173            /**
174             * Returns all the roles associated with the group.
175             *
176             * @param  groupId the primary key of the group
177             * @return the roles associated with the group
178             * @throws PortalException if a portal exception occurred
179             * @throws SystemException if a system exception occurred
180             */
181            public List<Role> getGroupRoles(long groupId)
182                    throws PortalException, SystemException {
183    
184                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
185    
186                    return filterRoles(roles);
187            }
188    
189            /**
190             * Returns the role with the primary key.
191             *
192             * @param  roleId the primary key of the role
193             * @return the role with the primary key
194             * @throws PortalException if a role with the primary key could not be found
195             *         or if the user did not have permission to view the role
196             * @throws SystemException if a system exception occurred
197             */
198            public Role getRole(long roleId) throws PortalException, SystemException {
199                    RolePermissionUtil.check(
200                            getPermissionChecker(), roleId, ActionKeys.VIEW);
201    
202                    return roleLocalService.getRole(roleId);
203            }
204    
205            /**
206             * Returns the role with the name in the company.
207             *
208             * <p>
209             * The method searches the system roles map first for default roles. If a
210             * role with the name is not found, then the method will query the database.
211             * </p>
212             *
213             * @param  companyId the primary key of the company
214             * @param  name the role's name
215             * @return the role with the name
216             * @throws PortalException if a role with the name could not be found in the
217             *         company or if the user did not have permission to view the role
218             * @throws SystemException if a system exception occurred
219             */
220            public Role getRole(long companyId, String name)
221                    throws PortalException, SystemException {
222    
223                    Role role = roleLocalService.getRole(companyId, name);
224    
225                    RolePermissionUtil.check(
226                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
227    
228                    return role;
229            }
230    
231            /**
232             * Returns all the user's roles within the user group.
233             *
234             * @param  userId the primary key of the user
235             * @param  groupId the primary key of the group
236             * @return the user's roles within the user group
237             * @throws PortalException if a portal exception occurred
238             * @throws SystemException if a system exception occurred
239             */
240            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
241                    throws PortalException, SystemException {
242    
243                    UserPermissionUtil.check(
244                            getPermissionChecker(), userId, ActionKeys.VIEW);
245    
246                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
247                            userId, groupId);
248    
249                    return filterRoles(roles);
250            }
251    
252            /**
253             * Returns all the user's roles within the user group.
254             *
255             * @param  userId the primary key of the user
256             * @param  groupId the primary key of the group
257             * @return the user's roles within the user group
258             * @throws PortalException if a portal exception occurred
259             * @throws SystemException if a system exception occurred
260             */
261            public List<Role> getUserGroupRoles(long userId, long groupId)
262                    throws PortalException, SystemException {
263    
264                    UserPermissionUtil.check(
265                            getPermissionChecker(), userId, ActionKeys.VIEW);
266    
267                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
268    
269                    return filterRoles(roles);
270            }
271    
272            /**
273             * Returns the union of all the user's roles within the groups.
274             *
275             * @param  userId the primary key of the user
276             * @param  groups the groups (optionally <code>null</code>)
277             * @return the union of all the user's roles within the groups
278             * @throws PortalException if a portal exception occurred
279             * @throws SystemException if a system exception occurred
280             */
281            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
282                    throws PortalException, SystemException {
283    
284                    UserPermissionUtil.check(
285                            getPermissionChecker(), userId, ActionKeys.VIEW);
286    
287                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
288    
289                    return filterRoles(roles);
290            }
291    
292            /**
293             * Returns all the roles associated with the user.
294             *
295             * @param  userId the primary key of the user
296             * @return the roles associated with the user
297             * @throws PortalException if a portal exception occurred
298             * @throws SystemException if a system exception occurred
299             */
300            public List<Role> getUserRoles(long userId)
301                    throws PortalException, SystemException {
302    
303                    UserPermissionUtil.check(
304                            getPermissionChecker(), userId, ActionKeys.VIEW);
305    
306                    List<Role> roles = roleLocalService.getUserRoles(userId);
307    
308                    return filterRoles(roles);
309            }
310    
311            /**
312             * Returns <code>true</code> if the user is associated with the named
313             * regular role.
314             *
315             * @param  userId the primary key of the user
316             * @param  companyId the primary key of the company
317             * @param  name the name of the role
318             * @param  inherited whether to include the user's inherited roles in the
319             *         search
320             * @return <code>true</code> if the user is associated with the regular
321             *         role; <code>false</code> otherwise
322             * @throws PortalException if a role with the name could not be found in the
323             *         company or if a default user for the company could not be found
324             * @throws SystemException if a system exception occurred
325             */
326            public boolean hasUserRole(
327                            long userId, long companyId, String name, boolean inherited)
328                    throws PortalException, SystemException {
329    
330                    UserPermissionUtil.check(
331                            getPermissionChecker(), userId, ActionKeys.VIEW);
332    
333                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
334            }
335    
336            /**
337             * Returns <code>true</code> if the user has any one of the named regular
338             * roles.
