001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.ResourceActionsException;
018 import com.liferay.portal.kernel.bean.BeanPropertiesUtil;
019 import com.liferay.portal.kernel.exception.PortalException;
020 import com.liferay.portal.kernel.exception.SystemException;
021 import com.liferay.portal.kernel.log.Log;
022 import com.liferay.portal.kernel.log.LogFactoryUtil;
023 import com.liferay.portal.kernel.search.SearchEngineUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.model.AuditedModel;
026 import com.liferay.portal.model.GroupedModel;
027 import com.liferay.portal.model.PermissionedModel;
028 import com.liferay.portal.model.Resource;
029 import com.liferay.portal.model.ResourceConstants;
030 import com.liferay.portal.model.ResourcePermission;
031 import com.liferay.portal.model.Role;
032 import com.liferay.portal.model.RoleConstants;
033 import com.liferay.portal.model.impl.ResourceImpl;
034 import com.liferay.portal.security.permission.PermissionCacheUtil;
035 import com.liferay.portal.security.permission.PermissionThreadLocal;
036 import com.liferay.portal.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.service.ServiceContext;
038 import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
039 import com.liferay.portal.util.ResourcePermissionsThreadLocal;
040
041 import java.util.Arrays;
042 import java.util.Iterator;
043 import java.util.List;
044
045 import org.apache.commons.lang.time.StopWatch;
046
047
095 public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
096
097
142 public void addModelResources(
143 AuditedModel auditedModel, ServiceContext serviceContext)
144 throws PortalException, SystemException {
145
146 if (serviceContext.isAddGroupPermissions() ||
147 serviceContext.isAddGuestPermissions()) {
148
149 addResources(
150 auditedModel.getCompanyId(), getGroupId(auditedModel),
151 auditedModel.getUserId(), auditedModel.getModelClassName(),
152 String.valueOf(auditedModel.getPrimaryKeyObj()), false,
153 serviceContext.isAddGroupPermissions(),
154 serviceContext.isAddGuestPermissions(),
155 getPermissionedModel(auditedModel));
156 }
157 else {
158 if (serviceContext.isDeriveDefaultPermissions()) {
159 serviceContext.deriveDefaultPermissions(
160 getGroupId(auditedModel), auditedModel.getModelClassName());
161 }
162
163 addModelResources(
164 auditedModel.getCompanyId(), getGroupId(auditedModel),
165 auditedModel.getUserId(), auditedModel.getModelClassName(),
166 String.valueOf(auditedModel.getPrimaryKeyObj()),
167 serviceContext.getGroupPermissions(),
168 serviceContext.getGuestPermissions(),
169 getPermissionedModel(auditedModel));
170 }
171 }
172
173
191 public void addModelResources(
192 long companyId, long groupId, long userId, String name,
193 long primKey, String[] groupPermissions, String[] guestPermissions)
194 throws PortalException, SystemException {
195
196 addModelResources(
197 companyId, groupId, userId, name, String.valueOf(primKey),
198 groupPermissions, guestPermissions, null);
199 }
200
201
219 public void addModelResources(
220 long companyId, long groupId, long userId, String name,
221 String primKey, String[] groupPermissions,
222 String[] guestPermissions)
223 throws PortalException, SystemException {
224
225 addModelResources(
226 companyId, groupId, userId, name, primKey, groupPermissions,
227 guestPermissions, null);
228 }
229
230
251 public void addResources(
252 long companyId, long groupId, long userId, String name,
253 long primKey, boolean portletActions, boolean addGroupPermissions,
254 boolean addGuestPermissions)
255 throws PortalException, SystemException {
256
257 addResources(
258 companyId, groupId, userId, name, String.valueOf(primKey),
259 portletActions, addGroupPermissions, addGuestPermissions, null);
260 }
261
262
283 public void addResources(
284 long companyId, long groupId, long userId, String name,
285 String primKey, boolean portletActions, boolean addGroupPermissions,
