001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.DuplicateRoleException; 018 import com.liferay.portal.NoSuchRoleException; 019 import com.liferay.portal.NoSuchShardException; 020 import com.liferay.portal.RequiredRoleException; 021 import com.liferay.portal.RoleNameException; 022 import com.liferay.portal.kernel.cache.Lifecycle; 023 import com.liferay.portal.kernel.cache.ThreadLocalCachable; 024 import com.liferay.portal.kernel.cache.ThreadLocalCache; 025 import com.liferay.portal.kernel.cache.ThreadLocalCacheManager; 026 import com.liferay.portal.kernel.dao.shard.ShardUtil; 027 import com.liferay.portal.kernel.exception.PortalException; 028 import com.liferay.portal.kernel.exception.SystemException; 029 import com.liferay.portal.kernel.lar.ImportExportThreadLocal; 030 import com.liferay.portal.kernel.search.Indexer; 031 import com.liferay.portal.kernel.search.IndexerRegistryUtil; 032 import com.liferay.portal.kernel.spring.aop.Skip; 033 import com.liferay.portal.kernel.transaction.Propagation; 034 import com.liferay.portal.kernel.transaction.Transactional; 035 import com.liferay.portal.kernel.util.CharPool; 036 import com.liferay.portal.kernel.util.GetterUtil; 037 import com.liferay.portal.kernel.util.LocaleUtil; 038 import com.liferay.portal.kernel.util.OrderByComparator; 039 import com.liferay.portal.kernel.util.StringUtil; 040 import com.liferay.portal.kernel.util.Validator; 041 import com.liferay.portal.model.Company; 042 import com.liferay.portal.model.Group; 043 import com.liferay.portal.model.Layout; 044 import com.liferay.portal.model.ResourceAction; 045 import com.liferay.portal.model.ResourceConstants; 046 import com.liferay.portal.model.ResourcePermission; 047 import com.liferay.portal.model.Role; 048 import com.liferay.portal.model.RoleConstants; 049 import com.liferay.portal.model.Shard; 050 import com.liferay.portal.model.Team; 051 import com.liferay.portal.model.User; 052 import com.liferay.portal.security.permission.ActionKeys; 053 import com.liferay.portal.security.permission.PermissionCacheUtil; 054 import com.liferay.portal.service.base.RoleLocalServiceBaseImpl; 055 import com.liferay.portal.util.PortalUtil; 056 import com.liferay.portal.util.PortletKeys; 057 import com.liferay.portal.util.PropsUtil; 058 import com.liferay.portal.util.PropsValues; 059 import com.liferay.portlet.usersadmin.util.UsersAdminUtil; 060 061 import java.util.ArrayList; 062 import java.util.Arrays; 063 import java.util.Collections; 064 import java.util.HashMap; 065 import java.util.LinkedHashMap; 066 import java.util.List; 067 import java.util.Locale; 068 import java.util.Map; 069 070 /** 071 * The implementation of the role local service. 072 * 073 * @author Brian Wing Shun Chan 074 * @author Marcellus Tavares 075 */ 076 public class RoleLocalServiceImpl extends RoleLocalServiceBaseImpl { 077 078 /** 079 * Adds a role. The user is reindexed after role is added. 080 * 081 * @param userId the primary key of the user 082 * @param companyId the primary key of the company 083 * @param name the role's name 084 * @param titleMap the role's localized titles (optionally 085 * <code>null</code>) 086 * @param descriptionMap the role's localized descriptions (optionally 087 * <code>null</code>) 088 * @param type the role's type (optionally <code>0</code>) 089 * @return the role 090 * @throws PortalException if the class name or the role name were 091 * invalid, if the role is a duplicate, or if a user with the 092 * primary key could not be found 093 * @throws SystemException if a system exception occurred 094 * @deprecated {@link #addRole(long, String, long, String, Map, Map, int, 095 * String)} 096 */ 097 @Override 098 public Role addRole( 099 long userId, long companyId, String name, 100 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 101 int type) 102 throws PortalException, SystemException { 103 104 return addRole( 105 userId, null, 0, name, titleMap, descriptionMap, type, null); 106 } 107 108 /** 109 * Adds a role with additional parameters. The user is reindexed after role 110 * is added. 111 * 112 * @param userId the primary key of the user 113 * @param companyId the primary key of the company 114 * @param name the role's name 115 * @param titleMap the role's localized titles (optionally 116 * <code>null</code>) 117 * @param descriptionMap the role's localized descriptions (optionally 118 * <code>null</code>) 119 * @param type the role's type (optionally <code>0</code>) 120 * @param className the name of the class for which the role is created 121 * (optionally <code>null</code>) 122 * @param classPK the primary key of the class for which the role is 123 * created (optionally <code>0</code>) 124 * @return the role 125 * @throws PortalException if the class name or the role name were 126 * invalid, if the role is a duplicate, or if a user with the 127 * primary key could not be found 128 * @throws SystemException if a system exception occurred 129 * @deprecated {@link #addRole(long, String, long, String, Map, Map, int, 130 * String)} 131 */ 132 @Override 133 public Role addRole( 134 long userId, long companyId, String name, 135 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 136 int type, String className, long classPK) 137 throws PortalException, SystemException { 138 139 return addRole( 140 userId, className, classPK, name, titleMap, descriptionMap, type, 141 null); 142 } 143 144 /** 145 * Adds a role with additional parameters. The user is reindexed after role 146 * is added. 