001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.util.OrderByComparator;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Role;
021    import com.liferay.portal.model.RoleConstants;
022    import com.liferay.portal.model.User;
023    import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil;
024    import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil;
025    import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil;
026    import com.liferay.portal.security.permission.ActionKeys;
027    import com.liferay.portal.service.ServiceContext;
028    import com.liferay.portal.service.base.RoleServiceBaseImpl;
029    import com.liferay.portal.service.permission.PortalPermissionUtil;
030    import com.liferay.portal.service.permission.RolePermissionUtil;
031    import com.liferay.portal.service.permission.UserPermissionUtil;
032    import com.liferay.portlet.expando.model.ExpandoBridge;
033    
034    import java.io.Serializable;
035    
036    import java.util.ArrayList;
037    import java.util.LinkedHashMap;
038    import java.util.List;
039    import java.util.Locale;
040    import java.util.Map;
041    
042    /**
043     * Provides the remote service for accessing, adding, unassigning, checking,
044     * deleting, and updating roles. Its methods include permission checks.
045     *
046     * @author Brian Wing Shun Chan
047     */
048    public class RoleServiceImpl extends RoleServiceBaseImpl {
049    
050            /**
051             * Adds a role. The user is reindexed after role is added.
052             *
053             * @param  className the name of the class for which the role is created
054             * @param  classPK the primary key of the class for which the role is
055             *         created (optionally <code>0</code>)
056             * @param  name the role's name
057             * @param  titleMap the role's localized titles (optionally
058             *         <code>null</code>)
059             * @param  descriptionMap the role's localized descriptions (optionally
060             *         <code>null</code>)
061             * @param  type the role's type (optionally <code>0</code>)
062             * @param  subtype the role's subtype (optionally <code>null</code>)
063             * @param  serviceContext the service context to be applied (optionally
064             *         <code>null</code>). Can set the expando bridge attributes for the
065             *         role.
066             * @return the role
067             */
068            @Override
069            public Role addRole(
070                            String className, long classPK, String name,
071                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
072                            int type, String subtype, ServiceContext serviceContext)
073                    throws PortalException {
074    
075                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
076    
077                    User user = getUser();
078    
079                    Role role = roleLocalService.addRole(
080                            user.getUserId(), className, classPK, name, titleMap,
081                            descriptionMap, type, subtype, serviceContext);
082    
083                    if (type == RoleConstants.TYPE_ORGANIZATION) {
084                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
085                    }
086                    else if (type == RoleConstants.TYPE_SITE) {
087                            SiteMembershipPolicyUtil.verifyPolicy(role);
088                    }
089                    else {
090                            RoleMembershipPolicyUtil.verifyPolicy(role);
091                    }
092    
093                    return role;
094            }
095    
096            /**
097             * Adds a role. The user is reindexed after role is added.
098             *
099             * @param      name the role's name
100             * @param      titleMap the role's localized titles (optionally
101             *             <code>null</code>)
102             * @param      descriptionMap the role's localized descriptions (optionally
103             *             <code>null</code>)
104             * @param      type the role's type (optionally <code>0</code>)
105             * @return     the role
106             * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long,
107             *             String, Map, Map, int, String, ServiceContext)}
108             */
109            @Deprecated
110            @Override
111            public Role addRole(
112                            String name, Map<Locale, String> titleMap,
113                            Map<Locale, String> descriptionMap, int type)
114                    throws PortalException {
115    
116                    return addRole(
117                            null, 0, name, titleMap, descriptionMap, type, null, null);
118            }
119    
120            /**
121             * Adds the roles to the user. The user is reindexed after the roles are
122             * added.
123             *
124             * @param userId the primary key of the user
125             * @param roleIds the primary keys of the roles
126             */
127            @Override
128            public void addUserRoles(long userId, long[] roleIds)
129                    throws PortalException {
130    
131                    if (roleIds.length == 0) {
132                            return;
133                    }
134    
135                    checkUserRolesPermission(userId, roleIds);
136    
137                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
138    
139                    roleLocalService.addUserRoles(userId, roleIds);
140    
141                    RoleMembershipPolicyUtil.propagateRoles(
142                            new long[] {userId}, roleIds, null);
143            }
144    
145            /**
146             * Deletes the role with the primary key and its associated permissions.
