1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.NoSuchPermissionException;
26 import com.liferay.portal.PortalException;
27 import com.liferay.portal.SystemException;
28 import com.liferay.portal.kernel.log.Log;
29 import com.liferay.portal.kernel.log.LogFactoryUtil;
30 import com.liferay.portal.kernel.search.SearchEngineUtil;
31 import com.liferay.portal.kernel.util.GetterUtil;
32 import com.liferay.portal.kernel.util.Validator;
33 import com.liferay.portal.model.Group;
34 import com.liferay.portal.model.OrgGroupPermission;
35 import com.liferay.portal.model.Organization;
36 import com.liferay.portal.model.Permission;
37 import com.liferay.portal.model.Resource;
38 import com.liferay.portal.model.ResourceCode;
39 import com.liferay.portal.model.ResourceConstants;
40 import com.liferay.portal.model.Role;
41 import com.liferay.portal.model.User;
42 import com.liferay.portal.model.UserGroup;
43 import com.liferay.portal.security.permission.PermissionCacheUtil;
44 import com.liferay.portal.security.permission.PermissionCheckerBag;
45 import com.liferay.portal.security.permission.ResourceActionsUtil;
46 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
47 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
48 import com.liferay.portal.util.PropsValues;
49 import com.liferay.portal.util.comparator.PermissionComparator;
50
51 import java.util.ArrayList;
52 import java.util.Iterator;
53 import java.util.List;
54
55 import org.apache.commons.lang.time.StopWatch;
56
57
65 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
66
67 public Permission addPermission(
68 long companyId, String actionId, long resourceId)
69 throws SystemException {
70
71 Permission permission = permissionPersistence.fetchByA_R(
72 actionId, resourceId);
73
74 if (permission == null) {
75 long permissionId = counterLocalService.increment(
76 Permission.class.getName());
77
78 permission = permissionPersistence.create(permissionId);
79
80 permission.setCompanyId(companyId);
81 permission.setActionId(actionId);
82 permission.setResourceId(resourceId);
83
84 permissionPersistence.update(permission, false);
85 }
86
87 return permission;
88 }
89
90 public List<Permission> addPermissions(
91 long companyId, String name, long resourceId,
92 boolean portletActions)
93 throws SystemException {
94
95 List<Permission> permissions = new ArrayList<Permission>();
96
97 List<String> actions = null;
98
99 if (portletActions) {
100 actions =
101 ResourceActionsUtil.getPortletResourceActions(companyId, name);
102 }
103 else {
104 actions = ResourceActionsUtil.getModelResourceActions(name);
105 }
106
107 for (int i = 0; i < actions.size(); i++) {
108 String actionId = actions.get(i);
109
110 Permission permission = addPermission(
111 companyId, actionId, resourceId);
112
113 permissions.add(permission);
114 }
115
116 return permissions;
117 }
118
119 public void addUserPermissions(
120 long userId, String[] actionIds, long resourceId)
121 throws PortalException, SystemException {
122
123 User user = userPersistence.findByPrimaryKey(userId);
124
125 List<Permission> permissions = permissionFinder.findByU_R(
126 userId, resourceId);
127
128 permissions = getPermissions(
129 user.getCompanyId(), actionIds, resourceId);
130
131 userPersistence.addPermissions(userId, permissions);
132
133 PermissionCacheUtil.clearCache();
134 }
135
136 public List<String> getActions(List<Permission> permissions) {
137 List<String> actions = new ArrayList<String>();
138
139 Iterator<Permission> itr = permissions.iterator();
140
141 while (itr.hasNext()) {
142 Permission permission = itr.next();
143
144 actions.add(permission.getActionId());
145 }
146
147 return actions;
148 }
149
150 public List<Permission> getGroupPermissions(long groupId, long resourceId)
151 throws SystemException {
152
153 return permissionFinder.findByG_R(groupId, resourceId);
154 }
155
156 public List<Permission> getGroupPermissions(
157 long groupId, long companyId, String name, int scope,
158 String primKey)
159 throws SystemException {
160
161 return permissionFinder.findByG_C_N_S_P(
162 groupId, companyId, name, scope, primKey);
163 }
164
165 public List<Permission> getOrgGroupPermissions(
166 long organizationId, long groupId, long resourceId)
167 throws SystemException {
168
169 return permissionFinder.findByO_G_R(
170 organizationId, groupId, resourceId);
171 }
172
173 public long getLatestPermissionId() throws SystemException {
174 List<Permission> permissions = permissionPersistence.findAll(
