001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.NoSuchGroupException;
018 import com.liferay.portal.NoSuchResourceException;
019 import com.liferay.portal.ResourceActionsException;
020 import com.liferay.portal.kernel.dao.jdbc.DataAccess;
021 import com.liferay.portal.kernel.exception.PortalException;
022 import com.liferay.portal.kernel.exception.SystemException;
023 import com.liferay.portal.kernel.log.Log;
024 import com.liferay.portal.kernel.log.LogFactoryUtil;
025 import com.liferay.portal.kernel.search.SearchEngineUtil;
026 import com.liferay.portal.kernel.util.ListUtil;
027 import com.liferay.portal.kernel.util.StringBundler;
028 import com.liferay.portal.model.AuditedModel;
029 import com.liferay.portal.model.ClassedModel;
030 import com.liferay.portal.model.Group;
031 import com.liferay.portal.model.GroupConstants;
032 import com.liferay.portal.model.GroupedModel;
033 import com.liferay.portal.model.Permission;
034 import com.liferay.portal.model.PermissionedModel;
035 import com.liferay.portal.model.Resource;
036 import com.liferay.portal.model.ResourceCode;
037 import com.liferay.portal.model.ResourceConstants;
038 import com.liferay.portal.model.ResourcePermission;
039 import com.liferay.portal.model.Role;
040 import com.liferay.portal.model.RoleConstants;
041 import com.liferay.portal.model.impl.ResourceImpl;
042 import com.liferay.portal.security.permission.PermissionCacheUtil;
043 import com.liferay.portal.security.permission.PermissionThreadLocal;
044 import com.liferay.portal.security.permission.PermissionsListFilter;
045 import com.liferay.portal.security.permission.PermissionsListFilterFactory;
046 import com.liferay.portal.security.permission.ResourceActionsUtil;
047 import com.liferay.portal.service.ServiceContext;
048 import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
049 import com.liferay.portal.util.PropsValues;
050 import com.liferay.portal.util.ResourcePermissionsThreadLocal;
051 import com.liferay.portal.util.comparator.ResourceComparator;
052
053 import java.sql.Connection;
054 import java.sql.PreparedStatement;
055 import java.sql.ResultSet;
056 import java.sql.SQLException;
057
058 import java.util.Arrays;
059 import java.util.Iterator;
060 import java.util.List;
061
062
114 public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
115
116
161 @Override
162 public void addModelResources(
163 AuditedModel auditedModel, ServiceContext serviceContext)
164 throws PortalException, SystemException {
165
166 ClassedModel classedModel = (ClassedModel)auditedModel;
167
168 if (serviceContext.isAddGroupPermissions() ||
169 serviceContext.isAddGuestPermissions()) {
170
171 addResources(
172 auditedModel.getCompanyId(), getGroupId(auditedModel),
173 auditedModel.getUserId(), classedModel.getModelClassName(),
174 String.valueOf(classedModel.getPrimaryKeyObj()), false,
175 serviceContext.isAddGroupPermissions(),
176 serviceContext.isAddGuestPermissions(),
177 getPermissionedModel(auditedModel));
178 }
179 else {
180 if (serviceContext.isDeriveDefaultPermissions()) {
181 serviceContext.deriveDefaultPermissions(
182 getGroupId(auditedModel), classedModel.getModelClassName());
183 }
184
185 addModelResources(
186 auditedModel.getCompanyId(), getGroupId(auditedModel),
187 auditedModel.getUserId(), classedModel.getModelClassName(),
188 String.valueOf(classedModel.getPrimaryKeyObj()),
189 serviceContext.getGroupPermissions(),
190 serviceContext.getGuestPermissions(),
191 getPermissionedModel(auditedModel));
192 }
193 }
194
195
213 @Override
214 public void addModelResources(
215 long companyId, long groupId, long userId, String name,
216 long primKey, String[] groupPermissions, String[] guestPermissions)
217 throws PortalException, SystemException {
218
219 addModelResources(
220 companyId, groupId, userId, name, String.valueOf(primKey),
221 groupPermissions, guestPermissions, null);
222 }
223
224
242 @Override
243 public void addModelResources(
244 long companyId, long groupId, long userId, String name,
245 String primKey, String[] groupPermissions,
246 String[] guestPermissions)
247 throws PortalException, SystemException {
248
249 addModelResources(
250 companyId, groupId, userId, name, primKey, groupPermissions,
251 guestPermissions, null);
252 }
253
254 @Override
255 public Resource addResource(
256 long companyId, String name, int scope, String primKey)
257 throws SystemException {
258
259 if (!PermissionThreadLocal.isAddResource()) {
260 return null;
261 }
262
263 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
264 return addResource_6(companyId, name, scope, primKey);
265 }
266 else {
267 return addResource_1to5(companyId, name, scope, primKey);
268 }
269 }
270
271
292 @Override
293 public void addResources(
294 long companyId, long groupId, long userId, String name,
295 long primKey, boolean portletActions, boolean addGroupPermissions,
296 boolean addGuestPermissions)
297 throws PortalException, SystemException {
298
299 addResources(
