001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
018    import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
019    import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.model.Group;
024    import com.liferay.portal.model.Layout;
025    import com.liferay.portal.model.Organization;
026    import com.liferay.portal.model.ResourceConstants;
027    import com.liferay.portal.model.ResourcePermission;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.RoleConstants;
030    import com.liferay.portal.security.permission.ActionKeys;
031    import com.liferay.portal.security.permission.PermissionCacheUtil;
032    import com.liferay.portal.security.permission.ResourceActionsUtil;
033    import com.liferay.portal.service.LayoutLocalServiceUtil;
034    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
035    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
036    import com.liferay.portal.service.RoleLocalServiceUtil;
037    import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
038    import com.liferay.portal.util.PortalInstances;
039    import com.liferay.portal.util.PortletKeys;
040    
041    import java.util.List;
042    
043    /**
044     * @author Tobias Kaefer
045     * @author Douglas Wong
046     * @author Matthew Kong
047     * @author Raymond Aug??
048     */
049    public class VerifyPermission extends VerifyProcess {
050    
051            protected void checkPermissions() throws Exception {
052                    List<String> modelNames = ResourceActionsUtil.getModelNames();
053    
054                    for (String modelName : modelNames) {
055                            List<String> actionIds =
056                                    ResourceActionsUtil.getModelResourceActions(modelName);
057    
058                                    ResourceActionLocalServiceUtil.checkResourceActions(
059                                            modelName, actionIds, true);
060                    }
061    
062                    List<String> portletNames = ResourceActionsUtil.getPortletNames();
063    
064                    for (String portletName : portletNames) {
065                            List<String> actionIds =
066                                    ResourceActionsUtil.getPortletResourceActions(portletName);
067    
068                            ResourceActionLocalServiceUtil.checkResourceActions(
069                                    portletName, actionIds, true);
070                    }
071            }
072    
073            protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
074                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
075    
076                    for (long companyId : companyIds) {
077                            try {
078                                    deleteDefaultPrivateLayoutPermissions_6(companyId);
079                            }
080                            catch (Exception e) {
081                                    if (_log.isDebugEnabled()) {
082                                            _log.debug(e, e);
083                                    }
084                            }
085                    }
086            }
087    
088            protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
089                    throws Exception {
090    
091                    Role role = RoleLocalServiceUtil.getRole(
092                            companyId, RoleConstants.GUEST);
093    
094                    List<ResourcePermission> resourcePermissions =
095                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
096                                    role.getRoleId());
097    
098                    for (ResourcePermission resourcePermission : resourcePermissions) {
099                            if (isPrivateLayout(
100                                            resourcePermission.getName(),
101                                            resourcePermission.getPrimKey())) {
102    
103                                    ResourcePermissionLocalServiceUtil.deleteResourcePermission(
104                                            resourcePermission.getResourcePermissionId());
105                            }
106                    }
107            }
108    
109            @Override
110            protected void doVerify() throws Exception {
111                    deleteDefaultPrivateLayoutPermissions();
112    
113                    checkPermissions();
114                    fixDockbarPermissions();
115                    fixOrganizationRolePermissions();
116            }
117    
118            protected void fixDockbarPermissions() throws Exception {
119                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
120    
121                    for (long companyId : companyIds) {
122                            try {
123                                    Role role = RoleLocalServiceUtil.getRole(
124                                            companyId, RoleConstants.USER);
125    
126                                    ResourcePermissionLocalServiceUtil.addResourcePermission(
127                                            companyId, PortletKeys.DOCKBAR,
128                                            ResourceConstants.SCOPE_COMPANY,
129                                            String.valueOf(role.getCompanyId()), role.getRoleId(),
130                                            ActionKeys.VIEW);
131                            }
132                            catch (Exception e) {
133                                    if (_log.isDebugEnabled()) {
134                                            _log.debug(e, e);
135                                    }
136                            }
137                    }
138            }
139    
140            protected void fixOrganizationRolePermissions() throws Exception {
141                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
142                            ResourcePermission.class);
143    
144                    dynamicQuery.add(
145                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
146    
147                    List<ResourcePermission> resourcePermissions =
148                            ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
149    
150                    for (ResourcePermission resourcePermission : resourcePermissions) {
151                            ResourcePermission groupResourcePermission = null;
152    
153                            try {
154                                    groupResourcePermission =
155                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
156                                                    resourcePermission.getCompanyId(),
157                                                    Group.class.getName(), resourcePermission.getScope(),
158                                                    resourcePermission.getPrimKey(),
159                                                    resourcePermission.getRoleId());
160                            }
161                            catch (Exception e) {
162                                    ResourcePermissionLocalServiceUtil.setResourcePermissions(
163                                            resourcePermission.getCompanyId(), Group.class.getName(),
164                                            resourcePermission.getScope(),
165                                            resourcePermission.getPrimKey(),
166                                            resourcePermission.getRoleId(),
167                                            ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
168    
169                                    groupResourcePermission =
170                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
171                                                    resourcePermission.getCompanyId(),
172                                                    Group.class.getName(), resourcePermission.getScope(),
173                                                    resourcePermission.getPrimKey(),
174                                                    resourcePermission.getRoleId());
175                            }
176    
177                            long organizationActions = resourcePermission.getActionIds();
178                            long groupActions = groupResourcePermission.getActionIds();
179    
180                            for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
181                                    long organizationActionMask = (Long)actionIdToMask[1];
182                                    long groupActionMask = (Long)actionIdToMask[2];
183    
184                                    if ((organizationActions & organizationActionMask) ==
185                                                    organizationActionMask) {
186    
187                                            organizationActions =
188                                                    organizationActions & (~organizationActionMask);
189                                            groupActions = groupActions | groupActionMask;
190                                    }
191                            }
192    
193                            try {
194                                    resourcePermission.resetOriginalValues();
195    
196                                    resourcePermission.setActionIds(organizationActions);
197    
198                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
199                                            resourcePermission);
200    
201                                    groupResourcePermission.resetOriginalValues();
202                                    groupResourcePermission.setActionIds(groupActions);
203    
204                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
205                                            groupResourcePermission);
206                            }
207                            catch (Exception e) {
208                                    _log.error(e, e);
209                            }
210                    }
211    
212                    PermissionCacheUtil.clearCache();
213            }
214    
215            protected boolean isPrivateLayout(String name, String primKey)
216                    throws Exception {
217    
218                    if (!name.equals(Layout.class.getName())) {
219                            return false;
220                    }
221    
222                    long plid = GetterUtil.getLong(primKey);
223    
224                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
225    
226                    if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
227                            return false;
228                    }
229    
230                    return true;
231            }
232    
233            private static final Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS =
234                    new Object[][] {
235                            new Object[] {"APPROVE_PROPOSAL", 2L, 0L},
236                            new Object[] {ActionKeys.ASSIGN_MEMBERS, 4L, 4L},
237                            new Object[] {"ASSIGN_REVIEWER", 8L, 0L},
238                            new Object[] {ActionKeys.MANAGE_ARCHIVED_SETUPS, 128L, 128L},
239                            new Object[] {ActionKeys.MANAGE_LAYOUTS, 256L, 256L},
240                            new Object[] {ActionKeys.MANAGE_STAGING, 512L, 512L},
241                            new Object[] {ActionKeys.MANAGE_TEAMS, 2048L, 1024L},
242                            new Object[] {ActionKeys.PUBLISH_STAGING, 16384L, 4096L}
243                    };
244    
245            private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
246    
247    }