001
014
015 package com.liferay.portal.security.membershippolicy;
016
017 import com.liferay.portal.kernel.dao.orm.QueryUtil;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.search.Indexer;
022 import com.liferay.portal.kernel.util.ListUtil;
023 import com.liferay.portal.kernel.util.StringPool;
024 import com.liferay.portal.kernel.util.UnicodeProperties;
025 import com.liferay.portal.model.Group;
026 import com.liferay.portal.model.GroupConstants;
027 import com.liferay.portal.model.User;
028 import com.liferay.portal.service.GroupLocalServiceUtil;
029 import com.liferay.portal.service.UserLocalServiceUtil;
030 import com.liferay.portlet.asset.model.AssetCategory;
031 import com.liferay.portlet.asset.model.AssetTag;
032
033 import java.io.Serializable;
034
035 import java.util.ArrayList;
036 import java.util.LinkedHashMap;
037 import java.util.List;
038 import java.util.Map;
039
040
043 public class DefaultSiteMembershipPolicy extends BaseSiteMembershipPolicy {
044
045 @Override
046 public void checkMembership(
047 long[] userIds, long[] addGroupIds, long[] removeGroupIds)
048 throws PortalException {
049
050 if (addGroupIds != null) {
051 checkAddUsersLimitedGroup(userIds, addGroupIds);
052 }
053 }
054
055 @Override
056 public boolean isMembershipAllowed(long userId, long groupId) {
057 try {
058 Group group = GroupLocalServiceUtil.getGroup(groupId);
059
060 if (group.isLimitedToParentSiteMembers()) {
061 if (!GroupLocalServiceUtil.hasUserGroup(
062 userId, group.getParentGroupId(), false)) {
063
064 return false;
065 }
066 }
067 }
068 catch (Exception e) {
069 _log.error(e, e);
070 }
071
072 return true;
073 }
074
075 @Override
076 public void propagateMembership(
077 long[] userIds, long[] addGroupIds, long[] removeGroupIds)
078 throws PortalException {
079
080 if (removeGroupIds != null) {
081 for (long removeGroupId : removeGroupIds) {
082 removeUsersFromLimitedChildrenGroups(userIds, removeGroupId);
083 }
084 }
085 }
086
087 @Override
088 public void verifyPolicy(Group group) throws PortalException {
089 if (group.isLimitedToParentSiteMembers()) {
090 verifyLimitedParentMembership(group);
091 }
092 }
093
094 @Override
095 public void verifyPolicy(
096 Group group, Group oldGroup, List<AssetCategory> oldAssetCategories,
097 List<AssetTag> oldAssetTags,
098 Map<String, Serializable> oldExpandoAttributes,
099 UnicodeProperties oldTypeSettingsProperties)
100 throws PortalException {
101
102 if (group.isLimitedToParentSiteMembers()) {
103 if ((group.getParentGroupId() == oldGroup.getParentGroupId()) &&
104 oldGroup.isLimitedToParentSiteMembers()) {
105
106 verifyPolicy(group);
107 }
108 else {
109 List<Group> childrenGroups = getLimitedChildrenGroups(group);
110
111 for (Group childrenGroup : childrenGroups) {
112 verifyPolicy(childrenGroup);
113 }
114 }
115 }
116 }
117
118 protected void checkAddUsersLimitedGroup(long[] userIds, long[] groupIds)
119 throws PortalException {
120
121 MembershipPolicyException membershipPolicyException = null;
122
123 for (long groupId : groupIds) {
124 Group group = GroupLocalServiceUtil.getGroup(groupId);
125
126 if (!group.isLimitedToParentSiteMembers()) {
127 continue;
128 }
129
130 for (long userId : userIds) {
131 if (!GroupLocalServiceUtil.hasUserGroup(
132 userId, group.getParentGroupId(), false)) {
133
134 if (membershipPolicyException == null) {
135 membershipPolicyException =
136 new MembershipPolicyException(
137 MembershipPolicyException.
138 SITE_MEMBERSHIP_NOT_ALLOWED);
139 }
140
141 User user = UserLocalServiceUtil.getUser(userId);
142
143 membershipPolicyException.addUser(user);
144 }
145 }
146
147 if (membershipPolicyException != null) {
148 membershipPolicyException.addGroup(group);
149 }
150 }
151
152 if (membershipPolicyException != null) {
153 throw membershipPolicyException;
154 }
155 }
156
157 protected List<Group> getLimitedChildrenGroups(Group group)
158 throws PortalException {
159
160 List<Group> parentGroups = new ArrayList<Group>();
161
162 parentGroups.add(group);
163
164 LinkedHashMap<String, Object> groupParams =
165 new LinkedHashMap<String, Object>();
166
167 groupParams.put("groupsTree", parentGroups);
168 groupParams.put(
169 "membershipRestriction",
170 GroupConstants.MEMBERSHIP_RESTRICTION_TO_PARENT_SITE_MEMBERS);
171 groupParams.put("site", Boolean.TRUE);
172
173 List<Group> childrenGroups = GroupLocalServiceUtil.search(
174 group.getCompanyId(), null, StringPool.BLANK, groupParams,
175 QueryUtil.ALL_POS, QueryUtil.ALL_POS);
176
177 List<Group> filteredChildrenGroups = ListUtil.copy(childrenGroups);
178
179 for (Group childrenGroup : childrenGroups) {
180 for (Group ancestorGroup : childrenGroup.getAncestors()) {
181 if ((ancestorGroup.getGroupId() != group.getGroupId()) &&
182 !ancestorGroup.isLimitedToParentSiteMembers()) {
183
184 filteredChildrenGroups.remove(childrenGroup);
185
186 break;
187 }
188 }
189 }
190
191 return filteredChildrenGroups;
192 }
193
194 protected void removeUsersFromLimitedChildrenGroups(
195 long[] userIds, long groupId)
196 throws PortalException {
197
198 Group group = GroupLocalServiceUtil.getGroup(groupId);
199
200 List<Group> childrenGroups = getLimitedChildrenGroups(group);
201
202 for (Group childrenGroup : childrenGroups) {
203 if (!childrenGroup.isLimitedToParentSiteMembers()) {
204 continue;
205 }
206
207 for (long userId : userIds) {
208 UserLocalServiceUtil.unsetGroupUsers(
209 childrenGroup.getGroupId(), new long[] {userId}, null);
210 }
211 }
212 }
213
214 protected void verifyLimitedParentMembership(final Group group)
215 throws PortalException {
216
217 int count = UserLocalServiceUtil.getGroupUsersCount(group.getGroupId());
218
219 int pages = count / Indexer.DEFAULT_INTERVAL;
220
221 for (int i = 0; i <= pages; i++) {
222 int start = (i * Indexer.DEFAULT_INTERVAL);
223 int end = start + Indexer.DEFAULT_INTERVAL;
224
225 List<User> users = UserLocalServiceUtil.getGroupUsers(
226 group.getGroupId(), start, end);
227
228 for (User user : users) {
229 if (!UserLocalServiceUtil.hasGroupUser(
230 group.getParentGroupId(), user.getUserId())) {
231
232 UserLocalServiceUtil.unsetGroupUsers(
233 group.getGroupId(), new long[] {user.getUserId()},
234 null);
235 }
236 }
237 }
238 }
239
240 private static Log _log = LogFactoryUtil.getLog(
241 DefaultSiteMembershipPolicy.class);
242
243 }