001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
018 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
019 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.model.Group;
024 import com.liferay.portal.model.Layout;
025 import com.liferay.portal.model.Organization;
026 import com.liferay.portal.model.ResourceConstants;
027 import com.liferay.portal.model.ResourcePermission;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.RoleConstants;
030 import com.liferay.portal.security.permission.ActionKeys;
031 import com.liferay.portal.security.permission.PermissionCacheUtil;
032 import com.liferay.portal.security.permission.ResourceActionsUtil;
033 import com.liferay.portal.service.LayoutLocalServiceUtil;
034 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
035 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
036 import com.liferay.portal.service.RoleLocalServiceUtil;
037 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
038 import com.liferay.portal.util.PortalInstances;
039 import com.liferay.portal.util.PortletKeys;
040
041 import java.util.ArrayList;
042 import java.util.List;
043
044
050 public class VerifyPermission extends VerifyProcess {
051
052 protected void checkPermissions() throws Exception {
053 List<String> modelNames = ResourceActionsUtil.getModelNames();
054
055 for (String modelName : modelNames) {
056 List<String> actionIds =
057 ResourceActionsUtil.getModelResourceActions(modelName);
058
059 ResourceActionLocalServiceUtil.checkResourceActions(
060 modelName, actionIds, true);
061 }
062
063 List<String> portletNames = ResourceActionsUtil.getPortletNames();
064
065 for (String portletName : portletNames) {
066 List<String> actionIds =
067 ResourceActionsUtil.getPortletResourceActions(portletName);
068
069 ResourceActionLocalServiceUtil.checkResourceActions(
070 portletName, actionIds, true);
071 }
072 }
073
074 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
075 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
076
077 for (long companyId : companyIds) {
078 try {
079 deleteDefaultPrivateLayoutPermissions_6(companyId);
080 }
081 catch (Exception e) {
082 if (_log.isDebugEnabled()) {
083 _log.debug(e, e);
084 }
085 }
086 }
087 }
088
089 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
090 throws Exception {
091
092 Role role = RoleLocalServiceUtil.getRole(
093 companyId, RoleConstants.GUEST);
094
095 List<ResourcePermission> resourcePermissions =
096 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
097 role.getRoleId());
098
099 for (ResourcePermission resourcePermission : resourcePermissions) {
100 if (isPrivateLayout(
101 resourcePermission.getName(),
102 resourcePermission.getPrimKey())) {
103
104 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
105 resourcePermission.getResourcePermissionId());
106 }
107 }
108 }
109
110 @Override
111 protected void doVerify() throws Exception {
112 deleteDefaultPrivateLayoutPermissions();
113
114 checkPermissions();
115 fixDockbarPermissions();
116 fixOrganizationRolePermissions();
117 }
118
119 protected void fixDockbarPermissions() throws Exception {
120 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
121
122 for (long companyId : companyIds) {
123 try {
124 Role role = RoleLocalServiceUtil.getRole(
125 companyId, RoleConstants.USER);
126
127 ResourcePermissionLocalServiceUtil.addResourcePermission(
128 companyId, PortletKeys.DOCKBAR,
129 ResourceConstants.SCOPE_COMPANY,
130 String.valueOf(role.getCompanyId()), role.getRoleId(),
131 ActionKeys.VIEW);
132 }
133 catch (Exception e) {
134 if (_log.isDebugEnabled()) {
135 _log.debug(e, e);
136 }
137 }
138 }
139 }
140
141 protected void fixOrganizationRolePermissions() throws Exception {
142 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
143 ResourcePermission.class);
144
145 dynamicQuery.add(
146 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
147
148 List<ResourcePermission> resourcePermissions =
149 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
150
151 for (ResourcePermission resourcePermission : resourcePermissions) {
152 ResourcePermission groupResourcePermission = null;
153
154 try {
155 groupResourcePermission =
156 ResourcePermissionLocalServiceUtil.getResourcePermission(
157 resourcePermission.getCompanyId(),
158 Group.class.getName(), resourcePermission.getScope(),
159 resourcePermission.getPrimKey(),
160 resourcePermission.getRoleId());
161 }
162 catch (Exception e) {
163 ResourcePermissionLocalServiceUtil.setResourcePermissions(
164 resourcePermission.getCompanyId(), Group.class.getName(),
165 resourcePermission.getScope(),
166 resourcePermission.getPrimKey(),
167 resourcePermission.getRoleId(),
168 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
169
170 groupResourcePermission =
171 ResourcePermissionLocalServiceUtil.getResourcePermission(
172 resourcePermission.getCompanyId(),
173 Group.class.getName(), resourcePermission.getScope(),
174 resourcePermission.getPrimKey(),
175 resourcePermission.getRoleId());
176 }
177
178 for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
179 if (resourcePermission.hasActionId(actionId)) {
180 resourcePermission.removeResourceAction(actionId);
181
182 groupResourcePermission.addResourceAction(actionId);
183 }
184 }
185
186 try {
187 resourcePermission.resetOriginalValues();
188
189 ResourcePermissionLocalServiceUtil.updateResourcePermission(
190 resourcePermission);
191
192 groupResourcePermission.resetOriginalValues();
193
194 ResourcePermissionLocalServiceUtil.updateResourcePermission(
195 groupResourcePermission);
196 }
197 catch (Exception e) {
198 _log.error(e, e);
199 }
200 }
201
202 PermissionCacheUtil.clearCache();
203 }
204
205 protected boolean isPrivateLayout(String name, String primKey)
206 throws Exception {
207
208 if (!name.equals(Layout.class.getName())) {
209 return false;
210 }
211
212 long plid = GetterUtil.getLong(primKey);
213
214 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
215
216 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
217 return false;
218 }
219
220 return true;
221 }
222
223 private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
224 new ArrayList<String>();
225
226 private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
227
228 static {
229 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
230 ActionKeys.MANAGE_ARCHIVED_SETUPS);
231 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
232 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
233 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
234 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
235 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
236 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
237 }
238
239 }