001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.dao.orm.QueryPos;
018 import com.liferay.portal.kernel.dao.orm.SQLQuery;
019 import com.liferay.portal.kernel.dao.orm.Session;
020 import com.liferay.portal.kernel.dao.orm.Type;
021 import com.liferay.portal.kernel.exception.NoSuchResourcePermissionException;
022 import com.liferay.portal.kernel.exception.PortalException;
023 import com.liferay.portal.kernel.exception.SystemException;
024 import com.liferay.portal.kernel.model.Resource;
025 import com.liferay.portal.kernel.model.ResourceAction;
026 import com.liferay.portal.kernel.model.ResourceConstants;
027 import com.liferay.portal.kernel.model.ResourcePermission;
028 import com.liferay.portal.kernel.model.ResourcePermissionConstants;
029 import com.liferay.portal.kernel.model.Role;
030 import com.liferay.portal.kernel.model.RoleConstants;
031 import com.liferay.portal.kernel.search.IndexWriterHelperUtil;
032 import com.liferay.portal.kernel.security.auth.PrincipalException;
033 import com.liferay.portal.kernel.security.permission.PermissionThreadLocal;
034 import com.liferay.portal.kernel.security.permission.PermissionUpdateHandler;
035 import com.liferay.portal.kernel.security.permission.PermissionUpdateHandlerRegistryUtil;
036 import com.liferay.portal.kernel.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.kernel.service.ExceptionRetryAcceptor;
038 import com.liferay.portal.kernel.spring.aop.Property;
039 import com.liferay.portal.kernel.spring.aop.Retry;
040 import com.liferay.portal.kernel.transaction.TransactionCommitCallbackUtil;
041 import com.liferay.portal.kernel.util.ArrayUtil;
042 import com.liferay.portal.kernel.util.GetterUtil;
043 import com.liferay.portal.kernel.util.ListUtil;
044 import com.liferay.portal.kernel.util.StringBundler;
045 import com.liferay.portal.kernel.util.StringUtil;
046 import com.liferay.portal.security.permission.PermissionCacheUtil;
047 import com.liferay.portal.service.base.ResourcePermissionLocalServiceBaseImpl;
048 import com.liferay.portal.util.PropsValues;
049 import com.liferay.portal.util.ResourcePermissionsThreadLocal;
050 import com.liferay.util.dao.orm.CustomSQLUtil;
051
052 import java.util.ArrayList;
053 import java.util.Collection;
054 import java.util.Collections;
055 import java.util.HashMap;
056 import java.util.HashSet;
057 import java.util.List;
058 import java.util.Map;
059 import java.util.Set;
060 import java.util.concurrent.Callable;
061
062
076 public class ResourcePermissionLocalServiceImpl
077 extends ResourcePermissionLocalServiceBaseImpl {
078
079
082 public static final String[] EMPTY_ACTION_IDS = {null};
083
084
119 @Override
120 @Retry(
121 acceptor = ExceptionRetryAcceptor.class,
122 properties = {
123 @Property(
124 name = ExceptionRetryAcceptor.EXCEPTION_NAME,
125 value =
126 "org.springframework.dao.DataIntegrityViolationException"
127 )
128 }
129 )
130 public void addResourcePermission(
131 long companyId, String name, int scope, String primKey, long roleId,
132 String actionId)
133 throws PortalException {
134
135 if (scope == ResourceConstants.SCOPE_COMPANY) {
136
137
138
139 removeResourcePermissions(
140 companyId, name, ResourceConstants.SCOPE_GROUP, roleId,
141 actionId);
142 }
143 else if (scope == ResourceConstants.SCOPE_GROUP) {
144
145
146
147 removeResourcePermissions(
148 companyId, name, ResourceConstants.SCOPE_COMPANY, roleId,
149 actionId);
150 }
151 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
152 throw new NoSuchResourcePermissionException();
153 }
154
155 updateResourcePermission(
156 companyId, name, scope, primKey, roleId, 0, new String[] {actionId},
157 ResourcePermissionConstants.OPERATOR_ADD);
158 }
159
160
177 @Override
178 public void addResourcePermissions(
179 String resourceName, String roleName, int scope,
180 long resourceActionBitwiseValue) {
181