175 0, 1, new PermissionComparator());
176
177 if (permissions.size() == 0) {
178 return 0;
179 }
180 else {
181 Permission permission = permissions.get(0);
182
183 return permission.getPermissionId();
184 }
185 }
186
187 public List<Permission> getPermissions(
188 long companyId, String[] actionIds, long resourceId)
189 throws SystemException {
190
191 List<Permission> permissions = new ArrayList<Permission>();
192
193 for (int i = 0; i < actionIds.length; i++) {
194 Permission permission = addPermission(
195 companyId, actionIds[i], resourceId);
196
197 permissions.add(permission);
198 }
199
200 return permissions;
201 }
202
203 public List<Permission> getRolePermissions(long roleId)
204 throws SystemException {
205
206 return rolePersistence.getPermissions(roleId);
207 }
208
209 public List<Permission> getRolePermissions(long roleId, long resourceId)
210 throws SystemException {
211
212 return permissionFinder.findByR_R(roleId, resourceId);
213 }
214
215 public List<Permission> getUserPermissions(long userId, long resourceId)
216 throws SystemException {
217
218 return permissionFinder.findByU_R(userId, resourceId);
219 }
220
221 public List<Permission> getUserPermissions(
222 long userId, long companyId, String name, int scope, String primKey)
223 throws SystemException {
224
225 return permissionFinder.findByU_C_N_S_P(
226 userId, companyId, name, scope, primKey);
227 }
228
229 public boolean hasGroupPermission(
230 long groupId, String actionId, long resourceId)
231 throws SystemException {
232
233 Permission permission = permissionPersistence.fetchByA_R(
234 actionId, resourceId);
235
236
239 if (permission == null) {
240 return false;
241 }
242
243 return groupPersistence.containsPermission(
244 groupId, permission.getPermissionId());
245 }
246
247 public boolean hasRolePermission(
248 long roleId, long companyId, String name, int scope,
249 String actionId)
250 throws SystemException {
251
252 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
253 companyId, name, scope);
254
255 List<Resource> resources = resourcePersistence.findByCodeId(
256 resourceCode.getCodeId());
257
258 for (Resource resource : resources) {
259 Permission permission = permissionPersistence.fetchByA_R(
260 actionId, resource.getResourceId());
261
262 if (permission != null) {
263 if (rolePersistence.containsPermission(
264 roleId, permission.getPermissionId())) {
265
266 return true;
267 }
268 }
269 }
270
271 return false;
272 }
273
274 public boolean hasRolePermission(
275 long roleId, long companyId, String name, int scope, String primKey,
276 String actionId)
277 throws SystemException {
278
279 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
280 companyId, name, scope);
281
282 Resource resource = resourcePersistence.fetchByC_P(
283 resourceCode.getCodeId(), primKey);
284
285 if (resource == null) {
286 return false;
287 }
288
289 Permission permission = permissionPersistence.fetchByA_R(
290 actionId, resource.getResourceId());
291
292 if (permission == null) {
293 return false;
294 }
295
296 return rolePersistence.containsPermission(
297 roleId, permission.getPermissionId());
298 }
299
300 public boolean hasUserPermission(
301 long userId, String actionId, long resourceId)
302 throws SystemException {
303
304 Permission permission = permissionPersistence.fetchByA_R(
305 actionId, resourceId);
306
307
310 if (permission == null) {
311 return false;
312 }
313
314 return userPersistence.containsPermission(
315 userId, permission.getPermissionId());
316 }
317
318 public boolean hasUserPermissions(
319 long userId, long groupId, String actionId, long[] resourceIds,
320 PermissionCheckerBag permissionCheckerBag)
321 throws SystemException {
322
323 StopWatch stopWatch = null;
324
325 if (_log.isDebugEnabled()) {
326 stopWatch = new StopWatch();
327
328 stopWatch.start();
329 }
330
331 int block = 1;
332
333
335 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
336 (resourceIds.length == 0)) {
337
338 return false;
339 }
340
341 List<Permission> permissions = permissionFinder.findByA_R(
342 actionId, resourceIds);
343
344
346 if (permissions.size() == 0) {
347 return false;
348 }
349
350
352 long resourceId = resourceIds[0];
353
354 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
355
356 List<Group> groups = permissionCheckerBag.getGroups();
362 List<Role> roles = permissionCheckerBag.getRoles();
363
364 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
365
366
370
374 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
375
