001
014
015 package com.liferay.portal.verify;
016
017 import com.liferay.portal.kernel.dao.db.DB;
018 import com.liferay.portal.kernel.dao.db.DBFactoryUtil;
019 import com.liferay.portal.kernel.dao.orm.DynamicQuery;
020 import com.liferay.portal.kernel.dao.orm.DynamicQueryFactoryUtil;
021 import com.liferay.portal.kernel.dao.orm.EntityCacheUtil;
022 import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
023 import com.liferay.portal.kernel.dao.orm.RestrictionsFactoryUtil;
024 import com.liferay.portal.kernel.log.Log;
025 import com.liferay.portal.kernel.log.LogFactoryUtil;
026 import com.liferay.portal.kernel.util.GetterUtil;
027 import com.liferay.portal.kernel.util.StringBundler;
028 import com.liferay.portal.kernel.util.StringPool;
029 import com.liferay.portal.kernel.util.StringUtil;
030 import com.liferay.portal.model.Group;
031 import com.liferay.portal.model.Layout;
032 import com.liferay.portal.model.LayoutConstants;
033 import com.liferay.portal.model.Organization;
034 import com.liferay.portal.model.PortletConstants;
035 import com.liferay.portal.model.ResourceConstants;
036 import com.liferay.portal.model.ResourcePermission;
037 import com.liferay.portal.model.Role;
038 import com.liferay.portal.model.RoleConstants;
039 import com.liferay.portal.model.User;
040 import com.liferay.portal.model.UserGroup;
041 import com.liferay.portal.security.permission.ActionKeys;
042 import com.liferay.portal.security.permission.PermissionCacheUtil;
043 import com.liferay.portal.security.permission.ResourceActionsUtil;
044 import com.liferay.portal.service.LayoutLocalServiceUtil;
045 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
046 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
047 import com.liferay.portal.service.RoleLocalServiceUtil;
048 import com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl;
049 import com.liferay.portal.util.PortalInstances;
050 import com.liferay.portal.util.PortalUtil;
051
052 import java.util.ArrayList;
053 import java.util.List;
054
055
061 public class VerifyPermission extends VerifyProcess {
062
063 protected void checkPermissions() throws Exception {
064 List<String> modelNames = ResourceActionsUtil.getModelNames();
065
066 for (String modelName : modelNames) {
067 List<String> actionIds =
068 ResourceActionsUtil.getModelResourceActions(modelName);
069
070 ResourceActionLocalServiceUtil.checkResourceActions(
071 modelName, actionIds, true);
072 }
073
074 List<String> portletNames = ResourceActionsUtil.getPortletNames();
075
076 for (String portletName : portletNames) {
077 List<String> actionIds =
078 ResourceActionsUtil.getPortletResourceActions(portletName);
079
080 ResourceActionLocalServiceUtil.checkResourceActions(
081 portletName, actionIds, true);
082 }
083 }
084
085 protected void deleteDefaultPrivateLayoutPermissions() throws Exception {
086 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
087
088 for (long companyId : companyIds) {
089 try {
090 deleteDefaultPrivateLayoutPermissions_6(companyId);
091 }
092 catch (Exception e) {
093 if (_log.isDebugEnabled()) {
094 _log.debug(e, e);
095 }
096 }
097 }
098 }
099
100 protected void deleteDefaultPrivateLayoutPermissions_6(long companyId)
101 throws Exception {
102
103 Role role = RoleLocalServiceUtil.getRole(
104 companyId, RoleConstants.GUEST);
105
106 List<ResourcePermission> resourcePermissions =
107 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
108 role.getRoleId());
109
110 for (ResourcePermission resourcePermission : resourcePermissions) {
111 if (isPrivateLayout(
112 resourcePermission.getName(),