182 List<Role> roles = rolePersistence.findByName(roleName);
183
184 if (roles.isEmpty()) {
185 return;
186 }
187
188 Session session = resourcePermissionPersistence.openSession();
189
190 try {
191
192
193
194 String sql = CustomSQLUtil.get(_UPDATE_ACTION_IDS);
195
196 sql = StringUtil.replace(
197 sql, "[$ROLE_ID$]",
198 ListUtil.toString(roles, Role.ROLE_ID_ACCESSOR));
199
200 SQLQuery sqlQuery = session.createSynchronizedSQLQuery(sql);
201
202 QueryPos qPos = QueryPos.getInstance(sqlQuery);
203
204 qPos.add(resourceActionBitwiseValue);
205 qPos.add(resourceActionBitwiseValue);
206 qPos.add(resourceName);
207 qPos.add(scope);
208
209 sqlQuery.executeUpdate();
210
211
212
213 sql = CustomSQLUtil.get(_FIND_MISSING_RESOURCE_PERMISSIONS);
214
215 sqlQuery = session.createSynchronizedSQLQuery(sql);
216
217 sqlQuery.addScalar("companyId", Type.LONG);
218 sqlQuery.addScalar("name", Type.STRING);
219 sqlQuery.addScalar("scope", Type.INTEGER);
220 sqlQuery.addScalar("primKey", Type.STRING);
221 sqlQuery.addScalar("roleId", Type.LONG);
222
223 qPos = QueryPos.getInstance(sqlQuery);
224
225 qPos.add(resourceName);
226 qPos.add(scope);
227 qPos.add(roleName);
228
229 List<Object[]> resourcePermissionArrays = sqlQuery.list(true);
230
231 if (resourcePermissionArrays.isEmpty()) {
232 return;
233 }
234
235 for (Object[] resourcePermissionArray : resourcePermissionArrays) {
236 long resourcePermissionId = counterLocalService.increment(
237 ResourcePermission.class.getName());
238
239 ResourcePermission resourcePermission =
240 resourcePermissionPersistence.create(resourcePermissionId);
241
242 resourcePermission.setCompanyId(
243 (Long)resourcePermissionArray[0]);
244 resourcePermission.setName((String)resourcePermissionArray[1]);
245 resourcePermission.setScope(
246 (Integer)resourcePermissionArray[2]);
247
248 String primKey = (String)resourcePermissionArray[3];
249
250 resourcePermission.setPrimKey(primKey);
251 resourcePermission.setPrimKeyId(GetterUtil.getLong(primKey));
252
253 resourcePermission.setRoleId((Long)resourcePermissionArray[4]);
254 resourcePermission.setActionIds(resourceActionBitwiseValue);
255 resourcePermission.setViewActionId(
256 resourceActionBitwiseValue % 2 == 1);
257
258 session.save(resourcePermission);
259
260 PermissionCacheUtil.clearResourcePermissionCache(
261 resourcePermission.getScope(), resourcePermission.getName(),
262 resourcePermission.getPrimKey());
263 }
264 }
265 catch (Exception e) {
266 throw new SystemException(e);
267 }
268 finally {
269 resourcePermissionPersistence.closeSession(session);
270
271 resourcePermissionPersistence.clearCache();
272 }
273 }
274
275
296 @Override
297 public void deleteResourcePermissions(
298 long companyId, String name, int scope, long primKey)
299 throws PortalException {
300
301 deleteResourcePermissions(
302 companyId, name, scope, String.valueOf(primKey));
303 }
304
305
326 @Override
327 public void deleteResourcePermissions(
328 long companyId, String name, int scope, String primKey)
329 throws PortalException {
330
331 List<ResourcePermission> resourcePermissions =
332 resourcePermissionPersistence.findByC_N_S_P(
333 companyId, name, scope, primKey);
334
335 for (ResourcePermission resourcePermission : resourcePermissions) {
336 deleteResourcePermission(
337 resourcePermission.getResourcePermissionId());
338 }
339 }
340
341 @Override
342 public ResourcePermission fetchResourcePermission(
343 long companyId, String name, int scope, String primKey, long roleId) {
344
345 return resourcePermissionPersistence.fetchByC_N_S_P_R(
346 companyId, name, scope, primKey, roleId);
347 }
348
349 @Override
350 public Map<Long, Set<String>> getAvailableResourcePermissionActionIds(
351 long companyId, String name, int scope, String primKey,
352 Collection<String> actionIds) {
353
354 if (actionIds.isEmpty()) {
355 return Collections.emptyMap();
356 }
357
