1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portlet.portletconfiguration.action;
16  
17  import com.liferay.portal.kernel.servlet.SessionErrors;
18  import com.liferay.portal.kernel.servlet.SessionMessages;
19  import com.liferay.portal.kernel.util.Constants;
20  import com.liferay.portal.kernel.util.ParamUtil;
21  import com.liferay.portal.kernel.util.StringUtil;
22  import com.liferay.portal.kernel.util.Validator;
23  import com.liferay.portal.model.Layout;
24  import com.liferay.portal.model.Organization;
25  import com.liferay.portal.model.Portlet;
26  import com.liferay.portal.model.PortletConstants;
27  import com.liferay.portal.model.Resource;
28  import com.liferay.portal.model.UserGroup;
29  import com.liferay.portal.security.auth.PrincipalException;
30  import com.liferay.portal.service.PermissionServiceUtil;
31  import com.liferay.portal.service.PortletLocalServiceUtil;
32  import com.liferay.portal.service.ResourceLocalServiceUtil;
33  import com.liferay.portal.service.ResourcePermissionServiceUtil;
34  import com.liferay.portal.servlet.filters.cache.CacheUtil;
35  import com.liferay.portal.theme.ThemeDisplay;
36  import com.liferay.portal.util.PropsValues;
37  import com.liferay.portal.util.WebKeys;
38  
39  import java.util.ArrayList;
40  import java.util.Enumeration;
41  import java.util.List;
42  
43  import javax.portlet.ActionRequest;
44  import javax.portlet.ActionResponse;
45  import javax.portlet.PortletConfig;
46  import javax.portlet.RenderRequest;
47  import javax.portlet.RenderResponse;
48  
49  import org.apache.struts.action.ActionForm;
50  import org.apache.struts.action.ActionForward;
51  import org.apache.struts.action.ActionMapping;
52  
53  /**
54   * <a href="EditPermissionsAction.java.html"><b><i>View Source</i></b></a>
55   *
56   * @author Brian Wing Shun Chan
57   */
58  public class EditPermissionsAction extends EditConfigurationAction {
59  
60      public void processAction(
61              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
62              ActionRequest actionRequest, ActionResponse actionResponse)
63          throws Exception {
64  
65          String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
66  
67          try {
68              if (cmd.equals("group_permissions")) {
69                  updateGroupPermissions(actionRequest);
70              }
71              else if (cmd.equals("guest_permissions")) {
72                  updateGuestPermissions(actionRequest);
73              }
74              else if (cmd.equals("organization_permissions")) {
75                  updateOrganizationPermissions(actionRequest);
76              }
77              else if (cmd.equals("role_permissions")) {
78                  updateRolePermissions(actionRequest);
79              }
80              else if (cmd.equals("user_group_permissions")) {
81                  updateUserGroupPermissions(actionRequest);
82              }
83              else if (cmd.equals("user_permissions")) {
84                  updateUserPermissions(actionRequest);
85              }
86  
87              if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) {
88                  String redirect = ParamUtil.getString(
89                      actionRequest, "permissionsRedirect");
90  
91                  sendRedirect(actionRequest, actionResponse, redirect);
92              }
93              else {
94                  SessionMessages.add(actionRequest, "request_processed");
95              }
96          }
97          catch (Exception e) {
98              if (e instanceof PrincipalException) {
99                  SessionErrors.add(actionRequest, e.getClass().getName());
100 
101                 setForward(
102                     actionRequest, "portlet.portlet_configuration.error");
103             }
104             else {
105                 throw e;
106             }
107         }
108     }
109 
110     public ActionForward render(
111             ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
112             RenderRequest renderRequest, RenderResponse renderResponse)
113         throws Exception {
114 
115         ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
116             WebKeys.THEME_DISPLAY);
117 
118         long groupId = themeDisplay.getScopeGroupId();
119 
120         String portletResource = ParamUtil.getString(
121             renderRequest, "portletResource");
122         String modelResource = ParamUtil.getString(
123             renderRequest, "modelResource");
124         String resourcePrimKey = ParamUtil.getString(
125             renderRequest, "resourcePrimKey");
126 
127         String selResource = portletResource;
128 
129         if (Validator.isNotNull(modelResource)) {
130             selResource = modelResource;
131         }
132 
133         try {
134             PermissionServiceUtil.checkPermission(
135                 groupId, selResource, resourcePrimKey);
136         }
137         catch (PrincipalException pe) {
138             SessionErrors.add(
139                 renderRequest, PrincipalException.class.getName());
140 
141             setForward(renderRequest, "portlet.portlet_configuration.error");
142         }
143 
144         Portlet portlet = PortletLocalServiceUtil.getPortletById(
145             themeDisplay.getCompanyId(), portletResource);
146 
147         if (portlet != null) {
148             renderResponse.setTitle(getTitle(portlet, renderRequest));
149         }
150 
151         return mapping.findForward(getForward(
152             renderRequest, "portlet.portlet_configuration.edit_permissions"));
153     }
154 
155     protected String[] getActionIds(ActionRequest actionRequest, long roleId) {
156         List<String> actionIds = new ArrayList<String>();
157 
158         Enumeration<String> enu = actionRequest.getParameterNames();
159 
160         while (enu.hasMoreElements()) {
161             String name = enu.nextElement();
162 
163             if (name.startsWith(roleId + "_ACTION_")) {
164                 int pos = name.indexOf("_ACTION_");
165 
166                 String actionId = name.substring(pos + 8);
167 
168                 actionIds.add(actionId);
169             }
170         }
171 
172         return actionIds.toArray(new String[actionIds.size()]);
173     }
174 
175     protected void updateGroupPermissions(ActionRequest actionRequest)
176         throws Exception {
177 
178         Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
179 
180         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
181         long groupId = ParamUtil.getLong(actionRequest, "groupId");
182         String[] actionIds = StringUtil.split(
183             ParamUtil.getString(actionRequest, "groupIdActionIds"));