113 resourcePermission.getPrimKey())) {
114
115 ResourcePermissionLocalServiceUtil.deleteResourcePermission(
116 resourcePermission.getResourcePermissionId());
117 }
118 }
119 }
120
121 @Override
122 protected void doVerify() throws Exception {
123 deleteDefaultPrivateLayoutPermissions();
124
125 checkPermissions();
126 fixOrganizationRolePermissions();
127 fixUserDefaultRolePermissions();
128 }
129
130 protected void fixOrganizationRolePermissions() throws Exception {
131 DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(
132 ResourcePermission.class);
133
134 dynamicQuery.add(
135 RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
136
137 List<ResourcePermission> resourcePermissions =
138 ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
139
140 for (ResourcePermission resourcePermission : resourcePermissions) {
141 ResourcePermission groupResourcePermission = null;
142
143 try {
144 groupResourcePermission =
145 ResourcePermissionLocalServiceUtil.getResourcePermission(
146 resourcePermission.getCompanyId(),
147 Group.class.getName(), resourcePermission.getScope(),
148 resourcePermission.getPrimKey(),
149 resourcePermission.getRoleId());
150 }
151 catch (Exception e) {
152 ResourcePermissionLocalServiceUtil.setResourcePermissions(
153 resourcePermission.getCompanyId(), Group.class.getName(),
154 resourcePermission.getScope(),
155 resourcePermission.getPrimKey(),
156 resourcePermission.getRoleId(),
157 ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
158
159 groupResourcePermission =
160 ResourcePermissionLocalServiceUtil.getResourcePermission(
161 resourcePermission.getCompanyId(),
162 Group.class.getName(), resourcePermission.getScope(),
163 resourcePermission.getPrimKey(),
164 resourcePermission.getRoleId());
165 }
166
167 for (String actionId : _DEPRECATED_ORGANIZATION_ACTION_IDS) {
168 if (resourcePermission.hasActionId(actionId)) {
169 resourcePermission.removeResourceAction(actionId);
170
171 groupResourcePermission.addResourceAction(actionId);
172 }
173 }
174
175 try {
176 resourcePermission.resetOriginalValues();
177
178 ResourcePermissionLocalServiceUtil.updateResourcePermission(
179 resourcePermission);
180
181 groupResourcePermission.resetOriginalValues();
182
183 ResourcePermissionLocalServiceUtil.updateResourcePermission(
184 groupResourcePermission);
185 }
186 catch (Exception e) {
187 _log.error(e, e);
188 }
189 }
190
191 PermissionCacheUtil.clearResourceCache();
192 }
193
194 protected void fixUserDefaultRolePermissions() throws Exception {
195 long userClassNameId = PortalUtil.getClassNameId(User.class);
196 long userGroupClassNameId = PortalUtil.getClassNameId(UserGroup.class);
197
198 DB db = DBFactoryUtil.getDB();
199
200 String dbType = db.getType();
201
202 long[] companyIds = PortalInstances.getCompanyIdsBySQL();
203
204 for (long companyId : companyIds) {
205 Role powerUserRole = RoleLocalServiceUtil.getRole(
206 companyId, RoleConstants.POWER_USER);
207 Role userRole = RoleLocalServiceUtil.getRole(
208 companyId, RoleConstants.USER);
209
210 StringBundler joinSB = new StringBundler(22);
211
212 joinSB.append("ResourcePermission resourcePermission1 left outer ");
213 joinSB.append("join ResourcePermission resourcePermission2 on ");
214 joinSB.append("resourcePermission1.companyId = ");
215 joinSB.append("resourcePermission2.companyId and ");
216 joinSB.append("resourcePermission1.name = ");
217 joinSB.append("resourcePermission2.name and ");
218 joinSB.append("resourcePermission1.primKey = ");
219 joinSB.append("resourcePermission2.primKey and ");
220 joinSB.append("resourcePermission1.scope = ");
