1
22
23 package com.liferay.portlet.portletconfiguration.action;
24
25 import com.liferay.portal.kernel.servlet.SessionErrors;
26 import com.liferay.portal.kernel.util.Constants;
27 import com.liferay.portal.kernel.util.ParamUtil;
28 import com.liferay.portal.kernel.util.StringUtil;
29 import com.liferay.portal.kernel.util.Validator;
30 import com.liferay.portal.model.Layout;
31 import com.liferay.portal.model.Organization;
32 import com.liferay.portal.model.Portlet;
33 import com.liferay.portal.model.PortletConstants;
34 import com.liferay.portal.model.Resource;
35 import com.liferay.portal.model.Role;
36 import com.liferay.portal.model.UserGroup;
37 import com.liferay.portal.security.auth.PrincipalException;
38 import com.liferay.portal.security.permission.ResourceActionsUtil;
39 import com.liferay.portal.service.PermissionServiceUtil;
40 import com.liferay.portal.service.PortletLocalServiceUtil;
41 import com.liferay.portal.service.ResourceLocalServiceUtil;
42 import com.liferay.portal.servlet.filters.cache.CacheUtil;
43 import com.liferay.portal.theme.ThemeDisplay;
44 import com.liferay.portal.util.PropsValues;
45 import com.liferay.portal.util.WebKeys;
46
47 import java.util.ArrayList;
48 import java.util.Enumeration;
49 import java.util.List;
50
51 import javax.portlet.ActionRequest;
52 import javax.portlet.ActionResponse;
53 import javax.portlet.PortletConfig;
54 import javax.portlet.RenderRequest;
55 import javax.portlet.RenderResponse;
56
57 import org.apache.struts.action.ActionForm;
58 import org.apache.struts.action.ActionForward;
59 import org.apache.struts.action.ActionMapping;
60
61
67 public class EditPermissionsAction extends EditConfigurationAction {
68
69 public void processAction(
70 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
71 ActionRequest actionRequest, ActionResponse actionResponse)
72 throws Exception {
73
74 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
75
76 try {
77 if (cmd.equals("group_permissions")) {
78 updateGroupPermissions(actionRequest);
79 }
80 else if (cmd.equals("guest_permissions")) {
81 updateGuestPermissions(actionRequest);
82 }
83 else if (cmd.equals("organization_permissions")) {
84 updateOrganizationPermissions(actionRequest);
85 }
86 else if (cmd.equals("role_permissions")) {
87 updateRolePermissions(actionRequest);
88 }
89 else if (cmd.equals("user_group_permissions")) {
90 updateUserGroupPermissions(actionRequest);
91 }
92 else if (cmd.equals("user_permissions")) {
93 updateUserPermissions(actionRequest);
94 }
95
96 String redirect = ParamUtil.getString(
97 actionRequest, "permissionsRedirect");
98
99 sendRedirect(actionRequest, actionResponse, redirect);
100 }
101 catch (Exception e) {
102 if (e instanceof PrincipalException) {
103 SessionErrors.add(actionRequest, e.getClass().getName());
104
105 setForward(
106 actionRequest, "portlet.portlet_configuration.error");
107 }
108 else {
109 throw e;
110 }
111 }
112 }
113
114 public ActionForward render(
115 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
116 RenderRequest renderRequest, RenderResponse renderResponse)
117 throws Exception {
118
119 ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
120 WebKeys.THEME_DISPLAY);
121
122 long groupId = themeDisplay.getScopeGroupId();
123
124 String portletResource = ParamUtil.getString(
125 renderRequest, "portletResource");
126 String modelResource = ParamUtil.getString(
127 renderRequest, "modelResource");
128 String resourcePrimKey = ParamUtil.getString(
129 renderRequest, "resourcePrimKey");
130
131 String selResource = portletResource;
132
133 if (Validator.isNotNull(modelResource)) {
134 selResource = modelResource;
135 }
136
137 try {
138 PermissionServiceUtil.checkPermission(
139 groupId, selResource, resourcePrimKey);
140 }
141 catch (PrincipalException pe) {
142 SessionErrors.add(
143 renderRequest, PrincipalException.class.getName());
144
145 setForward(renderRequest, "portlet.portlet_configuration.error");
146 }
147
148 Portlet portlet = PortletLocalServiceUtil.getPortletById(
149 themeDisplay.getCompanyId(), portletResource);
150
151 if (portlet != null) {
152 renderResponse.setTitle(getTitle(portlet, renderRequest));
153 }
154
155 return mapping.findForward(getForward(
156 renderRequest, "portlet.portlet_configuration.edit_permissions"));
157 }
158
159 protected String[] getActionIds(ActionRequest actionRequest, long roleId) {
160 List<String> actionIds = new ArrayList<String>();
161
162 Enumeration<String> enu = actionRequest.getParameterNames();
163
164 while (enu.hasMoreElements()) {
165 String name = enu.nextElement();
166
167 if (name.startsWith(roleId + "_ACTION_")) {
168 int pos = name.indexOf("_ACTION_");
169
170 String actionId = name.substring(pos + 8);
