001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.dao.orm.QueryUtil;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.ArrayUtil;
022    import com.liferay.portal.kernel.util.CharPool;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.SetUtil;
026    import com.liferay.portal.kernel.util.Validator;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.GroupConstants;
029    import com.liferay.portal.model.GroupedModel;
030    import com.liferay.portal.model.Layout;
031    import com.liferay.portal.model.Organization;
032    import com.liferay.portal.model.OrganizationConstants;
033    import com.liferay.portal.model.PermissionedModel;
034    import com.liferay.portal.model.PortletConstants;
035    import com.liferay.portal.model.Resource;
036    import com.liferay.portal.model.ResourceBlockConstants;
037    import com.liferay.portal.model.ResourceConstants;
038    import com.liferay.portal.model.Role;
039    import com.liferay.portal.model.RoleConstants;
040    import com.liferay.portal.model.Team;
041    import com.liferay.portal.model.User;
042    import com.liferay.portal.service.GroupLocalServiceUtil;
043    import com.liferay.portal.service.LayoutLocalServiceUtil;
044    import com.liferay.portal.service.OrganizationLocalServiceUtil;
045    import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
046    import com.liferay.portal.service.ResourceLocalServiceUtil;
047    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
048    import com.liferay.portal.service.RoleLocalServiceUtil;
049    import com.liferay.portal.service.TeamLocalServiceUtil;
050    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
051    import com.liferay.portal.service.UserLocalServiceUtil;
052    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
053    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
054    import com.liferay.portal.service.permission.PortletPermissionUtil;
055    
056    import java.util.ArrayList;
057    import java.util.Arrays;
058    import java.util.Collections;
059    import java.util.LinkedHashMap;
060    import java.util.List;
061    import java.util.Set;
062    
063    import org.apache.commons.lang.time.StopWatch;
064    
065    /**
066     * @author Charles May
067     * @author Brian Wing Shun Chan
068     * @author Raymond Aug??
069     * @author Wesley Gong
070     * @author Connor McKay
071     */
072    public class AdvancedPermissionChecker extends BasePermissionChecker {
073    
074            @Override
075            public AdvancedPermissionChecker clone() {
076                    return new AdvancedPermissionChecker();
077            }
078    
079            public ResourceBlockIdsBag getGuestResourceBlockIdsBag(
080                            long companyId, long groupId, String name)
081                    throws Exception {
082    
083                    ResourceBlockIdsBag resourceBlockIdsBag =
084                            PermissionCacheUtil.getResourceBlockIdsBag(
085                                    companyId, groupId, defaultUserId, name);
086    
087                    if (resourceBlockIdsBag != null) {
088                            return resourceBlockIdsBag;
089                    }
090    
091                    try {
092                            resourceBlockIdsBag =
093                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
094                                            getCompanyId(), groupId, name, getGuestUserRoleIds());
095    
096                            PermissionCacheUtil.putResourceBlockIdsBag(
097                                    companyId, groupId, defaultUserId, name, resourceBlockIdsBag);
098    
099                            return resourceBlockIdsBag;
100                    }
101                    catch (Exception e) {
102                            PermissionCacheUtil.removeResourceBlockIdsBag(
103                                    getCompanyId(), groupId, defaultUserId, name);
104    
105                            throw e;
106                    }
107            }
108    
109            /**
110             * Returns the permission checker bag for the guest user.
111             *
112             * @return the permission checker bag for the guest user
113             * @throws Exception if an exception occurred
114             */
115            public long[] getGuestUserRoleIds() throws Exception {
116                    Group guestGroup = GroupLocalServiceUtil.getGroup(
117                            getCompanyId(), GroupConstants.GUEST);
118    
119                    long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
120                            defaultUserId, guestGroup.getGroupId());
121    
122                    if (roleIds != null) {
123                            return roleIds;
124                    }
125    
126                    try {
127                            List<Role> roles = RoleLocalServiceUtil.getUserRelatedRoles(
128                                    defaultUserId, Collections.singletonList(guestGroup));
129    
130                            // Only use the guest group for deriving the roles for
131                            // unauthenticated users. Do not add the group to the permission bag
132                            // as this implies group membership which is incorrect in the case
133                            // of unauthenticated users.
