001
014
015 package com.liferay.portlet.rolesadmin.action;
016
017 import com.liferay.portal.NoSuchRoleException;
018 import com.liferay.portal.RolePermissionsException;
019 import com.liferay.portal.kernel.servlet.SessionErrors;
020 import com.liferay.portal.kernel.servlet.SessionMessages;
021 import com.liferay.portal.kernel.util.ArrayUtil;
022 import com.liferay.portal.kernel.util.Constants;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.ParamUtil;
026 import com.liferay.portal.kernel.util.StringUtil;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.ResourceConstants;
030 import com.liferay.portal.model.Role;
031 import com.liferay.portal.model.RoleConstants;
032 import com.liferay.portal.security.auth.PrincipalException;
033 import com.liferay.portal.security.permission.ResourceActionsUtil;
034 import com.liferay.portal.security.permission.comparator.ActionComparator;
035 import com.liferay.portal.service.PermissionServiceUtil;
036 import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
037 import com.liferay.portal.service.ResourceBlockServiceUtil;
038 import com.liferay.portal.service.ResourcePermissionServiceUtil;
039 import com.liferay.portal.service.RoleLocalServiceUtil;
040 import com.liferay.portal.struts.PortletAction;
041 import com.liferay.portal.theme.ThemeDisplay;
042 import com.liferay.portal.util.PortalUtil;
043 import com.liferay.portal.util.PropsValues;
044 import com.liferay.portal.util.WebKeys;
045
046 import java.util.HashMap;
047 import java.util.List;
048 import java.util.Map;
049
050 import javax.portlet.ActionRequest;
051 import javax.portlet.ActionResponse;
052 import javax.portlet.PortletConfig;
053 import javax.portlet.RenderRequest;
054 import javax.portlet.RenderResponse;
055
056 import org.apache.struts.action.ActionForm;
057 import org.apache.struts.action.ActionForward;
058 import org.apache.struts.action.ActionMapping;
059
060
065 public class EditRolePermissionsAction extends PortletAction {
066
067 @Override
068 public void processAction(
069 ActionMapping actionMapping, ActionForm actionForm,
070 PortletConfig portletConfig, ActionRequest actionRequest,
071 ActionResponse actionResponse)
072 throws Exception {
073
074 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
075
076 try {
077 if (cmd.equals("actions")) {
078 updateActions(actionRequest, actionResponse);
079 }
080 else if (cmd.equals("delete_permission")) {
081 deletePermission(actionRequest, actionResponse);
082 }
083 }
084 catch (Exception e) {
085 if (e instanceof NoSuchRoleException ||
086 e instanceof PrincipalException ||
087 e instanceof RolePermissionsException) {
088
089 SessionErrors.add(actionRequest, e.getClass());
090
091 setForward(actionRequest, "portlet.roles_admin.error");
092 }
093 else {
094 throw e;
095 }
096 }
097 }
098
099 @Override
100 public ActionForward render(
101 ActionMapping actionMapping, ActionForm actionForm,
102 PortletConfig portletConfig, RenderRequest renderRequest,
103 RenderResponse renderResponse)
104 throws Exception {
105
106 try {
107 ActionUtil.getRole(renderRequest);
108 }
109 catch (Exception e) {
110 if (e instanceof NoSuchRoleException ||
111 e instanceof PrincipalException) {
112
113 SessionErrors.add(renderRequest, e.getClass());
114
115 return actionMapping.findForward("portlet.roles_admin.error");
116 }
117 else {
118 throw e;
119 }
120 }
121
122 return actionMapping.findForward(
123 getForward(
124 renderRequest, "portlet.roles_admin.edit_role_permissions"));
125 }
126
127 protected void deletePermission(
128 ActionRequest actionRequest, ActionResponse actionResponse)
129 throws Exception {
130
131 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
132 WebKeys.THEME_DISPLAY);
133
134 long roleId = ParamUtil.getLong(actionRequest, "roleId");
135 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
136 String name = ParamUtil.getString(actionRequest, "name");
137 int scope = ParamUtil.getInteger(actionRequest, "scope");
138 String primKey = ParamUtil.getString(actionRequest, "primKey");
139 String actionId = ParamUtil.getString(actionRequest, "actionId");
140
141 Role role = RoleLocalServiceUtil.getRole(roleId);
142
143 String roleName = role.getName();
144
145 if (roleName.equals(RoleConstants.ADMINISTRATOR) ||
146 roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
147 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
148 roleName.equals(RoleConstants.OWNER) ||
149 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
150 roleName.equals(RoleConstants.SITE_OWNER)) {
151
152 throw new RolePermissionsException(roleName);
153 }
