001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
018 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
019 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.model.Group;
024 import com.liferay.portal.model.Layout;
025 import com.liferay.portal.model.Organization;
026 import com.liferay.portal.model.ResourceConstants;
027 import com.liferay.portal.model.ResourcePermission;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.RoleConstants;
030 import com.liferay.portal.security.permission.ActionKeys;
031 import com.liferay.portal.security.permission.PermissionCacheUtil;
032 import com.liferay.portal.security.permission.ResourceActionsUtil;
033 import com.liferay.portal.service.LayoutLocalServiceUtil;
034 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
035 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
036 import com.liferay.portal.service.RoleLocalServiceUtil;
037 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
038 import com.liferay.portal.util.PortalInstances;
039 import com.liferay.portal.util.PortletKeys;
040
041 import java.util.List;
042
043
049 public class VerifyPermission extends VerifyProcess {
050
051 protected void checkPermissions() throws Exception {
052 List<String> modelNames = ResourceActionsUtil.getModelNames();
053
054 for (String modelName : modelNames) {
055 List<String> actionIds =
056 ResourceActionsUtil.getModelResourceActions(modelName);
057
058 ResourceActionLocalServiceUtil.checkResourceActions(
059 modelName, actionIds, true);
060 }
061
062 List<String> portletNames = ResourceActionsUtil.getPortletNames();
063
064 for (String portletName : portletNames) {
065 List<String> actionIds =
066 ResourceActionsUtil.getPortletResourceActions(portletName);
067
068 ResourceActionLocalServiceUtil.checkResourceActions(
069 portletName, actionIds, true);
070 }
071 }
072
073 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
074 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
075
076 for (long companyId : companyIds) {
077 try {
078 deleteDefaultPrivateLayoutPermissions_6(companyId);
079 }
080 catch (Exception e) {
081 if (_log.isDebugEnabled()) {
082 _log.debug(e, e);
083 }
084 }
085 }
086 }
087
088 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
089 throws Exception {
090
091 Role role = RoleLocalServiceUtil.getRole(
092 companyId, RoleConstants.GUEST);
093
094 List<ResourcePermission> resourcePermissions =
095 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
096 role.getRoleId());
097
098 for (ResourcePermission resourcePermission : resourcePermissions) {
099 if (isPrivateLayout(
100 resourcePermission.getName(),
101 resourcePermission.getPrimKey())) {
102
103 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
104 resourcePermission.getResourcePermissionId());
105 }
106 }
107 }
108
109 @Override
110 protected void doVerify() throws Exception {
111 deleteDefaultPrivateLayoutPermissions();
112
113 checkPermissions();
114 fixDockbarPermissions();
115 fixOrganizationRolePermissions();
116 }
117
118 protected void fixDockbarPermissions() throws Exception {
119 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
120
121 for (long companyId : companyIds) {
122 try {
123 Role role = RoleLocalServiceUtil.getRole(
124 companyId, RoleConstants.USER);
125
126 ResourcePermissionLocalServiceUtil.addResourcePermission(
127 companyId, PortletKeys.DOCKBAR,
128 ResourceConstants.SCOPE_COMPANY,
129 String.valueOf(role.getCompanyId()), role.getRoleId(),
130 ActionKeys.VIEW);
131 }
132 catch (Exception e) {
133 if (_log.isDebugEnabled()) {
134 _log.debug(e, e);
135 }
136 }
137 }
138 }
139
140 protected void fixOrganizationRolePermissions() throws Exception {
141 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
142 ResourcePermission.class);
143
144 dynamicQuery.add(
145 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
146
147 List<ResourcePermission> resourcePermissions =
148 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
149
150 for (ResourcePermission resourcePermission : resourcePermissions) {
151 ResourcePermission groupResourcePermission = null;
152
153 try {
154 groupResourcePermission =
155 ResourcePermissionLocalServiceUtil.getResourcePermission(
156 resourcePermission.getCompanyId(),
157 Group.class.getName(), resourcePermission.getScope(),
158 resourcePermission.getPrimKey(),
159 resourcePermission.getRoleId());
160 }
161 catch (Exception e) {
162 ResourcePermissionLocalServiceUtil.setResourcePermissions(
163 resourcePermission.getCompanyId(), Group.class.getName(),
164 resourcePermission.getScope(),
165 resourcePermission.getPrimKey(),
166 resourcePermission.getRoleId(),
167 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
168
169 groupResourcePermission =
170 ResourcePermissionLocalServiceUtil.getResourcePermission(
171 resourcePermission.getCompanyId(),
172 Group.class.getName(), resourcePermission.getScope(),
173 resourcePermission.getPrimKey(),
174 resourcePermission.getRoleId());
175 }
176
177 long organizationActions = resourcePermission.getActionIds();
178 long groupActions = groupResourcePermission.getActionIds();
179
180 for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
181 long organizationActionMask = (Long)actionIdToMask[1];
182 long groupActionMask = (Long)actionIdToMask[2];
183
184 if ((organizationActions & organizationActionMask) ==
185 organizationActionMask) {
186
187 organizationActions =
188 organizationActions & (~organizationActionMask);
189 groupActions = groupActions | groupActionMask;
190 }
191 }
192
193 try {
194 resourcePermission.resetOriginalValues();
195
196 resourcePermission.setActionIds(organizationActions);
197
198 ResourcePermissionLocalServiceUtil.updateResourcePermission(
199 resourcePermission);
200
201 groupResourcePermission.resetOriginalValues();
202 groupResourcePermission.setActionIds(groupActions);
203
204 ResourcePermissionLocalServiceUtil.updateResourcePermission(
205 groupResourcePermission);
206 }
207 catch (Exception e) {
208 _log.error(e, e);
209 }
210 }
211
212 PermissionCacheUtil.clearCache();
213 }
214
215 protected boolean isPrivateLayout(String name, String primKey)
216 throws Exception {
217
218 if (!name.equals(Layout.class.getName())) {
219 return false;
220 }
221
222 long plid = GetterUtil.getLong(primKey);
223
224 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
225
226 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
227 return false;
228 }
229
230 return true;
231 }
232
233 private static final Object[][] _ORGANIZATION_ACTION_IDS_TO_MASKS =
234 new Object[][] {
235 new Object[] {"APPROVE_PROPOSAL", 2L, 0L},
236 new Object[] {ActionKeys.ASSIGN_MEMBERS, 4L, 4L},
237 new Object[] {"ASSIGN_REVIEWER", 8L, 0L},
238 new Object[] {ActionKeys.MANAGE_ARCHIVED_SETUPS, 128L, 128L},
239 new Object[] {ActionKeys.MANAGE_LAYOUTS, 256L, 256L},
240 new Object[] {ActionKeys.MANAGE_STAGING, 512L, 512L},
241 new Object[] {ActionKeys.MANAGE_TEAMS, 2048L, 1024L},
242 new Object[] {ActionKeys.PUBLISH_STAGING, 16384L, 4096L}
243 };
244
245 private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
246
247 }