001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.dao.orm.QueryUtil;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.security.permission.ActionKeys;
022    import com.liferay.portal.kernel.security.permission.PermissionChecker;
023    import com.liferay.portal.kernel.security.permission.ResourceActionsUtil;
024    import com.liferay.portal.kernel.security.permission.ResourceBlockIdsBag;
025    import com.liferay.portal.kernel.security.permission.UserBag;
026    import com.liferay.portal.kernel.security.permission.UserBagFactoryUtil;
027    import com.liferay.portal.kernel.util.ArrayUtil;
028    import com.liferay.portal.kernel.util.CharPool;
029    import com.liferay.portal.kernel.util.GetterUtil;
030    import com.liferay.portal.kernel.util.ListUtil;
031    import com.liferay.portal.kernel.util.SetUtil;
032    import com.liferay.portal.kernel.util.Validator;
033    import com.liferay.portal.model.Group;
034    import com.liferay.portal.model.GroupConstants;
035    import com.liferay.portal.model.GroupedModel;
036    import com.liferay.portal.model.Layout;
037    import com.liferay.portal.model.Organization;
038    import com.liferay.portal.model.OrganizationConstants;
039    import com.liferay.portal.model.PermissionedModel;
040    import com.liferay.portal.model.PortletConstants;
041    import com.liferay.portal.model.Resource;
042    import com.liferay.portal.model.ResourceBlockConstants;
043    import com.liferay.portal.model.ResourceConstants;
044    import com.liferay.portal.model.Role;
045    import com.liferay.portal.model.RoleConstants;
046    import com.liferay.portal.model.Team;
047    import com.liferay.portal.model.User;
048    import com.liferay.portal.service.GroupLocalServiceUtil;
049    import com.liferay.portal.service.LayoutLocalServiceUtil;
050    import com.liferay.portal.service.OrganizationLocalServiceUtil;
051    import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
052    import com.liferay.portal.service.ResourceLocalServiceUtil;
053    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
054    import com.liferay.portal.service.RoleLocalServiceUtil;
055    import com.liferay.portal.service.TeamLocalServiceUtil;
056    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
057    import com.liferay.portal.service.UserLocalServiceUtil;
058    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
059    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
060    import com.liferay.portal.service.permission.PortletPermissionUtil;
061    
062    import java.util.ArrayList;
063    import java.util.Arrays;
064    import java.util.Collections;
065    import java.util.LinkedHashMap;
066    import java.util.List;
067    import java.util.Set;
068    
069    import org.apache.commons.lang.time.StopWatch;
070    
071    /**
072     * @author Charles May
073     * @author Brian Wing Shun Chan
074     * @author Raymond Aug??
075     * @author Wesley Gong
076     * @author Connor McKay
077     */
078    public class AdvancedPermissionChecker extends BasePermissionChecker {
079    
080            @Override
081            public AdvancedPermissionChecker clone() {
082                    return new AdvancedPermissionChecker();
083            }
084    
085            public ResourceBlockIdsBag getGuestResourceBlockIdsBag(
086                            long companyId, long groupId, String name)
087                    throws Exception {
088    
089                    ResourceBlockIdsBag resourceBlockIdsBag =
090                            PermissionCacheUtil.getResourceBlockIdsBag(
091                                    companyId, groupId, defaultUserId, name);
092    
093                    if (resourceBlockIdsBag != null) {
094                            return resourceBlockIdsBag;
095                    }
096    
097                    try {
098                            resourceBlockIdsBag =
099                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
100                                            getCompanyId(), groupId, name, getGuestUserRoleIds());
101    
102                            PermissionCacheUtil.putResourceBlockIdsBag(
103                                    companyId, groupId, defaultUserId, name, resourceBlockIdsBag);
104    
105                            return resourceBlockIdsBag;
106                    }
107                    catch (Exception e) {
108                            PermissionCacheUtil.removeResourceBlockIdsBag(
109                                    getCompanyId(), groupId, defaultUserId, name);
110    
111                            throw e;
112                    }
113            }
114    
115            /**
116             * Returns the permission checker bag for the guest user.
117             *
118             * @return the permission checker bag for the guest user
119             * @throws Exception if an exception occurred
120             */
121            public long[] getGuestUserRoleIds() throws Exception {
122                    Group guestGroup = GroupLocalServiceUtil.getGroup(
123                            getCompanyId(), GroupConstants.GUEST);
124    
125                    long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
126                            defaultUserId, guestGroup.getGroupId());
127    
128                    if (roleIds != null) {
129                            return roleIds;
130                    }
131    
132                    try {
133                            List<Role> roles = RoleLocalServiceUtil.getUserRelatedRoles(
134                                    defaultUserId, Collections.singletonList(guestGroup));
135    
136                            // Only use the guest group for deriving the roles for
137                            // unauthenticated users. Do not add the group to the permission bag
138                            // as this implies group membership which is incorrect in the case
139                            // of unauthenticated users.
