001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.model.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.model.ResourceAction; 019 import com.liferay.portal.service.ResourceActionLocalServiceUtil; 020 021 /** 022 * Stores the permissions assigned to roles under permissions version 6. A 023 * resource permission gives a role the ability to perform a set of actions on 024 * certain resources. 025 * 026 * <p> 027 * The type of resource a permission applies to is specified by the 028 * <code>name</code> attribute. It will either be the numeric ID of a portlet, 029 * or the fully qualified class name of a model (such as a layout or document 030 * library folder). 031 * </p> 032 * 033 * <p> 034 * These permissions can apply in one of four scopes: company, group, 035 * group-template, or individual. The scope of a permission determines how 036 * broadly it applies to resources in the portal. Company scope is the broadest, 037 * and grants a user with the role permissions for every resource of the type 038 * within the company. Likewise, group scope gives users with the role 039 * permissions for every resource within the specified group, and individual 040 * scope only applies to a single resource of the type. Group-template scope is 041 * similar to group scope, except that it does not automatically apply to a 042 * specific group. A user must be a member of a group (generally either a site 043 * or an organization), and they must have been given the role within that group 044 * before they are granted its permissions. 045 * </p> 046 * 047 * <p> 048 * Note: Lacking permission to perform an action on a resource at one scope does 049 * not necessarily mean that a role does not have permission to perform that 050 * action. For instance, a message boards moderator role will not have 051 * individual scope permissions to edit every post, but it will have edit 052 * permissions at the group or company level, which is sufficient. Every scope 053 * must be checked. 054 * </p> 055 * 056 * <p> 057 * The scope of the resource permission also determines the meaning of the 058 * <code>primKey</code> attribute. Its different uses are listed below: 059 * </p> 060 * 061 * <ul> 062 * <li> 063 * Company scope - <code>primKey</code> is the primary key of the company 064 * </li> 065 * <li> 066 * Group scope - <code>primKey</code> is the primary key of the group the 067 * permission applies within 068 * </li> 069 * <li> 070 * Group-template scope - <code>primKey</code> is always <code>0</code> 071 * </li> 072 * <li> 073 * Individual scope - If the permission applies to a model instance, 074 * <code>primkey</code> will be the primary key of the instance. If the 075 * permission is for a portlet, <code>primKey</code> will contain the primary 076 * key of the layout containing the portlet, followed by "_LAYOUT_" 077 * and the portlet ID. The instance ID will also be present for instanceable 078 * portlets, preceded by "_INSTANCE_". 079 * </li> 080 * </ul> 081 * 082 * <p> 083 * The <code>actionIds</code> attribute stores the bitwise IDs of all the 084 * actions allowed by this permission. 085 * </p> 086 * 087 * @author Brian Wing Shun Chan 088 * @see ResourceActionImpl 089 */ 090 public class ResourcePermissionImpl extends ResourcePermissionBaseImpl { 091 092 @Override 093 public void addResourceAction(String actionId) throws PortalException { 094 ResourceAction resourceAction = 095 ResourceActionLocalServiceUtil.getResourceAction( 096 getName(), actionId); 097 098 long actionIds = getActionIds() | resourceAction.getBitwiseValue(); 099 100 setActionIds(actionIds); 101 setViewActionId(actionIds % 2 == 1); 102 } 103 104 @Override 105 public boolean hasAction(ResourceAction resourceAction) { 106 if ((resourceAction != null) && 107 ((getActionIds() & resourceAction.getBitwiseValue()) != 0)) { 108 109 return true; 110 } 111 112 return false; 113 } 114 115 @Override 116 public boolean hasActionId(String actionId) { 117 ResourceAction resourceAction = 118 ResourceActionLocalServiceUtil.fetchResourceAction( 119 getName(), actionId); 120 121 return hasAction(resourceAction); 122 } 123 124 @Override 125 public void removeResourceAction(String actionId) throws PortalException { 126 ResourceAction resourceAction = 127 ResourceActionLocalServiceUtil.getResourceAction( 128 getName(), actionId); 129 130 long actionIds = getActionIds() & (~resourceAction.getBitwiseValue()); 131 132 setActionIds(actionIds); 133 setViewActionId(actionIds % 2 == 1); 134 } 135 136 }