1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.NoSuchPermissionException;
18  import com.liferay.portal.PortalException;
19  import com.liferay.portal.SystemException;
20  import com.liferay.portal.kernel.log.Log;
21  import com.liferay.portal.kernel.log.LogFactoryUtil;
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.kernel.util.ListUtil;
24  import com.liferay.portal.kernel.util.Validator;
25  import com.liferay.portal.model.Group;
26  import com.liferay.portal.model.OrgGroupPermission;
27  import com.liferay.portal.model.Organization;
28  import com.liferay.portal.model.Permission;
29  import com.liferay.portal.model.Resource;
30  import com.liferay.portal.model.ResourceCode;
31  import com.liferay.portal.model.ResourceConstants;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.model.UserGroup;
35  import com.liferay.portal.security.permission.PermissionCacheUtil;
36  import com.liferay.portal.security.permission.PermissionCheckerBag;
37  import com.liferay.portal.security.permission.ResourceActionsUtil;
38  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
39  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
40  import com.liferay.portal.util.PropsValues;
41  import com.liferay.portal.util.comparator.PermissionComparator;
42  
43  import java.util.ArrayList;
44  import java.util.HashSet;
45  import java.util.Iterator;
46  import java.util.List;
47  import java.util.Set;
48  
49  import org.apache.commons.lang.time.StopWatch;
50  
51  /**
52   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
53   *
54   * @author Charles May
55   * @author Brian Wing Shun Chan
56   * @author Raymond Augé
57   */
58  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
59  
60      public Permission addPermission(
61              long companyId, String actionId, long resourceId)
62          throws SystemException {
63  
64          Permission permission = permissionPersistence.fetchByA_R(
65              actionId, resourceId);
66  
67          if (permission == null) {
68              long permissionId = counterLocalService.increment(
69                  Permission.class.getName());
70  
71              permission = permissionPersistence.create(permissionId);
72  
73              permission.setCompanyId(companyId);
74              permission.setActionId(actionId);
75              permission.setResourceId(resourceId);
76  
77              permissionPersistence.update(permission, false);
78          }
79  
80          return permission;
81      }
82  
83      public List<Permission> addPermissions(
84              long companyId, String name, long resourceId,
85              boolean portletActions)
86          throws SystemException {
87  
88          List<String> actionIds = null;
89  
90          if (portletActions) {
91              actionIds = ResourceActionsUtil.getPortletResourceActions(name);
92          }
93          else {
94              actionIds = ResourceActionsUtil.getModelResourceActions(name);
95          }
96  
97          return addPermissions(companyId, actionIds, resourceId);
98      }
99  
100     public List<Permission> addPermissions(
101             long companyId, List<String> actionIds, long resourceId)
102         throws SystemException {
103 
104         List<Permission> permissions = permissionPersistence.findByResourceId(
105             resourceId);
106 
107         permissions = ListUtil.copy(permissions);
108 
109         Set<String> actionIdsSet = new HashSet<String>();
110 
111         for (Permission permission : permissions) {
112             actionIdsSet.add(permission.getActionId());
113         }
114 
115         for (String actionId : actionIds) {
116             if (actionIdsSet.contains(actionId)) {
117                 continue;
118             }
119 
120             long permissionId = counterLocalService.increment(
121                 Permission.class.getName());
122 
123             Permission permission = permissionPersistence.create(permissionId);
124 
125             permission.setCompanyId(companyId);
126             permission.setActionId(actionId);
127             permission.setResourceId(resourceId);
128 
129             try {
130                 permissionPersistence.update(permission, false);
131             }
132             catch (SystemException se) {
133                 if (_log.isWarnEnabled()) {
134                     _log.warn(
135                         "Add failed, fetch {actionId=" + actionId +
136                             ", resourceId=" + resourceId + "}");
137                 }
138 
139                 permission = permissionPersistence.fetchByA_R(
140                     actionId, resourceId, false);
141 
142                 if (permission == null) {
143                     throw se;
144                 }
145             }
146 
147             permissions.add(permission);
148         }
149 
150         return permissions;
151     }
152 
153     public void addUserPermissions(
154             long userId, String[] actionIds, long resourceId)
155         throws PortalException, SystemException {
156 
157         User user = userPersistence.findByPrimaryKey(userId);
158 
159         List<Permission> permissions = permissionFinder.findByU_R(
160             userId, resourceId);
161 
162         permissions = getPermissions(
163             user.getCompanyId(), actionIds, resourceId);
164 
165         userPersistence.addPermissions(userId, permissions);
166 
167         PermissionCacheUtil.clearCache();
168     }
169 
170     public List<String> getActions(List<Permission> permissions) {
171         List<String> actionIds = new ArrayList<String>();
172 
