001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.enterpriseadmin.action;
016    
017    import com.liferay.portal.NoSuchRoleException;
018    import com.liferay.portal.RolePermissionsException;
019    import com.liferay.portal.kernel.servlet.SessionErrors;
020    import com.liferay.portal.kernel.servlet.SessionMessages;
021    import com.liferay.portal.kernel.util.ArrayUtil;
022    import com.liferay.portal.kernel.util.Constants;
023    import com.liferay.portal.kernel.util.ListUtil;
024    import com.liferay.portal.kernel.util.ParamUtil;
025    import com.liferay.portal.kernel.util.StringUtil;
026    import com.liferay.portal.kernel.util.Validator;
027    import com.liferay.portal.model.GroupConstants;
028    import com.liferay.portal.model.ResourceConstants;
029    import com.liferay.portal.model.Role;
030    import com.liferay.portal.model.RoleConstants;
031    import com.liferay.portal.security.auth.PrincipalException;
032    import com.liferay.portal.security.permission.ResourceActionsUtil;
033    import com.liferay.portal.security.permission.comparator.ActionComparator;
034    import com.liferay.portal.service.PermissionServiceUtil;
035    import com.liferay.portal.service.ResourcePermissionServiceUtil;
036    import com.liferay.portal.service.RoleLocalServiceUtil;
037    import com.liferay.portal.struts.PortletAction;
038    import com.liferay.portal.theme.ThemeDisplay;
039    import com.liferay.portal.util.PropsValues;
040    import com.liferay.portal.util.WebKeys;
041    
042    import java.util.HashMap;
043    import java.util.List;
044    import java.util.Map;
045    
046    import javax.portlet.ActionRequest;
047    import javax.portlet.ActionResponse;
048    import javax.portlet.PortletConfig;
049    import javax.portlet.RenderRequest;
050    import javax.portlet.RenderResponse;
051    
052    import org.apache.struts.action.ActionForm;
053    import org.apache.struts.action.ActionForward;
054    import org.apache.struts.action.ActionMapping;
055    
056    /**
057     * @author Brian Wing Shun Chan
058     * @author Jorge Ferrer
059     */
060    public class EditRolePermissionsAction extends PortletAction {
061    
062            public void processAction(
063                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
064                            ActionRequest actionRequest, ActionResponse actionResponse)
065                    throws Exception {
066    
067                    String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
068    
069                    try {
070                            if (cmd.equals("actions")) {
071                                    updateActions(actionRequest, actionResponse);
072                            }
073                            else if (cmd.equals("delete_permission")) {
074                                    deletePermission(actionRequest, actionResponse);
075                            }
076                    }
077                    catch (Exception e) {
078                            if (e instanceof NoSuchRoleException ||
079                                    e instanceof PrincipalException ||
080                                    e instanceof RolePermissionsException) {
081    
082                                    SessionErrors.add(actionRequest, e.getClass().getName());
083    
084                                    setForward(actionRequest, "portlet.enterprise_admin.error");
085                            }
086                            else {
087                                    throw e;
088                            }
089                    }
090            }
091    
092            public ActionForward render(
093                            ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
094                            RenderRequest renderRequest, RenderResponse renderResponse)
095                    throws Exception {
096    
097                    try {
098                            ActionUtil.getRole(renderRequest);
099                    }
100                    catch (Exception e) {
101                            if (e instanceof NoSuchRoleException ||
102                                    e instanceof PrincipalException) {
103    
104                                    SessionErrors.add(renderRequest, e.getClass().getName());
105    
106                                    return mapping.findForward("portlet.enterprise_admin.error");
107                            }
108                            else {
109                                    throw e;
110                            }
111                    }
112    
113                    return mapping.findForward(getForward(
114                            renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
115            }
116    
117            protected void deletePermission(
118                            ActionRequest actionRequest, ActionResponse actionResponse)
119                    throws Exception {
120    
121                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
122                            WebKeys.THEME_DISPLAY);
123    
124                    long roleId = ParamUtil.getLong(actionRequest, "roleId");
125                    long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
126                    String name = ParamUtil.getString(actionRequest, "name");
127                    int scope = ParamUtil.getInteger(actionRequest, "scope");
128                    String primKey = ParamUtil.getString(actionRequest, "primKey");
129                    String actionId = ParamUtil.getString(actionRequest, "actionId");
130    
131                    Role role = RoleLocalServiceUtil.getRole(roleId);
132    
133                    if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
134                            role.getName().equals(RoleConstants.OWNER) ||
135                            role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
136                            role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
137                            role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
138                            role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
139    
140                            throw new RolePermissionsException(role.getName());
141                    }
142    
