001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchGroupException;
018    import com.liferay.portal.NoSuchResourceException;
019    import com.liferay.portal.ResourceActionsException;
020    import com.liferay.portal.kernel.dao.jdbc.DataAccess;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.kernel.exception.SystemException;
023    import com.liferay.portal.kernel.log.Log;
024    import com.liferay.portal.kernel.log.LogFactoryUtil;
025    import com.liferay.portal.kernel.search.SearchEngineUtil;
026    import com.liferay.portal.kernel.util.ListUtil;
027    import com.liferay.portal.kernel.util.StringBundler;
028    import com.liferay.portal.model.AuditedModel;
029    import com.liferay.portal.model.ClassedModel;
030    import com.liferay.portal.model.Group;
031    import com.liferay.portal.model.GroupConstants;
032    import com.liferay.portal.model.GroupedModel;
033    import com.liferay.portal.model.Permission;
034    import com.liferay.portal.model.PermissionedModel;
035    import com.liferay.portal.model.Resource;
036    import com.liferay.portal.model.ResourceCode;
037    import com.liferay.portal.model.ResourceConstants;
038    import com.liferay.portal.model.ResourcePermission;
039    import com.liferay.portal.model.Role;
040    import com.liferay.portal.model.RoleConstants;
041    import com.liferay.portal.model.impl.ResourceImpl;
042    import com.liferay.portal.security.permission.PermissionCacheUtil;
043    import com.liferay.portal.security.permission.PermissionThreadLocal;
044    import com.liferay.portal.security.permission.PermissionsListFilter;
045    import com.liferay.portal.security.permission.PermissionsListFilterFactory;
046    import com.liferay.portal.security.permission.ResourceActionsUtil;
047    import com.liferay.portal.service.ServiceContext;
048    import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
049    import com.liferay.portal.util.PropsValues;
050    import com.liferay.portal.util.ResourcePermissionsThreadLocal;
051    import com.liferay.portal.util.comparator.ResourceComparator;
052    
053    import java.sql.Connection;
054    import java.sql.PreparedStatement;
055    import java.sql.ResultSet;
056    import java.sql.SQLException;
057    
058    import java.util.Arrays;
059    import java.util.Iterator;
060    import java.util.List;
061    
062    /**
063     * Provides the local service for accessing, adding, and updating resources.
064     *
065     * <p>
066     * Permissions in Liferay are defined for resource/action pairs. Some resources,
067     * known as portlet resources, define actions that the end-user can perform with
068     * respect to a portlet window. Other resources, known as model resources,
069     * define actions that the end-user can perform with respect to the
070     * service/persistence layer.
071     * </p>
072     *
073     * <p>
074     * On creating an entity instance, you should create resources for it. The
075     * following example demonstrates adding resources for an instance of a model
076     * entity named <code>SomeWidget</code>. The IDs of the actions permitted for
077     * the group and guests are passed in from the service context.
078     * </p>
079     *
080     * <p>
081     * <pre>
082     * <code>
083     * resourceLocalService.addModelResources(
084     *              SomeWidget.getCompanyId(), SomeWidget.getGroupId(), userId,
085     *              SomeWidget.class.getName(), SomeWidget.getPrimaryKey(),
086     *              serviceContext.getGroupPermissions, serviceContext.getGuestPermissions);
087     * </code>
088     * </pre>
089     * </p>
090     *
091     * <p>
092     * Just prior to deleting an entity instance, you should delete its resource at
093     * the individual scope. The following example demonstrates deleting a resource
094     * associated with the <code>SomeWidget</code> model entity at the scope
095     * individual scope.
096     * </p>
097     *
098     * <p>
099     * <pre>
100     * <code>
101     * resourceLocalService.deleteResource(
102     *              SomeWidget.getCompanyId(), SomeWidget.class.getName(),
103     *              ResourceConstants.SCOPE_INDIVIDUAL, SomeWidget.getPrimaryKey());
104     * </code>
105     * </pre>
106     * </p>
107     *
108     * @author Brian Wing Shun Chan
109     * @author Wilson S. Man
110     * @author Raymond Aug??
111     * @author Julio Camarero
112     * @author Connor McKay
113     */
114    public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
115    
116            /**
117             * Adds resources for the model, always creating a resource at the
118             * individual scope and only creating resources at the group, group
119             * template, and company scope if such resources don't already exist.
120             *
121             * <ol>
122             * <li>
123             * If the service context specifies that default group or default guest
124             * permissions are to be added, then only default permissions are added. See
125             * {@link com.liferay.portal.service.ServiceContext#setAddGroupPermissions(
126             * boolean)} and {@link
127             * com.liferay.portal.service.ServiceContext#setAddGuestPermissions(
128             * boolean)}.
129             * </li>
130             * <li>
131             * Else ...
132             * <ol>
133             * <li>
134             * If the service context specifies to derive default permissions, then
135             * default group and guest permissions are derived from the model and
136             * added. See {@link
137             * com.liferay.portal.service.ServiceContext#setDeriveDefaultPermissions(
138             * boolean)}.
139             * </li>
140             * <li>
141             * Lastly group and guest permissions from the service
142             * context are applied. See {@link
143             * com.liferay.portal.service.ServiceContext#setGroupPermissions(String[])}
144             * and {@link
145             * com.liferay.portal.service.ServiceContext#setGuesPermissions(String[])}.
146             * </li>
147             * </ol>
148             *
149             * </li>
150             * </ol>
151             *
152             * @param  auditedModel the model to associate with the resources
153             * @param  serviceContext the service context to apply. Can set whether to
154             *         add the model's default group and guest permissions, set whether
155             *         to derive default group and guest permissions from the model, set
156             *         group permissions to apply, and set guest permissions to apply.
157             * @throws PortalException if no portal actions could be found associated
158             *         with the model or if a portal exception occurred
159             * @throws SystemException if a system exception occurred
160             */
161            @Override
162            public void addModelResources(
163                            AuditedModel auditedModel, ServiceContext serviceContext)
164                    throws PortalException, SystemException {
165    
166                    ClassedModel classedModel = (ClassedModel)auditedModel;
167    
168                    if (serviceContext.isAddGroupPermissions() ||
169                            serviceContext.isAddGuestPermissions()) {
170    
171                            addResources(
172                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
173                                    auditedModel.getUserId(), classedModel.getModelClassName(),
174                                    String.valueOf(classedModel.getPrimaryKeyObj()), false,
175                                    serviceContext.isAddGroupPermissions(),
176                                    serviceContext.isAddGuestPermissions(),
177                                    getPermissionedModel(auditedModel));
178                    }
179                    else {
180                            if (serviceContext.isDeriveDefaultPermissions()) {
181                                    serviceContext.deriveDefaultPermissions(
182                                            getGroupId(auditedModel), classedModel.getModelClassName());
183                            }
184    
185                            addModelResources(
186                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
187                                    auditedModel.getUserId(), classedModel.getModelClassName(),
188                                    String.valueOf(classedModel.getPrimaryKeyObj()),
189                                    serviceContext.getGroupPermissions(),
190                                    serviceContext.getGuestPermissions(),
191                                    getPermissionedModel(auditedModel));
192                    }
193            }
194    
195            /**
196             * Adds resources for the model with the name and primary key, always
197             * creating a resource at the individual scope and only creating resources
198             * at the group, group template, and company scope if such resources don't
199             * already exist.
