001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.model.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.model.ResourceAction;
019    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
020    
021    /**
022     * Stores the permissions assigned to roles under permissions version 6. A
023     * resource permission gives a role the ability to perform a set of actions on
024     * certain resources.
025     *
026     * <p>
027     * The type of resource a permission applies to is specified by the
028     * <code>name</code> attribute. It will either be the numeric ID of a portlet,
029     * or the fully qualified class name of a model (such as a layout or document
030     * library folder).
031     * </p>
032     *
033     * <p>
034     * These permissions can apply in one of four scopes: company, group,
035     * group-template, or individual. The scope of a permission determines how
036     * broadly it applies to resources in the portal. Company scope is the broadest,
037     * and grants a user with the role permissions for every resource of the type
038     * within the company. Likewise, group scope gives users with the role
039     * permissions for every resource within the specified group, and individual
040     * scope only applies to a single resource of the type. Group-template scope is
041     * similar to group scope, except that it does not automatically apply to a
042     * specific group. A user must be a member of a group (generally either a site
043     * or an organization), and they must have been given the role within that group
044     * before they are granted its permissions.
045     * </p>
046     *
047     * <p>
048     * Note: Lacking permission to perform an action on a resource at one scope does
049     * not necessarily mean that a role does not have permission to perform that
050     * action. For instance, a message boards moderator role will not have
051     * individual scope permissions to edit every post, but it will have edit
052     * permissions at the group or company level, which is sufficient. Every scope
053     * must be checked.
054     * </p>
055     *
056     * <p>
057     * The scope of the resource permission also determines the meaning of the
058     * <code>primKey</code> attribute. Its different uses are listed below:
059     * </p>
060     *
061     * <ul>
062     * <li>
063     * Company scope - <code>primKey</code> is the primary key of the company
064     * </li>
065     * <li>
066     * Group scope - <code>primKey</code> is the primary key of the group the
067     * permission applies within
068     * </li>
069     * <li>
070     * Group-template scope - <code>primKey</code> is always <code>0</code>
071     * </li>
072     * <li>
073     * Individual scope - If the permission applies to a model instance,
074     * <code>primkey</code> will be the primary key of the instance. If the
075     * permission is for a portlet, <code>primKey</code> will contain the primary
076     * key of the layout containing the portlet, followed by &quot;_LAYOUT_&quot;
077     * and the portlet ID. The instance ID will also be present for instanceable
078     * portlets, preceded by &quot;_INSTANCE_&quot;.
079     * </li>
080     * </ul>
081     *
082     * <p>
083     * The <code>actionIds</code> attribute stores the bitwise IDs of all the
084     * actions allowed by this permission.
085     * </p>
086     *
087     * @author Brian Wing Shun Chan
088     * @see    ResourceActionImpl
089     */
090    public class ResourcePermissionImpl extends ResourcePermissionBaseImpl {
091    
092            public ResourcePermissionImpl() {
093            }
094    
095            @Override
096            public void addResourceAction(String actionId) throws PortalException {
097                    ResourceAction resourceAction =
098                            ResourceActionLocalServiceUtil.getResourceAction(
099                                    getName(), actionId);
100    
101                    setActionIds(getActionIds() | resourceAction.getBitwiseValue());
102            }
103    
104            @Override
105            public boolean hasActionId(String actionId) {
106                    ResourceAction resourceAction =
107                            ResourceActionLocalServiceUtil.fetchResourceAction(
108                                    getName(), actionId);
109    
110                    if (resourceAction != null) {
111                            long actionIds = getActionIds();
112                            long bitwiseValue = resourceAction.getBitwiseValue();
113    
114                            if ((actionIds & bitwiseValue) == bitwiseValue) {
115                                    return true;
116                            }
117                    }
118    
119                    return false;
120            }
121    
122            @Override
123            public void removeResourceAction(String actionId) throws PortalException {
124                    ResourceAction resourceAction =
125                            ResourceActionLocalServiceUtil.getResourceAction(
126                                    getName(), actionId);
127    
128                    setActionIds(getActionIds() & (~resourceAction.getBitwiseValue()));
129            }
130    
131    }