com.liferay.portal.search.SearchPermissionCheckerImpl (Java2HTML)

1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.search;
24  
25  import com.liferay.portal.NoSuchResourceException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.search.BooleanClauseOccur;
30  import com.liferay.portal.kernel.search.BooleanQuery;
31  import com.liferay.portal.kernel.search.BooleanQueryFactoryUtil;
32  import com.liferay.portal.kernel.search.Document;
33  import com.liferay.portal.kernel.search.Field;
34  import com.liferay.portal.kernel.search.Indexer;
35  import com.liferay.portal.kernel.search.IndexerRegistryUtil;
36  import com.liferay.portal.kernel.search.Query;
37  import com.liferay.portal.kernel.search.SearchPermissionChecker;
38  import com.liferay.portal.kernel.util.GetterUtil;
39  import com.liferay.portal.kernel.util.ListUtil;
40  import com.liferay.portal.kernel.util.Validator;
41  import com.liferay.portal.model.Group;
42  import com.liferay.portal.model.Permission;
43  import com.liferay.portal.model.Resource;
44  import com.liferay.portal.model.ResourceConstants;
45  import com.liferay.portal.model.Role;
46  import com.liferay.portal.model.RoleConstants;
47  import com.liferay.portal.security.permission.ActionKeys;
48  import com.liferay.portal.security.permission.ResourceActionsUtil;
49  import com.liferay.portal.service.GroupLocalServiceUtil;
50  import com.liferay.portal.service.PermissionLocalServiceUtil;
51  import com.liferay.portal.service.ResourceLocalServiceUtil;
52  import com.liferay.portal.service.RoleLocalServiceUtil;
53  import com.liferay.portal.util.PropsValues;
54  
55  import java.util.ArrayList;
56  import java.util.List;
57  
58  /**
59   * <a href="SearchPermissionCheckerImpl.java.html"><b><i>View Source</i></b></a>
60   *
61   * @author Allen Chiang
62   * @author Bruno Farache
63   *
64   */
65  public class SearchPermissionCheckerImpl implements SearchPermissionChecker {
66  
67      public void addPermissionFields(long companyId, Document doc) {
68          try {
69              long groupId = GetterUtil.getLong(doc.get(Field.GROUP_ID));
70              String className = doc.get(Field.ENTRY_CLASS_NAME);
71              String classPK = doc.get(Field.ENTRY_CLASS_PK);
72  
73              if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) &&
74                  (Validator.isNotNull(className)) &&
75                  (Validator.isNotNull(classPK))) {
76  
77                  doAddPermissionFields(
78                      companyId, groupId, className, classPK, doc);
79              }
80          }
81          catch (NoSuchResourceException nsre) {
82          }
83          catch (Exception e) {
84              _log.error(e, e);
85          }
86      }
87  
88      public Query getPermissionQuery(
89              long companyId, long groupId, long userId, String className,
90              Query query) {
91  
92          try {
93              if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
94                  return doGetPermissionQuery(
95                      companyId, groupId, userId, className, query);
96              }
97          }
98          catch (Exception e) {
99              _log.error(e, e);
100         }
101 
102         return query;
103     }
104 
105     public void updatePermissionFields(long resourceId) {
106         try {
107             if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
108                 doUpdatePermissionFields(resourceId);
109             }
110         }
111         catch (Exception e) {
112             _log.error(e, e);
113         }
114     }
115 
116     protected void doAddPermissionFields(
117             long companyId, long groupId, String className, String classPK,
118             Document doc)
119         throws Exception {
120 
121         Resource resource = ResourceLocalServiceUtil.getResource(
122             companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
123             classPK);
124 
125         Group group = GroupLocalServiceUtil.getGroup(groupId);
126 
127         List<Role> roles = ResourceActionsUtil.getRoles(group, className);
128 
129         List<Long> roleIds = new ArrayList<Long>();
130 
131         for (Role role : roles) {
132             long roleId = role.getRoleId();
133 
134             if (hasPermission(roleId, resource.getResourceId())) {
135                 roleIds.add(roleId);
136             }
137         }
138 
139         doc.addKeyword(
140             Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
141     }
142 
143     protected Query doGetPermissionQuery(
144             long companyId, long groupId, long userId, String className,
145             Query query)
146         throws Exception {
147 
148         BooleanQuery fullQuery = BooleanQueryFactoryUtil.create();
149 
150         BooleanQuery permissionQuery = BooleanQueryFactoryUtil.create();
151 
152         List<Role> roles = RoleLocalServiceUtil.getUserRoles(userId);
153 
154         roles = ListUtil.copy(roles);
155 
156         roles.addAll(RoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
157 
158         long companyResourceId = 0;
159 
160         try {
161             Resource companyResource = ResourceLocalServiceUtil.getResource(
162                 companyId, className, ResourceConstants.SCOPE_COMPANY,
163                 String.valueOf(companyId));
164 
165             companyResourceId = companyResource.getResourceId();
166         }
167         catch (NoSuchResourceException nsre) {
168         }
169 
170         long groupResourceId = 0;
171 
172         try {
173             Resource groupResource = ResourceLocalServiceUtil.getResource(
174                 companyId, className, ResourceConstants.SCOPE_GROUP,
175                 String.valueOf(groupId));
176 
177             groupResourceId = groupResource.getResourceId();
178         }
179         catch (NoSuchResourceException nsre) {
180         }
181 
182         for (Role role : roles) {
183             if (role.getName().equals(RoleConstants.ADMINISTRATOR)) {
184                 return query;
185             }
186 
187             long roleId = role.getRoleId();
188 
189             if (hasPermission(roleId, companyResourceId) ||
190                 hasPermission(roleId, groupResourceId)) {
191 
192                 return query;
193             }
194 
195             permissionQuery.addTerm(Field.ROLE_ID, role.getRoleId());
196         }
197 
198         fullQuery.add(query, BooleanClauseOccur.MUST);
199         fullQuery.add(permissionQuery, BooleanClauseOccur.MUST);
200 
201         return fullQuery;
202     }
203 
204     protected void doUpdatePermissionFields(long resourceId) throws Exception {
205         Resource resource = ResourceLocalServiceUtil.getResource(resourceId);
206 
207         Indexer indexer = IndexerRegistryUtil.getIndexer(resource.getName());
208 
209         if (indexer != null) {
210             indexer.reIndex(
211                 resource.getName(), GetterUtil.getLong(resource.getPrimKey()));
212         }
213     }
214 
215     protected boolean hasPermission(long roleId, long resourceId)
216         throws SystemException {
217 
218         if (resourceId == 0) {
219             return false;
220         }
221 
222         List<Permission> permissions =
223             PermissionLocalServiceUtil.getRolePermissions(roleId, resourceId);
224 
225         List<String> actions = ResourceActionsUtil.getActions(permissions);
226 
227         if (actions.contains(ActionKeys.VIEW)) {
228             return true;
229         }
230         else {
231             return false;
232         }
233     }
234 
235     private static Log _log =
236         LogFactoryUtil.getLog(SearchPermissionCheckerImpl.class);
237 
238 }