001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
018    import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
019    import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.model.Group;
024    import com.liferay.portal.model.Layout;
025    import com.liferay.portal.model.Organization;
026    import com.liferay.portal.model.ResourceConstants;
027    import com.liferay.portal.model.ResourcePermission;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.RoleConstants;
030    import com.liferay.portal.security.permission.ActionKeys;
031    import com.liferay.portal.security.permission.PermissionCacheUtil;
032    import com.liferay.portal.security.permission.ResourceActionsUtil;
033    import com.liferay.portal.service.LayoutLocalServiceUtil;
034    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
035    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
036    import com.liferay.portal.service.RoleLocalServiceUtil;
037    import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
038    import com.liferay.portal.util.PortalInstances;
039    import com.liferay.portal.util.PortletKeys;
040    
041    import java.util.ArrayList;
042    import java.util.List;
043    
044    /**
045     * @author Tobias Kaefer
046     * @author Douglas Wong
047     * @author Matthew Kong
048     * @author Raymond Aug??
049     */
050    public class VerifyPermission extends VerifyProcess {
051    
052            protected void checkPermissions() throws Exception {
053                    List<String> modelNames = ResourceActionsUtil.getModelNames();
054    
055                    for (String modelName : modelNames) {
056                            List<String> actionIds =
057                                    ResourceActionsUtil.getModelResourceActions(modelName);
058    
059                                    ResourceActionLocalServiceUtil.checkResourceActions(
060                                            modelName, actionIds, true);
061                    }
062    
063                    List<String> portletNames = ResourceActionsUtil.getPortletNames();
064    
065                    for (String portletName : portletNames) {
066                            List<String> actionIds =
067                                    ResourceActionsUtil.getPortletResourceActions(portletName);
068    
069                            ResourceActionLocalServiceUtil.checkResourceActions(
070                                    portletName, actionIds, true);
071                    }
072            }
073    
074            protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
075                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
076    
077                    for (long companyId : companyIds) {
078                            try {
079                                    deleteDefaultPrivateLayoutPermissions_6(companyId);
080                            }
081                            catch (Exception e) {
082                                    if (_log.isDebugEnabled()) {
083                                            _log.debug(e, e);
084                                    }
085                            }
086                    }
087            }
088    
089            protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
090                    throws Exception {
091    
092                    Role role = RoleLocalServiceUtil.getRole(
093                            companyId, RoleConstants.GUEST);
094    
095                    List<ResourcePermission> resourcePermissions =
096                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
097                                    role.getRoleId());
098    
099                    for (ResourcePermission resourcePermission : resourcePermissions) {
100                            if (isPrivateLayout(
101                                            resourcePermission.getName(),
102                                            resourcePermission.getPrimKey())) {
103    
104                                    ResourcePermissionLocalServiceUtil.deleteResourcePermission(
105                                            resourcePermission.getResourcePermissionId());
106                            }
107                    }
108            }
109    
110            @Override
111            protected void doVerify() throws Exception {
112                    deleteDefaultPrivateLayoutPermissions();
113    
114                    checkPermissions();
115                    fixDockbarPermissions();
116                    fixOrganizationRolePermissions();
117            }
118    
119            protected void fixDockbarPermissions() throws Exception {
120                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
121    
122                    for (long companyId : companyIds) {
123                            try {
124                                    Role role = RoleLocalServiceUtil.getRole(
125                                            companyId, RoleConstants.USER);
126    
127                                    ResourcePermissionLocalServiceUtil.addResourcePermission(
128                                            companyId, PortletKeys.DOCKBAR,
129                                            ResourceConstants.SCOPE_COMPANY,
130                                            String.valueOf(role.getCompanyId()), role.getRoleId(),
131                                            ActionKeys.VIEW);
132                            }
133                            catch (Exception e) {
134                                    if (_log.isDebugEnabled()) {
135                                            _log.debug(e, e);
136                                    }
137                            }
138                    }
139            }
140    
141            protected void fixOrganizationRolePermissions() throws Exception {
142                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
143                            ResourcePermission.class);
144    
145                    dynamicQuery.add(
146                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
147    
148                    List<ResourcePermission> resourcePermissions =
149                            ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
150    
151                    for (ResourcePermission resourcePermission : resourcePermissions) {
152                            ResourcePermission groupResourcePermission = null;
153    
154                            try {
155                                    groupResourcePermission =
156                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
157                                                    resourcePermission.getCompanyId(),
158                                                    Group.class.getName(), resourcePermission.getScope(),
159                                                    resourcePermission.getPrimKey(),
160                                                    resourcePermission.getRoleId());
161                            }
162                            catch (Exception e) {
163                                    ResourcePermissionLocalServiceUtil.setResourcePermissions(
164                                            resourcePermission.getCompanyId(), Group.class.getName(),
165                                            resourcePermission.getScope(),
166                                            resourcePermission.getPrimKey(),
167                                            resourcePermission.getRoleId(),
168                                            ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
169    
170                                    groupResourcePermission =
171                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
172                                                    resourcePermission.getCompanyId(),
173                                                    Group.class.getName(), resourcePermission.getScope(),
174                                                    resourcePermission.getPrimKey(),
175                                                    resourcePermission.getRoleId());
176                            }
177    
178                            for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
179                                    if (resourcePermission.hasActionId(actionId)) {
180                                            resourcePermission.removeResourceAction(actionId);
181    
182                                            groupResourcePermission.addResourceAction(actionId);
183                                    }
184                            }
185    
186                            try {
187                                    resourcePermission.resetOriginalValues();
188    
189                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
190                                            resourcePermission);
191    
192                                    groupResourcePermission.resetOriginalValues();
193    
194                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
195                                            groupResourcePermission);
196                            }
197                            catch (Exception e) {
198                                    _log.error(e, e);
199                            }
200                    }
201    
202                    PermissionCacheUtil.clearCache();
203            }
204    
205            protected boolean isPrivateLayout(String name, String primKey)
206                    throws Exception {
207    
208                    if (!name.equals(Layout.class.getName())) {
209                            return false;
210                    }
211    
212                    long plid = GetterUtil.getLong(primKey);
213    
214                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
215    
216                    if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
217                            return false;
218                    }
219    
220                    return true;
221            }
222    
223            private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
224                    new ArrayList<String>();
225    
226            private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
227    
228            static {
229                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
230                            ActionKeys.MANAGE_ARCHIVED_SETUPS);
231                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
232                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
233                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
234                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
235                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
236                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
237            }
238    
239    }