376 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
377 return hasUserPermissions_1(
378 userId, actionId, resourceId, permissions, groups, groupId,
379 stopWatch, block);
380 }
381 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
382 return hasUserPermissions_2(
383 userId, actionId, resourceId, permissions, groups, groupId,
384 stopWatch, block);
385 }
386 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
387 return hasUserPermissions_3(
388 userId, actionId, resourceId, permissions, groups, roles,
389 stopWatch, block);
390 }
391 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
392 return hasUserPermissions_4(
393 userId, actionId, resourceId, permissions, groups, roles,
394 stopWatch, block);
395 }
396 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
397 return hasUserPermissions_5(
398 userId, actionId, resourceId, permissions, roles, stopWatch,
399 block);
400 }
401
402 return false;
403 }
404
405 public void setGroupPermissions(
406 long groupId, String[] actionIds, long resourceId)
407 throws PortalException, SystemException {
408
409 Group group = groupPersistence.findByPrimaryKey(groupId);
410
411 List<Permission> permissions = permissionFinder.findByG_R(
412 groupId, resourceId);
413
414 for (Permission permission : permissions) {
415 groupPersistence.removePermission(groupId, permission);
416 }
417
418 permissions = getPermissions(
419 group.getCompanyId(), actionIds, resourceId);
420
421 groupPersistence.addPermissions(groupId, permissions);
422
423 PermissionCacheUtil.clearCache();
424 }
425
426 public void setGroupPermissions(
427 String className, String classPK, long groupId,
428 String[] actionIds, long resourceId)
429 throws PortalException, SystemException {
430
431 long associatedGroupId = 0;
432
433 if (className.equals(Organization.class.getName())) {
434 long organizationId = GetterUtil.getLong(classPK);
435
436 Organization organization =
437 organizationPersistence.findByPrimaryKey(organizationId);
438
439 orgGroupPermissionFinder.removeByO_G_R(
440 organizationId, groupId, resourceId);
441
442 associatedGroupId = organization.getGroup().getGroupId();
443 }
444 else if (className.equals(UserGroup.class.getName())) {
445 long userGroupId = GetterUtil.getLong(classPK);
446
447 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
448 userGroupId);
449
450 associatedGroupId = userGroup.getGroup().getGroupId();
451 }
452
453 setGroupPermissions(associatedGroupId, actionIds, resourceId);
454 }
455
456 public void setOrgGroupPermissions(
457 long organizationId, long groupId, String[] actionIds,
458 long resourceId)
459 throws PortalException, SystemException {
460
461 Organization organization =
462 organizationPersistence.findByPrimaryKey(organizationId);
463
464 long orgGroupId = organization.getGroup().getGroupId();
465
466 List<Permission> permissions = permissionPersistence.findByResourceId(
467 resourceId);
468
469 for (Permission permission : permissions) {
470 groupPersistence.removePermission(orgGroupId, permission);
471 }
472
473 permissions = getPermissions(
474 organization.getCompanyId(), actionIds, resourceId);
475
476 orgGroupPermissionFinder.removeByO_G_R(
477 organizationId, groupId, resourceId);
478
479 for (Permission permission : permissions) {
480 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
481 organizationId, groupId, permission.getPermissionId());
482
483 OrgGroupPermission orgGroupPermission =
484 orgGroupPermissionPersistence.create(pk);
485
486 orgGroupPermissionPersistence.update(orgGroupPermission, false);
487 }
488
489 PermissionCacheUtil.clearCache();
490 }
491
492 public void setRolePermission(
493 long roleId, long companyId, String name, int scope, String primKey,
494 String actionId)
495 throws PortalException, SystemException {
496
497 if (scope == ResourceConstants.SCOPE_COMPANY) {
498
499
501 unsetRolePermissions(
502 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
503 actionId);
504 }
505 else if (scope == ResourceConstants.SCOPE_GROUP) {
506
507
509 unsetRolePermissions(
510 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
511 actionId);
512 }
513 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
514 throw new NoSuchPermissionException();
515 }
516
517 Resource resource = resourceLocalService.addResource(
518 companyId, name, scope, primKey);
519
520 long resourceId = resource.getResourceId();
521
522 Permission permission = permissionPersistence.fetchByA_R(
523 actionId, resourceId);
524
525 if (permission == null) {
