001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.ResourceBlocksNotSupportedException;
018 import com.liferay.portal.kernel.dao.db.DB;
019 import com.liferay.portal.kernel.dao.db.DBFactoryUtil;
020 import com.liferay.portal.kernel.dao.jdbc.CurrentConnectionUtil;
021 import com.liferay.portal.kernel.dao.orm.ORMException;
022 import com.liferay.portal.kernel.dao.orm.QueryPos;
023 import com.liferay.portal.kernel.dao.orm.SQLQuery;
024 import com.liferay.portal.kernel.dao.orm.Session;
025 import com.liferay.portal.kernel.exception.PortalException;
026 import com.liferay.portal.kernel.exception.SystemException;
027 import com.liferay.portal.kernel.log.Log;
028 import com.liferay.portal.kernel.log.LogFactoryUtil;
029 import com.liferay.portal.kernel.transaction.Isolation;
030 import com.liferay.portal.kernel.transaction.Propagation;
031 import com.liferay.portal.kernel.transaction.TransactionCommitCallbackUtil;
032 import com.liferay.portal.kernel.transaction.Transactional;
033 import com.liferay.portal.kernel.util.ListUtil;
034 import com.liferay.portal.model.AuditedModel;
035 import com.liferay.portal.model.GroupedModel;
036 import com.liferay.portal.model.PermissionedModel;
037 import com.liferay.portal.model.PersistedModel;
038 import com.liferay.portal.model.ResourceAction;
039 import com.liferay.portal.model.ResourceBlock;
040 import com.liferay.portal.model.ResourceBlockConstants;
041 import com.liferay.portal.model.ResourceBlockPermissionsContainer;
042 import com.liferay.portal.model.ResourceTypePermission;
043 import com.liferay.portal.model.Role;
044 import com.liferay.portal.model.RoleConstants;
045 import com.liferay.portal.model.impl.ResourceBlockImpl;
046 import com.liferay.portal.security.auth.PrincipalException;
047 import com.liferay.portal.security.permission.PermissionCacheUtil;
048 import com.liferay.portal.security.permission.PermissionThreadLocal;
049 import com.liferay.portal.security.permission.ResourceActionsUtil;
050 import com.liferay.portal.security.permission.ResourceBlockIdsBag;
051 import com.liferay.portal.service.PersistedModelLocalService;
052 import com.liferay.portal.service.PersistedModelLocalServiceRegistryUtil;
053 import com.liferay.portal.service.base.ResourceBlockLocalServiceBaseImpl;
054 import com.liferay.portal.util.PropsValues;
055 import com.liferay.util.dao.orm.CustomSQLUtil;
056
057 import java.sql.Connection;
058 import java.sql.SQLException;
059
060 import java.util.ArrayList;
061 import java.util.List;
062 import java.util.Map;
063 import java.util.Set;
064 import java.util.concurrent.Callable;
065
066 import javax.sql.DataSource;
067
068
075 public class ResourceBlockLocalServiceImpl
076 extends ResourceBlockLocalServiceBaseImpl {
077
078 @Override
079 public void addCompanyScopePermission(
080 long companyId, String name, long roleId, String actionId)
081 throws PortalException {
082
083 updateCompanyScopePermissions(
084 companyId, name, roleId, getActionId(name, actionId),
085 ResourceBlockConstants.OPERATOR_ADD);
086 }
087
088 @Override
089 public void addCompanyScopePermissions(
090 long companyId, String name, long roleId, long actionIdsLong) {
091
092 updateCompanyScopePermissions(
093 companyId, name, roleId, actionIdsLong,
094 ResourceBlockConstants.OPERATOR_ADD);
095 }
096
097 @Override
098 public void addGroupScopePermission(
099 long companyId, long groupId, String name, long roleId,
100 String actionId)
101 throws PortalException {
102
103 updateGroupScopePermissions(
104 companyId, groupId, name, roleId, getActionId(name, actionId),
105 ResourceBlockConstants.OPERATOR_ADD);
106 }
107
108 @Override
109 public void addGroupScopePermissions(
110 long companyId, long groupId, String name, long roleId,
111 long actionIdsLong) {
112
113 updateGroupScopePermissions(
114 companyId, groupId, name, roleId, actionIdsLong,
115 ResourceBlockConstants.OPERATOR_ADD);
116 }
117
118 @Override
119 public void addIndividualScopePermission(
120 long companyId, long groupId, String name, long primKey,
121 long roleId, String actionId)
122 throws PortalException {
123
124 PermissionedModel permissionedModel = getPermissionedModel(
125 name, primKey);
126
127 updateIndividualScopePermissions(
128 companyId, groupId, name, permissionedModel, roleId,
129 getActionId(name, actionId), ResourceBlockConstants.OPERATOR_ADD);
130 }
131
132 @Override
133 public void addIndividualScopePermission(
134 long companyId, long groupId, String name,
