001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Role;
021    import com.liferay.portal.model.RoleConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil;
024    import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil;
025    import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil;
026    import com.liferay.portal.security.permission.ActionKeys;
027    import com.liferay.portal.service.ServiceContext;
028    import com.liferay.portal.service.base.RoleServiceBaseImpl;
029    import com.liferay.portal.service.permission.PortalPermissionUtil;
030    import com.liferay.portal.service.permission.RolePermissionUtil;
031    import com.liferay.portal.service.permission.UserPermissionUtil;
032    import com.liferay.portlet.expando.model.ExpandoBridge;
033    
034    import java.io.Serializable;
035    
036    import java.util.ArrayList;
037    import java.util.List;
038    import java.util.Locale;
039    import java.util.Map;
040    
041    /**
042     * Provides the remote service for accessing, adding, unassigning, checking,
043     * deleting, and updating roles. Its methods include permission checks.
044     *
045     * @author Brian Wing Shun Chan
046     */
047    public class RoleServiceImpl extends RoleServiceBaseImpl {
048    
049            /**
050             * Adds a role. The user is reindexed after role is added.
051             *
052             * @param  className the name of the class for which the role is created
053             * @param  classPK the primary key of the class for which the role is
054             *         created (optionally <code>0</code>)
055             * @param  name the role's name
056             * @param  titleMap the role's localized titles (optionally
057             *         <code>null</code>)
058             * @param  descriptionMap the role's localized descriptions (optionally
059             *         <code>null</code>)
060             * @param  type the role's type (optionally <code>0</code>)
061             * @param  subtype the role's subtype (optionally <code>null</code>)
062             * @param  serviceContext the service context to be applied (optionally
063             *         <code>null</code>). Can set the expando bridge attributes for the
064             *         role.
065             * @return the role
066             * @throws PortalException if a user with the primary key could not be
067             *         found, if the user did not have permission to add roles, if the
068             *         class name or the role name were invalid, or if the role is a
069             *         duplicate
070             * @throws SystemException if a system exception occurred
071             */
072            @Override
073            public Role addRole(
074                            String className, long classPK, String name,
075                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
076                            int type, String subtype, ServiceContext serviceContext)
077                    throws PortalException, SystemException {
078    
079                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
080    
081                    User user = getUser();
082    
083                    Role role = roleLocalService.addRole(
084                            user.getUserId(), className, classPK, name, titleMap,
085                            descriptionMap, type, subtype, serviceContext);
086    
087                    if (type == RoleConstants.TYPE_ORGANIZATION) {
088                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
089                    }
090                    else if (type == RoleConstants.TYPE_SITE) {
091                            SiteMembershipPolicyUtil.verifyPolicy(role);
092                    }
093                    else {
094                            RoleMembershipPolicyUtil.verifyPolicy(role);
095                    }
096    
097                    return role;
098            }
099    
100            /**
101             * Adds a role. The user is reindexed after role is added.
102             *
103             * @param      name the role's name
104             * @param      titleMap the role's localized titles (optionally
105             *             <code>null</code>)
106             * @param      descriptionMap the role's localized descriptions (optionally
107             *             <code>null</code>)
108             * @param      type the role's type (optionally <code>0</code>)
109             * @return     the role
110             * @throws     PortalException if a user with the primary key could not be
111             *             found, if the user did not have permission to add roles, if
112             *             the class name or the role name were invalid, or if the role
113             *             is a duplicate
114             * @throws     SystemException if a system exception occurred
115             * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long,
116             *             String, Map, Map, int, String, ServiceContext)}
117             */
118            @Override
119            public Role addRole(
120                            String name, Map<Locale, String> titleMap,
121                            Map<Locale, String> descriptionMap, int type)
122                    throws PortalException, SystemException {
123    
124                    return addRole(
125                            null, 0, name, titleMap, descriptionMap, type, null, null);
126            }
127    
128            /**
129             * Adds the roles to the user. The user is reindexed after the roles are
130             * added.
131             *
132             * @param  userId the primary key of the user
133             * @param  roleIds the primary keys of the roles
134             * @throws PortalException if a user with the primary key could not be found
135             *         or if the user did not have permission to assign members to one
136             *         of the roles
137             * @throws SystemException if a system exception occurred
138             */
139            @Override
140            public void addUserRoles(long userId, long[] roleIds)
141                    throws PortalException, SystemException {
142    
143                    if (roleIds.length == 0) {
144                            return;
145                    }
146    
147                    checkUserRolesPermission(userId, roleIds);
148    
149                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
150    
151                    roleLocalService.addUserRoles(userId, roleIds);
152    
153                    RoleMembershipPolicyUtil.propagateRoles(
154                            new long[] {userId}, roleIds, null);
155            }
156    
157            /**
158             * Deletes the role with the primary key and its associated permissions.
