001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.kernel.exception.SystemException; 019 import com.liferay.portal.model.Group; 020 import com.liferay.portal.model.Role; 021 import com.liferay.portal.model.RoleConstants; 022 import com.liferay.portal.model.User; 023 import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil; 024 import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil; 025 import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil; 026 import com.liferay.portal.security.permission.ActionKeys; 027 import com.liferay.portal.service.ServiceContext; 028 import com.liferay.portal.service.base.RoleServiceBaseImpl; 029 import com.liferay.portal.service.permission.PortalPermissionUtil; 030 import com.liferay.portal.service.permission.RolePermissionUtil; 031 import com.liferay.portal.service.permission.UserPermissionUtil; 032 import com.liferay.portlet.expando.model.ExpandoBridge; 033 034 import java.io.Serializable; 035 036 import java.util.ArrayList; 037 import java.util.List; 038 import java.util.Locale; 039 import java.util.Map; 040 041 /** 042 * Provides the remote service for accessing, adding, unassigning, checking, 043 * deleting, and updating roles. Its methods include permission checks. 044 * 045 * @author Brian Wing Shun Chan 046 */ 047 public class RoleServiceImpl extends RoleServiceBaseImpl { 048 049 /** 050 * Adds a role. The user is reindexed after role is added. 051 * 052 * @param className the name of the class for which the role is created 053 * @param classPK the primary key of the class for which the role is 054 * created (optionally <code>0</code>) 055 * @param name the role's name 056 * @param titleMap the role's localized titles (optionally 057 * <code>null</code>) 058 * @param descriptionMap the role's localized descriptions (optionally 059 * <code>null</code>) 060 * @param type the role's type (optionally <code>0</code>) 061 * @param subtype the role's subtype (optionally <code>null</code>) 062 * @param serviceContext the service context to be applied (optionally 063 * <code>null</code>). Can set the expando bridge attributes for the 064 * role. 065 * @return the role 066 * @throws PortalException if a user with the primary key could not be 067 * found, if the user did not have permission to add roles, if the 068 * class name or the role name were invalid, or if the role is a 069 * duplicate 070 * @throws SystemException if a system exception occurred 071 */ 072 @Override 073 public Role addRole( 074 String className, long classPK, String name, 075 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 076 int type, String subtype, ServiceContext serviceContext) 077 throws PortalException, SystemException { 078 079 PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE); 080 081 User user = getUser(); 082 083 Role role = roleLocalService.addRole( 084 user.getUserId(), className, classPK, name, titleMap, 085 descriptionMap, type, subtype, serviceContext); 086 087 if (type == RoleConstants.TYPE_ORGANIZATION) { 088 OrganizationMembershipPolicyUtil.verifyPolicy(role); 089 } 090 else if (type == RoleConstants.TYPE_SITE) { 091 SiteMembershipPolicyUtil.verifyPolicy(role); 092 } 093 else { 094 RoleMembershipPolicyUtil.verifyPolicy(role); 095 } 096 097 return role; 098 } 099 100 /** 101 * Adds a role. The user is reindexed after role is added. 102 * 103 * @param name the role's name 104 * @param titleMap the role's localized titles (optionally 105 * <code>null</code>) 106 * @param descriptionMap the role's localized descriptions (optionally 107 * <code>null</code>) 108 * @param type the role's type (optionally <code>0</code>) 109 * @return the role 110 * @throws PortalException if a user with the primary key could not be 111 * found, if the user did not have permission to add roles, if 112 * the class name or the role name were invalid, or if the role 113 * is a duplicate 114 * @throws SystemException if a system exception occurred 115 * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long, 116 * String, Map, Map, int, String, ServiceContext)} 117 */ 118 @Override 119 public Role addRole( 120 String name, Map<Locale, String> titleMap, 121 Map<Locale, String> descriptionMap, int type) 122 throws PortalException, SystemException { 123 124 return addRole( 125 null, 0, name, titleMap, descriptionMap, type, null, null); 126 } 127 128 /** 129 * Adds the roles to the user. The user is reindexed after the roles are 130 * added. 131 * 132 * @param userId the primary key of the user 133 * @param roleIds the primary keys of the roles 134 * @throws PortalException if a user with the primary key could not be found 135 * or if the user did not have permission to assign members to one 136 * of the roles 137 * @throws SystemException if a system exception occurred 138 */ 139 @Override 140 public void addUserRoles(long userId, long[] roleIds) 141 throws PortalException, SystemException { 142 143 if (roleIds.length == 0) { 144 return; 145 } 146 147 checkUserRolesPermission(userId, roleIds); 148 149 RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null); 150 151 roleLocalService.addUserRoles(userId, roleIds); 152 153 RoleMembershipPolicyUtil.propagateRoles( 154 new long[] {userId}, roleIds, null); 155 } 156 157 /** 158 * Deletes the role with the primary key and its associated permissions. 