135 PermissionedModel permissionedModel, long roleId, String actionId)
136 throws PortalException {
137
138 updateIndividualScopePermissions(
139 companyId, groupId, name, permissionedModel, roleId,
140 getActionId(name, actionId), ResourceBlockConstants.OPERATOR_ADD);
141 }
142
143 @Override
144 public void addIndividualScopePermissions(
145 long companyId, long groupId, String name, long primKey,
146 long roleId, long actionIdsLong)
147 throws PortalException {
148
149 PermissionedModel permissionedModel = getPermissionedModel(
150 name, primKey);
151
152 updateIndividualScopePermissions(
153 companyId, groupId, name, permissionedModel, roleId, actionIdsLong,
154 ResourceBlockConstants.OPERATOR_ADD);
155 }
156
157 @Override
158 public void addIndividualScopePermissions(
159 long companyId, long groupId, String name,
160 PermissionedModel permissionedModel, long roleId, long actionIdsLong) {
161
162 updateIndividualScopePermissions(
163 companyId, groupId, name, permissionedModel, roleId, actionIdsLong,
164 ResourceBlockConstants.OPERATOR_ADD);
165 }
166
167
180 @Override
181 public ResourceBlock addResourceBlock(
182 long companyId, long groupId, String name, String permissionsHash,
183 ResourceBlockPermissionsContainer resourceBlockPermissionsContainer) {
184
185 long resourceBlockId = counterLocalService.increment(
186 ResourceBlock.class.getName());
187
188 ResourceBlock resourceBlock = resourceBlockPersistence.create(
189 resourceBlockId);
190
191 resourceBlock.setCompanyId(companyId);
192 resourceBlock.setGroupId(groupId);
193 resourceBlock.setName(name);
194 resourceBlock.setPermissionsHash(permissionsHash);
195 resourceBlock.setReferenceCount(1);
196
197 updateResourceBlock(resourceBlock);
198
199 resourceBlockPermissionLocalService.addResourceBlockPermissions(
200 resourceBlockId, resourceBlockPermissionsContainer);
201
202 return resourceBlock;
203 }
204
205 @Override
206 public ResourceBlock deleteResourceBlock(long resourceBlockId)
207 throws PortalException {
208
209 ResourceBlock resourceBlock = resourceBlockPersistence.findByPrimaryKey(
210 resourceBlockId);
211
212 return deleteResourceBlock(resourceBlock);
213 }
214
215 @Override
216 public ResourceBlock deleteResourceBlock(ResourceBlock resourceBlock) {
217 resourceBlockPermissionLocalService.deleteResourceBlockPermissions(
218 resourceBlock.getPrimaryKey());
219
220 resourceBlockPersistence.remove(resourceBlock);
221
222 return resourceBlock;
223 }
224
225 @Override
226 public long getActionId(String name, String actionId)
227 throws PortalException {
228
229 ResourceAction resourcAction =
230 resourceActionLocalService.getResourceAction(name, actionId);
231
232 return resourcAction.getBitwiseValue();
233 }
234
235 @Override
236 public long getActionIds(String name, List<String> actionIds)
237 throws PortalException {
238
239 long actionIdsLong = 0;
240
241 for (String actionId : actionIds) {
242 ResourceAction resourceAction =
243 resourceActionLocalService.getResourceAction(name, actionId);
244
245 actionIdsLong |= resourceAction.getBitwiseValue();
246 }
247
248 return actionIdsLong;
249 }
250
251 @Override
252 public List<String> getActionIds(String name, long actionIdsLong) {
253 List<ResourceAction> resourceActions =
254 resourceActionLocalService.getResourceActions(name);
255
256 List<String> actionIds = new ArrayList<>();
257
258 for (ResourceAction resourceAction : resourceActions) {
259 if ((actionIdsLong & resourceAction.getBitwiseValue()) ==
260 resourceAction.getBitwiseValue()) {
261
262 actionIds.add(resourceAction.getActionId());
263 }
264 }
265
266 return actionIds;
267 }
268
269 @Override
270 public List<String> getCompanyScopePermissions(
271 ResourceBlock resourceBlock, long roleId) {
272
273 long actionIdsLong =
274 resourceTypePermissionLocalService.getCompanyScopeActionIds(
275 resourceBlock.getCompanyId(), resourceBlock.getName(), roleId);
276
277 return getActionIds(resourceBlock.getName(), actionIdsLong);
278 }
279
280 @Override
281 public List<String> getGroupScopePermissions(
282 ResourceBlock resourceBlock, long roleId) {
283
284 long actionIdsLong =
285 resourceTypePermissionLocalService.getGroupScopeActionIds(
286 resourceBlock.getCompanyId(), resourceBlock.getGroupId(),
287 resourceBlock.getName(), roleId);
288
289 return getActionIds(resourceBlock.getName(), actionIdsLong);
290 }
291
292 @Override
293 public PermissionedModel getPermissionedModel(String name, long primKey)