154
155 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
156 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
157 if (scope == ResourceConstants.SCOPE_GROUP) {
158 ResourceBlockServiceUtil.removeGroupScopePermission(
159 themeDisplay.getScopeGroupId(),
160 themeDisplay.getCompanyId(),
161 GetterUtil.getLong(primKey), name, roleId, actionId);
162 }
163 else {
164 ResourceBlockServiceUtil.removeCompanyScopePermission(
165 themeDisplay.getScopeGroupId(),
166 themeDisplay.getCompanyId(), name, roleId, actionId);
167 }
168 }
169 else {
170 ResourcePermissionServiceUtil.removeResourcePermission(
171 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
172 name, scope, primKey, roleId, actionId);
173 }
174 }
175 else {
176 PermissionServiceUtil.unsetRolePermission(
177 roleId, themeDisplay.getScopeGroupId(), permissionId);
178 }
179
180
181
182 SessionMessages.add(actionRequest, "permissionDeleted");
183
184 String redirect = PortalUtil.escapeRedirect(
185 ParamUtil.getString(actionRequest, "redirect"));
186
187 if (Validator.isNotNull(redirect)) {
188 actionResponse.sendRedirect(redirect);
189 }
190 }
191
192 protected void updateAction_1to5(
193 Role role, long groupId, String selResource, String actionId,
194 boolean selected, int scope, String[] groupIds)
195 throws Exception {
196
197 long roleId = role.getRoleId();
198
199 if (selected) {
200 if (scope == ResourceConstants.SCOPE_COMPANY) {
201 PermissionServiceUtil.setRolePermission(
202 roleId, groupId, selResource, scope,
203 String.valueOf(role.getCompanyId()), actionId);
204 }
205 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
206 PermissionServiceUtil.setRolePermission(
207 roleId, groupId, selResource,
208 ResourceConstants.SCOPE_GROUP_TEMPLATE,
209 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
210 actionId);
211 }
212 else {
213 PermissionServiceUtil.unsetRolePermissions(
214 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
215 actionId);
216
217 for (String curGroupId : groupIds) {
218 PermissionServiceUtil.setRolePermission(
219 roleId, groupId, selResource,
220 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
221 }
222 }
223 }
224 else {
225
226
227
228 PermissionServiceUtil.unsetRolePermissions(
229 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
230 actionId);
231
232 PermissionServiceUtil.unsetRolePermissions(
233 roleId, groupId, selResource,
234 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
235
236 PermissionServiceUtil.unsetRolePermissions(
237 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
238 actionId);
239 }
240 }
241
242 protected void updateAction_6(
243 Role role, long groupId, String selResource, String actionId,
244 boolean selected, int scope, String[] groupIds)
245 throws Exception {
246
247 long companyId = role.getCompanyId();
248 long roleId = role.getRoleId();
249
250 if (selected) {
251 if (scope == ResourceConstants.SCOPE_COMPANY) {
252 ResourcePermissionServiceUtil.addResourcePermission(
253 groupId, companyId, selResource, scope,
254 String.valueOf(role.getCompanyId()), roleId, actionId);
255 }
256 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
257 ResourcePermissionServiceUtil.addResourcePermission(
258 groupId, companyId, selResource,
259 ResourceConstants.SCOPE_GROUP_TEMPLATE,
260 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
261 roleId, actionId);
262 }
263 else if (scope == ResourceConstants.SCOPE_GROUP) {
264 ResourcePermissionServiceUtil.removeResourcePermissions(
265 groupId, companyId, selResource,
266 ResourceConstants.SCOPE_GROUP, roleId, actionId);
267
268 for (String curGroupId : groupIds) {
269 ResourcePermissionServiceUtil.addResourcePermission(
270 groupId, companyId, selResource,
271 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
272 actionId);
273 }
274 }
275 }
276 else {
277
278
279
280 ResourcePermissionServiceUtil.removeResourcePermissions(
281 groupId, companyId, selResource,
282 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
283
284 ResourcePermissionServiceUtil.removeResourcePermissions(
285 groupId, companyId, selResource,
286 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
287
288 ResourcePermissionServiceUtil.removeResourcePermissions(
289 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
290 roleId, actionId);
291 }
292 }
293
294 protected void updateActions(
295 ActionRequest actionRequest, ActionResponse actionResponse)
296 throws Exception {
297
298 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
299 WebKeys.THEME_DISPLAY);
300
301 long roleId = ParamUtil.getLong(actionRequest, "roleId");