143                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
144                            ResourcePermissionServiceUtil.removeResourcePermission(
145                                    themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
146                                    name, scope, primKey, roleId, actionId);
147                    }
148                    else {
149                            PermissionServiceUtil.unsetRolePermission(
150                                    roleId, themeDisplay.getScopeGroupId(), permissionId);
151                    }
152    
153                    // Send redirect
154    
155                    SessionMessages.add(actionRequest, "permissionDeleted");
156    
157                    String redirect = ParamUtil.getString(actionRequest, "redirect");
158    
159                    actionResponse.sendRedirect(redirect);
160            }
161    
162            protected void updateAction_1to5(
163                            Role role, long groupId, String selResource, String actionId,
164                            boolean selected, int scope, String[] groupIds)
165                    throws Exception {
166    
167                    long roleId = role.getRoleId();
168    
169                    if (selected) {
170                            if (scope == ResourceConstants.SCOPE_COMPANY) {
171                                    PermissionServiceUtil.setRolePermission(
172                                            roleId, groupId, selResource, scope,
173                                            String.valueOf(role.getCompanyId()), actionId);
174                            }
175                            else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
176                                    PermissionServiceUtil.setRolePermission(
177                                            roleId, groupId, selResource,
178                                            ResourceConstants.SCOPE_GROUP_TEMPLATE,
179                                            String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
180                                            actionId);
181                            }
182                            else {
183                                    PermissionServiceUtil.unsetRolePermissions(
184                                            roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
185                                            actionId);
186    
187                                    for (String curGroupId : groupIds) {
188                                            PermissionServiceUtil.setRolePermission(
189                                                    roleId, groupId, selResource,
190                                                    ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
191                                    }
192                            }
193                    }
194                    else {
195    
196                            // Remove company, group template, and group permissions
197    
198                            PermissionServiceUtil.unsetRolePermissions(
199                                    roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
200                                    actionId);
201    
202                            PermissionServiceUtil.unsetRolePermissions(
203                                    roleId, groupId, selResource,
204                                    ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
205    
206                            PermissionServiceUtil.unsetRolePermissions(
207                                    roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
208                                    actionId);
209                    }
210            }
211    
212            protected void updateAction_6(
213                            Role role, long groupId, String selResource, String actionId,
214                            boolean selected, int scope, String[] groupIds)
215                    throws Exception {
216    
217                    long companyId = role.getCompanyId();
218                    long roleId = role.getRoleId();
219    
220                    if (selected) {
221                            if (scope == ResourceConstants.SCOPE_COMPANY) {
222                                    ResourcePermissionServiceUtil.addResourcePermission(
223                                            groupId, companyId, selResource, scope,
224                                            String.valueOf(role.getCompanyId()), roleId, actionId);
225                            }
226                            else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
227                                    ResourcePermissionServiceUtil.addResourcePermission(
228                                            groupId, companyId, selResource,
229                                            ResourceConstants.SCOPE_GROUP_TEMPLATE,
230                                            String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
231                                            roleId, actionId);
232                            }
233                            else if (scope == ResourceConstants.SCOPE_GROUP) {
234                                    ResourcePermissionServiceUtil.removeResourcePermissions(
235                                            groupId, companyId, selResource,
236                                            ResourceConstants.SCOPE_GROUP, roleId, actionId);
237    
238                                    for (String curGroupId : groupIds) {
239                                            ResourcePermissionServiceUtil.addResourcePermission(
240                                                    groupId, companyId, selResource,
241                                                    ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
242                                                    actionId);
243                                    }
244                            }
245                    }
246                    else {
247    
248                            // Remove company, group template, and group permissions
249    
250                            ResourcePermissionServiceUtil.removeResourcePermissions(
251                                    groupId, companyId, selResource,
