001
014
015 package com.liferay.portlet.rolesadmin.action;
016
017 import com.liferay.portal.NoSuchRoleException;
018 import com.liferay.portal.RolePermissionsException;
019 import com.liferay.portal.kernel.servlet.SessionErrors;
020 import com.liferay.portal.kernel.servlet.SessionMessages;
021 import com.liferay.portal.kernel.util.ArrayUtil;
022 import com.liferay.portal.kernel.util.Constants;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.ParamUtil;
026 import com.liferay.portal.kernel.util.StringUtil;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.model.Group;
029 import com.liferay.portal.model.GroupConstants;
030 import com.liferay.portal.model.Portlet;
031 import com.liferay.portal.model.ResourceConstants;
032 import com.liferay.portal.model.Role;
033 import com.liferay.portal.model.RoleConstants;
034 import com.liferay.portal.security.auth.PrincipalException;
035 import com.liferay.portal.security.permission.ActionKeys;
036 import com.liferay.portal.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.security.permission.comparator.ActionComparator;
038 import com.liferay.portal.service.PortletLocalServiceUtil;
039 import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
040 import com.liferay.portal.service.ResourceBlockServiceUtil;
041 import com.liferay.portal.service.ResourcePermissionServiceUtil;
042 import com.liferay.portal.service.RoleLocalServiceUtil;
043 import com.liferay.portal.struts.PortletAction;
044 import com.liferay.portal.theme.ThemeDisplay;
045 import com.liferay.portal.util.PortalUtil;
046 import com.liferay.portal.util.PortletCategoryKeys;
047 import com.liferay.portal.util.PortletKeys;
048 import com.liferay.portal.util.WebKeys;
049
050 import java.util.HashMap;
051 import java.util.List;
052 import java.util.Map;
053
054 import javax.portlet.ActionRequest;
055 import javax.portlet.ActionResponse;
056 import javax.portlet.PortletConfig;
057 import javax.portlet.PortletContext;
058 import javax.portlet.PortletRequestDispatcher;
059 import javax.portlet.RenderRequest;
060 import javax.portlet.RenderResponse;
061 import javax.portlet.ResourceRequest;
062 import javax.portlet.ResourceResponse;
063
064 import org.apache.struts.action.ActionForm;
065 import org.apache.struts.action.ActionForward;
066 import org.apache.struts.action.ActionMapping;
067
068
073 public class EditRolePermissionsAction extends PortletAction {
074
075 @Override
076 public void processAction(
077 ActionMapping actionMapping, ActionForm actionForm,
078 PortletConfig portletConfig, ActionRequest actionRequest,
079 ActionResponse actionResponse)
080 throws Exception {
081
082 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
083
084 try {
085 if (cmd.equals("actions")) {
086 updateActions(actionRequest, actionResponse);
087 }
088 else if (cmd.equals("delete_permission")) {
089 deletePermission(actionRequest, actionResponse);
090 }
091 }
092 catch (Exception e) {
093 if (e instanceof NoSuchRoleException ||
094 e instanceof PrincipalException ||
095 e instanceof RolePermissionsException) {
096
097 SessionErrors.add(actionRequest, e.getClass());
098
099 setForward(actionRequest, "portlet.roles_admin.error");
100 }
101 else {
102 throw e;
103 }
104 }
105 }
106
107 @Override
108 public ActionForward render(
109 ActionMapping actionMapping, ActionForm actionForm,
110 PortletConfig portletConfig, RenderRequest renderRequest,
111 RenderResponse renderResponse)
112 throws Exception {
113
114 try {
115 ActionUtil.getRole(renderRequest);
116 }
117 catch (Exception e) {
118 if (e instanceof NoSuchRoleException ||
119 e instanceof PrincipalException) {
120
121 SessionErrors.add(renderRequest, e.getClass());
122
123 return actionMapping.findForward("portlet.roles_admin.error");
124 }
125 else {
126 throw e;
127 }