140    
141                            roleIds = ListUtil.toLongArray(roles, Role.ROLE_ID_ACCESSOR);
142    
143                            Arrays.sort(roleIds);
144    
145                            PermissionCacheUtil.putUserGroupRoleIds(
146                                    defaultUserId, guestGroup.getGroupId(), roleIds);
147                    }
148                    catch (Exception e) {
149                            PermissionCacheUtil.removeUserGroupRoleIds(
150                                    defaultUserId, guestGroup.getGroupId());
151    
152                            throw e;
153                    }
154    
155                    return roleIds;
156            }
157    
158            @Override
159            public List<Long> getOwnerResourceBlockIds(
160                    long companyId, long groupId, String name, String actionId) {
161    
162                    try {
163                            ResourceBlockIdsBag resourceBlockIdsBag =
164                                    getOwnerResourceBlockIdsBag(companyId, groupId, name);
165    
166                            return ResourceBlockLocalServiceUtil.getResourceBlockIds(
167                                    resourceBlockIdsBag, name, actionId);
168                    }
169                    catch (Exception e) {
170                            if (_log.isDebugEnabled()) {
171                                    _log.debug(e, e);
172                            }
173                    }
174    
175                    return Collections.emptyList();
176            }
177    
178            public ResourceBlockIdsBag getOwnerResourceBlockIdsBag(
179                    long companyId, long groupId, String name) {
180    
181                    ResourceBlockIdsBag resourceBlockIdsBag =
182                            PermissionCacheUtil.getResourceBlockIdsBag(
183                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
184    
185                    if (resourceBlockIdsBag != null) {
186                            return resourceBlockIdsBag;
187                    }
188    
189                    try {
190                            long[] roleIds = {getOwnerRoleId()};
191    
192                            resourceBlockIdsBag =
193                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
194                                            getCompanyId(), groupId, name, roleIds);
195    
196                            PermissionCacheUtil.putResourceBlockIdsBag(
197                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
198                                    resourceBlockIdsBag);
199    
200                            return resourceBlockIdsBag;
201                    }
202                    catch (Exception e) {
203                            PermissionCacheUtil.removeResourceBlockIdsBag(
204                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
205    
206                            throw e;
207                    }
208            }
209    
210            @Override
211            public List<Long> getResourceBlockIds(
212                    long companyId, long groupId, long userId, String name,
213                    String actionId) {
214    
215                    try {
216                            ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
217                                    companyId, groupId, userId, name);
218    
219                            return ResourceBlockLocalServiceUtil.getResourceBlockIds(
220                                    resourceBlockIdsBag, name, actionId);
221                    }
222                    catch (Exception e) {
223                            if (_log.isDebugEnabled()) {
224                                    _log.debug(e, e);
225                            }
226                    }
227    
228                    return Collections.emptyList();
229            }
230    
231            public ResourceBlockIdsBag getResourceBlockIdsBag(
232                            long companyId, long groupId, long userId, String name)
233                    throws Exception {
234    
235                    ResourceBlockIdsBag resourceBlockIdsBag =
236                            PermissionCacheUtil.getResourceBlockIdsBag(
237                                    companyId, groupId, userId, name);
238    
239                    if (resourceBlockIdsBag != null) {
240                            return resourceBlockIdsBag;
241                    }
242    
243                    try {
244                            long[] roleIds = getRoleIds(userId, groupId);
245    
246                            resourceBlockIdsBag =
247                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
248                                            getCompanyId(), groupId, name, roleIds);
249    
250                            PermissionCacheUtil.putResourceBlockIdsBag(
251                                    companyId, groupId, userId, name, resourceBlockIdsBag);
252    
253                            return resourceBlockIdsBag;
254                    }
255                    catch (Exception e) {
256                            PermissionCacheUtil.removeResourceBlockIdsBag(
257                                    companyId, groupId, userId, name);
258    
259                            throw e;
260                    }
261            }
262    
263            @Override
264            public long[] getRoleIds(long userId, long groupId) {
265                    long[] roleIds = null;
266    
267                    try {
268                            roleIds = doGetRoleIds(userId, groupId);
269                    }
270                    catch (Exception e) {
271                            if (_log.isDebugEnabled()) {
272                                    _log.debug(e, e);
273                            }
274    
275                            return PermissionChecker.DEFAULT_ROLE_IDS;
276                    }
277    
278                    if (!checkGuest) {
279                            return roleIds;
280                    }
281    
282                    Set<Long> roleIdsSet = SetUtil.fromArray(roleIds);
283    
284                    try {
285                            for (long roleId : getGuestUserRoleIds()) {
286                                    roleIdsSet.add(roleId);
287                            }
288                    }
289                    catch (Exception e) {
290                            if (_log.isDebugEnabled()) {
291                                    _log.debug(e, e);
292                            }
293                    }
294    
295                    return ArrayUtil.toArray(
296                            roleIdsSet.toArray(new Long[roleIdsSet.size()]));
297            }
298    
299            @Override
300            public UserBag getUserBag() throws PortalException {
301                    return UserBagFactoryUtil.create(getUserId());
302            }
303    
304            @Override
305            public boolean hasOwnerPermission(
306                    long companyId, String name, String primKey, long ownerId,
307                    String actionId) {
308    
309                    if (ownerId != getUserId()) {
310                            return false;
311                    }
312    
313                    if (ownerId == defaultUserId) {
314                            if (actionId.equals(ActionKeys.VIEW)) {
315                                    return true;
316                            }
317                            else {
318                                    return false;
319                            }
320                    }
321    
322                    try {
323                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
324                                    PermissionedModel permissionedModel =
325                                            ResourceBlockLocalServiceUtil.getPermissionedModel(
326                                                    name, GetterUtil.getLong(primKey));
327    
328                                    long groupId = 0;
329    
330                                    if (permissionedModel instanceof GroupedModel) {
331                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
332    
333                                            groupId = groupedModel.getGroupId();
334                                    }
335    
336                                    ResourceBlockIdsBag resourceBlockIdsBag =
337                                            getOwnerResourceBlockIdsBag(companyId, groupId, name);
338    
339                                    return ResourceBlockLocalServiceUtil.hasPermission(
340                                            name, permissionedModel, actionId, resourceBlockIdsBag);
341                            }
342    
343                            return ResourcePermissionLocalServiceUtil.hasResourcePermission(
344                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
345                                    getOwnerRoleId(), actionId);
346                    }
347                    catch (Exception e) {
348                            if (_log.isDebugEnabled()) {
349                                    _log.debug(e, e);
350                            }
351                    }
352    
353                    return false;
354            }
355    
356            @Override
357            public boolean hasPermission(
358                    long groupId, String name, String primKey, String actionId) {
359    
360                    StopWatch stopWatch = new StopWatch();
361    
362                    stopWatch.start();
363    
364                    Group group = null;
365    
366                    try {
367                            if (groupId > 0) {
368                                    group = GroupLocalServiceUtil.getGroup(groupId);
369    
370                                    // If the group is a scope group for a layout, check the
371                                    // original group.