300 companyId, groupId, userId, name, String.valueOf(primKey),
301 portletActions, addGroupPermissions, addGuestPermissions, null);
302 }
303
304
325 @Override
326 public void addResources(
327 long companyId, long groupId, long userId, String name,
328 String primKey, boolean portletActions, boolean addGroupPermissions,
329 boolean addGuestPermissions)
330 throws PortalException, SystemException {
331
332 addResources(
333 companyId, groupId, userId, name, primKey, portletActions,
334 addGroupPermissions, addGuestPermissions, null);
335 }
336
337
351 @Override
352 public void addResources(
353 long companyId, long groupId, String name, boolean portletActions)
354 throws PortalException, SystemException {
355
356 addResources(
357 companyId, groupId, 0, name, null, portletActions, false, false);
358 }
359
360
369 @Override
370 public void deleteResource(AuditedModel auditedModel, int scope)
371 throws PortalException, SystemException {
372
373 ClassedModel classedModel = (ClassedModel)auditedModel;
374
375 deleteResource(
376 auditedModel.getCompanyId(), classedModel.getModelClassName(),
377 scope, String.valueOf(classedModel.getPrimaryKeyObj()),
378 getPermissionedModel(auditedModel));
379 }
380
381 @Override
382 public Resource deleteResource(long resourceId) throws SystemException {
383 Resource resource = null;
384
385 try {
386 resource = resourcePersistence.findByPrimaryKey(resourceId);
387
388 deleteResource(resource);
389 }
390 catch (NoSuchResourceException nsre) {
391 if (_log.isWarnEnabled()) {
392 _log.warn(nsre);
393 }
394 }
395
396 return resource;
397 }
398
399
411 @Override
412 public void deleteResource(
413 long companyId, String name, int scope, long primKey)
414 throws PortalException, SystemException {
415
416 deleteResource(companyId, name, scope, String.valueOf(primKey), null);
417 }
418
419
431 @Override
432 public void deleteResource(
433 long companyId, String name, int scope, String primKey)
434 throws PortalException, SystemException {
435
436 deleteResource(companyId, name, scope, primKey, null);
437 }
438
439 @Override
440 public Resource deleteResource(Resource resource) throws SystemException {
441
442
443
444 List<Permission> permissions = permissionPersistence.findByResourceId(
445 resource.getResourceId());
446
447 for (Permission permission : permissions) {
448 orgGroupPermissionPersistence.removeByPermissionId(
449 permission.getPermissionId());
450 }
451
452 permissionPersistence.removeByResourceId(resource.getResourceId());
453
454
455
456 return resourcePersistence.remove(resource);
457 }
458
459 @Override
460 public void deleteResources(String name) throws SystemException {
461 List<Resource> resources = resourceFinder.findByName(name);
462
463 for (Resource resource : resources) {
464 deleteResource(resource);
465 }
466 }
467
468 @Override
469 public Resource fetchResource(
470 long companyId, String name, int scope, String primKey)
471 throws SystemException {
472
473 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
474 return getResource_6(companyId, name, scope, primKey);
475 }
476 else {
477 return fetchResource_1to5(companyId, name, scope, primKey);
478 }
479 }
480
481 @Override
482 public long getLatestResourceId() throws SystemException {
483 List<Resource> resources = resourcePersistence.findAll(
484 0, 1, new ResourceComparator());
485
486 if (resources.size() == 0) {
487 return 0;
488 }
489 else {
490 Resource resource = resources.get(0);
491
492 return resource.getResourceId();
493 }
494 }
495
496
509 @Override
510 public Resource getResource(
511 long companyId, String name, int scope, String primKey)
512 throws PortalException, SystemException {
513
514 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
515 return getResource_6(companyId, name, scope, primKey);
516 }
517 else {
518 return getResource_1to5(companyId, name, scope, primKey);
519 }
520 }
521
522 @Override
523 public List<Resource> getResources() throws SystemException {
524 return resourcePersistence.findAll();
525 }
526
527
537 @Override
538 public void updateModelResources(
539 AuditedModel auditedModel, ServiceContext serviceContext)
540 throws PortalException, SystemException {
541
542 ClassedModel classedModel = (ClassedModel)auditedModel;
543
544 updateResources(
545 auditedModel.getCompanyId(), getGroupId(auditedModel),
546 classedModel.getModelClassName(),
547 String.valueOf(classedModel.getPrimaryKeyObj()),
548 serviceContext.getGroupPermissions(),
549 serviceContext.getGuestPermissions(),
550 getPermissionedModel(auditedModel));
551 }
552
553
567 @Override
568 public void updateResources(
569 long companyId, long groupId, String name, long primKey,
570 String[] groupPermissions, String[] guestPermissions)
571 throws PortalException, SystemException {
572
573 updateResources(
574 companyId, groupId, name, String.valueOf(primKey), groupPermissions,
575 guestPermissions, null);
576 }
577
578
592 @Override
593 public void updateResources(
594 long companyId, long groupId, String name, String primKey,
