001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.util.OrderByComparator;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Role;
021    import com.liferay.portal.model.RoleConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil;
024    import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil;
025    import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil;
026    import com.liferay.portal.security.permission.ActionKeys;
027    import com.liferay.portal.service.ServiceContext;
028    import com.liferay.portal.service.base.RoleServiceBaseImpl;
029    import com.liferay.portal.service.permission.PortalPermissionUtil;
030    import com.liferay.portal.service.permission.RolePermissionUtil;
031    import com.liferay.portal.service.permission.UserPermissionUtil;
032    import com.liferay.portlet.expando.model.ExpandoBridge;
033    
034    import java.io.Serializable;
035    
036    import java.util.ArrayList;
037    import java.util.LinkedHashMap;
038    import java.util.List;
039    import java.util.Locale;
040    import java.util.Map;
041    
042    /**
043     * Provides the remote service for accessing, adding, unassigning, checking,
044     * deleting, and updating roles. Its methods include permission checks.
045     *
046     * @author Brian Wing Shun Chan
047     */
048    public class RoleServiceImpl extends RoleServiceBaseImpl {
049    
050            /**
051             * Adds a role. The user is reindexed after role is added.
052             *
053             * @param  className the name of the class for which the role is created
054             * @param  classPK the primary key of the class for which the role is
055             *         created (optionally <code>0</code>)
056             * @param  name the role's name
057             * @param  titleMap the role's localized titles (optionally
058             *         <code>null</code>)
059             * @param  descriptionMap the role's localized descriptions (optionally
060             *         <code>null</code>)
061             * @param  type the role's type (optionally <code>0</code>)
062             * @param  subtype the role's subtype (optionally <code>null</code>)
063             * @param  serviceContext the service context to be applied (optionally
064             *         <code>null</code>). Can set the expando bridge attributes for the
065             *         role.
066             * @return the role
067             * @throws PortalException if a user with the primary key could not be
068             *         found, if the user did not have permission to add roles, if the
069             *         class name or the role name were invalid, or if the role is a
070             *         duplicate
071             */
072            @Override
073            public Role addRole(
074                            String className, long classPK, String name,
075                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
076                            int type, String subtype, ServiceContext serviceContext)
077                    throws PortalException {
078    
079                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
080    
081                    User user = getUser();
082    
083                    Role role = roleLocalService.addRole(
084                            user.getUserId(), className, classPK, name, titleMap,
085                            descriptionMap, type, subtype, serviceContext);
086    
087                    if (type == RoleConstants.TYPE_ORGANIZATION) {
088                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
089                    }
090                    else if (type == RoleConstants.TYPE_SITE) {
091                            SiteMembershipPolicyUtil.verifyPolicy(role);
092                    }
093                    else {
094                            RoleMembershipPolicyUtil.verifyPolicy(role);
095                    }
096    
097                    return role;
098            }
099    
100            /**
101             * Adds a role. The user is reindexed after role is added.
102             *
103             * @param      name the role's name
104             * @param      titleMap the role's localized titles (optionally
105             *             <code>null</code>)
106             * @param      descriptionMap the role's localized descriptions (optionally
107             *             <code>null</code>)
108             * @param      type the role's type (optionally <code>0</code>)
109             * @return     the role
110             * @throws     PortalException if a user with the primary key could not be
111             *             found, if the user did not have permission to add roles, if
112             *             the class name or the role name were invalid, or if the role
113             *             is a duplicate
114             * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long,
115             *             String, Map, Map, int, String, ServiceContext)}
116             */
117            @Deprecated
118            @Override
119            public Role addRole(
120                            String name, Map<Locale, String> titleMap,
121                            Map<Locale, String> descriptionMap, int type)
122                    throws PortalException {
123    
124                    return addRole(
125                            null, 0, name, titleMap, descriptionMap, type, null, null);
126            }
127    
128            /**
129             * Adds the roles to the user. The user is reindexed after the roles are
130             * added.
131             *
132             * @param  userId the primary key of the user
133             * @param  roleIds the primary keys of the roles
134             * @throws PortalException if a user with the primary key could not be found
135             *         or if the user did not have permission to assign members to one
136             *         of the roles
137             */
138            @Override
139            public void addUserRoles(long userId, long[] roleIds)
140                    throws PortalException {
141    
142                    if (roleIds.length == 0) {
143                            return;
144                    }
145    
146                    checkUserRolesPermission(userId, roleIds);
147    
148                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
149    
150                    roleLocalService.addUserRoles(userId, roleIds);
151    
152                    RoleMembershipPolicyUtil.propagateRoles(
153                            new long[] {userId}, roleIds, null);
154            }
155    
156            /**
157             * Deletes the role with the primary key and its associated permissions.