173         Iterator<Permission> itr = permissions.iterator();
174 
175         while (itr.hasNext()) {
176             Permission permission = itr.next();
177 
178             actionIds.add(permission.getActionId());
179         }
180 
181         return actionIds;
182     }
183 
184     public List<Permission> getGroupPermissions(long groupId, long resourceId)
185         throws SystemException {
186 
187         return permissionFinder.findByG_R(groupId, resourceId);
188     }
189 
190     public List<Permission> getGroupPermissions(
191             long groupId, long companyId, String name, int scope,
192             String primKey)
193         throws SystemException {
194 
195         return permissionFinder.findByG_C_N_S_P(
196             groupId, companyId, name, scope, primKey);
197     }
198 
199     public List<Permission> getOrgGroupPermissions(
200             long organizationId, long groupId, long resourceId)
201         throws SystemException {
202 
203         return permissionFinder.findByO_G_R(
204             organizationId, groupId, resourceId);
205     }
206 
207     public long getLatestPermissionId() throws SystemException {
208         List<Permission> permissions = permissionPersistence.findAll(
209             0, 1, new PermissionComparator());
210 
211         if (permissions.size() == 0) {
212             return 0;
213         }
214         else {
215             Permission permission = permissions.get(0);
216 
217             return permission.getPermissionId();
218         }
219     }
220 
221     public List<Permission> getPermissions(
222             long companyId, String[] actionIds, long resourceId)
223         throws SystemException {
224 
225         List<Permission> permissions = new ArrayList<Permission>();
226 
227         for (int i = 0; i < actionIds.length; i++) {
228             Permission permission = addPermission(
229                 companyId, actionIds[i], resourceId);
230 
231             permissions.add(permission);
232         }
233 
234         return permissions;
235     }
236 
237     public List<Permission> getRolePermissions(long roleId)
238         throws SystemException {
239 
240         return rolePersistence.getPermissions(roleId);
241     }
242 
243     public List<Permission> getRolePermissions(long roleId, long resourceId)
244         throws SystemException {
245 
246         return permissionFinder.findByR_R(roleId, resourceId);
247     }
248 
249     public List<Permission> getUserPermissions(long userId, long resourceId)
250         throws SystemException {
251 
252         return permissionFinder.findByU_R(userId, resourceId);
253     }
254 
255     public List<Permission> getUserPermissions(
256             long userId, long companyId, String name, int scope, String primKey)
257         throws SystemException {
258 
259         return permissionFinder.findByU_C_N_S_P(
260             userId, companyId, name, scope, primKey);
261     }
262 
263     public boolean hasGroupPermission(
264             long groupId, String actionId, long resourceId)
265         throws SystemException {
266 
267         Permission permission = permissionPersistence.fetchByA_R(
268             actionId, resourceId);
269 
270         // Return false if there is no permission based on the given action
271         // id and resource id
272 
273         if (permission == null) {
274             return false;
275         }
276 
277         return groupPersistence.containsPermission(
278             groupId, permission.getPermissionId());
279     }
280 
281     public boolean hasRolePermission(
282             long roleId, long companyId, String name, int scope,
283             String actionId)
284         throws SystemException {
285 
286         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
287             companyId, name, scope);
288 
289         List<Resource> resources = resourcePersistence.findByCodeId(
290             resourceCode.getCodeId());
291 
292         for (Resource resource : resources) {
293             Permission permission = permissionPersistence.fetchByA_R(
294                 actionId, resource.getResourceId());
295 
296             if (permission != null) {
297                 if (rolePersistence.containsPermission(
298                         roleId, permission.getPermissionId())) {
299 
300                     return true;
301                 }
302             }
303         }
304 
305         return false;
306     }
307 
308     public boolean hasRolePermission(
309             long roleId, long companyId, String name, int scope, String primKey,
310             String actionId)
311         throws SystemException {
312 
313         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
314             companyId, name, scope);
315 
316         Resource resource = resourcePersistence.fetchByC_P(
317             resourceCode.getCodeId(), primKey);
318 
319         if (resource == null) {
320             return false;
321         }
322 
323         Permission permission = permissionPersistence.fetchByA_R(
324             actionId, resource.getResourceId());
325 
326         if (permission == null) {
327             return false;
328         }
329 
330         return rolePersistence.containsPermission(
331             roleId, permission.getPermissionId());
332     }
333 
334     public boolean hasUserPermission(
335             long userId, String actionId, long resourceId)
336         throws SystemException {
337 
338         Permission permission = permissionPersistence.fetchByA_R(
339             actionId, resourceId);
340 
341         // Return false if there is no permission based on the given action
342         // id and resource id