372    
373                                    if (group.isLayout() &&
374                                            !ResourceBlockLocalServiceUtil.isSupported(name)) {
375    
376                                            Layout layout = LayoutLocalServiceUtil.getLayout(
377                                                    group.getClassPK());
378    
379                                            groupId = layout.getGroupId();
380    
381                                            group = GroupLocalServiceUtil.getGroup(groupId);
382                                    }
383    
384                                    // If the group is a personal site, check the "User Personal
385                                    // Site" group.
386    
387                                    if (group.isUser() && (group.getClassPK() == getUserId())) {
388                                            group = GroupLocalServiceUtil.getGroup(
389                                                    getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
390    
391                                            groupId = group.getGroupId();
392                                    }
393                            }
394                    }
395                    catch (Exception e) {
396                            _log.error(e, e);
397                    }
398    
399                    Boolean value = PermissionCacheUtil.getPermission(
400                            user.getUserId(), signedIn, groupId, name, primKey, actionId);
401    
402                    if (value != null) {
403                            return value;
404                    }
405    
406                    try {
407                            value = hasPermissionImpl(groupId, name, primKey, actionId);
408    
409                            if (_log.isDebugEnabled()) {
410                                    _log.debug(
411                                            "Checking permission for " + groupId + " " + name +
412                                                    " " + primKey + " " + actionId + " takes " +
413                                                            stopWatch.getTime() + " ms");
414                            }
415    
416                            PermissionCacheUtil.putPermission(
417                                    user.getUserId(), signedIn, groupId, name, primKey, actionId,
418                                    value);
419                    }
420                    catch (Exception e) {
421                            PermissionCacheUtil.removePermission(
422                                    user.getUserId(), signedIn, groupId, name, primKey, actionId);
423    
424                            throw e;
425                    }
426    
427                    return value;
428            }
429    
430            @Override
431            public boolean hasUserPermission(
432                    long groupId, String name, String primKey, String actionId,
433                    boolean checkAdmin) {
434    
435                    try {
436                            return hasUserPermissionImpl(
437                                    groupId, name, primKey, actionId, checkAdmin);
438                    }
439                    catch (Exception e) {
440                            _log.error(e, e);
441    
442                            return false;
443                    }
444            }
445    
446            @Override
447            public boolean isCompanyAdmin() {
448                    try {
449                            return isCompanyAdminImpl(user.getCompanyId());
450                    }
451                    catch (Exception e) {
452                            _log.error(e, e);
453    
454                            return false;
455                    }
456            }
457    
458            @Override
459            public boolean isCompanyAdmin(long companyId) {
460                    try {
461                            return isCompanyAdminImpl(companyId);
462                    }
463                    catch (Exception e) {
464                            _log.error(e, e);
465    
466                            return false;
467                    }
468            }
469    
470            @Override
471            public boolean isContentReviewer(long companyId, long groupId) {
472                    try {
473                            return isContentReviewerImpl(companyId, groupId);
474                    }
475                    catch (Exception e) {
476                            _log.error(e, e);
477                    }
478    
479                    return false;
480            }
481    
482            @Override
483            public boolean isGroupAdmin(long groupId) {
484                    try {
485                            return isGroupAdminImpl(groupId);
486                    }
487                    catch (Exception e) {
488                            _log.error(e, e);
489    
490                            return false;
491                    }
492            }
493    
494            @Override
495            public boolean isGroupMember(long groupId) {
496                    try {
497                            return isGroupMemberImpl(groupId);
498                    }
499                    catch (Exception e) {
500                            _log.error(e, e);
501    
502                            return false;
503                    }
504            }
505    
506            @Override
507            public boolean isGroupOwner(long groupId) {
508                    try {
509                            return isGroupOwnerImpl(groupId);
510                    }
511                    catch (Exception e) {
512                            _log.error(e, e);
513    
514                            return false;
515                    }
516            }
517    
518            @Override
519            public boolean isOrganizationAdmin(long organizationId) {
520                    try {
521                            return isOrganizationAdminImpl(organizationId);
522                    }
523                    catch (Exception e) {
524                            _log.error(e, e);
525    
526                            return false;
527                    }
528            }
529    
530            @Override
531            public boolean isOrganizationOwner(long organizationId) {
532                    try {
533                            return isOrganizationOwnerImpl(organizationId);
534                    }
535                    catch (Exception e) {
536                            _log.error(e, e);
537    
538                            return false;
539                    }
540            }
541    
542            protected void addTeamRoles(long userId, Group group, Set<Long> roleIds)
543                    throws Exception {
544    
545                    List<Team> userTeams = TeamLocalServiceUtil.getUserTeams(
546                            userId, group.getGroupId());
547    
548                    for (Team team : userTeams) {
549                            Role role = RoleLocalServiceUtil.getTeamRole(
550                                    team.getCompanyId(), team.getTeamId());
551    
552                            roleIds.add(role.getRoleId());
553                    }
554    
555                    LinkedHashMap<String, Object> teamParams = new LinkedHashMap<>();
556    
557                    teamParams.put("usersUserGroups", userId);
558    
559                    List<Team> userGroupTeams = TeamLocalServiceUtil.search(
560                            group.getGroupId(), null, null, teamParams, QueryUtil.ALL_POS,
561                            QueryUtil.ALL_POS, null);
562    
