001
014
015 package com.liferay.portal.lar;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.lar.PortletDataContext;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.kernel.util.KeyValuePair;
024 import com.liferay.portal.kernel.xml.Document;
025 import com.liferay.portal.kernel.xml.Element;
026 import com.liferay.portal.kernel.xml.SAXReaderUtil;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.Layout;
030 import com.liferay.portal.model.Portlet;
031 import com.liferay.portal.model.PortletConstants;
032 import com.liferay.portal.model.Resource;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.User;
036 import com.liferay.portal.service.GroupLocalServiceUtil;
037 import com.liferay.portal.service.PermissionLocalServiceUtil;
038 import com.liferay.portal.service.PortletLocalServiceUtil;
039 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
040 import com.liferay.portal.service.RoleLocalServiceUtil;
041 import com.liferay.portal.service.permission.PortletPermissionUtil;
042 import com.liferay.portal.util.PropsValues;
043
044 import java.util.ArrayList;
045 import java.util.Iterator;
046 import java.util.List;
047
048
059 public class PermissionImporter {
060
061 protected List<String> getActions(Element el) {
062 List<String> actions = new ArrayList<String>();
063
064 Iterator<Element> itr = el.elements("action-key").iterator();
065
066 while (itr.hasNext()) {
067 Element actionEl = itr.next();
068
069 actions.add(actionEl.getText());
070 }
071
072 return actions;
073 }
074
075 protected void importGroupPermissions(
076 LayoutCache layoutCache, long companyId, long groupId,
077 String resourceName, String resourcePrimKey, Element parentEl,
078 String elName, boolean portletActions)
079 throws PortalException, SystemException {
080
081 Element actionEl = parentEl.element(elName);
082
083 if (actionEl == null) {
084 return;
085 }
086
087 List<String> actions = getActions(actionEl);
088
089 Resource resource = layoutCache.getResource(
090 companyId, groupId, resourceName,
091 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
092 portletActions);
093
094 PermissionLocalServiceUtil.setGroupPermissions(
095 groupId, actions.toArray(new String[actions.size()]),
096 resource.getResourceId());
097 }
098
099 protected void importGroupRoles(
100 LayoutCache layoutCache, long companyId, long groupId,
101 String resourceName, String entityName,
102 Element parentEl)
103 throws PortalException, SystemException {
104
105 Element entityRolesEl = parentEl.element(entityName + "-roles");
106
107 if (entityRolesEl == null) {
108 return;
109 }
110
111 importRolePermissions(
112 layoutCache, companyId, resourceName, ResourceConstants.SCOPE_GROUP,
113 String.valueOf(groupId), entityRolesEl, true);
114 }
115
116 protected void importInheritedPermissions(
117 LayoutCache layoutCache, long companyId, String resourceName,
118 String resourcePrimKey, Element permissionsEl, String entityName,
119 boolean portletActions)
120 throws PortalException, SystemException {
121
122 Element entityPermissionsEl = permissionsEl.element(
123 entityName + "-permissions");
124
125 if (entityPermissionsEl == null) {
126 return;
127 }
128
129 List<Element> actionsEls = entityPermissionsEl.elements(
130 entityName + "-actions");
131
132 for (int i = 0; i < actionsEls.size(); i++) {
133 Element actionEl = actionsEls.get(i);
134
135 String name = actionEl.attributeValue("name");
136
137 long entityGroupId = layoutCache.getEntityGroupId(
138 companyId, entityName, name);
139
140 if (entityGroupId == 0) {
141 _log.warn(
142 "Ignore inherited permissions for entity " + entityName +
143 " with name " + name);
144 }
145 else {
146 Element parentEl = SAXReaderUtil.createElement("parent");
147
148 parentEl.add(actionEl.createCopy());
149
150 importGroupPermissions(
151 layoutCache, companyId, entityGroupId, resourceName,
152 resourcePrimKey, parentEl, entityName + "-actions",
153 portletActions);
154 }
155 }
156 }
157
158 protected void importInheritedRoles(
