001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.kernel.exception.NoSuchRoleException;
018    import com.liferay.portal.kernel.model.Group;
019    import com.liferay.portal.kernel.model.GroupConstants;
020    import com.liferay.portal.kernel.model.ResourceConstants;
021    import com.liferay.portal.kernel.model.Role;
022    import com.liferay.portal.kernel.model.RoleConstants;
023    import com.liferay.portal.kernel.security.permission.ActionKeys;
024    import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
025    import com.liferay.portal.kernel.service.ResourcePermissionLocalServiceUtil;
026    import com.liferay.portal.kernel.service.RoleLocalServiceUtil;
027    import com.liferay.portal.kernel.util.LoggingTimer;
028    import com.liferay.portal.util.PortalInstances;
029    
030    /**
031     * @author Brian Wing Shun Chan
032     */
033    public class VerifyRole extends VerifyProcess {
034    
035            protected void addViewSiteAdministrationPermission(Role role)
036                    throws Exception {
037    
038                    String name = Group.class.getName();
039    
040                    Group group = GroupLocalServiceUtil.getGroup(
041                            role.getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
042    
043                    String primKey = String.valueOf(group.getGroupId());
044    
045                    if (!ResourcePermissionLocalServiceUtil.hasResourcePermission(
046                                    role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP,
047                                    primKey, role.getRoleId(), ActionKeys.MANAGE_LAYOUTS) ||
048                            ResourcePermissionLocalServiceUtil.hasResourcePermission(
049                                    role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP,
050                                    primKey, role.getRoleId(),
051                                    ActionKeys.VIEW_SITE_ADMINISTRATION)) {
052    
053                            return;
054                    }
055    
056                    ResourcePermissionLocalServiceUtil.addResourcePermission(
057                            role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP, primKey,
058                            role.getRoleId(), ActionKeys.VIEW_SITE_ADMINISTRATION);
059            }
060    
061            protected void deleteImplicitAssociations(Role role) throws Exception {
062                    runSQL(
063                            "delete from UserGroupGroupRole where roleId = " +
064                                    role.getRoleId());
065                    runSQL("delete from UserGroupRole where roleId = " + role.getRoleId());
066            }
067    
068            @Override
069            protected void doVerify() throws Exception {
070                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
071    
072                    for (long companyId : companyIds) {
073                            verifyRoles(companyId);
074                    }
075            }
076    
077            protected void verifyRoles(long companyId) throws Exception {
078                    try (LoggingTimer loggingTimer =
079                                    new LoggingTimer(String.valueOf(companyId))) {
080    
081                            RoleLocalServiceUtil.checkSystemRoles(companyId);
082    
083                            try {
084                                    Role organizationUserRole = RoleLocalServiceUtil.getRole(
085                                            companyId, RoleConstants.ORGANIZATION_USER);
086    
087                                    deleteImplicitAssociations(organizationUserRole);
088                            }
089                            catch (NoSuchRoleException nsre) {
090                            }
091    
092                            try {
093                                    Role powerUserRole = RoleLocalServiceUtil.getRole(
094                                            companyId, RoleConstants.POWER_USER);
095    
096                                    addViewSiteAdministrationPermission(powerUserRole);
097                            }
098                            catch (NoSuchRoleException nsre) {
099                            }
100    
101                            try {
102                                    Role siteMemberRole = RoleLocalServiceUtil.getRole(
103                                            companyId, RoleConstants.SITE_MEMBER);
104    
105                                    deleteImplicitAssociations(siteMemberRole);
106                            }
107                            catch (NoSuchRoleException nsre) {
108                            }
109                    }
110            }
111    
112    }