563                    for (Team team : userGroupTeams) {
564                            Role role = RoleLocalServiceUtil.getTeamRole(
565                                    team.getCompanyId(), team.getTeamId());
566    
567                            roleIds.add(role.getRoleId());
568                    }
569            }
570    
571            protected boolean doCheckPermission(
572                            long companyId, long groupId, String name, String primKey,
573                            String actionId, StopWatch stopWatch)
574                    throws Exception {
575    
576                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 1);
577    
578                    if (ResourceBlockLocalServiceUtil.isSupported(name)) {
579                            ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
580                                    companyId, groupId, getUserId(), name);
581    
582                            boolean value = ResourceBlockLocalServiceUtil.hasPermission(
583                                    name, GetterUtil.getLong(primKey), actionId,
584                                    resourceBlockIdsBag);
585    
586                            logHasUserPermission(
587                                    groupId, name, primKey, actionId, stopWatch, 2);
588    
589                            return value;
590                    }
591    
592                    List<Resource> resources = getResources(
593                            companyId, groupId, name, primKey, actionId);
594    
595                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 3);
596    
597                    // Check if user has access to perform the action on the given resource
598                    // scopes. The resources are scoped to check first for an individual
599                    // class, then for the group that the class may belong to, and then for
600                    // the company that the class belongs to.
601    
602                    boolean value = ResourceLocalServiceUtil.hasUserPermissions(
603                            user.getUserId(), groupId, resources, actionId,
604                            doGetRoleIds(user.getUserId(), groupId));
605    
606                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 4);
607    
608                    return value;
609            }
610    
611            protected long[] doGetRoleIds(long userId, long groupId) throws Exception {
612                    long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
613                            userId, groupId);
614    
615                    if (roleIds != null) {
616                            return roleIds;
617                    }
618    
619                    try {
620                            Group group = null;
621    
622                            long parentGroupId = 0;
623    
624                            if (groupId > 0) {
625                                    group = GroupLocalServiceUtil.getGroup(groupId);
626    
627                                    if (group.isLayout()) {
628                                            parentGroupId = group.getParentGroupId();
629    
630                                            if (parentGroupId > 0) {
631                                                    group = GroupLocalServiceUtil.getGroup(parentGroupId);
632                                            }
633                                    }
634                            }
635    
636                            UserBag userBag = getUserBag();
637    
638                            Set<Long> roleIdsSet = SetUtil.fromArray(userBag.getRoleIds());
639    
640                            List<Role> userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
641                                    userId, groupId);
642    
643                            for (Role userGroupRole : userGroupRoles) {
644                                    roleIdsSet.add(userGroupRole.getRoleId());
645                            }
646    
647                            if (parentGroupId > 0) {
648                                    userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
649                                            userId, parentGroupId);
650    
651                                    for (Role userGroupRole : userGroupRoles) {
652                                            roleIdsSet.add(userGroupRole.getRoleId());
653                                    }
654                            }
655    
656                            List<Role> userGroupGroupRoles =
657                                    RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId);
658    
659                            for (Role userGroupGroupRole : userGroupGroupRoles) {
660                                    roleIdsSet.add(userGroupGroupRole.getRoleId());
661                            }
662    
663                            if (parentGroupId > 0) {
664                                    userGroupGroupRoles =
665                                            RoleLocalServiceUtil.getUserGroupGroupRoles(
666                                                    userId, parentGroupId);
667    
668                                    for (Role userGroupGroupRole : userGroupGroupRoles) {
669                                            roleIdsSet.add(userGroupGroupRole.getRoleId());
670                                    }
671                            }
672    
673                            if (group != null) {
674                                    if (group.isOrganization() && userBag.hasUserOrgGroup(group)) {
675                                            Role organizationUserRole = RoleLocalServiceUtil.getRole(
676                                                    group.getCompanyId(), RoleConstants.ORGANIZATION_USER);
677    
678                                            roleIdsSet.add(organizationUserRole.getRoleId());
679                                    }
680    
681                                    if ((group.isSite() &&
682                                             (userBag.hasUserGroup(group) ||
683                                              userBag.hasUserOrgGroup(group))) ||
684                                            group.isUserPersonalSite()) {
685    
686                                            Role siteMemberRole = RoleLocalServiceUtil.getRole(
687                                                    group.getCompanyId(), RoleConstants.SITE_MEMBER);
688    
689                                            roleIdsSet.add(siteMemberRole.getRoleId());
690                                    }
691    
692                                    if ((group.isOrganization() &&
693                                             userBag.hasUserOrgGroup(group)) ||
694                                            (group.isSite() && userBag.hasUserGroup(group))) {
695    
696                                            addTeamRoles(userId, group, roleIdsSet);
697                                    }
698                            }
699    
700                            roleIds = ArrayUtil.toLongArray(roleIdsSet);
701    
702                            Arrays.sort(roleIds);
703    
704                            PermissionCacheUtil.putUserGroupRoleIds(userId, groupId, roleIds);
705    
706                            return roleIds;
707                    }
708                    catch (Exception e) {
709                            PermissionCacheUtil.removeUserGroupRoleIds(userId, groupId);
710    
711                            throw e;
712                    }
713            }
714    
715            /**
716             * Returns representations of the resource at each scope level.