294 throws PortalException {
295
296 PersistedModelLocalService persistedModelLocalService =
297 PersistedModelLocalServiceRegistryUtil.
298 getPersistedModelLocalService(name);
299
300 if (persistedModelLocalService == null) {
301 throw new ResourceBlocksNotSupportedException();
302 }
303
304 PersistedModel persistedModel =
305 persistedModelLocalService.getPersistedModel(primKey);
306
307 try {
308 return (PermissionedModel)persistedModel;
309 }
310 catch (ClassCastException cce) {
311 throw new ResourceBlocksNotSupportedException();
312 }
313 }
314
315 @Override
316 public List<String> getPermissions(
317 ResourceBlock resourceBlock, long roleId) {
318
319 ResourceBlockPermissionsContainer resourceBlockPermissionsContainer =
320 resourceBlockPermissionLocalService.
321 getResourceBlockPermissionsContainer(
322 resourceBlock.getPrimaryKey());
323
324 long actionIdsLong = resourceBlockPermissionsContainer.getActionIds(
325 roleId);
326
327 return getActionIds(resourceBlock.getName(), actionIdsLong);
328 }
329
330 @Override
331 public ResourceBlock getResourceBlock(String name, long primKey)
332 throws PortalException {
333
334 PermissionedModel permissionedModel = getPermissionedModel(
335 name, primKey);
336
337 return getResourceBlock(permissionedModel.getResourceBlockId());
338 }
339
340 @Override
341 public List<Long> getResourceBlockIds(
342 ResourceBlockIdsBag resourceBlockIdsBag, String name,
343 String actionId)
344 throws PortalException {
345
346 long actionIdsLong = getActionId(name, actionId);
347
348 return resourceBlockIdsBag.getResourceBlockIds(actionIdsLong);
349 }
350
351 @Override
352 public ResourceBlockIdsBag getResourceBlockIdsBag(
353 long companyId, long groupId, String name, long[] roleIds) {
354
355 return resourceBlockFinder.findByC_G_N_R(
356 companyId, groupId, name, roleIds);
357 }
358
359 @Override
360 public List<Role> getRoles(String name, long primKey, String actionId)
361 throws PortalException {
362
363 long actionIdLong = getActionId(name, actionId);
364
365 ResourceBlock resourceBlock = getResourceBlock(name, primKey);
366
367 ResourceBlockPermissionsContainer resourceBlockPermissionsContainer =
368 resourceBlockPermissionLocalService.
369 getResourceBlockPermissionsContainer(
370 resourceBlock.getResourceBlockId());
371
372 Set<Long> roleIds = resourceBlockPermissionsContainer.getRoleIds();
373
374 List<Role> roles = new ArrayList<>(roleIds.size());
375
376 for (long roleId : roleIds) {
377 if (resourceBlockPermissionsContainer.hasPermission(
378 roleId, actionIdLong)) {
379
380 roles.add(roleLocalService.getRole(roleId));
381 }
382 }
383
384 return roles;
385 }
386
387 @Override
388 public boolean hasPermission(
389 String name, long primKey, String actionId,
390 ResourceBlockIdsBag resourceBlockIdsBag)
391 throws PortalException {
392
393 PermissionedModel permissionedModel = getPermissionedModel(
394 name, primKey);
395
396 return hasPermission(
397 name, permissionedModel, actionId, resourceBlockIdsBag);
398 }
399
400 @Override
401 public boolean hasPermission(
402 String name, PermissionedModel permissionedModel, String actionId,
403 ResourceBlockIdsBag resourceBlockIdsBag)
404 throws PortalException {
405
406 long actionIdsLong = getActionId(name, actionId);
407
408 return resourceBlockIdsBag.hasResourceBlockId(
409 permissionedModel.getResourceBlockId(), actionIdsLong);
410 }
411
412 @Override
413 public boolean isSupported(String name) {
414 return PersistedModelLocalServiceRegistryUtil.