200             *
201             * @param  companyId the primary key of the portal instance
202             * @param  groupId the primary key of the group
203             * @param  userId the primary key of the user adding the resources
204             * @param  name a name for the resource, typically the model's class name
205             * @param  primKey the primary key of the model instance, optionally
206             *         <code>0</code> if no instance exists
207             * @param  groupPermissions the group permissions to be applied
208             * @param  guestPermissions the guest permissions to be applied
209             * @throws PortalException if no portal actions could be found associated
210             *         with the model or if a portal exception occurred
211             * @throws SystemException if a system exception occurred
212             */
213            @Override
214            public void addModelResources(
215                            long companyId, long groupId, long userId, String name,
216                            long primKey, String[] groupPermissions, String[] guestPermissions)
217                    throws PortalException, SystemException {
218    
219                    addModelResources(
220                            companyId, groupId, userId, name, String.valueOf(primKey),
221                            groupPermissions, guestPermissions, null);
222            }
223    
224            /**
225             * Adds resources for the model with the name and primary key string, always
226             * creating a resource at the individual scope and only creating resources
227             * at the group, group template, and company scope if such resources don't
228             * already exist.
229             *
230             * @param  companyId the primary key of the portal instance
231             * @param  groupId the primary key of the group
232             * @param  userId the primary key of the user adding the resources
233             * @param  name a name for the resource, typically the model's class name
234             * @param  primKey the primary key string of the model instance, optionally
235             *         an empty string if no instance exists
236             * @param  groupPermissions the group permissions to be applied
237             * @param  guestPermissions the guest permissions to be applied
238             * @throws PortalException if no portal actions could be found associated
239             *         with the model or if a portal exception occurred
240             * @throws SystemException if a system exception occurred
241             */
242            @Override
243            public void addModelResources(
244                            long companyId, long groupId, long userId, String name,
245                            String primKey, String[] groupPermissions,
246                            String[] guestPermissions)
247                    throws PortalException, SystemException {
248    
249                    addModelResources(
250                            companyId, groupId, userId, name, primKey, groupPermissions,
251                            guestPermissions, null);
252            }
253    
254            @Override
255            public Resource addResource(
256                            long companyId, String name, int scope, String primKey)
257                    throws SystemException {
258    
259                    if (!PermissionThreadLocal.isAddResource()) {
260                            return null;
261                    }
262    
263                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
264                            return addResource_6(companyId, name, scope, primKey);
265                    }
266                    else {
267                            return addResource_1to5(companyId, name, scope, primKey);
268                    }
269            }
270    
271            /**
272             * Adds resources for the entity with the name and primary key, always
273             * creating a resource at the individual scope and only creating resources
274             * at the group, group template, and company scope if such resources don't
275             * already exist.
276             *
277             * @param  companyId the primary key of the portal instance
278             * @param  groupId the primary key of the group
279             * @param  userId the primary key of the user adding the resources
280             * @param  name a name for the resource, which should be a portlet ID if the
281             *         resource is a portlet or the resource's class name otherwise
282             * @param  primKey the primary key of the resource instance, optionally
283             *         <code>0</code> if no instance exists
284             * @param  portletActions whether to associate portlet actions with the
285             *         resource
286             * @param  addGroupPermissions whether to add group permissions
287             * @param  addGuestPermissions whether to add guest permissions
288             * @throws PortalException if no portal actions could be found associated
289             *         with the resource or if a portal exception occurred
290             * @throws SystemException if a system exception occurred
291             */
292            @Override
293            public void addResources(
294                            long companyId, long groupId, long userId, String name,
295                            long primKey, boolean portletActions, boolean addGroupPermissions,
296                            boolean addGuestPermissions)
297                    throws PortalException, SystemException {
298    
299                    addResources(
300                            companyId, groupId, userId, name, String.valueOf(primKey),
301                            portletActions, addGroupPermissions, addGuestPermissions, null);
302            }
303    
304            /**
305             * Adds resources for the entity with the name and primary key string,
306             * always creating a resource at the individual scope and only creating
307             * resources at the group, group template, and company scope if such
308             * resources don't already exist.
309             *
310             * @param  companyId the primary key of the portal instance
311             * @param  groupId the primary key of the group
312             * @param  userId the primary key of the user adding the resources
313             * @param  name a name for the resource, which should be a portlet ID if the
314             *         resource is a portlet or the resource's class name otherwise
315             * @param  primKey the primary key string of the resource instance,
316             *         optionally an empty string if no instance exists
317             * @param  portletActions whether to associate portlet actions with the
318             *         resource
319             * @param  addGroupPermissions whether to add group permissions
320             * @param  addGuestPermissions whether to add guest permissions
321             * @throws PortalException if no portal actions could be found associated
322             *         with the resource or if a portal exception occurred
323             * @throws SystemException if a system exception occurred
324             */
325            @Override
326            public void addResources(
327                            long companyId, long groupId, long userId, String name,
328                            String primKey, boolean portletActions, boolean addGroupPermissions,
329                            boolean addGuestPermissions)
330                    throws PortalException, SystemException {
331    
332                    addResources(
333                            companyId, groupId, userId, name, primKey, portletActions,
334                            addGroupPermissions, addGuestPermissions, null);
335            }
336    
337            /**
338             * Adds resources for the entity with the name. Use this method if the user
339             * is unknown or irrelevant and there is no current entity instance.
340             *
341             * @param  companyId the primary key of the portal instance
342             * @param  groupId the primary key of the group
343             * @param  name a name for the resource, which should be a portlet ID if the
344             *         resource is a portlet or the resource's class name otherwise
345             * @param  portletActions whether to associate portlet actions with the
346             *         resource
347             * @throws PortalException if no portal actions could be found associated
348             *         with the resource or if a portal exception occurred
349             * @throws SystemException if a system exception occurred
350             */
351            @Override
352            public void addResources(
353                            long companyId, long groupId, String name, boolean portletActions)
354                    throws PortalException, SystemException {
355    
356                    addResources(
357                            companyId, groupId, 0, name, null, portletActions, false, false);
358            }
359    
360            /**
361             * Deletes the resource associated with the model at the scope.
362             *
363             * @param  auditedModel the model associated with the resource
364             * @param  scope the scope of the resource. For more information see {@link
365             *         com.liferay.portal.model.ResourceConstants}.