717             *
718             * <p>
719             * For example, if the class name and primary key of a blog entry were
720             * passed to this method, it would return a resource for the blog entry
721             * itself (individual scope), a resource representing all blog entries
722             * within its group (group scope), a resource standing for all blog entries
723             * within a group the user has a suitable role in (group-template scope),
724             * and a resource signifying all blog entries within the company (company
725             * scope).
726             * </p>
727             *
728             * @param  companyId the primary key of the company
729             * @param  groupId the primary key of the group containing the resource
730             * @param  name the resource's name, which can be either a class name or a
731             *         portlet ID
732             * @param  primKey the primary key of the resource
733             * @param  actionId unused
734             * @return representations of the resource at each scope level
735             * @throws Exception if an exception occurred
736             */
737            protected List<Resource> getResources(
738                            long companyId, long groupId, String name, String primKey,
739                            String actionId)
740                    throws Exception {
741    
742                    // Individual
743    
744                    List<Resource> resources = new ArrayList<>(4);
745    
746                    Resource individualResource = ResourceLocalServiceUtil.getResource(
747                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
748    
749                    resources.add(individualResource);
750    
751                    // Group
752    
753                    if (groupId > 0) {
754                            Resource groupResource = ResourceLocalServiceUtil.getResource(
755                                    companyId, name, ResourceConstants.SCOPE_GROUP,
756                                    String.valueOf(groupId));
757    
758                            resources.add(groupResource);
759                    }
760    
761                    // Group template
762    
763                    if (signedIn && (groupId > 0)) {
764                            Resource groupTemplateResource =
765                                    ResourceLocalServiceUtil.getResource(
766                                            companyId, name, ResourceConstants.SCOPE_GROUP_TEMPLATE,
767                                            String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID));
768    
769                            resources.add(groupTemplateResource);
770                    }
771    
772                    // Company
773    
774                    Resource companyResource = ResourceLocalServiceUtil.getResource(
775                            companyId, name, ResourceConstants.SCOPE_COMPANY,
776                            String.valueOf(companyId));
777    
778                    resources.add(companyResource);
779    
780                    return resources;
781            }
782    
783            protected boolean hasGuestPermission(
784                            long groupId, String name, String primKey, String actionId)
785                    throws Exception {
786    
787                    try {
788                            ResourceActionsUtil.checkAction(name, actionId);
789                    }
790                    catch (Exception e) {
791                            if (_log.isDebugEnabled()) {
792                                    _log.debug(
793                                            "Guest does not have permission to " + actionId + " on " +
794                                                    name + " with primary key " + primKey);
795                            }
796    
797                            return false;
798                    }
799    
800                    if (name.indexOf(CharPool.PERIOD) != -1) {
801    
802                            // Check unsupported model actions
803    
804                            List<String> actions =
805                                    ResourceActionsUtil.getModelResourceGuestUnsupportedActions(
806                                            name);
807    
808                            if (actions.contains(actionId)) {
809                                    return false;
810                            }
811                    }
812                    else {
813    
814                            // Check unsupported portlet actions
815    
816                            List<String> actions =
817                                    ResourceActionsUtil.getPortletResourceGuestUnsupportedActions(
818                                            name);
819    
820                            if (actions.contains(actionId)) {
821                                    return false;
822                            }
823                    }
824    
825                    long companyId = user.getCompanyId();
826    
827                    List<Resource> resources = getResources(
828                            companyId, groupId, name, primKey, actionId);
829    
830                    try {
831                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
832                                    ResourceBlockIdsBag resourceBlockIdsBag =
833                                            getGuestResourceBlockIdsBag(companyId, groupId, name);
834    
835                                    return ResourceBlockLocalServiceUtil.hasPermission(
836                                            name, GetterUtil.getLong(primKey), actionId,
837                                            resourceBlockIdsBag);
838                            }
839    
840                            return ResourceLocalServiceUtil.hasUserPermissions(
841                                    defaultUserId, groupId, resources, actionId,
842                                    getGuestUserRoleIds());
843                    }
844                    catch (Exception e) {
845                            _log.error(e, e);
846    
847                            return false;
848                    }
849            }
850    
851            protected boolean hasPermissionImpl(
852                    long groupId, String name, String primKey, String actionId) {
853    
854                    try {
855                            if (!signedIn) {
856                                    return hasGuestPermission(groupId, name, primKey, actionId);
857                            }
858    
859                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
860    
861                                    // It is not necessary to check guest permissions separately, as
862                                    // the user's resource block IDs bag will already have the guest
863                                    // permissions in it if checkGuest is true.
