001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.dao.orm.QueryUtil;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.model.Group;
022    import com.liferay.portal.kernel.model.GroupConstants;
023    import com.liferay.portal.kernel.model.GroupedModel;
024    import com.liferay.portal.kernel.model.Layout;
025    import com.liferay.portal.kernel.model.Organization;
026    import com.liferay.portal.kernel.model.OrganizationConstants;
027    import com.liferay.portal.kernel.model.PermissionedModel;
028    import com.liferay.portal.kernel.model.PortletConstants;
029    import com.liferay.portal.kernel.model.Resource;
030    import com.liferay.portal.kernel.model.ResourceBlockConstants;
031    import com.liferay.portal.kernel.model.ResourceConstants;
032    import com.liferay.portal.kernel.model.Role;
033    import com.liferay.portal.kernel.model.RoleConstants;
034    import com.liferay.portal.kernel.model.Team;
035    import com.liferay.portal.kernel.model.User;
036    import com.liferay.portal.kernel.security.permission.ActionKeys;
037    import com.liferay.portal.kernel.security.permission.PermissionChecker;
038    import com.liferay.portal.kernel.security.permission.ResourceActionsUtil;
039    import com.liferay.portal.kernel.security.permission.ResourceBlockIdsBag;
040    import com.liferay.portal.kernel.security.permission.UserBag;
041    import com.liferay.portal.kernel.security.permission.UserBagFactoryUtil;
042    import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
043    import com.liferay.portal.kernel.service.LayoutLocalServiceUtil;
044    import com.liferay.portal.kernel.service.OrganizationLocalServiceUtil;
045    import com.liferay.portal.kernel.service.ResourceBlockLocalServiceUtil;
046    import com.liferay.portal.kernel.service.ResourceLocalServiceUtil;
047    import com.liferay.portal.kernel.service.ResourcePermissionLocalServiceUtil;
048    import com.liferay.portal.kernel.service.RoleLocalServiceUtil;
049    import com.liferay.portal.kernel.service.TeamLocalServiceUtil;
050    import com.liferay.portal.kernel.service.UserGroupRoleLocalServiceUtil;
051    import com.liferay.portal.kernel.service.UserLocalServiceUtil;
052    import com.liferay.portal.kernel.service.permission.LayoutPrototypePermissionUtil;
053    import com.liferay.portal.kernel.service.permission.LayoutSetPrototypePermissionUtil;
054    import com.liferay.portal.kernel.service.permission.PortletPermissionUtil;
055    import com.liferay.portal.kernel.util.ArrayUtil;
056    import com.liferay.portal.kernel.util.CharPool;
057    import com.liferay.portal.kernel.util.GetterUtil;
058    import com.liferay.portal.kernel.util.ListUtil;
059    import com.liferay.portal.kernel.util.SetUtil;
060    import com.liferay.portal.kernel.util.Validator;
061    
062    import java.util.ArrayList;
063    import java.util.Arrays;
064    import java.util.Collections;
065    import java.util.LinkedHashMap;
066    import java.util.List;
067    import java.util.Set;
068    
069    import org.apache.commons.lang.time.StopWatch;
070    
071    /**
072     * @author Charles May
073     * @author Brian Wing Shun Chan
074     * @author Raymond Augé
075     * @author Wesley Gong
076     * @author Connor McKay
077     */
078    public class AdvancedPermissionChecker extends BasePermissionChecker {
079    
080            @Override
081            public AdvancedPermissionChecker clone() {
082                    return new AdvancedPermissionChecker();
083            }
084    
085            public ResourceBlockIdsBag getGuestResourceBlockIdsBag(
086                            long companyId, long groupId, String name)
087                    throws Exception {
088    
089                    ResourceBlockIdsBag resourceBlockIdsBag =
090                            PermissionCacheUtil.getResourceBlockIdsBag(
091                                    companyId, groupId, defaultUserId, name);
092    
093                    if (resourceBlockIdsBag != null) {
094                            return resourceBlockIdsBag;
095                    }
096    
097                    try {
098                            resourceBlockIdsBag =
099                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
100                                            getCompanyId(), groupId, name, getGuestUserRoleIds());
101    
102                            PermissionCacheUtil.putResourceBlockIdsBag(
103                                    companyId, groupId, defaultUserId, name, resourceBlockIdsBag);
104    
105                            return resourceBlockIdsBag;
106                    }
107                    catch (Exception e) {
108                            PermissionCacheUtil.removeResourceBlockIdsBag(
109                                    getCompanyId(), groupId, defaultUserId, name);
110    
111                            throw e;
112                    }
113            }
114    
115            /**
116             * Returns the permission checker bag for the guest user.
117             *
118             * @return the permission checker bag for the guest user
119             * @throws Exception if an exception occurred
120             */
121            public long[] getGuestUserRoleIds() throws Exception {
122                    Group guestGroup = GroupLocalServiceUtil.getGroup(
123                            getCompanyId(), GroupConstants.GUEST);
124    
125                    long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
126                            defaultUserId, guestGroup.getGroupId());
127    
128                    if (roleIds != null) {
129                            return roleIds;
130                    }
131    
132                    try {
133                            List<Role> roles = RoleLocalServiceUtil.getUserRelatedRoles(
134                                    defaultUserId, Collections.singletonList(guestGroup));
135    
136                            // Only use the guest group for deriving the roles for
137                            // unauthenticated users. Do not add the group to the permission bag
138                            // as this implies group membership which is incorrect in the case
139                            // of unauthenticated users.