286 boolean addGuestPermissions)
287 throws PortalException, SystemException {
288
289 addResources(
290 companyId, groupId, userId, name, primKey, portletActions,
291 addGroupPermissions, addGuestPermissions, null);
292 }
293
294
308 public void addResources(
309 long companyId, long groupId, String name, boolean portletActions)
310 throws PortalException, SystemException {
311
312 addResources(
313 companyId, groupId, 0, name, null, portletActions, false, false);
314 }
315
316
325 public void deleteResource(AuditedModel auditedModel, int scope)
326 throws PortalException, SystemException {
327
328 deleteResource(
329 auditedModel.getCompanyId(), auditedModel.getModelClassName(),
330 scope, String.valueOf(auditedModel.getPrimaryKeyObj()),
331 getPermissionedModel(auditedModel));
332 }
333
334
346 public void deleteResource(
347 long companyId, String name, int scope, long primKey)
348 throws PortalException, SystemException {
349
350 deleteResource(companyId, name, scope, String.valueOf(primKey), null);
351 }
352
353
365 public void deleteResource(
366 long companyId, String name, int scope, String primKey)
367 throws PortalException, SystemException {
368
369 deleteResource(companyId, name, scope, primKey, null);
370 }
371
372
383 public Resource getResource(
384 long companyId, String name, int scope, String primKey) {
385
386 Resource resource = new ResourceImpl();
387
388 resource.setCompanyId(companyId);
389 resource.setName(name);
390 resource.setScope(scope);
391 resource.setPrimKey(primKey);
392
393 return resource;
394 }
395
396
416 public boolean hasUserPermissions(
417 long userId, long resourceId, List<Resource> resources,
418 String actionId, long[] roleIds)
419 throws PortalException, SystemException {
420
421 StopWatch stopWatch = null;
422
423 if (_log.isDebugEnabled()) {
424 stopWatch = new StopWatch();
425
426 stopWatch.start();
427 }
428
429 int block = 1;
430
431 boolean hasUserPermissions =
432 resourcePermissionLocalService.hasResourcePermission(
433 resources, roleIds, actionId);
434
435 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
436
437 return hasUserPermissions;
438 }
439
440
450 public void updateModelResources(
451 AuditedModel auditedModel, ServiceContext serviceContext)
452 throws PortalException, SystemException {
453
454 updateResources(
455 auditedModel.getCompanyId(), getGroupId(auditedModel),
456 auditedModel.getModelClassName(),
457 String.valueOf(auditedModel.getPrimaryKeyObj()),
458 serviceContext.getGroupPermissions(),
459 serviceContext.getGuestPermissions(),
460 getPermissionedModel(auditedModel));
461 }
462
463
477 public void updateResources(
478 long companyId, long groupId, String name, long primKey,
479 String[] groupPermissions, String[] guestPermissions)
480 throws PortalException, SystemException {
481
482 updateResources(
483 companyId, groupId, name, String.valueOf(primKey), groupPermissions,
484 guestPermissions, null);
485 }
486
487
501 public void updateResources(
502 long companyId, long groupId, String name, String primKey,
503 String[] groupPermissions, String[] guestPermissions)
504 throws PortalException, SystemException {
505
506 updateResources(
507 companyId, groupId, name, primKey, groupPermissions,
508 guestPermissions, null);
509 }
510
511
525 public void updateResources(
526 long companyId, String name, int scope, String primKey,
527 String newPrimKey)
528 throws SystemException {
529
530 if (resourceBlockLocalService.isSupported(name)) {
531
532
533
534
535
536 }
537 else {
538 updateResourcePermissions(
539 companyId, name, scope, primKey, newPrimKey);
540 }
541 }
542
543 protected void addGroupPermissions(
544 long companyId, long groupId, long userId, String name,
545 Resource resource, boolean portletActions,
546 PermissionedModel permissionedModel)
547 throws PortalException, SystemException {
548