595 String[] groupPermissions, String[] guestPermissions)
596 throws PortalException, SystemException {
597
598 updateResources(
599 companyId, groupId, name, primKey, groupPermissions,
600 guestPermissions, null);
601 }
602
603
618 @Override
619 public void updateResources(
620 long companyId, String name, int scope, String primKey,
621 String newPrimKey)
622 throws PortalException, SystemException {
623
624 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
625 if (resourceBlockLocalService.isSupported(name)) {
626
627
628
629
630
631 }
632 else {
633 updateResources_6(companyId, name, scope, primKey, newPrimKey);
634 }
635 }
636 else {
637 updateResources_1to5(companyId, name, scope, primKey, newPrimKey);
638 }
639 }
640
641 protected void addGroupPermissions(
642 long companyId, long groupId, long userId, String name,
643 Resource resource, boolean portletActions,
644 PermissionedModel permissionedModel)
645 throws PortalException, SystemException {
646
647 List<String> actions = null;
648
649 if (portletActions) {
650 actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
651 name);
652 }
653 else {
654 actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
655 name);
656 }
657
658 String[] actionIds = actions.toArray(new String[actions.size()]);
659
660 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
661 if (resourceBlockLocalService.isSupported(name)) {
662 addGroupPermissions_6Blocks(
663 groupId, resource, actions, permissionedModel);
664 }
665 else {
666 addGroupPermissions_6(groupId, resource, actionIds);
667 }
668 }
669 else {
670 addGroupPermissions_1to5(
671 companyId, groupId, userId, name, resource, portletActions,
672 actionIds);
673 }
674 }
675
676 protected void addGroupPermissions_1to5(
677 long companyId, long groupId, long userId, String name,
678 Resource resource, boolean portletActions, String[] actionIds)
679 throws PortalException, SystemException {
680
681 long resourceId = resource.getResourceId();
682 String primKey = resource.getPrimKey();
683
684 List<Permission> groupPermissionsList =
685 permissionLocalService.getPermissions(
686 companyId, actionIds, resourceId);
687
688 PermissionsListFilter permissionsListFilter =
689 PermissionsListFilterFactory.getInstance();
690
691 groupPermissionsList = permissionsListFilter.filterGroupPermissions(
692 companyId, groupId, userId, name, primKey, portletActions,
693 groupPermissionsList);
694
695 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
696 Role role = roleLocalService.getDefaultGroupRole(groupId);
697
698 rolePersistence.addPermissions(
699 role.getRoleId(), groupPermissionsList);
700 }
701 else {
702 groupPersistence.addPermissions(groupId, groupPermissionsList);
703 }
704 }
705
706 protected void addGroupPermissions_6(
707 long groupId, Resource resource, String[] actionIds)
708 throws PortalException, SystemException {
709
710 Role role = roleLocalService.getDefaultGroupRole(groupId);
711
712 resourcePermissionLocalService.setResourcePermissions(
713 resource.getCompanyId(), resource.getName(), resource.getScope(),
714 resource.getPrimKey(), role.getRoleId(), actionIds);
715 }
716
717 protected void addGroupPermissions_6Blocks(
718 long groupId, Resource resource, List<String> actionIds,
719 PermissionedModel permissionedModel)
720 throws PortalException, SystemException {
721
722 if (permissionedModel == null) {
723 throw new IllegalArgumentException("Permissioned model is null");
724 }
725
726
727
728 Role role = roleLocalService.getDefaultGroupRole(groupId);
729
730 resourceBlockLocalService.setIndividualScopePermissions(
731 resource.getCompanyId(), groupId, resource.getName(),
732 permissionedModel, role.getRoleId(), actionIds);
733 }
734
735 protected void addGuestPermissions(
736 long companyId, long groupId, long userId, String name,
737 Resource resource, boolean portletActions,
738 PermissionedModel permissionedModel)
739 throws PortalException, SystemException {
740
741 List<String> actions = null;
742
743 if (portletActions) {
744 actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
745 name);
746 }
747 else {
748 actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
749 name);
750 }
751
752 String[] actionIds = actions.toArray(new String[actions.size()]);
753
754 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
755 if (resourceBlockLocalService.isSupported(name)) {
756 addGuestPermissions_6Blocks(
757 companyId, groupId, resource, actions, permissionedModel);
758 }
759 else {
760 addGuestPermissions_6(companyId, resource, actionIds);
761 }
762 }
763 else {
764 addGuestPermissions_1to5(
765 companyId, groupId, userId, name, resource, portletActions,
766 actionIds);
767 }
768 }
769
770 protected void addGuestPermissions_1to5(
771 long companyId, long groupId, long userId, String name,
772 Resource resource, boolean portletActions, String[] actionIds)
773 throws PortalException, SystemException {
774
775 List<Permission> guestPermissionsList =