140    
141                            roleIds = ListUtil.toLongArray(roles, Role.ROLE_ID_ACCESSOR);
142    
143                            Arrays.sort(roleIds);
144    
145                            PermissionCacheUtil.putUserGroupRoleIds(
146                                    defaultUserId, guestGroup.getGroupId(), roleIds);
147                    }
148                    catch (Exception e) {
149                            PermissionCacheUtil.removeUserGroupRoleIds(
150                                    defaultUserId, guestGroup.getGroupId());
151    
152                            throw e;
153                    }
154    
155                    return roleIds;
156            }
157    
158            @Override
159            public List<Long> getOwnerResourceBlockIds(
160                    long companyId, long groupId, String name, String actionId) {
161    
162                    try {
163                            ResourceBlockIdsBag resourceBlockIdsBag =
164                                    getOwnerResourceBlockIdsBag(companyId, groupId, name);
165    
166                            return ResourceBlockLocalServiceUtil.getResourceBlockIds(
167                                    resourceBlockIdsBag, name, actionId);
168                    }
169                    catch (Exception e) {
170                            if (_log.isDebugEnabled()) {
171                                    _log.debug(e, e);
172                            }
173                    }
174    
175                    return Collections.emptyList();
176            }
177    
178            public ResourceBlockIdsBag getOwnerResourceBlockIdsBag(
179                    long companyId, long groupId, String name) {
180    
181                    ResourceBlockIdsBag resourceBlockIdsBag =
182                            PermissionCacheUtil.getResourceBlockIdsBag(
183                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
184    
185                    if (resourceBlockIdsBag != null) {
186                            return resourceBlockIdsBag;
187                    }
188    
189                    try {
190                            long[] roleIds = {getOwnerRoleId()};
191    
192                            resourceBlockIdsBag =
193                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
194                                            getCompanyId(), groupId, name, roleIds);
195    
196                            PermissionCacheUtil.putResourceBlockIdsBag(
197                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
198                                    resourceBlockIdsBag);
199    
200                            return resourceBlockIdsBag;
201                    }
202                    catch (Exception e) {
203                            PermissionCacheUtil.removeResourceBlockIdsBag(
204                                    companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
205    
206                            throw e;
207                    }
208            }
209    
210            @Override
211            public List<Long> getResourceBlockIds(
212                    long companyId, long groupId, long userId, String name,
213                    String actionId) {
214    
215                    try {
216                            ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
217                                    companyId, groupId, name, getRoleIds(getUserId(), groupId));
218    
219                            return ResourceBlockLocalServiceUtil.getResourceBlockIds(
220                                    resourceBlockIdsBag, name, actionId);
221                    }
222                    catch (Exception e) {
223                            if (_log.isDebugEnabled()) {
224                                    _log.debug(e, e);
225                            }
226                    }
227    
228                    return Collections.emptyList();
229            }
230    
231            public ResourceBlockIdsBag getResourceBlockIdsBag(
232                            long companyId, long groupId, String name, long[] roleIds)
233                    throws Exception {
234    
235                    ResourceBlockIdsBag resourceBlockIdsBag =
236                            PermissionCacheUtil.getResourceBlockIdsBag(
237                                    companyId, groupId, getUserId(), name);
238    
239                    if (resourceBlockIdsBag != null) {
240                            return resourceBlockIdsBag;
241                    }
242    
243                    try {
244                            resourceBlockIdsBag =
245                                    ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
246                                            getCompanyId(), groupId, name, roleIds);
247    
248                            PermissionCacheUtil.putResourceBlockIdsBag(
249                                    companyId, groupId, getUserId(), name, resourceBlockIdsBag);
250    
251                            return resourceBlockIdsBag;
252                    }
253                    catch (Exception e) {
254                            PermissionCacheUtil.removeResourceBlockIdsBag(
255                                    companyId, groupId, getUserId(), name);
256    
257                            throw e;
258                    }
259            }
260    
261            @Override
262            public long[] getRoleIds(long userId, long groupId) {
263                    try {
264                            return doGetRoleIds(userId, groupId);
265                    }
266                    catch (Exception e) {
267                            if (_log.isDebugEnabled()) {
268                                    _log.debug(e, e);
269                            }
270    
271                            return PermissionChecker.DEFAULT_ROLE_IDS;
272                    }
273            }
274    
275            @Override
276            public UserBag getUserBag() throws PortalException {
277                    return UserBagFactoryUtil.create(getUserId());
278            }
279    
280            @Override
281            public boolean hasOwnerPermission(
282                    long companyId, String name, String primKey, long ownerId,
283                    String actionId) {
284    
285                    if (ownerId != getUserId()) {
286                            return false;
287                    }
288    
289                    if (ownerId == defaultUserId) {
290                            if (actionId.equals(ActionKeys.VIEW)) {
291                                    return true;
292                            }
293                            else {
294                                    return false;
295                            }
296                    }
297    
298                    try {
299                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
300                                    PermissionedModel permissionedModel =
301                                            ResourceBlockLocalServiceUtil.getPermissionedModel(
302                                                    name, GetterUtil.getLong(primKey));
303    
304                                    long groupId = 0;
305    
306                                    if (permissionedModel instanceof GroupedModel) {
307                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
308    
309                                            groupId = groupedModel.getGroupId();
310                                    }
311    
312                                    ResourceBlockIdsBag resourceBlockIdsBag =
313                                            getOwnerResourceBlockIdsBag(companyId, groupId, name);
314    
315                                    return ResourceBlockLocalServiceUtil.hasPermission(
316                                            name, permissionedModel, actionId, resourceBlockIdsBag);
317                            }
318    
319                            return ResourcePermissionLocalServiceUtil.hasResourcePermission(
320                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
321                                    getOwnerRoleId(), actionId);
322                    }
323                    catch (Exception e) {
324                            if (_log.isDebugEnabled()) {
325                                    _log.debug(e, e);
326                            }
327                    }
328    
329                    return false;
330            }
331    
332            @Override
333            public boolean hasPermission(
334                    long groupId, String name, String primKey, String actionId) {
335    
336                    StopWatch stopWatch = new StopWatch();
337    
338                    stopWatch.start();
339    
340                    boolean checkOwnerPermission = false;
341                    Group group = null;
342    
343                    try {
344                            if (groupId > 0) {
345                                    group = GroupLocalServiceUtil.getGroup(groupId);
346    
347                                    // If the group is a scope group for a layout, check the
348                                    // original group.