366             * @throws PortalException if a portal exception occurred
367             * @throws SystemException if a system exception occurred
368             */
369            @Override
370            public void deleteResource(AuditedModel auditedModel, int scope)
371                    throws PortalException, SystemException {
372    
373                    ClassedModel classedModel = (ClassedModel)auditedModel;
374    
375                    deleteResource(
376                            auditedModel.getCompanyId(), classedModel.getModelClassName(),
377                            scope, String.valueOf(classedModel.getPrimaryKeyObj()),
378                            getPermissionedModel(auditedModel));
379            }
380    
381            @Override
382            public Resource deleteResource(long resourceId) throws SystemException {
383                    Resource resource = null;
384    
385                    try {
386                            resource = resourcePersistence.findByPrimaryKey(resourceId);
387    
388                            deleteResource(resource);
389                    }
390                    catch (NoSuchResourceException nsre) {
391                            if (_log.isWarnEnabled()) {
392                                    _log.warn(nsre);
393                            }
394                    }
395    
396                    return resource;
397            }
398    
399            /**
400             * Deletes the resource matching the primary key at the scope.
401             *
402             * @param  companyId the primary key of the portal instance
403             * @param  name the resource's name, which should be a portlet ID if the
404             *         resource is a portlet or the resource's class name otherwise
405             * @param  scope the scope of the resource. For more information see {@link
406             *         com.liferay.portal.model.ResourceConstants}.
407             * @param  primKey the primary key of the resource instance
408             * @throws PortalException if a portal exception occurred
409             * @throws SystemException if a system exception occurred
410             */
411            @Override
412            public void deleteResource(
413                            long companyId, String name, int scope, long primKey)
414                    throws PortalException, SystemException {
415    
416                    deleteResource(companyId, name, scope, String.valueOf(primKey), null);
417            }
418    
419            /**
420             * Deletes the resource matching the primary key at the scope.
421             *
422             * @param  companyId the primary key of the portal instance
423             * @param  name the resource's name, which should be a portlet ID if the
424             *         resource is a portlet or the resource's class name otherwise
425             * @param  scope the scope of the resource. For more information see {@link
426             *         com.liferay.portal.model.ResourceConstants}.
427             * @param  primKey the primary key string of the resource instance
428             * @throws PortalException if a portal exception occurred
429             * @throws SystemException if a system exception occurred
430             */
431            @Override
432            public void deleteResource(
433                            long companyId, String name, int scope, String primKey)
434                    throws PortalException, SystemException {
435    
436                    deleteResource(companyId, name, scope, primKey, null);
437            }
438    
439            @Override
440            public Resource deleteResource(Resource resource) throws SystemException {
441    
442                    // Permissions
443    
444                    List<Permission> permissions = permissionPersistence.findByResourceId(
445                            resource.getResourceId());
446    
447                    for (Permission permission : permissions) {
448                            orgGroupPermissionPersistence.removeByPermissionId(
449                                    permission.getPermissionId());
450                    }
451    
452                    permissionPersistence.removeByResourceId(resource.getResourceId());
453    
454                    // Resource
455    
456                    return resourcePersistence.remove(resource);
457            }
458    
459            @Override
460            public void deleteResources(String name) throws SystemException {
461                    List<Resource> resources = resourceFinder.findByName(name);
462    
463                    for (Resource resource : resources) {
464                            deleteResource(resource);
465                    }
466            }
467    
468            @Override
469            public Resource fetchResource(
470                            long companyId, String name, int scope, String primKey)
471                    throws SystemException {
472    
473                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
474                            return getResource_6(companyId, name, scope, primKey);
475                    }
476                    else {
477                            return fetchResource_1to5(companyId, name, scope, primKey);
478                    }
479            }
480    
481            @Override
482            public long getLatestResourceId() throws SystemException {
483                    List<Resource> resources = resourcePersistence.findAll(
484                            0, 1, new ResourceComparator());
485    
486                    if (resources.size() == 0) {
487                            return 0;
488                    }
489                    else {
490                            Resource resource = resources.get(0);
491    
492                            return resource.getResourceId();
493                    }
494            }
495    
496            /**
497             * Returns a new resource with the name and primary key at the scope.
498             *
499             * @param  companyId the primary key of the portal instance
500             * @param  name a name for the resource, which should be a portlet ID if the
501             *         resource is a portlet or the resource's class name otherwise
502             * @param  scope the scope of the resource. For more information see {@link
503             *         com.liferay.portal.model.ResourceConstants}.
504             * @param  primKey the primary key string of the resource
505             * @return the new resource
506             * @throws PortalException if a portal exception occurred
507             * @throws SystemException if a system exception occurred
508             */
509            @Override
510            public Resource getResource(
511                            long companyId, String name, int scope, String primKey)
512                    throws PortalException, SystemException {
513    
514                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
515                            return getResource_6(companyId, name, scope, primKey);
516                    }
517                    else {
518                            return getResource_1to5(companyId, name, scope, primKey);
519                    }
520            }
521    
522            @Override
523            public List<Resource> getResources() throws SystemException {
524                    return resourcePersistence.findAll();
525            }
526    
527            /**
528             * Updates the resources for the model, replacing their group and guest
529             * permissions with new ones from the service context.
530             *
531             * @param  auditedModel the model associated with the resources
532             * @param  serviceContext the service context to be applied. Can set group
533             *         and guest permissions.
534             * @throws PortalException if a portal exception occurred
535             * @throws SystemException if a system exception occurred
536             */
537            @Override
538            public void updateModelResources(
539                            AuditedModel auditedModel, ServiceContext serviceContext)
540                    throws PortalException, SystemException {
541    
542                    ClassedModel classedModel = (ClassedModel)auditedModel;
543    
544                    updateResources(
545                            auditedModel.getCompanyId(), getGroupId(auditedModel),
546                            classedModel.getModelClassName(),
547                            String.valueOf(classedModel.getPrimaryKeyObj()),
548                            serviceContext.getGroupPermissions(),
549                            serviceContext.getGuestPermissions(),
550                            getPermissionedModel(auditedModel));
551            }
552    
553            /**
554             * Updates resources matching the group, name, and primary key at the
555             * individual scope, setting new group and guest permissions.
556             *
557             * @param  companyId the primary key of the portal instance
558             * @param  groupId the primary key of the group
559             * @param  name the resource's name, which should be a portlet ID if the
560             *         resource is a portlet or the resource's class name otherwise
561             * @param  primKey the primary key of the resource instance
562             * @param  groupPermissions the group permissions to be applied
563             * @param  guestPermissions the guest permissions to be applied
564             * @throws PortalException if a portal exception occurred
565             * @throws SystemException if a system exception occurred
566             */
567            @Override
568            public void updateResources(
569                            long companyId, long groupId, String name, long primKey,
570                            String[] groupPermissions, String[] guestPermissions)
571                    throws PortalException, SystemException {
572    
573                    updateResources(
574                            companyId, groupId, name, String.valueOf(primKey), groupPermissions,
575                            guestPermissions, null);
576            }
577    
578            /**
579             * Updates resources matching the group, name, and primary key string at the
580             * individual scope, setting new group and guest permissions.