159 * 160 * @param roleId the primary key of the role 161 * @throws PortalException if the user did not have permission to delete the 162 * role, if a role with the primary key could not be found, if the 163 * role is a default system role, or if the role's resource could 164 * not be found 165 * @throws SystemException if a system exception occurred 166 */ 167 @Override 168 public void deleteRole(long roleId) 169 throws PortalException, SystemException { 170 171 RolePermissionUtil.check( 172 getPermissionChecker(), roleId, ActionKeys.DELETE); 173 174 roleLocalService.deleteRole(roleId); 175 } 176 177 /** 178 * Returns all the roles associated with the group. 179 * 180 * @param groupId the primary key of the group 181 * @return the roles associated with the group 182 * @throws PortalException if a portal exception occurred 183 * @throws SystemException if a system exception occurred 184 */ 185 @Override 186 public List<Role> getGroupRoles(long groupId) 187 throws PortalException, SystemException { 188 189 List<Role> roles = roleLocalService.getGroupRoles(groupId); 190 191 return filterRoles(roles); 192 } 193 194 /** 195 * Returns the role with the primary key. 196 * 197 * @param roleId the primary key of the role 198 * @return the role with the primary key 199 * @throws PortalException if a role with the primary key could not be found 200 * or if the user did not have permission to view the role 201 * @throws SystemException if a system exception occurred 202 */ 203 @Override 204 public Role getRole(long roleId) throws PortalException, SystemException { 205 RolePermissionUtil.check( 206 getPermissionChecker(), roleId, ActionKeys.VIEW); 207 208 return roleLocalService.getRole(roleId); 209 } 210 211 /** 212 * Returns the role with the name in the company. 213 * 214 * <p> 215 * The method searches the system roles map first for default roles. If a 216 * role with the name is not found, then the method will query the database. 217 * </p> 218 * 219 * @param companyId the primary key of the company 220 * @param name the role's name 221 * @return the role with the name 222 * @throws PortalException if a role with the name could not be found in the 223 * company or if the user did not have permission to view the role 224 * @throws SystemException if a system exception occurred 225 */ 226 @Override 227 public Role getRole(long companyId, String name) 228 throws PortalException, SystemException { 229 230 Role role = roleLocalService.getRole(companyId, name); 231 232 RolePermissionUtil.check( 233 getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW); 234 235 return role; 236 } 237 238 /** 239 * Returns all the user's roles within the user group. 240 * 241 * @param userId the primary key of the user 242 * @param groupId the primary key of the group 243 * @return the user's roles within the user group 244 * @throws PortalException if a portal exception occurred 245 * @throws SystemException if a system exception occurred 246 */ 247 @Override 248 public List<Role> getUserGroupGroupRoles(long userId, long groupId) 249 throws PortalException, SystemException { 250 251 UserPermissionUtil.check( 252 getPermissionChecker(), userId, ActionKeys.VIEW); 253 254 List<Role> roles = roleLocalService.getUserGroupGroupRoles( 255 userId, groupId); 256 257 return filterRoles(roles); 258 } 259 260 /** 261 * Returns all the user's roles within the user group. 262 * 263 * @param userId the primary key of the user 264 * @param groupId the primary key of the group 265 * @return the user's roles within the user group 266 * @throws PortalException if a portal exception occurred 267 * @throws SystemException if a system exception occurred 268 */ 269 @Override 270 public List<Role> getUserGroupRoles(long userId, long groupId) 271 throws PortalException, SystemException { 272 273 UserPermissionUtil.check( 274 getPermissionChecker(), userId, ActionKeys.VIEW); 275 276 List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId); 277 278 return filterRoles(roles); 279 } 280 281 /** 282 * Returns the union of all the user's roles within the groups. 283 * 284 * @param userId the primary key of the user 285 * @param groups the groups (optionally <code>null</code>) 286 * @return the union of all the user's roles within the groups 287 * @throws PortalException if a portal exception occurred 288 * @throws SystemException if a system exception occurred 289 */ 290 @Override 291 public List<Role> getUserRelatedRoles(long userId, List<Group> groups) 292 throws PortalException, SystemException { 293 294 UserPermissionUtil.check( 295 getPermissionChecker(), userId, ActionKeys.VIEW); 296 297 List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups); 298 299 return filterRoles(roles); 300 } 301 302 /** 303 * Returns all the roles associated with the user. 304 * 305 * @param userId the primary key of the user 306 * @return the roles associated with the user 307 * @throws PortalException if a portal exception occurred 308 * @throws SystemException if a system exception occurred 309 */ 310 @Override 311 public List<Role> getUserRoles(long userId) 312 throws PortalException, SystemException { 313 314 UserPermissionUtil.check( 315 getPermissionChecker(), userId, ActionKeys.VIEW); 316 317 List<Role> roles = roleLocalService.getUserRoles(userId); 318 319 return filterRoles(roles); 320 } 321 322 /** 323 * Returns <code>true</code> if the user is associated with the named 324 * regular role. 325 * 326 * @param userId the primary key of the user 327 * @param companyId the primary key of the company 328 * @param name the name of the role 