159             *
160             * @param  roleId the primary key of the role
161             * @throws PortalException if the user did not have permission to delete the
162             *         role, if a role with the primary key could not be found, if the
163             *         role is a default system role, or if the role's resource could
164             *         not be found
165             * @throws SystemException if a system exception occurred
166             */
167            @Override
168            public void deleteRole(long roleId)
169                    throws PortalException, SystemException {
170    
171                    RolePermissionUtil.check(
172                            getPermissionChecker(), roleId, ActionKeys.DELETE);
173    
174                    roleLocalService.deleteRole(roleId);
175            }
176    
177            /**
178             * Returns all the roles associated with the group.
179             *
180             * @param  groupId the primary key of the group
181             * @return the roles associated with the group
182             * @throws PortalException if a portal exception occurred
183             * @throws SystemException if a system exception occurred
184             */
185            @Override
186            public List<Role> getGroupRoles(long groupId)
187                    throws PortalException, SystemException {
188    
189                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
190    
191                    return filterRoles(roles);
192            }
193    
194            /**
195             * Returns the role with the primary key.
196             *
197             * @param  roleId the primary key of the role
198             * @return the role with the primary key
199             * @throws PortalException if a role with the primary key could not be found
200             *         or if the user did not have permission to view the role
201             * @throws SystemException if a system exception occurred
202             */
203            @Override
204            public Role getRole(long roleId) throws PortalException, SystemException {
205                    RolePermissionUtil.check(
206                            getPermissionChecker(), roleId, ActionKeys.VIEW);
207    
208                    return roleLocalService.getRole(roleId);
209            }
210    
211            /**
212             * Returns the role with the name in the company.
213             *
214             * <p>
215             * The method searches the system roles map first for default roles. If a
216             * role with the name is not found, then the method will query the database.
217             * </p>
218             *
219             * @param  companyId the primary key of the company
220             * @param  name the role's name
221             * @return the role with the name
222             * @throws PortalException if a role with the name could not be found in the
223             *         company or if the user did not have permission to view the role
224             * @throws SystemException if a system exception occurred
225             */
226            @Override
227            public Role getRole(long companyId, String name)
228                    throws PortalException, SystemException {
229    
230                    Role role = roleLocalService.getRole(companyId, name);
231    
232                    RolePermissionUtil.check(
233                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
234    
235                    return role;
236            }
237    
238            /**
239             * Returns all the user's roles within the user group.
240             *
241             * @param  userId the primary key of the user
242             * @param  groupId the primary key of the group
243             * @return the user's roles within the user group
244             * @throws PortalException if a portal exception occurred
245             * @throws SystemException if a system exception occurred
246             */
247            @Override
248            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
249                    throws PortalException, SystemException {
250    
251                    UserPermissionUtil.check(
252                            getPermissionChecker(), userId, ActionKeys.VIEW);
253    
254                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
255                            userId, groupId);
256    
257                    return filterRoles(roles);
258            }
259    
260            /**
261             * Returns all the user's roles within the user group.
262             *
263             * @param  userId the primary key of the user
264             * @param  groupId the primary key of the group
265             * @return the user's roles within the user group
266             * @throws PortalException if a portal exception occurred
267             * @throws SystemException if a system exception occurred
268             */
269            @Override
270            public List<Role> getUserGroupRoles(long userId, long groupId)
271                    throws PortalException, SystemException {
272    
273                    UserPermissionUtil.check(
274                            getPermissionChecker(), userId, ActionKeys.VIEW);
275    
276                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
277    
278                    return filterRoles(roles);
279            }
280    
281            /**
282             * Returns the union of all the user's roles within the groups.
283             *
284             * @param  userId the primary key of the user
285             * @param  groups the groups (optionally <code>null</code>)
286             * @return the union of all the user's roles within the groups
287             * @throws PortalException if a portal exception occurred
288             * @throws SystemException if a system exception occurred
289             */
290            @Override
291            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
292                    throws PortalException, SystemException {
293    
294                    UserPermissionUtil.check(
295                            getPermissionChecker(), userId, ActionKeys.VIEW);
296    
297                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
298    
299                    return filterRoles(roles);
300            }
301    
302            /**
303             * Returns all the roles associated with the user.
304             *
305             * @param  userId the primary key of the user
306             * @return the roles associated with the user
307             * @throws PortalException if a portal exception occurred
308             * @throws SystemException if a system exception occurred
309             */
310            @Override
311            public List<Role> getUserRoles(long userId)
312                    throws PortalException, SystemException {
313    
314                    UserPermissionUtil.check(
315                            getPermissionChecker(), userId, ActionKeys.VIEW);
316    
317                    List<Role> roles = roleLocalService.getUserRoles(userId);
318    
319                    return filterRoles(roles);
320            }
321    
322            /**
323             * Returns <code>true</code> if the user is associated with the named
324             * regular role.