221 joinSB.append("resourcePermission2.scope and ");
222 joinSB.append("resourcePermission2.roleId = ");
223 joinSB.append(userRole.getRoleId());
224 joinSB.append(" inner join Layout on ");
225 joinSB.append("resourcePermission1.companyId = Layout.companyId ");
226 joinSB.append("and resourcePermission1.primKey like ");
227 joinSB.append("replace('[$PLID$]");
228 joinSB.append(PortletConstants.LAYOUT_SEPARATOR);
229 joinSB.append("%', '[$PLID$]', cast_text(Layout.plid)) inner ");
230 joinSB.append("join Group_ on Layout.groupId = ");
231 joinSB.append("Group_.groupId and Layout.type_ = '");
232 joinSB.append(LayoutConstants.TYPE_PORTLET);
233 joinSB.append(StringPool.APOSTROPHE);
234
235 StringBundler whereSB = new StringBundler(12);
236
237 whereSB.append("where resourcePermission1.scope = ");
238 whereSB.append(ResourceConstants.SCOPE_INDIVIDUAL);
239 whereSB.append(" and resourcePermission1.primKey like '%");
240 whereSB.append(PortletConstants.LAYOUT_SEPARATOR);
241 whereSB.append("%' and resourcePermission1.roleId = ");
242 whereSB.append(powerUserRole.getRoleId());
243 whereSB.append(" and resourcePermission2.roleId is null and ");
244 whereSB.append("(Group_.classNameId = ");
245 whereSB.append(userClassNameId);
246 whereSB.append(" or Group_.classNameId = ");
247 whereSB.append(userGroupClassNameId);
248 whereSB.append(StringPool.CLOSE_PARENTHESIS);
249
250 StringBundler sb = new StringBundler(8);
251
252 if (dbType.equals(DB.TYPE_MYSQL)) {
253 sb.append("update ");
254 sb.append(joinSB.toString());
255 sb.append(" set resourcePermission1.roleId = ");
256 sb.append(userRole.getRoleId());
257 sb.append(StringPool.SPACE);
258 sb.append(whereSB.toString());
259 }
260 else {
261 sb.append("update ResourcePermission set roleId = ");
262 sb.append(userRole.getRoleId());
263 sb.append(" where resourcePermissionId in (select ");
264 sb.append("resourcePermission1.resourcePermissionId from ");
265 sb.append(joinSB.toString());
266 sb.append(StringPool.SPACE);
267 sb.append(whereSB.toString());
268 sb.append(StringPool.CLOSE_PARENTHESIS);
269 }
270
271 runSQL(sb.toString());
272 }
273
274 EntityCacheUtil.clearCache();
275 FinderCacheUtil.clearCache();
276 }
277
278 protected boolean isPrivateLayout(String name, String primKey)
279 throws Exception {
280
281 if (!name.equals(Layout.class.getName()) &&
282 !primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
283
284 return false;
285 }
286
287 if (primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
288 primKey = StringUtil.extractFirst(
289 primKey, PortletConstants.LAYOUT_SEPARATOR);
290 }
291
292 long plid = GetterUtil.getLong(primKey);
293
294 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
295
296 if (layout.isPublicLayout() || layout.isTypeControlPanel()) {
297 return false;
298 }
299
300 return true;
301 }
302
303 private static final List<String> _DEPRECATED_ORGANIZATION_ACTION_IDS =
304 new ArrayList<String>();
305
306 private static Log _log = LogFactoryUtil.getLog(VerifyPermission.class);
307
308 static {
309 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(
310 ActionKeys.MANAGE_ARCHIVED_SETUPS);
311 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_LAYOUTS);
312 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_STAGING);
313 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.MANAGE_TEAMS);
314 _DEPRECATED_ORGANIZATION_ACTION_IDS.add(ActionKeys.PUBLISH_STAGING);
315 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("APPROVE_PROPOSAL");
316 _DEPRECATED_ORGANIZATION_ACTION_IDS.add("ASSIGN_REVIEWER");
317 }
318
319 }