329 * @param inherited whether to include the user's inherited roles in the 330 * search 331 * @return <code>true</code> if the user is associated with the regular 332 * role; <code>false</code> otherwise 333 * @throws PortalException if a role with the name could not be found in the 334 * company or if a default user for the company could not be found 335 * @throws SystemException if a system exception occurred 336 */ 337 @Override 338 public boolean hasUserRole( 339 long userId, long companyId, String name, boolean inherited) 340 throws PortalException, SystemException { 341 342 UserPermissionUtil.check( 343 getPermissionChecker(), userId, ActionKeys.VIEW); 344 345 return roleLocalService.hasUserRole(userId, companyId, name, inherited); 346 } 347 348 /** 349 * Returns <code>true</code> if the user has any one of the named regular 350 * roles. 351 * 352 * @param userId the primary key of the user 353 * @param companyId the primary key of the company 354 * @param names the names of the roles 355 * @param inherited whether to include the user's inherited roles in the 356 * search 357 * @return <code>true</code> if the user has any one of the regular roles; 358 * <code>false</code> otherwise 359 * @throws PortalException if any one of the roles with the names could not 360 * be found in the company or if the default user for the company 361 * could not be found 362 * @throws SystemException if a system exception occurred 363 */ 364 @Override 365 public boolean hasUserRoles( 366 long userId, long companyId, String[] names, boolean inherited) 367 throws PortalException, SystemException { 368 369 UserPermissionUtil.check( 370 getPermissionChecker(), userId, ActionKeys.VIEW); 371 372 return roleLocalService.hasUserRoles( 373 userId, companyId, names, inherited); 374 } 375 376 /** 377 * Removes the matching roles associated with the user. The user is 378 * reindexed after the roles are removed. 379 * 380 * @param userId the primary key of the user 381 * @param roleIds the primary keys of the roles 382 * @throws PortalException if a user with the primary key could not be 383 * found, if the user did not have permission to remove members from 384 * a role, or if a role with any one of the primary keys could not 385 * be found 386 * @throws SystemException if a system exception occurred 387 */ 388 @Override 389 public void unsetUserRoles(long userId, long[] roleIds) 390 throws PortalException, SystemException { 391 392 if (roleIds.length == 0) { 393 return; 394 } 395 396 checkUserRolesPermission(userId, roleIds); 397 398 RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds); 399 400 roleLocalService.unsetUserRoles(userId, roleIds); 401 402 RoleMembershipPolicyUtil.propagateRoles( 403 new long[] {userId}, null, roleIds); 404 } 405 406 /** 407 * Updates the role with the primary key. 408 * 409 * @param roleId the primary key of the role 410 * @param name the role's new name 411 * @param titleMap the new localized titles (optionally <code>null</code>) 412 * to replace those existing for the role 413 * @param descriptionMap the new localized descriptions (optionally 414 * <code>null</code>) to replace those existing for the role 415 * @param subtype the role's new subtype (optionally <code>null</code>) 416 * @param serviceContext the service context to be applied (optionally 417 * <code>null</code>). Can set the expando bridge attributes for the 418 * role. 419 * @return the role with the primary key 420 * @throws PortalException if the user did not have permission to update the 421 * role, if a role with the primary could not be found, or if the 422 * role's name was invalid 423 * @throws SystemException if a system exception occurred 424 */ 425 @Override 426 public Role updateRole( 427 long roleId, String name, Map<Locale, String> titleMap, 428 Map<Locale, String> descriptionMap, String subtype, 429 ServiceContext serviceContext) 430 throws PortalException, SystemException { 431 432 RolePermissionUtil.check( 433 getPermissionChecker(), roleId, ActionKeys.UPDATE); 434 435 Role oldRole = rolePersistence.findByPrimaryKey(roleId); 436 437 ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge(); 438 439 Map<String, Serializable> oldExpandoAttributes = 440 oldExpandoBridge.getAttributes(); 441 442 Role role = roleLocalService.updateRole( 443 roleId, name, titleMap, descriptionMap, subtype, serviceContext); 444 445 if (role.getType() == RoleConstants.TYPE_ORGANIZATION) { 446 OrganizationMembershipPolicyUtil.verifyPolicy( 447 role, oldRole, oldExpandoAttributes); 448 } 449 else if (role.getType() == RoleConstants.TYPE_SITE) { 450 SiteMembershipPolicyUtil.verifyPolicy( 451 role, oldRole, oldExpandoAttributes); 452 } 453 else { 454 RoleMembershipPolicyUtil.verifyPolicy( 455 role, oldRole, oldExpandoAttributes); 456 } 457 458 return role; 459 } 460 461 protected void checkUserRolesPermission(long userId, long[] roleIds) 462 throws PortalException { 463 464 for (int i = 0; i < roleIds.length; i++) { 465 RolePermissionUtil.check( 466 getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS); 467 } 468 } 469 470 protected List<Role> filterRoles(List<Role> roles) throws PortalException { 471 List<Role> filteredRoles = new ArrayList<Role>(); 472 473 for (Role role : roles) { 474 if (RolePermissionUtil.contains( 475 getPermissionChecker(), role.getRoleId(), 476 ActionKeys.VIEW)) { 477 478 filteredRoles.add(role); 479 } 480 } 481 482 return filteredRoles; 483 } 484 485 }