001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
018    import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
019    import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.model.Group;
024    import com.liferay.portal.model.Layout;
025    import com.liferay.portal.model.Organization;
026    import com.liferay.portal.model.ResourcePermission;
027    import com.liferay.portal.model.Role;
028    import com.liferay.portal.model.RoleConstants;
029    import com.liferay.portal.security.permission.ActionKeys;
030    import com.liferay.portal.security.permission.PermissionCacheUtil;
031    import com.liferay.portal.security.permission.ResourceActionsUtil;
032    import com.liferay.portal.service.LayoutLocalServiceUtil;
033    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
034    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
035    import com.liferay.portal.service.RoleLocalServiceUtil;
036    import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
037    import com.liferay.portal.util.PortalInstances;
038    
039    import java.util.List;
040    
041    /**
042     * @author Tobias Kaefer
043     * @author Douglas Wong
044     * @author Matthew Kong
045     * @author Raymond Aug??
046     */
047    public class VerifyPermission extends VerifyProcess {
048    
049            protected void checkPermissions() throws Exception {
050                    List<String> modelNames = ResourceActionsUtil.getModelNames();
051    
052                    for (String modelName : modelNames) {
053                            List<String> actionIds =
054                                    ResourceActionsUtil.getModelResourceActions(modelName);
055    
056                                    ResourceActionLocalServiceUtil.checkResourceActions(
057                                            modelName, actionIds, true);
058                    }
059            }
060    
061            protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
062                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
063    
064                    for (long companyId : companyIds) {
065                            try {
066                                    deleteDefaultPrivateLayoutPermissions_6(companyId);
067                            }
068                            catch (Exception e) {
069                                    if (_log.isDebugEnabled()) {
070                                            _log.debug(e, e);
071                                    }
072                            }
073                    }
074            }
075    
076            protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
077                    throws Exception {
078    
079                    Role role = RoleLocalServiceUtil.getRole(
080                            companyId, RoleConstants.GUEST);
081    
082                    List<ResourcePermission> resourcePermissions =
083                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
084                                    role.getRoleId());
085    
086                    for (ResourcePermission resourcePermission : resourcePermissions) {
087                            if (isPrivateLayout(
088                                            resourcePermission.getName(),
089                                            resourcePermission.getPrimKey())) {
090    
091                                    ResourcePermissionLocalServiceUtil.deleteResourcePermission(
092                                            resourcePermission.getResourcePermissionId());
093                            }
094                    }
095            }
096    
097            @Override
098            protected void doVerify() throws Exception {
099                    deleteDefaultPrivateLayoutPermissions();
100    
101                    checkPermissions();
102                    fixOrganizationRolePermissions();
103            }
104    
105            protected void fixOrganizationRolePermissions() throws Exception {
106                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
107                            ResourcePermission.class);
108    
109                    dynamicQuery.add(
110                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
111    
112                    List<ResourcePermission> resourcePermissions =
113                            ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
114    
115                    for (ResourcePermission resourcePermission : resourcePermissions) {
116                            ResourcePermission groupResourcePermission = null;
117    
118                            try {
119                                    groupResourcePermission =
120                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
121                                                    resourcePermission.getCompanyId(),
122                                                    Group.class.getName(), resourcePermission.getScope(),
123                                                    resourcePermission.getPrimKey(),
124                                                    resourcePermission.getRoleId());
125                            }
126                            catch (Exception e) {
127                                    ResourcePermissionLocalServiceUtil.setResourcePermissions(
128                                            resourcePermission.getCompanyId(), Group.class.getName(),
129                                            resourcePermission.getScope(),
130                                            resourcePermission.getPrimKey(),
131                                            resourcePermission.getRoleId(),
132                                            ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
133    
134                                    groupResourcePermission =
135                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
136                                                    resourcePermission.getCompanyId(),
137                                                    Group.class.getName(), resourcePermission.getScope(),
138                                                    resourcePermission.getPrimKey(),
139                                                    resourcePermission.getRoleId());
140                            }
141    
142                            long organizationActions = resourcePermission.getActionIds();
143                            long groupActions = groupResourcePermission.getActionIds();
144    
145                            for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
146                                    long organizationActionMask = (Long)actionIdToMask[1];
147                                    long groupActionMask = (Long)actionIdToMask[2];
148    
149                                    if ((organizationActions & organizationActionMask) ==
150                                                    organizationActionMask) {
151    
152                                            organizationActions =
153                                                    organizationActions & (~organizationActionMask);
154                                            groupActions = groupActions | groupActionMask;
155                                    }
156                            }
157    
158                            try {
159                                    resourcePermission.resetOriginalValues();
160    
161                                    resourcePermission.setActionIds(organizationActions);
162    
163                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
164                                            resourcePermission);
165    
166                                    groupResourcePermission.resetOriginalValues();
167                                    groupResourcePermission.setActionIds(groupActions);
168    
169                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
170                                            groupResourcePermission);
171                            }
172                            catch (Exception e) {
173                                    _log.error(e, e);
174                            }
175                    }
176    
177                    PermissionCacheUtil.clearCache();
178            }
179    
180            protected boolean isPrivateLayout(String name, String primKey)
181                    throws Exception {
182    
183                    if (!name.equals(Layout.class.getName())) {
184                            return false;
185                    }
186    
187                    long plid = GetterUtil.getLong(primKey);
188    
189                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
190    
191                    if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
192                            return false;
193                    }
194    
195                    return true;
196            }
197    
198            private static final Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS =
199                    new Object[][] {
200                            new Object[] {"APPROVE_PROPOSAL", 2L, 0L},
201                            new Object[] {ActionKeys.ASSIGN_MEMBERS, 4L, 4L},
202                            new Object[] {"ASSIGN_REVIEWER", 8L, 0L},
203                            new Object[] {ActionKeys.MANAGE_ARCHIVED_SETUPS, 128L, 128L},
204                            new Object[] {ActionKeys.MANAGE_LAYOUTS, 256L, 256L},
205                            new Object[] {ActionKeys.MANAGE_STAGING, 512L, 512L},
206                            new Object[] {ActionKeys.MANAGE_TEAMS, 2048L, 1024L},
207                            new Object[] {ActionKeys.PUBLISH_STAGING, 16384L, 4096L}
208                    };
209    
210            private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
211    
212    }