159 LayoutCache layoutCache, long companyId, long groupId,
160 String resourceName, String entityName, Element parentEl)
161 throws PortalException, SystemException {
162
163 Element entityRolesEl = parentEl.element(entityName + "-roles");
164
165 if (entityRolesEl == null) {
166 return;
167 }
168
169 List<Element> entityEls = entityRolesEl.elements(entityName);
170
171 for (int i = 0; i < entityEls.size(); i++) {
172 Element entityEl = entityEls.get(i);
173
174 String name = entityEl.attributeValue("name");
175
176 long entityGroupId = layoutCache.getEntityGroupId(
177 companyId, entityName, name);
178
179 if (entityGroupId == 0) {
180 _log.warn(
181 "Ignore inherited roles for entity " + entityName +
182 " with name " + name);
183 }
184 else {
185 importRolePermissions(
186 layoutCache, companyId, resourceName,
187 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
188 entityEl, false);
189 }
190 }
191 }
192
193 protected void importLayoutPermissions(
194 LayoutCache layoutCache, long companyId, long groupId, long userId,
195 Layout layout, Element layoutEl, Element parentEl,
196 boolean importUserPermissions)
197 throws PortalException, SystemException {
198
199 Element permissionsEl = layoutEl.element("permissions");
200
201 if (permissionsEl != null) {
202 String resourceName = Layout.class.getName();
203 String resourcePrimKey = String.valueOf(layout.getPlid());
204
205 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
206 importPermissions_5(
207 layoutCache, companyId, groupId, userId, resourceName,
208 resourcePrimKey, permissionsEl, false);
209 }
210 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
211 importPermissions_6(
212 layoutCache, companyId, groupId, userId, resourceName,
213 resourcePrimKey, permissionsEl, false);
214 }
215 else {
216 Group guestGroup = GroupLocalServiceUtil.getGroup(
217 companyId, GroupConstants.GUEST);
218
219 importLayoutPermissions_1to4(
220 layoutCache, companyId, groupId, guestGroup, layout,
221 resourceName, resourcePrimKey, permissionsEl,
222 importUserPermissions);
223 }
224 }
225
226 Element rolesEl = parentEl.element("roles");
227
228 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
229 (rolesEl != null)) {
230
231 importLayoutRoles(layoutCache, companyId, groupId, rolesEl);
232 }
233 }
234
235 protected void importLayoutPermissions_1to4(
236 LayoutCache layoutCache, long companyId, long groupId,
237 Group guestGroup, Layout layout, String resourceName,
238 String resourcePrimKey, Element permissionsEl,
239 boolean importUserPermissions)
240 throws PortalException, SystemException {
241
242 importGroupPermissions(
243 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
244 permissionsEl, "community-actions", false);
245
246 if (groupId != guestGroup.getGroupId()) {
247 importGroupPermissions(
248 layoutCache, companyId, guestGroup.getGroupId(), resourceName,
249 resourcePrimKey, permissionsEl, "guest-actions", false);
250 }
251
252 if (importUserPermissions) {
253 importUserPermissions(
254 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
255 permissionsEl, false);
256 }
257
258 importInheritedPermissions(
259 layoutCache, companyId, resourceName, resourcePrimKey,
260 permissionsEl, "organization", false);
261
262 importInheritedPermissions(
263 layoutCache, companyId, resourceName, resourcePrimKey,
264 permissionsEl, "user-group", false);
265 }
266
267 protected void importLayoutRoles(
268 LayoutCache layoutCache, long companyId, long groupId,
269 Element rolesEl)
270 throws PortalException, SystemException {
271
272 String resourceName = Layout.class.getName();
273
274 importGroupRoles(
275 layoutCache, companyId, groupId, resourceName, "community",
276 rolesEl);
277
278 importUserRoles(layoutCache, companyId, groupId, resourceName, rolesEl);
279
280 importInheritedRoles(
281 layoutCache, companyId, groupId, resourceName, "organization",
282 rolesEl);
283
284 importInheritedRoles(
285 layoutCache, companyId, groupId, resourceName, "user-group",
286 rolesEl);
287 }
288
