001 /** 002 * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.model.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.model.ResourceAction; 019 import com.liferay.portal.service.ResourceActionLocalServiceUtil; 020 021 /** 022 * Stores the permissions assigned to roles under permissions version 6. A 023 * resource permission gives a role the ability to perform a set of actions on 024 * certain resources. 025 * 026 * <p> 027 * The type of resource a permission applies to is specified by the 028 * <code>name</code> attribute. It will either be the numeric ID of a portlet, 029 * or the fully qualified class name of a model (such as a layout or document 030 * library folder). 031 * </p> 032 * 033 * <p> 034 * These permissions can apply in one of four scopes: company, group, 035 * group-template, or individual. The scope of a permission determines how 036 * broadly it applies to resources in the portal. Company scope is the broadest, 037 * and grants a user with the role permissions for every resource of the type 038 * within the company. Likewise, group scope gives users with the role 039 * permissions for every resource within the specified group, and individual 040 * scope only applies to a single resource of the type. Group-template scope is 041 * similar to group scope, except that it does not automatically apply to a 042 * specific group. A user must be a member of a group (generally either a site 043 * or an organization), and they must have been given the role within that group 044 * before they are granted its permissions. 045 * </p> 046 * 047 * <p> 048 * Note: Lacking permission to perform an action on a resource at one scope does 049 * not necessarily mean that a role does not have permission to perform that 050 * action. For instance, a message boards moderator role will not have 051 * individual scope permissions to edit every post, but it will have edit 052 * permissions at the group or company level, which is sufficient. Every scope 053 * must be checked. 054 * </p> 055 * 056 * <p> 057 * The scope of the resource permission also determines the meaning of the 058 * <code>primKey</code> attribute. Its different uses are listed below: 059 * </p> 060 * 061 * <ul> 062 * <li> 063 * Company scope - <code>primKey</code> is the primary key of the company 064 * </li> 065 * <li> 066 * Group scope - <code>primKey</code> is the primary key of the group the 067 * permission applies within 068 * </li> 069 * <li> 070 * Group-template scope - <code>primKey</code> is always <code>0</code> 071 * </li> 072 * <li> 073 * Individual scope - If the permission applies to a model instance, 074 * <code>primkey</code> will be the primary key of the instance. If the 075 * permission is for a portlet, <code>primKey</code> will contain the primary 076 * key of the layout containing the portlet, followed by "_LAYOUT_" 077 * and the portlet ID. The instance ID will also be present for instanceable 078 * portlets, preceded by "_INSTANCE_". 079 * </li> 080 * </ul> 081 * 082 * <p> 083 * The <code>actionIds</code> attribute stores the bitwise IDs of all the 084 * actions allowed by this permission. 085 * </p> 086 * 087 * @author Brian Wing Shun Chan 088 * @see ResourceActionImpl 089 */ 090 public class ResourcePermissionImpl extends ResourcePermissionBaseImpl { 091 092 public ResourcePermissionImpl() { 093 } 094 095 @Override 096 public void addResourceAction(String actionId) throws PortalException { 097 ResourceAction resourceAction = 098 ResourceActionLocalServiceUtil.getResourceAction( 099 getName(), actionId); 100 101 setActionIds(getActionIds() | resourceAction.getBitwiseValue()); 102 } 103 104 @Override 105 public boolean hasActionId(String actionId) { 106 ResourceAction resourceAction = 107 ResourceActionLocalServiceUtil.fetchResourceAction( 108 getName(), actionId); 109 110 if (resourceAction != null) { 111 long actionIds = getActionIds(); 112 long bitwiseValue = resourceAction.getBitwiseValue(); 113 114 if ((actionIds & bitwiseValue) == bitwiseValue) { 115 return true; 116 } 117 } 118 119 return false; 120 } 121 122 @Override 123 public void removeResourceAction(String actionId) throws PortalException { 124 ResourceAction resourceAction = 125 ResourceActionLocalServiceUtil.getResourceAction( 126 getName(), actionId); 127 128 setActionIds(getActionIds() & (~resourceAction.getBitwiseValue())); 129 } 130 131 }