349    
350                                    if (group.isLayout() &&
351                                            !ResourceBlockLocalServiceUtil.isSupported(name)) {
352    
353                                            Layout layout = LayoutLocalServiceUtil.getLayout(
354                                                    group.getClassPK());
355    
356                                            groupId = layout.getGroupId();
357    
358                                            group = GroupLocalServiceUtil.getGroup(groupId);
359                                    }
360    
361                                    // If the group is a personal site, check the "User Personal
362                                    // Site" group.
363    
364                                    if (group.isUser() && (group.getClassPK() == getUserId())) {
365                                            checkOwnerPermission = true;
366    
367                                            group = GroupLocalServiceUtil.getGroup(
368                                                    getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
369    
370                                            groupId = group.getGroupId();
371                                    }
372                            }
373                    }
374                    catch (Exception e) {
375                            _log.error(e, e);
376                    }
377    
378                    long[] roleIds = getRoleIds(getUserId(), groupId);
379    
380                    Boolean value = PermissionCacheUtil.getPermission(
381                            groupId, name, primKey, roleIds, actionId);
382    
383                    if (value != null) {
384                            return value;
385                    }
386    
387                    try {
388                            if (checkOwnerPermission) {
389                                    value = hasOwnerPermission(
390                                            getCompanyId(), name, primKey, getUserId(), actionId);
391                            }
392    
393                            if ((value == null) || !value) {
394                                    value = hasPermissionImpl(
395                                            groupId, name, primKey, roleIds, actionId);
396                            }
397    
398                            if (_log.isDebugEnabled()) {
399                                    _log.debug(
400                                            "Checking permission for " + groupId + " " + name +
401                                                    " " + primKey + " " + actionId + " takes " +
402                                                            stopWatch.getTime() + " ms");
403                            }
404    
405                            PermissionCacheUtil.putPermission(
406                                    groupId, name, primKey, roleIds, actionId, value);
407                    }
408                    catch (Exception e) {
409                            PermissionCacheUtil.removePermission(
410                                    groupId, name, primKey, roleIds, actionId);
411    
412                            throw e;
413                    }
414    
415                    return value;
416            }
417    
418            @Override
419            public boolean isCompanyAdmin() {
420                    try {
421                            return isCompanyAdminImpl(user.getCompanyId());
422                    }
423                    catch (Exception e) {
424                            _log.error(e, e);
425    
426                            return false;
427                    }
428            }
429    
430            @Override
431            public boolean isCompanyAdmin(long companyId) {
432                    try {
433                            return isCompanyAdminImpl(companyId);
434                    }
435                    catch (Exception e) {
436                            _log.error(e, e);
437    
438                            return false;
439                    }
440            }
441    
442            @Override
443            public boolean isContentReviewer(long companyId, long groupId) {
444                    try {
445                            return isContentReviewerImpl(companyId, groupId);
446                    }
447                    catch (Exception e) {
448                            _log.error(e, e);
449                    }
450    
451                    return false;
452            }
453    
454            @Override
455            public boolean isGroupAdmin(long groupId) {
456                    try {
457                            return isGroupAdminImpl(groupId);
458                    }
459                    catch (Exception e) {
460                            _log.error(e, e);
461    
462                            return false;
463                    }
464            }
465    
466            @Override
467            public boolean isGroupMember(long groupId) {
468                    try {
469                            return isGroupMemberImpl(groupId);
470                    }
471                    catch (Exception e) {
472                            _log.error(e, e);
473    
474                            return false;
475                    }
476            }
477    
478            @Override
479            public boolean isGroupOwner(long groupId) {
480                    try {
481                            return isGroupOwnerImpl(groupId);
482                    }
483                    catch (Exception e) {
484                            _log.error(e, e);
485    
486                            return false;
487                    }
488            }
489    
490            @Override
491            public boolean isOrganizationAdmin(long organizationId) {
492                    try {
493                            return isOrganizationAdminImpl(organizationId);
494                    }
495                    catch (Exception e) {
496                            _log.error(e, e);
497    
498                            return false;
499                    }
500            }
501    
502            @Override
503            public boolean isOrganizationOwner(long organizationId) {
504                    try {
505                            return isOrganizationOwnerImpl(organizationId);
506                    }
507                    catch (Exception e) {
508                            _log.error(e, e);
509    
510                            return false;
511                    }
512            }
513    
514            protected void addTeamRoles(long userId, Group group, Set<Long> roleIds)
515                    throws Exception {
516    
517                    List<Team> userTeams = TeamLocalServiceUtil.getUserTeams(
518                            userId, group.getGroupId());
519    
520                    for (Team team : userTeams) {
521                            Role role = RoleLocalServiceUtil.getTeamRole(
522                                    team.getCompanyId(), team.getTeamId());
523    
524                            roleIds.add(role.getRoleId());
525                    }
526    
527                    LinkedHashMap<String, Object> teamParams = new LinkedHashMap<>();
528    
529                    teamParams.put("usersUserGroups", userId);
530    
531                    List<Team> userGroupTeams = TeamLocalServiceUtil.search(
532                            group.getGroupId(), null, null, teamParams, QueryUtil.ALL_POS,
533                            QueryUtil.ALL_POS, null);
534    
535                    for (Team team : userGroupTeams) {
536                            Role role = RoleLocalServiceUtil.getTeamRole(
537                                    team.getCompanyId(), team.getTeamId());
538    