549 List<String> actions = null;
550
551 if (portletActions) {
552 actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
553 name);
554 }
555 else {
556 actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
557 name);
558 }
559
560 String[] actionIds = actions.toArray(new String[actions.size()]);
561
562 if (resourceBlockLocalService.isSupported(name)) {
563 addGroupPermissionsBlocks(
564 groupId, resource, actions, permissionedModel);
565 }
566 else {
567 addGroupPermissions(groupId, resource, actionIds);
568 }
569 }
570
571 protected void addGroupPermissions(
572 long groupId, Resource resource, String[] actionIds)
573 throws PortalException, SystemException {
574
575 Role role = roleLocalService.getDefaultGroupRole(groupId);
576
577 resourcePermissionLocalService.setResourcePermissions(
578 resource.getCompanyId(), resource.getName(), resource.getScope(),
579 resource.getPrimKey(), role.getRoleId(), actionIds);
580 }
581
582 protected void addGroupPermissionsBlocks(
583 long groupId, Resource resource, List<String> actionIds,
584 PermissionedModel permissionedModel)
585 throws PortalException, SystemException {
586
587 if (permissionedModel == null) {
588 throw new IllegalArgumentException("Permissioned model is null");
589 }
590
591
592
593 Role role = roleLocalService.getDefaultGroupRole(groupId);
594
595 resourceBlockLocalService.setIndividualScopePermissions(
596 resource.getCompanyId(), groupId, resource.getName(),
597 permissionedModel, role.getRoleId(), actionIds);
598 }
599
600 protected void addGuestPermissions(
601 long companyId, long groupId, long userId, String name,
602 Resource resource, boolean portletActions,
603 PermissionedModel permissionedModel)
604 throws PortalException, SystemException {
605
606 List<String> actions = null;
607
608 if (portletActions) {
609 actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
610 name);
611 }
612 else {
613 actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
614 name);
615 }
616
617 String[] actionIds = actions.toArray(new String[actions.size()]);
618
619 if (resourceBlockLocalService.isSupported(name)) {
620 addGuestPermissionsBlocks(
621 companyId, groupId, resource, actions, permissionedModel);
622 }
623 else {
624 addGuestPermissions(companyId, resource, actionIds);
625 }
626 }
627
628 protected void addGuestPermissions(
629 long companyId, Resource resource, String[] actionIds)
630 throws PortalException, SystemException {
631
632 Role guestRole = roleLocalService.getRole(
633 companyId, RoleConstants.GUEST);
634
635 resourcePermissionLocalService.setResourcePermissions(
636 resource.getCompanyId(), resource.getName(), resource.getScope(),
637 resource.getPrimKey(), guestRole.getRoleId(), actionIds);
638 }
639
640 protected void addGuestPermissionsBlocks(
641 long companyId, long groupId, Resource resource,
642 List<String> actionIds, PermissionedModel permissionedModel)
643 throws PortalException, SystemException {
644
645 if (permissionedModel == null) {
646 throw new IllegalArgumentException("Permissioned model is null");
647 }
648
649
650
651 Role guestRole = roleLocalService.getRole(
652 companyId, RoleConstants.GUEST);
653
654 resourceBlockLocalService.setIndividualScopePermissions(
655 resource.getCompanyId(), groupId, resource.getName(),
656 permissionedModel, guestRole.getRoleId(), actionIds);
657 }
658
659 protected void addModelResources(
660 long companyId, long groupId, long userId, Resource resource,
661 String[] groupPermissions, String[] guestPermissions,
662 PermissionedModel permissionedModel)
663 throws PortalException, SystemException {
664
665
666
667 Role ownerRole = roleLocalService.getRole(
668 companyId, RoleConstants.OWNER);
669
670 List<String> ownerActionIds =
671 ResourceActionsUtil.getModelResourceActions(resource.getName());
672
673 ownerActionIds = ListUtil.copy(ownerActionIds);
674
675 filterOwnerActions(resource.getName(), ownerActionIds);
