001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.exception.NoSuchRoleException;
018 import com.liferay.portal.kernel.model.Group;
019 import com.liferay.portal.kernel.model.GroupConstants;
020 import com.liferay.portal.kernel.model.ResourceConstants;
021 import com.liferay.portal.kernel.model.Role;
022 import com.liferay.portal.kernel.model.RoleConstants;
023 import com.liferay.portal.kernel.security.permission.ActionKeys;
024 import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
025 import com.liferay.portal.kernel.service.ResourcePermissionLocalServiceUtil;
026 import com.liferay.portal.kernel.service.RoleLocalServiceUtil;
027 import com.liferay.portal.kernel.util.LoggingTimer;
028 import com.liferay.portal.util.PortalInstances;
029
030
033 public class VerifyRole extends VerifyProcess {
034
035 protected void addViewSiteAdministrationPermission(Role role)
036 throws Exception {
037
038 String name = Group.class.getName();
039
040 Group group = GroupLocalServiceUtil.getGroup(
041 role.getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
042
043 String primKey = String.valueOf(group.getGroupId());
044
045 if (!ResourcePermissionLocalServiceUtil.hasResourcePermission(
046 role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP,
047 primKey, role.getRoleId(), ActionKeys.MANAGE_LAYOUTS) ||
048 ResourcePermissionLocalServiceUtil.hasResourcePermission(
049 role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP,
050 primKey, role.getRoleId(),
051 ActionKeys.VIEW_SITE_ADMINISTRATION)) {
052
053 return;
054 }
055
056 ResourcePermissionLocalServiceUtil.addResourcePermission(
057 role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP, primKey,
058 role.getRoleId(), ActionKeys.VIEW_SITE_ADMINISTRATION);
059 }
060
061 protected void deleteImplicitAssociations(Role role) throws Exception {
062 runSQL(
063 "delete from UserGroupGroupRole where roleId = " +
064 role.getRoleId());
065 runSQL("delete from UserGroupRole where roleId = " + role.getRoleId());
066 }
067
068 @Override
069 protected void doVerify() throws Exception {
070 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
071
072 for (long companyId : companyIds) {
073 verifyRoles(companyId);
074 }
075 }
076
077 protected void verifyRoles(long companyId) throws Exception {
078 try (LoggingTimer loggingTimer =
079 new LoggingTimer(String.valueOf(companyId))) {
080
081 RoleLocalServiceUtil.checkSystemRoles(companyId);
082
083 try {
084 Role organizationUserRole = RoleLocalServiceUtil.getRole(
085 companyId, RoleConstants.ORGANIZATION_USER);
086
087 deleteImplicitAssociations(organizationUserRole);
088 }
089 catch (NoSuchRoleException nsre) {
090 }
091
092 try {
093 Role powerUserRole = RoleLocalServiceUtil.getRole(
094 companyId, RoleConstants.POWER_USER);
095
096 addViewSiteAdministrationPermission(powerUserRole);
097 }
098 catch (NoSuchRoleException nsre) {
099 }
100
101 try {
102 Role siteMemberRole = RoleLocalServiceUtil.getRole(
103 companyId, RoleConstants.SITE_MEMBER);
104
105 deleteImplicitAssociations(siteMemberRole);
106 }
107 catch (NoSuchRoleException nsre) {
108 }
109 }
110 }
111
112 }