343 
344         if (permission == null) {
345             return false;
346         }
347 
348         return userPersistence.containsPermission(
349             userId, permission.getPermissionId());
350     }
351 
352     public boolean hasUserPermissions(
353             long userId, long groupId, List<Resource> resources,
354             String actionId, PermissionCheckerBag permissionCheckerBag)
355         throws PortalException, SystemException {
356 
357         StopWatch stopWatch = null;
358 
359         if (_log.isDebugEnabled()) {
360             stopWatch = new StopWatch();
361 
362             stopWatch.start();
363         }
364 
365         int block = 1;
366 
367         // Return false if there are no resources
368 
369         if (Validator.isNull(actionId) || resources.isEmpty()) {
370             return false;
371         }
372 
373         long[] resourceIds = null;
374 
375         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
376             resourceIds = new long[resources.size()];
377 
378             for (int i = 0; i < resources.size(); i++) {
379                 Resource resource = resources.get(i);
380 
381                 resourceIds[i] = resource.getResourceId();
382             }
383         }
384 
385         List<Permission> permissions = null;
386 
387         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
388             permissions = permissionFinder.findByA_R(actionId, resourceIds);
389 
390             // Return false if there are no permissions
391 
392             if (permissions.size() == 0) {
393                 return false;
394             }
395         }
396 
397         // Record logs with the first resource id
398 
399         long resourceId = 0;
400 
401         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
402             resourceId = resourceIds[0];
403         }
404         else {
405             resourceId = resources.get(0).getResourceId();
406         }
407 
408         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
409 
410         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
411         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
412         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
413         //List<Group> userUserGroupGroups =
414         //  permissionCheckerBag.getUserUserGroupGroups();
415         List<Group> groups = permissionCheckerBag.getGroups();
416         List<Role> roles = permissionCheckerBag.getRoles();
417 
418         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
419 
420         // Check the organization and community intersection table. Break out of
421         // this method if the user has one of the permissions set at the
422         // intersection because that takes priority.
423 
424         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
425         //  return true;
426         //}
427 
428         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
429 
430         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
431             return hasUserPermissions_1(
432                 userId, resourceId, actionId, permissions, groups, groupId,
433                 stopWatch, block);
434         }
435         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
436             return hasUserPermissions_2(
437                 userId, resourceId, actionId, permissions, groups, groupId,
438                 stopWatch, block);
439         }
440         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
441             return hasUserPermissions_3(
442                 userId, resourceId, actionId, permissions, groups, roles,
443                 stopWatch, block);
444         }
445         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
446             return hasUserPermissions_4(
447                 userId, resourceId, actionId, permissions, groups, roles,
448                 stopWatch, block);
449         }
450         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
451             return hasUserPermissions_5(
452                 userId, resourceId, actionId, permissions, roles, stopWatch,
453                 block);
454         }
455         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
456             return hasUserPermissions_6(
457                 userId, resourceId, resources, actionId, roles, stopWatch,
458                 block);
459         }
460 
461         return false;
462     }
463 
464     public void setGroupPermissions(
465             long groupId, String[] actionIds, long resourceId)
466         throws PortalException, SystemException {
467 
468         Group group = groupPersistence.findByPrimaryKey(groupId);
469 
470         List<Permission> permissions = permissionFinder.findByG_R(
471             groupId, resourceId);
472 
473         for (Permission permission : permissions) {
474             groupPersistence.removePermission(groupId, permission);
475         }
476 
477         permissions = getPermissions(
478             group.getCompanyId(), actionIds, resourceId);
479 
480         groupPersistence.addPermissions(groupId, permissions);
481 
482         PermissionCacheUtil.clearCache();
483     }
484 
485     public void setGroupPermissions(
486             String className, String classPK, long groupId,
487             String[] actionIds, long resourceId)
488         throws PortalException, SystemException {
489 
490         long associatedGroupId = 0;
491 
492         if (className.equals(Organization.class.getName())) {
493             long organizationId = GetterUtil.getLong(classPK);
494 
495             Organization organization =