676
677 String[] ownerPermissions = ownerActionIds.toArray(
678 new String[ownerActionIds.size()]);
679
680
681
682 Role defaultGroupRole = null;
683
684 if (groupId > 0) {
685 defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
686
687 if (groupPermissions == null) {
688 groupPermissions = new String[0];
689 }
690 }
691
692
693
694 Role guestRole = roleLocalService.getRole(
695 companyId, RoleConstants.GUEST);
696
697 if (guestPermissions == null) {
698 guestPermissions = new String[0];
699 }
700
701 if (resourceBlockLocalService.isSupported(resource.getName())) {
702
703 if (permissionedModel == null) {
704 throw new IllegalArgumentException(
705 "Permissioned model is null");
706 }
707
708
709
710 resourceBlockLocalService.setIndividualScopePermissions(
711 resource.getCompanyId(), groupId, resource.getName(),
712 permissionedModel, ownerRole.getRoleId(), ownerActionIds);
713
714 if (groupId > 0) {
715 resourceBlockLocalService.setIndividualScopePermissions(
716 resource.getCompanyId(), groupId, resource.getName(),
717 permissionedModel, defaultGroupRole.getRoleId(),
718 Arrays.asList(groupPermissions));
719 }
720
721 resourceBlockLocalService.setIndividualScopePermissions(
722 resource.getCompanyId(), groupId, resource.getName(),
723 permissionedModel, guestRole.getRoleId(),
724 Arrays.asList(guestPermissions));
725 }
726 else {
727 resourcePermissionLocalService.setOwnerResourcePermissions(
728 resource.getCompanyId(), resource.getName(),
729 resource.getScope(), resource.getPrimKey(),
730 ownerRole.getRoleId(), userId, ownerPermissions);
731
732 if (groupId > 0) {
733 resourcePermissionLocalService.setResourcePermissions(
734 resource.getCompanyId(), resource.getName(),
735 resource.getScope(), resource.getPrimKey(),
736 defaultGroupRole.getRoleId(), groupPermissions);
737 }
738
739 resourcePermissionLocalService.setResourcePermissions(
740 resource.getCompanyId(), resource.getName(),
741 resource.getScope(), resource.getPrimKey(),
742 guestRole.getRoleId(), guestPermissions);
743 }
744 }
745
746 protected void addModelResources(
747 long companyId, long groupId, long userId, String name,
748 String primKey, String[] groupPermissions,
749 String[] guestPermissions, PermissionedModel permissionedModel)
750 throws PortalException, SystemException {
751
752 if (!PermissionThreadLocal.isAddResource()) {
753 return;
754 }
755
756 validate(name, false);
757
758 if (primKey == null) {
759 return;
760 }
761
762
763
764 Resource resource = getResource(
765 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
766
767
768
769 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
770
771 PermissionThreadLocal.setIndexEnabled(false);
772
773 try {
774 addModelResources(
775 companyId, groupId, userId, resource, groupPermissions,
776 guestPermissions, permissionedModel);
777 }
778 finally {
779 PermissionThreadLocal.setIndexEnabled(flushEnabled);
780
781 PermissionCacheUtil.clearCache();
782
783 SearchEngineUtil.updatePermissionFields(name, primKey);
784 }
785 }
786
787 protected void addResources(
788 long companyId, long groupId, long userId, Resource resource,
789 boolean portletActions, PermissionedModel permissionedModel)
790 throws PortalException, SystemException {
791
792 List<String> actionIds = null;
793
794 if (portletActions) {
795 actionIds = ResourceActionsUtil.getPortletResourceActions(
796 resource.getName());
797 }
798 else {
799 actionIds = ResourceActionsUtil.getModelResourceActions(
800 resource.getName());
801
802 actionIds = ListUtil.copy(actionIds);
803
804 filterOwnerActions(resource.getName(), actionIds);
805 }
806
807 Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
808
809 if (resourceBlockLocalService.isSupported(resource.getName())) {
810 if (permissionedModel == null) {
811 throw new IllegalArgumentException(
812 "Permissioned model is null");
813 }
814
815
816