539                            roleIds.add(role.getRoleId());
540                    }
541            }
542    
543            protected boolean doCheckPermission(
544                            long companyId, long groupId, String name, String primKey,
545                            long[] roleIds, String actionId, StopWatch stopWatch)
546                    throws Exception {
547    
548                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 1);
549    
550                    if (ResourceBlockLocalServiceUtil.isSupported(name)) {
551                            ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
552                                    companyId, groupId, name, roleIds);
553    
554                            boolean value = ResourceBlockLocalServiceUtil.hasPermission(
555                                    name, GetterUtil.getLong(primKey), actionId,
556                                    resourceBlockIdsBag);
557    
558                            logHasUserPermission(
559                                    groupId, name, primKey, actionId, stopWatch, 2);
560    
561                            return value;
562                    }
563    
564                    List<Resource> resources = getResources(
565                            companyId, groupId, name, primKey, actionId);
566    
567                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 3);
568    
569                    // Check if user has access to perform the action on the given resource
570                    // scopes. The resources are scoped to check first for an individual
571                    // class, then for the group that the class may belong to, and then for
572                    // the company that the class belongs to.
573    
574                    boolean value = ResourceLocalServiceUtil.hasUserPermissions(
575                            user.getUserId(), groupId, resources, actionId, roleIds);
576    
577                    logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 4);
578    
579                    return value;
580            }
581    
582            protected long[] doGetRoleIds(long userId, long groupId) throws Exception {
583                    if (!signedIn) {
584                            return getGuestUserRoleIds();
585                    }
586    
587                    long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
588                            userId, groupId);
589    
590                    if (roleIds != null) {
591                            return roleIds;
592                    }
593    
594                    try {
595                            Group group = null;
596    
597                            long parentGroupId = 0;
598    
599                            if (groupId > 0) {
600                                    group = GroupLocalServiceUtil.getGroup(groupId);
601    
602                                    if (group.isLayout()) {
603                                            parentGroupId = group.getParentGroupId();
604    
605                                            if (parentGroupId > 0) {
606                                                    group = GroupLocalServiceUtil.getGroup(parentGroupId);
607                                            }
608                                    }
609                            }
610    
611                            UserBag userBag = getUserBag();
612    
613                            Set<Long> roleIdsSet = SetUtil.fromArray(userBag.getRoleIds());
614    
615                            List<Role> userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
616                                    userId, groupId);
617    
618                            for (Role userGroupRole : userGroupRoles) {
619                                    roleIdsSet.add(userGroupRole.getRoleId());
620                            }
621    
622                            if (parentGroupId > 0) {
623                                    userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
624                                            userId, parentGroupId);
625    
626                                    for (Role userGroupRole : userGroupRoles) {
627                                            roleIdsSet.add(userGroupRole.getRoleId());
628                                    }
629                            }
630    
631                            List<Role> userGroupGroupRoles =
632                                    RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId);
633    
634                            for (Role userGroupGroupRole : userGroupGroupRoles) {
635                                    roleIdsSet.add(userGroupGroupRole.getRoleId());
636                            }
637    
638                            if (parentGroupId > 0) {
639                                    userGroupGroupRoles =
640                                            RoleLocalServiceUtil.getUserGroupGroupRoles(
641                                                    userId, parentGroupId);
642    
643                                    for (Role userGroupGroupRole : userGroupGroupRoles) {
644                                            roleIdsSet.add(userGroupGroupRole.getRoleId());
645                                    }
646                            }
647    
648                            if (group != null) {
649                                    if (group.isOrganization() && userBag.hasUserOrgGroup(group)) {
650                                            Role organizationUserRole = RoleLocalServiceUtil.getRole(
651                                                    group.getCompanyId(), RoleConstants.ORGANIZATION_USER);
652    
653                                            roleIdsSet.add(organizationUserRole.getRoleId());
654                                    }
655    
656                                    if ((group.isSite() &&
657                                             (userBag.hasUserGroup(group) ||
658                                              userBag.hasUserOrgGroup(group))) ||
659                                            group.isUserPersonalSite()) {
660    
661                                            Role siteMemberRole = RoleLocalServiceUtil.getRole(
662                                                    group.getCompanyId(), RoleConstants.SITE_MEMBER);
663    
664                                            roleIdsSet.add(siteMemberRole.getRoleId());
665                                    }
666    
667                                    if ((group.isOrganization() &&
668                                             userBag.hasUserOrgGroup(group)) ||
669                                            (group.isSite() && userBag.hasUserGroup(group))) {
670    
671                                            addTeamRoles(userId, group, roleIdsSet);
672                                    }
673                            }
674    
675                            if (checkGuest) {
676                                    for (long roleId : getGuestUserRoleIds()) {
677                                            roleIdsSet.add(roleId);
678                                    }
679                            }
680    
681                            roleIds = ArrayUtil.toLongArray(roleIdsSet);
682    
683                            Arrays.sort(roleIds);
684    
685                            PermissionCacheUtil.putUserGroupRoleIds(userId, groupId, roleIds);
686    
687                            return roleIds;
688                    }
689                    catch (Exception e) {
690                            PermissionCacheUtil.removeUserGroupRoleIds(userId, groupId);
691    
692                            throw e;
693                    }
694            }
695    
696            /**
697             * Returns representations of the resource at each scope level.