415 isPermissionedModelLocalService(name);
416 }
417
418 @Override
419 @Transactional(
420 isolation = Isolation.READ_COMMITTED,
421 propagation = Propagation.REQUIRES_NEW
422 )
423 public void releasePermissionedModelResourceBlock(
424 PermissionedModel permissionedModel) {
425
426 releaseResourceBlock(permissionedModel.getResourceBlockId());
427 }
428
429 @Override
430 public void releasePermissionedModelResourceBlock(String name, long primKey)
431 throws PortalException {
432
433 PermissionedModel permissionedModel = getPermissionedModel(
434 name, primKey);
435
436 releasePermissionedModelResourceBlock(permissionedModel);
437 }
438
439
446 @Override
447 @Transactional(
448 isolation = Isolation.READ_COMMITTED,
449 propagation = Propagation.REQUIRES_NEW
450 )
451 public void releaseResourceBlock(long resourceBlockId) {
452 Session session = resourceBlockPersistence.openSession();
453
454 while (true) {
455 try {
456 String sql = CustomSQLUtil.get(_RELEASE_RESOURCE_BLOCK);
457
458 SQLQuery sqlQuery = session.createSynchronizedSQLQuery(sql);
459
460 QueryPos qPos = QueryPos.getInstance(sqlQuery);
461
462 qPos.add(resourceBlockId);
463
464 if (sqlQuery.executeUpdate() > 0) {
465 ResourceBlock resourceBlock = (ResourceBlock)session.get(
466 ResourceBlockImpl.class, Long.valueOf(resourceBlockId));
467
468 if (resourceBlock.getReferenceCount() == 0) {
469 sql = CustomSQLUtil.get(_DELETE_RESOURCE_BLOCK);
470
471 sqlQuery = session.createSynchronizedSQLQuery(sql);
472
473 qPos = QueryPos.getInstance(sqlQuery);
474
475 qPos.add(resourceBlockId);
476
477 sqlQuery.executeUpdate();
478
479 PermissionCacheUtil.clearResourceBlockCache(
480 resourceBlock.getCompanyId(),
481 resourceBlock.getGroupId(),
482 resourceBlock.getName());
483 }
484 }
485
486 resourceBlockPersistence.closeSession(session);
487
488 break;
489 }
490 catch (ORMException orme) {
491 if (_log.isWarnEnabled()) {
492 _log.warn(
493 "Unable to decrement reference count for resource " +
494 "block " + resourceBlockId + ". Retrying.");
495 }
496 }
497 }
498 }
499
500
507 @Override
508 @Transactional(
509 isolation = Isolation.READ_COMMITTED,
510 propagation = Propagation.REQUIRES_NEW
511 )
512 public void releaseResourceBlock(ResourceBlock resourceBlock) {
513 releaseResourceBlock(resourceBlock.getResourceBlockId());
514 }
515
516 @Override
517 public void removeAllGroupScopePermissions(
518 long companyId, String name, long roleId, long actionIdsLong) {
519
520 List<ResourceTypePermission> resourceTypePermissions =
521 resourceTypePermissionLocalService.