496                 organizationPersistence.findByPrimaryKey(organizationId);
497 
498             orgGroupPermissionFinder.removeByO_G_R(
499                 organizationId, groupId, resourceId);
500 
501             associatedGroupId = organization.getGroup().getGroupId();
502         }
503         else if (className.equals(UserGroup.class.getName())) {
504             long userGroupId = GetterUtil.getLong(classPK);
505 
506             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
507                 userGroupId);
508 
509             associatedGroupId = userGroup.getGroup().getGroupId();
510         }
511 
512         setGroupPermissions(associatedGroupId, actionIds, resourceId);
513     }
514 
515     public void setOrgGroupPermissions(
516             long organizationId, long groupId, String[] actionIds,
517             long resourceId)
518         throws PortalException, SystemException {
519 
520         Organization organization =
521             organizationPersistence.findByPrimaryKey(organizationId);
522 
523         long orgGroupId = organization.getGroup().getGroupId();
524 
525         List<Permission> permissions = permissionPersistence.findByResourceId(
526             resourceId);
527 
528         for (Permission permission : permissions) {
529             groupPersistence.removePermission(orgGroupId, permission);
530         }
531 
532         permissions = getPermissions(
533             organization.getCompanyId(), actionIds, resourceId);
534 
535         orgGroupPermissionFinder.removeByO_G_R(
536             organizationId, groupId, resourceId);
537 
538         for (Permission permission : permissions) {
539             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
540                 organizationId, groupId, permission.getPermissionId());
541 
542             OrgGroupPermission orgGroupPermission =
543                 orgGroupPermissionPersistence.create(pk);
544 
545             orgGroupPermissionPersistence.update(orgGroupPermission, false);
546         }
547 
548         PermissionCacheUtil.clearCache();
549     }
550 
551     public void setRolePermission(
552             long roleId, long companyId, String name, int scope, String primKey,
553             String actionId)
554         throws PortalException, SystemException {
555 
556         if (scope == ResourceConstants.SCOPE_COMPANY) {
557 
558             // Remove group permission
559 
560             unsetRolePermissions(
561                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
562                 actionId);
563         }
564         else if (scope == ResourceConstants.SCOPE_GROUP) {
565 
566             // Remove company permission
567 
568             unsetRolePermissions(
569                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
570                 actionId);
571         }
572         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
573             throw new NoSuchPermissionException();
574         }
575 
576         Resource resource = resourceLocalService.addResource(
577             companyId, name, scope, primKey);
578 
579         Permission permission = permissionPersistence.fetchByA_R(
580             actionId, resource.getResourceId());
581 
582         if (permission == null) {
583             long permissionId = counterLocalService.increment(
584                 Permission.class.getName());
585 
586             permission = permissionPersistence.create(permissionId);
587 
588             permission.setCompanyId(companyId);
589             permission.setActionId(actionId);
590             permission.setResourceId(resource.getResourceId());
591 
592             permissionPersistence.update(permission, false);
593         }
594 
595         rolePersistence.addPermission(roleId, permission);
596 
597         PermissionCacheUtil.clearCache();
598     }
599 
600     public void setRolePermissions(
601             long roleId, long companyId, String name, int scope, String primKey,
602             String[] actionIds)
603         throws PortalException, SystemException {
604 
605         for (int i = 0; i < actionIds.length; i++) {
606             String actionId = actionIds[i];
607 
608             setRolePermission(
609                 roleId, companyId, name, scope, primKey, actionId);
610         }
611     }
612 
613     public void setRolePermissions(
614             long roleId, String[] actionIds, long resourceId)
615         throws PortalException, SystemException {
616 
617         Role role = rolePersistence.findByPrimaryKey(roleId);
618 
619         List<Permission> permissions = permissionFinder.findByR_R(
620             roleId, resourceId);
621 
622         rolePersistence.removePermissions(roleId, permissions);
623 
624         permissions = getPermissions(
625             role.getCompanyId(), actionIds, resourceId);
626 
627         rolePersistence.addPermissions(roleId, permissions);
628 
629         PermissionCacheUtil.clearCache();
630     }
631 
632     public void setUserPermissions(
633             long userId, String[] actionIds, long resourceId)
634         throws PortalException, SystemException {
635 
636         User user = userPersistence.findByPrimaryKey(userId);
637 
638         List<Permission> permissions = permissionFinder.findByU_R(
639             userId, resourceId);
640 
641         userPersistence.removePermissions(userId, permissions);
642 
643         permissions = getPermissions(
644             user.getCompanyId(), actionIds, resourceId);
645 
646         userPersistence.addPermissions(userId, permissions);
647 
648         PermissionCacheUtil.clearCache();
649     }
650 