289 protected void importPermissions_5(
290 LayoutCache layoutCache, long companyId, long groupId, long userId,
291 String resourceName, String resourcePrimKey, Element permissionsEl,
292 boolean portletActions)
293 throws PortalException, SystemException {
294
295 Resource resource = layoutCache.getResource(
296 companyId, groupId, resourceName,
297 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
298 portletActions);
299
300 List<Element> roleEls = permissionsEl.elements("role");
301
302 for (Element roleEl : roleEls) {
303 String name = roleEl.attributeValue("name");
304
305 Role role = layoutCache.getRole(companyId, name);
306
307 if (role == null) {
308 String description = roleEl.attributeValue("description");
309 int type = Integer.valueOf(roleEl.attributeValue("type"));
310
311 role = RoleLocalServiceUtil.addRole(
312 userId, companyId, name, null, description, type);
313 }
314
315 List<String> actions = getActions(roleEl);
316
317 PermissionLocalServiceUtil.setRolePermissions(
318 role.getRoleId(), actions.toArray(new String[actions.size()]),
319 resource.getResourceId());
320 }
321 }
322
323 protected void importPermissions_6(
324 LayoutCache layoutCache, long companyId, long groupId, long userId,
325 String resourceName, String resourcePrimKey, Element permissionsEl,
326 boolean portletActions)
327 throws PortalException, SystemException {
328
329 List<Element> roleEls = permissionsEl.elements("role");
330
331 for (Element roleEl : roleEls) {
332 String name = roleEl.attributeValue("name");
333
334 Role role = layoutCache.getRole(companyId, name);
335
336 if (role == null) {
337 String description = roleEl.attributeValue("description");
338 int type = Integer.valueOf(roleEl.attributeValue("type"));
339
340 role = RoleLocalServiceUtil.addRole(
341 userId, companyId, name, null, description, type);
342 }
343
344 List<String> actions = getActions(roleEl);
345
346 ResourcePermissionLocalServiceUtil.setResourcePermissions(
347 companyId, resourceName, ResourceConstants.SCOPE_INDIVIDUAL,
348 resourcePrimKey, role.getRoleId(),
349 actions.toArray(new String[actions.size()]));
350 }
351 }
352
353 protected void importPortletPermissions(
354 LayoutCache layoutCache, long companyId, long groupId, long userId,
355 Layout layout, Element portletEl, String portletId,
356 boolean importUserPermissions)
357 throws PortalException, SystemException {
358
359 Element permissionsEl = portletEl.element("permissions");
360
361 if (permissionsEl != null) {
362 String resourceName = PortletConstants.getRootPortletId(portletId);
363
364 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
365 layout.getPlid(), portletId);
366
367 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
368 importPermissions_5(
369 layoutCache, companyId, groupId, userId, resourceName,
370 resourcePrimKey, permissionsEl, true);
371 }
372 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
373 importPermissions_6(
374 layoutCache, companyId, groupId, userId, resourceName,
375 resourcePrimKey, permissionsEl, true);
376 }
377 else {
378 Group guestGroup = GroupLocalServiceUtil.getGroup(
379 companyId, GroupConstants.GUEST);
380
381 importPortletPermissions_1to4(
382 layoutCache, companyId, groupId, guestGroup, layout,
383 permissionsEl, importUserPermissions);
384 }
385 }
386
387 Element rolesEl = portletEl.element("roles");
388
389 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
390 (rolesEl != null)) {
391
392 importPortletRoles(layoutCache, companyId, groupId, portletEl);
393 importPortletRoles(
394 layoutCache, companyId, groupId, portletId, rolesEl);
395 }
396 }
397
398 protected void importPortletPermissions_1to4(
399 LayoutCache layoutCache, long companyId, long groupId,
400 Group guestGroup, Layout layout, Element permissionsEl,
401 boolean importUserPermissions)
402 throws PortalException, SystemException {
403
404 Iterator<Element> itr = permissionsEl.elements("portlet").iterator();
405
406 while (itr.hasNext()) {
407 Element portletEl = itr.next();
408