522 getGroupScopeResourceTypePermissions(companyId, name, roleId);
523
524 for (ResourceTypePermission resourceTypePermission :
525 resourceTypePermissions) {
526
527 removeGroupScopePermissions(
528 companyId, resourceTypePermission.getGroupId(), name, roleId,
529 actionIdsLong);
530 }
531 }
532
533 @Override
534 public void removeAllGroupScopePermissions(
535 long companyId, String name, long roleId, String actionId)
536 throws PortalException {
537
538 removeAllGroupScopePermissions(
539 companyId, name, roleId, getActionId(name, actionId));
540 }
541
542 @Override
543 public void removeCompanyScopePermission(
544 long companyId, String name, long roleId, String actionId)
545 throws PortalException {
546
547 updateCompanyScopePermissions(
548 companyId, name, roleId, getActionId(name, actionId),
549 ResourceBlockConstants.OPERATOR_REMOVE);
550 }
551
552 @Override
553 public void removeCompanyScopePermissions(
554 long companyId, String name, long roleId, long actionIdsLong) {
555
556 updateCompanyScopePermissions(
557 companyId, name, roleId, actionIdsLong,
558 ResourceBlockConstants.OPERATOR_REMOVE);
559 }
560
561 @Override
562 public void removeGroupScopePermission(
563 long companyId, long groupId, String name, long roleId,
564 String actionId)
565 throws PortalException {
566
567 updateGroupScopePermissions(
568 companyId, groupId, name, roleId, getActionId(name, actionId),
569 ResourceBlockConstants.OPERATOR_REMOVE);
570 }
571
572 @Override
573 public void removeGroupScopePermissions(
574 long companyId, long groupId, String name, long roleId,
575 long actionIdsLong) {
576
577 updateGroupScopePermissions(
578 companyId, groupId, name, roleId, actionIdsLong,
579 ResourceBlockConstants.OPERATOR_REMOVE);
580 }
581
582 @Override
583 public void removeIndividualScopePermission(
584 long companyId, long groupId, String name, long primKey,
585 long roleId, String actionId)
586 throws PortalException {
587
588 PermissionedModel permissionedModel = getPermissionedModel(
589 name, primKey);
590
591 updateIndividualScopePermissions(
592 companyId, groupId, name, permissionedModel, roleId,
593 getActionId(name, actionId),
594 ResourceBlockConstants.OPERATOR_REMOVE);
595 }
596
597 @Override
598 public void removeIndividualScopePermission(
599 long companyId, long groupId, String name,
600 PermissionedModel permissionedModel, long roleId, String actionId)
601 throws PortalException {
602
603 updateIndividualScopePermissions(
604 companyId, groupId, name, permissionedModel, roleId,
605 getActionId(name, actionId),
606 ResourceBlockConstants.OPERATOR_REMOVE);
607 }
608
609 @Override
610 public void removeIndividualScopePermissions(
611 long companyId, long groupId, String name, long primKey,
612 long roleId, long actionIdsLong)
613 throws PortalException {
614
615 PermissionedModel permissionedModel = getPermissionedModel(
616 name, primKey);
617
618 updateIndividualScopePermissions(
619 companyId, groupId, name, permissionedModel, roleId, actionIdsLong,
620 ResourceBlockConstants.OPERATOR_REMOVE);
621 }
622
623 @Override
624 public void removeIndividualScopePermissions(
625 long companyId, long groupId, String name,
626 PermissionedModel permissionedModel, long roleId, long actionIdsLong) {
627
628 updateIndividualScopePermissions(
629 companyId, groupId, name, permissionedModel, roleId, actionIdsLong,
630 ResourceBlockConstants.OPERATOR_REMOVE);
631 }
632
633 @Override
634 public void setCompanyScopePermissions(
635 long companyId, String name, long roleId, List<String> actionIds)
636 throws PortalException {
637
638 checkGuestSupportedPermission(companyId, name, roleId, actionIds);
639
640 updateCompanyScopePermissions(
641 companyId, name, roleId, getActionIds(name, actionIds),
642 ResourceBlockConstants.OPERATOR_SET);
643 }
644
645 @Override
646 public void setCompanyScopePermissions(
647 long companyId, String name, long roleId, long actionIdsLong) {
648
649 updateCompanyScopePermissions(
650 companyId, name, roleId, actionIdsLong,
651 ResourceBlockConstants.OPERATOR_SET);
652 }
653
654 @Override
655 public void setGroupScopePermissions(
656 long companyId, long groupId, String name, long roleId,
657 List<String> actionIds)
658 throws PortalException {
659
660 checkGuestSupportedPermission(companyId, name, roleId, actionIds);
661
662 updateGroupScopePermissions(
663 companyId, groupId, name, roleId, getActionIds(name, actionIds),
664 ResourceBlockConstants.OPERATOR_SET);
665 }
666
667 @Override
668 public void setGroupScopePermissions(