134    
135                            roleIds = ListUtil.toLongArray(roles, Role.ROLE_ID_ACCESSOR);
136    
137                            Arrays.sort(roleIds);
138    
139                            PermissionCacheUtil.putUserGroupRoleIds(
140                                    defaultUserId, guestGroup.getGroupId(), roleIds);
141                    }
142                    catch (Exception e) {
143                            PermissionCacheUtil.removeUserGroupRoleIds(
144                                    defaultUserId, guestGroup.getGroupId());
145    
146                            throw e;
147                    }
148    
149                    return roleIds;
150            }
151    
152            @Override
153            public List<Long> getOwnerResourceBlockIds(
154                    long companyId, long groupId, String name, String actionId) {
155    
156                    try {
157                            ResourceBlockIdsBag resourceBlockIdsBag =
158                                    getOwnerResourceBlockIdsBag(companyId, groupId, name);
159    
160                            return ResourceBlockLocalServiceUtil.getResourceBlockIds(
161                                    resourceBlockIdsBag, name, actionId);
162                    }
163                    catch (Exception e) {
164                            if (_log.isDebugEnabled()) {
165                                    _log.debug(e, e);
166                            }
167                    }
168    
169                    return Collections.emptyList();
170            }
171    
172            public ResourceBlockIdsBag getOwnerResourceBlockIdsBag(
173                    long companyId, long groupId, String name) {
174    
175                    ResourceBlockIdsBag resourceBlockIdsBag =
176                            PermissionCacheUtil.getResourceBlockIdsBag(
177                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
178    
179                    if (resourceBlockIdsBag != null) {
180                            return resourceBlockIdsBag;
181                    }
182    
183                    try {
184                            long[] roleIds = {getOwnerRoleId()};
185    
186                            resourceBlockIdsBag =
187                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
188                                            getCompanyId(), groupId, name, roleIds);
189    
190                            PermissionCacheUtil.putResourceBlockIdsBag(
191                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
192                                    resourceBlockIdsBag);
193    
194                            return resourceBlockIdsBag;
195                    }
196                    catch (Exception e) {
197                            PermissionCacheUtil.removeResourceBlockIdsBag(
198                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
199    
200                            throw e;
201                    }
202            }
203    
204            @Override
205            public List<Long> getResourceBlockIds(
206                    long companyId, long groupId, long userId, String name,
207                    String actionId) {
208    
209                    try {
210                            ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
211                                    companyId, groupId, userId, name);
212    
213                            return ResourceBlockLocalServiceUtil.getResourceBlockIds(
214                                    resourceBlockIdsBag, name, actionId);
215                    }
216                    catch (Exception e) {
217                            if (_log.isDebugEnabled()) {
218                                    _log.debug(e, e);
219                            }
220                    }
221    
222                    return Collections.emptyList();
223            }
224    
225            public ResourceBlockIdsBag getResourceBlockIdsBag(
226                            long companyId, long groupId, long userId, String name)
227                    throws Exception {
228    
229                    ResourceBlockIdsBag resourceBlockIdsBag =
230                            PermissionCacheUtil.getResourceBlockIdsBag(
231                                    companyId, groupId, userId, name);
232    
233                    if (resourceBlockIdsBag != null) {
234                            return resourceBlockIdsBag;
235                    }
236    
237                    try {
238                            long[] roleIds = getRoleIds(userId, groupId);
239    
240                            resourceBlockIdsBag =
241                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
242                                            getCompanyId(), groupId, name, roleIds);
243    
244                            PermissionCacheUtil.putResourceBlockIdsBag(
245                                    companyId, groupId, userId, name, resourceBlockIdsBag);
246    
247                            return resourceBlockIdsBag;
248                    }
249                    catch (Exception e) {
250                            PermissionCacheUtil.removeResourceBlockIdsBag(
251                                    companyId, groupId, userId, name);
252    
253                            throw e;
254                    }
255            }
256    
257            @Override
258            public long[] getRoleIds(long userId, long groupId) {
259                    long[] roleIds = null;
260    
261                    try {
262                            roleIds = doGetRoleIds(userId, groupId);
263                    }
264                    catch (Exception e) {
265                            if (_log.isDebugEnabled()) {
266                                    _log.debug(e, e);
267                            }
268    
269                            return PermissionChecker.DEFAULT_ROLE_IDS;
270                    }
271    
272                    if (!checkGuest) {
273                            return roleIds;
274                    }
275    
276                    Set<Long> roleIdsSet = SetUtil.fromArray(roleIds);
277    
278                    try {
279                            for (long roleId : getGuestUserRoleIds()) {
280                                    roleIdsSet.add(roleId);
281                            }
282                    }
283                    catch (Exception e) {
284                            if (_log.isDebugEnabled()) {
285                                    _log.debug(e, e);
286                            }
287                    }
288    
289                    return ArrayUtil.toArray(
290                            roleIdsSet.toArray(new Long[roleIdsSet.size()]));
291            }
292    
293            @Override
294            public UserBag getUserBag() throws PortalException {
295                    return UserBagFactoryUtil.create(getUserId());
296            }
297    
298            @Override
299            public boolean hasOwnerPermission(
300                    long companyId, String name, String primKey, long ownerId,
301                    String actionId) {
302    
303                    if (ownerId != getUserId()) {
304                            return false;
305                    }
306    
307                    if (ownerId == defaultUserId) {
308                            if (actionId.equals(ActionKeys.VIEW)) {
309                                    return true;
310                            }
311                            else {
312                                    return false;
313                            }
314                    }
315    
316                    try {
317                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
318                                    PermissionedModel permissionedModel =
319                                            ResourceBlockLocalServiceUtil.getPermissionedModel(
320                                                    name, GetterUtil.getLong(primKey));
321    
322                                    long groupId = 0;
323    
324                                    if (permissionedModel instanceof GroupedModel) {
325                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
326    
327                                            groupId = groupedModel.getGroupId();
328                                    }
329    
330                                    ResourceBlockIdsBag resourceBlockIdsBag =
331                                            getOwnerResourceBlockIdsBag(companyId, groupId, name);
332    
333                                    return ResourceBlockLocalServiceUtil.hasPermission(
334                                            name, permissionedModel, actionId, resourceBlockIdsBag);
335                            }
336    
337                            return ResourcePermissionLocalServiceUtil.hasResourcePermission(
338                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
339                                    getOwnerRoleId(), actionId);
340                    }
341                    catch (Exception e) {
342                            if (_log.isDebugEnabled()) {
343                                    _log.debug(e, e);
344                            }
345                    }
346    
347                    return false;
348            }
349    
350            @Override
351            public boolean hasPermission(
352                    long groupId, String name, String primKey, String actionId) {
353    
354                    StopWatch stopWatch = new StopWatch();
355    
356                    stopWatch.start();
357    
358                    Group group = null;
359    
360                    try {
361                            if (groupId > 0) {
362                                    group = GroupLocalServiceUtil.getGroup(groupId);
363    
364                                    // If the group is a scope group for a layout, check the
365                                    // original group.