252                                    ResourceConstants.SCOPE_COMPANY, roleId, actionId);
253    
254                            ResourcePermissionServiceUtil.removeResourcePermissions(
255                                    groupId, companyId, selResource,
256                                    ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
257    
258                            ResourcePermissionServiceUtil.removeResourcePermissions(
259                                    groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
260                                    roleId, actionId);
261                    }
262            }
263    
264            protected void updateActions(
265                            ActionRequest actionRequest, ActionResponse actionResponse)
266                    throws Exception {
267    
268                    ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
269                            WebKeys.THEME_DISPLAY);
270    
271                    long roleId = ParamUtil.getLong(actionRequest, "roleId");
272    
273                    Role role = RoleLocalServiceUtil.getRole(roleId);
274    
275                    if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
276                            role.getName().equals(RoleConstants.OWNER) ||
277                            role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
278                            role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
279                            role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
280                            role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
281    
282                            throw new RolePermissionsException(role.getName());
283                    }
284    
285                    String portletResource = ParamUtil.getString(
286                            actionRequest, "portletResource");
287                    String[] modelResources = StringUtil.split(
288                            ParamUtil.getString(actionRequest, "modelResources"));
289                    boolean showModelResources = ParamUtil.getBoolean(
290                            actionRequest, "showModelResources");
291    
292                    Map<String, List<String>> resourceActionsMap =
293                            new HashMap<String, List<String>>();
294    
295                    if (showModelResources) {
296                            for (String modelResource : modelResources) {
297                                    resourceActionsMap.put(
298                                            modelResource,
299                                            ResourceActionsUtil.getResourceActions(
300                                                    null, modelResource));
301                            }
302                    }
303                    else if (Validator.isNotNull(portletResource)) {
304                            resourceActionsMap.put(
305                                    portletResource,
306                                    ResourceActionsUtil.getResourceActions(portletResource, null));
307                    }
308    
309                    String[] selectedTargets = StringUtil.split(
310                            ParamUtil.getString(actionRequest, "selectedTargets"));
311    
312                    for (Map.Entry<String, List<String>> entry :
313                                    resourceActionsMap.entrySet()) {
314    
315                            String selResource = entry.getKey();
316                            List<String> actions = entry.getValue();
317    
318                            actions = ListUtil.sort(
319                                    actions, new ActionComparator(themeDisplay.getLocale()));
320    
321                            for (String actionId : actions) {
322                                    String target = selResource + actionId;
323    
324                                    boolean selected = ArrayUtil.contains(selectedTargets, target);
325    
326                                    String[] groupIds = StringUtil.split(
327                                            ParamUtil.getString(actionRequest, "groupIds" + target));
328    
329                                    groupIds = ArrayUtil.distinct(groupIds);
330    
331                                    int scope = ResourceConstants.SCOPE_COMPANY;
332    
333                                    if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
334                                            (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
335    
336                                            scope = ResourceConstants.SCOPE_GROUP_TEMPLATE;
337                                    }
338                                    else {
339                                            if (groupIds.length > 0) {
340                                                    scope = ResourceConstants.SCOPE_GROUP;
341                                            }
342                                    }
343    
344                                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
345                                            updateAction_6(
346                                                    role, themeDisplay.getScopeGroupId(), selResource,
347                                                    actionId, selected, scope, groupIds);
348                                    }
349                                    else {
350                                            updateAction_1to5(
351                                                    role, themeDisplay.getScopeGroupId(), selResource,
352                                                    actionId, selected, scope, groupIds);
353                                    }
354                            }
355                    }
356    
357                    // Send redirect
358    
359                    SessionMessages.add(actionRequest, "permissionsUpdated");
360    
361                    String redirect =
362                            ParamUtil.getString(actionRequest, "redirect") + "&" +
363                                    Constants.CMD + "=" + Constants.VIEW;
364    
365                    actionResponse.sendRedirect(redirect);
366            }
367    
368    }