526 long permissionId = counterLocalService.increment(
527 Permission.class.getName());
528
529 permission = permissionPersistence.create(permissionId);
530
531 permission.setCompanyId(companyId);
532 permission.setActionId(actionId);
533 permission.setResourceId(resourceId);
534
535 permissionPersistence.update(permission, false);
536 }
537
538 rolePersistence.addPermission(roleId, permission);
539
540 PermissionCacheUtil.clearCache();
541
542 SearchEngineUtil.updatePermissionFields(resourceId);
543 }
544
545 public void setRolePermissions(
546 long roleId, long companyId, String name, int scope, String primKey,
547 String[] actionIds)
548 throws PortalException, SystemException {
549
550 for (int i = 0; i < actionIds.length; i++) {
551 String actionId = actionIds[i];
552
553 setRolePermission(
554 roleId, companyId, name, scope, primKey, actionId);
555 }
556 }
557
558 public void setRolePermissions(
559 long roleId, String[] actionIds, long resourceId)
560 throws PortalException, SystemException {
561
562 Role role = rolePersistence.findByPrimaryKey(roleId);
563
564 List<Permission> permissions = permissionFinder.findByR_R(
565 roleId, resourceId);
566
567 rolePersistence.removePermissions(roleId, permissions);
568
569 permissions = getPermissions(
570 role.getCompanyId(), actionIds, resourceId);
571
572 rolePersistence.addPermissions(roleId, permissions);
573
574 PermissionCacheUtil.clearCache();
575
576 SearchEngineUtil.updatePermissionFields(resourceId);
577 }
578
579 public void setUserPermissions(
580 long userId, String[] actionIds, long resourceId)
581 throws PortalException, SystemException {
582
583 User user = userPersistence.findByPrimaryKey(userId);
584
585 List<Permission> permissions = permissionFinder.findByU_R(
586 userId, resourceId);
587
588 userPersistence.removePermissions(userId, permissions);
589
590 permissions = getPermissions(
591 user.getCompanyId(), actionIds, resourceId);
592
593 userPersistence.addPermissions(userId, permissions);
594
595 PermissionCacheUtil.clearCache();
596 }
597
598 public void unsetRolePermission(long roleId, long permissionId)
599 throws SystemException {
600
601 Permission permission = permissionPersistence.fetchByPrimaryKey(
602 permissionId);
603
604 if (permission != null) {
605 rolePersistence.removePermission(roleId, permission);
606 }
607
608 PermissionCacheUtil.clearCache();
609 }
610
611 public void unsetRolePermission(
612 long roleId, long companyId, String name, int scope, String primKey,
613 String actionId)
614 throws SystemException {
615
616 ResourceCode resourceCode =
617 resourceCodeLocalService.getResourceCode(
618 companyId, name, scope);
619
620 Resource resource = resourcePersistence.fetchByC_P(
621 resourceCode.getCodeId(), primKey);
622
623 if (resource != null) {
624 Permission permission = permissionPersistence.fetchByA_R(
625 actionId, resource.getResourceId());
626
627 if (permission != null) {
628 rolePersistence.removePermission(roleId, permission);
629 }
630 }
631
632 PermissionCacheUtil.clearCache();
633 }
634
635 public void unsetRolePermissions(
636 long roleId, long companyId, String name, int scope,
637 String actionId)
638 throws SystemException {
639
640 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
641 companyId, name, scope);
642
643 List<Resource> resources = resourcePersistence.findByCodeId(
644 resourceCode.getCodeId());
645
646 for (Resource resource : resources) {
647 Permission permission = permissionPersistence.fetchByA_R(
648 actionId, resource.getResourceId());
649
650 if (permission != null) {
651 rolePersistence.removePermission(roleId, permission);
652 }
653 }
654
655 PermissionCacheUtil.clearCache();
656 }
657
658 public void unsetUserPermissions(
659 long userId, String[] actionIds, long resourceId)
660 throws SystemException {
661
662 List<Permission> permissions = permissionFinder.findByU_A_R(
663 userId, actionIds, resourceId);
664
665 userPersistence.removePermissions(userId, permissions);
666
667 PermissionCacheUtil.clearCache();
668 }
669
670 protected boolean checkOrgGroupPermission(
671 List<Organization> organizations, List<Group> groups,
672 List<Permission> permissions)
673 throws PortalException, SystemException {
674
675 for (Permission permission : permissions) {
676 if (checkOrgGroupPermission(organizations, groups, permission)) {
677 return true;
678 }
679 }
680
681 return false;
682 }
683
684 protected boolean checkOrgGroupPermission(
685 List<Organization> organizations, List<Group> groups,
686 Permission permission)