581             *
582             * @param  companyId the primary key of the portal instance
583             * @param  groupId the primary key of the group
584             * @param  name the resource's name, which should be a portlet ID if the
585             *         resource is a portlet or the resource's class name otherwise
586             * @param  primKey the primary key string of the resource instance
587             * @param  groupPermissions the group permissions to be applied
588             * @param  guestPermissions the guest permissions to be applied
589             * @throws PortalException if a portal exception occurred
590             * @throws SystemException if a system exception occurred
591             */
592            @Override
593            public void updateResources(
594                            long companyId, long groupId, String name, String primKey,
595                            String[] groupPermissions, String[] guestPermissions)
596                    throws PortalException, SystemException {
597    
598                    updateResources(
599                            companyId, groupId, name, primKey, groupPermissions,
600                            guestPermissions, null);
601            }
602    
603            /**
604             * Updates resources matching the name, primary key string and scope,
605             * replacing the primary key of their resource permissions with the new
606             * primary key.
607             *
608             * @param  companyId the primary key of the portal instance
609             * @param  name the resource's name, which should be a portlet ID if the
610             *         resource is a portlet or the resource's class name otherwise
611             * @param  scope the scope of the resource. For more information see {@link
612             *         com.liferay.portal.model.ResourceConstants}.
613             * @param  primKey the primary key string of the resource instance
614             * @param  newPrimKey the new primary key string of the resource
615             * @throws PortalException if a portal exception occurred
616             * @throws SystemException if a system exception occurred
617             */
618            @Override
619            public void updateResources(
620                            long companyId, String name, int scope, String primKey,
621                            String newPrimKey)
622                    throws PortalException, SystemException {
623    
624                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
625                            if (resourceBlockLocalService.isSupported(name)) {
626    
627                                    // Assuming that this method is used when the primary key of an
628                                    // existing record is changed, then nothing needs to happen
629                                    // here, as it should still have its resource block ID.
630    
631                            }
632                            else {
633                                    updateResources_6(companyId, name, scope, primKey, newPrimKey);
634                            }
635                    }
636                    else {
637                            updateResources_1to5(companyId, name, scope, primKey, newPrimKey);
638                    }
639            }
640    
641            protected void addGroupPermissions(
642                            long companyId, long groupId, long userId, String name,
643                            Resource resource, boolean portletActions,
644                            PermissionedModel permissionedModel)
645                    throws PortalException, SystemException {
646    
647                    List<String> actions = null;
648    
649                    if (portletActions) {
650                            actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
651                                    name);
652                    }
653                    else {
654                            actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
655                                    name);
656                    }
657    
658                    String[] actionIds = actions.toArray(new String[actions.size()]);
659    
660                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
661                            if (resourceBlockLocalService.isSupported(name)) {
662                                    addGroupPermissions_6Blocks(
663                                            groupId, resource, actions, permissionedModel);
664                            }
665                            else {
666                                    addGroupPermissions_6(groupId, resource, actionIds);
667                            }
668                    }
669                    else {
670                            addGroupPermissions_1to5(
671                                    companyId, groupId, userId, name, resource, portletActions,
672                                    actionIds);
673                    }
674            }
675    
676            protected void addGroupPermissions_1to5(
677                            long companyId, long groupId, long userId, String name,
678                            Resource resource, boolean portletActions, String[] actionIds)
679                    throws PortalException, SystemException {
680    
681                    long resourceId = resource.getResourceId();
682                    String primKey = resource.getPrimKey();
683    
684                    List<Permission> groupPermissionsList =
685                            permissionLocalService.getPermissions(
686                                    companyId, actionIds, resourceId);
687    
688                    PermissionsListFilter permissionsListFilter =
689                            PermissionsListFilterFactory.getInstance();
690    
691                    groupPermissionsList = permissionsListFilter.filterGroupPermissions(
692                            companyId, groupId, userId, name, primKey, portletActions,
693                            groupPermissionsList);
694    
695                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
696                            Role role = roleLocalService.getDefaultGroupRole(groupId);
697    
698                            rolePersistence.addPermissions(
699                                    role.getRoleId(), groupPermissionsList);
700                    }
701                    else {
702                            groupPersistence.addPermissions(groupId, groupPermissionsList);
703                    }
704            }
705    
706            protected void addGroupPermissions_6(
707                            long groupId, Resource resource, String[] actionIds)
708                    throws PortalException, SystemException {
709    
710                    Role role = roleLocalService.getDefaultGroupRole(groupId);
711    
712                    resourcePermissionLocalService.setResourcePermissions(
713                            resource.getCompanyId(), resource.getName(), resource.getScope(),
714                            resource.getPrimKey(), role.getRoleId(), actionIds);
715            }
716    
717            protected void addGroupPermissions_6Blocks(
718                            long groupId, Resource resource, List<String> actionIds,
719                            PermissionedModel permissionedModel)
720                    throws PortalException, SystemException {
721    
722                    if (permissionedModel == null) {
723                            throw new IllegalArgumentException("Permissioned model is null");
724                    }
725    
726                    // Scope is assumed to always be individual
727    
728                    Role role = roleLocalService.getDefaultGroupRole(groupId);
729    
730                    resourceBlockLocalService.setIndividualScopePermissions(
731                            resource.getCompanyId(), groupId, resource.getName(),
732                            permissionedModel, role.getRoleId(), actionIds);
733            }
734    
735            protected void addGuestPermissions(
736                            long companyId, long groupId, long userId, String name,
737                            Resource resource, boolean portletActions,
738                            PermissionedModel permissionedModel)
739                    throws PortalException, SystemException {
740    
741                    List<String> actions = null;
742    
743                    if (portletActions) {
744                            actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
745                                    name);
746                    }
747                    else {
748                            actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
749                                    name);
750                    }
751    
752                    String[] actionIds = actions.toArray(new String[actions.size()]);
753    
754                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
755                            if (resourceBlockLocalService.isSupported(name)) {
756                                    addGuestPermissions_6Blocks(
757                                            companyId, groupId, resource, actions, permissionedModel);
758                            }
759                            else {
760                                    addGuestPermissions_6(companyId, resource, actionIds);
761                            }
762                    }
763                    else {
764                            addGuestPermissions_1to5(
765                                    companyId, groupId, userId, name, resource, portletActions,
766                                    actionIds);
767                    }
768            }
769    
770            protected void addGuestPermissions_1to5(
771                            long companyId, long groupId, long userId, String name,
772                            Resource resource, boolean portletActions, String[] actionIds)
773                    throws PortalException, SystemException {
774    
775                    List<Permission> guestPermissionsList =
776                            permissionLocalService.getPermissions(