366    
367                                    if (group.isLayout() &&
368                                            !ResourceBlockLocalServiceUtil.isSupported(name)) {
369    
370                                            Layout layout = LayoutLocalServiceUtil.getLayout(
371                                                    group.getClassPK());
372    
373                                            groupId = layout.getGroupId();
374    
375                                            group = GroupLocalServiceUtil.getGroup(groupId);
376                                    }
377    
378                                    // If the group is a personal site, check the "User Personal
379                                    // Site" group.
380    
381                                    if (group.isUser() && (group.getClassPK() == getUserId())) {
382                                            group = GroupLocalServiceUtil.getGroup(
383                                                    getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
384    
385                                            groupId = group.getGroupId();
386                                    }
387                            }
388                    }
389                    catch (Exception e) {
390                            _log.error(e, e);
391                    }
392    
393                    Boolean value = PermissionCacheUtil.getPermission(
394                            user.getUserId(), signedIn, groupId, name, primKey, actionId);
395    
396                    if (value != null) {
397                            return value;
398                    }
399    
400                    try {
401                            value = hasPermissionImpl(groupId, name, primKey, actionId);
402    
403                            if (_log.isDebugEnabled()) {
404                                    _log.debug(
405                                            "Checking permission for " + groupId + " " + name +
406                                                    " " + primKey + " " + actionId + " takes " +
407                                                            stopWatch.getTime() + " ms");
408                            }
409    
410                            PermissionCacheUtil.putPermission(
411                                    user.getUserId(), signedIn, groupId, name, primKey, actionId,
412                                    value);
413                    }
414                    catch (Exception e) {
415                            PermissionCacheUtil.removePermission(
416                                    user.getUserId(), signedIn, groupId, name, primKey, actionId);
417    
418                            throw e;
419                    }
420    
421                    return value;
422            }
423    
424            @Override
425            public boolean hasUserPermission(
426                    long groupId, String name, String primKey, String actionId,
427                    boolean checkAdmin) {
428    
429                    try {
430                            return hasUserPermissionImpl(
431                                    groupId, name, primKey, actionId, checkAdmin);
432                    }
433                    catch (Exception e) {
434                            _log.error(e, e);
435    
436                            return false;
437                    }
438            }
439    
440            @Override
441            public boolean isCompanyAdmin() {
442                    try {
443                            return isCompanyAdminImpl(user.getCompanyId());
444                    }
445                    catch (Exception e) {
446                            _log.error(e, e);
447    
448                            return false;
449                    }
450            }
451    
452            @Override
453            public boolean isCompanyAdmin(long companyId) {
454                    try {
455                            return isCompanyAdminImpl(companyId);
456                    }
457                    catch (Exception e) {
458                            _log.error(e, e);
459    
460                            return false;
461                    }
462            }
463    
464            @Override
465            public boolean isContentReviewer(long companyId, long groupId) {
466                    try {
467                            return isContentReviewerImpl(companyId, groupId);
468                    }
469                    catch (Exception e) {
470                            _log.error(e, e);
471                    }
472    
473                    return false;
474            }
475    
476            @Override
477            public boolean isGroupAdmin(long groupId) {
478                    try {
479                            return isGroupAdminImpl(groupId);
480                    }
481                    catch (Exception e) {
482                            _log.error(e, e);
483    
484                            return false;
485                    }
486            }
487    
488            @Override
489            public boolean isGroupMember(long groupId) {
490                    try {
491                            return isGroupMemberImpl(groupId);
492                    }
493                    catch (Exception e) {
494                            _log.error(e, e);
495    
496                            return false;
497                    }
498            }
499    
500            @Override
501            public boolean isGroupOwner(long groupId) {
502                    try {
503                            return isGroupOwnerImpl(groupId);
504                    }
505                    catch (Exception e) {
506                            _log.error(e, e);
507    
508                            return false;
509                    }
510            }
511    
512            @Override
513            public boolean isOrganizationAdmin(long organizationId) {
514                    try {
515                            return isOrganizationAdminImpl(organizationId);
516                    }
517                    catch (Exception e) {
518                            _log.error(e, e);
519    
520                            return false;
521                    }
522            }
523    
524            @Override
525            public boolean isOrganizationOwner(long organizationId) {
526                    try {
527                            return isOrganizationOwnerImpl(organizationId);
528                    }
529                    catch (Exception e) {
530                            _log.error(e, e);
531    
532                            return false;
533                    }
534            }
535    
536            protected void addTeamRoles(long userId, Group group, Set<Long> roleIds)
537                    throws Exception {
538    
539                    List<Team> userTeams = TeamLocalServiceUtil.getUserTeams(
540                            userId, group.getGroupId());
541    
542                    for (Team team : userTeams) {
543                            Role role = RoleLocalServiceUtil.getTeamRole(
544                                    team.getCompanyId(), team.getTeamId());
545    
546                            roleIds.add(role.getRoleId());
547                    }
548    
549                    LinkedHashMap<String, Object> teamParams = new LinkedHashMap<>();
550    
551                    teamParams.put("usersUserGroups", userId);
552    
553                    List<Team> userGroupTeams = TeamLocalServiceUtil.search(
554                            group.getGroupId(), null, null, teamParams, QueryUtil.ALL_POS,
555                            QueryUtil.ALL_POS, null);
556    
557                    for (Team team : userGroupTeams) {
558                            Role role = RoleLocalServiceUtil.getTeamRole(
559                                    team.getCompanyId(), team.getTeamId());
560    
561                            roleIds.add(role.getRoleId());
562                    }
563            }
564    
565            protected boolean doCheckPermission(
566                            long companyId, long groupId, String name, String primKey,
567                            String actionId, StopWatch stopWatch)
568                    throws Exception {
569    
570                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 1);
571    
572                    if (ResourceBlockLocalServiceUtil.isSupported(name)) {
573                            ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
574                                    companyId, groupId, getUserId(), name);
575    
576                            boolean value = ResourceBlockLocalServiceUtil.hasPermission(
577                                    name, GetterUtil.getLong(primKey), actionId,
578                                    resourceBlockIdsBag);
579    
580                            logHasUserPermission(
581                                    groupId, name, primKey, actionId, stopWatch, 2);
582    
583                            return value;
584                    }
585    
586                    List<Resource> resources = getResources(
587                            companyId, groupId, name, primKey, actionId);
588    
589                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 3);
590    
591                    // Check if user has access to perform the action on the given resource
592                    // scopes. The resources are scoped to check first for an individual
593                    // class, then for the group that the class may belong to, and then for
594                    // the company that the class belongs to.