409 String portletId = portletEl.attributeValue("portlet-id");
410
411 String resourceName = PortletConstants.getRootPortletId(portletId);
412 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
413 layout.getPlid(), portletId);
414
415 Portlet portlet = PortletLocalServiceUtil.getPortletById(
416 companyId, resourceName);
417
418 if (portlet == null) {
419 if (_log.isDebugEnabled()) {
420 _log.debug(
421 "Do not import portlet permissions for " + portletId +
422 " because the portlet does not exist");
423 }
424 }
425 else {
426 importGroupPermissions(
427 layoutCache, companyId, groupId, resourceName,
428 resourcePrimKey, portletEl, "community-actions", true);
429
430 if (groupId != guestGroup.getGroupId()) {
431 importGroupPermissions(
432 layoutCache, companyId, guestGroup.getGroupId(),
433 resourceName, resourcePrimKey, portletEl,
434 "guest-actions", true);
435 }
436
437 if (importUserPermissions) {
438 importUserPermissions(
439 layoutCache, companyId, groupId, resourceName,
440 resourcePrimKey, portletEl, true);
441 }
442
443 importInheritedPermissions(
444 layoutCache, companyId, resourceName, resourcePrimKey,
445 portletEl, "organization", true);
446
447 importInheritedPermissions(
448 layoutCache, companyId, resourceName, resourcePrimKey,
449 portletEl, "user-group", true);
450 }
451 }
452 }
453
454 protected void importPortletRoles(
455 LayoutCache layoutCache, long companyId, long groupId,
456 String portletId, Element rolesEl)
457 throws PortalException, SystemException {
458
459 String resourceName = PortletConstants.getRootPortletId(portletId);
460
461 Portlet portlet = PortletLocalServiceUtil.getPortletById(
462 companyId, resourceName);
463
464 if (portlet == null) {
465 if (_log.isDebugEnabled()) {
466 _log.debug(
467 "Do not import portlet roles for " + portletId +
468 " because the portlet does not exist");
469 }
470 }
471 else {
472 importGroupRoles(
473 layoutCache, companyId, groupId, resourceName, "community",
474 rolesEl);
475
476 importUserRoles(
477 layoutCache, companyId, groupId, resourceName, rolesEl);
478
479 importInheritedRoles(
480 layoutCache, companyId, groupId, resourceName,
481 "organization", rolesEl);
482
483 importInheritedRoles(
484 layoutCache, companyId, groupId, resourceName, "user-group",
485 rolesEl);
486 }
487 }
488
489 protected void importPortletRoles(
490 LayoutCache layoutCache, long companyId, long groupId,
491 Element rolesEl)
492 throws PortalException, SystemException {
493
494 Iterator<Element> itr = rolesEl.elements("portlet").iterator();
495
496 while (itr.hasNext()) {
497 Element portletEl = itr.next();
498
499 String portletId = portletEl.attributeValue("portlet-id");
500
501 String resourceName = PortletConstants.getRootPortletId(portletId);
502
503 Portlet portlet = PortletLocalServiceUtil.getPortletById(
504 companyId, resourceName);
505
506 if (portlet == null) {
507 if (_log.isDebugEnabled()) {
508 _log.debug(
509 "Do not import portlet roles for " + portletId +
510 " because the portlet does not exist");
511 }
512 }
513 else {
514 importGroupRoles(
515 layoutCache, companyId, groupId, resourceName, "community",
516 portletEl);
517
518 importUserRoles(
519 layoutCache, companyId, groupId, resourceName, portletEl);
520
521 importInheritedRoles(
522 layoutCache, companyId, groupId, resourceName,
523 "organization", portletEl);
524
525 importInheritedRoles(
526 layoutCache, companyId, groupId, resourceName, "user-group",
527 portletEl);
528 }
529 }
530 }
531
532 protected void importRolePermissions(
533 LayoutCache layoutCache, long companyId, String resourceName,
534 int scope, String resourcePrimKey, Element parentEl,
535 boolean communityRole)
536 throws PortalException, SystemException {
537
538 List<Element> roleEls = parentEl.elements("role");
539
540 for (int i = 0; i < roleEls.size(); i++) {
541 Element roleEl = roleEls.get(i);
542
543 String roleName = roleEl.attributeValue("name");
544
545 Role role = layoutCache.getRole(companyId, roleName);
546
547 if (role == null) {