698             *
699             * <p>
700             * For example, if the class name and primary key of a blog entry were
701             * passed to this method, it would return a resource for the blog entry
702             * itself (individual scope), a resource representing all blog entries
703             * within its group (group scope), a resource standing for all blog entries
704             * within a group the user has a suitable role in (group-template scope),
705             * and a resource signifying all blog entries within the company (company
706             * scope).
707             * </p>
708             *
709             * @param  companyId the primary key of the company
710             * @param  groupId the primary key of the group containing the resource
711             * @param  name the resource's name, which can be either a class name or a
712             *         portlet ID
713             * @param  primKey the primary key of the resource
714             * @param  actionId unused
715             * @return representations of the resource at each scope level
716             * @throws Exception if an exception occurred
717             */
718            protected List<Resource> getResources(
719                            long companyId, long groupId, String name, String primKey,
720                            String actionId)
721                    throws Exception {
722    
723                    // Individual
724    
725                    List<Resource> resources = new ArrayList<>(4);
726    
727                    Resource individualResource = ResourceLocalServiceUtil.getResource(
728                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
729    
730                    resources.add(individualResource);
731    
732                    // Group
733    
734                    if (groupId > 0) {
735                            Resource groupResource = ResourceLocalServiceUtil.getResource(
736                                    companyId, name, ResourceConstants.SCOPE_GROUP,
737                                    String.valueOf(groupId));
738    
739                            resources.add(groupResource);
740                    }
741    
742                    // Group template
743    
744                    if (signedIn && (groupId > 0)) {
745                            Resource groupTemplateResource =
746                                    ResourceLocalServiceUtil.getResource(
747                                            companyId, name, ResourceConstants.SCOPE_GROUP_TEMPLATE,
748                                            String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID));
749    
750                            resources.add(groupTemplateResource);
751                    }
752    
753                    // Company
754    
755                    Resource companyResource = ResourceLocalServiceUtil.getResource(
756                            companyId, name, ResourceConstants.SCOPE_COMPANY,
757                            String.valueOf(companyId));
758    
759                    resources.add(companyResource);
760    
761                    return resources;
762            }
763    
764            protected boolean hasGuestPermission(
765                            long groupId, String name, String primKey, String actionId)
766                    throws Exception {
767    
768                    List<String> resourceActions = ResourceActionsUtil.getResourceActions(
769                            name);
770    
771                    if (!resourceActions.contains(actionId)) {
772                            return false;
773                    }
774    
775                    if (name.indexOf(CharPool.PERIOD) != -1) {
776    
777                            // Check unsupported model actions
778    
779                            List<String> actions =
780                                    ResourceActionsUtil.getModelResourceGuestUnsupportedActions(
781                                            name);
782    
783                            if (actions.contains(actionId)) {
784                                    return false;
785                            }
786                    }
787                    else {
788    
789                            // Check unsupported portlet actions
790    
791                            List<String> actions =
792                                    ResourceActionsUtil.getPortletResourceGuestUnsupportedActions(
793                                            name);
794    
795                            if (actions.contains(actionId)) {
796                                    return false;
797                            }
798                    }
799    
800                    long companyId = user.getCompanyId();
801    
802                    List<Resource> resources = getResources(
803                            companyId, groupId, name, primKey, actionId);
804    
805                    try {
806                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
807                                    ResourceBlockIdsBag resourceBlockIdsBag =
808                                            getGuestResourceBlockIdsBag(companyId, groupId, name);
809    
810                                    return ResourceBlockLocalServiceUtil.hasPermission(
811                                            name, GetterUtil.getLong(primKey), actionId,
812                                            resourceBlockIdsBag);
813                            }
814    
815                            return ResourceLocalServiceUtil.hasUserPermissions(
816                                    defaultUserId, groupId, resources, actionId,
817                                    getGuestUserRoleIds());
818                    }
819                    catch (Exception e) {
820                            _log.error(e, e);
821    
822                            return false;
823                    }
824            }
825    
826            protected boolean hasPermissionImpl(
827                    long groupId, String name, String primKey, long[] roleIds,
828                    String actionId) {
829    
830                    try {
831                            if (!signedIn) {
832                                    return hasGuestPermission(groupId, name, primKey, actionId);
833                            }
834    
835                            if (ResourceBlockLocalServiceUtil.isSupported(name)) {
836                                    return hasUserPermissionImpl(
837                                            groupId, name, primKey, roleIds, actionId);
838                            }
839    
840                            return hasUserPermissionImpl(
841                                    groupId, name, primKey, roleIds, actionId);
842                    }
843                    catch (Exception e) {
844                            _log.error(e, e);
845    
846                            return false;
847                    }
848            }
849    
850            protected boolean hasUserPermissionImpl(
851                            long groupId, String name, String primKey, long[] roleIds,
852                            String actionId)
853                    throws Exception {
854    
855                    StopWatch stopWatch = new StopWatch();
856    
857                    stopWatch.start();
858    
859                    long companyId = user.getCompanyId();
860    
861                    if (groupId > 0) {
862                            Group group = GroupLocalServiceUtil.getGroup(groupId);
863    
864                            companyId = group.getCompanyId();
865                    }
866                    else if (name.equals(User.class.getName())) {
867                            User user = UserLocalServiceUtil.fetchUser(
868                                    GetterUtil.getLong(primKey));
869    
870                            if (user != null) {
871                                    companyId = user.getCompanyId();
872                            }
873                    }
874    
875                    boolean hasLayoutManagerPermission = true;
876    
877                    // Check if the layout manager has permission to do this action for the
878                    // current portlet
879    
880                    if (Validator.isNotNull(name) && Validator.isNotNull(primKey) &&
881                            primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
882    
883                            hasLayoutManagerPermission =
884                                    PortletPermissionUtil.hasLayoutManagerPermission(
885                                            name, actionId);
886                    }