595    
596                    boolean value = ResourceLocalServiceUtil.hasUserPermissions(
597                            user.getUserId(), groupId, resources, actionId,
598                            doGetRoleIds(user.getUserId(), groupId));
599    
600                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 4);
601    
602                    return value;
603            }
604    
605            protected long[] doGetRoleIds(long userId, long groupId) throws Exception {
606                    long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
607                            userId, groupId);
608    
609                    if (roleIds != null) {
610                            return roleIds;
611                    }
612    
613                    try {
614                            Group group = null;
615    
616                            long parentGroupId = 0;
617    
618                            if (groupId > 0) {
619                                    group = GroupLocalServiceUtil.getGroup(groupId);
620    
621                                    if (group.isLayout()) {
622                                            parentGroupId = group.getParentGroupId();
623    
624                                            if (parentGroupId > 0) {
625                                                    group = GroupLocalServiceUtil.getGroup(parentGroupId);
626                                            }
627                                    }
628                            }
629    
630                            UserBag userBag = getUserBag();
631    
632                            Set<Long> roleIdsSet = SetUtil.fromArray(userBag.getRoleIds());
633    
634                            List<Role> userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
635                                    userId, groupId);
636    
637                            for (Role userGroupRole : userGroupRoles) {
638                                    roleIdsSet.add(userGroupRole.getRoleId());
639                            }
640    
641                            if (parentGroupId > 0) {
642                                    userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
643                                            userId, parentGroupId);
644    
645                                    for (Role userGroupRole : userGroupRoles) {
646                                            roleIdsSet.add(userGroupRole.getRoleId());
647                                    }
648                            }
649    
650                            List<Role> userGroupGroupRoles =
651                                    RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId);
652    
653                            for (Role userGroupGroupRole : userGroupGroupRoles) {
654                                    roleIdsSet.add(userGroupGroupRole.getRoleId());
655                            }
656    
657                            if (parentGroupId > 0) {
658                                    userGroupGroupRoles =
659                                            RoleLocalServiceUtil.getUserGroupGroupRoles(
660                                                    userId, parentGroupId);
661    
662                                    for (Role userGroupGroupRole : userGroupGroupRoles) {
663                                            roleIdsSet.add(userGroupGroupRole.getRoleId());
664                                    }
665                            }
666    
667                            if (group != null) {
668                                    if (group.isOrganization() && userBag.hasUserOrgGroup(group)) {
669                                            Role organizationUserRole = RoleLocalServiceUtil.getRole(
670                                                    group.getCompanyId(), RoleConstants.ORGANIZATION_USER);
671    
672                                            roleIdsSet.add(organizationUserRole.getRoleId());
673                                    }
674    
675                                    if ((group.isSite() &&
676                                             (userBag.hasUserGroup(group) ||
677                                              userBag.hasUserOrgGroup(group))) ||
678                                            group.isUserPersonalSite()) {
679    
680                                            Role siteMemberRole = RoleLocalServiceUtil.getRole(
681                                                    group.getCompanyId(), RoleConstants.SITE_MEMBER);
682    
683                                            roleIdsSet.add(siteMemberRole.getRoleId());
684                                    }
685    
686                                    if ((group.isOrganization() &&
687                                             userBag.hasUserOrgGroup(group)) ||
688                                            (group.isSite() && userBag.hasUserGroup(group))) {
689    
690                                            addTeamRoles(userId, group, roleIdsSet);
691                                    }
692                            }
693    
694                            roleIds = ArrayUtil.toLongArray(roleIdsSet);
695    
696                            Arrays.sort(roleIds);
697    
698                            PermissionCacheUtil.putUserGroupRoleIds(userId, groupId, roleIds);
699    
700                            return roleIds;
701                    }
702                    catch (Exception e) {
703                            PermissionCacheUtil.removeUserGroupRoleIds(userId, groupId);
704    
705                            throw e;
706                    }
707            }
708    
709            /**
710             * Returns representations of the resource at each scope level.