864    
865                                    return hasUserPermission(
866                                            groupId, name, primKey, actionId, true);
867                            }
868    
869                            boolean value = false;
870    
871                            if (checkGuest) {
872                                    value = hasGuestPermission(groupId, name, primKey, actionId);
873                            }
874    
875                            if (!value) {
876                                    value = hasUserPermission(
877                                            groupId, name, primKey, actionId, true);
878                            }
879    
880                            return value;
881                    }
882                    catch (Exception e) {
883                            _log.error(e, e);
884    
885                            return false;
886                    }
887            }
888    
889            protected boolean hasUserPermissionImpl(
890                            long groupId, String name, String primKey, String actionId,
891                            boolean checkAdmin)
892                    throws Exception {
893    
894                    StopWatch stopWatch = new StopWatch();
895    
896                    stopWatch.start();
897    
898                    long companyId = user.getCompanyId();
899    
900                    if (groupId > 0) {
901                            Group group = GroupLocalServiceUtil.getGroup(groupId);
902    
903                            companyId = group.getCompanyId();
904                    }
905                    else if (name.equals(User.class.getName())) {
906                            User user = UserLocalServiceUtil.fetchUser(
907                                    GetterUtil.getLong(primKey));
908    
909                            if (user != null) {
910                                    companyId = user.getCompanyId();
911                            }
912                    }
913    
914                    boolean hasLayoutManagerPermission = true;
915    
916                    // Check if the layout manager has permission to do this action for the
917                    // current portlet
918    
919                    if (Validator.isNotNull(name) && Validator.isNotNull(primKey) &&
920                            primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
921    
922                            hasLayoutManagerPermission =
923                                    PortletPermissionUtil.hasLayoutManagerPermission(
924                                            name, actionId);
925                    }
926    
927                    if (checkAdmin) {
928                            if (isCompanyAdminImpl(companyId)) {
929                                    return true;
930                            }
931    
932                            if (name.equals(Organization.class.getName())) {
933                                    if (isOrganizationAdminImpl(GetterUtil.getLong(primKey))) {
934                                            return true;
935                                    }
936                            }
937                            else if (isGroupAdminImpl(groupId) && hasLayoutManagerPermission) {
938                                    return true;
939                            }
940                    }
941    
942                    return doCheckPermission(
943                            companyId, groupId, name, primKey, actionId, stopWatch);
944            }
945    
946            protected boolean isCompanyAdminImpl(long companyId) throws Exception {
947                    if (!signedIn) {
948                            return false;
949                    }
950    
951                    if (isOmniadmin()) {
952                            return true;
953                    }
954    
955                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
956                            getUserId(), companyId, RoleConstants.ADMINISTRATOR);
957    
958                    try {
959                            if (value == null) {
960                                    value = RoleLocalServiceUtil.hasUserRole(
961                                            user.getUserId(), companyId, RoleConstants.ADMINISTRATOR,
962                                            true);
963    
964                                    PermissionCacheUtil.putUserPrimaryKeyRole(
965                                            getUserId(), companyId, RoleConstants.ADMINISTRATOR, value);
966                            }
967                    }
968                    catch (Exception e) {
969                            PermissionCacheUtil.removeUserPrimaryKeyRole(
970                                    getUserId(), companyId, RoleConstants.ADMINISTRATOR);
971    
972                            throw e;
973                    }
974    
975                    return value;
976            }
977    
978            protected boolean isContentReviewerImpl(long groupId)
979                    throws PortalException {
980    
981                    if (isCompanyAdmin() || isGroupAdmin(groupId)) {
982                            return true;
983                    }
984    
985                    Group group = GroupLocalServiceUtil.getGroup(groupId);
986    
987                    if (RoleLocalServiceUtil.hasUserRole(
988                                    getUserId(), group.getCompanyId(),
989                                    RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
990    
991                            return true;
992                    }
993    
994                    if (group.isSite()) {
995                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
996                                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
997                                            true)) {
998    
999                                    return true;
1000                            }
1001                    }
1002    
1003                    return false;
1004            }
1005    
1006            protected boolean isContentReviewerImpl(long companyId, long groupId)
1007                    throws Exception {
1008    
1009                    if (!signedIn) {
1010                            return false;
1011                    }
1012    
1013                    if (isOmniadmin()) {
1014                            return true;
1015                    }
1016    
1017                    if (isCompanyAdmin(companyId)) {
1018                            return true;
1019                    }
1020    
1021                    if (groupId <= 0) {
1022                            return false;
1023                    }
1024    
1025                    if (isGroupAdmin(groupId)) {
1026                            return true;
1027                    }
1028    
1029                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1030                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1031    
1032                    try {
1033                            if (value == null) {
1034                                    value = isContentReviewerImpl(groupId);
1035    
1036                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1037                                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
1038                                            value);
1039                            }
1040                    }
1041                    catch (Exception e) {
1042                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1043                                    getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1044    
1045                            throw e;
1046                    }
1047    
1048                    return value;
1049            }
1050    
1051            protected boolean isGroupAdminImpl(Group group) throws Exception {
1052                    if (group.isLayout()) {
1053                            long parentGroupId = group.getParentGroupId();
1054    
1055                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
1056                                    return false;
1057                            }
1058    
1059                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
1060                    }
1061    
1062                    if (group.isSite()) {
1063                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1064                                            getUserId(), group.getGroupId(),
1065                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
1066                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1067                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1068                                            true)) {
1069    
1070                                    return true;
1071                            }
1072    
1073                            StopWatch stopWatch = new StopWatch();
1074    
1075                            stopWatch.start();
1076    
1077                            while (!group.isRoot()) {
1078                                    Group parentGroup = group.getParentGroup();
1079    
1080                                    if (doCheckPermission(
1081                                                    parentGroup.getCompanyId(), parentGroup.getGroupId(),
1082                                                    Group.class.getName(),