777                                    companyId, actionIds, resource.getResourceId());
778    
779                    PermissionsListFilter permissionsListFilter =
780                            PermissionsListFilterFactory.getInstance();
781    
782                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
783                            companyId, groupId, userId, name, resource.getPrimKey(),
784                            portletActions, guestPermissionsList);
785    
786                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
787                            Role guestRole = roleLocalService.getRole(
788                                    companyId, RoleConstants.GUEST);
789    
790                            rolePersistence.addPermissions(
791                                    guestRole.getRoleId(), guestPermissionsList);
792                    }
793                    else {
794                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
795    
796                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
797                    }
798            }
799    
800            protected void addGuestPermissions_6(
801                            long companyId, Resource resource, String[] actionIds)
802                    throws PortalException, SystemException {
803    
804                    Role guestRole = roleLocalService.getRole(
805                            companyId, RoleConstants.GUEST);
806    
807                    resourcePermissionLocalService.setResourcePermissions(
808                            resource.getCompanyId(), resource.getName(), resource.getScope(),
809                            resource.getPrimKey(), guestRole.getRoleId(), actionIds);
810            }
811    
812            protected void addGuestPermissions_6Blocks(
813                            long companyId, long groupId, Resource resource,
814                            List<String> actionIds, PermissionedModel permissionedModel)
815                    throws PortalException, SystemException {
816    
817                    if (permissionedModel == null) {
818                            throw new IllegalArgumentException("Permissioned model is null");
819                    }
820    
821                    // Scope is assumed to always be individual
822    
823                    Role guestRole = roleLocalService.getRole(
824                            companyId, RoleConstants.GUEST);
825    
826                    resourceBlockLocalService.setIndividualScopePermissions(
827                            resource.getCompanyId(), groupId, resource.getName(),
828                            permissionedModel, guestRole.getRoleId(), actionIds);
829            }
830    
831            protected void addModelResources(
832                            long companyId, long groupId, long userId, String name,
833                            String primKey, String[] groupPermissions,
834                            String[] guestPermissions, PermissionedModel permissionedModel)
835                    throws PortalException, SystemException {
836    
837                    if (!PermissionThreadLocal.isAddResource()) {
838                            return;
839                    }
840    
841                    validate(name, false);
842    
843                    // Company
844    
845                    addResource(
846                            companyId, name, ResourceConstants.SCOPE_COMPANY,
847                            String.valueOf(companyId));
848    
849                    // Guest
850    
851                    long guestGroupId = getGuestGroupId(companyId);
852    
853                    addResource(
854                            companyId, name, ResourceConstants.SCOPE_GROUP,
855                            String.valueOf(guestGroupId));
856    
857                    // Group
858    
859                    if ((groupId > 0) && (guestGroupId != groupId)) {
860                            addResource(
861                                    companyId, name, ResourceConstants.SCOPE_GROUP,
862                                    String.valueOf(groupId));
863                    }
864    
865                    if (primKey == null) {
866                            return;
867                    }
868    
869                    // Individual
870    
871                    Resource resource = addResource(
872                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
873    
874                    // Permissions
875    
876                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
877    
878                    PermissionThreadLocal.setIndexEnabled(false);
879    
880                    try {
881                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
882                                    addModelResources_6(
883                                            companyId, groupId, userId, resource, groupPermissions,
884                                            guestPermissions, permissionedModel);
885                            }
886                            else {
887                                    addModelResources_1to5(
888                                            companyId, groupId, userId, resource, groupPermissions,
889                                            guestPermissions);
890                            }
891                    }
892                    finally {
893                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
894    
895                            PermissionCacheUtil.clearCache();
896    
897                            SearchEngineUtil.updatePermissionFields(name, primKey);
898                    }
899            }
900    
901            protected void addModelResources_1to5(
902                            long companyId, long groupId, long userId, Resource resource,
903                            String[] groupPermissions, String[] guestPermissions)
904                    throws PortalException, SystemException {
905    
906                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
907    
908                    PermissionsListFilter permissionsListFilter =
909                            PermissionsListFilterFactory.getInstance();
910    
911                    List<Permission> permissionsList =
912                            permissionLocalService.addPermissions(
913                                    companyId, resource.getName(), resource.getResourceId(), false);
914    
915                    List<Permission> userPermissionsList =
916                            permissionsListFilter.filterUserPermissions(
917                                    companyId, groupId, userId, resource.getName(),
918                                    resource.getPrimKey(), false, permissionsList);
919    
920                    filterOwnerPermissions(resource.getName(), userPermissionsList);
921    
922                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
923    
924                            // Owner permissions
925    
926                            Role ownerRole = roleLocalService.getRole(
927                                    companyId, RoleConstants.OWNER);
928    
929                            rolePersistence.addPermissions(
930                                    ownerRole.getRoleId(), userPermissionsList);
931                    }
932                    else {
933    
934                            // User permissions
935    
936                            if ((userId > 0) && (userId != defaultUserId)) {
937                                    userPersistence.addPermissions(userId, userPermissionsList);
938                            }
939                    }
940    
941                    // Group permissions
942    
943                    if (groupId > 0) {
944                            if (groupPermissions == null) {
945                                    groupPermissions = new String[0];
946                            }
947    
948                            List<Permission> groupPermissionsList =
949                                    permissionLocalService.getPermissions(
950                                            companyId, groupPermissions, resource.getResourceId());
951    
952                            groupPermissionsList = permissionsListFilter.filterGroupPermissions(
953                                    companyId, groupId, userId, resource.getName(),
954                                    resource.getPrimKey(), false, groupPermissionsList);
955    
956                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
957                                    Role role = roleLocalService.getDefaultGroupRole(groupId);
958    
959                                    rolePersistence.addPermissions(
960                                            role.getRoleId(), groupPermissionsList);
961                            }
962                            else {
963                                    groupPersistence.addPermissions(groupId, groupPermissionsList);
964                            }
965                    }
966    
967                    // Guest permissions
968    
969                    if (guestPermissions == null) {
970                            guestPermissions = new String[0];
971                    }
972    
973                    List<Permission> guestPermissionsList =
974                            permissionLocalService.getPermissions(
975                                    companyId, guestPermissions, resource.getResourceId());
976    
977                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
978                            companyId, groupId, userId, resource.getName(),
979                            resource.getPrimKey(), false, guestPermissionsList);
980    
981                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
982                            Role guestRole = roleLocalService.getRole(
983                                    companyId, RoleConstants.GUEST);
984    
985                            rolePersistence.addPermissions(
986                                    guestRole.getRoleId(), guestPermissionsList);
987                    }
988                    else {
989                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
990                    }
991            }
992    
993            protected void addModelResources_6(
994                            long companyId, long groupId, long userId, Resource resource,