358 List<ResourcePermission> resourcePermissions = getResourcePermissions(
359 companyId, name, scope, primKey);
360
361 Map<Long, Set<String>> roleIdsToActionIds = new HashMap<>(
362 resourcePermissions.size());
363
364 for (ResourcePermission resourcePermission : resourcePermissions) {
365 if (resourcePermission.getActionIds() == 0) {
366 roleIdsToActionIds.put(
367 resourcePermission.getRoleId(),
368 Collections.<String>emptySet());
369
370 continue;
371 }
372
373 Set<String> availableActionIds = new HashSet<>(actionIds.size());
374
375 for (String actionId : actionIds) {
376 if (resourcePermission.hasActionId(actionId)) {
377 availableActionIds.add(actionId);
378 }
379 }
380
381 if (availableActionIds.size() > 0) {
382 roleIdsToActionIds.put(
383 resourcePermission.getRoleId(), availableActionIds);
384 }
385 }
386
387 return roleIdsToActionIds;
388 }
389
390
404 @Override
405 public List<String> getAvailableResourcePermissionActionIds(
406 long companyId, String name, int scope, String primKey, long roleId,
407 Collection<String> actionIds)
408 throws PortalException {
409
410 ResourcePermission resourcePermission =
411 resourcePermissionPersistence.fetchByC_N_S_P_R(
412 companyId, name, scope, primKey, roleId);
413
414 if (resourcePermission == null) {
415 return Collections.emptyList();
416 }
417
418 List<String> availableActionIds = new ArrayList<>(actionIds.size());
419
420 for (String actionId : actionIds) {
421 ResourceAction resourceAction =
422 resourceActionLocalService.getResourceAction(name, actionId);
423
424 if (hasActionId(resourcePermission, resourceAction)) {
425 availableActionIds.add(actionId);
426 }
427 }
428
429 return availableActionIds;
430 }
431
432
437 @Deprecated
438 @Override
439 public Map<Long, Set<String>> getAvailableResourcePermissionActionIds(
440 long companyId, String name, int scope, String primKey, long[] roleIds,
441 Collection<String> actionIds) {
442
443 return getAvailableResourcePermissionActionIds(
444 companyId, name, scope, primKey, new ArrayList<String>(actionIds));
445 }
446
447
460 @Override
461 public ResourcePermission getResourcePermission(
462 long companyId, String name, int scope, String primKey, long roleId)
463 throws PortalException {
464
465 return resourcePermissionPersistence.findByC_N_S_P_R(
466 companyId, name, scope, primKey, roleId);
467 }
468
469
479 @Override
480 public List<ResourcePermission> getResourcePermissions(
481 long companyId, String name, int scope, String primKey) {
482
483 return resourcePermissionPersistence.findByC_N_S_P(
484 companyId, name, scope, primKey);
485 }
486
487
497 @Override
498 public int getResourcePermissionsCount(
499 long companyId, String name, int scope, String primKey) {
500
501 return resourcePermissionPersistence.countByC_N_S_P(
502 companyId, name, scope, primKey);
503 }
504
505
515 @Override
516 public List<ResourcePermission> getResourceResourcePermissions(
517 long companyId, long groupId, String name, String primKey) {
518
519 return resourcePermissionFinder.findByResource(
520 companyId, groupId, name, primKey);
521 }
522
523
529 @Override
530 public List<ResourcePermission> getRoleResourcePermissions(long roleId) {
531 return resourcePermissionPersistence.findByRoleId(roleId);
532 }
533
534
554 @Override
555 public List<ResourcePermission> getRoleResourcePermissions(
556 long roleId, int[] scopes, int start, int end) {
557
558 return resourcePermissionFinder.findByR_S(roleId, scopes, start, end);
559 }
560
561 @Override
562 public List<Role> getRoles(
563 long companyId, String name, int scope, String primKey,
564 String actionId)
565 throws PortalException {
566
567 List<ResourcePermission> resourcePermissions =
568 resourcePermissionPersistence.findByC_N_S_P(
569 companyId, name, scope, primKey);
570
571 if (resourcePermissions.isEmpty()) {
572 return Collections.emptyList();
573 }
574
575 ResourceAction resourceAction =
