001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.kernel.dao.db.DB;
018    import com.liferay.portal.kernel.dao.db.DBManagerUtil;
019    import com.liferay.portal.kernel.dao.db.DBType;
020    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
021    import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
022    import com.liferay.portal.kernel.dao.orm.EntityCacheUtil;
023    import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
024    import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
025    import com.liferay.portal.kernel.log.Log;
026    import com.liferay.portal.kernel.log.LogFactoryUtil;
027    import com.liferay.portal.kernel.util.GetterUtil;
028    import com.liferay.portal.kernel.util.StringBundler;
029    import com.liferay.portal.kernel.util.StringPool;
030    import com.liferay.portal.kernel.util.StringUtil;
031    import com.liferay.portal.model.Group;
032    import com.liferay.portal.model.Layout;
033    import com.liferay.portal.model.LayoutConstants;
034    import com.liferay.portal.model.Organization;
035    import com.liferay.portal.model.PortletConstants;
036    import com.liferay.portal.model.ResourceConstants;
037    import com.liferay.portal.model.ResourcePermission;
038    import com.liferay.portal.model.Role;
039    import com.liferay.portal.model.RoleConstants;
040    import com.liferay.portal.model.User;
041    import com.liferay.portal.model.UserGroup;
042    import com.liferay.portal.security.permission.ActionKeys;
043    import com.liferay.portal.security.permission.PermissionCacheUtil;
044    import com.liferay.portal.security.permission.ResourceActionsUtil;
045    import com.liferay.portal.service.LayoutLocalServiceUtil;
046    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
047    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
048    import com.liferay.portal.service.RoleLocalServiceUtil;
049    import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
050    import com.liferay.portal.util.PortalInstances;
051    import com.liferay.portal.util.PortalUtil;
052    
053    import java.util.ArrayList;
054    import java.util.List;
055    
056    /**
057     * @author Tobias Kaefer
058     * @author Douglas Wong
059     * @author Matthew Kong
060     * @author Raymond Aug??
061     */
062    public class VerifyPermission extends VerifyProcess {
063    
064            protected void checkPermissions() throws Exception {
065                    List<String> modelNames = ResourceActionsUtil.getModelNames();
066    
067                    for (String modelName : modelNames) {
068                            List<String> actionIds =
069                                    ResourceActionsUtil.getModelResourceActions(modelName);
070    
071                            ResourceActionLocalServiceUtil.checkResourceActions(
072                                    modelName, actionIds, true);
073                    }
074    
075                    List<String> portletNames = ResourceActionsUtil.getPortletNames();
076    
077                    for (String portletName : portletNames) {
078                            List<String> actionIds =
079                                    ResourceActionsUtil.getPortletResourceActions(portletName);
080    
081                            ResourceActionLocalServiceUtil.checkResourceActions(
082                                    portletName, actionIds, true);
083                    }
084            }
085    
086            protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
087                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
088    
089                    for (long companyId : companyIds) {
090                            try {
091                                    deleteDefaultPrivateLayoutPermissions_6(companyId);
092                            }
093                            catch (Exception e) {
094                                    if (_log.isDebugEnabled()) {
095                                            _log.debug(e, e);
096                                    }
097                            }
098                    }
099            }
100    
101            protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
102                    throws Exception {
103    
104                    Role role = RoleLocalServiceUtil.getRole(
105                            companyId, RoleConstants.GUEST);
106    
107                    List<ResourcePermission> resourcePermissions =
108                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
109                                    role.getRoleId());
110    
111                    for (ResourcePermission resourcePermission : resourcePermissions) {
112                            if (isPrivateLayout(
113                                            resourcePermission.getName(),
114                                            resourcePermission.getPrimKey())) {
115    
116                                    ResourcePermissionLocalServiceUtil.deleteResourcePermission(
117                                            resourcePermission.getResourcePermissionId());
118                            }
119                    }
120            }
121    
122            @Override
123            protected void doVerify() throws Exception {
124                    deleteDefaultPrivateLayoutPermissions();
125    
126                    checkPermissions();
127                    fixOrganizationRolePermissions();
128                    fixUserDefaultRolePermissions();
129            }
130    
131            protected void fixOrganizationRolePermissions() throws Exception {
132                    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
133                            ResourcePermission.class);
134    
135                    dynamicQuery.add(
136                            RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
137    
138                    List<ResourcePermission> resourcePermissions =
139                            ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
140    
141                    for (ResourcePermission resourcePermission : resourcePermissions) {
142                            ResourcePermission groupResourcePermission = null;
143    
144                            try {
145                                    groupResourcePermission =
146                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
147                                                    resourcePermission.getCompanyId(),
148                                                    Group.class.getName(), resourcePermission.getScope(),
149                                                    resourcePermission.getPrimKey(),
150                                                    resourcePermission.getRoleId());
151                            }
152                            catch (Exception e) {
153                                    ResourcePermissionLocalServiceUtil.setResourcePermissions(
154                                            resourcePermission.getCompanyId(), Group.class.getName(),
155                                            resourcePermission.getScope(),
156                                            resourcePermission.getPrimKey(),
157                                            resourcePermission.getRoleId(),
158                                            ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
159    
160                                    groupResourcePermission =
161                                            ResourcePermissionLocalServiceUtil.getResourcePermission(
162                                                    resourcePermission.getCompanyId(),
163                                                    Group.class.getName(), resourcePermission.getScope(),
164                                                    resourcePermission.getPrimKey(),
165                                                    resourcePermission.getRoleId());
166                            }
167    
168                            for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
169                                    if (resourcePermission.hasActionId(actionId)) {
170                                            resourcePermission.removeResourceAction(actionId);