147             *
148             * @param roleId the primary key of the role
149             */
150            @Override
151            public void deleteRole(long roleId) throws PortalException {
152                    RolePermissionUtil.check(
153                            getPermissionChecker(), roleId, ActionKeys.DELETE);
154    
155                    roleLocalService.deleteRole(roleId);
156            }
157    
158            @Override
159            public Role fetchRole(long roleId) throws PortalException {
160                    Role role = roleLocalService.fetchRole(roleId);
161    
162                    if (role != null) {
163                            RolePermissionUtil.check(
164                                    getPermissionChecker(), roleId, ActionKeys.VIEW);
165                    }
166    
167                    return role;
168            }
169    
170            /**
171             * Returns all the roles associated with the group.
172             *
173             * @param  groupId the primary key of the group
174             * @return the roles associated with the group
175             */
176            @Override
177            public List<Role> getGroupRoles(long groupId) throws PortalException {
178                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
179    
180                    return filterRoles(roles);
181            }
182    
183            /**
184             * Returns the role with the primary key.
185             *
186             * @param  roleId the primary key of the role
187             * @return the role with the primary key
188             */
189            @Override
190            public Role getRole(long roleId) throws PortalException {
191                    RolePermissionUtil.check(
192                            getPermissionChecker(), roleId, ActionKeys.VIEW);
193    
194                    return roleLocalService.getRole(roleId);
195            }
196    
197            /**
198             * Returns the role with the name in the company.
199             *
200             * <p>
201             * The method searches the system roles map first for default roles. If a
202             * role with the name is not found, then the method will query the database.
203             * </p>
204             *
205             * @param  companyId the primary key of the company
206             * @param  name the role's name
207             * @return the role with the name
208             */
209            @Override
210            public Role getRole(long companyId, String name) throws PortalException {
211                    Role role = roleLocalService.getRole(companyId, name);
212    
213                    RolePermissionUtil.check(
214                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
215    
216                    return role;
217            }
218    
219            @Override
220            public List<Role> getRoles(int type, String subtype)
221                    throws PortalException {
222    
223                    return filterRoles(roleLocalService.getRoles(type, subtype));
224            }
225    
226            @Override
227            public List<Role> getRoles(long companyId, int[] types)
228                    throws PortalException {
229    
230                    return filterRoles(roleLocalService.getRoles(companyId, types));
231            }
232    
233            /**
234             * Returns all the user's roles within the user group.
235             *
236             * @param  userId the primary key of the user
237             * @param  groupId the primary key of the group
238             * @return the user's roles within the user group
239             */
240            @Override
241            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
242                    throws PortalException {
243    
244                    UserPermissionUtil.check(
245                            getPermissionChecker(), userId, ActionKeys.VIEW);
246    
247                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
248                            userId, groupId);
249    
250                    return filterRoles(roles);
251            }
252    
253            /**
254             * Returns all the user's roles within the user group.
255             *
256             * @param  userId the primary key of the user
257             * @param  groupId the primary key of the group
258             * @return the user's roles within the user group
259             */
260            @Override
261            public List<Role> getUserGroupRoles(long userId, long groupId)
262                    throws PortalException {
263    
264                    UserPermissionUtil.check(
265                            getPermissionChecker(), userId, ActionKeys.VIEW);
266    
267                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
268    
269                    return filterRoles(roles);
270            }
271    
272            /**
273             * Returns the union of all the user's roles within the groups.
274             *
275             * @param  userId the primary key of the user
276             * @param  groups the groups (optionally <code>null</code>)
277             * @return the union of all the user's roles within the groups
278             */
279            @Override
280            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
281                    throws PortalException {
282    
283                    UserPermissionUtil.check(
284                            getPermissionChecker(), userId, ActionKeys.VIEW);
285    
286                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
287    
288                    return filterRoles(roles);
289            }
290    
291            /**
292             * Returns all the roles associated with the user.
293             *
294             * @param  userId the primary key of the user
295             * @return the roles associated with the user
296             */
297            @Override
298            public List<Role> getUserRoles(long userId) throws PortalException {
299                    UserPermissionUtil.check(
300                            getPermissionChecker(), userId, ActionKeys.VIEW);
301    
302                    List<Role> roles = roleLocalService.getUserRoles(userId);
303    
304                    return filterRoles(roles);
305            }
306    
307            /**
308             * Returns <code>true</code> if the user is associated with the named
309             * regular role.
310             *
311             * @param  userId the primary key of the user
312             * @param  companyId the primary key of the company
313             * @param  name the name of the role
314             * @param  inherited whether to include the user's inherited roles in the
315             *         search
316             * @return <code>true</code> if the user is associated with the regular
317             *         role; <code>false</code> otherwise
318             */
319            @Override
320            public boolean hasUserRole(
321                            long userId, long companyId, String name, boolean inherited)
322                    throws PortalException {
323    
324                    UserPermissionUtil.check(
325                            getPermissionChecker(), userId, ActionKeys.VIEW);
326    
327                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
328            }
329    
330            /**
331             * Returns <code>true</code> if the user has any one of the named regular
332             * roles.