995                            String[] groupPermissions, String[] guestPermissions,
996                            PermissionedModel permissionedModel)
997                    throws PortalException, SystemException {
998    
999                    // Owner permissions
1000    
1001                    Role ownerRole = roleLocalService.getRole(
1002                            companyId, RoleConstants.OWNER);
1003    
1004                    List<String> ownerActionIds =
1005                            ResourceActionsUtil.getModelResourceActions(resource.getName());
1006    
1007                    ownerActionIds = ListUtil.copy(ownerActionIds);
1008    
1009                    filterOwnerActions(resource.getName(), ownerActionIds);
1010    
1011                    String[] ownerPermissions = ownerActionIds.toArray(
1012                            new String[ownerActionIds.size()]);
1013    
1014                    // Group permissions
1015    
1016                    Role defaultGroupRole = null;
1017    
1018                    if (groupId > 0) {
1019                            defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
1020    
1021                            if (groupPermissions == null) {
1022                                    groupPermissions = new String[0];
1023                            }
1024                    }
1025    
1026                    // Guest permissions
1027    
1028                    Role guestRole = roleLocalService.getRole(
1029                            companyId, RoleConstants.GUEST);
1030    
1031                    if (guestPermissions == null) {
1032                            guestPermissions = new String[0];
1033                    }
1034    
1035                    if (resourceBlockLocalService.isSupported(resource.getName())) {
1036                            if (permissionedModel == null) {
1037                                    throw new IllegalArgumentException(
1038                                            "Permissioned model is null");
1039                            }
1040    
1041                            // Scope is assumed to always be individual
1042    
1043                            resourceBlockLocalService.setIndividualScopePermissions(
1044                                    resource.getCompanyId(), groupId, resource.getName(),
1045                                    permissionedModel, ownerRole.getRoleId(), ownerActionIds);
1046    
1047                            if (groupId > 0) {
1048                                    resourceBlockLocalService.setIndividualScopePermissions(
1049                                            resource.getCompanyId(), groupId, resource.getName(),
1050                                            permissionedModel, defaultGroupRole.getRoleId(),
1051                                            Arrays.asList(groupPermissions));
1052                            }
1053    
1054                            resourceBlockLocalService.setIndividualScopePermissions(
1055                                    resource.getCompanyId(), groupId, resource.getName(),
1056                                    permissionedModel, guestRole.getRoleId(),
1057                                    Arrays.asList(guestPermissions));
1058                    }
1059                    else {
1060                            resourcePermissionLocalService.setOwnerResourcePermissions(
1061                                    resource.getCompanyId(), resource.getName(),
1062                                    resource.getScope(), resource.getPrimKey(),
1063                                    ownerRole.getRoleId(), userId, ownerPermissions);
1064    
1065                            if (groupId > 0) {
1066                                    resourcePermissionLocalService.setResourcePermissions(
1067                                            resource.getCompanyId(), resource.getName(),
1068                                            resource.getScope(), resource.getPrimKey(),
1069                                            defaultGroupRole.getRoleId(), groupPermissions);
1070                            }
1071    
1072                            resourcePermissionLocalService.setResourcePermissions(
1073                                    resource.getCompanyId(), resource.getName(),
1074                                    resource.getScope(), resource.getPrimKey(),
1075                                    guestRole.getRoleId(), guestPermissions);
1076                    }
1077            }
1078    
1079            protected Resource addResource_1to5(
1080                            long companyId, String name, int scope, String primKey)
1081                    throws SystemException {
1082    
1083                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1084                            companyId, name, scope);
1085    
1086                    long codeId = resourceCode.getCodeId();
1087    
1088                    Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
1089    
1090                    if (resource == null) {
1091                            long resourceId = counterLocalService.increment(
1092                                    Resource.class.getName());
1093    
1094                            resource = resourcePersistence.create(resourceId);
1095    
1096                            resource.setCodeId(codeId);
1097                            resource.setPrimKey(primKey);
1098    
1099                            try {
1100                                    resourcePersistence.update(resource, false);
1101                            }
1102                            catch (SystemException se) {
1103                                    if (_log.isWarnEnabled()) {
1104                                            _log.warn(
1105                                                    "Add failed, fetch {codeId=" + codeId + ", primKey=" +
1106                                                            primKey + "}");
1107                                    }
1108    
1109                                    resource = resourcePersistence.fetchByC_P(
1110                                            codeId, primKey, false);
1111    
1112                                    if (resource == null) {
1113                                            throw se;
1114                                    }
1115                            }
1116                    }
1117    
1118                    return resource;
1119            }
1120    
1121            protected Resource addResource_6(
1122                    long companyId, String name, int scope, String primKey) {
1123    
1124                    Resource resource = new ResourceImpl();
1125    
1126                    resource.setCompanyId(companyId);
1127                    resource.setName(name);
1128                    resource.setScope(scope);
1129                    resource.setPrimKey(primKey);
1130    
1131                    return resource;
1132            }
1133    
1134            protected void addResources(
1135                            long companyId, long groupId, long userId, String name,
1136                            String primKey, boolean portletActions, boolean addGroupPermissions,
1137                            boolean addGuestPermissions, PermissionedModel permissionedModel)
1138                    throws PortalException, SystemException {
1139    
1140                    if (!PermissionThreadLocal.isAddResource()) {
1141                            return;
1142                    }
1143    
1144                    validate(name, portletActions);
1145    
1146                    // Company
1147    
1148                    addResource(
1149                            companyId, name, ResourceConstants.SCOPE_COMPANY,
1150                            String.valueOf(companyId));
1151    
1152                    if (groupId > 0) {
1153                            addResource(
1154                                    companyId, name, ResourceConstants.SCOPE_GROUP,
1155                                    String.valueOf(groupId));
1156                    }
1157    
1158                    if (primKey == null) {
1159                            return;
1160                    }
1161    
1162                    // Individual
1163    
1164                    Resource resource = addResource(
1165                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1166    
1167                    // Permissions
1168    
1169                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1170    
1171                    PermissionThreadLocal.setIndexEnabled(false);
1172    
1173                    List<ResourcePermission> resourcePermissions =
1174                            resourcePermissionPersistence.findByC_N_S_P(
1175                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1176    
1177                    ResourcePermissionsThreadLocal.setResourcePermissions(
1178                            resourcePermissions);
1179    
1180                    try {
1181                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1182                                    addResources_6(
1183                                            companyId, groupId, userId, resource, portletActions,
1184                                            permissionedModel);
1185                            }
1186                            else {
1187                                    addResources_1to5(
1188                                            companyId, groupId, userId, resource, portletActions);
1189                            }
1190    
1191                            // Group permissions
1192    
1193                            if ((groupId > 0) && addGroupPermissions) {
1194                                    addGroupPermissions(
1195                                            companyId, groupId, userId, name, resource, portletActions,
1196                                            permissionedModel);
1197                            }
1198    
1199                            // Guest permissions
1200    
1201                            if (addGuestPermissions) {
1202    
1203                                    // Don't add guest permissions when you've already added group
1204                                    // permissions and the given group is the guest group.