147 * 148 * @param userId the primary key of the user 149 * @param className the name of the class for which the role is created 150 * (optionally <code>null</code>) 151 * @param classPK the primary key of the class for which the role is 152 * created (optionally <code>0</code>) 153 * @param name the role's name 154 * @param titleMap the role's localized titles (optionally 155 * <code>null</code>) 156 * @param descriptionMap the role's localized descriptions (optionally 157 * <code>null</code>) 158 * @param type the role's type (optionally <code>0</code>) 159 * @param subType the role's subtype (optionally <code>null</code>) 160 * @return the role 161 * @throws PortalException if the class name or the role name were invalid, 162 * if the role is a duplicate, or if a user with the primary key 163 * could not be found 164 * @throws SystemException if a system exception occurred 165 */ 166 @Override 167 public Role addRole( 168 long userId, String className, long classPK, String name, 169 Map<Locale, String> titleMap, Map<Locale, String> descriptionMap, 170 int type, String subType) 171 throws PortalException, SystemException { 172 173 // Role 174 175 User user = userPersistence.findByPrimaryKey(userId); 176 className = GetterUtil.getString(className); 177 long classNameId = PortalUtil.getClassNameId(className); 178 179 long roleId = counterLocalService.increment(); 180 181 if ((classNameId <= 0) || className.equals(Role.class.getName())) { 182 classNameId = PortalUtil.getClassNameId(Role.class); 183 classPK = roleId; 184 } 185 186 validate(0, user.getCompanyId(), classNameId, name); 187 188 Role role = rolePersistence.create(roleId); 189 190 role.setCompanyId(user.getCompanyId()); 191 role.setClassNameId(classNameId); 192 role.setClassPK(classPK); 193 role.setName(name); 194 role.setTitleMap(titleMap); 195 role.setDescriptionMap(descriptionMap); 196 role.setType(type); 197 role.setSubtype(subType); 198 199 rolePersistence.update(role, false); 200 201 // Resources 202 203 if (!user.isDefaultUser()) { 204 resourceLocalService.addResources( 205 user.getCompanyId(), 0, userId, Role.class.getName(), 206 role.getRoleId(), false, false, false); 207 208 if (!ImportExportThreadLocal.isImportInProcess()) { 209 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer( 210 User.class); 211 212 indexer.reindex(userId); 213 } 214 } 215 216 return role; 217 } 218 219 /** 220 * Adds the roles to the user. The user is reindexed after the roles are 221 * added. 222 * 223 * @param userId the primary key of the user 224 * @param roleIds the primary keys of the roles 225 * @throws PortalException if a user with the primary key could not be found 226 * @throws SystemException if a system exception occurred 227 * @see com.liferay.portal.service.persistence.UserPersistence#addRoles( 228 * long, long[]) 229 */ 230 @Override 231 public void addUserRoles(long userId, long[] roleIds) 232 throws PortalException, SystemException { 233 234 userPersistence.addRoles(userId, roleIds); 235 236 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 237 238 indexer.reindex(userId); 239 240 PermissionCacheUtil.clearCache(); 241 } 242 243 /** 244 * Checks to ensure that the system roles map has appropriate default roles 245 * in each company. 246 * 247 * @throws PortalException if the current user did not have permission to 248 * set applicable permissions on a role 249 * @throws SystemException if a system exception occurred 250 */ 251 @Override 252 public void checkSystemRoles() throws PortalException, SystemException { 253 List<Company> companies = companyLocalService.getCompanies(); 254 255 String currentShardName = ShardUtil.getCurrentShardName(); 256 257 for (Company company : companies) { 258 String shardName = null; 259 260 try { 261 shardName = company.getShardName(); 262 } 263 catch (NoSuchShardException nsse) { 264 Shard shard = shardLocalService.addShard( 265 Company.class.getName(), company.getCompanyId(), 266 PropsValues.SHARD_DEFAULT_NAME); 267 268 shardName = shard.getName(); 269 } 270 271 if (!ShardUtil.isEnabled() || shardName.equals(currentShardName)) { 272 checkSystemRoles(company.getCompanyId()); 273 } 274 } 275 } 276 277 /** 278 * Checks to ensure that the system roles map has appropriate default roles 279 * in the company. 280 * 281 * @param companyId the primary key of the company 282 * @throws PortalException if the current user did not have permission to 283 * set applicable permissions on a role 284 * @throws SystemException if a system exception occurred 285 */ 286 @Override 287 @Transactional(propagation = Propagation.SUPPORTS, readOnly = true) 288 public void checkSystemRoles(long companyId) 289 throws PortalException, SystemException { 290 291 String companyIdHexString = StringUtil.toHexString(companyId); 292 293 for (Role role : roleFinder.findBySystem(companyId)) { 294 _systemRolesMap.put( 295 companyIdHexString.concat(role.getName()), role); 296 } 297 298 // Regular roles 299 300 String[] systemRoles = PortalUtil.getSystemRoles(); 301 302 for (String name : systemRoles) { 303 String key = 304 "system.role." + 305 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 306 ".description"; 307 308 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 309 310 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 311 312 int type = RoleConstants.TYPE_REGULAR; 313 314 checkSystemRole(companyId, name, descriptionMap, type); 315 } 316 317 // Organization roles 318 319 String[] systemOrganizationRoles = 320 PortalUtil.getSystemOrganizationRoles(); 321 322 for (String name : systemOrganizationRoles) { 323 String key = 324 "system.organization.role." + 325 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 326 ".description"; 327 328 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 329 330 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 331 332 int type = RoleConstants.TYPE_ORGANIZATION; 333 334 checkSystemRole(companyId, name, descriptionMap, type); 335 } 336 337 // Site roles 338 339 String[] systemSiteRoles = PortalUtil.getSystemSiteRoles(); 340 341 for (String name : systemSiteRoles) { 342 String key = 343 "system.site.role." + 344 StringUtil.replace(name, CharPool.SPACE, CharPool.PERIOD) + 345 ".description"; 346 347 Map<Locale, String> descriptionMap = new HashMap<Locale, String>(); 348 349 descriptionMap.put(LocaleUtil.getDefault(), PropsUtil.get(key)); 350 351 int type = RoleConstants.TYPE_SITE; 352 353 checkSystemRole(companyId, name, descriptionMap, type); 354 } 355 } 356 357 /** 358 * Deletes the role with the primary key and its associated permissions. 