001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.expando.kernel.model.ExpandoBridge;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.model.Group;
020    import com.liferay.portal.kernel.model.Role;
021    import com.liferay.portal.kernel.model.RoleConstants;
022    import com.liferay.portal.kernel.model.User;
023    import com.liferay.portal.kernel.security.membershippolicy.OrganizationMembershipPolicyUtil;
024    import com.liferay.portal.kernel.security.membershippolicy.RoleMembershipPolicyUtil;
025    import com.liferay.portal.kernel.security.membershippolicy.SiteMembershipPolicyUtil;
026    import com.liferay.portal.kernel.security.permission.ActionKeys;
027    import com.liferay.portal.kernel.service.ServiceContext;
028    import com.liferay.portal.kernel.service.permission.PortalPermissionUtil;
029    import com.liferay.portal.kernel.service.permission.RolePermissionUtil;
030    import com.liferay.portal.kernel.service.permission.UserPermissionUtil;
031    import com.liferay.portal.kernel.util.OrderByComparator;
032    import com.liferay.portal.service.base.RoleServiceBaseImpl;
033    
034    import java.io.Serializable;
035    
036    import java.util.ArrayList;
037    import java.util.LinkedHashMap;
038    import java.util.List;
039    import java.util.Locale;
040    import java.util.Map;
041    
042    /**
043     * Provides the remote service for accessing, adding, unassigning, checking,
044     * deleting, and updating roles. Its methods include permission checks.
045     *
046     * @author Brian Wing Shun Chan
047     */
048    public class RoleServiceImpl extends RoleServiceBaseImpl {
049    
050            /**
051             * Adds a role. The user is reindexed after role is added.
052             *
053             * @param  className the name of the class for which the role is created
054             * @param  classPK the primary key of the class for which the role is
055             *         created (optionally <code>0</code>)
056             * @param  name the role's name
057             * @param  titleMap the role's localized titles (optionally
058             *         <code>null</code>)
059             * @param  descriptionMap the role's localized descriptions (optionally
060             *         <code>null</code>)
061             * @param  type the role's type (optionally <code>0</code>)
062             * @param  subtype the role's subtype (optionally <code>null</code>)
063             * @param  serviceContext the service context to be applied (optionally
064             *         <code>null</code>). Can set the expando bridge attributes for the
065             *         role.
066             * @return the role
067             */
068            @Override
069            public Role addRole(
070                            String className, long classPK, String name,
071                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
072                            int type, String subtype, ServiceContext serviceContext)
073                    throws PortalException {
074    
075                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
076    
077                    User user = getUser();
078    
079                    Role role = roleLocalService.addRole(
080                            user.getUserId(), className, classPK, name, titleMap,
081                            descriptionMap, type, subtype, serviceContext);
082    
083                    if (type == RoleConstants.TYPE_ORGANIZATION) {
084                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
085                    }
086                    else if (type == RoleConstants.TYPE_SITE) {
087                            SiteMembershipPolicyUtil.verifyPolicy(role);
088                    }
089                    else {
090                            RoleMembershipPolicyUtil.verifyPolicy(role);
091                    }
092    
093                    return role;
094            }
095    
096            /**
097             * Adds the roles to the user. The user is reindexed after the roles are
098             * added.
099             *
100             * @param userId the primary key of the user
101             * @param roleIds the primary keys of the roles
102             */
103            @Override
104            public void addUserRoles(long userId, long[] roleIds)
105                    throws PortalException {
106    
107                    if (roleIds.length == 0) {
108                            return;
109                    }
110    
111                    checkUserRolesPermission(userId, roleIds);
112    
113                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
114    
115                    roleLocalService.addUserRoles(userId, roleIds);
116    
117                    RoleMembershipPolicyUtil.propagateRoles(
118                            new long[] {userId}, roleIds, null);
119            }
120    
121            /**
122             * Deletes the role with the primary key and its associated permissions.
123             *
124             * @param roleId the primary key of the role
125             */
126            @Override
127            public void deleteRole(long roleId) throws PortalException {
128                    RolePermissionUtil.check(
129                            getPermissionChecker(), roleId, ActionKeys.DELETE);
130    
131                    roleLocalService.deleteRole(roleId);
132            }
133    
134            @Override
135            public Role fetchRole(long roleId) throws PortalException {
136                    Role role = roleLocalService.fetchRole(roleId);
137    
138                    if (role != null) {
139                            RolePermissionUtil.check(
140                                    getPermissionChecker(), roleId, ActionKeys.VIEW);
141                    }
142    
143                    return role;
144            }
145    
146            /**
147             * Returns all the roles associated with the group.