776 permissionLocalService.getPermissions(
777 companyId, actionIds, resource.getResourceId());
778
779 PermissionsListFilter permissionsListFilter =
780 PermissionsListFilterFactory.getInstance();
781
782 guestPermissionsList = permissionsListFilter.filterGuestPermissions(
783 companyId, groupId, userId, name, resource.getPrimKey(),
784 portletActions, guestPermissionsList);
785
786 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
787 Role guestRole = roleLocalService.getRole(
788 companyId, RoleConstants.GUEST);
789
790 rolePersistence.addPermissions(
791 guestRole.getRoleId(), guestPermissionsList);
792 }
793 else {
794 long defaultUserId = userLocalService.getDefaultUserId(companyId);
795
796 userPersistence.addPermissions(defaultUserId, guestPermissionsList);
797 }
798 }
799
800 protected void addGuestPermissions_6(
801 long companyId, Resource resource, String[] actionIds)
802 throws PortalException, SystemException {
803
804 Role guestRole = roleLocalService.getRole(
805 companyId, RoleConstants.GUEST);
806
807 resourcePermissionLocalService.setResourcePermissions(
808 resource.getCompanyId(), resource.getName(), resource.getScope(),
809 resource.getPrimKey(), guestRole.getRoleId(), actionIds);
810 }
811
812 protected void addGuestPermissions_6Blocks(
813 long companyId, long groupId, Resource resource,
814 List<String> actionIds, PermissionedModel permissionedModel)
815 throws PortalException, SystemException {
816
817 if (permissionedModel == null) {
818 throw new IllegalArgumentException("Permissioned model is null");
819 }
820
821
822
823 Role guestRole = roleLocalService.getRole(
824 companyId, RoleConstants.GUEST);
825
826 resourceBlockLocalService.setIndividualScopePermissions(
827 resource.getCompanyId(), groupId, resource.getName(),
828 permissionedModel, guestRole.getRoleId(), actionIds);
829 }
830
831 protected void addModelResources(
832 long companyId, long groupId, long userId, String name,
833 String primKey, String[] groupPermissions,
834 String[] guestPermissions, PermissionedModel permissionedModel)
835 throws PortalException, SystemException {
836
837 if (!PermissionThreadLocal.isAddResource()) {
838 return;
839 }
840
841 validate(name, false);
842
843
844
845 addResource(
846 companyId, name, ResourceConstants.SCOPE_COMPANY,
847 String.valueOf(companyId));
848
849
850
851 long guestGroupId = getGuestGroupId(companyId);
852
853 addResource(
854 companyId, name, ResourceConstants.SCOPE_GROUP,
855 String.valueOf(guestGroupId));
856
857
858
859 if ((groupId > 0) && (guestGroupId != groupId)) {
860 addResource(
861 companyId, name, ResourceConstants.SCOPE_GROUP,
862 String.valueOf(groupId));
863 }
864
865 if (primKey == null) {
866 return;
867 }
868
869
870
871 Resource resource = addResource(
872 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
873
874
875
876 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
877
878 PermissionThreadLocal.setIndexEnabled(false);
879
880 try {
881 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
882 addModelResources_6(
883 companyId, groupId, userId, resource, groupPermissions,
884 guestPermissions, permissionedModel);
885 }
886 else {
887 addModelResources_1to5(
888 companyId, groupId, userId, resource, groupPermissions,
889 guestPermissions);
890 }
891 }
892 finally {
893 PermissionThreadLocal.setIndexEnabled(flushEnabled);
894
895 PermissionCacheUtil.clearCache();
896
897 SearchEngineUtil.updatePermissionFields(name, primKey);
898 }
899 }
900
901 protected void addModelResources_1to5(
902 long companyId, long groupId, long userId, Resource resource,
903 String[] groupPermissions, String[] guestPermissions)
904 throws PortalException, SystemException {
905
906 long defaultUserId = userLocalService.getDefaultUserId(companyId);
907
908 PermissionsListFilter permissionsListFilter =
909 PermissionsListFilterFactory.getInstance();
910
911 List<Permission> permissionsList =
912 permissionLocalService.addPermissions(
913 companyId, resource.getName(), resource.getResourceId(), false);
914
915 List<Permission> userPermissionsList =
916 permissionsListFilter.filterUserPermissions(
917 companyId, groupId, userId, resource.getName(),
918 resource.getPrimKey(), false, permissionsList);
919
920 filterOwnerPermissions(resource.getName(), userPermissionsList);
921
922 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
923
924
925
926 Role ownerRole = roleLocalService.getRole(
927 companyId, RoleConstants.OWNER);
928
929 rolePersistence.addPermissions(
930 ownerRole.getRoleId(), userPermissionsList);
931 }
932 else {
933
934
935
936 if ((userId > 0) && (userId != defaultUserId)) {
937 userPersistence.addPermissions(userId, userPermissionsList);
938 }
939 }
940
941
942
943 if (groupId > 0) {
944 if (groupPermissions == null) {
945 groupPermissions = new String[0];
946 }
947
948 List<Permission> groupPermissionsList =
949 permissionLocalService.getPermissions(
950 companyId, groupPermissions, resource.getResourceId());
951