359 * 360 * @param roleId the primary key of the role 361 * @return the deleted role 362 * @throws PortalException if a role with the primary key could not be 363 * found, if the role is a default system role, or if the role's 364 * resource could not be found 365 * @throws SystemException if a system exception occurred 366 */ 367 @Override 368 public Role deleteRole(long roleId) 369 throws PortalException, SystemException { 370 371 Role role = rolePersistence.findByPrimaryKey(roleId); 372 373 return deleteRole(role); 374 } 375 376 /** 377 * Deletes the role and its associated permissions. 378 * 379 * @param role the role 380 * @return the deleted role 381 * @throws PortalException if the role is a default system role or if the 382 * role's resource could not be found 383 * @throws SystemException if a system exception occurred 384 */ 385 @Override 386 public Role deleteRole(Role role) throws PortalException, SystemException { 387 if (PortalUtil.isSystemRole(role.getName())) { 388 throw new RequiredRoleException(); 389 } 390 391 // Resources 392 393 List<ResourcePermission> resourcePermissions = 394 resourcePermissionPersistence.findByRoleId(role.getRoleId()); 395 396 for (ResourcePermission resourcePermission : resourcePermissions) { 397 resourcePermissionLocalService.deleteResourcePermission( 398 resourcePermission); 399 } 400 401 String className = role.getClassName(); 402 long classNameId = role.getClassNameId(); 403 404 if ((classNameId <= 0) || className.equals(Role.class.getName())) { 405 resourceLocalService.deleteResource( 406 role.getCompanyId(), Role.class.getName(), 407 ResourceConstants.SCOPE_INDIVIDUAL, role.getRoleId()); 408 } 409 410 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) || 411 (role.getType() == RoleConstants.TYPE_SITE)) { 412 413 userGroupRoleLocalService.deleteUserGroupRolesByRoleId( 414 role.getRoleId()); 415 416 userGroupGroupRoleLocalService.deleteUserGroupGroupRolesByRoleId( 417 role.getRoleId()); 418 } 419 420 // Role 421 422 rolePersistence.remove(role); 423 424 // Permission cache 425 426 PermissionCacheUtil.clearCache(); 427 428 return role; 429 } 430 431 /** 432 * Returns the role with the name in the company. 433 * 434 * <p> 435 * The method searches the system roles map first for default roles. If a 436 * role with the name is not found, then the method will query the database. 437 * </p> 438 * 439 * @param companyId the primary key of the company 440 * @param name the role's name 441 * @return Returns the role with the name or <code>null</code> if a role 442 * with the name could not be found in the company 443 * @throws SystemException if a system exception occurred 444 */ 445 @Override 446 @Skip 447 public Role fetchRole(long companyId, String name) throws SystemException { 448 String companyIdHexString = StringUtil.toHexString(companyId); 449 450 Role role = _systemRolesMap.get(companyIdHexString.concat(name)); 451 452 if (role != null) { 453 return role; 454 } 455 456 return roleLocalService.loadFetchRole(companyId, name); 457 } 458 459 /** 460 * Returns the default role for the group with the primary key. 461 * 462 * <p> 463 * If the group is a site, then the default role is {@link 464 * com.liferay.portal.model.RoleConstants#SITE_MEMBER}. If the group is an 465 * organization, then the default role is {@link 466 * com.liferay.portal.model.RoleConstants#ORGANIZATION_USER}. If the group 467 * is a user or user group, then the default role is {@link 468 * com.liferay.portal.model.RoleConstants#POWER_USER}. For all other group 469 * types, the default role is {@link 470 * com.liferay.portal.model.RoleConstants#USER}. 471 * </p> 472 * 473 * @param groupId the primary key of the group 474 * @return the default role for the group with the primary key 475 * @throws PortalException if a group with the primary key could not be 476 * found, or if a default role could not be found for the group 477 * @throws SystemException if a system exception occurred 478 */ 479 @Override 480 public Role getDefaultGroupRole(long groupId) 481 throws PortalException, SystemException { 482 483 Group group = groupPersistence.findByPrimaryKey(groupId); 484 485 if (group.isLayout()) { 486 Layout layout = layoutLocalService.getLayout(group.getClassPK()); 487 488 group = layout.getGroup(); 489 } 490 491 if (group.isStagingGroup()) { 492 group = group.getLiveGroup(); 493 } 494 495 Role role = null; 496 497 if (group.isCompany()) { 498 role = getRole(group.getCompanyId(), RoleConstants.USER); 499 } 500 else if (group.isLayoutPrototype() || group.isLayoutSetPrototype() || 501 group.isRegularSite() || group.isSite()) { 502 503 role = getRole(group.getCompanyId(), RoleConstants.SITE_MEMBER); 504 } 505 else if (group.isOrganization()) { 506 role = getRole( 507 group.getCompanyId(), RoleConstants.ORGANIZATION_USER); 508 } 509 else if (group.isUser() || group.isUserGroup()) { 510 role = getRole(group.getCompanyId(), RoleConstants.POWER_USER); 511 } 512 else { 513 role = getRole(group.getCompanyId(), RoleConstants.USER); 514 } 515 516 return role; 517 } 518 519 /** 520 * Returns all the roles associated with the group. 521 * 522 * @param groupId the primary key of the group 523 * @return the roles associated with the group 524 * @throws SystemException if a system exception occurred 525 */ 526 @Override 527 public List<Role> getGroupRoles(long groupId) throws SystemException { 528 return groupPersistence.getRoles(groupId); 529 } 530 531 @Override 532 public List<Role> getResourceBlockRoles( 533 long resourceBlockId, String className, String actionId) 534 throws SystemException { 535 536 return roleFinder.findByR_N_A(resourceBlockId, className, actionId); 537 } 538 539 /** 540 * Returns a map of role names to associated action IDs for the named 541 * resource in the company within the permission scope. 