001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.model.impl; 016 017 import com.liferay.portal.model.ResourceAction; 018 import com.liferay.portal.service.ResourceActionLocalServiceUtil; 019 020 /** 021 * Stores the permissions assigned to roles under permissions version 6. A 022 * resource permission gives a role the ability to perform a set of actions on 023 * certain resources. 024 * 025 * <p> 026 * The type of resource a permission applies to is specified by the 027 * <code>name</code> attribute. It will either be the numeric ID of a portlet, 028 * or the fully qualified class name of a model (such as a layout or document 029 * library folder). 030 * </p> 031 * 032 * <p> 033 * These permissions can apply in one of four scopes: company, group, 034 * group-template, or individual. The scope of a permission determines how 035 * broadly it applies to resources in the portal. Company scope is the broadest, 036 * and grants a user with the role permissions for every resource of the type 037 * within the company. Likewise, group scope gives users with the role 038 * permissions for every resource within the specified group, and individual 039 * scope only applies to a single resource of the type. Group-template scope is 040 * similar to group scope, except that it does not automatically apply to a 041 * specific group. A user must be a member of a group (generally either a site 042 * or an organization), and they must have been given the role within that group 043 * before they are granted its permissions. 044 * </p> 045 * 046 * <p> 047 * Note: Lacking permission to perform an action on a resource at one scope does 048 * not necessarily mean that a role does not have permission to perform that 049 * action. For instance, a message boards moderator role will not have 050 * individual scope permissions to edit every post, but it will have edit 051 * permissions at the group or company level, which is sufficient. Every scope 052 * must be checked. 053 * </p> 054 * 055 * <p> 056 * The scope of the resource permission also determines the meaning of the 057 * <code>primKey</code> attribute. Its different uses are listed below: 058 * </p> 059 * 060 * <ul> 061 * <li> 062 * Company scope - <code>primKey</code> is the primary key of the company 063 * </li> 064 * <li> 065 * Group scope - <code>primKey</code> is the primary key of the group the 066 * permission applies within 067 * </li> 068 * <li> 069 * Group-template scope - <code>primKey</code> is always <code>0</code> 070 * </li> 071 * <li> 072 * Individual scope - If the permission applies to a model instance, 073 * <code>primkey</code> will be the primary key of the instance. If the 074 * permission is for a portlet, <code>primKey</code> will contain the primary 075 * key of the layout containing the portlet, followed by "_LAYOUT_" 076 * and the portlet ID. The instance ID will also be present for instanceable 077 * portlets, preceded by "_INSTANCE_". 078 * </li> 079 * </ul> 080 * 081 * <p> 082 * The <code>actionIds</code> attribute stores the bitwise IDs of all the 083 * actions allowed by this permission. 084 * </p> 085 * 086 * @author Brian Wing Shun Chan 087 * @see ResourceActionImpl 088 */ 089 public class ResourcePermissionImpl extends ResourcePermissionBaseImpl { 090 091 public ResourcePermissionImpl() { 092 } 093 094 @Override 095 public boolean hasActionId(String actionId) { 096 ResourceAction resourceAction = 097 ResourceActionLocalServiceUtil.fetchResourceAction( 098 getName(), actionId); 099 100 if (resourceAction != null) { 101 long actionIds = getActionIds(); 102 long bitwiseValue = resourceAction.getBitwiseValue(); 103 104 if ((actionIds & bitwiseValue) == bitwiseValue) { 105 return true; 106 } 107 } 108 109 return false; 110 } 111 112 }