952 groupPermissionsList = permissionsListFilter.filterGroupPermissions(
953 companyId, groupId, userId, resource.getName(),
954 resource.getPrimKey(), false, groupPermissionsList);
955
956 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
957 Role role = roleLocalService.getDefaultGroupRole(groupId);
958
959 rolePersistence.addPermissions(
960 role.getRoleId(), groupPermissionsList);
961 }
962 else {
963 groupPersistence.addPermissions(groupId, groupPermissionsList);
964 }
965 }
966
967
968
969 if (guestPermissions == null) {
970 guestPermissions = new String[0];
971 }
972
973 List<Permission> guestPermissionsList =
974 permissionLocalService.getPermissions(
975 companyId, guestPermissions, resource.getResourceId());
976
977 guestPermissionsList = permissionsListFilter.filterGuestPermissions(
978 companyId, groupId, userId, resource.getName(),
979 resource.getPrimKey(), false, guestPermissionsList);
980
981 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
982 Role guestRole = roleLocalService.getRole(
983 companyId, RoleConstants.GUEST);
984
985 rolePersistence.addPermissions(
986 guestRole.getRoleId(), guestPermissionsList);
987 }
988 else {
989 userPersistence.addPermissions(defaultUserId, guestPermissionsList);
990 }
991 }
992
993 protected void addModelResources_6(
994 long companyId, long groupId, long userId, Resource resource,
995 String[] groupPermissions, String[] guestPermissions,
996 PermissionedModel permissionedModel)
997 throws PortalException, SystemException {
998
999
1000
1001 Role ownerRole = roleLocalService.getRole(
1002 companyId, RoleConstants.OWNER);
1003
1004 List<String> ownerActionIds =
1005 ResourceActionsUtil.getModelResourceActions(resource.getName());
1006
1007 ownerActionIds = ListUtil.copy(ownerActionIds);
1008
1009 filterOwnerActions(resource.getName(), ownerActionIds);
1010
1011 String[] ownerPermissions = ownerActionIds.toArray(
1012 new String[ownerActionIds.size()]);
1013
1014
1015
1016 Role defaultGroupRole = null;
1017
1018 if (groupId > 0) {
1019 defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
1020
1021 if (groupPermissions == null) {
1022 groupPermissions = new String[0];
1023 }
1024 }
1025
1026
1027
1028 Role guestRole = roleLocalService.getRole(
1029 companyId, RoleConstants.GUEST);
1030
1031 if (guestPermissions == null) {
1032 guestPermissions = new String[0];
1033 }
1034
1035 if (resourceBlockLocalService.isSupported(resource.getName())) {
1036 if (permissionedModel == null) {
1037 throw new IllegalArgumentException(
1038 "Permissioned model is null");
1039 }
1040
1041
1042
1043 resourceBlockLocalService.setIndividualScopePermissions(
1044 resource.getCompanyId(), groupId, resource.getName(),
1045 permissionedModel, ownerRole.getRoleId(), ownerActionIds);
1046
1047 if (groupId > 0) {
1048 resourceBlockLocalService.setIndividualScopePermissions(
1049 resource.getCompanyId(), groupId, resource.getName(),
1050 permissionedModel, defaultGroupRole.getRoleId(),
1051 Arrays.asList(groupPermissions));
1052 }
1053
1054 resourceBlockLocalService.setIndividualScopePermissions(
1055 resource.getCompanyId(), groupId, resource.getName(),
1056 permissionedModel, guestRole.getRoleId(),
1057 Arrays.asList(guestPermissions));
1058 }
1059 else {
1060 resourcePermissionLocalService.setOwnerResourcePermissions(
1061 resource.getCompanyId(), resource.getName(),
1062 resource.getScope(), resource.getPrimKey(),
1063 ownerRole.getRoleId(), userId, ownerPermissions);
1064
1065 if (groupId > 0) {
1066 resourcePermissionLocalService.setResourcePermissions(
1067 resource.getCompanyId(), resource.getName(),
1068 resource.getScope(), resource.getPrimKey(),
1069 defaultGroupRole.getRoleId(), groupPermissions);
1070 }
1071
1072 resourcePermissionLocalService.setResourcePermissions(
1073 resource.getCompanyId(), resource.getName(),
1074 resource.getScope(), resource.getPrimKey(),
1075 guestRole.getRoleId(), guestPermissions);
1076 }
1077 }
1078
1079 protected Resource addResource_1to5(
1080 long companyId, String name, int scope, String primKey)
1081 throws SystemException {
1082
1083 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1084 companyId, name, scope);
1085
1086 long codeId = resourceCode.getCodeId();
1087
1088 Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
1089
1090 if (resource == null) {
1091 long resourceId = counterLocalService.increment(
1092 Resource.class.getName());
1093
1094 resource = resourcePersistence.create(resourceId);
1095
1096 resource.setCodeId(codeId);
1097 resource.setPrimKey(primKey);
1098
1099 try {
1100 resourcePersistence.update(resource, false);
1101 }
1102 catch (SystemException se) {
1103 if (_log.isWarnEnabled()) {
1104 _log.warn(
1105 "Add failed, fetch {codeId=" + codeId + ", primKey=" +
1106 primKey + "}");
1107 }
1108
1109 resource = resourcePersistence.fetchByC_P(
1110 codeId, primKey, false);
1111
1112 if (resource == null) {
1113 throw se;
1114 }
1115 }
1116 }
1117
1118 return resource;
1119 }
1120
1121 protected Resource addResource_6(