542 * 543 * @param companyId the primary key of the company 544 * @param name the resource name 545 * @param scope the permission scope 546 * @param primKey the primary key of the resource's class 547 * @return the role names and action IDs 548 * @throws SystemException if a system exception occurred 549 * @see com.liferay.portal.service.persistence.RoleFinder#findByC_N_S_P( 550 * long, String, int, String) 551 */ 552 @Override 553 public Map<String, List<String>> getResourceRoles( 554 long companyId, String name, int scope, String primKey) 555 throws SystemException { 556 557 return roleFinder.findByC_N_S_P(companyId, name, scope, primKey); 558 } 559 560 /** 561 * Returns all the roles associated with the action ID in the company within 562 * the permission scope. 563 * 564 * @param companyId the primary key of the company 565 * @param name the resource name 566 * @param scope the permission scope 567 * @param primKey the primary key of the resource's class 568 * @param actionId the name of the resource action 569 * @return the roles 570 * @throws SystemException if a system exception occurred 571 * @see com.liferay.portal.service.persistence.RoleFinder#findByC_N_S_P_A( 572 * long, String, int, String, String) 573 */ 574 @Override 575 public List<Role> getResourceRoles( 576 long companyId, String name, int scope, String primKey, 577 String actionId) 578 throws SystemException { 579 580 return roleFinder.findByC_N_S_P_A( 581 companyId, name, scope, primKey, actionId); 582 } 583 584 /** 585 * Returns the role with the name in the company. 586 * 587 * <p> 588 * The method searches the system roles map first for default roles. If a 589 * role with the name is not found, then the method will query the database. 590 * </p> 591 * 592 * @param companyId the primary key of the company 593 * @param name the role's name 594 * @return the role with the name 595 * @throws PortalException if a role with the name could not be found in the 596 * company 597 * @throws SystemException if a system exception occurred 598 */ 599 @Override 600 @Skip 601 public Role getRole(long companyId, String name) 602 throws PortalException, SystemException { 603 604 String companyIdHexString = StringUtil.toHexString(companyId); 605 606 Role role = _systemRolesMap.get(companyIdHexString.concat(name)); 607 608 if (role != null) { 609 return role; 610 } 611 612 return roleLocalService.loadGetRole(companyId, name); 613 } 614 615 /** 616 * Returns all the roles of the type and subtype. 617 * 618 * @param type the role's type (optionally <code>0</code>) 619 * @param subtype the role's subtype (optionally <code>null</code>) 620 * @return the roles of the type and subtype 621 * @throws SystemException if a system exception occurred 622 */ 623 @Override 624 public List<Role> getRoles(int type, String subtype) 625 throws SystemException { 626 627 return rolePersistence.findByT_S(type, subtype); 628 } 629 630 /** 631 * Returns all the roles in the company. 632 * 633 * @param companyId the primary key of the company 634 * @return the roles in the company 635 * @throws SystemException if a system exception occurred 636 */ 637 @Override 638 public List<Role> getRoles(long companyId) throws SystemException { 639 return rolePersistence.findByCompanyId(companyId); 640 } 641 642 /** 643 * Returns all the roles with the primary keys. 644 * 645 * @param roleIds the primary keys of the roles 646 * @return the roles with the primary keys 647 * @throws PortalException if any one of the roles with the primary keys 648 * could not be found 649 * @throws SystemException if a system exception occurred 650 */ 651 @Override 652 public List<Role> getRoles(long[] roleIds) 653 throws PortalException, SystemException { 654 655 List<Role> roles = new ArrayList<Role>(roleIds.length); 656 657 for (long roleId : roleIds) { 658 Role role = getRole(roleId); 659 660 roles.add(role); 661 } 662 663 return roles; 664 } 665 666 /** 667 * Returns all the roles of the subtype. 668 * 669 * @param subtype the role's subtype (optionally <code>null</code>) 670 * @return the roles of the subtype 671 * @throws SystemException if a system exception occurred 672 */ 673 @Override 674 public List<Role> getSubtypeRoles(String subtype) throws SystemException { 675 return rolePersistence.findBySubtype(subtype); 676 } 677 678 /** 679 * Returns the number of roles of the subtype. 680 * 681 * @param subtype the role's subtype (optionally <code>null</code>) 682 * @return the number of roles of the subtype 683 * @throws SystemException if a system exception occurred 684 */ 685 @Override 686 public int getSubtypeRolesCount(String subtype) throws SystemException { 687 return rolePersistence.countBySubtype(subtype); 688 } 689 690 /** 691 * Returns the team role in the company. 692 * 693 * @param companyId the primary key of the company 694 * @param teamId the primary key of the team 695 * @return the team role in the company 696 * @throws PortalException if a role could not be found in the team and 697 * company 698 * @throws SystemException if a system exception occurred 699 */ 700 @Override 701 public Role getTeamRole(long companyId, long teamId) 702 throws PortalException, SystemException { 703 704 long classNameId = PortalUtil.getClassNameId(Team.class); 705 706 return rolePersistence.findByC_C_C(companyId, classNameId, teamId); 707 } 708 709 /** 710 * Returns all the user's roles within the user group. 711 * 712 * @param userId the primary key of the user 713 * @param groupId the primary key of the group 714 * @return the user's roles within the user group 715 * @throws SystemException if a system exception occurred 716 * @see com.liferay.portal.service.persistence.RoleFinder#findByUserGroupGroupRole( 717 * long, long) 718 */ 719 @Override 720 public List<Role> getUserGroupGroupRoles(long userId, long groupId) 721 throws SystemException { 722 723 return roleFinder.findByUserGroupGroupRole(userId, groupId); 724 } 725 726 /** 727 * Returns all the user's roles within the user group. 728 * 729 * @param userId the primary key of the user 730 * @param groupId the primary key of the group 731 * @return the user's roles within the user group 732 * @throws SystemException if a system exception occurred 733 * @see com.liferay.portal.service.persistence.RoleFinder#findByUserGroupRole( 734 * long, long) 735 */ 736 @Override 737 public List<Role> getUserGroupRoles(long userId, long groupId) 738 throws SystemException { 739 740 return roleFinder.findByUserGroupRole(userId, groupId); 741 } 742 743 /** 744 * Returns the union of all the user's roles within the groups. 