576 resourceActionLocalService.getResourceAction(name, actionId);
577
578 Set<Long> rolesIds = new HashSet<>();
579
580 for (ResourcePermission resourcePermission : resourcePermissions) {
581 if (resourcePermission.hasAction(resourceAction)) {
582 rolesIds.add(resourcePermission.getRoleId());
583 }
584 }
585
586 List<Role> roles = new ArrayList<>(rolesIds.size());
587
588 for (long roleId : rolesIds) {
589 roles.add(roleLocalService.getRole(roleId));
590 }
591
592 return roles;
593 }
594
595
611 @Override
612 public List<ResourcePermission> getScopeResourcePermissions(int[] scopes) {
613 return resourcePermissionPersistence.findByScope(scopes);
614 }
615
616
627 @Override
628 public boolean hasActionId(
629 ResourcePermission resourcePermission, ResourceAction resourceAction) {
630
631 long actionIds = resourcePermission.getActionIds();
632 long bitwiseValue = resourceAction.getBitwiseValue();
633
634 if ((actionIds & bitwiseValue) == bitwiseValue) {
635 return true;
636 }
637 else {
638 return false;
639 }
640 }
641
642
659 @Override
660 public boolean hasResourcePermission(
661 List<Resource> resources, long[] roleIds, String actionId)
662 throws PortalException {
663
664 if (roleIds.length == 0) {
665 return false;
666 }
667
668 int size = resources.size();
669
670 if (size < 2) {
671 throw new IllegalArgumentException(
672 "The list of resources must contain at least two values");
673 }
674
675 Resource individualResource = resources.get(0);
676
677 if (individualResource.getScope() !=
678 ResourceConstants.SCOPE_INDIVIDUAL) {
679
680 throw new IllegalArgumentException(
681 "The first resource must be an individual scope");
682 }
683
684 Resource companyResource = resources.get(size - 1);
685
686 if (companyResource.getScope() != ResourceConstants.SCOPE_COMPANY) {
687 throw new IllegalArgumentException(
688 "The last resource must be a company scope");
689 }
690
691
692
693 if (resourcePermissionPersistence.countByC_N_S_P(
694 individualResource.getCompanyId(), individualResource.getName(),
695 individualResource.getScope(),
696 individualResource.getPrimKey()) < 1) {
697
698 StringBundler sb = new StringBundler(9);
699
700 sb.append("{companyId=");
701 sb.append(individualResource.getCompanyId());
702 sb.append(", name=");
703 sb.append(individualResource.getName());
704 sb.append(", primKey=");
705 sb.append(individualResource.getPrimKey());
706 sb.append(", scope=");
707 sb.append(individualResource.getScope());
708 sb.append("}");
709
710 throw new NoSuchResourcePermissionException(sb.toString());
711 }
712
713
714
715
716
717
718
719 for (int i = size - 1; i >= 0; i--) {
720 Resource resource = resources.get(i);
721
722 if (hasResourcePermission(
723 resource.getCompanyId(), resource.getName(),
724 resource.getScope(), resource.getPrimKey(), roleIds,
725 actionId)) {
726
727 return true;
728 }
729 }
730
731 return false;
732 }
733
734
754 @Override
755 public boolean hasResourcePermission(
756 long companyId, String name, int scope, String primKey, long roleId,
757 String actionId)
758 throws PortalException {
759
760 ResourcePermission resourcePermission =
761 resourcePermissionPersistence.fetchByC_N_S_P_R(
762 companyId, name, scope, primKey, roleId);
763
764 if (resourcePermission == null) {
765 return false;
766 }
767
768 ResourceAction resourceAction =
769 resourceActionLocalService.getResourceAction(name, actionId);
770
771 if (hasActionId(resourcePermission, resourceAction)) {
772 return true;
773 }
774
775 return false;
776 }
777
778
798 @Override
799 public boolean hasResourcePermission(
800 long companyId, String name, int scope, String primKey,
801 long[] roleIds, String actionId)
802 throws PortalException {
803
804 if (roleIds.length == 0) {
805 return false;
806 }
807
808 ResourceAction resourceAction =
809 resourceActionLocalService.getResourceAction(name, actionId);