1122 long companyId, String name, int scope, String primKey) {
1123
1124 Resource resource = new ResourceImpl();
1125
1126 resource.setCompanyId(companyId);
1127 resource.setName(name);
1128 resource.setScope(scope);
1129 resource.setPrimKey(primKey);
1130
1131 return resource;
1132 }
1133
1134 protected void addResources(
1135 long companyId, long groupId, long userId, String name,
1136 String primKey, boolean portletActions, boolean addGroupPermissions,
1137 boolean addGuestPermissions, PermissionedModel permissionedModel)
1138 throws PortalException, SystemException {
1139
1140 if (!PermissionThreadLocal.isAddResource()) {
1141 return;
1142 }
1143
1144 validate(name, portletActions);
1145
1146
1147
1148 addResource(
1149 companyId, name, ResourceConstants.SCOPE_COMPANY,
1150 String.valueOf(companyId));
1151
1152 if (groupId > 0) {
1153 addResource(
1154 companyId, name, ResourceConstants.SCOPE_GROUP,
1155 String.valueOf(groupId));
1156 }
1157
1158 if (primKey == null) {
1159 return;
1160 }
1161
1162
1163
1164 Resource resource = addResource(
1165 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1166
1167
1168
1169 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1170
1171 PermissionThreadLocal.setIndexEnabled(false);
1172
1173 List<ResourcePermission> resourcePermissions =
1174 resourcePermissionPersistence.findByC_N_S_P(
1175 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1176
1177 ResourcePermissionsThreadLocal.setResourcePermissions(
1178 resourcePermissions);
1179
1180 try {
1181 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1182 addResources_6(
1183 companyId, groupId, userId, resource, portletActions,
1184 permissionedModel);
1185 }
1186 else {
1187 addResources_1to5(
1188 companyId, groupId, userId, resource, portletActions);
1189 }
1190
1191
1192
1193 if ((groupId > 0) && addGroupPermissions) {
1194 addGroupPermissions(
1195 companyId, groupId, userId, name, resource, portletActions,
1196 permissionedModel);
1197 }
1198
1199
1200
1201 if (addGuestPermissions) {
1202
1203
1204
1205
1206 addGuestPermissions(
1207 companyId, groupId, userId, name, resource, portletActions,
1208 permissionedModel);
1209 }
1210 }
1211 finally {
1212 ResourcePermissionsThreadLocal.setResourcePermissions(null);
1213
1214 PermissionThreadLocal.setIndexEnabled(flushEnabled);
1215
1216 PermissionCacheUtil.clearCache();
1217
1218 SearchEngineUtil.updatePermissionFields(name, primKey);
1219 }
1220 }
1221
1222 protected void addResources_1to5(
1223 long companyId, long groupId, long userId, Resource resource,
1224 boolean portletActions)
1225 throws PortalException, SystemException {
1226
1227 List<Permission> permissionsList =
1228 permissionLocalService.addPermissions(
1229 companyId, resource.getName(), resource.getResourceId(),
1230 portletActions);
1231
1232 PermissionsListFilter permissionsListFilter =
1233 PermissionsListFilterFactory.getInstance();
1234
1235 List<Permission> userPermissionsList =
1236 permissionsListFilter.filterUserPermissions(
1237 companyId, groupId, userId, resource.getName(),
1238 resource.getPrimKey(), portletActions, permissionsList);
1239
1240 filterOwnerPermissions(resource.getName(), userPermissionsList);
1241
1242 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
1243
1244
1245
1246 Role ownerRole = roleLocalService.getRole(
1247 companyId, RoleConstants.OWNER);
1248
1249 rolePersistence.addPermissions(
1250 ownerRole.getRoleId(), userPermissionsList);
1251 }
1252 else {
1253
1254
1255
1256 long defaultUserId = userLocalService.getDefaultUserId(companyId);
1257
1258 if ((userId > 0) && (userId != defaultUserId)) {
1259 userPersistence.addPermissions(userId, userPermissionsList);
1260 }
1261 }
1262 }
1263
1264 protected void addResources_6(
1265 long companyId, long groupId, long userId, Resource resource,
1266 boolean portletActions, PermissionedModel permissionedModel)
1267 throws PortalException, SystemException {
1268
1269 List<String> actionIds = null;
1270
1271 if (portletActions) {
1272 actionIds = ResourceActionsUtil.getPortletResourceActions(
1273 resource.getName());
1274 }
1275 else {
1276 actionIds = ResourceActionsUtil.getModelResourceActions(
1277 resource.getName());
1278
1279 actionIds = ListUtil.copy(actionIds);
1280
1281 filterOwnerActions(resource.getName(), actionIds);
1282 }
1283
1284 Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
1285
1286 if (resourceBlockLocalService.isSupported(resource.getName())) {
1287 if (permissionedModel == null) {
1288 throw new IllegalArgumentException(
1289 "Permissioned model is null");
1290 }
1291
1292
1293
1294 resourceBlockLocalService.setIndividualScopePermissions(
1295 resource.getCompanyId(), groupId, resource.getName(),
1296 permissionedModel, role.getRoleId(), actionIds);
1297 }
1298 else {
1299 resourcePermissionLocalService.setOwnerResourcePermissions(
1300 resource.getCompanyId(), resource.getName(),
1301 resource.getScope(), resource.getPrimKey(), role.getRoleId(),