745 * 746 * @param userId the primary key of the user 747 * @param groups the groups (optionally <code>null</code>) 748 * @return the union of all the user's roles within the groups 749 * @throws SystemException if a system exception occurred 750 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 751 * long, List) 752 */ 753 @Override 754 public List<Role> getUserRelatedRoles(long userId, List<Group> groups) 755 throws SystemException { 756 757 if ((groups == null) || groups.isEmpty()) { 758 return Collections.emptyList(); 759 } 760 761 return roleFinder.findByU_G(userId, groups); 762 } 763 764 /** 765 * Returns all the user's roles within the group. 766 * 767 * @param userId the primary key of the user 768 * @param groupId the primary key of the group 769 * @return the user's roles within the group 770 * @throws SystemException if a system exception occurred 771 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 772 * long, long) 773 */ 774 @Override 775 public List<Role> getUserRelatedRoles(long userId, long groupId) 776 throws SystemException { 777 778 return roleFinder.findByU_G(userId, groupId); 779 } 780 781 /** 782 * Returns the union of all the user's roles within the groups. 783 * 784 * @param userId the primary key of the user 785 * @param groupIds the primary keys of the groups 786 * @return the union of all the user's roles within the groups 787 * @throws SystemException if a system exception occurred 788 * @see com.liferay.portal.service.persistence.RoleFinder#findByU_G( 789 * long, long[]) 790 */ 791 @Override 792 public List<Role> getUserRelatedRoles(long userId, long[] groupIds) 793 throws SystemException { 794 795 return roleFinder.findByU_G(userId, groupIds); 796 } 797 798 /** 799 * Returns all the roles associated with the user. 800 * 801 * @param userId the primary key of the user 802 * @return the roles associated with the user 803 * @throws SystemException if a system exception occurred 804 */ 805 @Override 806 public List<Role> getUserRoles(long userId) throws SystemException { 807 return userPersistence.getRoles(userId); 808 } 809 810 /** 811 * Returns <code>true</code> if the user is associated with the role. 812 * 813 * @param userId the primary key of the user 814 * @param roleId the primary key of the role 815 * @return <code>true</code> if the user is associated with the role; 816 * <code>false</code> otherwise 817 * @throws SystemException if a system exception occurred 818 */ 819 @Override 820 public boolean hasUserRole(long userId, long roleId) 821 throws SystemException { 822 823 return userPersistence.containsRole(userId, roleId); 824 } 825 826 /** 827 * Returns <code>true</code> if the user is associated with the named 828 * regular role. 829 * 830 * @param userId the primary key of the user 831 * @param companyId the primary key of the company 832 * @param name the name of the role 833 * @param inherited whether to include the user's inherited roles in the 834 * search 835 * @return <code>true</code> if the user is associated with the regular 836 * role; <code>false</code> otherwise 837 * @throws PortalException if a role with the name could not be found in the 838 * company or if a default user for the company could not be found 839 * @throws SystemException if a system exception occurred 840 */ 841 @Override 842 @ThreadLocalCachable 843 public boolean hasUserRole( 844 long userId, long companyId, String name, boolean inherited) 845 throws PortalException, SystemException { 846 847 Role role = rolePersistence.findByC_N(companyId, name); 848 849 if (role.getType() != RoleConstants.TYPE_REGULAR) { 850 throw new IllegalArgumentException(name + " is not a regular role"); 851 } 852 853 long defaultUserId = userLocalService.getDefaultUserId(companyId); 854 855 if (userId == defaultUserId) { 856 if (name.equals(RoleConstants.GUEST)) { 857 return true; 858 } 859 else { 860 return false; 861 } 862 } 863 864 if (inherited) { 865 if (userPersistence.containsRole(userId, role.getRoleId())) { 866 return true; 867 } 868 869 ThreadLocalCache<Integer> threadLocalCache = 870 ThreadLocalCacheManager.getThreadLocalCache( 871 Lifecycle.REQUEST, RoleLocalServiceImpl.class.getName()); 872 873 String key = String.valueOf(role.getRoleId()).concat( 874 String.valueOf(userId)); 875 876 Integer value = threadLocalCache.get(key); 877 878 if (value == null) { 879 value = roleFinder.countByR_U(role.getRoleId(), userId); 880 881 threadLocalCache.put(key, value); 882 } 883 884 if (value > 0) { 885 return true; 886 } 887 else { 888 return false; 889 } 890 } 891 else { 892 return userPersistence.containsRole(userId, role.getRoleId()); 893 } 894 } 895 896 /** 897 * Returns <code>true</code> if the user has any one of the named regular 898 * roles. 899 * 900 * @param userId the primary key of the user 901 * @param companyId the primary key of the company 902 * @param names the names of the roles 903 * @param inherited whether to include the user's inherited roles in the 904 * search 905 * @return <code>true</code> if the user has any one of the regular roles; 906 * <code>false</code> otherwise 907 * @throws PortalException if any one of the roles with the names could not 908 * be found in the company or if the default user for the company 909 * could not be found 910 * @throws SystemException if a system exception occurred 911 */ 912 @Override 913 public boolean hasUserRoles( 914 long userId, long companyId, String[] names, boolean inherited) 915 throws PortalException, SystemException { 916 917 for (String name : names) { 918 if (hasUserRole(userId, companyId, name, inherited)) { 919 return true; 920 } 921 } 922 923 return false; 924 } 925 926 /** 927 * Returns a role with the name in the company. 