711             *
712             * <p>
713             * For example, if the class name and primary key of a blog entry were
714             * passed to this method, it would return a resource for the blog entry
715             * itself (individual scope), a resource representing all blog entries
716             * within its group (group scope), a resource standing for all blog entries
717             * within a group the user has a suitable role in (group-template scope),
718             * and a resource signifying all blog entries within the company (company
719             * scope).
720             * </p>
721             *
722             * @param  companyId the primary key of the company
723             * @param  groupId the primary key of the group containing the resource
724             * @param  name the resource's name, which can be either a class name or a
725             *         portlet ID
726             * @param  primKey the primary key of the resource
727             * @param  actionId unused
728             * @return representations of the resource at each scope level
729             * @throws Exception if an exception occurred
730             */
731            protected List<Resource> getResources(
732                            long companyId, long groupId, String name, String primKey,
733                            String actionId)
734                    throws Exception {
735    
736                    // Individual
737    
738                    List<Resource> resources = new ArrayList<>(4);
739    
740                    Resource individualResource = ResourceLocalServiceUtil.getResource(
741                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
742    
743                    resources.add(individualResource);
744    
745                    // Group
746    
747                    if (groupId > 0) {
748                            Resource groupResource = ResourceLocalServiceUtil.getResource(
749                                    companyId, name, ResourceConstants.SCOPE_GROUP,
750                                    String.valueOf(groupId));
751    
752                            resources.add(groupResource);
753                    }
754    
755                    // Group template
756    
757                    if (signedIn && (groupId > 0)) {
758                            Resource groupTemplateResource =
759                                    ResourceLocalServiceUtil.getResource(
760                                            companyId, name, ResourceConstants.SCOPE_GROUP_TEMPLATE,
761                                            String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID));
762    
763                            resources.add(groupTemplateResource);
764                    }
765    
766                    // Company
767    
768                    Resource companyResource = ResourceLocalServiceUtil.getResource(
769                            companyId, name, ResourceConstants.SCOPE_COMPANY,
770                            String.valueOf(companyId));
771    
772                    resources.add(companyResource);
773    
774                    return resources;
775            }
776    
777            protected boolean hasGuestPermission(
778                            long groupId, String name, String primKey, String actionId)
779                    throws Exception {
780    
781                    try {
782                            ResourceActionsUtil.checkAction(name, actionId);
783                    }
784                    catch (Exception e) {
785                            if (_log.isDebugEnabled()) {
786                                    _log.debug(
787                                            "Guest does not have permission to " + actionId + " on " +
788                                                    name + " with primary key " + primKey);
789                            }
790    
791                            return false;
792                    }
793    
794                    if (name.indexOf(CharPool.PERIOD) != -1) {
795    
796                            // Check unsupported model actions
797    
798                            List<String> actions =
799                                    ResourceActionsUtil.getModelResourceGuestUnsupportedActions(
800                                            name);
801    
802                            if (actions.contains(actionId)) {
803                                    return false;
804                            }
805                    }
806                    else {
807    
808                            // Check unsupported portlet actions
809    
810                            List<String> actions =
811                                    ResourceActionsUtil.getPortletResourceGuestUnsupportedActions(
812                                            name);
813    
814                            if (actions.contains(actionId)) {
815                                    return false;
816                            }
817                    }
818    
819                    long companyId = user.getCompanyId();
820    
821                    List<Resource> resources = getResources(
822                            companyId, groupId, name, primKey, actionId);
823    
824                    try {
825                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
826                                    ResourceBlockIdsBag resourceBlockIdsBag =
827                                            getGuestResourceBlockIdsBag(companyId, groupId, name);
828    
829                                    return ResourceBlockLocalServiceUtil.hasPermission(
830                                            name, GetterUtil.getLong(primKey), actionId,
831                                            resourceBlockIdsBag);
832                            }
833    
834                            return ResourceLocalServiceUtil.hasUserPermissions(
835                                    defaultUserId, groupId, resources, actionId,
836                                    getGuestUserRoleIds());
837                    }
838                    catch (Exception e) {
839                            _log.error(e, e);
840    
841                            return false;
842                    }
843            }
844    
845            protected boolean hasPermissionImpl(
846                    long groupId, String name, String primKey, String actionId) {
847    
848                    try {
849                            if (!signedIn) {
850                                    return hasGuestPermission(groupId, name, primKey, actionId);
851                            }
852    
853                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
854    
855                                    // It is not necessary to check guest permissions separately, as
856                                    // the user's resource block IDs bag will already have the guest
857                                    // permissions in it if checkGuest is true.
