001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.util.StringBundler;
018 import com.liferay.portal.kernel.util.StringPool;
019 import com.liferay.portal.kernel.util.StringUtil;
020 import com.liferay.portal.kernel.util.Validator;
021 import com.liferay.portal.util.PropsValues;
022 import com.liferay.util.dao.orm.CustomSQLUtil;
023
024
027 public class InlineSQLHelperImpl implements InlineSQLHelper {
028
029 public static final String JOIN_RESOURCE_PERMISSION =
030 InlineSQLHelper.class.getName() + ".joinResourcePermission";
031
032 public boolean isEnabled() {
033 return isEnabled(0);
034 }
035
036 public boolean isEnabled(long groupId) {
037 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
038 return false;
039 }
040
041 PermissionChecker permissionChecker =
042 PermissionThreadLocal.getPermissionChecker();
043
044 if (permissionChecker == null) {
045 return false;
046 }
047
048 if (groupId > 0) {
049 if (permissionChecker.isCommunityAdmin(groupId) ||
050 permissionChecker.isCommunityOwner(groupId)) {
051
052 return false;
053 }
054 }
055 else {
056 if (permissionChecker.isCompanyAdmin()) {
057 return false;
058 }
059 }
060
061 return true;
062 }
063
064 public String replacePermissionCheck(
065 String sql, String className, String classPKField, String userIdField) {
066
067 return replacePermissionCheck(
068 sql, className, classPKField, userIdField, 0, null);
069 }
070
071 public String replacePermissionCheck(
072 String sql, String className, String classPKField, String userIdField,
073 long groupId) {
074
075 return replacePermissionCheck(
076 sql, className, classPKField, userIdField, groupId, null);
077 }
078
079 public String replacePermissionCheck(
080 String sql, String className, String classPKField, String userIdField,
081 long groupId, String bridgeJoin) {
082
083 if (!isEnabled(groupId)) {
084 return sql;
085 }
086
087 if (Validator.isNull(className)) {
088 throw new IllegalArgumentException("className is null");
089 }
090
091 if (Validator.isNull(classPKField)) {
092 throw new IllegalArgumentException("classPKField is null");
093 }
094
095 if (Validator.isNull(sql)) {
096 return sql;
097 }
098
099 PermissionChecker permissionChecker =
100 PermissionThreadLocal.getPermissionChecker();
101
102 String permissionJoin = StringPool.BLANK;
103
104 if (Validator.isNotNull(bridgeJoin)) {
105 permissionJoin = bridgeJoin;
106 }
107
108 permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
109
110 StringBundler ownerSQL = new StringBundler(5);
111
112 if (Validator.isNotNull(userIdField)) {
113 ownerSQL.append("(");
114 ownerSQL.append(userIdField);
115 ownerSQL.append(" = ");
116 ownerSQL.append(String.valueOf(getUserId()));
117 ownerSQL.append(") OR ");
118 }
119
120 permissionJoin = StringUtil.replace(
121 permissionJoin,
122 new String[] {
123 "[$CLASS_NAME$]",
124 "[$CLASS_PK_FIELD$]",
125 "[$COMPANY_ID$]",
126 "[$GROUP_ID$]",
127 "[$OWNER_CHECK$]",
128 "[$ROLE_IDS$]"
129 },
130 new String[] {
131 className,
132 classPKField,
133 String.valueOf(permissionChecker.getCompanyId()),
134 String.valueOf(groupId),
135 ownerSQL.toString(),
136 StringUtil.merge(getRoleIds(groupId))
137 });
138
139 int pos = sql.indexOf(_WHERE_CLAUSE);
140
141 if (pos != -1) {
142 return sql.substring(0, pos + 1).concat(permissionJoin).concat(
143 sql.substring(pos + 1));
144 }
145
146 pos = sql.indexOf(_ORDER_BY_CLAUSE);
147
148 if (pos != -1) {
149 return sql.substring(0, pos + 1).concat(permissionJoin).concat(
150 sql.substring(pos + 1));
151 }
152
153 return sql.concat(StringPool.SPACE).concat(permissionJoin);
154 }
155
156 public String replacePermissionCheck(
157 String sql, String className, String classPKField, String userIdField,
158 String bridgeJoin) {
159
160 return replacePermissionCheck(
161 sql, className, classPKField, userIdField, 0, bridgeJoin);
162 }
163
164 protected long[] getRoleIds(long groupId) {
165 long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
166
167 PermissionChecker permissionChecker =
168 PermissionThreadLocal.getPermissionChecker();
169
170 if (permissionChecker != null) {
171 roleIds = permissionChecker.getRoleIds(
172 permissionChecker.getUserId(), groupId);
173 }
174
175 return roleIds;
176 }
177
178 protected long getUserId() {
179 long userId = 0;
180
181 PermissionChecker permissionChecker =
182 PermissionThreadLocal.getPermissionChecker();
183
184 if (permissionChecker != null) {
185 userId = permissionChecker.getUserId();
186 }
187
188 return userId;
189 }
190
191 private static final String _ORDER_BY_CLAUSE = " ORDER BY ";
192
193 private static final String _WHERE_CLAUSE = " WHERE ";
194
195 }