1205    
1206                                    addGuestPermissions(
1207                                            companyId, groupId, userId, name, resource, portletActions,
1208                                            permissionedModel);
1209                            }
1210                    }
1211                    finally {
1212                            ResourcePermissionsThreadLocal.setResourcePermissions(null);
1213    
1214                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
1215    
1216                            PermissionCacheUtil.clearCache();
1217    
1218                            SearchEngineUtil.updatePermissionFields(name, primKey);
1219                    }
1220            }
1221    
1222            protected void addResources_1to5(
1223                            long companyId, long groupId, long userId, Resource resource,
1224                            boolean portletActions)
1225                    throws PortalException, SystemException {
1226    
1227                    List<Permission> permissionsList =
1228                            permissionLocalService.addPermissions(
1229                                    companyId, resource.getName(), resource.getResourceId(),
1230                                    portletActions);
1231    
1232                    PermissionsListFilter permissionsListFilter =
1233                            PermissionsListFilterFactory.getInstance();
1234    
1235                    List<Permission> userPermissionsList =
1236                            permissionsListFilter.filterUserPermissions(
1237                                    companyId, groupId, userId, resource.getName(),
1238                                    resource.getPrimKey(), portletActions, permissionsList);
1239    
1240                    filterOwnerPermissions(resource.getName(), userPermissionsList);
1241    
1242                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
1243    
1244                            // Owner permissions
1245    
1246                            Role ownerRole = roleLocalService.getRole(
1247                                    companyId, RoleConstants.OWNER);
1248    
1249                            rolePersistence.addPermissions(
1250                                    ownerRole.getRoleId(), userPermissionsList);
1251                    }
1252                    else {
1253    
1254                            // User permissions
1255    
1256                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
1257    
1258                            if ((userId > 0) && (userId != defaultUserId)) {
1259                                    userPersistence.addPermissions(userId, userPermissionsList);
1260                            }
1261                    }
1262            }
1263    
1264            protected void addResources_6(
1265                            long companyId, long groupId, long userId, Resource resource,
1266                            boolean portletActions, PermissionedModel permissionedModel)
1267                    throws PortalException, SystemException {
1268    
1269                    List<String> actionIds = null;
1270    
1271                    if (portletActions) {
1272                            actionIds = ResourceActionsUtil.getPortletResourceActions(
1273                                    resource.getName());
1274                    }
1275                    else {
1276                            actionIds = ResourceActionsUtil.getModelResourceActions(
1277                                    resource.getName());
1278    
1279                            actionIds = ListUtil.copy(actionIds);
1280    
1281                            filterOwnerActions(resource.getName(), actionIds);
1282                    }
1283    
1284                    Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
1285    
1286                    if (resourceBlockLocalService.isSupported(resource.getName())) {
1287                            if (permissionedModel == null) {
1288                                    throw new IllegalArgumentException(
1289                                            "Permissioned model is null");
1290                            }
1291    
1292                            // Scope is assumed to always be individual
1293    
1294                            resourceBlockLocalService.setIndividualScopePermissions(
1295                                    resource.getCompanyId(), groupId, resource.getName(),
1296                                    permissionedModel, role.getRoleId(), actionIds);
1297                    }
1298                    else {
1299                            resourcePermissionLocalService.setOwnerResourcePermissions(
1300                                    resource.getCompanyId(), resource.getName(),
1301                                    resource.getScope(), resource.getPrimKey(), role.getRoleId(),
1302                                    userId, actionIds.toArray(new String[actionIds.size()]));
1303                    }
1304            }
1305    
1306            protected void deleteResource(
1307                            long companyId, String name, int scope, String primKey,
1308                            PermissionedModel permissionedModel)
1309                    throws PortalException, SystemException {
1310    
1311                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1312                            if (resourceBlockLocalService.isSupported(name)) {
1313                                    if (permissionedModel == null) {
1314                                            throw new IllegalArgumentException(
1315                                                    "Permissioned model is null");
1316                                    }
1317    
1318                                    resourceBlockLocalService.releasePermissionedModelResourceBlock(
1319                                            permissionedModel);
1320    
1321                                    return;
1322                            }
1323                            else {
1324                                    resourcePermissionLocalService.deleteResourcePermissions(
1325                                            companyId, name, scope, primKey);
1326    
1327                                    return;
1328                            }
1329                    }
1330    
1331                    try {
1332                            Resource resource = getResource(companyId, name, scope, primKey);
1333    
1334                            deleteResource(resource.getResourceId());
1335                    }
1336                    catch (NoSuchResourceException nsre) {
1337                            if (_log.isWarnEnabled()) {
1338                                    _log.warn(nsre);
1339                            }
1340                    }
1341            }
1342    
1343            protected Resource fetchResource_1to5(
1344                            long companyId, String name, int scope, String primKey)
1345                    throws SystemException {
1346    
1347                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1348                            companyId, name, scope);
1349    
1350                    return resourcePersistence.fetchByC_P(
1351                            resourceCode.getCodeId(), primKey);
1352            }
1353    
1354            protected void filterOwnerActions(String name, List<String> actionIds) {
1355                    List<String> defaultOwnerActions =
1356                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1357    
1358                    if (defaultOwnerActions.isEmpty()) {
1359                            return;
1360                    }
1361    
1362                    Iterator<String> itr = actionIds.iterator();
1363    
1364                    while (itr.hasNext()) {
1365                            String actionId = itr.next();
1366    
1367                            if (!defaultOwnerActions.contains(actionId)) {
1368                                    itr.remove();
1369                            }
1370                    }
1371            }
1372    
1373            protected void filterOwnerPermissions(
1374                    String name, List<Permission> permissions) {
1375    
1376                    List<String> defaultOwnerActions =
1377                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1378    
1379                    if (defaultOwnerActions.isEmpty()) {
1380                            return;
1381                    }
1382    
1383                    Iterator<Permission> itr = permissions.iterator();
1384    
1385                    while (itr.hasNext()) {
1386                            Permission permission = itr.next();
1387    
1388                            String actionId = permission.getActionId();
1389    
1390                            if (!defaultOwnerActions.contains(actionId)) {
1391                                    itr.remove();
1392                            }
1393                    }
1394            }
1395    
1396            protected long getGroupId(AuditedModel auditedModel) {
1397                    long groupId = 0;
1398    
1399                    if (auditedModel instanceof GroupedModel) {
1400                            GroupedModel groupedModel = (GroupedModel)auditedModel;
1401    
1402                            groupId = groupedModel.getGroupId();
1403                    }
1404    
1405                    return groupId;
1406            }
1407    
1408            protected long getGuestGroupId(long companyId) throws NoSuchGroupException {
1409                    long guestGroupId = 0;
1410    
1411                    try {
1412                            Group guestGroup = groupLocalService.getGroup(
1413                                    companyId, GroupConstants.GUEST);
1414    
1415                            return guestGroup.getGroupId();
1416                    }
1417                    catch (Exception e) {
1418                            if (_log.isWarnEnabled()) {
1419                                    _log.warn(e.getMessage());
1420                            }
1421                    }
1422    
1423                    // LPS-27795
1424    
1425                    guestGroupId = getGuestGroupIdBySQL(companyId);
1426    
1427                    if (guestGroupId > 0) {
1428                            return guestGroupId;
1429                    }
1430    
