1
22
23 package com.liferay.portal.search;
24
25 import com.liferay.portal.NoSuchResourceException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.log.Log;
28 import com.liferay.portal.kernel.log.LogFactoryUtil;
29 import com.liferay.portal.kernel.search.BooleanClauseOccur;
30 import com.liferay.portal.kernel.search.BooleanQuery;
31 import com.liferay.portal.kernel.search.BooleanQueryFactoryUtil;
32 import com.liferay.portal.kernel.search.Document;
33 import com.liferay.portal.kernel.search.Field;
34 import com.liferay.portal.kernel.search.Indexer;
35 import com.liferay.portal.kernel.search.IndexerRegistryUtil;
36 import com.liferay.portal.kernel.search.Query;
37 import com.liferay.portal.kernel.search.SearchPermissionChecker;
38 import com.liferay.portal.kernel.util.GetterUtil;
39 import com.liferay.portal.kernel.util.ListUtil;
40 import com.liferay.portal.kernel.util.Validator;
41 import com.liferay.portal.model.Group;
42 import com.liferay.portal.model.Permission;
43 import com.liferay.portal.model.Resource;
44 import com.liferay.portal.model.ResourceConstants;
45 import com.liferay.portal.model.Role;
46 import com.liferay.portal.model.RoleConstants;
47 import com.liferay.portal.security.permission.ActionKeys;
48 import com.liferay.portal.security.permission.ResourceActionsUtil;
49 import com.liferay.portal.service.GroupLocalServiceUtil;
50 import com.liferay.portal.service.PermissionLocalServiceUtil;
51 import com.liferay.portal.service.ResourceLocalServiceUtil;
52 import com.liferay.portal.service.RoleLocalServiceUtil;
53 import com.liferay.portal.util.PropsValues;
54
55 import java.util.ArrayList;
56 import java.util.List;
57
58
65 public class SearchPermissionCheckerImpl implements SearchPermissionChecker {
66
67 public void addPermissionFields(long companyId, Document doc) {
68 try {
69 long groupId = GetterUtil.getLong(doc.get(Field.GROUP_ID));
70 String className = doc.get(Field.ENTRY_CLASS_NAME);
71 String classPK = doc.get(Field.ENTRY_CLASS_PK);
72
73 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) &&
74 (Validator.isNotNull(className)) &&
75 (Validator.isNotNull(classPK))) {
76
77 doAddPermissionFields(
78 companyId, groupId, className, classPK, doc);
79 }
80 }
81 catch (NoSuchResourceException nsre) {
82 }
83 catch (Exception e) {
84 _log.error(e, e);
85 }
86 }
87
88 public Query getPermissionQuery(
89 long companyId, long groupId, long userId, String className,
90 Query query) {
91
92 try {
93 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
94 return doGetPermissionQuery(
95 companyId, groupId, userId, className, query);
96 }
97 }
98 catch (Exception e) {
99 _log.error(e, e);
100 }
101
102 return query;
103 }
104
105 public void updatePermissionFields(long resourceId) {
106 try {
107 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
108 doUpdatePermissionFields(resourceId);
109 }
110 }
111 catch (Exception e) {
112 _log.error(e, e);
113 }
114 }
115
116 protected void doAddPermissionFields(
117 long companyId, long groupId, String className, String classPK,
118 Document doc)
119 throws Exception {
120
121 Resource resource = ResourceLocalServiceUtil.getResource(
122 companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
123 classPK);
124
125 Group group = GroupLocalServiceUtil.getGroup(groupId);
126
127 List<Role> roles = ResourceActionsUtil.getRoles(group, className);
128
129 List<Long> roleIds = new ArrayList<Long>();
130
131 for (Role role : roles) {
132 long roleId = role.getRoleId();
133
134 if (hasPermission(roleId, resource.getResourceId())) {
135 roleIds.add(roleId);
136 }
137 }
138
139 doc.addKeyword(
140 Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
141 }
142
143 protected Query doGetPermissionQuery(
144 long companyId, long groupId, long userId, String className,
145 Query query)
146 throws Exception {
147
148 BooleanQuery fullQuery = BooleanQueryFactoryUtil.create();
149
150 BooleanQuery permissionQuery = BooleanQueryFactoryUtil.create();
151
152 List<Role> roles = RoleLocalServiceUtil.getUserRoles(userId);
153
154 roles = ListUtil.copy(roles);
155
156 roles.addAll(RoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
157
158 long companyResourceId = 0;
159
160 try {
161 Resource companyResource = ResourceLocalServiceUtil.getResource(
162 companyId, className, ResourceConstants.SCOPE_COMPANY,
163 String.valueOf(companyId));
164
165 companyResourceId = companyResource.getResourceId();
166 }
167 catch (NoSuchResourceException nsre) {
168 }
169
170 long groupResourceId = 0;
171
172 try {
173 Resource groupResource = ResourceLocalServiceUtil.getResource(
174 companyId, className, ResourceConstants.SCOPE_GROUP,
175 String.valueOf(groupId));
176
177 groupResourceId = groupResource.getResourceId();
178 }
179 catch (NoSuchResourceException nsre) {
180 }
181
182 for (Role role : roles) {
183 if (role.getName().equals(RoleConstants.ADMINISTRATOR)) {
184 return query;
185 }
186
187 long roleId = role.getRoleId();
188
189 if (hasPermission(roleId, companyResourceId) ||
190 hasPermission(roleId, groupResourceId)) {
191
192 return query;
193 }
194
195 permissionQuery.addTerm(Field.ROLE_ID, role.getRoleId());
196 }
197
198 fullQuery.add(query, BooleanClauseOccur.MUST);
199 fullQuery.add(permissionQuery, BooleanClauseOccur.MUST);
200
201 return fullQuery;
202 }
203
204 protected void doUpdatePermissionFields(long resourceId) throws Exception {
205 Resource resource = ResourceLocalServiceUtil.getResource(resourceId);
206
207 Indexer indexer = IndexerRegistryUtil.getIndexer(resource.getName());
208
209 if (indexer != null) {
210 indexer.reIndex(
211 resource.getName(), GetterUtil.getLong(resource.getPrimKey()));
212 }
213 }
214
215 protected boolean hasPermission(long roleId, long resourceId)
216 throws SystemException {
217
218 if (resourceId == 0) {
219 return false;
220 }
221
222 List<Permission> permissions =
223 PermissionLocalServiceUtil.getRolePermissions(roleId, resourceId);
224
225 List<String> actions = ResourceActionsUtil.getActions(permissions);
226
227 if (actions.contains(ActionKeys.VIEW)) {
228 return true;
229 }
230 else {
231 return false;
232 }
233 }
234
235 private static Log _log =
236 LogFactoryUtil.getLog(SearchPermissionCheckerImpl.class);
237
238 }