669 long companyId, long groupId, String name, long roleId,
670 long actionIdsLong) {
671
672 updateGroupScopePermissions(
673 companyId, groupId, name, roleId, actionIdsLong,
674 ResourceBlockConstants.OPERATOR_SET);
675 }
676
677 @Override
678 public void setIndividualScopePermissions(
679 long companyId, long groupId, String name, long primKey,
680 long roleId, List<String> actionIds)
681 throws PortalException {
682
683 PermissionedModel permissionedModel = getPermissionedModel(
684 name, primKey);
685
686 checkGuestSupportedPermission(companyId, name, roleId, actionIds);
687
688 updateIndividualScopePermissions(
689 companyId, groupId, name, permissionedModel, roleId,
690 getActionIds(name, actionIds), ResourceBlockConstants.OPERATOR_SET);
691 }
692
693 @Override
694 public void setIndividualScopePermissions(
695 long companyId, long groupId, String name, long primKey,
696 long roleId, long actionIdsLong)
697 throws PortalException {
698
699 PermissionedModel permissionedModel = getPermissionedModel(
700 name, primKey);
701
702 updateIndividualScopePermissions(
703 companyId, groupId, name, permissionedModel, roleId, actionIdsLong,
704 ResourceBlockConstants.OPERATOR_SET);
705 }
706
707 @Override
708 public void setIndividualScopePermissions(
709 long companyId, long groupId, String name, long primKey,
710 Map<Long, String[]> roleIdsToActionIds)
711 throws PortalException {
712
713 boolean flushResourceBlockEnabled =
714 PermissionThreadLocal.isFlushResourceBlockEnabled(
715 companyId, groupId, name);
716
717 PermissionThreadLocal.setFlushResourceBlockEnabled(
718 companyId, groupId, name, false);
719
720 try {
721 PermissionedModel permissionedModel = getPermissionedModel(
722 name, primKey);
723
724 for (Map.Entry<Long, String[]> entry :
725 roleIdsToActionIds.entrySet()) {
726
727 long roleId = entry.getKey();
728 List<String> actionIds = ListUtil.fromArray(entry.getValue());
729
730 checkGuestSupportedPermission(
731 companyId, name, roleId, actionIds);
732
733 updateIndividualScopePermissions(
734 companyId, groupId, name, permissionedModel, roleId,
735 getActionIds(name, actionIds),
736 ResourceBlockConstants.OPERATOR_SET);
737 }
738 }
739 finally {
740 PermissionThreadLocal.setFlushResourceBlockEnabled(
741 companyId, groupId, name, flushResourceBlockEnabled);
742
743 PermissionCacheUtil.clearResourceBlockCache(
744 companyId, groupId, name);
745 }
746 }
747
748 @Override
749 public void setIndividualScopePermissions(
750 long companyId, long groupId, String name,
751 PermissionedModel permissionedModel, long roleId,
752 List<String> actionIds)
753 throws PortalException {
754
755 checkGuestSupportedPermission(companyId, name, roleId, actionIds);
756
757 updateIndividualScopePermissions(
758 companyId, groupId, name, permissionedModel, roleId,
759 getActionIds(name, actionIds), ResourceBlockConstants.OPERATOR_SET);
760 }
761
762 @Override
763 public void setIndividualScopePermissions(
764 long companyId, long groupId, String name,
765 PermissionedModel permissionedModel, long roleId, long actionIdsLong) {
766
767 updateIndividualScopePermissions(
768 companyId, groupId, name, permissionedModel, roleId, actionIdsLong,
769 ResourceBlockConstants.OPERATOR_SET);
770 }
771
772 @Override
773 public void updateCompanyScopePermissions(
774 long companyId, String name, long roleId, long actionIdsLong,
775 int operator) {
776
777 resourceTypePermissionLocalService.
778 updateCompanyScopeResourceTypePermissions(
779 companyId, name, roleId, actionIdsLong, operator);
780
781 PermissionCacheUtil.clearResourceCache();
782 }
783
784 @Override
785 public void updateGroupScopePermissions(
786 long companyId, long groupId, String name, long roleId,
787 long actionIdsLong, int operator) {
788
789 resourceTypePermissionLocalService.
790 updateGroupScopeResourceTypePermissions(
791 companyId, groupId, name, roleId, actionIdsLong, operator);
792
793 PermissionCacheUtil.clearResourceCache();
794 }
795
796 @Override
797 public void updateIndividualScopePermissions(
798 long companyId, long groupId, String name,
799 PermissionedModel permissionedModel, long roleId, long actionIdsLong,
800 int operator) {
801
802 ResourceBlock resourceBlock =
803 resourceBlockPersistence.fetchByPrimaryKey(
804 permissionedModel.getResourceBlockId());
805
806 ResourceBlockPermissionsContainer resourceBlockPermissionsContainer =
807 null;
808
809 if (resourceBlock == null) {
810 resourceBlockPermissionsContainer =
811 resourceTypePermissionLocalService.