858    
859                                    return hasUserPermission(
860                                            groupId, name, primKey, actionId, true);
861                            }
862    
863                            boolean value = false;
864    
865                            if (checkGuest) {
866                                    value = hasGuestPermission(groupId, name, primKey, actionId);
867                            }
868    
869                            if (!value) {
870                                    value = hasUserPermission(
871                                            groupId, name, primKey, actionId, true);
872                            }
873    
874                            return value;
875                    }
876                    catch (Exception e) {
877                            _log.error(e, e);
878    
879                            return false;
880                    }
881            }
882    
883            protected boolean hasUserPermissionImpl(
884                            long groupId, String name, String primKey, String actionId,
885                            boolean checkAdmin)
886                    throws Exception {
887    
888                    StopWatch stopWatch = new StopWatch();
889    
890                    stopWatch.start();
891    
892                    long companyId = user.getCompanyId();
893    
894                    if (groupId > 0) {
895                            Group group = GroupLocalServiceUtil.getGroup(groupId);
896    
897                            companyId = group.getCompanyId();
898                    }
899                    else if (name.equals(User.class.getName())) {
900                            User user = UserLocalServiceUtil.fetchUser(
901                                    GetterUtil.getLong(primKey));
902    
903                            if (user != null) {
904                                    companyId = user.getCompanyId();
905                            }
906                    }
907    
908                    boolean hasLayoutManagerPermission = true;
909    
910                    // Check if the layout manager has permission to do this action for the
911                    // current portlet
912    
913                    if (Validator.isNotNull(name) && Validator.isNotNull(primKey) &&
914                            primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
915    
916                            hasLayoutManagerPermission =
917                                    PortletPermissionUtil.hasLayoutManagerPermission(
918                                            name, actionId);
919                    }
920    
921                    if (checkAdmin) {
922                            if (isCompanyAdminImpl(companyId)) {
923                                    return true;
924                            }
925    
926                            if (name.equals(Organization.class.getName())) {
927                                    if (isOrganizationAdminImpl(GetterUtil.getLong(primKey))) {
928                                            return true;
929                                    }
930                            }
931                            else if (isGroupAdminImpl(groupId) && hasLayoutManagerPermission) {
932                                    return true;
933                            }
934                    }
935    
936                    return doCheckPermission(
937                            companyId, groupId, name, primKey, actionId, stopWatch);
938            }
939    
940            protected boolean isCompanyAdminImpl(long companyId) throws Exception {
941                    if (!signedIn) {
942                            return false;
943                    }
944    
945                    if (isOmniadmin()) {
946                            return true;
947                    }
948    
949                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
950                            getUserId(), companyId, RoleConstants.ADMINISTRATOR);
951    
952                    try {
953                            if (value == null) {
954                                    value = RoleLocalServiceUtil.hasUserRole(
955                                            user.getUserId(), companyId, RoleConstants.ADMINISTRATOR,
956                                            true);
957    
958                                    PermissionCacheUtil.putUserPrimaryKeyRole(
959                                            getUserId(), companyId, RoleConstants.ADMINISTRATOR, value);
960                            }
961                    }
962                    catch (Exception e) {
963                            PermissionCacheUtil.removeUserPrimaryKeyRole(
964                                    getUserId(), companyId, RoleConstants.ADMINISTRATOR);
965    
966                            throw e;
967                    }
968    
969                    return value;
970            }
971    
972            protected boolean isContentReviewerImpl(long groupId)
973                    throws PortalException {
974    
975                    if (isCompanyAdmin() || isGroupAdmin(groupId)) {
976                            return true;
977                    }
978    
979                    Group group = GroupLocalServiceUtil.getGroup(groupId);
980    
981                    if (RoleLocalServiceUtil.hasUserRole(
982                                    getUserId(), group.getCompanyId(),
983                                    RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
984    
985                            return true;
986                    }
987    
988                    if (group.isSite()) {
989                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
990                                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
991                                            true)) {
992    
993                                    return true;
994                            }
995                    }
996    
997                    return false;
998            }
999    
1000            protected boolean isContentReviewerImpl(long companyId, long groupId)
1001                    throws Exception {
1002    
1003                    if (!signedIn) {
1004                            return false;
1005                    }
1006    
1007                    if (isOmniadmin()) {
1008                            return true;
1009                    }
1010    
1011                    if (isCompanyAdmin(companyId)) {
1012                            return true;
1013                    }
1014    
1015                    if (groupId <= 0) {
1016                            return false;
1017                    }
1018    
1019                    if (isGroupAdmin(groupId)) {
1020                            return true;
1021                    }
1022    
1023                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1024                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1025    
1026                    try {
1027                            if (value == null) {
1028                                    value = isContentReviewerImpl(groupId);
1029    
1030                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1031                                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
1032                                            value);
1033                            }
1034                    }
1035                    catch (Exception e) {
1036                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1037                                    getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1038    
1039                            throw e;
1040                    }
1041    
1042                    return value;
1043            }
1044    
1045            protected boolean isGroupAdminImpl(Group group) throws Exception {
1046                    if (group.isLayout()) {
1047                            long parentGroupId = group.getParentGroupId();
1048    
1049                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
1050                                    return false;
1051                            }
1052    
1053                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
1054                    }
1055    
1056                    if (group.isSite()) {
1057                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1058                                            getUserId(), group.getGroupId(),
1059                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
1060                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1061                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1062                                            true)) {
1063    
1064                                    return true;
1065                            }
1066    
1067                            StopWatch stopWatch = new StopWatch();
1068    
1069                            stopWatch.start();
1070    
1071                            while (!group.isRoot()) {
1072                                    Group parentGroup = group.getParentGroup();
1073    
1074                                    if (doCheckPermission(
1075                                                    parentGroup.getCompanyId(), parentGroup.getGroupId(),
1076                                                    Group.class.getName(),