928 * 929 * @param companyId the primary key of the company 930 * @param name the role's name (optionally <code>null</code>) 931 * @return the role with the name, or <code>null</code> if a role with the 932 * name could not be found in the company 933 * @throws SystemException if a system exception occurred 934 */ 935 @Override 936 public Role loadFetchRole(long companyId, String name) 937 throws SystemException { 938 939 return rolePersistence.fetchByC_N(companyId, name); 940 } 941 942 /** 943 * Returns a role with the name in the company. 944 * 945 * @param companyId the primary key of the company 946 * @param name the role's name 947 * @return the role with the name in the company 948 * @throws PortalException if a role with the name could not be found in the 949 * company 950 * @throws SystemException if a system exception occurred 951 */ 952 @Override 953 public Role loadGetRole(long companyId, String name) 954 throws PortalException, SystemException { 955 956 return rolePersistence.findByC_N(companyId, name); 957 } 958 959 /** 960 * Returns an ordered range of all the roles that match the keywords and 961 * types. 962 * 963 * <p> 964 * Useful when paginating results. Returns a maximum of <code>end - 965 * start</code> instances. <code>start</code> and <code>end</code> are not 966 * primary keys, they are indexes in the result set. Thus, <code>0</code> 967 * refers to the first result in the set. Setting both <code>start</code> 968 * and <code>end</code> to {@link 969 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 970 * result set. 971 * </p> 972 * 973 * @param companyId the primary key of the company 974 * @param keywords the keywords (space separated), which may occur in the 975 * role's name or description (optionally <code>null</code>) 976 * @param types the role types (optionally <code>null</code>) 977 * @param start the lower bound of the range of roles to return 978 * @param end the upper bound of the range of roles to return (not 979 * inclusive) 980 * @param obc the comparator to order the roles (optionally 981 * <code>null</code>) 982 * @return the ordered range of the matching roles, ordered by 983 * <code>obc</code> 984 * @throws SystemException if a system exception occurred 985 * @see com.liferay.portal.service.persistence.RoleFinder 986 */ 987 @Override 988 public List<Role> search( 989 long companyId, String keywords, Integer[] types, int start, 990 int end, OrderByComparator obc) 991 throws SystemException { 992 993 return search( 994 companyId, keywords, types, new LinkedHashMap<String, Object>(), 995 start, end, obc); 996 } 997 998 /** 999 * Returns an ordered range of all the roles that match the keywords, types, 1000 * and params. 1001 * 1002 * <p> 1003 * Useful when paginating results. Returns a maximum of <code>end - 1004 * start</code> instances. <code>start</code> and <code>end</code> are not 1005 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1006 * refers to the first result in the set. Setting both <code>start</code> 1007 * and <code>end</code> to {@link 1008 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1009 * result set. 1010 * </p> 1011 * 1012 * @param companyId the primary key of the company 1013 * @param keywords the keywords (space separated), which may occur in the 1014 * role's name or description (optionally <code>null</code>) 1015 * @param types the role types (optionally <code>null</code>) 1016 * @param params the finder parameters. Can specify values for 1017 * "permissionsResourceId" and "usersRoles" keys. For more 1018 * information, see {@link 1019 * com.liferay.portal.service.persistence.RoleFinder} 1020 * @param start the lower bound of the range of roles to return 1021 * @param end the upper bound of the range of roles to return (not 1022 * inclusive) 1023 * @param obc the comparator to order the roles (optionally 1024 * <code>null</code>) 1025 * @return the ordered range of the matching roles, ordered by 1026 * <code>obc</code> 1027 * @throws SystemException if a system exception occurred 1028 * @see com.liferay.portal.service.persistence.RoleFinder 1029 */ 1030 @Override 1031 public List<Role> search( 1032 long companyId, String keywords, Integer[] types, 1033 LinkedHashMap<String, Object> params, int start, int end, 1034 OrderByComparator obc) 1035 throws SystemException { 1036 1037 return roleFinder.findByKeywords( 1038 companyId, keywords, types, params, start, end, obc); 1039 } 1040 1041 /** 1042 * Returns an ordered range of all the roles that match the name, 1043 * description, and types. 1044 * 1045 * <p> 1046 * Useful when paginating results. Returns a maximum of <code>end - 1047 * start</code> instances. <code>start</code> and <code>end</code> are not 1048 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1049 * refers to the first result in the set. Setting both <code>start</code> 1050 * and <code>end</code> to {@link 1051 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1052 * result set. 1053 * </p> 1054 * 1055 * @param companyId the primary key of the company 1056 * @param name the role's name (optionally <code>null</code>) 1057 * @param description the role's description (optionally <code>null</code>) 1058 * @param types the role types (optionally <code>null</code>) 1059 * @param start the lower bound of the range of the roles to return 1060 * @param end the upper bound of the range of the roles to return (not 1061 * inclusive) 1062 * @param obc the comparator to order the roles (optionally 1063 * <code>null</code>) 1064 * @return the ordered range of the matching roles, ordered by 1065 * <code>obc</code> 1066 * @throws SystemException if a system exception occurred 1067 * @see com.liferay.portal.service.persistence.RoleFinder 1068 */ 1069 @Override 1070 public List<Role> search( 1071 long companyId, String name, String description, Integer[] types, 1072 int start, int end, OrderByComparator obc) 1073 throws SystemException { 1074 1075 return search( 1076 companyId, name, description, types, 1077 new LinkedHashMap<String, Object>(), start, end, obc); 1078 } 1079 1080 /** 1081 * Returns an ordered range of all the roles that match the name, 1082 * description, types, and params. 