158             *
159             * @param  roleId the primary key of the role
160             * @throws PortalException if the user did not have permission to delete the
161             *         role, if a role with the primary key could not be found, if the
162             *         role is a default system role, or if the role's resource could
163             *         not be found
164             */
165            @Override
166            public void deleteRole(long roleId) throws PortalException {
167                    RolePermissionUtil.check(
168                            getPermissionChecker(), roleId, ActionKeys.DELETE);
169    
170                    roleLocalService.deleteRole(roleId);
171            }
172    
173            @Override
174            public Role fetchRole(long roleId) throws PortalException {
175                    RolePermissionUtil.check(
176                            getPermissionChecker(), roleId, ActionKeys.VIEW);
177    
178                    return roleLocalService.fetchRole(roleId);
179            }
180    
181            /**
182             * Returns all the roles associated with the group.
183             *
184             * @param  groupId the primary key of the group
185             * @return the roles associated with the group
186             * @throws PortalException if a portal exception occurred
187             */
188            @Override
189            public List<Role> getGroupRoles(long groupId) throws PortalException {
190                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
191    
192                    return filterRoles(roles);
193            }
194    
195            /**
196             * Returns the role with the primary key.
197             *
198             * @param  roleId the primary key of the role
199             * @return the role with the primary key
200             * @throws PortalException if a role with the primary key could not be found
201             *         or if the user did not have permission to view the role
202             */
203            @Override
204            public Role getRole(long roleId) throws PortalException {
205                    RolePermissionUtil.check(
206                            getPermissionChecker(), roleId, ActionKeys.VIEW);
207    
208                    return roleLocalService.getRole(roleId);
209            }
210    
211            /**
212             * Returns the role with the name in the company.
213             *
214             * <p>
215             * The method searches the system roles map first for default roles. If a
216             * role with the name is not found, then the method will query the database.
217             * </p>
218             *
219             * @param  companyId the primary key of the company
220             * @param  name the role's name
221             * @return the role with the name
222             * @throws PortalException if a role with the name could not be found in the
223             *         company or if the user did not have permission to view the role
224             */
225            @Override
226            public Role getRole(long companyId, String name) throws PortalException {
227                    Role role = roleLocalService.getRole(companyId, name);
228    
229                    RolePermissionUtil.check(
230                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
231    
232                    return role;
233            }
234    
235            @Override
236            public List<Role> getRoles(int type, String subtype)
237                    throws PortalException {
238    
239                    return filterRoles(roleLocalService.getRoles(type, subtype));
240            }
241    
242            @Override
243            public List<Role> getRoles(long companyId, int[] types)
244                    throws PortalException {
245    
246                    return filterRoles(roleLocalService.getRoles(companyId, types));
247            }
248    
249            /**
250             * Returns all the user's roles within the user group.
251             *
252             * @param  userId the primary key of the user
253             * @param  groupId the primary key of the group
254             * @return the user's roles within the user group
255             * @throws PortalException if a portal exception occurred
256             */
257            @Override
258            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
259                    throws PortalException {
260    
261                    UserPermissionUtil.check(
262                            getPermissionChecker(), userId, ActionKeys.VIEW);
263    
264                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
265                            userId, groupId);
266    
267                    return filterRoles(roles);
268            }
269    
270            /**
271             * Returns all the user's roles within the user group.
272             *
273             * @param  userId the primary key of the user
274             * @param  groupId the primary key of the group
275             * @return the user's roles within the user group
276             * @throws PortalException if a portal exception occurred
277             */
278            @Override
279            public List<Role> getUserGroupRoles(long userId, long groupId)
280                    throws PortalException {
281    
282                    UserPermissionUtil.check(
283                            getPermissionChecker(), userId, ActionKeys.VIEW);
284    
285                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
286    
287                    return filterRoles(roles);
288            }
289    
290            /**
291             * Returns the union of all the user's roles within the groups.
292             *
293             * @param  userId the primary key of the user
294             * @param  groups the groups (optionally <code>null</code>)
295             * @return the union of all the user's roles within the groups
296             * @throws PortalException if a portal exception occurred
297             */
298            @Override
299            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
300                    throws PortalException {
301    
302                    UserPermissionUtil.check(
303                            getPermissionChecker(), userId, ActionKeys.VIEW);
304    
305                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
306    
307                    return filterRoles(roles);
308            }
309    
310            /**
311             * Returns all the roles associated with the user.
312             *
313             * @param  userId the primary key of the user
314             * @return the roles associated with the user
315             * @throws PortalException if a portal exception occurred
316             */
317            @Override
318            public List<Role> getUserRoles(long userId) throws PortalException {
319                    UserPermissionUtil.check(
320                            getPermissionChecker(), userId, ActionKeys.VIEW);
321    
322                    List<Role> roles = roleLocalService.getUserRoles(userId);
323    
324                    return filterRoles(roles);
325            }
326    
327            /**
328             * Returns <code>true</code> if the user is associated with the named
329             * regular role.
330             *
331             * @param  userId the primary key of the user
332             * @param  companyId the primary key of the company
333             * @param  name the name of the role
334             * @param  inherited whether to include the user's inherited roles in the
335             *         search
336             * @return <code>true</code> if the user is associated with the regular
337             *         role; <code>false</code> otherwise
338             * @throws PortalException if a role with the name could not be found in the
339             *         company or if a default user for the company could not be found
340             */
341            @Override
342            public boolean hasUserRole(
343                            long userId, long companyId, String name, boolean inherited)
344                    throws PortalException {
345    
346                    UserPermissionUtil.check(
347                            getPermissionChecker(), userId, ActionKeys.VIEW);
348    
349                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
350            }
351    
352            /**
353             * Returns <code>true</code> if the user has any one of the named regular
354             * roles.