1302 userId, actionIds.toArray(new String[actionIds.size()]));
1303 }
1304 }
1305
1306 protected void deleteResource(
1307 long companyId, String name, int scope, String primKey,
1308 PermissionedModel permissionedModel)
1309 throws PortalException, SystemException {
1310
1311 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1312 if (resourceBlockLocalService.isSupported(name)) {
1313 if (permissionedModel == null) {
1314 throw new IllegalArgumentException(
1315 "Permissioned model is null");
1316 }
1317
1318 resourceBlockLocalService.releasePermissionedModelResourceBlock(
1319 permissionedModel);
1320
1321 return;
1322 }
1323 else {
1324 resourcePermissionLocalService.deleteResourcePermissions(
1325 companyId, name, scope, primKey);
1326
1327 return;
1328 }
1329 }
1330
1331 try {
1332 Resource resource = getResource(companyId, name, scope, primKey);
1333
1334 deleteResource(resource.getResourceId());
1335 }
1336 catch (NoSuchResourceException nsre) {
1337 if (_log.isWarnEnabled()) {
1338 _log.warn(nsre);
1339 }
1340 }
1341 }
1342
1343 protected Resource fetchResource_1to5(
1344 long companyId, String name, int scope, String primKey)
1345 throws SystemException {
1346
1347 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1348 companyId, name, scope);
1349
1350 return resourcePersistence.fetchByC_P(
1351 resourceCode.getCodeId(), primKey);
1352 }
1353
1354 protected void filterOwnerActions(String name, List<String> actionIds) {
1355 List<String> defaultOwnerActions =
1356 ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1357
1358 if (defaultOwnerActions.isEmpty()) {
1359 return;
1360 }
1361
1362 Iterator<String> itr = actionIds.iterator();
1363
1364 while (itr.hasNext()) {
1365 String actionId = itr.next();
1366
1367 if (!defaultOwnerActions.contains(actionId)) {
1368 itr.remove();
1369 }
1370 }
1371 }
1372
1373 protected void filterOwnerPermissions(
1374 String name, List<Permission> permissions) {
1375
1376 List<String> defaultOwnerActions =
1377 ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1378
1379 if (defaultOwnerActions.isEmpty()) {
1380 return;
1381 }
1382
1383 Iterator<Permission> itr = permissions.iterator();
1384
1385 while (itr.hasNext()) {
1386 Permission permission = itr.next();
1387
1388 String actionId = permission.getActionId();
1389
1390 if (!defaultOwnerActions.contains(actionId)) {
1391 itr.remove();
1392 }
1393 }
1394 }
1395
1396 protected long getGroupId(AuditedModel auditedModel) {
1397 long groupId = 0;
1398
1399 if (auditedModel instanceof GroupedModel) {
1400 GroupedModel groupedModel = (GroupedModel)auditedModel;
1401
1402 groupId = groupedModel.getGroupId();
1403 }
1404
1405 return groupId;
1406 }
1407
1408 protected long getGuestGroupId(long companyId) throws NoSuchGroupException {
1409 long guestGroupId = 0;
1410
1411 try {
1412 Group guestGroup = groupLocalService.getGroup(
1413 companyId, GroupConstants.GUEST);
1414
1415 return guestGroup.getGroupId();
1416 }
1417 catch (Exception e) {
1418 if (_log.isWarnEnabled()) {
1419 _log.warn(e.getMessage());
1420 }
1421 }
1422
1423
1424
1425 guestGroupId = getGuestGroupIdBySQL(companyId);
1426
1427 if (guestGroupId > 0) {
1428 return guestGroupId;
1429 }
1430
1431 StringBundler sb = new StringBundler(5);
1432
1433 sb.append("No Group exists with the key {companyId=");
1434 sb.append(companyId);
1435 sb.append(", name=");
1436 sb.append(GroupConstants.GUEST);
1437 sb.append("}");
1438
1439 throw new NoSuchGroupException(sb.toString());
1440 }
1441
1442 protected long getGuestGroupIdBySQL(long companyId) {
1443 Connection con = null;
1444 PreparedStatement ps = null;
1445 ResultSet rs = null;
1446
1447 try {
1448 con = DataAccess.getConnection();
1449
1450 StringBundler sb = new StringBundler(5);
1451
1452 sb.append("select groupId from Group_ where companyId = ");
1453 sb.append(companyId);
1454 sb.append(" and name = '");
1455 sb.append(GroupConstants.GUEST);
1456 sb.append("'");
1457
1458 ps = con.prepareStatement(sb.toString());
1459
1460 rs = ps.executeQuery();
1461
1462 if (rs.next()) {
1463 return rs.getLong("groupId");
1464 }
1465 }
1466 catch (SQLException sqle) {
1467 _log.error(sqle, sqle);
1468 }
1469 finally {
1470 DataAccess.cleanUp(con, ps, rs);
1471 }
1472
1473 return 0;
1474 }
1475
1476 protected PermissionedModel getPermissionedModel(
1477 AuditedModel auditedModel) {
1478
1479 PermissionedModel permissionedModel = null;
1480
1481 if (auditedModel instanceof PermissionedModel) {
1482 permissionedModel = (PermissionedModel)auditedModel;
1483 }
1484
1485 return permissionedModel;
1486 }
1487
1488 protected Resource getResource_1to5(
1489 long companyId, String name, int scope, String primKey)
1490 throws PortalException, SystemException {
1491
1492 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1493 companyId, name, scope);
1494
1495 return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1496 }
1497
1498 protected Resource getResource_6(
1499 long companyId, String name, int scope, String primKey) {