651     public void unsetRolePermission(long roleId, long permissionId)
652         throws SystemException {
653 
654         Permission permission = permissionPersistence.fetchByPrimaryKey(
655             permissionId);
656 
657         if (permission != null) {
658             rolePersistence.removePermission(roleId, permission);
659         }
660 
661         PermissionCacheUtil.clearCache();
662     }
663 
664     public void unsetRolePermission(
665             long roleId, long companyId, String name, int scope, String primKey,
666             String actionId)
667         throws SystemException {
668 
669         ResourceCode resourceCode =
670             resourceCodeLocalService.getResourceCode(
671                 companyId, name, scope);
672 
673         Resource resource = resourcePersistence.fetchByC_P(
674             resourceCode.getCodeId(), primKey);
675 
676         if (resource != null) {
677             Permission permission = permissionPersistence.fetchByA_R(
678                 actionId, resource.getResourceId());
679 
680             if (permission != null) {
681                 rolePersistence.removePermission(roleId, permission);
682             }
683         }
684 
685         PermissionCacheUtil.clearCache();
686     }
687 
688     public void unsetRolePermissions(
689             long roleId, long companyId, String name, int scope,
690             String actionId)
691         throws SystemException {
692 
693         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
694             companyId, name, scope);
695 
696         List<Resource> resources = resourcePersistence.findByCodeId(
697             resourceCode.getCodeId());
698 
699         for (Resource resource : resources) {
700             Permission permission = permissionPersistence.fetchByA_R(
701                 actionId, resource.getResourceId());
702 
703             if (permission != null) {
704                 rolePersistence.removePermission(roleId, permission);
705             }
706         }
707 
708         PermissionCacheUtil.clearCache();
709     }
710 
711     public void unsetUserPermissions(
712             long userId, String[] actionIds, long resourceId)
713         throws SystemException {
714 
715         List<Permission> permissions = permissionFinder.findByU_A_R(
716             userId, actionIds, resourceId);
717 
718         userPersistence.removePermissions(userId, permissions);
719 
720         PermissionCacheUtil.clearCache();
721     }
722 
723     protected boolean checkOrgGroupPermission(
724             List<Organization> organizations, List<Group> groups,
725             List<Permission> permissions)
726         throws PortalException, SystemException {
727 
728         for (Permission permission : permissions) {
729             if (checkOrgGroupPermission(organizations, groups, permission)) {
730                 return true;
731             }
732         }
733 
734         return false;
735     }
736 
737     protected boolean checkOrgGroupPermission(
738             List<Organization> organizations, List<Group> groups,
739             Permission permission)
740         throws PortalException, SystemException {
741 
742         // Do not check for an OrgGroupPermission intersection unless there is
743         // at least one organization and one group to check
744 
745         if ((organizations.size() == 0) || (groups.size() == 0)) {
746             return false;
747         }
748 
749         // Do not check unless the OrgGroupPermission intersection contains at
750         // least one permission
751 
752         List<OrgGroupPermission> orgGroupPermissions =
753             orgGroupPermissionPersistence.findByPermissionId(
754                 permission.getPermissionId());
755 
756         if (orgGroupPermissions.size() == 0) {
757             return false;
758         }
759 
760         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
761             if (orgGroupPermission.containsOrganization(organizations) &&
762                 orgGroupPermission.containsGroup(groups)) {
763 
764                 return true;
765             }
766         }
767 
768         // Throw an exception so that we do not continue checking permissions.
769         // The user has a specific permission given in the OrgGroupPermission
770         // intersection that prohibits him from going further.
771 
772         throw new NoSuchPermissionException(
773             "User has a permission in OrgGroupPermission that does not match");
774     }
775 
776     protected boolean hasUserPermissions_1(
777             long userId, long resourceId, String actionId,
778             List<Permission> permissions, List<Group> groups, long groupId,
779             StopWatch stopWatch, int block)
780         throws SystemException {
781 
782         // Is the user connected to one of the permissions via group or
783         // organization roles?
784 
785         if (groups.size() > 0) {
786             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
787                 return true;
788             }
789         }
790 
791         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
792 
793         // Is the user associated with groups or organizations that are directly
794         // connected to one of the permissions?
795 
796         if (groups.size() > 0) {
797             if (permissionFinder.countByGroupsPermissions(
798                     permissions, groups) > 0) {
799 
800                 return true;
801             }
802         }
803 
804         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
805 
806         // Is the user connected to one of the permissions via user roles?