1431                    StringBundler sb = new StringBundler(5);
1432    
1433                    sb.append("No Group exists with the key {companyId=");
1434                    sb.append(companyId);
1435                    sb.append(", name=");
1436                    sb.append(GroupConstants.GUEST);
1437                    sb.append("}");
1438    
1439                    throw new NoSuchGroupException(sb.toString());
1440            }
1441    
1442            protected long getGuestGroupIdBySQL(long companyId) {
1443                    Connection con = null;
1444                    PreparedStatement ps = null;
1445                    ResultSet rs = null;
1446    
1447                    try {
1448                            con = DataAccess.getConnection();
1449    
1450                            StringBundler sb = new StringBundler(5);
1451    
1452                            sb.append("select groupId from Group_ where companyId = ");
1453                            sb.append(companyId);
1454                            sb.append(" and name = '");
1455                            sb.append(GroupConstants.GUEST);
1456                            sb.append("'");
1457    
1458                            ps = con.prepareStatement(sb.toString());
1459    
1460                            rs = ps.executeQuery();
1461    
1462                            if (rs.next()) {
1463                                    return rs.getLong("groupId");
1464                            }
1465                    }
1466                    catch (SQLException sqle) {
1467                            _log.error(sqle, sqle);
1468                    }
1469                    finally {
1470                            DataAccess.cleanUp(con, ps, rs);
1471                    }
1472    
1473                    return 0;
1474            }
1475    
1476            protected PermissionedModel getPermissionedModel(
1477                    AuditedModel auditedModel) {
1478    
1479                    PermissionedModel permissionedModel = null;
1480    
1481                    if (auditedModel instanceof PermissionedModel) {
1482                            permissionedModel = (PermissionedModel)auditedModel;
1483                    }
1484    
1485                    return permissionedModel;
1486            }
1487    
1488            protected Resource getResource_1to5(
1489                            long companyId, String name, int scope, String primKey)
1490                    throws PortalException, SystemException {
1491    
1492                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1493                            companyId, name, scope);
1494    
1495                    return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1496            }
1497    
1498            protected Resource getResource_6(
1499                    long companyId, String name, int scope, String primKey) {
1500    
1501                    Resource resource = new ResourceImpl();
1502    
1503                    resource.setCompanyId(companyId);
1504                    resource.setName(name);
1505                    resource.setScope(scope);
1506                    resource.setPrimKey(primKey);
1507    
1508                    return resource;
1509            }
1510    
1511            protected void updateResources(
1512                            long companyId, long groupId, String name, String primKey,
1513                            String[] groupPermissions, String[] guestPermissions,
1514                            PermissionedModel permissionedModel)
1515                    throws PortalException, SystemException {
1516    
1517                    Resource resource = getResource(
1518                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1519    
1520                    if (groupPermissions == null) {
1521                            groupPermissions = new String[0];
1522                    }
1523    
1524                    if (guestPermissions == null) {
1525                            guestPermissions = new String[0];
1526                    }
1527    
1528                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1529                            if (resourceBlockLocalService.isSupported(name)) {
1530                                    updateResources_6Blocks(
1531                                            companyId, groupId, resource, groupPermissions,
1532                                            guestPermissions, permissionedModel);
1533                            }
1534                            else {
1535                                    updateResources_6(
1536                                            companyId, groupId, resource, groupPermissions,
1537                                            guestPermissions);
1538                            }
1539                    }
1540                    else {
1541                            updateResources_1to5(
1542                                    companyId, groupId, resource, groupPermissions,
1543                                    guestPermissions);
1544                    }
1545            }
1546    
1547            protected void updateResources_1to5(
1548                            long companyId, long groupId, Resource resource,
1549                            String[] groupPermissions, String[] guestPermissions)
1550                    throws PortalException, SystemException {
1551    
1552                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1553    
1554                    permissionLocalService.setRolePermissions(
1555                            role.getRoleId(), groupPermissions, resource.getResourceId());
1556    
1557                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1558    
1559                    permissionLocalService.setRolePermissions(
1560                            role.getRoleId(), guestPermissions, resource.getResourceId());
1561            }
1562    
1563            protected void updateResources_1to5(
1564                            long companyId, String name, int scope, String primKey,
1565                            String newPrimKey)
1566                    throws PortalException, SystemException {
1567    
1568                    Resource resource = getResource(companyId, name, scope, primKey);
1569    
1570                    resource.setPrimKey(newPrimKey);
1571    
1572                    resourcePersistence.update(resource, false);
1573            }
1574    
1575            protected void updateResources_6(
1576                            long companyId, long groupId, Resource resource,
1577                            String[] groupPermissions, String[] guestPermissions)
1578                    throws PortalException, SystemException {
1579    
1580                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1581    
1582                    resourcePermissionLocalService.setResourcePermissions(
1583                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1584                            resource.getPrimKey(), role.getRoleId(), groupPermissions);
1585    
1586                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1587    
1588                    resourcePermissionLocalService.setResourcePermissions(
1589                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1590                            resource.getPrimKey(), role.getRoleId(), guestPermissions);
1591            }
1592    
1593            protected void updateResources_6(
1594                            long companyId, String name, int scope, String primKey,
1595                            String newPrimKey)
1596                    throws SystemException {
1597    
1598                    List<ResourcePermission> resourcePermissions =
1599                            resourcePermissionLocalService.getResourcePermissions(
1600                                    companyId, name, scope, primKey);
1601    
1602                    for (ResourcePermission resourcePermission : resourcePermissions) {
1603                            resourcePermission.setPrimKey(newPrimKey);
1604    
1605                            resourcePermissionPersistence.update(resourcePermission, false);
1606                    }
1607            }
1608    
1609            protected void updateResources_6Blocks(
1610                            long companyId, long groupId, Resource resource,
1611                            String[] groupPermissions, String[] guestPermissions,
1612                            PermissionedModel permissionedModel)
1613                    throws PortalException, SystemException {
1614    
1615                    if (permissionedModel == null) {
1616                            throw new IllegalArgumentException("Permissioned model is null");
1617                    }
1618    
1619                    // Scope is assumed to always be individual
1620    
1621                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1622    
1623                    resourceBlockLocalService.setIndividualScopePermissions(
1624                            companyId, groupId, resource.getName(), permissionedModel,
1625                            role.getRoleId(), Arrays.asList(groupPermissions));
1626    
1627                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1628    
1629                    resourceBlockLocalService.setIndividualScopePermissions(
1630                            companyId, groupId, resource.getName(), permissionedModel,
1631                            role.getRoleId(), Arrays.asList(guestPermissions));
1632            }
1633    
1634            protected void validate(String name, boolean portletActions)
1635                    throws PortalException {
1636    
1637                    List<String> actions = null;
1638    
1639                    if (portletActions) {
1640                            actions = ResourceActionsUtil.getPortletResourceActions(name);
1641                    }
1642                    else {
1643                            actions = ResourceActionsUtil.getModelResourceActions(name);
1644                    }
1645    
1646                    if (actions.size() == 0) {
1647                            throw new ResourceActionsException(
1648                                    "There are no actions associated with the resource " + name);
1649                    }
1650            }
1651    
1652            private static Log _log = LogFactoryUtil.getLog(
1653                    ResourceLocalServiceImpl.class);
1654    
1655    }