1500
1501 Resource resource = new ResourceImpl();
1502
1503 resource.setCompanyId(companyId);
1504 resource.setName(name);
1505 resource.setScope(scope);
1506 resource.setPrimKey(primKey);
1507
1508 return resource;
1509 }
1510
1511 protected void updateResources(
1512 long companyId, long groupId, String name, String primKey,
1513 String[] groupPermissions, String[] guestPermissions,
1514 PermissionedModel permissionedModel)
1515 throws PortalException, SystemException {
1516
1517 Resource resource = getResource(
1518 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1519
1520 if (groupPermissions == null) {
1521 groupPermissions = new String[0];
1522 }
1523
1524 if (guestPermissions == null) {
1525 guestPermissions = new String[0];
1526 }
1527
1528 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1529 if (resourceBlockLocalService.isSupported(name)) {
1530 updateResources_6Blocks(
1531 companyId, groupId, resource, groupPermissions,
1532 guestPermissions, permissionedModel);
1533 }
1534 else {
1535 updateResources_6(
1536 companyId, groupId, resource, groupPermissions,
1537 guestPermissions);
1538 }
1539 }
1540 else {
1541 updateResources_1to5(
1542 companyId, groupId, resource, groupPermissions,
1543 guestPermissions);
1544 }
1545 }
1546
1547 protected void updateResources_1to5(
1548 long companyId, long groupId, Resource resource,
1549 String[] groupPermissions, String[] guestPermissions)
1550 throws PortalException, SystemException {
1551
1552 Role role = roleLocalService.getDefaultGroupRole(groupId);
1553
1554 permissionLocalService.setRolePermissions(
1555 role.getRoleId(), groupPermissions, resource.getResourceId());
1556
1557 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1558
1559 permissionLocalService.setRolePermissions(
1560 role.getRoleId(), guestPermissions, resource.getResourceId());
1561 }
1562
1563 protected void updateResources_1to5(
1564 long companyId, String name, int scope, String primKey,
1565 String newPrimKey)
1566 throws PortalException, SystemException {
1567
1568 Resource resource = getResource(companyId, name, scope, primKey);
1569
1570 resource.setPrimKey(newPrimKey);
1571
1572 resourcePersistence.update(resource, false);
1573 }
1574
1575 protected void updateResources_6(
1576 long companyId, long groupId, Resource resource,
1577 String[] groupPermissions, String[] guestPermissions)
1578 throws PortalException, SystemException {
1579
1580 Role role = roleLocalService.getDefaultGroupRole(groupId);
1581
1582 resourcePermissionLocalService.setResourcePermissions(
1583 resource.getCompanyId(), resource.getName(), resource.getScope(),
1584 resource.getPrimKey(), role.getRoleId(), groupPermissions);
1585
1586 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1587
1588 resourcePermissionLocalService.setResourcePermissions(
1589 resource.getCompanyId(), resource.getName(), resource.getScope(),
1590 resource.getPrimKey(), role.getRoleId(), guestPermissions);
1591 }
1592
1593 protected void updateResources_6(
1594 long companyId, String name, int scope, String primKey,
1595 String newPrimKey)
1596 throws SystemException {
1597
1598 List<ResourcePermission> resourcePermissions =
1599 resourcePermissionLocalService.getResourcePermissions(
1600 companyId, name, scope, primKey);
1601
1602 for (ResourcePermission resourcePermission : resourcePermissions) {
1603 resourcePermission.setPrimKey(newPrimKey);
1604
1605 resourcePermissionPersistence.update(resourcePermission, false);
1606 }
1607 }
1608
1609 protected void updateResources_6Blocks(
1610 long companyId, long groupId, Resource resource,
1611 String[] groupPermissions, String[] guestPermissions,
1612 PermissionedModel permissionedModel)
1613 throws PortalException, SystemException {
1614
1615 if (permissionedModel == null) {
1616 throw new IllegalArgumentException("Permissioned model is null");
1617 }
1618
1619
1620
1621 Role role = roleLocalService.getDefaultGroupRole(groupId);
1622
1623 resourceBlockLocalService.setIndividualScopePermissions(
1624 companyId, groupId, resource.getName(), permissionedModel,
1625 role.getRoleId(), Arrays.asList(groupPermissions));
1626
1627 role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1628
1629 resourceBlockLocalService.setIndividualScopePermissions(
1630 companyId, groupId, resource.getName(), permissionedModel,
1631 role.getRoleId(), Arrays.asList(guestPermissions));
1632 }
1633
1634 protected void validate(String name, boolean portletActions)
1635 throws PortalException {
1636
1637 List<String> actions = null;
1638
1639 if (portletActions) {
1640 actions = ResourceActionsUtil.getPortletResourceActions(name);
1641 }
1642 else {
1643 actions = ResourceActionsUtil.getModelResourceActions(name);
1644 }
1645
1646 if (actions.size() == 0) {
1647 throw new ResourceActionsException(
1648 "There are no actions associated with the resource " + name);
1649 }
1650 }
1651
1652 private static Log _log = LogFactoryUtil.getLog(
1653 ResourceLocalServiceImpl.class);
1654
1655 }