128 }
129
130 return actionMapping.findForward(
131 getForward(
132 renderRequest, "portlet.roles_admin.edit_role_permissions"));
133 }
134
135 @Override
136 public void serveResource(
137 ActionMapping actionMapping, ActionForm actionForm,
138 PortletConfig portletConfig, ResourceRequest resourceRequest,
139 ResourceResponse resourceResponse)
140 throws Exception {
141
142 PortletContext portletContext = portletConfig.getPortletContext();
143
144 PortletRequestDispatcher portletRequestDispatcher =
145 portletContext.getRequestDispatcher(
146 "/html/portlet/roles_admin/view_resources.jsp");
147
148 ActionUtil.getRole(resourceRequest);
149
150 portletRequestDispatcher.include(resourceRequest, resourceResponse);
151 }
152
153 protected void deletePermission(
154 ActionRequest actionRequest, ActionResponse actionResponse)
155 throws Exception {
156
157 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
158 WebKeys.THEME_DISPLAY);
159
160 long roleId = ParamUtil.getLong(actionRequest, "roleId");
161 String name = ParamUtil.getString(actionRequest, "name");
162 int scope = ParamUtil.getInteger(actionRequest, "scope");
163 String primKey = ParamUtil.getString(actionRequest, "primKey");
164 String actionId = ParamUtil.getString(actionRequest, "actionId");
165
166 Role role = RoleLocalServiceUtil.getRole(roleId);
167
168 String roleName = role.getName();
169
170 if (roleName.equals(RoleConstants.ADMINISTRATOR) ||
171 roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
172 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
173 roleName.equals(RoleConstants.OWNER) ||
174 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
175 roleName.equals(RoleConstants.SITE_OWNER)) {
176
177 throw new RolePermissionsException(roleName);
178 }
179
180 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
181 if (scope == ResourceConstants.SCOPE_GROUP) {
182 ResourceBlockServiceUtil.removeGroupScopePermission(
183 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
184 GetterUtil.getLong(primKey), name, roleId, actionId);
185 }
186 else {
187 ResourceBlockServiceUtil.removeCompanyScopePermission(
188 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
189 name, roleId, actionId);
190 }
191 }
192 else {
193 ResourcePermissionServiceUtil.removeResourcePermission(
194 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
195 name, scope, primKey, roleId, actionId);
196 }
197
198
199
200 SessionMessages.add(actionRequest, "permissionDeleted");
201
202 String redirect = PortalUtil.escapeRedirect(
203 ParamUtil.getString(actionRequest, "redirect"));
204
205 if (Validator.isNotNull(redirect)) {
206 actionResponse.sendRedirect(redirect);
207 }
208 }
209
210 protected void updateAction(
211 Role role, long groupId, String selResource, String actionId,
212 boolean selected, int scope, String[] groupIds)
213 throws Exception {
214
215 long companyId = role.getCompanyId();
216 long roleId = role.getRoleId();
217
218 if (selected) {
219 if (scope == ResourceConstants.SCOPE_COMPANY) {
220 ResourcePermissionServiceUtil.addResourcePermission(
221 groupId, companyId, selResource, scope,
222 String.valueOf(role.getCompanyId()), roleId, actionId);
223 }
224 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
225 ResourcePermissionServiceUtil.addResourcePermission(
226 groupId, companyId, selResource,
227 ResourceConstants.SCOPE_GROUP_TEMPLATE,
228 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
229 roleId, actionId);
230 }
231 else if (scope == ResourceConstants.SCOPE_GROUP) {
232 ResourcePermissionServiceUtil.removeResourcePermissions(
233 groupId, companyId, selResource,
234 ResourceConstants.SCOPE_GROUP, roleId, actionId);
235
236 for (String curGroupId : groupIds) {
237 ResourcePermissionServiceUtil.addResourcePermission(