148             *
149             * @param  groupId the primary key of the group
150             * @return the roles associated with the group
151             */
152            @Override
153            public List<Role> getGroupRoles(long groupId) throws PortalException {
154                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
155    
156                    return filterRoles(roles);
157            }
158    
159            /**
160             * Returns the role with the primary key.
161             *
162             * @param  roleId the primary key of the role
163             * @return the role with the primary key
164             */
165            @Override
166            public Role getRole(long roleId) throws PortalException {
167                    RolePermissionUtil.check(
168                            getPermissionChecker(), roleId, ActionKeys.VIEW);
169    
170                    return roleLocalService.getRole(roleId);
171            }
172    
173            /**
174             * Returns the role with the name in the company.
175             *
176             * <p>
177             * The method searches the system roles map first for default roles. If a
178             * role with the name is not found, then the method will query the database.
179             * </p>
180             *
181             * @param  companyId the primary key of the company
182             * @param  name the role's name
183             * @return the role with the name
184             */
185            @Override
186            public Role getRole(long companyId, String name) throws PortalException {
187                    Role role = roleLocalService.getRole(companyId, name);
188    
189                    RolePermissionUtil.check(
190                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
191    
192                    return role;
193            }
194    
195            @Override
196            public List<Role> getRoles(int type, String subtype)
197                    throws PortalException {
198    
199                    return filterRoles(roleLocalService.getRoles(type, subtype));
200            }
201    
202            @Override
203            public List<Role> getRoles(long companyId, int[] types)
204                    throws PortalException {
205    
206                    return filterRoles(roleLocalService.getRoles(companyId, types));
207            }
208    
209            /**
210             * Returns all the user's roles within the user group.
211             *
212             * @param  userId the primary key of the user
213             * @param  groupId the primary key of the group
214             * @return the user's roles within the user group
215             */
216            @Override
217            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
218                    throws PortalException {
219    
220                    UserPermissionUtil.check(
221                            getPermissionChecker(), userId, ActionKeys.VIEW);
222    
223                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
224                            userId, groupId);
225    
226                    return filterRoles(roles);
227            }
228    
229            /**
230             * Returns all the user's roles within the user group.
231             *
232             * @param  userId the primary key of the user
233             * @param  groupId the primary key of the group
234             * @return the user's roles within the user group
235             */
236            @Override
237            public List<Role> getUserGroupRoles(long userId, long groupId)
238                    throws PortalException {
239    
240                    UserPermissionUtil.check(
241                            getPermissionChecker(), userId, ActionKeys.VIEW);
242    
243                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
244    
245                    return filterRoles(roles);
246            }
247    
248            /**
249             * Returns the union of all the user's roles within the groups.
250             *
251             * @param  userId the primary key of the user
252             * @param  groups the groups (optionally <code>null</code>)
253             * @return the union of all the user's roles within the groups
254             */
255            @Override
256            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
257                    throws PortalException {
258    
259                    UserPermissionUtil.check(
260                            getPermissionChecker(), userId, ActionKeys.VIEW);
261    
262                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
263    
264                    return filterRoles(roles);
265            }
266    
267            /**
268             * Returns all the roles associated with the user.
269             *
270             * @param  userId the primary key of the user
271             * @return the roles associated with the user
272             */
273            @Override
274            public List<Role> getUserRoles(long userId) throws PortalException {
275                    UserPermissionUtil.check(
276                            getPermissionChecker(), userId, ActionKeys.VIEW);
277    
278                    List<Role> roles = roleLocalService.getUserRoles(userId);
279    
280                    return filterRoles(roles);
281            }
282    
283            /**
284             * Returns <code>true</code> if the user is associated with the named
285             * regular role.
286             *
287             * @param  userId the primary key of the user
288             * @param  companyId the primary key of the company
289             * @param  name the name of the role
290             * @param  inherited whether to include the user's inherited roles in the
291             *         search
292             * @return <code>true</code> if the user is associated with the regular
293             *         role; <code>false</code> otherwise
294             */
295            @Override
296            public boolean hasUserRole(
297                            long userId, long companyId, String name, boolean inherited)
298                    throws PortalException {
299    
300                    UserPermissionUtil.check(
301                            getPermissionChecker(), userId, ActionKeys.VIEW);
302    
303                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
304            }
305    
306            /**
307             * Returns <code>true</code> if the user has any one of the named regular
308             * roles.