812 getResourceBlockPermissionsContainer(
813 companyId, groupId, name);
814 }
815 else {
816 resourceBlockPermissionsContainer =
817 resourceBlockPermissionLocalService.
818 getResourceBlockPermissionsContainer(
819 resourceBlock.getPrimaryKey());
820 }
821
822 long oldActionIdsLong = resourceBlockPermissionsContainer.getActionIds(
823 roleId);
824
825 if (operator == ResourceBlockConstants.OPERATOR_ADD) {
826 actionIdsLong |= oldActionIdsLong;
827 }
828 else if (operator == ResourceBlockConstants.OPERATOR_REMOVE) {
829 actionIdsLong = oldActionIdsLong & (~actionIdsLong);
830 }
831
832 if (resourceBlock != null) {
833 if (oldActionIdsLong == actionIdsLong) {
834 return;
835 }
836
837 resourceBlockLocalService.releaseResourceBlock(resourceBlock);
838 }
839
840 resourceBlockPermissionsContainer.setPermissions(roleId, actionIdsLong);
841
842 String permissionsHash =
843 resourceBlockPermissionsContainer.getPermissionsHash();
844
845 resourceBlockLocalService.updateResourceBlockId(
846 companyId, groupId, name, permissionedModel, permissionsHash,
847 resourceBlockPermissionsContainer);
848
849 PermissionCacheUtil.clearResourceBlockCache(companyId, groupId, name);
850 }
851
852 @Override
853 @Transactional(
854 isolation = Isolation.READ_COMMITTED,
855 propagation = Propagation.REQUIRES_NEW
856 )
857 public ResourceBlock updateResourceBlockId(
858 long companyId, long groupId, String name,
859 final PermissionedModel permissionedModel, String permissionsHash,
860 ResourceBlockPermissionsContainer resourceBlockPermissionsContainer) {
861
862 ResourceBlock resourceBlock = null;
863
864 while (true) {
865 resourceBlock = resourceBlockPersistence.fetchByC_G_N_P(
866 companyId, groupId, name, permissionsHash, false);
867
868 if (resourceBlock == null) {
869 try {
870 resourceBlock = addResourceBlock(
871 companyId, groupId, name, permissionsHash,
872 resourceBlockPermissionsContainer);
873
874
875
876 if (PropsValues.SPRING_HIBERNATE_SESSION_DELEGATED) {
877 resourceBlockPersistence.flush();
878 }
879 }
880 catch (SystemException se) {
881 if (_log.isWarnEnabled()) {
882 _log.warn(
883 "Unable to add a new resource block. Retrying");
884 }
885
886
887
888 Session session =
889 resourceBlockPersistence.getCurrentSession();
890
891 session.clear();
892
893 DB db = DBFactoryUtil.getDB();
894
895 if (!db.isSupportsQueryingAfterException()) {
896 DataSource dataSource =
897 resourceBlockPersistence.getDataSource();
898
899 Connection connection =
900 CurrentConnectionUtil.getConnection(dataSource);
901
902 try {
903 connection.rollback();
904
905 connection.setAutoCommit(false);
906 }
907 catch (SQLException sqle) {
908 throw new SystemException(sqle);
909 }
910 }
911
912 continue;
913 }
914
915 break;
916 }
917
918 Session session = resourceBlockPersistence.openSession();
919
920 try {
921 String sql = CustomSQLUtil.get(_RETAIN_RESOURCE_BLOCK);
922
923 SQLQuery sqlQuery = session.createSynchronizedSQLQuery(sql);
924
925 QueryPos qPos = QueryPos.getInstance(sqlQuery);
926
927 qPos.add(resourceBlock.getResourceBlockId());
928
929 if (sqlQuery.executeUpdate() > 0) {
930
931
932
933
934
935
936
937
938 resourceBlock.setReferenceCount(
939 resourceBlock.getReferenceCount() + 1);
940
941 break;
942 }
943 }
944 catch (ORMException orme) {
945 if (_log.isWarnEnabled()) {
946 _log.warn(
947 "Unable to increment reference count for resource " +
948 "block " + resourceBlock.getResourceBlockId() +
949 ". Retrying");
950 }
951 }
952 finally {
953
954
955
956
957
958 session.evict(resourceBlock);
959
960 resourceBlockPersistence.closeSession(session);
961 }
962 }
963
964 permissionedModel.setResourceBlockId(
965 resourceBlock.getResourceBlockId());
966
