001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.model.Group; 019 import com.liferay.portal.model.Role; 020 import com.liferay.portal.model.RoleConstants; 021 import com.liferay.portal.model.User; 022 import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil; 023 import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil; 024 import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil; 025 import com.liferay.portal.security.permission.ActionKeys; 026 import com.liferay.portal.service.ServiceContext; 027 import com.liferay.portal.service.base.RoleServiceBaseImpl; 028 import com.liferay.portal.service.permission.PortalPermissionUtil; 029 import com.liferay.portal.service.permission.RolePermissionUtil; 030 import com.liferay.portal.service.permission.UserPermissionUtil; 031 import com.liferay.portlet.expando.model.ExpandoBridge; 032 033 import java.io.Serializable; 034 035 import java.util.ArrayList; 036 import java.util.List; 037 import java.util.Locale; 038 import java.util.Map; 039 040 /** 041 * Provides the remote service for accessing, adding, unassigning, checking, 042 * deleting, and updating roles. Its methods include permission checks. 043 * 044 * @author Brian Wing Shun Chan 045 */ 046 public class RoleServiceImpl extends RoleServiceBaseImpl { 047 048 /** 049 * Adds a role. The user is reindexed after role is added. 050 * 051 * @param className the name of the class for which the role is created 052 * @param classPK the primary key of the class for which the role is 053 * created (optionally <code>0</code>) 054 * @param name the role's name 055 * @param titleMap the role's localized titles (optionally 056 * <code>null</code>) 057 * @param descriptionMap the role's localized descriptions (optionally 058 * <code>null</code>) 059 * @param type the role's type (optionally <code>0</code>) 060 * @param subtype the role's subtype (optionally <code>null</code>) 061 * @param serviceContext the service context to be applied (optionally 062 * <code>null</code>). Can set the expando bridge attributes for the 063 * role. 064 * @return the role 065 * @throws PortalException if a user with the primary key could not be 066 * found, if the user did not have permission to add roles, if the 067 * class name or the role name were invalid, or if the role is a 068 * duplicate 069 */ 070 @Override 071 public Role addRole( 072 String className, long classPK, String name, 073 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 074 int type, String subtype, ServiceContext serviceContext) 075 throws PortalException { 076 077 PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE); 078 079 User user = getUser(); 080 081 Role role = roleLocalService.addRole( 082 user.getUserId(), className, classPK, name, titleMap, 083 descriptionMap, type, subtype, serviceContext); 084 085 if (type == RoleConstants.TYPE_ORGANIZATION) { 086 OrganizationMembershipPolicyUtil.verifyPolicy(role); 087 } 088 else if (type == RoleConstants.TYPE_SITE) { 089 SiteMembershipPolicyUtil.verifyPolicy(role); 090 } 091 else { 092 RoleMembershipPolicyUtil.verifyPolicy(role); 093 } 094 095 return role; 096 } 097 098 /** 099 * Adds a role. The user is reindexed after role is added. 100 * 101 * @param name the role's name 102 * @param titleMap the role's localized titles (optionally 103 * <code>null</code>) 104 * @param descriptionMap the role's localized descriptions (optionally 105 * <code>null</code>) 106 * @param type the role's type (optionally <code>0</code>) 107 * @return the role 108 * @throws PortalException if a user with the primary key could not be 109 * found, if the user did not have permission to add roles, if 110 * the class name or the role name were invalid, or if the role 111 * is a duplicate 112 * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long, 113 * String, Map, Map, int, String, ServiceContext)} 114 */ 115 @Deprecated 116 @Override 117 public Role addRole( 118 String name, Map<Locale, String> titleMap, 119 Map<Locale, String> descriptionMap, int type) 120 throws PortalException { 121 122 return addRole( 123 null, 0, name, titleMap, descriptionMap, type, null, null); 124 } 125 126 /** 127 * Adds the roles to the user. The user is reindexed after the roles are 128 * added. 129 * 130 * @param userId the primary key of the user 131 * @param roleIds the primary keys of the roles 132 * @throws PortalException if a user with the primary key could not be found 133 * or if the user did not have permission to assign members to one 134 * of the roles 135 */ 136 @Override 137 public void addUserRoles(long userId, long[] roleIds) 138 throws PortalException { 139 140 if (roleIds.length == 0) { 141 return; 142 } 143 144 checkUserRolesPermission(userId, roleIds); 145 146 RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null); 147 148 roleLocalService.addUserRoles(userId, roleIds); 149 150 RoleMembershipPolicyUtil.propagateRoles( 151 new long[] {userId}, roleIds, null); 152 } 153 154 /** 155 * Deletes the role with the primary key and its associated permissions. 