1083                                                    String.valueOf(parentGroup.getGroupId()),
1084                                                    ActionKeys.MANAGE_SUBGROUPS, stopWatch)) {
1085    
1086                                            return true;
1087                                    }
1088    
1089                                    group = parentGroup;
1090                            }
1091                    }
1092    
1093                    if (group.isCompany()) {
1094                            if (isCompanyAdmin()) {
1095                                    return true;
1096                            }
1097                            else {
1098                                    return false;
1099                            }
1100                    }
1101                    else if (group.isLayoutPrototype()) {
1102                            if (LayoutPrototypePermissionUtil.contains(
1103                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1104    
1105                                    return true;
1106                            }
1107                            else {
1108                                    return false;
1109                            }
1110                    }
1111                    else if (group.isLayoutSetPrototype()) {
1112                            if (LayoutSetPrototypePermissionUtil.contains(
1113                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1114    
1115                                    return true;
1116                            }
1117                            else {
1118                                    return false;
1119                            }
1120                    }
1121                    else if (group.isOrganization()) {
1122                            long organizationId = group.getOrganizationId();
1123    
1124                            while (organizationId !=
1125                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1126    
1127                                    Organization organization =
1128                                            OrganizationLocalServiceUtil.getOrganization(
1129                                                    organizationId);
1130    
1131                                    long organizationGroupId = organization.getGroupId();
1132    
1133                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1134                                                    getUserId(), organizationGroupId,
1135                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1136                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1137                                                    getUserId(), organizationGroupId,
1138                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
1139    
1140                                            return true;
1141                                    }
1142    
1143                                    organizationId = organization.getParentOrganizationId();
1144                            }
1145    
1146                            StopWatch stopWatch = new StopWatch();
1147    
1148                            stopWatch.start();
1149    
1150                            Organization organization =
1151                                    OrganizationLocalServiceUtil.getOrganization(
1152                                            group.getOrganizationId());
1153    
1154                            while (!organization.isRoot()) {
1155                                    Organization parentOrganization =
1156                                            organization.getParentOrganization();
1157    
1158                                    Group parentGroup = parentOrganization.getGroup();
1159    
1160                                    if (doCheckPermission(
1161                                                    parentGroup.getCompanyId(), parentGroup.getGroupId(),
1162                                                    Organization.class.getName(),
1163                                                    String.valueOf(parentOrganization.getOrganizationId()),
1164                                                    ActionKeys.MANAGE_SUBORGANIZATIONS, stopWatch)) {
1165    
1166                                            return true;
1167                                    }
1168    
1169                                    organization = parentOrganization;
1170                            }
1171                    }
1172    
1173                    return false;
1174            }
1175    
1176            protected boolean isGroupAdminImpl(long groupId) throws Exception {
1177                    if (!signedIn) {
1178                            return false;
1179                    }
1180    
1181                    if (isOmniadmin()) {
1182                            return true;
1183                    }
1184    
1185                    if (groupId <= 0) {
1186                            return false;
1187                    }
1188    
1189                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1190    
1191                    if (isCompanyAdmin(group.getCompanyId())) {
1192                            return true;
1193                    }
1194    
1195                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1196                            getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR);
1197    
1198                    try {
1199                            if (value == null) {
1200                                    value = isGroupAdminImpl(group);
1201    
1202                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1203                                            getUserId(), group.getGroupId(),
1204                                            RoleConstants.SITE_ADMINISTRATOR, value);
1205                            }
1206                    }
1207                    catch (Exception e) {
1208                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1209                                    getUserId(), group.getGroupId(),
1210                                    RoleConstants.SITE_ADMINISTRATOR);
1211    
1212                            throw e;
1213                    }
1214    
1215                    return value;
1216            }
1217    
1218            protected boolean isGroupMemberImpl(long groupId) throws Exception {
1219                    if (!signedIn) {
1220                            return false;
1221                    }
1222    
1223                    if (groupId <= 0) {
1224                            return false;
1225                    }
1226    
1227                    long[] roleIds = doGetRoleIds(getUserId(), groupId);
1228    
1229                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1230    
1231                    Role role = RoleLocalServiceUtil.getRole(
1232                            group.getCompanyId(), RoleConstants.SITE_MEMBER);
1233    
1234                    if (Arrays.binarySearch(roleIds, role.getRoleId()) >= 0) {
1235                            return true;
1236                    }
1237    
1238                    UserBag userBag = getUserBag();
1239    
1240                    return userBag.hasUserGroup(group);
1241            }
1242    
1243            protected boolean isGroupOwnerImpl(Group group) throws PortalException {
1244                    if (group.isSite()) {
1245                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1246                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1247                                            true)) {
1248    
1249                                    return true;
1250                            }
1251                    }
1252    
1253                    if (group.isLayoutPrototype()) {
1254                            if (LayoutPrototypePermissionUtil.contains(
1255                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1256    
1257                                    return true;
1258                            }
1259                            else {
1260                                    return false;
1261                            }
1262                    }
1263                    else if (group.isLayoutSetPrototype()) {
1264                            if (LayoutSetPrototypePermissionUtil.contains(
1265                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1266    
1267                                    return true;
1268                            }
1269                            else {
1270                                    return false;
1271                            }
1272                    }
1273                    else if (group.isOrganization()) {
1274                            long organizationId = group.getOrganizationId();
1275    
1276                            while (organizationId !=
1277                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1278    
1279                                    Organization organization =
1280                                            OrganizationLocalServiceUtil.getOrganization(
1281                                                    organizationId);
1282    
1283                                    long organizationGroupId = organization.getGroupId();
1284    
1285                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1286                                                    getUserId(), organizationGroupId,
1287                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
