001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.model.impl;
016    
017    import com.liferay.portal.model.ResourceAction;
018    import com.liferay.portal.service.ResourceActionLocalServiceUtil;
019    
020    /**
021     * Stores the permissions assigned to roles under permissions version 6. A
022     * resource permission gives a role the ability to perform a set of actions on
023     * certain resources.
024     *
025     * <p>
026     * The type of resource a permission applies to is specified by the
027     * <code>name</code> attribute. It will either be the numeric ID of a portlet,
028     * or the fully qualified class name of a model (such as a layout or document
029     * library folder).
030     * </p>
031     *
032     * <p>
033     * These permissions can apply in one of four scopes: company, group,
034     * group-template, or individual. The scope of a permission determines how
035     * broadly it applies to resources in the portal. Company scope is the broadest,
036     * and grants a user with the role permissions for every resource of the type
037     * within the company. Likewise, group scope gives users with the role
038     * permissions for every resource within the specified group, and individual
039     * scope only applies to a single resource of the type. Group-template scope is
040     * similar to group scope, except that it does not automatically apply to a
041     * specific group. A user must be a member of a group (generally either a site
042     * or an organization), and they must have been given the role within that group
043     * before they are granted its permissions.
044     * </p>
045     *
046     * <p>
047     * Note: Lacking permission to perform an action on a resource at one scope does
048     * not necessarily mean that a role does not have permission to perform that
049     * action. For instance, a message boards moderator role will not have
050     * individual scope permissions to edit every post, but it will have edit
051     * permissions at the group or company level, which is sufficient. Every scope
052     * must be checked.
053     * </p>
054     *
055     * <p>
056     * The scope of the resource permission also determines the meaning of the
057     * <code>primKey</code> attribute. Its different uses are listed below:
058     * </p>
059     *
060     * <ul>
061     * <li>
062     * Company scope - <code>primKey</code> is the primary key of the company
063     * </li>
064     * <li>
065     * Group scope - <code>primKey</code> is the primary key of the group the
066     * permission applies within
067     * </li>
068     * <li>
069     * Group-template scope - <code>primKey</code> is always <code>0</code>
070     * </li>
071     * <li>
072     * Individual scope - If the permission applies to a model instance,
073     * <code>primkey</code> will be the primary key of the instance. If the
074     * permission is for a portlet, <code>primKey</code> will contain the primary
075     * key of the layout containing the portlet, followed by &quot;_LAYOUT_&quot;
076     * and the portlet ID. The instance ID will also be present for instanceable
077     * portlets, preceded by &quot;_INSTANCE_&quot;.
078     * </li>
079     * </ul>
080     *
081     * <p>
082     * The <code>actionIds</code> attribute stores the bitwise IDs of all the
083     * actions allowed by this permission.
084     * </p>
085     *
086     * @author Brian Wing Shun Chan
087     * @see    ResourceActionImpl
088     */
089    public class ResourcePermissionImpl extends ResourcePermissionBaseImpl {
090    
091            public ResourcePermissionImpl() {
092            }
093    
094            @Override
095            public boolean hasActionId(String actionId) {
096                    ResourceAction resourceAction =
097                            ResourceActionLocalServiceUtil.fetchResourceAction(
098                                    getName(), actionId);
099    
100                    if (resourceAction != null) {
101                            long actionIds = getActionIds();
102                            long bitwiseValue = resourceAction.getBitwiseValue();
103    
104                            if ((actionIds & bitwiseValue) == bitwiseValue) {
105                                    return true;
106                            }
107                    }
108    
109                    return false;
110            }
111    
112    }