001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.db.DB;
018 import com.liferay.portal.kernel.dao.db.DBManagerUtil;
019 import com.liferay.portal.kernel.dao.db.DBType;
020 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
021 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
022 import com.liferay.portal.kernel.dao.orm.EntityCacheUtil;
023 import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
024 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
025 import com.liferay.portal.kernel.log.Log;
026 import com.liferay.portal.kernel.log.LogFactoryUtil;
027 import com.liferay.portal.kernel.model.Group;
028 import com.liferay.portal.kernel.model.Layout;
029 import com.liferay.portal.kernel.model.LayoutConstants;
030 import com.liferay.portal.kernel.model.Organization;
031 import com.liferay.portal.kernel.model.PortletConstants;
032 import com.liferay.portal.kernel.model.ResourceConstants;
033 import com.liferay.portal.kernel.model.ResourcePermission;
034 import com.liferay.portal.kernel.model.Role;
035 import com.liferay.portal.kernel.model.RoleConstants;
036 import com.liferay.portal.kernel.model.User;
037 import com.liferay.portal.kernel.model.UserGroup;
038 import com.liferay.portal.kernel.security.permission.ActionKeys;
039 import com.liferay.portal.kernel.security.permission.ResourceActionsUtil;
040 import com.liferay.portal.kernel.service.LayoutLocalServiceUtil;
041 import com.liferay.portal.kernel.service.ResourceActionLocalServiceUtil;
042 import com.liferay.portal.kernel.service.ResourcePermissionLocalServiceUtil;
043 import com.liferay.portal.kernel.service.RoleLocalServiceUtil;
044 import com.liferay.portal.kernel.util.GetterUtil;
045 import com.liferay.portal.kernel.util.PortalUtil;
046 import com.liferay.portal.kernel.util.StringBundler;
047 import com.liferay.portal.kernel.util.StringPool;
048 import com.liferay.portal.kernel.util.StringUtil;
049 import com.liferay.portal.security.permission.PermissionCacheUtil;
050 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
051 import com.liferay.portal.util.PortalInstances;
052
053 import java.util.ArrayList;
054 import java.util.List;
055
056
062 public class VerifyPermission extends VerifyProcess {
063
064 protected void checkPermissions() throws Exception {
065 List<String> modelNames = ResourceActionsUtil.getModelNames();
066
067 for (String modelName : modelNames) {
068 List<String> actionIds =
069 ResourceActionsUtil.getModelResourceActions(modelName);
070
071 ResourceActionLocalServiceUtil.checkResourceActions(
072 modelName, actionIds, true);
073 }
074
075 List<String> portletNames = ResourceActionsUtil.getPortletNames();
076
077 for (String portletName : portletNames) {
078 List<String> actionIds =
079 ResourceActionsUtil.getPortletResourceActions(portletName);
080
081 ResourceActionLocalServiceUtil.checkResourceActions(
082 portletName, actionIds, true);
083 }
084 }
085
086 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
087 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
088
089 for (long companyId : companyIds) {
090 try {
091 deleteDefaultPrivateLayoutPermissions_6(companyId);
092 }
093 catch (Exception e) {
094 if (_log.isDebugEnabled()) {
095 _log.debug(e, e);
096 }
097 }
098 }
099 }
100
101 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
102 throws Exception {
103
104 Role role = RoleLocalServiceUtil.getRole(
105 companyId, RoleConstants.GUEST);
106
107 List<ResourcePermission> resourcePermissions =
108 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
109 role.getRoleId());
110
111 for (ResourcePermission resourcePermission : resourcePermissions) {
112 if (isPrivateLayout(
113 resourcePermission.getName(),
114 resourcePermission.getPrimKey())) {
115
116 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
117 resourcePermission.getResourcePermissionId());
118 }
119 }
120 }
121
122 @Override
123 protected void doVerify() throws Exception {
124 deleteDefaultPrivateLayoutPermissions();
125
126 checkPermissions();
127 fixOrganizationRolePermissions();
128 fixUserDefaultRolePermissions();
129 }
130
131 protected void fixOrganizationRolePermissions() throws Exception {
132 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
133 ResourcePermission.class);
134
135 dynamicQuery.add(
136 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
137
138 List<ResourcePermission> resourcePermissions =
139 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
140
141 for (ResourcePermission resourcePermission : resourcePermissions) {
142 ResourcePermission groupResourcePermission = null;
143
144 try {
145 groupResourcePermission =
146 ResourcePermissionLocalServiceUtil.getResourcePermission(
147 resourcePermission.getCompanyId(),
148 Group.class.getName(), resourcePermission.getScope(),
149 resourcePermission.getPrimKey(),
150 resourcePermission.getRoleId());
151 }
152 catch (Exception e) {
153 ResourcePermissionLocalServiceUtil.setResourcePermissions(