156 * 157 * @param roleId the primary key of the role 158 * @throws PortalException if the user did not have permission to delete the 159 * role, if a role with the primary key could not be found, if the 160 * role is a default system role, or if the role's resource could 161 * not be found 162 */ 163 @Override 164 public void deleteRole(long roleId) throws PortalException { 165 RolePermissionUtil.check( 166 getPermissionChecker(), roleId, ActionKeys.DELETE); 167 168 roleLocalService.deleteRole(roleId); 169 } 170 171 /** 172 * Returns all the roles associated with the group. 173 * 174 * @param groupId the primary key of the group 175 * @return the roles associated with the group 176 * @throws PortalException if a portal exception occurred 177 */ 178 @Override 179 public List<Role> getGroupRoles(long groupId) throws PortalException { 180 List<Role> roles = roleLocalService.getGroupRoles(groupId); 181 182 return filterRoles(roles); 183 } 184 185 /** 186 * Returns the role with the primary key. 187 * 188 * @param roleId the primary key of the role 189 * @return the role with the primary key 190 * @throws PortalException if a role with the primary key could not be found 191 * or if the user did not have permission to view the role 192 */ 193 @Override 194 public Role getRole(long roleId) throws PortalException { 195 RolePermissionUtil.check( 196 getPermissionChecker(), roleId, ActionKeys.VIEW); 197 198 return roleLocalService.getRole(roleId); 199 } 200 201 /** 202 * Returns the role with the name in the company. 203 * 204 * <p> 205 * The method searches the system roles map first for default roles. If a 206 * role with the name is not found, then the method will query the database. 207 * </p> 208 * 209 * @param companyId the primary key of the company 210 * @param name the role's name 211 * @return the role with the name 212 * @throws PortalException if a role with the name could not be found in the 213 * company or if the user did not have permission to view the role 214 */ 215 @Override 216 public Role getRole(long companyId, String name) throws PortalException { 217 Role role = roleLocalService.getRole(companyId, name); 218 219 RolePermissionUtil.check( 220 getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW); 221 222 return role; 223 } 224 225 /** 226 * Returns all the user's roles within the user group. 227 * 228 * @param userId the primary key of the user 229 * @param groupId the primary key of the group 230 * @return the user's roles within the user group 231 * @throws PortalException if a portal exception occurred 232 */ 233 @Override 234 public List<Role> getUserGroupGroupRoles(long userId, long groupId) 235 throws PortalException { 236 237 UserPermissionUtil.check( 238 getPermissionChecker(), userId, ActionKeys.VIEW); 239 240 List<Role> roles = roleLocalService.getUserGroupGroupRoles( 241 userId, groupId); 242 243 return filterRoles(roles); 244 } 245 246 /** 247 * Returns all the user's roles within the user group. 248 * 249 * @param userId the primary key of the user 250 * @param groupId the primary key of the group 251 * @return the user's roles within the user group 252 * @throws PortalException if a portal exception occurred 253 */ 254 @Override 255 public List<Role> getUserGroupRoles(long userId, long groupId) 256 throws PortalException { 257 258 UserPermissionUtil.check( 259 getPermissionChecker(), userId, ActionKeys.VIEW); 260 261 List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId); 262 263 return filterRoles(roles); 264 } 265 266 /** 267 * Returns the union of all the user's roles within the groups. 268 * 269 * @param userId the primary key of the user 270 * @param groups the groups (optionally <code>null</code>) 271 * @return the union of all the user's roles within the groups 272 * @throws PortalException if a portal exception occurred 273 */ 274 @Override 275 public List<Role> getUserRelatedRoles(long userId, List<Group> groups) 276 throws PortalException { 277 278 UserPermissionUtil.check( 279 getPermissionChecker(), userId, ActionKeys.VIEW); 280 281 List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups); 282 283 return filterRoles(roles); 284 } 285 286 /** 287 * Returns all the roles associated with the user. 288 * 289 * @param userId the primary key of the user 290 * @return the roles associated with the user 291 * @throws PortalException if a portal exception occurred 292 */ 293 @Override 294 public List<Role> getUserRoles(long userId) throws PortalException { 295 UserPermissionUtil.check( 296 getPermissionChecker(), userId, ActionKeys.VIEW); 297 298 List<Role> roles = roleLocalService.getUserRoles(userId); 299 300 return filterRoles(roles); 301 } 302 303 /** 304 * Returns <code>true</code> if the user is associated with the named 305 * regular role. 306 * 307 * @param userId the primary key of the user 308 * @param companyId the primary key of the company 309 * @param name the name of the role 310 * @param inherited whether to include the user's inherited roles in the 311 * search 312 * @return <code>true</code> if the user is associated with the regular 313 * role; <code>false</code> otherwise 314 * @throws PortalException if a role with the name could not be found in the 315 * company or if a default user for the company could not be found 316 */ 317 @Override 318 public boolean hasUserRole( 319 long userId, long companyId, String name, boolean inherited) 320 throws PortalException { 321 322 UserPermissionUtil.check( 323 getPermissionChecker(), userId, ActionKeys.VIEW); 324 325 return roleLocalService.hasUserRole(userId, companyId, name, inherited); 326 } 327 328 /** 329 * Returns <code>true</code> if the user has any one of the named regular 330 * roles. 