1288    
1289                                            return true;
1290                                    }
1291    
1292                                    organizationId = organization.getParentOrganizationId();
1293                            }
1294                    }
1295                    else if (group.isUser()) {
1296                            long groupUserId = group.getClassPK();
1297    
1298                            if (getUserId() == groupUserId) {
1299                                    return true;
1300                            }
1301                    }
1302    
1303                    return false;
1304            }
1305    
1306            protected boolean isGroupOwnerImpl(long groupId) throws Exception {
1307                    if (!signedIn) {
1308                            return false;
1309                    }
1310    
1311                    if (isOmniadmin()) {
1312                            return true;
1313                    }
1314    
1315                    if (groupId <= 0) {
1316                            return false;
1317                    }
1318    
1319                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1320    
1321                    if (isCompanyAdmin(group.getCompanyId())) {
1322                            return true;
1323                    }
1324    
1325                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1326                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1327    
1328                    try {
1329                            if (value == null) {
1330                                    value = isGroupOwnerImpl(group);
1331    
1332                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1333                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1334                                            value);
1335                            }
1336                    }
1337                    catch (Exception e) {
1338                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1339                                    getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1340    
1341                            throw e;
1342                    }
1343    
1344                    return value;
1345            }
1346    
1347            protected boolean isOrganizationAdminImpl(long organizationId)
1348                    throws Exception {
1349    
1350                    if (!signedIn) {
1351                            return false;
1352                    }
1353    
1354                    if (isOmniadmin()) {
1355                            return true;
1356                    }
1357    
1358                    if (organizationId <= 0) {
1359                            return false;
1360                    }
1361    
1362                    Organization organization =
1363                            OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1364    
1365                    if (organization == null) {
1366                            return false;
1367                    }
1368    
1369                    if (isCompanyAdmin(organization.getCompanyId())) {
1370                            return true;
1371                    }
1372    
1373                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1374                            getUserId(), organization.getOrganizationId(),
1375                            RoleConstants.ORGANIZATION_ADMINISTRATOR);
1376    
1377                    try {
1378                            if (value == null) {
1379                                    value = isOrganizationAdminImpl(organization);
1380    
1381                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1382                                            getUserId(), organization.getOrganizationId(),
1383                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, value);
1384                            }
1385                    }
1386                    catch (Exception e) {
1387                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1388                                    getUserId(), organization.getOrganizationId(),
1389                                    RoleConstants.ORGANIZATION_ADMINISTRATOR);
1390    
1391                            throw e;
1392                    }
1393    
1394                    return value;
1395            }
1396    
1397            protected boolean isOrganizationAdminImpl(Organization organization)
1398                    throws PortalException {
1399    
1400                    while (organization != null) {
1401                            long organizationGroupId = organization.getGroupId();
1402    
1403                            long userId = getUserId();
1404    
1405                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1406                                            userId, organizationGroupId,
1407                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1408                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1409                                            userId, organizationGroupId,
1410                                            RoleConstants.ORGANIZATION_OWNER, true)) {
1411    
1412                                    return true;
1413                            }
1414    
1415                            organization = organization.getParentOrganization();
1416                    }
1417    
1418                    return false;
1419            }
1420    
1421            protected boolean isOrganizationOwnerImpl(long organizationId)
1422                    throws Exception {
1423    
1424                    if (!signedIn) {
1425                            return false;
1426                    }
1427    
1428                    if (isOmniadmin()) {
1429                            return true;
1430                    }
1431    
1432                    if (organizationId <= 0) {
1433                            return false;
1434                    }
1435    
1436                    Organization organization =
1437                            OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1438    
1439                    if (organization == null) {
1440                            return false;
1441                    }
1442    
1443                    if (isCompanyAdmin(organization.getCompanyId())) {
1444                            return true;
1445                    }
1446    
1447                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1448                            getUserId(), organization.getOrganizationId(),
1449                            RoleConstants.ORGANIZATION_OWNER);
1450    
1451                    try {
1452                            if (value == null) {
1453                                    value = isOrganizationOwnerImpl(organization);
1454    
1455                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1456                                            getUserId(), organization.getOrganizationId(),
1457                                            RoleConstants.ORGANIZATION_OWNER, value);
1458                            }
1459                    }
1460                    catch (Exception e) {
1461                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1462                                    getUserId(), organization.getOrganizationId(),
1463                                    RoleConstants.ORGANIZATION_OWNER);
1464    
1465                            throw e;
1466                    }
1467    
1468                    return value;
1469            }
1470    
1471            protected boolean isOrganizationOwnerImpl(Organization organization)
1472                    throws PortalException {
1473    
1474                    while (organization != null) {
1475                            long organizationGroupId = organization.getGroupId();
1476    
1477                            long userId = getUserId();
1478    
1479                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1480                                            userId, organizationGroupId,
1481                                            RoleConstants.ORGANIZATION_OWNER, true)) {
1482    
1483                                    return true;
1484                            }
1485    
1486                            organization = organization.getParentOrganization();
1487                    }
1488    
1489                    return false;
1490            }
1491    
1492            protected void logHasUserPermission(
1493                    long groupId, String name, String primKey, String actionId,
1494                    StopWatch stopWatch, int block) {
1495    
1496                    if (!_log.isDebugEnabled()) {
1497                            return;
1498                    }
1499    
1500                    _log.debug(
1501                            "Checking user permission block " + block + " for " + groupId +
1502                                    " " + name + " " + primKey + " " + actionId + " takes " +
1503                                            stopWatch.getTime() + " ms");
1504            }
1505    
1506            /**
1507             * @deprecated As of 6.1.0
1508             */
1509            @Deprecated
1510            protected static final String RESULTS_SEPARATOR = "_RESULTS_SEPARATOR_";
1511    
1512            private static final Log _log = LogFactoryUtil.getLog(
1513                    AdvancedPermissionChecker.class);
1514    
1515    }