171    
172                                            groupResourcePermission.addResourceAction(actionId);
173                                    }
174                            }
175    
176                            try {
177                                    resourcePermission.resetOriginalValues();
178    
179                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
180                                            resourcePermission);
181    
182                                    groupResourcePermission.resetOriginalValues();
183    
184                                    ResourcePermissionLocalServiceUtil.updateResourcePermission(
185                                            groupResourcePermission);
186                            }
187                            catch (Exception e) {
188                                    _log.error(e, e);
189                            }
190                    }
191    
192                    PermissionCacheUtil.clearResourceCache();
193            }
194    
195            protected void fixUserDefaultRolePermissions() throws Exception {
196                    long userClassNameId = PortalUtil.getClassNameId(User.class);
197                    long userGroupClassNameId = PortalUtil.getClassNameId(UserGroup.class);
198    
199                    DB db = DBManagerUtil.getDB();
200    
201                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
202    
203                    for (long companyId : companyIds) {
204                            Role powerUserRole = RoleLocalServiceUtil.getRole(
205                                    companyId, RoleConstants.POWER_USER);
206                            Role userRole = RoleLocalServiceUtil.getRole(
207                                    companyId, RoleConstants.USER);
208    
209                            StringBundler joinSB = new StringBundler(22);
210    
211                            joinSB.append("ResourcePermission resourcePermission1 left outer ");
212                            joinSB.append("join ResourcePermission resourcePermission2 on ");
213                            joinSB.append("resourcePermission1.companyId = ");
214                            joinSB.append("resourcePermission2.companyId and ");
215                            joinSB.append("resourcePermission1.name = ");
216                            joinSB.append("resourcePermission2.name and ");
217                            joinSB.append("resourcePermission1.primKey = ");
218                            joinSB.append("resourcePermission2.primKey and ");
219                            joinSB.append("resourcePermission1.scope = ");
220                            joinSB.append("resourcePermission2.scope and ");
221                            joinSB.append("resourcePermission2.roleId = ");
222                            joinSB.append(userRole.getRoleId());
223                            joinSB.append(" inner join Layout on ");
224                            joinSB.append("resourcePermission1.companyId = Layout.companyId ");
225                            joinSB.append("and resourcePermission1.primKey like ");
226                            joinSB.append("replace('[$PLID$]");
227                            joinSB.append(PortletConstants.LAYOUT_SEPARATOR);
228                            joinSB.append("%', '[$PLID$]', cast_text(Layout.plid)) inner ");
229                            joinSB.append("join Group_ on Layout.groupId = ");
230                            joinSB.append("Group_.groupId and Layout.type_ = '");
231                            joinSB.append(LayoutConstants.TYPE_PORTLET);
232                            joinSB.append(StringPool.APOSTROPHE);
233    
234                            StringBundler whereSB = new StringBundler(12);
235    
236                            whereSB.append("where resourcePermission1.scope = ");
237                            whereSB.append(ResourceConstants.SCOPE_INDIVIDUAL);
238                            whereSB.append(" and resourcePermission1.primKey like '%");
239                            whereSB.append(PortletConstants.LAYOUT_SEPARATOR);
240                            whereSB.append("%' and resourcePermission1.roleId = ");
241                            whereSB.append(powerUserRole.getRoleId());
242                            whereSB.append(" and resourcePermission2.roleId is null and ");
243                            whereSB.append("(Group_.classNameId = ");
244                            whereSB.append(userClassNameId);
245                            whereSB.append(" or Group_.classNameId = ");
246                            whereSB.append(userGroupClassNameId);
247                            whereSB.append(StringPool.CLOSE_PARENTHESIS);
248    
249                            StringBundler sb = new StringBundler(8);
250    
251                            if (db.getDBType() == DBType.MYSQL) {
252                                    sb.append("update ");
253                                    sb.append(joinSB.toString());
254                                    sb.append(" set resourcePermission1.roleId = ");
255                                    sb.append(userRole.getRoleId());
256                                    sb.append(StringPool.SPACE);
257                                    sb.append(whereSB.toString());
258                            }
259                            else {
260                                    sb.append("update ResourcePermission set roleId = ");
261                                    sb.append(userRole.getRoleId());
262                                    sb.append(" where resourcePermissionId in (select ");
263                                    sb.append("resourcePermission1.resourcePermissionId from ");
264                                    sb.append(joinSB.toString());
265                                    sb.append(StringPool.SPACE);
266                                    sb.append(whereSB.toString());
267                                    sb.append(StringPool.CLOSE_PARENTHESIS);
268                            }
269    
270                            runSQL(sb.toString());
271                    }
272    
273                    EntityCacheUtil.clearCache();
274                    FinderCacheUtil.clearCache();
275            }
276    
277            protected boolean isPrivateLayout(String name, String primKey)
278                    throws Exception {
279    
280                    if (!name.equals(Layout.class.getName()) &&
281                            !primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
282    
283                            return false;
284                    }
285    
286                    if (primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
287                            primKey = StringUtil.extractFirst(
288                                    primKey, PortletConstants.LAYOUT_SEPARATOR);
289                    }
290    
291                    long plid = GetterUtil.getLong(primKey);
292    
293                    Layout layout = LayoutLocalServiceUtil.getLayout(plid);
294    
295                    if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
296                            return false;
297                    }
298    
299                    return true;
300            }
301    
302            private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
303                    new ArrayList<>();
304    
305            private static final Log _log = LogFactoryUtil.getLog(
306                    VerifyPermission.class);
307    
308            static {
309                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
310                            ActionKeys.MANAGE_ARCHIVED_SETUPS);
311                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
312                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
313                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
314                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
315                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
316                    _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
317            }
318    
319    }