887    
888                    if (isCompanyAdminImpl(companyId)) {
889                            return true;
890                    }
891    
892                    if (name.equals(Organization.class.getName())) {
893                            if (isOrganizationAdminImpl(GetterUtil.getLong(primKey))) {
894                                    return true;
895                            }
896                    }
897                    else if (isGroupAdminImpl(groupId) && hasLayoutManagerPermission) {
898                            return true;
899                    }
900    
901                    return doCheckPermission(
902                            companyId, groupId, name, primKey, roleIds, actionId, stopWatch);
903            }
904    
905            protected boolean isCompanyAdminImpl(long companyId) throws Exception {
906                    if (!signedIn) {
907                            return false;
908                    }
909    
910                    if (isOmniadmin()) {
911                            return true;
912                    }
913    
914                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
915                            getUserId(), companyId, RoleConstants.ADMINISTRATOR);
916    
917                    try {
918                            if (value == null) {
919                                    value = RoleLocalServiceUtil.hasUserRole(
920                                            user.getUserId(), companyId, RoleConstants.ADMINISTRATOR,
921                                            true);
922    
923                                    PermissionCacheUtil.putUserPrimaryKeyRole(
924                                            getUserId(), companyId, RoleConstants.ADMINISTRATOR, value);
925                            }
926                    }
927                    catch (Exception e) {
928                            PermissionCacheUtil.removeUserPrimaryKeyRole(
929                                    getUserId(), companyId, RoleConstants.ADMINISTRATOR);
930    
931                            throw e;
932                    }
933    
934                    return value;
935            }
936    
937            protected boolean isContentReviewerImpl(long groupId)
938                    throws PortalException {
939    
940                    if (isCompanyAdmin() || isGroupAdmin(groupId)) {
941                            return true;
942                    }
943    
944                    Group group = GroupLocalServiceUtil.getGroup(groupId);
945    
946                    if (RoleLocalServiceUtil.hasUserRole(
947                                    getUserId(), group.getCompanyId(),
948                                    RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
949    
950                            return true;
951                    }
952    
953                    if (group.isSite()) {
954                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
955                                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
956                                            true)) {
957    
958                                    return true;
959                            }
960                    }
961    
962                    return false;
963            }
964    
965            protected boolean isContentReviewerImpl(long companyId, long groupId)
966                    throws Exception {
967    
968                    if (!signedIn) {
969                            return false;
970                    }
971    
972                    if (isOmniadmin()) {
973                            return true;
974                    }
975    
976                    if (isCompanyAdmin(companyId)) {
977                            return true;
978                    }
979    
980                    if (groupId <= 0) {
981                            return false;
982                    }
983    
984                    if (isGroupAdmin(groupId)) {
985                            return true;
986                    }
987    
988                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
989                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
990    
991                    try {
992                            if (value == null) {
993                                    value = isContentReviewerImpl(groupId);
994    
995                                    PermissionCacheUtil.putUserPrimaryKeyRole(
996                                            getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
997                                            value);
998                            }
999                    }
1000                    catch (Exception e) {
1001                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1002                                    getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1003    
1004                            throw e;
1005                    }
1006    
1007                    return value;
1008            }
1009    
1010            protected boolean isGroupAdminImpl(Group group) throws Exception {
1011                    if (group.isLayout()) {
1012                            long parentGroupId = group.getParentGroupId();
1013    
1014                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
1015                                    return false;
1016                            }
1017    
1018                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
1019                    }
1020    
1021                    if (group.isSite()) {
1022                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1023                                            getUserId(), group.getGroupId(),
1024                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
1025                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1026                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1027                                            true)) {
1028    
1029                                    return true;
1030                            }
1031    
1032                            StopWatch stopWatch = new StopWatch();
1033    
1034                            stopWatch.start();
1035    
1036                            while (!group.isRoot()) {
1037                                    Group parentGroup = group.getParentGroup();
1038    
1039                                    long[] roleIds = getRoleIds(
1040                                            getUserId(), parentGroup.getGroupId());
1041    
1042                                    if (doCheckPermission(
1043                                                    parentGroup.getCompanyId(), parentGroup.getGroupId(),
1044                                                    Group.class.getName(),
1045                                                    String.valueOf(parentGroup.getGroupId()), roleIds,
1046                                                    ActionKeys.MANAGE_SUBGROUPS, stopWatch)) {
1047    
1048                                            return true;
1049                                    }
1050    
1051                                    group = parentGroup;
1052                            }
1053                    }
1054    
1055                    if (group.isCompany()) {
1056                            if (isCompanyAdmin()) {
1057                                    return true;
1058                            }
1059                            else {
1060                                    return false;
1061                            }
1062                    }
1063                    else if (group.isLayoutPrototype()) {
1064                            if (LayoutPrototypePermissionUtil.contains(
1065                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1066    
1067                                    return true;
1068                            }
1069                            else {
1070                                    return false;
1071                            }
1072                    }
1073                    else if (group.isLayoutSetPrototype()) {
1074                            if (LayoutSetPrototypePermissionUtil.contains(
1075                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1076    
1077                                    return true;
1078                            }
1079                            else {
1080                                    return false;
1081                            }
1082                    }
1083                    else if (group.isOrganization()) {
1084                            long organizationId = group.getOrganizationId();
1085    