807 
808         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
809             return true;
810         }
811 
812         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
813 
814         // Is the user connected to one of the permissions via user group roles?
815 
816         if (permissionFinder.countByUserGroupRole(
817                 permissions, userId, groupId) > 0) {
818 
819             return true;
820         }
821 
822         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
823 
824         // Is the user directly connected to one of the permissions?
825 
826         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
827             return true;
828         }
829 
830         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
831 
832         return false;
833     }
834 
835     protected boolean hasUserPermissions_2(
836             long userId, long resourceId, String actionId,
837             List<Permission> permissions, List<Group> groups, long groupId,
838             StopWatch stopWatch, int block)
839         throws SystemException {
840 
841         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
842         // countByUserGroupRole, and countByUsersPermissions in one method
843 
844         if (permissionFinder.containsPermissions_2(
845                 permissions, userId, groups, groupId)) {
846 
847             return true;
848         }
849 
850         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
851 
852         return false;
853     }
854 
855     protected boolean hasUserPermissions_3(
856             long userId, long resourceId, String actionId,
857             List<Permission> permissions, List<Group> groups, List<Role> roles,
858             StopWatch stopWatch, int block)
859         throws SystemException {
860 
861         // Is the user associated with groups or organizations that are directly
862         // connected to one of the permissions?
863 
864         if (groups.size() > 0) {
865             if (permissionFinder.countByGroupsPermissions(
866                     permissions, groups) > 0) {
867 
868                 return true;
869             }
870         }
871 
872         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
873 
874         // Is the user associated with a role that is directly connected to one
875         // of the permissions?
876 
877         if (roles.size() > 0) {
878             if (permissionFinder.countByRolesPermissions(
879                     permissions, roles) > 0) {
880 
881                 return true;
882             }
883         }
884 
885         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
886 
887         // Is the user directly connected to one of the permissions?
888 
889         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
890             return true;
891         }
892 
893         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
894 
895         return false;
896     }
897 
898     protected boolean hasUserPermissions_4(
899             long userId, long resourceId, String actionId,
900             List<Permission> permissions, List<Group> groups, List<Role> roles,
901             StopWatch stopWatch, int block)
902         throws SystemException {
903 
904         // Call countByGroupsPermissions, countByRolesPermissions, and
905         // countByUsersPermissions in one method
906 
907         if (permissionFinder.containsPermissions_4(
908                 permissions, userId, groups, roles)) {
909 
910             return true;
911         }
912 
913         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
914 
915         return false;
916     }
917 
918     protected boolean hasUserPermissions_5(
919             long userId, long resourceId, String actionId,
920             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
921             int block)
922         throws SystemException {
923 
924         if (roles.size() > 0) {
925             if (permissionFinder.countByRolesPermissions(
926                     permissions, roles) > 0) {
927 
928                 return true;
929             }
930         }
931 
932         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
933 
934         return false;
935     }
936 
937     protected boolean hasUserPermissions_6(
938             long userId, long resourceId, List<Resource> resources,
939             String actionId, List<Role> roles, StopWatch stopWatch,
940             int block)
941         throws PortalException, SystemException {
942 
943         // Iterate the list of resources in reverse order to test permissions
944         // from company scope to individual scope because it is more likely that
945         // a permission is assigned at a higher scope. Optimizing this method
946         // to one SQL call may actually slow things down since most of the calls
947         // will pull from the cache after the first request.
948 
949         for (int i = resources.size() - 1; i >= 0; i--) {
950             Resource resource = resources.get(i);
951 
952             for (Role role : roles) {
953                 if (resourcePermissionLocalService.hasResourcePermission(
954                         resource.getCompanyId(), resource.getName(),
955                         resource.getScope(), resource.getPrimKey(),
956                         role.getRoleId(), actionId)) {
957 
958                     return true;
959                 }
960             }
961         }
962 
963         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
964 
965         return false;
966     }
967 
968     protected void logHasUserPermissions(
969         long userId, long resourceId, String actionId, StopWatch stopWatch,
970         int block) {
971 
972         if (!_log.isDebugEnabled()) {
973             return;
974         }
975 
976         _log.debug(
977             "Checking user permissions block " + block + " for " + userId +
978                 " " + resourceId + " " + actionId + " takes " +
979                     stopWatch.getTime() + " ms");
980     }
981 
982     private static Log _log = LogFactoryUtil.getLog(
983         PermissionLocalServiceImpl.class);
984 
985 }