548 _log.warn(
549 "Ignoring permissions for role with name " + roleName);
550 }
551 else {
552 List<String> actions = getActions(roleEl);
553
554 PermissionLocalServiceUtil.setRolePermissions(
555 role.getRoleId(), companyId, resourceName, scope,
556 resourcePrimKey,
557 actions.toArray(new String[actions.size()]));
558
559 if (communityRole) {
560 long[] groupIds = {GetterUtil.getLong(resourcePrimKey)};
561
562 GroupLocalServiceUtil.addRoleGroups(
563 role.getRoleId(), groupIds);
564 }
565 }
566 }
567 }
568
569 protected void importUserPermissions(
570 LayoutCache layoutCache, long companyId, long groupId,
571 String resourceName, String resourcePrimKey, Element parentEl,
572 boolean portletActions)
573 throws PortalException, SystemException {
574
575 Element userPermissionsEl = parentEl.element("user-permissions");
576
577 if (userPermissionsEl == null) {
578 return;
579 }
580
581 List<Element> userActionsEls = userPermissionsEl.elements(
582 "user-actions");
583
584 for (int i = 0; i < userActionsEls.size(); i++) {
585 Element userActionsEl = userActionsEls.get(i);
586
587 String uuid = userActionsEl.attributeValue("uuid");
588
589 User user = layoutCache.getUser(companyId, groupId, uuid);
590
591 if (user == null) {
592 if (_log.isWarnEnabled()) {
593 _log.warn(
594 "Ignoring permissions for user with uuid " + uuid);
595 }
596 }
597 else {
598 List<String> actions = getActions(userActionsEl);
599
600 Resource resource = layoutCache.getResource(
601 companyId, groupId, resourceName,
602 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
603 portletActions);
604
605 PermissionLocalServiceUtil.setUserPermissions(
606 user.getUserId(),
607 actions.toArray(new String[actions.size()]),
608 resource.getResourceId());
609 }
610 }
611 }
612
613 protected void importUserRoles(
614 LayoutCache layoutCache, long companyId, long groupId,
615 String resourceName, Element parentEl)
616 throws PortalException, SystemException {
617
618 Element userRolesEl = parentEl.element("user-roles");
619
620 if (userRolesEl == null) {
621 return;
622 }
623
624 List<Element> userEls = userRolesEl.elements("user");
625
626 for (int i = 0; i < userEls.size(); i++) {
627 Element userEl = userEls.get(i);
628
629 String uuid = userEl.attributeValue("uuid");
630
631 User user = layoutCache.getUser(companyId, groupId, uuid);
632
633 if (user == null) {
634 if (_log.isWarnEnabled()) {
635 _log.warn("Ignoring roles for user with uuid " + uuid);
636 }
637 }
638 else {
639 importRolePermissions(
640 layoutCache, companyId, resourceName,
641 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
642 userEl, false);
643 }
644 }
645 }
646
647 protected void readPortletDataPermissions(PortletDataContext context)
648 throws SystemException {
649
650 try {
651 String xml = context.getZipEntryAsString(
652 context.getSourceRootPath() + "/portlet-data-permissions.xml");
653
654 if (xml == null) {
655 return;
656 }
657
658 Document doc = SAXReaderUtil.read(xml);
659
660 Element root = doc.getRootElement();
661
662 List<Element> portletDataEls = root.elements("portlet-data");
663
664 for (Element portletDataEl : portletDataEls) {
665 String resourceName = portletDataEl.attributeValue(
666 "resource-name");
667 long resourcePK = GetterUtil.getLong(
668 portletDataEl.attributeValue("resource-pk"));
669
670 List<KeyValuePair> permissions = new ArrayList<KeyValuePair>();
671
672 List<Element> permissionsEls = portletDataEl.elements(
673 "permissions");
674
675 for (Element permissionsEl : permissionsEls) {
676 String roleName = permissionsEl.attributeValue("role-name");
677 String actions = permissionsEl.attributeValue("actions");
678
679 KeyValuePair permission = new KeyValuePair(
680 roleName, actions);
681
682 permissions.add(permission);
683 }
684
685 context.addPermissions(resourceName, resourcePK, permissions);
686 }
687 }
688 catch (Exception e) {
689 throw new SystemException(e);
690 }
691 }
692
693 private static Log _log = LogFactoryUtil.getLog(PermissionImporter.class);
694
695 }