001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.model.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.model.ResourceAction; 019 import com.liferay.portal.service.ResourceActionLocalServiceUtil; 020 021 /** 022 * Stores the permissions assigned to roles under permissions version 6. A 023 * resource permission gives a role the ability to perform a set of actions on 024 * certain resources. 025 * 026 * <p> 027 * The type of resource a permission applies to is specified by the 028 * <code>name</code> attribute. It will either be the numeric ID of a portlet, 029 * or the fully qualified class name of a model (such as a layout or document 030 * library folder). 031 * </p> 032 * 033 * <p> 034 * These permissions can apply in one of four scopes: company, group, 035 * group-template, or individual. The scope of a permission determines how 036 * broadly it applies to resources in the portal. Company scope is the broadest, 037 * and grants a user with the role permissions for every resource of the type 038 * within the company. Likewise, group scope gives users with the role 039 * permissions for every resource within the specified group, and individual 040 * scope only applies to a single resource of the type. Group-template scope is 041 * similar to group scope, except that it does not automatically apply to a 042 * specific group. A user must be a member of a group (generally either a site 043 * or an organization), and they must have been given the role within that group 044 * before they are granted its permissions. 045 * </p> 046 * 047 * <p> 048 * Note: Lacking permission to perform an action on a resource at one scope does 049 * not necessarily mean that a role does not have permission to perform that 050 * action. For instance, a message boards moderator role will not have 051 * individual scope permissions to edit every post, but it will have edit 052 * permissions at the group or company level, which is sufficient. Every scope 053 * must be checked. 054 * </p> 055 * 056 * <p> 057 * The scope of the resource permission also determines the meaning of the 058 * <code>primKey</code> attribute. Its different uses are listed below: 059 * </p> 060 * 061 * <ul> 062 * <li> 063 * Company scope - <code>primKey</code> is the primary key of the company 064 * </li> 065 * <li> 066 * Group scope - <code>primKey</code> is the primary key of the group the 067 * permission applies within 068 * </li> 069 * <li> 070 * Group-template scope - <code>primKey</code> is always <code>0</code> 071 * </li> 072 * <li> 073 * Individual scope - If the permission applies to a model instance, 074 * <code>primkey</code> will be the primary key of the instance. If the 075 * permission is for a portlet, <code>primKey</code> will contain the primary 076 * key of the layout containing the portlet, followed by "_LAYOUT_" 077 * and the portlet ID. The instance ID will also be present for instanceable 078 * portlets, preceded by "_INSTANCE_". 079 * </li> 080 * </ul> 081 * 082 * <p> 083 * The <code>actionIds</code> attribute stores the bitwise IDs of all the 084 * actions allowed by this permission. 085 * </p> 086 * 087 * @author Brian Wing Shun Chan 088 * @see ResourceActionImpl 089 */ 090 public class ResourcePermissionImpl extends ResourcePermissionBaseImpl { 091 092 @Override 093 public void addResourceAction(String actionId) throws PortalException { 094 ResourceAction resourceAction = 095 ResourceActionLocalServiceUtil.getResourceAction( 096 getName(), actionId); 097 098 setActionIds(getActionIds() | resourceAction.getBitwiseValue()); 099 } 100 101 @Override 102 public boolean hasAction(ResourceAction resourceAction) { 103 if ((resourceAction != null) && 104 ((getActionIds() & resourceAction.getBitwiseValue()) != 0)) { 105 106 return true; 107 } 108 109 return false; 110 } 111 112 @Override 113 public boolean hasActionId(String actionId) { 114 ResourceAction resourceAction = 115 ResourceActionLocalServiceUtil.fetchResourceAction( 116 getName(), actionId); 117 118 return hasAction(resourceAction); 119 } 120 121 @Override 122 public void removeResourceAction(String actionId) throws PortalException { 123 ResourceAction resourceAction = 124 ResourceActionLocalServiceUtil.getResourceAction( 125 getName(), actionId); 126 127 setActionIds(getActionIds() & (~resourceAction.getBitwiseValue())); 128 } 129 130 }