001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.model.Group;
019    import com.liferay.portal.model.Role;
020    import com.liferay.portal.model.RoleConstants;
021    import com.liferay.portal.model.User;
022    import com.liferay.portal.security.membershippolicy.OrganizationMembershipPolicyUtil;
023    import com.liferay.portal.security.membershippolicy.RoleMembershipPolicyUtil;
024    import com.liferay.portal.security.membershippolicy.SiteMembershipPolicyUtil;
025    import com.liferay.portal.security.permission.ActionKeys;
026    import com.liferay.portal.service.ServiceContext;
027    import com.liferay.portal.service.base.RoleServiceBaseImpl;
028    import com.liferay.portal.service.permission.PortalPermissionUtil;
029    import com.liferay.portal.service.permission.RolePermissionUtil;
030    import com.liferay.portal.service.permission.UserPermissionUtil;
031    import com.liferay.portlet.expando.model.ExpandoBridge;
032    
033    import java.io.Serializable;
034    
035    import java.util.ArrayList;
036    import java.util.List;
037    import java.util.Locale;
038    import java.util.Map;
039    
040    /**
041     * Provides the remote service for accessing, adding, unassigning, checking,
042     * deleting, and updating roles. Its methods include permission checks.
043     *
044     * @author Brian Wing Shun Chan
045     */
046    public class RoleServiceImpl extends RoleServiceBaseImpl {
047    
048            /**
049             * Adds a role. The user is reindexed after role is added.
050             *
051             * @param  className the name of the class for which the role is created
052             * @param  classPK the primary key of the class for which the role is
053             *         created (optionally <code>0</code>)
054             * @param  name the role's name
055             * @param  titleMap the role's localized titles (optionally
056             *         <code>null</code>)
057             * @param  descriptionMap the role's localized descriptions (optionally
058             *         <code>null</code>)
059             * @param  type the role's type (optionally <code>0</code>)
060             * @param  subtype the role's subtype (optionally <code>null</code>)
061             * @param  serviceContext the service context to be applied (optionally
062             *         <code>null</code>). Can set the expando bridge attributes for the
063             *         role.
064             * @return the role
065             * @throws PortalException if a user with the primary key could not be
066             *         found, if the user did not have permission to add roles, if the
067             *         class name or the role name were invalid, or if the role is a
068             *         duplicate
069             */
070            @Override
071            public Role addRole(
072                            String className, long classPK, String name,
073                            Map<Locale, String> titleMap, Map<Locale, String> descriptionMap,
074                            int type, String subtype, ServiceContext serviceContext)
075                    throws PortalException {
076    
077                    PortalPermissionUtil.check(getPermissionChecker(), ActionKeys.ADD_ROLE);
078    
079                    User user = getUser();
080    
081                    Role role = roleLocalService.addRole(
082                            user.getUserId(), className, classPK, name, titleMap,
083                            descriptionMap, type, subtype, serviceContext);
084    
085                    if (type == RoleConstants.TYPE_ORGANIZATION) {
086                            OrganizationMembershipPolicyUtil.verifyPolicy(role);
087                    }
088                    else if (type == RoleConstants.TYPE_SITE) {
089                            SiteMembershipPolicyUtil.verifyPolicy(role);
090                    }
091                    else {
092                            RoleMembershipPolicyUtil.verifyPolicy(role);
093                    }
094    
095                    return role;
096            }
097    
098            /**
099             * Adds a role. The user is reindexed after role is added.