171
172 actionIds.add(actionId);
173 }
174 }
175
176 return actionIds.toArray(new String[actionIds.size()]);
177 }
178
179 protected void updateGroupPermissions(ActionRequest actionRequest)
180 throws Exception {
181
182 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
183
184 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
185 long groupId = ParamUtil.getLong(actionRequest, "groupId");
186 String[] actionIds = StringUtil.split(
187 ParamUtil.getString(actionRequest, "groupIdActionIds"));
188
189 PermissionServiceUtil.setGroupPermissions(
190 groupId, actionIds, resourceId);
191
192 if (!layout.isPrivateLayout()) {
193 Resource resource =
194 ResourceLocalServiceUtil.getResource(resourceId);
195
196 if (resource.getPrimKey().startsWith(
197 layout.getPlid() + PortletConstants.LAYOUT_SEPARATOR)) {
198
199 CacheUtil.clearCache(layout.getCompanyId());
200 }
201 }
202 }
203
204 protected void updateGuestPermissions(ActionRequest actionRequest)
205 throws Exception {
206
207 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
208 WebKeys.THEME_DISPLAY);
209
210 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
211 String[] actionIds = StringUtil.split(
212 ParamUtil.getString(actionRequest, "guestActionIds"));
213
214 PermissionServiceUtil.setUserPermissions(
215 themeDisplay.getDefaultUserId(), themeDisplay.getScopeGroupId(),
216 actionIds, resourceId);
217 }
218
219 protected void updateOrganizationPermissions(ActionRequest actionRequest)
220 throws Exception {
221
222 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
223
224 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
225 long organizationId = ParamUtil.getLong(
226 actionRequest, "organizationIdsPosValue");
227 String[] actionIds = StringUtil.split(
228 ParamUtil.getString(actionRequest, "organizationIdActionIds"));
229
232 PermissionServiceUtil.setGroupPermissions(
234 Organization.class.getName(), String.valueOf(organizationId),
235 layout.getGroupId(), actionIds, resourceId);
236
241 }
242
243 protected void updateRolePermissions(ActionRequest actionRequest)
244 throws Exception {
245
246 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
247 updateRolePermissions5(actionRequest);
248 }
249 else {
250 updateRolePermissions1to4(actionRequest);
251 }
252 }
253
254 protected void updateRolePermissions1to4(ActionRequest actionRequest)
255 throws Exception {
256
257 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
258 WebKeys.THEME_DISPLAY);
259
260 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
261 long roleId = ParamUtil.getLong(actionRequest, "roleIdsPosValue");
262 String[] actionIds = StringUtil.split(
263 ParamUtil.getString(actionRequest, "roleIdActionIds"));
264
265 PermissionServiceUtil.setRolePermissions(
266 roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
267 }
268
269 protected void updateRolePermissions5(ActionRequest actionRequest)
270 throws Exception {
271
272 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
273 WebKeys.THEME_DISPLAY);
274
275 Layout layout = themeDisplay.getLayout();
276
277 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
278 String modelResource = ParamUtil.getString(
279 actionRequest, "modelResource");
280
281 List<Role> roles = ResourceActionsUtil.getRoles(
282 layout.getGroup(), modelResource);
283
284 for (Role role : roles) {
285 String[] actionIds = getActionIds(actionRequest, role.getRoleId());
286
287 PermissionServiceUtil.setRolePermissions(
288 role.getRoleId(), themeDisplay.getScopeGroupId(), actionIds,
289 resourceId);
290 }
291 }
292
293 protected void updateUserGroupPermissions(ActionRequest actionRequest)
294 throws Exception {
295
296 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
297
298 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
299 long userGroupId = ParamUtil.getLong(
300 actionRequest, "userGroupIdsPosValue");
301 String[] actionIds = StringUtil.split(
302 ParamUtil.getString(actionRequest, "userGroupIdActionIds"));
303
304 PermissionServiceUtil.setGroupPermissions(
305 UserGroup.class.getName(), String.valueOf(userGroupId),
306 layout.getGroupId(), actionIds, resourceId);
307 }
308
309 protected void updateUserPermissions(ActionRequest actionRequest)
310 throws Exception {
311
312 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
313 WebKeys.THEME_DISPLAY);
314
315 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
316 long userId = ParamUtil.getLong(actionRequest, "userIdsPosValue");
317 String[] actionIds = StringUtil.split(
318 ParamUtil.getString(actionRequest, "userIdActionIds"));
319
320 PermissionServiceUtil.setUserPermissions(
321 userId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
322 }
323
324 }