1086                            while (organizationId !=
1087                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1088    
1089                                    Organization organization =
1090                                            OrganizationLocalServiceUtil.getOrganization(
1091                                                    organizationId);
1092    
1093                                    long organizationGroupId = organization.getGroupId();
1094    
1095                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1096                                                    getUserId(), organizationGroupId,
1097                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1098                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1099                                                    getUserId(), organizationGroupId,
1100                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
1101    
1102                                            return true;
1103                                    }
1104    
1105                                    organizationId = organization.getParentOrganizationId();
1106                            }
1107    
1108                            StopWatch stopWatch = new StopWatch();
1109    
1110                            stopWatch.start();
1111    
1112                            Organization organization =
1113                                    OrganizationLocalServiceUtil.getOrganization(
1114                                            group.getOrganizationId());
1115    
1116                            while (!organization.isRoot()) {
1117                                    Organization parentOrganization =
1118                                            organization.getParentOrganization();
1119    
1120                                    Group parentGroup = parentOrganization.getGroup();
1121    
1122                                    long[] roleIds = getRoleIds(
1123                                            getUserId(), parentGroup.getGroupId());
1124    
1125                                    if (doCheckPermission(
1126                                                    parentGroup.getCompanyId(), parentGroup.getGroupId(),
1127                                                    Organization.class.getName(),
1128                                                    String.valueOf(parentOrganization.getOrganizationId()),
1129                                                    roleIds, ActionKeys.MANAGE_SUBORGANIZATIONS,
1130                                                    stopWatch)) {
1131    
1132                                            return true;
1133                                    }
1134    
1135                                    organization = parentOrganization;
1136                            }
1137                    }
1138    
1139                    return false;
1140            }
1141    
1142            protected boolean isGroupAdminImpl(long groupId) throws Exception {
1143                    if (!signedIn) {
1144                            return false;
1145                    }
1146    
1147                    if (isOmniadmin()) {
1148                            return true;
1149                    }
1150    
1151                    if (groupId <= 0) {
1152                            return false;
1153                    }
1154    
1155                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1156    
1157                    if (isCompanyAdmin(group.getCompanyId())) {
1158                            return true;
1159                    }
1160    
1161                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1162                            getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR);
1163    
1164                    try {
1165                            if (value == null) {
1166                                    value = isGroupAdminImpl(group);
1167    
1168                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1169                                            getUserId(), group.getGroupId(),
1170                                            RoleConstants.SITE_ADMINISTRATOR, value);
1171                            }
1172                    }
1173                    catch (Exception e) {
1174                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1175                                    getUserId(), group.getGroupId(),
1176                                    RoleConstants.SITE_ADMINISTRATOR);
1177    
1178                            throw e;
1179                    }
1180    
1181                    return value;
1182            }
1183    
1184            protected boolean isGroupMemberImpl(long groupId) throws Exception {
1185                    if (!signedIn) {
1186                            return false;
1187                    }
1188    
1189                    if (groupId <= 0) {
1190                            return false;
1191                    }
1192    
1193                    long[] roleIds = getRoleIds(getUserId(), groupId);
1194    
1195                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1196    
1197                    Role role = RoleLocalServiceUtil.getRole(
1198                            group.getCompanyId(), RoleConstants.SITE_MEMBER);
1199    
1200                    if (Arrays.binarySearch(roleIds, role.getRoleId()) >= 0) {
1201                            return true;
1202                    }
1203    
1204                    UserBag userBag = getUserBag();
1205    
1206                    return userBag.hasUserGroup(group);
1207            }
1208    
1209            protected boolean isGroupOwnerImpl(Group group) throws PortalException {
1210                    if (group.isSite()) {
1211                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1212                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1213                                            true)) {
1214    
1215                                    return true;
1216                            }
1217                    }
1218    
1219                    if (group.isLayoutPrototype()) {
1220                            if (LayoutPrototypePermissionUtil.contains(
1221                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1222    
1223                                    return true;
1224                            }
1225                            else {
1226                                    return false;
1227                            }
1228                    }
1229                    else if (group.isLayoutSetPrototype()) {
1230                            if (LayoutSetPrototypePermissionUtil.contains(
1231                                            this, group.getClassPK(), ActionKeys.UPDATE)) {
1232    
1233                                    return true;
1234                            }
1235                            else {
1236                                    return false;
1237                            }
1238                    }
1239                    else if (group.isOrganization()) {
1240                            long organizationId = group.getOrganizationId();
1241    
1242                            while (organizationId !=
1243                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1244    
1245                                    Organization organization =
1246                                            OrganizationLocalServiceUtil.getOrganization(
1247                                                    organizationId);
1248    
1249                                    long organizationGroupId = organization.getGroupId();
1250    
1251                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1252                                                    getUserId(), organizationGroupId,
1253                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
1254    
1255                                            return true;
1256                                    }
1257    
1258                                    organizationId = organization.getParentOrganizationId();
1259                            }
1260                    }
1261                    else if (group.isUser()) {
1262                            long groupUserId = group.getClassPK();
1263    
1264                            if (getUserId() == groupUserId) {
1265                                    return true;
1266                            }
1267                    }
1268    
1269                    return false;
1270            }
1271    
1272            protected boolean isGroupOwnerImpl(long groupId) throws Exception {
1273                    if (!signedIn) {
1274                            return false;
