001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.db.DB;
018 import com.liferay.portal.kernel.dao.db.DBManagerUtil;
019 import com.liferay.portal.kernel.dao.db.DBType;
020 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
021 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
022 import com.liferay.portal.kernel.dao.orm.EntityCacheUtil;
023 import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
024 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
025 import com.liferay.portal.kernel.log.Log;
026 import com.liferay.portal.kernel.log.LogFactoryUtil;
027 import com.liferay.portal.kernel.util.GetterUtil;
028 import com.liferay.portal.kernel.util.StringBundler;
029 import com.liferay.portal.kernel.util.StringPool;
030 import com.liferay.portal.kernel.util.StringUtil;
031 import com.liferay.portal.model.Group;
032 import com.liferay.portal.model.Layout;
033 import com.liferay.portal.model.LayoutConstants;
034 import com.liferay.portal.model.Organization;
035 import com.liferay.portal.model.PortletConstants;
036 import com.liferay.portal.model.ResourceConstants;
037 import com.liferay.portal.model.ResourcePermission;
038 import com.liferay.portal.model.Role;
039 import com.liferay.portal.model.RoleConstants;
040 import com.liferay.portal.model.User;
041 import com.liferay.portal.model.UserGroup;
042 import com.liferay.portal.security.permission.ActionKeys;
043 import com.liferay.portal.security.permission.PermissionCacheUtil;
044 import com.liferay.portal.security.permission.ResourceActionsUtil;
045 import com.liferay.portal.service.LayoutLocalServiceUtil;
046 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
047 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
048 import com.liferay.portal.service.RoleLocalServiceUtil;
049 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
050 import com.liferay.portal.util.PortalInstances;
051 import com.liferay.portal.util.PortalUtil;
052
053 import java.util.ArrayList;
054 import java.util.List;
055
056
062 public class VerifyPermission extends VerifyProcess {
063
064 protected void checkPermissions() throws Exception {
065 List<String> modelNames = ResourceActionsUtil.getModelNames();
066
067 for (String modelName : modelNames) {
068 List<String> actionIds =
069 ResourceActionsUtil.getModelResourceActions(modelName);
070
071 ResourceActionLocalServiceUtil.checkResourceActions(
072 modelName, actionIds, true);
073 }
074
075 List<String> portletNames = ResourceActionsUtil.getPortletNames();
076
077 for (String portletName : portletNames) {
078 List<String> actionIds =
079 ResourceActionsUtil.getPortletResourceActions(portletName);
080
081 ResourceActionLocalServiceUtil.checkResourceActions(
082 portletName, actionIds, true);
083 }
084 }
085
086 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
087 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
088
089 for (long companyId : companyIds) {
090 try {
091 deleteDefaultPrivateLayoutPermissions_6(companyId);
092 }
093 catch (Exception e) {
094 if (_log.isDebugEnabled()) {
095 _log.debug(e, e);
096 }
097 }
098 }
099 }
100
101 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
102 throws Exception {
103
104 Role role = RoleLocalServiceUtil.getRole(
105 companyId, RoleConstants.GUEST);
106
107 List<ResourcePermission> resourcePermissions =
108 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
109 role.getRoleId());
110
111 for (ResourcePermission resourcePermission : resourcePermissions) {
112 if (isPrivateLayout(
113 resourcePermission.getName(),
114 resourcePermission.getPrimKey())) {
115
116 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
117 resourcePermission.getResourcePermissionId());
118 }
119 }
120 }
121
122 @Override
123 protected void doVerify() throws Exception {
124 deleteDefaultPrivateLayoutPermissions();
125
126 checkPermissions();
127 fixOrganizationRolePermissions();
128 fixUserDefaultRolePermissions();
129 }
130
131 protected void fixOrganizationRolePermissions() throws Exception {
132 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
133 ResourcePermission.class);
134
135 dynamicQuery.add(
136 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
137
138 List<ResourcePermission> resourcePermissions =
139 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
140
141 for (ResourcePermission resourcePermission : resourcePermissions) {
142 ResourcePermission groupResourcePermission = null;
143
144 try {
145 groupResourcePermission =
146 ResourcePermissionLocalServiceUtil.getResourcePermission(
147 resourcePermission.getCompanyId(),
148 Group.class.getName(), resourcePermission.getScope(),
149 resourcePermission.getPrimKey(),
150 resourcePermission.getRoleId());
151 }
152 catch (Exception e) {
153 ResourcePermissionLocalServiceUtil.setResourcePermissions(
154 resourcePermission.getCompanyId(), Group.class.getName(),
155 resourcePermission.getScope(),
156 resourcePermission.getPrimKey(),
157 resourcePermission.getRoleId(),
158 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
159
160 groupResourcePermission =
161 ResourcePermissionLocalServiceUtil.getResourcePermission(
162 resourcePermission.getCompanyId(),
163 Group.class.getName(), resourcePermission.getScope(),
164 resourcePermission.getPrimKey(),
165 resourcePermission.getRoleId());