154 resourcePermission.getCompanyId(), Group.class.getName(),
155 resourcePermission.getScope(),
156 resourcePermission.getPrimKey(),
157 resourcePermission.getRoleId(),
158 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
159
160 groupResourcePermission =
161 ResourcePermissionLocalServiceUtil.getResourcePermission(
162 resourcePermission.getCompanyId(),
163 Group.class.getName(), resourcePermission.getScope(),
164 resourcePermission.getPrimKey(),
165 resourcePermission.getRoleId());
166 }
167
168 for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
169 if (resourcePermission.hasActionId(actionId)) {
170 resourcePermission.removeResourceAction(actionId);
171
172 groupResourcePermission.addResourceAction(actionId);
173 }
174 }
175
176 try {
177 resourcePermission.resetOriginalValues();
178
179 ResourcePermissionLocalServiceUtil.updateResourcePermission(
180 resourcePermission);
181
182 groupResourcePermission.resetOriginalValues();
183
184 ResourcePermissionLocalServiceUtil.updateResourcePermission(
185 groupResourcePermission);
186 }
187 catch (Exception e) {
188 _log.error(e, e);
189 }
190 }
191
192 PermissionCacheUtil.clearResourceCache();
193 }
194
195 protected void fixUserDefaultRolePermissions() throws Exception {
196 long userClassNameId = PortalUtil.getClassNameId(User.class);
197 long userGroupClassNameId = PortalUtil.getClassNameId(UserGroup.class);
198
199 DB db = DBManagerUtil.getDB();
200
201 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
202
203 for (long companyId : companyIds) {
204 Role powerUserRole = RoleLocalServiceUtil.getRole(
205 companyId, RoleConstants.POWER_USER);
206 Role userRole = RoleLocalServiceUtil.getRole(
207 companyId, RoleConstants.USER);
208
209 StringBundler joinSB = new StringBundler(6);
210
211 joinSB.append("ResourcePermission inner join Layout on ");
212 joinSB.append("ResourcePermission.companyId = Layout.companyId ");
213 joinSB.append("and ResourcePermission.primKey like ");
214 joinSB.append("replace('[$PLID$]_LAYOUT_%', '[$PLID$]', ");
215 joinSB.append("cast_text(Layout.plid)) inner join Group_ on ");
216 joinSB.append("Layout.groupId = Group_.groupId");
217
218 StringBundler whereSB = new StringBundler(13);
219
220 whereSB.append("where ResourcePermission.scope = ");
221 whereSB.append(ResourceConstants.SCOPE_INDIVIDUAL);
222 whereSB.append(" and ResourcePermission.primKey like '%");
223 whereSB.append(PortletConstants.LAYOUT_SEPARATOR);
224 whereSB.append("%' and ResourcePermission.roleId = ");
225 whereSB.append(powerUserRole.getRoleId());
226 whereSB.append(" and (Group_.classNameId = ");
227 whereSB.append(userClassNameId);
228 whereSB.append(" or Group_.classNameId = ");
229 whereSB.append(userGroupClassNameId);
230 whereSB.append(") and Layout.type_ = '");
231 whereSB.append(LayoutConstants.TYPE_PORTLET);
232 whereSB.append(StringPool.APOSTROPHE);
233
234 StringBundler sb = new StringBundler(8);
235
236 if (db.getDBType() == DBType.MYSQL) {
237 sb.append("update ");
238 sb.append(joinSB.toString());
239 sb.append(" set ResourcePermission.roleId = ");
240 sb.append(userRole.getRoleId());
241 sb.append(StringPool.SPACE);
242 sb.append(whereSB.toString());
243 }
244 else {
245 sb.append("update ResourcePermission set roleId = ");
246 sb.append(userRole.getRoleId());
247 sb.append(" where resourcePermissionId in (select ");
248 sb.append("resourcePermissionId from ");
249 sb.append(joinSB.toString());
250 sb.append(StringPool.SPACE);
251 sb.append(whereSB.toString());
252 sb.append(StringPool.CLOSE_PARENTHESIS);
253 }
254
255 runSQL(sb.toString());
256 }
257
258 EntityCacheUtil.clearCache();
259 FinderCacheUtil.clearCache();
260 }
261
262 protected boolean isPrivateLayout(String name, String primKey)
263 throws Exception {
264
265 if (!name.equals(Layout.class.getName()) &&
266 !primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
267
268 return false;
269 }
270
271 if (primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
272 primKey = StringUtil.extractFirst(
273 primKey, PortletConstants.LAYOUT_SEPARATOR);
274 }
275
276 long plid = GetterUtil.getLong(primKey);
277
278 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
279
280 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
281 return false;
282 }
283
284 return true;
285 }
286
287 private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
288 new ArrayList<>();
289
290 private static final Log _log = LogFactoryUtil.getLog(
291 VerifyPermission.class);
292
293 static {
294 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
295 ActionKeys.MANAGE_ARCHIVED_SETUPS);
296 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
297 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
298 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
299 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
300 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
301 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
302 }
303
304 }