339             *
340             * @param  userId the primary key of the user
341             * @param  companyId the primary key of the company
342             * @param  names the names of the roles
343             * @param  inherited whether to include the user's inherited roles in the
344             *         search
345             * @return <code>true</code> if the user has any one of the regular roles;
346             *         <code>false</code> otherwise
347             * @throws PortalException if any one of the roles with the names could not
348             *         be found in the company or if the default user for the company
349             *         could not be found
350             * @throws SystemException if a system exception occurred
351             */
352            public boolean hasUserRoles(
353                            long userId, long companyId, String[] names, boolean inherited)
354                    throws PortalException, SystemException {
355    
356                    UserPermissionUtil.check(
357                            getPermissionChecker(), userId, ActionKeys.VIEW);
358    
359                    return roleLocalService.hasUserRoles(
360                            userId, companyId, names, inherited);
361            }
362    
363            /**
364             * Removes the matching roles associated with the user. The user is
365             * reindexed after the roles are removed.
366             *
367             * @param  userId the primary key of the user
368             * @param  roleIds the primary keys of the roles
369             * @throws PortalException if a user with the primary key could not be
370             *         found, if the user did not have permission to remove members from
371             *         a role, or if a role with any one of the primary keys could not
372             *         be found
373             * @throws SystemException if a system exception occurred
374             */
375            public void unsetUserRoles(long userId, long[] roleIds)
376                    throws PortalException, SystemException {
377    
378                    if (roleIds.length == 0) {
379                            return;
380                    }
381    
382                    checkUserRolesPermission(userId, roleIds);
383    
384                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
385    
386                    roleLocalService.unsetUserRoles(userId, roleIds);
387    
388                    RoleMembershipPolicyUtil.propagateRoles(
389                            new long[] {userId}, null, roleIds);
390            }
391    
392            /**
393             * Updates the role with the primary key.
394             *
395             * @param  roleId the primary key of the role
396             * @param  name the role's new name
397             * @param  titleMap the new localized titles (optionally <code>null</code>)
398             *         to replace those existing for the role
399             * @param  descriptionMap the new localized descriptions (optionally
400             *         <code>null</code>) to replace those existing for the role
401             * @param  subtype the role's new subtype (optionally <code>null</code>)
402             * @param  serviceContext the service context to be applied (optionally
403             *         <code>null</code>). Can set the expando bridge attributes for the
404             *         role.
405             * @return the role with the primary key
406             * @throws PortalException if the user did not have permission to update the
407             *         role, if a role with the primary could not be found, or if the
408             *         role's name was invalid
409             * @throws SystemException if a system exception occurred
410             */
411            public Role updateRole(
412                            long roleId, String name, Map<Locale, String> titleMap,
413                            Map<Locale, String> descriptionMap, String subtype,
414                            ServiceContext serviceContext)
415                    throws PortalException, SystemException {
416    
417                    RolePermissionUtil.check(
418                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
419    
420                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
421    
422                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
423    
424                    Map<String, Serializable> oldExpandoAttributes =
425                            oldExpandoBridge.getAttributes();
426    
427                    Role role = roleLocalService.updateRole(
428                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
429    
430                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
431                            OrganizationMembershipPolicyUtil.verifyPolicy(
432                                    role, oldRole, oldExpandoAttributes);
433                    }
434                    else if (role.getType() == RoleConstants.TYPE_SITE) {
435                            SiteMembershipPolicyUtil.verifyPolicy(
436                                    role, oldRole, oldExpandoAttributes);
437                    }
438                    else {
439                            RoleMembershipPolicyUtil.verifyPolicy(
440                                    role, oldRole, oldExpandoAttributes);
441                    }
442    
443                    return role;
444            }
445    
446            protected void checkUserRolesPermission(long userId, long[] roleIds)
447                    throws PortalException {
448    
449                    for (int i = 0; i < roleIds.length; i++) {
450                            RolePermissionUtil.check(
451                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
452                    }
453            }
454    
455            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
456                    List<Role> filteredRoles = new ArrayList<Role>();
457    
458                    for (Role role : roles) {
459                            if (RolePermissionUtil.contains(
460                                            getPermissionChecker(), role.getRoleId(),
461                                            ActionKeys.VIEW)) {
462    
463                                    filteredRoles.add(role);
464                            }
465                    }
466    
467                    return filteredRoles;
468            }
469    
470    }