1275                    }
1276    
1277                    if (isOmniadmin()) {
1278                            return true;
1279                    }
1280    
1281                    if (groupId <= 0) {
1282                            return false;
1283                    }
1284    
1285                    Group group = GroupLocalServiceUtil.getGroup(groupId);
1286    
1287                    if (isCompanyAdmin(group.getCompanyId())) {
1288                            return true;
1289                    }
1290    
1291                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1292                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1293    
1294                    try {
1295                            if (value == null) {
1296                                    value = isGroupOwnerImpl(group);
1297    
1298                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1299                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1300                                            value);
1301                            }
1302                    }
1303                    catch (Exception e) {
1304                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1305                                    getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1306    
1307                            throw e;
1308                    }
1309    
1310                    return value;
1311            }
1312    
1313            protected boolean isOrganizationAdminImpl(long organizationId)
1314                    throws Exception {
1315    
1316                    if (!signedIn) {
1317                            return false;
1318                    }
1319    
1320                    if (isOmniadmin()) {
1321                            return true;
1322                    }
1323    
1324                    if (organizationId <= 0) {
1325                            return false;
1326                    }
1327    
1328                    Organization organization =
1329                            OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1330    
1331                    if (organization == null) {
1332                            return false;
1333                    }
1334    
1335                    if (isCompanyAdmin(organization.getCompanyId())) {
1336                            return true;
1337                    }
1338    
1339                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1340                            getUserId(), organization.getOrganizationId(),
1341                            RoleConstants.ORGANIZATION_ADMINISTRATOR);
1342    
1343                    try {
1344                            if (value == null) {
1345                                    value = isOrganizationAdminImpl(organization);
1346    
1347                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1348                                            getUserId(), organization.getOrganizationId(),
1349                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, value);
1350                            }
1351                    }
1352                    catch (Exception e) {
1353                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1354                                    getUserId(), organization.getOrganizationId(),
1355                                    RoleConstants.ORGANIZATION_ADMINISTRATOR);
1356    
1357                            throw e;
1358                    }
1359    
1360                    return value;
1361            }
1362    
1363            protected boolean isOrganizationAdminImpl(Organization organization)
1364                    throws PortalException {
1365    
1366                    while (organization != null) {
1367                            long organizationGroupId = organization.getGroupId();
1368    
1369                            long userId = getUserId();
1370    
1371                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1372                                            userId, organizationGroupId,
1373                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1374                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1375                                            userId, organizationGroupId,
1376                                            RoleConstants.ORGANIZATION_OWNER, true)) {
1377    
1378                                    return true;
1379                            }
1380    
1381                            organization = organization.getParentOrganization();
1382                    }
1383    
1384                    return false;
1385            }
1386    
1387            protected boolean isOrganizationOwnerImpl(long organizationId)
1388                    throws Exception {
1389    
1390                    if (!signedIn) {
1391                            return false;
1392                    }
1393    
1394                    if (isOmniadmin()) {
1395                            return true;
1396                    }
1397    
1398                    if (organizationId <= 0) {
1399                            return false;
1400                    }
1401    
1402                    Organization organization =
1403                            OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1404    
1405                    if (organization == null) {
1406                            return false;
1407                    }
1408    
1409                    if (isCompanyAdmin(organization.getCompanyId())) {
1410                            return true;
1411                    }
1412    
1413                    Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1414                            getUserId(), organization.getOrganizationId(),
1415                            RoleConstants.ORGANIZATION_OWNER);
1416    
1417                    try {
1418                            if (value == null) {
1419                                    value = isOrganizationOwnerImpl(organization);
1420    
1421                                    PermissionCacheUtil.putUserPrimaryKeyRole(
1422                                            getUserId(), organization.getOrganizationId(),
1423                                            RoleConstants.ORGANIZATION_OWNER, value);
1424                            }
1425                    }
1426                    catch (Exception e) {
1427                            PermissionCacheUtil.removeUserPrimaryKeyRole(
1428                                    getUserId(), organization.getOrganizationId(),
1429                                    RoleConstants.ORGANIZATION_OWNER);
1430    
1431                            throw e;
1432                    }
1433    
1434                    return value;
1435            }
1436    
1437            protected boolean isOrganizationOwnerImpl(Organization organization)
1438                    throws PortalException {
1439    
1440                    while (organization != null) {
1441                            long organizationGroupId = organization.getGroupId();
1442    
1443                            long userId = getUserId();
1444    
1445                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1446                                            userId, organizationGroupId,
1447                                            RoleConstants.ORGANIZATION_OWNER, true)) {
1448    
1449                                    return true;
1450                            }
1451    
1452                            organization = organization.getParentOrganization();
1453                    }
1454    
1455                    return false;
1456            }
1457    
1458            protected void logHasUserPermission(
1459                    long groupId, String name, String primKey, String actionId,
1460                    StopWatch stopWatch, int block) {
1461    
1462                    if (!_log.isDebugEnabled()) {
1463                            return;
1464                    }
1465    
1466                    _log.debug(
1467                            "Checking user permission block " + block + " for " + groupId +
1468                                    " " + name + " " + primKey + " " + actionId + " takes " +
1469                                            stopWatch.getTime() + " ms");
1470            }
1471    
1472            /**
1473             * @deprecated As of 6.1.0
1474             */
1475            @Deprecated
1476            protected static final String RESULTS_SEPARATOR = "_RESULTS_SEPARATOR_";
1477    
1478            private static final Log _log = LogFactoryUtil.getLog(
1479                    AdvancedPermissionChecker.class);
1480    
1481    }