810
811 if (roleIds.length >
812 PropsValues.
813 PERMISSIONS_ROLE_RESOURCE_PERMISSION_QUERY_THRESHOLD) {
814
815 int count = resourcePermissionFinder.countByC_N_S_P_R_A(
816 companyId, name, scope, primKey, roleIds,
817 resourceAction.getBitwiseValue());
818
819 if (count > 0) {
820 return true;
821 }
822 }
823 else {
824 List<ResourcePermission> resourcePermissions =
825 resourcePermissionPersistence.findByC_N_S_P_R(
826 companyId, name, scope, primKey, roleIds);
827
828 if (resourcePermissions.isEmpty()) {
829 return false;
830 }
831
832 for (ResourcePermission resourcePermission : resourcePermissions) {
833 if (hasActionId(resourcePermission, resourceAction)) {
834 return true;
835 }
836 }
837 }
838
839 return false;
840 }
841
842
846 @Deprecated
847 @Override
848 public boolean[] hasResourcePermissions(
849 long companyId, String name, int scope, String primKey,
850 long[] roleIds, String actionId)
851 throws PortalException {
852
853 boolean[] hasResourcePermissions = new boolean[roleIds.length];
854
855 if (roleIds.length == 0) {
856 return hasResourcePermissions;
857 }
858
859 ResourceAction resourceAction =
860 resourceActionLocalService.getResourceAction(name, actionId);
861
862 List<ResourcePermission> resourcePermissions =
863 resourcePermissionPersistence.findByC_N_S_P_R(
864 companyId, name, scope, primKey, roleIds);
865
866 if (resourcePermissions.isEmpty()) {
867 return hasResourcePermissions;
868 }
869
870 for (ResourcePermission resourcePermission : resourcePermissions) {
871 if (hasActionId(resourcePermission, resourceAction)) {
872 long roleId = resourcePermission.getRoleId();
873
874 for (int i = 0; i < roleIds.length; i++) {
875 if (roleIds[i] == roleId) {
876 hasResourcePermissions[i] = true;
877
878 break;
879 }
880 }
881 }
882 }
883
884 return hasResourcePermissions;
885 }
886
887
906 @Override
907 public boolean hasScopeResourcePermission(
908 long companyId, String name, int scope, long roleId,
909 String actionId)
910 throws PortalException {
911
912 List<ResourcePermission> resourcePermissions =
913 resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
914
915 for (ResourcePermission resourcePermission : resourcePermissions) {
916 if (hasResourcePermission(
917 companyId, name, scope, resourcePermission.getPrimKey(),
918 roleId, actionId)) {
919
920 return true;
921 }
922 }
923
924 return false;
925 }
926
927
934 @Override
935 public void mergePermissions(long fromRoleId, long toRoleId)
936 throws PortalException {
937
938 Role fromRole = rolePersistence.findByPrimaryKey(fromRoleId);
939 Role toRole = rolePersistence.findByPrimaryKey(toRoleId);
940
941 if (fromRole.getType() != toRole.getType()) {
942 throw new PortalException("Role types are mismatched");
943 }
944 else if (toRole.isSystem()) {
945 throw new PortalException("Cannot move permissions to system role");
946 }
947 else if (fromRole.isSystem()) {
948 throw new PortalException(
949 "Cannot move permissions from system role");
950 }
951
952 List<ResourcePermission> resourcePermissions =
953 getRoleResourcePermissions(fromRoleId);
954
955 for (ResourcePermission resourcePermission : resourcePermissions) {
956 resourcePermission.setRoleId(toRoleId);
957
958 resourcePermissionPersistence.update(resourcePermission);
959 }
960
961 roleLocalService.deleteRole(fromRoleId);
962
963 PermissionCacheUtil.clearCache();
964 }
965
966
975 @Override
976 public void reassignPermissions(long resourcePermissionId, long toRoleId)