1083 * 1084 * <p> 1085 * Useful when paginating results. Returns a maximum of <code>end - 1086 * start</code> instances. <code>start</code> and <code>end</code> are not 1087 * primary keys, they are indexes in the result set. Thus, <code>0</code> 1088 * refers to the first result in the set. Setting both <code>start</code> 1089 * and <code>end</code> to {@link 1090 * com.liferay.portal.kernel.dao.orm.QueryUtil#ALL_POS} will return the full 1091 * result set. 1092 * </p> 1093 * 1094 * @param companyId the primary key of the company 1095 * @param name the role's name (optionally <code>null</code>) 1096 * @param description the role's description (optionally <code>null</code>) 1097 * @param types the role types (optionally <code>null</code>) 1098 * @param params the finder's parameters. Can specify values for 1099 * "permissionsResourceId" and "usersRoles" keys. For more 1100 * information, see {@link 1101 * com.liferay.portal.service.persistence.RoleFinder} 1102 * @param start the lower bound of the range of the roles to return 1103 * @param end the upper bound of the range of the roles to return (not 1104 * inclusive) 1105 * @param obc the comparator to order the roles (optionally 1106 * <code>null</code>) 1107 * @return the ordered range of the matching roles, ordered by 1108 * <code>obc</code> 1109 * @throws SystemException if a system exception occurred 1110 * @see com.liferay.portal.service.persistence.RoleFinder 1111 */ 1112 @Override 1113 public List<Role> search( 1114 long companyId, String name, String description, Integer[] types, 1115 LinkedHashMap<String, Object> params, int start, int end, 1116 OrderByComparator obc) 1117 throws SystemException { 1118 1119 return roleFinder.findByC_N_D_T( 1120 companyId, name, description, types, params, true, start, end, obc); 1121 } 1122 1123 /** 1124 * Returns the number of roles that match the keywords and types. 1125 * 1126 * @param companyId the primary key of the company 1127 * @param keywords the keywords (space separated), which may occur in the 1128 * role's name or description (optionally <code>null</code>) 1129 * @param types the role types (optionally <code>null</code>) 1130 * @return the number of matching roles 1131 * @throws SystemException if a system exception occurred 1132 */ 1133 @Override 1134 public int searchCount(long companyId, String keywords, Integer[] types) 1135 throws SystemException { 1136 1137 return searchCount( 1138 companyId, keywords, types, new LinkedHashMap<String, Object>()); 1139 } 1140 1141 /** 1142 * Returns the number of roles that match the keywords, types and params. 1143 * 1144 * @param companyId the primary key of the company 1145 * @param keywords the keywords (space separated), which may occur in the 1146 * role's name or description (optionally <code>null</code>) 1147 * @param types the role types (optionally <code>null</code>) 1148 * @param params the finder parameters. For more information, see {@link 1149 * com.liferay.portal.service.persistence.RoleFinder} 1150 * @return the number of matching roles 1151 * @throws SystemException if a system exception occurred 1152 */ 1153 @Override 1154 public int searchCount( 1155 long companyId, String keywords, Integer[] types, 1156 LinkedHashMap<String, Object> params) 1157 throws SystemException { 1158 1159 return roleFinder.countByKeywords(companyId, keywords, types, params); 1160 } 1161 1162 /** 1163 * Returns the number of roles that match the name, description, and types. 1164 * 1165 * @param companyId the primary key of the company 1166 * @param name the role's name (optionally <code>null</code>) 1167 * @param description the role's description (optionally <code>null</code>) 1168 * @param types the role types (optionally <code>null</code>) 1169 * @return the number of matching roles 1170 * @throws SystemException if a system exception occurred 1171 */ 1172 @Override 1173 public int searchCount( 1174 long companyId, String name, String description, Integer[] types) 1175 throws SystemException { 1176 1177 return searchCount( 1178 companyId, name, description, types, 1179 new LinkedHashMap<String, Object>()); 1180 } 1181 1182 /** 1183 * Returns the number of roles that match the name, description, types, and 1184 * params. 1185 * 1186 * @param companyId the primary key of the company 1187 * @param name the role's name (optionally <code>null</code>) 1188 * @param description the role's description (optionally <code>null</code>) 1189 * @param types the role types (optionally <code>null</code>) 1190 * @param params the finder parameters. Can specify values for 1191 * "permissionsResourceId" and "usersRoles" keys. For more 1192 * information, see {@link 1193 * com.liferay.portal.service.persistence.RoleFinder} 1194 * @return the number of matching roles 1195 * @throws SystemException if a system exception occurred 1196 */ 1197 @Override 1198 public int searchCount( 1199 long companyId, String name, String description, Integer[] types, 1200 LinkedHashMap<String, Object> params) 1201 throws SystemException { 1202 1203 return roleFinder.countByC_N_D_T( 1204 companyId, name, description, types, params, true); 1205 } 1206 1207 /** 1208 * Sets the roles associated with the user, replacing the user's existing 1209 * roles. The user is reindexed after the roles are set. 1210 * 1211 * @param userId the primary key of the user 1212 * @param roleIds the primary keys of the roles 1213 * @throws PortalException if a user with the primary could not be found or 1214 * if any one of the roles with the primary keys could not be found 1215 * @throws SystemException if a system exception occurred 1216 */ 1217 @Override 1218 public void setUserRoles(long userId, long[] roleIds) 1219 throws PortalException, SystemException { 1220 1221 roleIds = UsersAdminUtil.addRequiredRoles(userId, roleIds); 1222 1223 userPersistence.setRoles(userId, roleIds); 1224 1225 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 1226 1227 indexer.reindex(userId); 1228 1229 PermissionCacheUtil.clearCache(); 1230 } 1231 1232 /** 1233 * Removes the matching roles associated with the user. The user is 1234 * reindexed after the roles are removed. 