817 resourceBlockLocalService.setIndividualScopePermissions(
818 resource.getCompanyId(), groupId, resource.getName(),
819 permissionedModel, role.getRoleId(), actionIds);
820 }
821 else {
822 resourcePermissionLocalService.setOwnerResourcePermissions(
823 resource.getCompanyId(), resource.getName(),
824 resource.getScope(), resource.getPrimKey(), role.getRoleId(),
825 userId, actionIds.toArray(new String[actionIds.size()]));
826 }
827 }
828
829 protected void addResources(
830 long companyId, long groupId, long userId, String name,
831 String primKey, boolean portletActions, boolean addGroupPermissions,
832 boolean addGuestPermissions, PermissionedModel permissionedModel)
833 throws PortalException, SystemException {
834
835 if (!PermissionThreadLocal.isAddResource()) {
836 return;
837 }
838
839 validate(name, portletActions);
840
841 if (primKey == null) {
842 return;
843 }
844
845
846
847 Resource resource = getResource(
848 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
849
850
851
852 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
853
854 PermissionThreadLocal.setIndexEnabled(false);
855
856 List<ResourcePermission> resourcePermissions =
857 resourcePermissionPersistence.findByC_N_S_P(
858 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
859
860 ResourcePermissionsThreadLocal.setResourcePermissions(
861 resourcePermissions);
862
863 try {
864 addResources(
865 companyId, groupId, userId, resource, portletActions,
866 permissionedModel);
867
868
869
870 if ((groupId > 0) && addGroupPermissions) {
871 addGroupPermissions(
872 companyId, groupId, userId, name, resource, portletActions,
873 permissionedModel);
874 }
875
876
877
878 if (addGuestPermissions) {
879
880
881
882
883 addGuestPermissions(
884 companyId, groupId, userId, name, resource, portletActions,
885 permissionedModel);
886 }
887 }
888 finally {
889 ResourcePermissionsThreadLocal.setResourcePermissions(null);
890
891 PermissionThreadLocal.setIndexEnabled(flushEnabled);
892
893 PermissionCacheUtil.clearCache();
894
895 SearchEngineUtil.updatePermissionFields(name, primKey);
896 }
897 }
898
899 protected void deleteResource(
900 long companyId, String name, int scope, String primKey,
901 PermissionedModel permissionedModel)
902 throws PortalException, SystemException {
903
904 if (resourceBlockLocalService.isSupported(name)) {
905 if (permissionedModel == null) {
906 throw new IllegalArgumentException(
907 "Permissioned model is null");
908 }
909
910 resourceBlockLocalService.releasePermissionedModelResourceBlock(
911 permissionedModel);
912
913 return;
914 }
915
916 resourcePermissionLocalService.deleteResourcePermissions(
917 companyId, name, scope, primKey);
918 }
919
920 protected void filterOwnerActions(String name, List<String> actionIds) {
921 List<String> defaultOwnerActions =
922 ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
923
924 if (defaultOwnerActions.isEmpty()) {
925 return;
926 }
927
928 Iterator<String> itr = actionIds.iterator();
929
930 while (itr.hasNext()) {
931 String actionId = itr.next();
932
933 if (!defaultOwnerActions.contains(actionId)) {
934 itr.remove();
935 }
936 }
937 }
938
939 protected long getGroupId(AuditedModel auditedModel) {
940 long groupId = 0;
941
942 if (auditedModel instanceof GroupedModel) {
943 GroupedModel groupedModel = (GroupedModel)auditedModel;
944
945 groupId = BeanPropertiesUtil.getLongSilent(
946 groupedModel, "resourceGroupId", groupedModel.getGroupId());
947 }
948
949 return groupId;
950 }
951
952 protected PermissionedModel getPermissionedModel(
953 AuditedModel auditedModel) {
954
955 PermissionedModel permissionedModel = null;
956
957 if (auditedModel instanceof PermissionedModel) {
958 permissionedModel = (PermissionedModel)auditedModel;
959 }
960
961 return permissionedModel;
962 }
963
964 protected void logHasUserPermissions(
965 long userId, long resourceId, String actionId, StopWatch stopWatch,