331 * 332 * @param userId the primary key of the user 333 * @param companyId the primary key of the company 334 * @param names the names of the roles 335 * @param inherited whether to include the user's inherited roles in the 336 * search 337 * @return <code>true</code> if the user has any one of the regular roles; 338 * <code>false</code> otherwise 339 * @throws PortalException if any one of the roles with the names could not 340 * be found in the company or if the default user for the company 341 * could not be found 342 */ 343 @Override 344 public boolean hasUserRoles( 345 long userId, long companyId, String[] names, boolean inherited) 346 throws PortalException { 347 348 UserPermissionUtil.check( 349 getPermissionChecker(), userId, ActionKeys.VIEW); 350 351 return roleLocalService.hasUserRoles( 352 userId, companyId, names, inherited); 353 } 354 355 /** 356 * Removes the matching roles associated with the user. The user is 357 * reindexed after the roles are removed. 358 * 359 * @param userId the primary key of the user 360 * @param roleIds the primary keys of the roles 361 * @throws PortalException if a user with the primary key could not be 362 * found, if the user did not have permission to remove members from 363 * a role, or if a role with any one of the primary keys could not 364 * be found 365 */ 366 @Override 367 public void unsetUserRoles(long userId, long[] roleIds) 368 throws PortalException { 369 370 if (roleIds.length == 0) { 371 return; 372 } 373 374 checkUserRolesPermission(userId, roleIds); 375 376 RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds); 377 378 roleLocalService.unsetUserRoles(userId, roleIds); 379 380 RoleMembershipPolicyUtil.propagateRoles( 381 new long[] {userId}, null, roleIds); 382 } 383 384 /** 385 * Updates the role with the primary key. 386 * 387 * @param roleId the primary key of the role 388 * @param name the role's new name 389 * @param titleMap the new localized titles (optionally <code>null</code>) 390 * to replace those existing for the role 391 * @param descriptionMap the new localized descriptions (optionally 392 * <code>null</code>) to replace those existing for the role 393 * @param subtype the role's new subtype (optionally <code>null</code>) 394 * @param serviceContext the service context to be applied (optionally 395 * <code>null</code>). Can set the expando bridge attributes for the 396 * role. 397 * @return the role with the primary key 398 * @throws PortalException if the user did not have permission to update the 399 * role, if a role with the primary could not be found, or if the 400 * role's name was invalid 401 */ 402 @Override 403 public Role updateRole( 404 long roleId, String name, Map<Locale, String> titleMap, 405 Map<Locale, String> descriptionMap, String subtype, 406 ServiceContext serviceContext) 407 throws PortalException { 408 409 RolePermissionUtil.check( 410 getPermissionChecker(), roleId, ActionKeys.UPDATE); 411 412 Role oldRole = rolePersistence.findByPrimaryKey(roleId); 413 414 ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge(); 415 416 Map<String, Serializable> oldExpandoAttributes = 417 oldExpandoBridge.getAttributes(); 418 419 Role role = roleLocalService.updateRole( 420 roleId, name, titleMap, descriptionMap, subtype, serviceContext); 421 422 if (role.getType() == RoleConstants.TYPE_ORGANIZATION) { 423 OrganizationMembershipPolicyUtil.verifyPolicy( 424 role, oldRole, oldExpandoAttributes); 425 } 426 else if (role.getType() == RoleConstants.TYPE_SITE) { 427 SiteMembershipPolicyUtil.verifyPolicy( 428 role, oldRole, oldExpandoAttributes); 429 } 430 else { 431 RoleMembershipPolicyUtil.verifyPolicy( 432 role, oldRole, oldExpandoAttributes); 433 } 434 435 return role; 436 } 437 438 protected void checkUserRolesPermission(long userId, long[] roleIds) 439 throws PortalException { 440 441 for (int i = 0; i < roleIds.length; i++) { 442 RolePermissionUtil.check( 443 getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS); 444 } 445 } 446 447 protected List<Role> filterRoles(List<Role> roles) throws PortalException { 448 List<Role> filteredRoles = new ArrayList<Role>(); 449 450 for (Role role : roles) { 451 if (RolePermissionUtil.contains( 452 getPermissionChecker(), role.getRoleId(), 453 ActionKeys.VIEW)) { 454 455 filteredRoles.add(role); 456 } 457 } 458 459 return filteredRoles; 460 } 461 462 }