1077                                                    String.valueOf(parentGroup.getGroupId()),
1078                                                    ActionKeys.MANAGE_SUBGROUPS, stopWatch)) {
1079    
1080                                            return true;
1081                                    }
1082    
1083                                    group = parentGroup;
1084                            }
1085                    }
1086    
1087                    if (group.isCompany()) {
1088                            if (isCompanyAdmin()) {
1089                                    return true;
1090                            }
1091                            else {
1092                                    return false;
1093                            }
1094                    }
1095                    else if (group.isLayoutPrototype()) {
1096                            if (LayoutPrototypePermissionUtil.contains(
1097                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1098    
1099                                    return true;
1100                            }
1101                            else {
1102                                    return false;
1103                            }
1104                    }
1105                    else if (group.isLayoutSetPrototype()) {
1106                            if (LayoutSetPrototypePermissionUtil.contains(
1107                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1108    
1109                                    return true;
1110                            }
1111                            else {
1112                                    return false;
1113                            }
1114                    }
1115                    else if (group.isOrganization()) {
1116                            long organizationId = group.getOrganizationId();
1117    
1118                            while (organizationId !=
1119                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1120    
1121                                    Organization organization =
1122                                            OrganizationLocalServiceUtil.getOrganization(
1123                                                    organizationId);
1124    
1125                                    long organizationGroupId = organization.getGroupId();
1126    
1127                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1128                                                    getUserId(), organizationGroupId,
1129                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1130                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1131                                                    getUserId(), organizationGroupId,
1132                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
1133    
1134                                            return true;
1135                                    }
1136    
1137                                    organizationId = organization.getParentOrganizationId();
1138                            }
1139    
1140                            StopWatch stopWatch = new StopWatch();
1141    
1142                            stopWatch.start();
1143    
1144                            Organization organization =
1145                                    OrganizationLocalServiceUtil.getOrganization(
1146                                            group.getOrganizationId());
1147    
1148                            while (!organization.isRoot()) {
1149                                    Organization parentOrganization =
1150                                            organization.getParentOrganization();
1151    
1152                                    Group parentGroup = parentOrganization.getGroup();
1153    
1154                                    if (doCheckPermission(
1155                                                    parentGroup.getCompanyId(), parentGroup.getGroupId(),
1156                                                    Organization.class.getName(),
1157                                                    String.valueOf(parentOrganization.getOrganizationId()),
1158                                                    ActionKeys.MANAGE_SUBORGANIZATIONS, stopWatch)) {
1159    
1160                                            return true;
1161                                    }
1162    
1163                                    organization = parentOrganization;
1164                            }
1165                    }
1166    
1167                    return false;
1168            }
1169    
1170            protected boolean isGroupAdminImpl(long groupId) throws Exception {
1171                    if (!signedIn) {
1172                            return false;
1173                    }
1174    
1175                    if (isOmniadmin()) {
1176                            return true;
1177                    }
1178    
1179                    if (groupId <= 0) {
1180                            return false;
1181                    }
1182    
1183                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1184    
1185                    if (isCompanyAdmin(group.getCompanyId())) {
1186                            return true;
1187                    }
1188    
1189                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1190                            getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR);
1191    
1192                    try {
1193                            if (value == null) {
1194                                    value = isGroupAdminImpl(group);
1195    
1196                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1197                                            getUserId(), group.getGroupId(),
1198                                            RoleConstants.SITE_ADMINISTRATOR, value);
1199                            }
1200                    }
1201                    catch (Exception e) {
1202                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1203                                    getUserId(), group.getGroupId(),
1204                                    RoleConstants.SITE_ADMINISTRATOR);
1205    
1206                            throw e;
1207                    }
1208    
1209                    return value;
1210            }
1211    
1212            protected boolean isGroupMemberImpl(long groupId) throws Exception {
1213                    if (!signedIn) {
1214                            return false;
1215                    }
1216    
1217                    if (groupId <= 0) {
1218                            return false;
1219                    }
1220    
1221                    long[] roleIds = doGetRoleIds(getUserId(), groupId);
1222    
1223                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1224    
1225                    Role role = RoleLocalServiceUtil.getRole(
1226                            group.getCompanyId(), RoleConstants.SITE_MEMBER);
1227    
1228                    if (Arrays.binarySearch(roleIds, role.getRoleId()) >= 0) {
1229                            return true;
1230                    }
1231    
1232                    UserBag userBag = getUserBag();
1233    
1234                    return userBag.hasUserGroup(group);
1235            }
1236    
1237            protected boolean isGroupOwnerImpl(Group group) throws PortalException {
1238                    if (group.isSite()) {
1239                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1240                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1241                                            true)) {
1242    
1243                                    return true;
1244                            }
1245                    }
1246    
1247                    if (group.isLayoutPrototype()) {
1248                            if (LayoutPrototypePermissionUtil.contains(
1249                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1250    
1251                                    return true;
1252                            }
1253                            else {
1254                                    return false;
1255                            }
1256                    }
1257                    else if (group.isLayoutSetPrototype()) {
1258                            if (LayoutSetPrototypePermissionUtil.contains(
1259                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1260    
1261                                    return true;
1262                            }
1263                            else {
1264                                    return false;
1265                            }
1266                    }
1267                    else if (group.isOrganization()) {
1268                            long organizationId = group.getOrganizationId();
1269    
1270                            while (organizationId !=
1271                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1272    
1273                                    Organization organization =
1274                                            OrganizationLocalServiceUtil.getOrganization(
1275                                                    organizationId);
1276    
1277                                    long organizationGroupId = organization.getGroupId();
1278    
1279                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1280                                                    getUserId(), organizationGroupId,
1281                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