966 int block) {
967
968 if (!_log.isDebugEnabled()) {
969 return;
970 }
971
972 _log.debug(
973 "Checking user permissions block " + block + " for " + userId +
974 " " + resourceId + " " + actionId + " takes " +
975 stopWatch.getTime() + " ms");
976 }
977
978 protected void updateResourceBlocks(
979 long companyId, long groupId, Resource resource,
980 String[] groupPermissions, String[] guestPermissions,
981 PermissionedModel permissionedModel)
982 throws PortalException, SystemException {
983
984 if (permissionedModel == null) {
985 throw new IllegalArgumentException("Permissioned model is null");
986 }
987
988
989
990 Role role = roleLocalService.getDefaultGroupRole(groupId);
991
992 resourceBlockLocalService.setIndividualScopePermissions(
993 companyId, groupId, resource.getName(), permissionedModel,
994 role.getRoleId(), Arrays.asList(groupPermissions));
995
996 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
997
998 resourceBlockLocalService.setIndividualScopePermissions(
999 companyId, groupId, resource.getName(), permissionedModel,
1000 role.getRoleId(), Arrays.asList(guestPermissions));
1001 }
1002
1003 protected void updateResourcePermissions(
1004 long companyId, long groupId, Resource resource,
1005 String[] groupPermissions, String[] guestPermissions)
1006 throws PortalException, SystemException {
1007
1008 Role role = roleLocalService.getDefaultGroupRole(groupId);
1009
1010 resourcePermissionLocalService.setResourcePermissions(
1011 resource.getCompanyId(), resource.getName(), resource.getScope(),
1012 resource.getPrimKey(), role.getRoleId(), groupPermissions);
1013
1014 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1015
1016 resourcePermissionLocalService.setResourcePermissions(
1017 resource.getCompanyId(), resource.getName(), resource.getScope(),
1018 resource.getPrimKey(), role.getRoleId(), guestPermissions);
1019 }
1020
1021 protected void updateResourcePermissions(
1022 long companyId, String name, int scope, String primKey,
1023 String newPrimKey)
1024 throws SystemException {
1025
1026 List<ResourcePermission> resourcePermissions =
1027 resourcePermissionLocalService.getResourcePermissions(
1028 companyId, name, scope, primKey);
1029
1030 for (ResourcePermission resourcePermission : resourcePermissions) {
1031 resourcePermission.setPrimKey(newPrimKey);
1032
1033 resourcePermissionPersistence.update(resourcePermission);
1034 }
1035 }
1036
1037 protected void updateResources(
1038 long companyId, long groupId, String name, String primKey,
1039 String[] groupPermissions, String[] guestPermissions,
1040 PermissionedModel permissionedModel)
1041 throws PortalException, SystemException {
1042
1043 Resource resource = getResource(
1044 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1045
1046 if (groupPermissions == null) {
1047 groupPermissions = new String[0];
1048 }
1049
1050 if (guestPermissions == null) {
1051 guestPermissions = new String[0];
1052 }
1053
1054 if (resourceBlockLocalService.isSupported(name)) {
1055 updateResourceBlocks(
1056 companyId, groupId, resource, groupPermissions,
1057 guestPermissions, permissionedModel);
1058 }
1059 else {
1060 updateResourcePermissions(
1061 companyId, groupId, resource, groupPermissions,
1062 guestPermissions);
1063 }
1064 }
1065
1066 protected void validate(String name, boolean portletActions)
1067 throws PortalException {
1068
1069 List<String> actions = null;
1070
1071 if (portletActions) {
1072 actions = ResourceActionsUtil.getPortletResourceActions(name);
1073 }
1074 else {
1075 actions = ResourceActionsUtil.getModelResourceActions(name);
1076 }
1077
1078 if (actions.size() == 0) {
1079 throw new ResourceActionsException(
1080 "There are no actions associated with the resource " + name);
1081 }
1082 }
1083
1084 private static Log _log = LogFactoryUtil.getLog(
1085 ResourceLocalServiceImpl.class);
1086
1087 }