355             *
356             * @param  userId the primary key of the user
357             * @param  companyId the primary key of the company
358             * @param  names the names of the roles
359             * @param  inherited whether to include the user's inherited roles in the
360             *         search
361             * @return <code>true</code> if the user has any one of the regular roles;
362             *         <code>false</code> otherwise
363             * @throws PortalException if any one of the roles with the names could not
364             *         be found in the company or if the default user for the company
365             *         could not be found
366             */
367            @Override
368            public boolean hasUserRoles(
369                            long userId, long companyId, String[] names, boolean inherited)
370                    throws PortalException {
371    
372                    UserPermissionUtil.check(
373                            getPermissionChecker(), userId, ActionKeys.VIEW);
374    
375                    return roleLocalService.hasUserRoles(
376                            userId, companyId, names, inherited);
377            }
378    
379            @Override
380            public List<Role> search(
381                    long companyId, String keywords, Integer[] types,
382                    LinkedHashMap<String, Object> params, int start, int end,
383                    OrderByComparator<Role> obc) {
384    
385                    return roleFinder.filterFindByKeywords(
386                            companyId, keywords, types, params, start, end, obc);
387            }
388    
389            @Override
390            public int searchCount(
391                    long companyId, String keywords, Integer[] types,
392                    LinkedHashMap<String, Object> params) {
393    
394                    return roleFinder.filterCountByKeywords(
395                            companyId, keywords, types, params);
396            }
397    
398            /**
399             * Removes the matching roles associated with the user. The user is
400             * reindexed after the roles are removed.
401             *
402             * @param  userId the primary key of the user
403             * @param  roleIds the primary keys of the roles
404             * @throws PortalException if a user with the primary key could not be
405             *         found, if the user did not have permission to remove members from
406             *         a role, or if a role with any one of the primary keys could not
407             *         be found
408             */
409            @Override
410            public void unsetUserRoles(long userId, long[] roleIds)
411                    throws PortalException {
412    
413                    if (roleIds.length == 0) {
414                            return;
415                    }
416    
417                    checkUserRolesPermission(userId, roleIds);
418    
419                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
420    
421                    roleLocalService.unsetUserRoles(userId, roleIds);
422    
423                    RoleMembershipPolicyUtil.propagateRoles(
424                            new long[] {userId}, null, roleIds);
425            }
426    
427            /**
428             * Updates the role with the primary key.
429             *
430             * @param  roleId the primary key of the role
431             * @param  name the role's new name
432             * @param  titleMap the new localized titles (optionally <code>null</code>)
433             *         to replace those existing for the role
434             * @param  descriptionMap the new localized descriptions (optionally
435             *         <code>null</code>) to replace those existing for the role
436             * @param  subtype the role's new subtype (optionally <code>null</code>)
437             * @param  serviceContext the service context to be applied (optionally
438             *         <code>null</code>). Can set the expando bridge attributes for the
439             *         role.
440             * @return the role with the primary key
441             * @throws PortalException if the user did not have permission to update the
442             *         role, if a role with the primary could not be found, or if the
443             *         role's name was invalid
444             */
445            @Override
446            public Role updateRole(
447                            long roleId, String name, Map<Locale, String> titleMap,
448                            Map<Locale, String> descriptionMap, String subtype,
449                            ServiceContext serviceContext)
450                    throws PortalException {
451    
452                    RolePermissionUtil.check(
453                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
454    
455                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
456    
457                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
458    
459                    Map<String, Serializable> oldExpandoAttributes =
460                            oldExpandoBridge.getAttributes();
461    
462                    Role role = roleLocalService.updateRole(
463                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
464    
465                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
466                            OrganizationMembershipPolicyUtil.verifyPolicy(
467                                    role, oldRole, oldExpandoAttributes);
468                    }
469                    else if (role.getType() == RoleConstants.TYPE_SITE) {
470                            SiteMembershipPolicyUtil.verifyPolicy(
471                                    role, oldRole, oldExpandoAttributes);
472                    }
473                    else {
474                            RoleMembershipPolicyUtil.verifyPolicy(
475                                    role, oldRole, oldExpandoAttributes);
476                    }
477    
478                    return role;
479            }
480    
481            protected void checkUserRolesPermission(long userId, long[] roleIds)
482                    throws PortalException {
483    
484                    for (int i = 0; i < roleIds.length; i++) {
485                            RolePermissionUtil.check(
486                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
487                    }
488            }
489    
490            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
491                    List<Role> filteredRoles = new ArrayList<>();
492    
493                    for (Role role : roles) {
494                            if (RolePermissionUtil.contains(
495                                            getPermissionChecker(), role.getRoleId(),
496                                            ActionKeys.VIEW)) {
497    
498                                    filteredRoles.add(role);
499                            }
500                    }
501    
502                    return filteredRoles;
503            }
504    
505    }