166 }
167
168 for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
169 if (resourcePermission.hasActionId(actionId)) {
170 resourcePermission.removeResourceAction(actionId);
171
172 groupResourcePermission.addResourceAction(actionId);
173 }
174 }
175
176 try {
177 resourcePermission.resetOriginalValues();
178
179 ResourcePermissionLocalServiceUtil.updateResourcePermission(
180 resourcePermission);
181
182 groupResourcePermission.resetOriginalValues();
183
184 ResourcePermissionLocalServiceUtil.updateResourcePermission(
185 groupResourcePermission);
186 }
187 catch (Exception e) {
188 _log.error(e, e);
189 }
190 }
191
192 PermissionCacheUtil.clearResourceCache();
193 }
194
195 protected void fixUserDefaultRolePermissions() throws Exception {
196 long userClassNameId = PortalUtil.getClassNameId(User.class);
197 long userGroupClassNameId = PortalUtil.getClassNameId(UserGroup.class);
198
199 DB db = DBManagerUtil.getDB();
200
201 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
202
203 for (long companyId : companyIds) {
204 Role powerUserRole = RoleLocalServiceUtil.getRole(
205 companyId, RoleConstants.POWER_USER);
206 Role userRole = RoleLocalServiceUtil.getRole(
207 companyId, RoleConstants.USER);
208
209 StringBundler joinSB = new StringBundler(22);
210
211 joinSB.append("ResourcePermission resourcePermission1 left outer ");
212 joinSB.append("join ResourcePermission resourcePermission2 on ");
213 joinSB.append("resourcePermission1.companyId = ");
214 joinSB.append("resourcePermission2.companyId and ");
215 joinSB.append("resourcePermission1.name = ");
216 joinSB.append("resourcePermission2.name and ");
217 joinSB.append("resourcePermission1.primKey = ");
218 joinSB.append("resourcePermission2.primKey and ");
219 joinSB.append("resourcePermission1.scope = ");
220 joinSB.append("resourcePermission2.scope and ");
221 joinSB.append("resourcePermission2.roleId = ");
222 joinSB.append(userRole.getRoleId());
223 joinSB.append(" inner join Layout on ");
224 joinSB.append("resourcePermission1.companyId = Layout.companyId ");
225 joinSB.append("and resourcePermission1.primKey like ");
226 joinSB.append("replace('[$PLID$]");
227 joinSB.append(PortletConstants.LAYOUT_SEPARATOR);
228 joinSB.append("%', '[$PLID$]', cast_text(Layout.plid)) inner ");
229 joinSB.append("join Group_ on Layout.groupId = ");
230 joinSB.append("Group_.groupId and Layout.type_ = '");
231 joinSB.append(LayoutConstants.TYPE_PORTLET);
232 joinSB.append(StringPool.APOSTROPHE);
233
234 StringBundler whereSB = new StringBundler(12);
235
236 whereSB.append("where resourcePermission1.scope = ");
237 whereSB.append(ResourceConstants.SCOPE_INDIVIDUAL);
238 whereSB.append(" and resourcePermission1.primKey like '%");
239 whereSB.append(PortletConstants.LAYOUT_SEPARATOR);
240 whereSB.append("%' and resourcePermission1.roleId = ");
241 whereSB.append(powerUserRole.getRoleId());
242 whereSB.append(" and resourcePermission2.roleId is null and ");
243 whereSB.append("(Group_.classNameId = ");
244 whereSB.append(userClassNameId);
245 whereSB.append(" or Group_.classNameId = ");
246 whereSB.append(userGroupClassNameId);
247 whereSB.append(StringPool.CLOSE_PARENTHESIS);
248
249 StringBundler sb = new StringBundler(8);
250
251 if (db.getDBType() == DBType.MYSQL) {
252 sb.append("update ");
253 sb.append(joinSB.toString());
254 sb.append(" set resourcePermission1.roleId = ");
255 sb.append(userRole.getRoleId());
256 sb.append(StringPool.SPACE);
257 sb.append(whereSB.toString());
258 }
259 else {
260 sb.append("update ResourcePermission set roleId = ");
261 sb.append(userRole.getRoleId());
262 sb.append(" where resourcePermissionId in (select ");
263 sb.append("resourcePermission1.resourcePermissionId from ");
264 sb.append(joinSB.toString());
265 sb.append(StringPool.SPACE);
266 sb.append(whereSB.toString());
267 sb.append(StringPool.CLOSE_PARENTHESIS);
268 }
269
270 runSQL(sb.toString());
271 }
272
273 EntityCacheUtil.clearCache();
274 FinderCacheUtil.clearCache();
275 }
276
277 protected boolean isPrivateLayout(String name, String primKey)
278 throws Exception {
279
280 if (!name.equals(Layout.class.getName()) &&
281 !primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
282
283 return false;
284 }
285
286 if (primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
287 primKey = StringUtil.extractFirst(
288 primKey, PortletConstants.LAYOUT_SEPARATOR);
289 }
290
291 long plid = GetterUtil.getLong(primKey);
292
293 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
294
295 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
296 return false;
297 }
298
299 return true;
300 }
301
302 private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
303 new ArrayList<>();
304
305 private static final Log _log = LogFactoryUtil.getLog(
306 VerifyPermission.class);
307
308 static {
309 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
310 ActionKeys.MANAGE_ARCHIVED_SETUPS);
311 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
312 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
313 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
314 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
315 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
316 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
317 }
318
319 }