238 groupId, companyId, selResource,
239 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
240 actionId);
241 }
242 }
243 }
244 else {
245
246
247
248 ResourcePermissionServiceUtil.removeResourcePermissions(
249 groupId, companyId, selResource,
250 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
251
252 ResourcePermissionServiceUtil.removeResourcePermissions(
253 groupId, companyId, selResource,
254 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
255
256 ResourcePermissionServiceUtil.removeResourcePermissions(
257 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
258 roleId, actionId);
259 }
260 }
261
262 protected void updateActions(
263 ActionRequest actionRequest, ActionResponse actionResponse)
264 throws Exception {
265
266 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
267 WebKeys.THEME_DISPLAY);
268
269 long roleId = ParamUtil.getLong(actionRequest, "roleId");
270
271 Role role = RoleLocalServiceUtil.getRole(roleId);
272
273 String roleName = role.getName();
274
275 if (roleName.equals(RoleConstants.ADMINISTRATOR) ||
276 roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
277 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
278 roleName.equals(RoleConstants.OWNER) ||
279 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
280 roleName.equals(RoleConstants.SITE_OWNER)) {
281
282 throw new RolePermissionsException(roleName);
283 }
284
285 String portletResource = ParamUtil.getString(
286 actionRequest, "portletResource");
287 String[] relatedPortletResources = StringUtil.split(
288 ParamUtil.getString(actionRequest, "relatedPortletResources"));
289 String[] modelResources = StringUtil.split(
290 ParamUtil.getString(actionRequest, "modelResources"));
291
292 Map<String, List<String>> resourceActionsMap = new HashMap<>();
293
294 if (Validator.isNotNull(portletResource)) {
295 resourceActionsMap.put(
296 portletResource,
297 ResourceActionsUtil.getResourceActions(portletResource, null));
298 }
299
300 for (String relatedPortletResource : relatedPortletResources) {
301 resourceActionsMap.put(
302 relatedPortletResource,
303 ResourceActionsUtil.getResourceActions(
304 relatedPortletResource, null));
305 }
306
307 for (String modelResource : modelResources) {
308 resourceActionsMap.put(
309 modelResource,
310 ResourceActionsUtil.getResourceActions(null, modelResource));
311 }
312
313 int rootResourceScope = ResourceConstants.SCOPE_COMPANY;
314 String[] rootResourceGroupIds = null;
315
316 String[] selectedTargets = StringUtil.split(
317 ParamUtil.getString(actionRequest, "selectedTargets"));
318
319 for (Map.Entry<String, List<String>> entry :
320 resourceActionsMap.entrySet()) {
321
322 String selResource = entry.getKey();
323 List<String> actions = entry.getValue();
324
325 actions = ListUtil.sort(
326 actions, new ActionComparator(themeDisplay.getLocale()));
327
328 for (String actionId : actions) {
329 String target = selResource + actionId;
330
331 boolean selected = ArrayUtil.contains(selectedTargets, target);
332
333 String[] groupIds = StringUtil.split(
334 ParamUtil.getString(actionRequest, "groupIds" + target));
335
336 groupIds = ArrayUtil.distinct(groupIds);
337
338 int scope = ResourceConstants.SCOPE_COMPANY;
339
340 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
341 (role.getType() == RoleConstants.TYPE_PROVIDER) ||
342 (role.getType() == RoleConstants.TYPE_SITE)) {
343
344 scope = ResourceConstants.SCOPE_GROUP_TEMPLATE;
345 }
346 else {
347 if (groupIds.length > 0) {
348 scope = ResourceConstants.SCOPE_GROUP;
349 }
350 }
351
352 if (ResourceBlockLocalServiceUtil.isSupported(selResource)) {
353 updateActions_Blocks(
354 role, themeDisplay.getScopeGroupId(), selResource,
355 actionId, selected, scope, groupIds);
356 }
357 else {
358 updateAction(
359 role, themeDisplay.getScopeGroupId(), selResource,