977 throws PortalException {
978
979 ResourcePermission resourcePermission = getResourcePermission(
980 resourcePermissionId);
981
982 long companyId = resourcePermission.getCompanyId();
983 String name = resourcePermission.getName();
984 int scope = resourcePermission.getScope();
985 String primKey = resourcePermission.getPrimKey();
986 long fromRoleId = resourcePermission.getRoleId();
987
988 Role toRole = roleLocalService.getRole(toRoleId);
989
990 List<String> actionIds = null;
991
992 if (toRole.getType() == RoleConstants.TYPE_REGULAR) {
993 actionIds = ResourceActionsUtil.getModelResourceActions(name);
994 }
995 else {
996 actionIds = ResourceActionsUtil.getModelResourceGroupDefaultActions(
997 name);
998 }
999
1000 setResourcePermissions(
1001 companyId, name, scope, primKey, toRoleId,
1002 actionIds.toArray(new String[actionIds.size()]));
1003
1004 resourcePermissionPersistence.remove(resourcePermissionId);
1005
1006 List<ResourcePermission> resourcePermissions =
1007 getRoleResourcePermissions(fromRoleId);
1008
1009 if (resourcePermissions.isEmpty()) {
1010 roleLocalService.deleteRole(fromRoleId);
1011 }
1012
1013 PermissionCacheUtil.clearCache();
1014 }
1015
1016
1035 @Override
1036 public void removeResourcePermission(
1037 long companyId, String name, int scope, String primKey, long roleId,
1038 String actionId)
1039 throws PortalException {
1040
1041 updateResourcePermission(
1042 companyId, name, scope, primKey, roleId, 0, new String[] {actionId},
1043 ResourcePermissionConstants.OPERATOR_REMOVE);
1044 }
1045
1046
1059 @Override
1060 public void removeResourcePermissions(
1061 long companyId, String name, int scope, long roleId,
1062 String actionId)
1063 throws PortalException {
1064
1065 List<ResourcePermission> resourcePermissions =
1066 resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
1067
1068 for (ResourcePermission resourcePermission : resourcePermissions) {
1069 updateResourcePermission(
1070 companyId, name, scope, resourcePermission.getPrimKey(), roleId,
1071 0, new String[] {actionId},
1072 ResourcePermissionConstants.OPERATOR_REMOVE);
1073 }
1074 }
1075
1076
1103 @Override
1104 @Retry(
1105 acceptor = ExceptionRetryAcceptor.class,
1106 properties = {
1107 @Property(
1108 name = ExceptionRetryAcceptor.EXCEPTION_NAME,
1109 value =
1110 "org.springframework.dao.DataIntegrityViolationException"
1111 )
1112 }
1113 )
1114 public void setOwnerResourcePermissions(
1115 long companyId, String name, int scope, String primKey, long roleId,
1116 long ownerId, String[] actionIds)
1117 throws PortalException {
1118
1119 updateResourcePermission(
1120 companyId, name, scope, primKey, roleId, ownerId, actionIds,
1121 ResourcePermissionConstants.OPERATOR_SET);
1122 }
1123
1124
1148 @Override
1149 @Retry(
1150 acceptor = ExceptionRetryAcceptor.class,
1151 properties = {
1152 @Property(
1153 name = ExceptionRetryAcceptor.EXCEPTION_NAME,
1154 value =
1155 "org.springframework.dao.DataIntegrityViolationException"
1156 )
1157 }
1158 )
1159 public void setResourcePermissions(
1160 long companyId, String name, int scope, String primKey, long roleId,
1161 String[] actionIds)
1162 throws PortalException {
1163
1164 updateResourcePermission(
1165 companyId, name, scope, primKey, roleId, 0, actionIds,
1166 ResourcePermissionConstants.OPERATOR_SET);
1167 }
1168
1169
1192 @Override
1193 @Retry(
1194 acceptor = ExceptionRetryAcceptor.class,
1195 properties = {
1196 @Property(