687 throws PortalException, SystemException {
688
689
692 if ((organizations.size() == 0) || (groups.size() == 0)) {
693 return false;
694 }
695
696
699 List<OrgGroupPermission> orgGroupPermissions =
700 orgGroupPermissionPersistence.findByPermissionId(
701 permission.getPermissionId());
702
703 if (orgGroupPermissions.size() == 0) {
704 return false;
705 }
706
707 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
708 if (orgGroupPermission.containsOrganization(organizations) &&
709 orgGroupPermission.containsGroup(groups)) {
710
711 return true;
712 }
713 }
714
715
719 throw new NoSuchPermissionException(
720 "User has a permission in OrgGroupPermission that does not match");
721 }
722
723 protected boolean hasUserPermissions_1(
724 long userId, String actionId, long resourceId,
725 List<Permission> permissions, List<Group> groups, long groupId,
726 StopWatch stopWatch, int block)
727 throws SystemException {
728
729
732 if (groups.size() > 0) {
733 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
734 return true;
735 }
736 }
737
738 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
739
740
743 if (groups.size() > 0) {
744 if (permissionFinder.countByGroupsPermissions(
745 permissions, groups) > 0) {
746
747 return true;
748 }
749 }
750
751 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
752
753
755 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
756 return true;
757 }
758
759 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
760
761
763 if (permissionFinder.countByUserGroupRole(
764 permissions, userId, groupId) > 0) {
765
766 return true;
767 }
768
769 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
770
771
773 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
774 return true;
775 }
776
777 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
778
779 return false;
780 }
781
782 protected boolean hasUserPermissions_2(
783 long userId, String actionId, long resourceId,
784 List<Permission> permissions, List<Group> groups, long groupId,
785 StopWatch stopWatch, int block)
786 throws SystemException {
787
788
791 if (permissionFinder.containsPermissions_2(
792 permissions, userId, groups, groupId)) {
793
794 return true;
795 }
796
797 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
798
799 return false;
800 }
801
802 protected boolean hasUserPermissions_3(
803 long userId, String actionId, long resourceId,
804 List<Permission> permissions, List<Group> groups, List<Role> roles,
805 StopWatch stopWatch, int block)
806 throws SystemException {
807
808
811 if (groups.size() > 0) {
812 if (permissionFinder.countByGroupsPermissions(
813 permissions, groups) > 0) {
814
815 return true;
816 }
817 }
818
819 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
820
821
824 if (roles.size() > 0) {
825 if (permissionFinder.countByRolesPermissions(
826 permissions, roles) > 0) {
827
828 return true;
829 }
830 }
831
832 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
833
834
836 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
837 return true;
838 }
839
840 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
841
842 return false;
843 }
844
845 protected boolean hasUserPermissions_4(
846 long userId, String actionId, long resourceId,
847 List<Permission> permissions, List<Group> groups, List<Role> roles,
848 StopWatch stopWatch, int block)
849 throws SystemException {
850
851
854 if (permissionFinder.containsPermissions_4(
855 permissions, userId, groups, roles)) {
856
857 return true;
858 }
859
860 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
861
862 return false;
863 }
864
865 protected boolean hasUserPermissions_5(
866 long userId, String actionId, long resourceId,
867 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
868 int block)
869 throws SystemException {
870
871 if (roles.size() > 0) {
872 if (permissionFinder.countByRolesPermissions(
873 permissions, roles) > 0) {
874
875 return true;
876 }
877 }
878
879 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
880
881 return false;
882 }
883
884 protected void logHasUserPermissions(
885 long userId, String actionId, long resourceId, StopWatch stopWatch,
886 int block) {
887
888 if (!_log.isDebugEnabled()) {
889 return;
890 }
891
892 _log.debug(
893 "Checking user permissions block " + block + " for " + userId +
894 " " + actionId + " " + resourceId + " takes " +
895 stopWatch.getTime() + " ms");
896 }
897
898 private static Log _log =
899 LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
900
901 }