1235 * 1236 * @param userId the primary key of the user 1237 * @param roleIds the primary keys of the roles 1238 * @throws PortalException if a user with the primary key could not be found 1239 * or if a role with any one of the primary keys could not be found 1240 * @throws SystemException if a system exception occurred 1241 */ 1242 @Override 1243 public void unsetUserRoles(long userId, long[] roleIds) 1244 throws PortalException, SystemException { 1245 1246 roleIds = UsersAdminUtil.removeRequiredRoles(userId, roleIds); 1247 1248 userPersistence.removeRoles(userId, roleIds); 1249 1250 Indexer indexer = IndexerRegistryUtil.nullSafeGetIndexer(User.class); 1251 1252 indexer.reindex(userId); 1253 1254 PermissionCacheUtil.clearCache(); 1255 } 1256 1257 /** 1258 * Updates the role with the primary key. 1259 * 1260 * @param roleId the primary key of the role 1261 * @param name the role's new name 1262 * @param titleMap the new localized titles (optionally <code>null</code>) 1263 * to replace those existing for the role 1264 * @param descriptionMap the new localized descriptions (optionally 1265 * <code>null</code>) to replace those existing for the role 1266 * @param subtype the role's new subtype (optionally <code>null</code>) 1267 * @return the role with the primary key 1268 * @throws PortalException if a role with the primary could not be found or 1269 * if the role's name was invalid 1270 * @throws SystemException if a system exception occurred 1271 */ 1272 @Override 1273 public Role updateRole( 1274 long roleId, String name, Map<Locale, String> titleMap, 1275 Map<Locale, String> descriptionMap, String subtype) 1276 throws PortalException, SystemException { 1277 1278 Role role = rolePersistence.findByPrimaryKey(roleId); 1279 1280 validate(roleId, role.getCompanyId(), role.getClassNameId(), name); 1281 1282 if (PortalUtil.isSystemRole(role.getName())) { 1283 name = role.getName(); 1284 subtype = null; 1285 } 1286 1287 role.setName(name); 1288 role.setTitleMap(titleMap); 1289 role.setDescriptionMap(descriptionMap); 1290 role.setSubtype(subtype); 1291 1292 rolePersistence.update(role, false); 1293 1294 return role; 1295 } 1296 1297 protected void checkSystemRole( 1298 long companyId, String name, Map<Locale, String> descriptionMap, 1299 int type) 1300 throws PortalException, SystemException { 1301 1302 String companyIdHexString = StringUtil.toHexString(companyId); 1303 1304 String key = companyIdHexString.concat(name); 1305 1306 Role role = _systemRolesMap.get(key); 1307 1308 try { 1309 if (role == null) { 1310 role = rolePersistence.findByC_N(companyId, name); 1311 } 1312 1313 if (!descriptionMap.equals(role.getDescriptionMap())) { 1314 role.setDescriptionMap(descriptionMap); 1315 1316 roleLocalService.updateRole(role, false); 1317 } 1318 } 1319 catch (NoSuchRoleException nsre) { 1320 User user = userLocalService.getDefaultUser(companyId); 1321 1322 role = roleLocalService.addRole( 1323 user.getUserId(), null, 0, name, null, descriptionMap, type, 1324 null); 1325 1326 if (name.equals(RoleConstants.USER)) { 1327 initPersonalControlPanelPortletsPermissions(role); 1328 } 1329 } 1330 1331 _systemRolesMap.put(key, role); 1332 } 1333 1334 protected String[] getDefaultControlPanelPortlets() { 1335 return new String[] { 1336 PortletKeys.MY_ACCOUNT, PortletKeys.MY_PAGES, 1337 PortletKeys.MY_WORKFLOW_INSTANCES, PortletKeys.MY_WORKFLOW_TASKS 1338 }; 1339 } 1340 1341 protected void initPersonalControlPanelPortletsPermissions(Role role) 1342 throws PortalException, SystemException { 1343 1344 for (String portletId : getDefaultControlPanelPortlets()) { 1345 int count = resourcePermissionPersistence.countByC_N_S_P_R( 1346 role.getCompanyId(), portletId, ResourceConstants.SCOPE_COMPANY, 1347 String.valueOf(role.getCompanyId()), role.getRoleId()); 1348 1349 if (count > 0) { 1350 continue; 1351 } 1352 1353 ResourceAction resourceAction = 1354 resourceActionLocalService.fetchResourceAction( 1355 portletId, ActionKeys.ACCESS_IN_CONTROL_PANEL); 1356 1357 if (resourceAction == null) { 1358 continue; 1359 } 1360 1361 setRolePermissions( 1362 role, portletId, 1363 new String[] { 1364 ActionKeys.ACCESS_IN_CONTROL_PANEL 1365 }); 1366 } 1367 } 1368 1369 protected void setRolePermissions( 1370 Role role, String name, String[] actionIds) 1371 throws PortalException, SystemException { 1372 1373 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) { 1374 if (resourceBlockLocalService.isSupported(name)) { 1375 resourceBlockLocalService.setCompanyScopePermissions( 1376 role.getCompanyId(), name, role.getRoleId(), 1377 Arrays.asList(actionIds)); 1378 } 1379 else { 1380 resourcePermissionLocalService.setResourcePermissions( 1381 role.getCompanyId(), name, ResourceConstants.SCOPE_COMPANY, 1382 String.valueOf(role.getCompanyId()), role.getRoleId(), 1383 actionIds); 1384 } 1385 } 1386 else { 1387 permissionLocalService.setRolePermissions( 1388 role.getRoleId(), role.getCompanyId(), name, 1389 ResourceConstants.SCOPE_COMPANY, 1390 String.valueOf(role.getCompanyId()), actionIds); 1391 } 1392 } 1393 1394 protected void validate( 1395 long roleId, long companyId, long classNameId, String name) 1396 throws PortalException, SystemException { 1397 1398 if (classNameId == PortalUtil.getClassNameId(Role.class)) { 1399 if (Validator.isNull(name) || 1400 (name.indexOf(CharPool.COMMA) != -1) || 1401 (name.indexOf(CharPool.STAR) != -1)) { 1402 1403 throw new RoleNameException(); 1404 } 1405 1406 if (Validator.isNumber(name) && 1407 !PropsValues.ROLES_NAME_ALLOW_NUMERIC) { 1408 1409 throw new RoleNameException(); 1410 } 1411 } 1412 1413 try { 1414 Role role = roleFinder.findByC_N(companyId, name); 1415 1416 if (role.getRoleId() != roleId) { 1417 throw new DuplicateRoleException(); 1418 } 1419 } 1420 catch (NoSuchRoleException nsre) { 1421 } 1422 } 1423 1424 private Map<String, Role> _systemRolesMap = new HashMap<String, Role>(); 1425 1426 }