360 actionId, selected, scope, groupIds);
361 }
362
363 if (selected &&
364 actionId.equals(ActionKeys.ACCESS_IN_CONTROL_PANEL)) {
365
366 updateViewControlPanelPermission(
367 role, themeDisplay.getScopeGroupId(), selResource,
368 scope, groupIds);
369
370 rootResourceScope = scope;
371 rootResourceGroupIds = groupIds;
372 }
373 }
374 }
375
376
377
378 if (rootResourceGroupIds != null) {
379 updateViewRootResourcePermission(
380 role, themeDisplay.getScopeGroupId(), portletResource,
381 rootResourceScope, rootResourceGroupIds);
382 }
383
384
385
386 SessionMessages.add(actionRequest, "permissionsUpdated");
387
388 String redirect = PortalUtil.escapeRedirect(
389 ParamUtil.getString(actionRequest, "redirect"));
390
391 if (Validator.isNotNull(redirect)) {
392 actionResponse.sendRedirect(redirect);
393 }
394 }
395
396 protected void updateActions_Blocks(
397 Role role, long scopeGroupId, String selResource, String actionId,
398 boolean selected, int scope, String[] groupIds)
399 throws Exception {
400
401 long companyId = role.getCompanyId();
402 long roleId = role.getRoleId();
403
404 if (selected) {
405 if (scope == ResourceConstants.SCOPE_GROUP) {
406 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
407 scopeGroupId, companyId, selResource, roleId, actionId);
408 ResourceBlockServiceUtil.removeCompanyScopePermission(
409 scopeGroupId, companyId, selResource, roleId, actionId);
410
411 for (String groupId : groupIds) {
412 ResourceBlockServiceUtil.addGroupScopePermission(
413 scopeGroupId, companyId, GetterUtil.getLong(groupId),
414 selResource, roleId, actionId);
415 }
416 }
417 else {
418 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
419 scopeGroupId, companyId, selResource, roleId, actionId);
420 ResourceBlockServiceUtil.addCompanyScopePermission(
421 scopeGroupId, companyId, selResource, roleId, actionId);
422 }
423 }
424 else {
425 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
426 scopeGroupId, companyId, selResource, roleId, actionId);
427 ResourceBlockServiceUtil.removeCompanyScopePermission(
428 scopeGroupId, companyId, selResource, roleId, actionId);
429 }
430 }
431
432 protected void updateViewControlPanelPermission(
433 Role role, long scopeGroupId, String portletId, int scope,
434 String[] groupIds)
435 throws Exception {
436
437 Portlet portlet = PortletLocalServiceUtil.getPortletById(
438 role.getCompanyId(), portletId);
439
440 String controlPanelCategory = portlet.getControlPanelEntryCategory();
441
442 if (Validator.isNull(controlPanelCategory)) {
443 return;
444 }
445
446 String selResource = null;
447 String actionId = null;
448
449 if (ArrayUtil.contains(PortletCategoryKeys.ALL, controlPanelCategory) &&
450 (role.getType() == RoleConstants.TYPE_REGULAR)) {
451
452 selResource = PortletKeys.PORTAL;
453 actionId = ActionKeys.VIEW_CONTROL_PANEL;
454 }
455 else if (ArrayUtil.contains(
456 PortletCategoryKeys.SITE_ADMINISTRATION_ALL,
457 controlPanelCategory)) {
458
459 selResource = Group.class.getName();
460 actionId = ActionKeys.VIEW_SITE_ADMINISTRATION;
461 }
462
463 if (selResource != null) {
464 updateAction(
465 role, scopeGroupId, selResource, actionId, true, scope,
466 groupIds);
467 }
468 }
469
470 protected void updateViewRootResourcePermission(
471 Role role, long scopeGroupId, String portletId, int scope,
472 String[] groupIds)
473 throws Exception {
474
475 String modelResource = ResourceActionsUtil.getPortletRootModelResource(
476 portletId);
477
478 if (modelResource != null) {
479 List<String> actions = ResourceActionsUtil.getModelResourceActions(
480 modelResource);
481
482 if (actions.contains(ActionKeys.VIEW)) {
483 updateAction(
484 role, scopeGroupId, modelResource, ActionKeys.VIEW, true,
485 scope, groupIds);
486 }
487 }
488 }
489
490 }