184 
185         PermissionServiceUtil.setGroupPermissions(
186             groupId, actionIds, resourceId);
187 
188         if (!layout.isPrivateLayout()) {
189             Resource resource =
190                 ResourceLocalServiceUtil.getResource(resourceId);
191 
192             if (resource.getPrimKey().startsWith(
193                     layout.getPlid() + PortletConstants.LAYOUT_SEPARATOR)) {
194 
195                 CacheUtil.clearCache(layout.getCompanyId());
196             }
197         }
198     }
199 
200     protected void updateGuestPermissions(ActionRequest actionRequest)
201         throws Exception {
202 
203         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
204             WebKeys.THEME_DISPLAY);
205 
206         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
207         String[] actionIds = StringUtil.split(
208             ParamUtil.getString(actionRequest, "guestActionIds"));
209 
210         PermissionServiceUtil.setUserPermissions(
211             themeDisplay.getDefaultUserId(), themeDisplay.getScopeGroupId(),
212             actionIds, resourceId);
213     }
214 
215     protected void updateOrganizationPermissions(ActionRequest actionRequest)
216         throws Exception {
217 
218         Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
219 
220         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
221         long organizationId = ParamUtil.getLong(
222             actionRequest, "organizationIdsPosValue");
223         String[] actionIds = StringUtil.split(
224             ParamUtil.getString(actionRequest, "organizationIdActionIds"));
225         //boolean organizationIntersection = ParamUtil.getBoolean(
226         //  actionRequest, "organizationIntersection");
227 
228         //if (!organizationIntersection) {
229             PermissionServiceUtil.setGroupPermissions(
230                 Organization.class.getName(), String.valueOf(organizationId),
231                 layout.getGroupId(), actionIds, resourceId);
232         /*}
233         else {
234             PermissionServiceUtil.setOrgGroupPermissions(
235                 organizationId, layout.getGroupId(), actionIds, resourceId);
236         }*/
237     }
238 
239     protected void updateRolePermissions(ActionRequest actionRequest)
240         throws Exception {
241 
242         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
243             updateRolePermissions_5(actionRequest);
244         }
245         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
246             updateRolePermissions_6(actionRequest);
247         }
248         else {
249             updateRolePermissions_1to4(actionRequest);
250         }
251     }
252 
253     protected void updateRolePermissions_1to4(ActionRequest actionRequest)
254         throws Exception {
255 
256         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
257             WebKeys.THEME_DISPLAY);
258 
259         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
260         long roleId = ParamUtil.getLong(actionRequest, "roleIdsPosValue");
261         String[] actionIds = StringUtil.split(
262             ParamUtil.getString(actionRequest, "roleIdActionIds"));
263 
264         PermissionServiceUtil.setRolePermissions(
265             roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
266     }
267 
268     protected void updateRolePermissions_5(ActionRequest actionRequest)
269         throws Exception {
270 
271         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
272             WebKeys.THEME_DISPLAY);
273 
274         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
275         long[] roleIds = StringUtil.split(
276             ParamUtil.getString(
277                 actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
278 
279         for (long roleId : roleIds) {
280             String[] actionIds = getActionIds(actionRequest, roleId);
281 
282             PermissionServiceUtil.setRolePermissions(
283                 roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
284         }
285     }
286 
287     protected void updateRolePermissions_6(ActionRequest actionRequest)
288         throws Exception {
289 
290         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
291             WebKeys.THEME_DISPLAY);
292 
293         String portletResource = ParamUtil.getString(
294             actionRequest, "portletResource");
295         String modelResource = ParamUtil.getString(
296             actionRequest, "modelResource");
297         long[] roleIds = StringUtil.split(
298             ParamUtil.getString(
299                 actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
300 
301         String selResource = portletResource;
302 
303         if (Validator.isNotNull(modelResource)) {
304             selResource = modelResource;
305         }
306 
307         String resourcePrimKey = ParamUtil.getString(
308             actionRequest, "resourcePrimKey");
309 
310         for (long roleId : roleIds) {
311             String[] actionIds = getActionIds(actionRequest, roleId);
312 
313             ResourcePermissionServiceUtil.setIndividualResourcePermissions(
314                 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
315                 selResource, resourcePrimKey, roleId, actionIds);
316         }
317     }
318 
319     protected void updateUserGroupPermissions(ActionRequest actionRequest)
320         throws Exception {
321 
322         Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
323 
324         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
325         long userGroupId = ParamUtil.getLong(
326             actionRequest, "userGroupIdsPosValue");
327         String[] actionIds = StringUtil.split(
328             ParamUtil.getString(actionRequest, "userGroupIdActionIds"));
329 
330         PermissionServiceUtil.setGroupPermissions(
331             UserGroup.class.getName(), String.valueOf(userGroupId),
332             layout.getGroupId(), actionIds, resourceId);
333     }
334 
335     protected void updateUserPermissions(ActionRequest actionRequest)
336         throws Exception {
337 
338         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
339             WebKeys.THEME_DISPLAY);
340 
341         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
342         long userId = ParamUtil.getLong(actionRequest, "userIdsPosValue");
343         String[] actionIds = StringUtil.split(
344             ParamUtil.getString(actionRequest, "userIdActionIds"));
345 
346         PermissionServiceUtil.setUserPermissions(
347             userId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
348     }
349 
350 }