1197 name = ExceptionRetryAcceptor.EXCEPTION_NAME,
1198 value =
1199 "org.springframework.dao.DataIntegrityViolationException"
1200 )
1201 }
1202 )
1203 public void setResourcePermissions(
1204 long companyId, String name, int scope, String primKey,
1205 Map<Long, String[]> roleIdsToActionIds)
1206 throws PortalException {
1207
1208 updateResourcePermission(
1209 companyId, name, scope, primKey, 0, roleIdsToActionIds);
1210 }
1211
1212 protected void doUpdateResourcePermission(
1213 long companyId, String name, int scope, String primKey,
1214 long ownerId, long roleId, String[] actionIds, int operator,
1215 boolean fetch)
1216 throws PortalException {
1217
1218 ResourcePermission resourcePermission = null;
1219
1220 Map<Long, ResourcePermission> resourcePermissionsMap =
1221 ResourcePermissionsThreadLocal.getResourcePermissions();
1222
1223 if (resourcePermissionsMap != null) {
1224 resourcePermission = resourcePermissionsMap.get(roleId);
1225 }
1226 else if (fetch) {
1227 resourcePermission = resourcePermissionPersistence.fetchByC_N_S_P_R(
1228 companyId, name, scope, primKey, roleId);
1229 }
1230
1231 if (resourcePermission == null) {
1232 if (((operator == ResourcePermissionConstants.OPERATOR_ADD) ||
1233 (operator == ResourcePermissionConstants.OPERATOR_SET)) &&
1234 (actionIds.length == 0)) {
1235
1236 return;
1237 }
1238
1239 if (operator == ResourcePermissionConstants.OPERATOR_REMOVE) {
1240 return;
1241 }
1242
1243 long resourcePermissionId = counterLocalService.increment(
1244 ResourcePermission.class.getName());
1245
1246 resourcePermission = resourcePermissionPersistence.create(
1247 resourcePermissionId);
1248
1249 resourcePermission.setCompanyId(companyId);
1250 resourcePermission.setName(name);
1251 resourcePermission.setScope(scope);
1252 resourcePermission.setPrimKey(primKey);
1253 resourcePermission.setPrimKeyId(GetterUtil.getLong(primKey));
1254 resourcePermission.setRoleId(roleId);
1255 resourcePermission.setOwnerId(ownerId);
1256 }
1257
1258 List<String> unsupportedActionIds = Collections.emptyList();
1259
1260 if (((operator == ResourcePermissionConstants.OPERATOR_ADD) ||
1261 (operator == ResourcePermissionConstants.OPERATOR_SET)) &&
1262 isGuestRoleId(companyId, roleId)) {
1263
1264 unsupportedActionIds =
1265 ResourceActionsUtil.getResourceGuestUnsupportedActions(
1266 name, name);
1267 }
1268
1269 long actionIdsLong = resourcePermission.getActionIds();
1270
1271 if (operator == ResourcePermissionConstants.OPERATOR_SET) {
1272 actionIdsLong = 0;
1273 }
1274
1275 for (String actionId : actionIds) {
1276 if (actionId == null) {
1277 break;
1278 }
1279
1280 if (unsupportedActionIds.contains(actionId)) {
1281 throw new PrincipalException(
1282 actionId + "is not supported by role " + roleId);
1283 }
1284
1285 ResourceAction resourceAction =
1286 resourceActionLocalService.getResourceAction(name, actionId);
1287
1288 if ((operator == ResourcePermissionConstants.OPERATOR_ADD) ||
1289 (operator == ResourcePermissionConstants.OPERATOR_SET)) {
1290
1291 actionIdsLong |= resourceAction.getBitwiseValue();
1292 }
1293 else {
1294 actionIdsLong =
1295 actionIdsLong & (~resourceAction.getBitwiseValue());
1296 }
1297 }
1298
1299 resourcePermission.setActionIds(actionIdsLong);
1300 resourcePermission.setViewActionId(actionIdsLong % 2 == 1);
1301
1302 resourcePermissionPersistence.update(resourcePermission);
1303
1304 IndexWriterHelperUtil.updatePermissionFields(name, primKey);
1305 }
1306