302
303 Role role = RoleLocalServiceUtil.getRole(roleId);
304
305 String roleName = role.getName();
306
307 if (roleName.equals(RoleConstants.ADMINISTRATOR) ||
308 roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
309 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
310 roleName.equals(RoleConstants.OWNER) ||
311 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
312 roleName.equals(RoleConstants.SITE_OWNER)) {
313
314 throw new RolePermissionsException(roleName);
315 }
316
317 String portletResource = ParamUtil.getString(
318 actionRequest, "portletResource");
319 String[] modelResources = StringUtil.split(
320 ParamUtil.getString(actionRequest, "modelResources"));
321 boolean showModelResources = ParamUtil.getBoolean(
322 actionRequest, "showModelResources");
323
324 Map<String, List<String>> resourceActionsMap =
325 new HashMap<String, List<String>>();
326
327 if (showModelResources) {
328 for (String modelResource : modelResources) {
329 resourceActionsMap.put(
330 modelResource,
331 ResourceActionsUtil.getResourceActions(
332 null, modelResource));
333 }
334 }
335 else if (Validator.isNotNull(portletResource)) {
336 resourceActionsMap.put(
337 portletResource,
338 ResourceActionsUtil.getResourceActions(portletResource, null));
339 }
340
341 String[] selectedTargets = StringUtil.split(
342 ParamUtil.getString(actionRequest, "selectedTargets"));
343
344 for (Map.Entry<String, List<String>> entry :
345 resourceActionsMap.entrySet()) {
346
347 String selResource = entry.getKey();
348 List<String> actions = entry.getValue();
349
350 actions = ListUtil.sort(
351 actions, new ActionComparator(themeDisplay.getLocale()));
352
353 for (String actionId : actions) {
354 String target = selResource + actionId;
355
356 boolean selected = ArrayUtil.contains(selectedTargets, target);
357
358 String[] groupIds = StringUtil.split(
359 ParamUtil.getString(actionRequest, "groupIds" + target));
360
361 groupIds = ArrayUtil.distinct(groupIds);
362
363 int scope = ResourceConstants.SCOPE_COMPANY;
364
365 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
366 (role.getType() == RoleConstants.TYPE_PROVIDER) ||
367 (role.getType() == RoleConstants.TYPE_SITE)) {
368
369 scope = ResourceConstants.SCOPE_GROUP_TEMPLATE;
370 }
371 else {
372 if (groupIds.length > 0) {
373 scope = ResourceConstants.SCOPE_GROUP;
374 }
375 }
376
377 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
378 if (ResourceBlockLocalServiceUtil.isSupported(
379 selResource)) {
380
381 updateActions_6Blocks(
382 role, themeDisplay.getScopeGroupId(), selResource,
383 actionId, selected, scope, groupIds);
384 }
385 else {
386 updateAction_6(
387 role, themeDisplay.getScopeGroupId(), selResource,
388 actionId, selected, scope, groupIds);
389 }
390 }
391 else {
392 updateAction_1to5(
393 role, themeDisplay.getScopeGroupId(), selResource,
394 actionId, selected, scope, groupIds);
395 }
396 }
397 }
398
399
400
401 SessionMessages.add(actionRequest, "permissionsUpdated");
402
403 String redirect = PortalUtil.escapeRedirect(
404 ParamUtil.getString(actionRequest, "redirect"));
405
406 if (Validator.isNotNull(redirect)) {
407 redirect = redirect + "&" + Constants.CMD + "=" + Constants.VIEW;
408
409 actionResponse.sendRedirect(redirect);
410 }
411 }
412
413 protected void updateActions_6Blocks(
414 Role role, long scopeGroupId, String selResource, String actionId,
415 boolean selected, int scope, String[] groupIds)
416 throws Exception {
417
418 long companyId = role.getCompanyId();
419 long roleId = role.getRoleId();
420
421 if (selected) {
422 if (scope == ResourceConstants.SCOPE_GROUP) {
423 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
424 scopeGroupId, companyId, selResource, roleId, actionId);
425 ResourceBlockServiceUtil.removeCompanyScopePermission(
426 scopeGroupId, companyId, selResource, roleId, actionId);
427
428 for (String groupId : groupIds) {
429 ResourceBlockServiceUtil.addGroupScopePermission(
430 scopeGroupId, companyId, GetterUtil.getLong(groupId),
431 selResource, roleId, actionId);
432 }
433 }
434 else {
435 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
436 scopeGroupId, companyId, selResource, roleId, actionId);
437 ResourceBlockServiceUtil.addCompanyScopePermission(
438 scopeGroupId, companyId, selResource, roleId, actionId);
439 }
440 }
441 else {
442 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
443 scopeGroupId, companyId, selResource, roleId, actionId);
444 ResourceBlockServiceUtil.removeCompanyScopePermission(
445 scopeGroupId, companyId, selResource, roleId, actionId);
446 }
447 }
448
449 }