100             *
101             * @param      name the role's name
102             * @param      titleMap the role's localized titles (optionally
103             *             <code>null</code>)
104             * @param      descriptionMap the role's localized descriptions (optionally
105             *             <code>null</code>)
106             * @param      type the role's type (optionally <code>0</code>)
107             * @return     the role
108             * @throws     PortalException if a user with the primary key could not be
109             *             found, if the user did not have permission to add roles, if
110             *             the class name or the role name were invalid, or if the role
111             *             is a duplicate
112             * @deprecated As of 6.2.0, replaced by {@link #addRole(String, long,
113             *             String, Map, Map, int, String, ServiceContext)}
114             */
115            @Deprecated
116            @Override
117            public Role addRole(
118                            String name, Map<Locale, String> titleMap,
119                            Map<Locale, String> descriptionMap, int type)
120                    throws PortalException {
121    
122                    return addRole(
123                            null, 0, name, titleMap, descriptionMap, type, null, null);
124            }
125    
126            /**
127             * Adds the roles to the user. The user is reindexed after the roles are
128             * added.
129             *
130             * @param  userId the primary key of the user
131             * @param  roleIds the primary keys of the roles
132             * @throws PortalException if a user with the primary key could not be found
133             *         or if the user did not have permission to assign members to one
134             *         of the roles
135             */
136            @Override
137            public void addUserRoles(long userId, long[] roleIds)
138                    throws PortalException {
139    
140                    if (roleIds.length == 0) {
141                            return;
142                    }
143    
144                    checkUserRolesPermission(userId, roleIds);
145    
146                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, roleIds, null);
147    
148                    roleLocalService.addUserRoles(userId, roleIds);
149    
150                    RoleMembershipPolicyUtil.propagateRoles(
151                            new long[] {userId}, roleIds, null);
152            }
153    
154            /**
155             * Deletes the role with the primary key and its associated permissions.
156             *
157             * @param  roleId the primary key of the role
158             * @throws PortalException if the user did not have permission to delete the
159             *         role, if a role with the primary key could not be found, if the
160             *         role is a default system role, or if the role's resource could
161             *         not be found
162             */
163            @Override
164            public void deleteRole(long roleId) throws PortalException {
165                    RolePermissionUtil.check(
166                            getPermissionChecker(), roleId, ActionKeys.DELETE);
167    
168                    roleLocalService.deleteRole(roleId);
169            }
170    
171            /**
172             * Returns all the roles associated with the group.
173             *
174             * @param  groupId the primary key of the group
175             * @return the roles associated with the group
176             * @throws PortalException if a portal exception occurred
177             */
178            @Override
179            public List<Role> getGroupRoles(long groupId) throws PortalException {
180                    List<Role> roles = roleLocalService.getGroupRoles(groupId);
181    
182                    return filterRoles(roles);
183            }
184    
185            /**
186             * Returns the role with the primary key.
187             *
188             * @param  roleId the primary key of the role
189             * @return the role with the primary key
190             * @throws PortalException if a role with the primary key could not be found
191             *         or if the user did not have permission to view the role
192             */
193            @Override
194            public Role getRole(long roleId) throws PortalException {
195                    RolePermissionUtil.check(
196                            getPermissionChecker(), roleId, ActionKeys.VIEW);
197    
198                    return roleLocalService.getRole(roleId);
199            }
200    
201            /**
202             * Returns the role with the name in the company.
203             *
204             * <p>
205             * The method searches the system roles map first for default roles. If a
206             * role with the name is not found, then the method will query the database.
207             * </p>
208             *
209             * @param  companyId the primary key of the company
210             * @param  name the role's name
211             * @return the role with the name
212             * @throws PortalException if a role with the name could not be found in the
213             *         company or if the user did not have permission to view the role
214             */
215            @Override
216            public Role getRole(long companyId, String name) throws PortalException {
217                    Role role = roleLocalService.getRole(companyId, name);
218    
219                    RolePermissionUtil.check(
220                            getPermissionChecker(), role.getRoleId(), ActionKeys.VIEW);
221    
222                    return role;
223            }
224    
225            /**
226             * Returns all the user's roles within the user group.
227             *
228             * @param  userId the primary key of the user
229             * @param  groupId the primary key of the group
230             * @return the user's roles within the user group
231             * @throws PortalException if a portal exception occurred
232             */
233            @Override
234            public List<Role> getUserGroupGroupRoles(long userId, long groupId)
235                    throws PortalException {
236    
237                    UserPermissionUtil.check(
238                            getPermissionChecker(), userId, ActionKeys.VIEW);
239    
240                    List<Role> roles = roleLocalService.getUserGroupGroupRoles(
241                            userId, groupId);
242    
243                    return filterRoles(roles);
244            }
245    
246            /**
247             * Returns all the user's roles within the user group.