325             *
326             * @param  userId the primary key of the user
327             * @param  companyId the primary key of the company
328             * @param  name the name of the role
329             * @param  inherited whether to include the user's inherited roles in the
330             *         search
331             * @return <code>true</code> if the user is associated with the regular
332             *         role; <code>false</code> otherwise
333             * @throws PortalException if a role with the name could not be found in the
334             *         company or if a default user for the company could not be found
335             * @throws SystemException if a system exception occurred
336             */
337            @Override
338            public boolean hasUserRole(
339                            long userId, long companyId, String name, boolean inherited)
340                    throws PortalException, SystemException {
341    
342                    UserPermissionUtil.check(
343                            getPermissionChecker(), userId, ActionKeys.VIEW);
344    
345                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
346            }
347    
348            /**
349             * Returns <code>true</code> if the user has any one of the named regular
350             * roles.
351             *
352             * @param  userId the primary key of the user
353             * @param  companyId the primary key of the company
354             * @param  names the names of the roles
355             * @param  inherited whether to include the user's inherited roles in the
356             *         search
357             * @return <code>true</code> if the user has any one of the regular roles;
358             *         <code>false</code> otherwise
359             * @throws PortalException if any one of the roles with the names could not
360             *         be found in the company or if the default user for the company
361             *         could not be found
362             * @throws SystemException if a system exception occurred
363             */
364            @Override
365            public boolean hasUserRoles(
366                            long userId, long companyId, String[] names, boolean inherited)
367                    throws PortalException, SystemException {
368    
369                    UserPermissionUtil.check(
370                            getPermissionChecker(), userId, ActionKeys.VIEW);
371    
372                    return roleLocalService.hasUserRoles(
373                            userId, companyId, names, inherited);
374            }
375    
376            /**
377             * Removes the matching roles associated with the user. The user is
378             * reindexed after the roles are removed.
379             *
380             * @param  userId the primary key of the user
381             * @param  roleIds the primary keys of the roles
382             * @throws PortalException if a user with the primary key could not be
383             *         found, if the user did not have permission to remove members from
384             *         a role, or if a role with any one of the primary keys could not
385             *         be found
386             * @throws SystemException if a system exception occurred
387             */
388            @Override
389            public void unsetUserRoles(long userId, long[] roleIds)
390                    throws PortalException, SystemException {
391    
392                    if (roleIds.length == 0) {
393                            return;
394                    }
395    
396                    checkUserRolesPermission(userId, roleIds);
397    
398                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
399    
400                    roleLocalService.unsetUserRoles(userId, roleIds);
401    
402                    RoleMembershipPolicyUtil.propagateRoles(
403                            new long[] {userId}, null, roleIds);
404            }
405    
406            /**
407             * Updates the role with the primary key.
408             *
409             * @param  roleId the primary key of the role
410             * @param  name the role's new name
411             * @param  titleMap the new localized titles (optionally <code>null</code>)
412             *         to replace those existing for the role
413             * @param  descriptionMap the new localized descriptions (optionally
414             *         <code>null</code>) to replace those existing for the role
415             * @param  subtype the role's new subtype (optionally <code>null</code>)
416             * @param  serviceContext the service context to be applied (optionally
417             *         <code>null</code>). Can set the expando bridge attributes for the
418             *         role.
419             * @return the role with the primary key
420             * @throws PortalException if the user did not have permission to update the
421             *         role, if a role with the primary could not be found, or if the
422             *         role's name was invalid
423             * @throws SystemException if a system exception occurred
424             */
425            @Override
426            public Role updateRole(
427                            long roleId, String name, Map<Locale, String> titleMap,
428                            Map<Locale, String> descriptionMap, String subtype,
429                            ServiceContext serviceContext)
430                    throws PortalException, SystemException {
431    
432                    RolePermissionUtil.check(
433                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
434    
435                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
436    
437                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
438    
439                    Map<String, Serializable> oldExpandoAttributes =
440                            oldExpandoBridge.getAttributes();
441    
442                    Role role = roleLocalService.updateRole(
443                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
444    
445                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
446                            OrganizationMembershipPolicyUtil.verifyPolicy(
447                                    role, oldRole, oldExpandoAttributes);
448                    }
449                    else if (role.getType() == RoleConstants.TYPE_SITE) {
450                            SiteMembershipPolicyUtil.verifyPolicy(
451                                    role, oldRole, oldExpandoAttributes);
452                    }
453                    else {
454                            RoleMembershipPolicyUtil.verifyPolicy(
455                                    role, oldRole, oldExpandoAttributes);
456                    }
457    
458                    return role;
459            }
460    
461            protected void checkUserRolesPermission(long userId, long[] roleIds)
462                    throws PortalException {
463    
464                    for (int i = 0; i < roleIds.length; i++) {
465                            RolePermissionUtil.check(
466                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
467                    }
468            }
469    
470            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
471                    List<Role> filteredRoles = new ArrayList<Role>();
472    
473                    for (Role role : roles) {
474                            if (RolePermissionUtil.contains(
475                                            getPermissionChecker(), role.getRoleId(),
476                                            ActionKeys.VIEW)) {
477    
478                                    filteredRoles.add(role);
479                            }
480                    }
481    
482                    return filteredRoles;
483            }
484    
485    }