309             *
310             * @param  userId the primary key of the user
311             * @param  companyId the primary key of the company
312             * @param  names the names of the roles
313             * @param  inherited whether to include the user's inherited roles in the
314             *         search
315             * @return <code>true</code> if the user has any one of the regular roles;
316             *         <code>false</code> otherwise
317             */
318            @Override
319            public boolean hasUserRoles(
320                            long userId, long companyId, String[] names, boolean inherited)
321                    throws PortalException {
322    
323                    UserPermissionUtil.check(
324                            getPermissionChecker(), userId, ActionKeys.VIEW);
325    
326                    return roleLocalService.hasUserRoles(
327                            userId, companyId, names, inherited);
328            }
329    
330            @Override
331            public List<Role> search(
332                    long companyId, String keywords, Integer[] types,
333                    LinkedHashMap<String, Object> params, int start, int end,
334                    OrderByComparator<Role> obc) {
335    
336                    return roleFinder.filterFindByKeywords(
337                            companyId, keywords, types, params, start, end, obc);
338            }
339    
340            @Override
341            public int searchCount(
342                    long companyId, String keywords, Integer[] types,
343                    LinkedHashMap<String, Object> params) {
344    
345                    return roleFinder.filterCountByKeywords(
346                            companyId, keywords, types, params);
347            }
348    
349            /**
350             * Removes the matching roles associated with the user. The user is
351             * reindexed after the roles are removed.
352             *
353             * @param userId the primary key of the user
354             * @param roleIds the primary keys of the roles
355             */
356            @Override
357            public void unsetUserRoles(long userId, long[] roleIds)
358                    throws PortalException {
359    
360                    if (roleIds.length == 0) {
361                            return;
362                    }
363    
364                    checkUserRolesPermission(userId, roleIds);
365    
366                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
367    
368                    roleLocalService.unsetUserRoles(userId, roleIds);
369    
370                    RoleMembershipPolicyUtil.propagateRoles(
371                            new long[] {userId}, null, roleIds);
372            }
373    
374            /**
375             * Updates the role with the primary key.
376             *
377             * @param  roleId the primary key of the role
378             * @param  name the role's new name
379             * @param  titleMap the new localized titles (optionally <code>null</code>)
380             *         to replace those existing for the role
381             * @param  descriptionMap the new localized descriptions (optionally
382             *         <code>null</code>) to replace those existing for the role
383             * @param  subtype the role's new subtype (optionally <code>null</code>)
384             * @param  serviceContext the service context to be applied (optionally
385             *         <code>null</code>). Can set the expando bridge attributes for the
386             *         role.
387             * @return the role with the primary key
388             */
389            @Override
390            public Role updateRole(
391                            long roleId, String name, Map<Locale, String> titleMap,
392                            Map<Locale, String> descriptionMap, String subtype,
393                            ServiceContext serviceContext)
394                    throws PortalException {
395    
396                    RolePermissionUtil.check(
397                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
398    
399                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
400    
401                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
402    
403                    Map<String, Serializable> oldExpandoAttributes =
404                            oldExpandoBridge.getAttributes();
405    
406                    Role role = roleLocalService.updateRole(
407                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
408    
409                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
410                            OrganizationMembershipPolicyUtil.verifyPolicy(
411                                    role, oldRole, oldExpandoAttributes);
412                    }
413                    else if (role.getType() == RoleConstants.TYPE_SITE) {
414                            SiteMembershipPolicyUtil.verifyPolicy(
415                                    role, oldRole, oldExpandoAttributes);
416                    }
417                    else {
418                            RoleMembershipPolicyUtil.verifyPolicy(
419                                    role, oldRole, oldExpandoAttributes);
420                    }
421    
422                    return role;
423            }
424    
425            protected void checkUserRolesPermission(long userId, long[] roleIds)
426                    throws PortalException {
427    
428                    for (int i = 0; i < roleIds.length; i++) {
429                            RolePermissionUtil.check(
430                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
431                    }
432            }
433    
434            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
435                    List<Role> filteredRoles = new ArrayList<>();
436    
437                    for (Role role : roles) {
438                            if (RolePermissionUtil.contains(
439                                            getPermissionChecker(), role.getRoleId(),
440                                            ActionKeys.VIEW)) {
441    
442                                    filteredRoles.add(role);
443                            }
444                    }
445    
446                    return filteredRoles;
447            }
448    
449    }