1307 protected boolean isGuestRoleId(long companyId, long roleId)
1308 throws PortalException {
1309
1310 Role guestRole = roleLocalService.getRole(
1311 companyId, RoleConstants.GUEST);
1312
1313 if (roleId == guestRole.getRoleId()) {
1314 return true;
1315 }
1316
1317 return false;
1318 }
1319
1320
1345 protected void updateResourcePermission(
1346 long companyId, String name, int scope, String primKey, long roleId,
1347 long ownerId, String[] actionIds, int operator)
1348 throws PortalException {
1349
1350 doUpdateResourcePermission(
1351 companyId, name, scope, primKey, ownerId, roleId, actionIds,
1352 operator, true);
1353 }
1354
1355
1375 protected void updateResourcePermission(
1376 long companyId, String name, int scope, String primKey,
1377 long ownerId, Map<Long, String[]> roleIdsToActionIds)
1378 throws PortalException {
1379
1380 boolean flushResourcePermissionEnabled =
1381 PermissionThreadLocal.isFlushResourcePermissionEnabled(
1382 name, primKey);
1383
1384 PermissionThreadLocal.setFlushResourcePermissionEnabled(
1385 name, primKey, false);
1386
1387 try {
1388 long[] roleIds = ArrayUtil.toLongArray(roleIdsToActionIds.keySet());
1389
1390 List<ResourcePermission> resourcePermissions =
1391 resourcePermissionPersistence.findByC_N_S_P_R(
1392 companyId, name, scope, primKey, roleIds);
1393
1394 for (ResourcePermission resourcePermission : resourcePermissions) {
1395 long roleId = resourcePermission.getRoleId();
1396 String[] actionIds = roleIdsToActionIds.remove(roleId);
1397
1398 doUpdateResourcePermission(
1399 companyId, name, scope, primKey, ownerId, roleId, actionIds,
1400 ResourcePermissionConstants.OPERATOR_SET, true);
1401 }
1402
1403 if (roleIdsToActionIds.isEmpty()) {
1404 return;
1405 }
1406
1407 for (Map.Entry<Long, String[]> entry :
1408 roleIdsToActionIds.entrySet()) {
1409
1410 long roleId = entry.getKey();
1411 String[] actionIds = entry.getValue();
1412
1413 doUpdateResourcePermission(
1414 companyId, name, scope, primKey, ownerId, roleId, actionIds,
1415 ResourcePermissionConstants.OPERATOR_SET, false);
1416 }
1417
1418 TransactionCommitCallbackUtil.registerCallback(
1419 new UpdateResourcePermissionCallable(name, primKey));
1420 }
1421 finally {
1422 PermissionThreadLocal.setFlushResourcePermissionEnabled(
1423 name, primKey, flushResourcePermissionEnabled);
1424
1425 PermissionCacheUtil.clearResourcePermissionCache(
1426 scope, name, primKey);
1427
1428 IndexWriterHelperUtil.updatePermissionFields(name, primKey);
1429 }
1430 }
1431
1432 private static final String _FIND_MISSING_RESOURCE_PERMISSIONS =
1433 ResourcePermissionLocalServiceImpl.class.getName() +
1434 ".findMissingResourcePermissions";
1435
1436 private static final String _UPDATE_ACTION_IDS =
1437 ResourcePermissionLocalServiceImpl.class.getName() + ".updateActionIds";
1438
1439 private static class UpdateResourcePermissionCallable
1440 implements Callable<Void> {
1441
1442 public UpdateResourcePermissionCallable(String name, String primKey) {
1443 _name = name;
1444 _primKey = primKey;
1445 }
1446
1447 @Override
1448 public Void call() {
1449 PermissionUpdateHandler permissionUpdateHandler =
1450 PermissionUpdateHandlerRegistryUtil.getPermissionUpdateHandler(
1451 _name);
1452
1453 if (permissionUpdateHandler == null) {
1454 return null;
1455 }
1456
1457 permissionUpdateHandler.updatedPermission(_primKey);
1458
1459 return null;
1460 }
1461
1462 private final String _name;
1463 private final String _primKey;
1464
1465 }
1466
1467 }