967 Callable<Void> callable = new Callable<Void>() {
968
969 @Override
970 public Void call() throws Exception {
971 permissionedModel.persist();
972
973 return null;
974 }
975
976 };
977
978 TransactionCommitCallbackUtil.registerCallback(callable);
979
980 return resourceBlock;
981 }
982
983 @Override
984 public void verifyResourceBlockId(long companyId, String name, long primKey)
985 throws PortalException {
986
987 PermissionedModel permissionedModel = getPermissionedModel(
988 name, primKey);
989
990 ResourceBlock resourceBlock =
991 resourceBlockPersistence.fetchByPrimaryKey(
992 permissionedModel.getResourceBlockId());
993
994 if (resourceBlock != null) {
995 return;
996 }
997
998 if (_log.isWarnEnabled()) {
999 _log.warn(
1000 "Resource block " + permissionedModel.getResourceBlockId() +
1001 " missing for " + name + "#" + primKey);
1002 }
1003
1004 long groupId = 0;
1005 long ownerId = 0;
1006
1007 if (permissionedModel instanceof GroupedModel) {
1008 GroupedModel groupedModel = (GroupedModel)permissionedModel;
1009
1010 groupId = groupedModel.getGroupId();
1011 ownerId = groupedModel.getUserId();
1012 }
1013 else if (permissionedModel instanceof AuditedModel) {
1014 AuditedModel auditedModel = (AuditedModel)permissionedModel;
1015
1016 ownerId = auditedModel.getUserId();
1017 }
1018
1019 resourceLocalService.addResources(
1020 companyId, groupId, ownerId, name, primKey, false, true, true);
1021 }
1022
1023 protected void checkGuestSupportedPermission(
1024 long companyId, String name, long roleId, List<String> actionIds)
1025 throws PortalException {
1026
1027 if (!isGuestRole(companyId, roleId)) {
1028 return;
1029 }
1030
1031 List<String> unsupportedActionIds =
1032 ResourceActionsUtil.getResourceGuestUnsupportedActions(name, name);
1033
1034 for (String actionId : actionIds) {
1035 if (unsupportedActionIds.contains(actionId)) {
1036 throw new PrincipalException(
1037 actionId + "is not supported by role " + roleId);
1038 }
1039 }
1040 }
1041
1042 protected boolean isGuestRole(long companyId, long roleId)
1043 throws PortalException {
1044
1045 Role guestRole = roleLocalService.getRole(
1046 companyId, RoleConstants.GUEST);
1047
1048 if (roleId == guestRole.getRoleId()) {
1049 return true;
1050 }
1051
1052 return false;
1053 }
1054
1055 protected void updatePermissions(
1056 List<ResourceBlock> resourceBlocks, long roleId, long actionIdsLong,
1057 int operator) {
1058
1059 for (ResourceBlock resourceBlock : resourceBlocks) {
1060 resourceBlockPermissionLocalService.updateResourceBlockPermission(
1061 resourceBlock.getPrimaryKey(), roleId, actionIdsLong, operator);
1062
1063 updatePermissionsHash(resourceBlock);
1064 }
1065 }
1066
1067 protected void updatePermissionsHash(ResourceBlock resourceBlock) {
1068 ResourceBlockPermissionsContainer resourceBlockPermissionsContainer =
1069 resourceBlockPermissionLocalService.
1070 getResourceBlockPermissionsContainer(resourceBlock.getPrimaryKey());
1071
1072 String permissionsHash =
1073 resourceBlockPermissionsContainer.getPermissionsHash();
1074
1075 resourceBlock.setPermissionsHash(permissionsHash);
1076
1077 updateResourceBlock(resourceBlock);
1078 }
1079
1080 private static final String _DELETE_RESOURCE_BLOCK =
1081 ResourceBlockLocalServiceImpl.class.getName() + ".deleteResourceBlock";
1082
1083 private static final String _RELEASE_RESOURCE_BLOCK =
1084 ResourceBlockLocalServiceImpl.class.getName() + ".releaseResourceBlock";
1085
1086 private static final String _RETAIN_RESOURCE_BLOCK =
1087 ResourceBlockLocalServiceImpl.class.getName() + ".retainResourceBlock";
1088
1089 private static final Log _log = LogFactoryUtil.getLog(
1090 ResourceBlockLocalServiceImpl.class);
1091
1092 }