248             *
249             * @param  userId the primary key of the user
250             * @param  groupId the primary key of the group
251             * @return the user's roles within the user group
252             * @throws PortalException if a portal exception occurred
253             */
254            @Override
255            public List<Role> getUserGroupRoles(long userId, long groupId)
256                    throws PortalException {
257    
258                    UserPermissionUtil.check(
259                            getPermissionChecker(), userId, ActionKeys.VIEW);
260    
261                    List<Role> roles = roleLocalService.getUserGroupRoles(userId, groupId);
262    
263                    return filterRoles(roles);
264            }
265    
266            /**
267             * Returns the union of all the user's roles within the groups.
268             *
269             * @param  userId the primary key of the user
270             * @param  groups the groups (optionally <code>null</code>)
271             * @return the union of all the user's roles within the groups
272             * @throws PortalException if a portal exception occurred
273             */
274            @Override
275            public List<Role> getUserRelatedRoles(long userId, List<Group> groups)
276                    throws PortalException {
277    
278                    UserPermissionUtil.check(
279                            getPermissionChecker(), userId, ActionKeys.VIEW);
280    
281                    List<Role> roles = roleLocalService.getUserRelatedRoles(userId, groups);
282    
283                    return filterRoles(roles);
284            }
285    
286            /**
287             * Returns all the roles associated with the user.
288             *
289             * @param  userId the primary key of the user
290             * @return the roles associated with the user
291             * @throws PortalException if a portal exception occurred
292             */
293            @Override
294            public List<Role> getUserRoles(long userId) throws PortalException {
295                    UserPermissionUtil.check(
296                            getPermissionChecker(), userId, ActionKeys.VIEW);
297    
298                    List<Role> roles = roleLocalService.getUserRoles(userId);
299    
300                    return filterRoles(roles);
301            }
302    
303            /**
304             * Returns <code>true</code> if the user is associated with the named
305             * regular role.
306             *
307             * @param  userId the primary key of the user
308             * @param  companyId the primary key of the company
309             * @param  name the name of the role
310             * @param  inherited whether to include the user's inherited roles in the
311             *         search
312             * @return <code>true</code> if the user is associated with the regular
313             *         role; <code>false</code> otherwise
314             * @throws PortalException if a role with the name could not be found in the
315             *         company or if a default user for the company could not be found
316             */
317            @Override
318            public boolean hasUserRole(
319                            long userId, long companyId, String name, boolean inherited)
320                    throws PortalException {
321    
322                    UserPermissionUtil.check(
323                            getPermissionChecker(), userId, ActionKeys.VIEW);
324    
325                    return roleLocalService.hasUserRole(userId, companyId, name, inherited);
326            }
327    
328            /**
329             * Returns <code>true</code> if the user has any one of the named regular
330             * roles.
331             *
332             * @param  userId the primary key of the user
333             * @param  companyId the primary key of the company
334             * @param  names the names of the roles
335             * @param  inherited whether to include the user's inherited roles in the
336             *         search
337             * @return <code>true</code> if the user has any one of the regular roles;
338             *         <code>false</code> otherwise
339             * @throws PortalException if any one of the roles with the names could not
340             *         be found in the company or if the default user for the company
341             *         could not be found
342             */
343            @Override
344            public boolean hasUserRoles(
345                            long userId, long companyId, String[] names, boolean inherited)
346                    throws PortalException {
347    
348                    UserPermissionUtil.check(
349                            getPermissionChecker(), userId, ActionKeys.VIEW);
350    
351                    return roleLocalService.hasUserRoles(
352                            userId, companyId, names, inherited);
353            }
354    
355            /**
356             * Removes the matching roles associated with the user. The user is
357             * reindexed after the roles are removed.