333             *
334             * @param  userId the primary key of the user
335             * @param  companyId the primary key of the company
336             * @param  names the names of the roles
337             * @param  inherited whether to include the user's inherited roles in the
338             *         search
339             * @return <code>true</code> if the user has any one of the regular roles;
340             *         <code>false</code> otherwise
341             */
342            @Override
343            public boolean hasUserRoles(
344                            long userId, long companyId, String[] names, boolean inherited)
345                    throws PortalException {
346    
347                    UserPermissionUtil.check(
348                            getPermissionChecker(), userId, ActionKeys.VIEW);
349    
350                    return roleLocalService.hasUserRoles(
351                            userId, companyId, names, inherited);
352            }
353    
354            @Override
355            public List<Role> search(
356                    long companyId, String keywords, Integer[] types,
357                    LinkedHashMap<String, Object> params, int start, int end,
358                    OrderByComparator<Role> obc) {
359    
360                    return roleFinder.filterFindByKeywords(
361                            companyId, keywords, types, params, start, end, obc);
362            }
363    
364            @Override
365            public int searchCount(
366                    long companyId, String keywords, Integer[] types,
367                    LinkedHashMap<String, Object> params) {
368    
369                    return roleFinder.filterCountByKeywords(
370                            companyId, keywords, types, params);
371            }
372    
373            /**
374             * Removes the matching roles associated with the user. The user is
375             * reindexed after the roles are removed.
376             *
377             * @param userId the primary key of the user
378             * @param roleIds the primary keys of the roles
379             */
380            @Override
381            public void unsetUserRoles(long userId, long[] roleIds)
382                    throws PortalException {
383    
384                    if (roleIds.length == 0) {
385                            return;
386                    }
387    
388                    checkUserRolesPermission(userId, roleIds);
389    
390                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
391    
392                    roleLocalService.unsetUserRoles(userId, roleIds);
393    
394                    RoleMembershipPolicyUtil.propagateRoles(
395                            new long[] {userId}, null, roleIds);
396            }
397    
398            /**
399             * Updates the role with the primary key.
400             *
401             * @param  roleId the primary key of the role
402             * @param  name the role's new name
403             * @param  titleMap the new localized titles (optionally <code>null</code>)
404             *         to replace those existing for the role
405             * @param  descriptionMap the new localized descriptions (optionally
406             *         <code>null</code>) to replace those existing for the role
407             * @param  subtype the role's new subtype (optionally <code>null</code>)
408             * @param  serviceContext the service context to be applied (optionally
409             *         <code>null</code>). Can set the expando bridge attributes for the
410             *         role.
411             * @return the role with the primary key
412             */
413            @Override
414            public Role updateRole(
415                            long roleId, String name, Map<Locale, String> titleMap,
416                            Map<Locale, String> descriptionMap, String subtype,
417                            ServiceContext serviceContext)
418                    throws PortalException {
419    
420                    RolePermissionUtil.check(
421                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
422    
423                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
424    
425                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
426    
427                    Map<String, Serializable> oldExpandoAttributes =
428                            oldExpandoBridge.getAttributes();
429    
430                    Role role = roleLocalService.updateRole(
431                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
432    
433                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
434                            OrganizationMembershipPolicyUtil.verifyPolicy(
435                                    role, oldRole, oldExpandoAttributes);
436                    }
437                    else if (role.getType() == RoleConstants.TYPE_SITE) {
438                            SiteMembershipPolicyUtil.verifyPolicy(
439                                    role, oldRole, oldExpandoAttributes);
440                    }
441                    else {
442                            RoleMembershipPolicyUtil.verifyPolicy(
443                                    role, oldRole, oldExpandoAttributes);
444                    }
445    
446                    return role;
447            }
448    
449            protected void checkUserRolesPermission(long userId, long[] roleIds)
450                    throws PortalException {
451    
452                    for (int i = 0; i < roleIds.length; i++) {
453                            RolePermissionUtil.check(
454                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
455                    }
456            }
457    
458            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
459                    List<Role> filteredRoles = new ArrayList<>();
460    
461                    for (Role role : roles) {
462                            if (RolePermissionUtil.contains(
463                                            getPermissionChecker(), role.getRoleId(),
464                                            ActionKeys.VIEW)) {
465    
466                                    filteredRoles.add(role);
467                            }
468                    }
469    
470                    return filteredRoles;
471            }
472    
473    }