1282    
1283                                            return true;
1284                                    }
1285    
1286                                    organizationId = organization.getParentOrganizationId();
1287                            }
1288                    }
1289                    else if (group.isUser()) {
1290                            long groupUserId = group.getClassPK();
1291    
1292                            if (getUserId() == groupUserId) {
1293                                    return true;
1294                            }
1295                    }
1296    
1297                    return false;
1298            }
1299    
1300            protected boolean isGroupOwnerImpl(long groupId) throws Exception {
1301                    if (!signedIn) {
1302                            return false;
1303                    }
1304    
1305                    if (isOmniadmin()) {
1306                            return true;
1307                    }
1308    
1309                    if (groupId <= 0) {
1310                            return false;
1311                    }
1312    
1313                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1314    
1315                    if (isCompanyAdmin(group.getCompanyId())) {
1316                            return true;
1317                    }
1318    
1319                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1320                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1321    
1322                    try {
1323                            if (value == null) {
1324                                    value = isGroupOwnerImpl(group);
1325    
1326                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1327                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1328                                            value);
1329                            }
1330                    }
1331                    catch (Exception e) {
1332                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1333                                    getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1334    
1335                            throw e;
1336                    }
1337    
1338                    return value;
1339            }
1340    
1341            protected boolean isOrganizationAdminImpl(long organizationId)
1342                    throws Exception {
1343    
1344                    if (!signedIn) {
1345                            return false;
1346                    }
1347    
1348                    if (isOmniadmin()) {
1349                            return true;
1350                    }
1351    
1352                    if (organizationId <= 0) {
1353                            return false;
1354                    }
1355    
1356                    Organization organization =
1357                            OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1358    
1359                    if (organization == null) {
1360                            return false;
1361                    }
1362    
1363                    if (isCompanyAdmin(organization.getCompanyId())) {
1364                            return true;
1365                    }
1366    
1367                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1368                            getUserId(), organization.getOrganizationId(),
1369                            RoleConstants.ORGANIZATION_ADMINISTRATOR);
1370    
1371                    try {
1372                            if (value == null) {
1373                                    value = isOrganizationAdminImpl(organization);
1374    
1375                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1376                                            getUserId(), organization.getOrganizationId(),
1377                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, value);
1378                            }
1379                    }
1380                    catch (Exception e) {
1381                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1382                                    getUserId(), organization.getOrganizationId(),
1383                                    RoleConstants.ORGANIZATION_ADMINISTRATOR);
1384    
1385                            throw e;
1386                    }
1387    
1388                    return value;
1389            }
1390    
1391            protected boolean isOrganizationAdminImpl(Organization organization)
1392                    throws PortalException {
1393    
1394                    while (organization != null) {
1395                            long organizationGroupId = organization.getGroupId();
1396    
1397                            long userId = getUserId();
1398    
1399                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1400                                            userId, organizationGroupId,
1401                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1402                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1403                                            userId, organizationGroupId,
1404                                            RoleConstants.ORGANIZATION_OWNER, true)) {
1405    
1406                                    return true;
1407                            }
1408    
1409                            organization = organization.getParentOrganization();
1410                    }
1411    
1412                    return false;
1413            }
1414    
1415            protected boolean isOrganizationOwnerImpl(long organizationId)
1416                    throws Exception {
1417    
1418                    if (!signedIn) {
1419                            return false;
1420                    }
1421    
1422                    if (isOmniadmin()) {
1423                            return true;
1424                    }
1425    
1426                    if (organizationId <= 0) {
1427                            return false;
1428                    }
1429    
1430                    Organization organization =
1431                            OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1432    
1433                    if (organization == null) {
1434                            return false;
1435                    }
1436    
1437                    if (isCompanyAdmin(organization.getCompanyId())) {
1438                            return true;
1439                    }
1440    
1441                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1442                            getUserId(), organization.getOrganizationId(),
1443                            RoleConstants.ORGANIZATION_OWNER);
1444    
1445                    try {
1446                            if (value == null) {
1447                                    value = isOrganizationOwnerImpl(organization);
1448    
1449                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1450                                            getUserId(), organization.getOrganizationId(),
1451                                            RoleConstants.ORGANIZATION_OWNER, value);
1452                            }
1453                    }
1454                    catch (Exception e) {
1455                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1456                                    getUserId(), organization.getOrganizationId(),
1457                                    RoleConstants.ORGANIZATION_OWNER);
1458    
1459                            throw e;
1460                    }
1461    
1462                    return value;
1463            }
1464    
1465            protected boolean isOrganizationOwnerImpl(Organization organization)
1466                    throws PortalException {
1467    
1468                    while (organization != null) {
1469                            long organizationGroupId = organization.getGroupId();
1470    
1471                            long userId = getUserId();
1472    
1473                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1474                                            userId, organizationGroupId,
1475                                            RoleConstants.ORGANIZATION_OWNER, true)) {
1476    
1477                                    return true;
1478                            }
1479    
1480                            organization = organization.getParentOrganization();
1481                    }
1482    
1483                    return false;
1484            }
1485    
1486            protected void logHasUserPermission(
1487                    long groupId, String name, String primKey, String actionId,
1488                    StopWatch stopWatch, int block) {
1489    
1490                    if (!_log.isDebugEnabled()) {
1491                            return;
1492                    }
1493    
1494                    _log.debug(
1495                            "Checking user permission block " + block + " for " + groupId +
1496                                    " " + name + " " + primKey + " " + actionId + " takes " +
1497                                            stopWatch.getTime() + " ms");
1498            }
1499    
1500            /**
1501             * @deprecated As of 6.1.0
1502             */
1503            @Deprecated
1504            protected static final String RESULTS_SEPARATOR = "_RESULTS_SEPARATOR_";
1505    
1506            private static final Log _log = LogFactoryUtil.getLog(
1507                    AdvancedPermissionChecker.class);
1508    
1509    }