358             *
359             * @param  userId the primary key of the user
360             * @param  roleIds the primary keys of the roles
361             * @throws PortalException if a user with the primary key could not be
362             *         found, if the user did not have permission to remove members from
363             *         a role, or if a role with any one of the primary keys could not
364             *         be found
365             */
366            @Override
367            public void unsetUserRoles(long userId, long[] roleIds)
368                    throws PortalException {
369    
370                    if (roleIds.length == 0) {
371                            return;
372                    }
373    
374                    checkUserRolesPermission(userId, roleIds);
375    
376                    RoleMembershipPolicyUtil.checkRoles(new long[] {userId}, null, roleIds);
377    
378                    roleLocalService.unsetUserRoles(userId, roleIds);
379    
380                    RoleMembershipPolicyUtil.propagateRoles(
381                            new long[] {userId}, null, roleIds);
382            }
383    
384            /**
385             * Updates the role with the primary key.
386             *
387             * @param  roleId the primary key of the role
388             * @param  name the role's new name
389             * @param  titleMap the new localized titles (optionally <code>null</code>)
390             *         to replace those existing for the role
391             * @param  descriptionMap the new localized descriptions (optionally
392             *         <code>null</code>) to replace those existing for the role
393             * @param  subtype the role's new subtype (optionally <code>null</code>)
394             * @param  serviceContext the service context to be applied (optionally
395             *         <code>null</code>). Can set the expando bridge attributes for the
396             *         role.
397             * @return the role with the primary key
398             * @throws PortalException if the user did not have permission to update the
399             *         role, if a role with the primary could not be found, or if the
400             *         role's name was invalid
401             */
402            @Override
403            public Role updateRole(
404                            long roleId, String name, Map<Locale, String> titleMap,
405                            Map<Locale, String> descriptionMap, String subtype,
406                            ServiceContext serviceContext)
407                    throws PortalException {
408    
409                    RolePermissionUtil.check(
410                            getPermissionChecker(), roleId, ActionKeys.UPDATE);
411    
412                    Role oldRole = rolePersistence.findByPrimaryKey(roleId);
413    
414                    ExpandoBridge oldExpandoBridge = oldRole.getExpandoBridge();
415    
416                    Map<String, Serializable> oldExpandoAttributes =
417                            oldExpandoBridge.getAttributes();
418    
419                    Role role = roleLocalService.updateRole(
420                            roleId, name, titleMap, descriptionMap, subtype, serviceContext);
421    
422                    if (role.getType() == RoleConstants.TYPE_ORGANIZATION) {
423                            OrganizationMembershipPolicyUtil.verifyPolicy(
424                                    role, oldRole, oldExpandoAttributes);
425                    }
426                    else if (role.getType() == RoleConstants.TYPE_SITE) {
427                            SiteMembershipPolicyUtil.verifyPolicy(
428                                    role, oldRole, oldExpandoAttributes);
429                    }
430                    else {
431                            RoleMembershipPolicyUtil.verifyPolicy(
432                                    role, oldRole, oldExpandoAttributes);
433                    }
434    
435                    return role;
436            }
437    
438            protected void checkUserRolesPermission(long userId, long[] roleIds)
439                    throws PortalException {
440    
441                    for (int i = 0; i < roleIds.length; i++) {
442                            RolePermissionUtil.check(
443                                    getPermissionChecker(), roleIds[i], ActionKeys.ASSIGN_MEMBERS);
444                    }
445            }
446    
447            protected List<Role> filterRoles(List<Role> roles) throws PortalException {
448                    List<Role> filteredRoles = new ArrayList<Role>();
449    
450                    for (Role role : roles) {
451                            if (RolePermissionUtil.contains(
452                                            getPermissionChecker(), role.getRoleId(),
453                                            ActionKeys.VIEW)) {
454    
455                                    filteredRoles.add(role);
456                            }
457                    }
458    
459                    return filteredRoles;
460            }
461    
462    }