001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchResourceException;
018    import com.liferay.portal.ResourceActionsException;
019    import com.liferay.portal.kernel.exception.PortalException;
020    import com.liferay.portal.kernel.exception.SystemException;
021    import com.liferay.portal.kernel.log.Log;
022    import com.liferay.portal.kernel.log.LogFactoryUtil;
023    import com.liferay.portal.kernel.search.SearchEngineUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.model.AuditedModel;
026    import com.liferay.portal.model.ClassedModel;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.GroupConstants;
029    import com.liferay.portal.model.GroupedModel;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.PermissionedModel;
032    import com.liferay.portal.model.Resource;
033    import com.liferay.portal.model.ResourceCode;
034    import com.liferay.portal.model.ResourceConstants;
035    import com.liferay.portal.model.ResourcePermission;
036    import com.liferay.portal.model.Role;
037    import com.liferay.portal.model.RoleConstants;
038    import com.liferay.portal.model.impl.ResourceImpl;
039    import com.liferay.portal.security.permission.PermissionCacheUtil;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.PermissionsListFilter;
042    import com.liferay.portal.security.permission.PermissionsListFilterFactory;
043    import com.liferay.portal.security.permission.ResourceActionsUtil;
044    import com.liferay.portal.service.ServiceContext;
045    import com.liferay.portal.service.base.ResourceLocalServiceBaseImpl;
046    import com.liferay.portal.util.PropsValues;
047    import com.liferay.portal.util.ResourcePermissionsThreadLocal;
048    import com.liferay.portal.util.comparator.ResourceComparator;
049    
050    import java.util.Arrays;
051    import java.util.Iterator;
052    import java.util.List;
053    
054    /**
055     * @author Brian Wing Shun Chan
056     * @author Wilson S. Man
057     * @author Raymond Augé
058     * @author Julio Camarero
059     * @author Connor McKay
060     */
061    public class ResourceLocalServiceImpl extends ResourceLocalServiceBaseImpl {
062    
063            public void addModelResources(
064                            AuditedModel auditedModel, ServiceContext serviceContext)
065                    throws PortalException, SystemException {
066    
067                    ClassedModel classedModel = (ClassedModel)auditedModel;
068    
069                    if (serviceContext.isAddGroupPermissions() ||
070                            serviceContext.isAddGuestPermissions()) {
071    
072                            addResources(
073                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
074                                    auditedModel.getUserId(), classedModel.getModelClassName(),
075                                    String.valueOf(classedModel.getPrimaryKeyObj()), false,
076                                    serviceContext.isAddGroupPermissions(),
077                                    serviceContext.isAddGuestPermissions(),
078                                    getPermissionedModel(auditedModel));
079                    }
080                    else {
081                            if (serviceContext.isDeriveDefaultPermissions()) {
082                                    serviceContext.deriveDefaultPermissions(
083                                            getGroupId(auditedModel), classedModel.getModelClassName());
084                            }
085    
086                            addModelResources(
087                                    auditedModel.getCompanyId(), getGroupId(auditedModel),
088                                    auditedModel.getUserId(), classedModel.getModelClassName(),
089                                    String.valueOf(classedModel.getPrimaryKeyObj()),
090                                    serviceContext.getGroupPermissions(),
091                                    serviceContext.getGuestPermissions(),
092                                    getPermissionedModel(auditedModel));
093                    }
094            }
095    
096            public void addModelResources(
097                            long companyId, long groupId, long userId, String name,
098                            long primKey, String[] groupPermissions, String[] guestPermissions)
099                    throws PortalException, SystemException {
100    
101                    addModelResources(
102                            companyId, groupId, userId, name, String.valueOf(primKey),
103                            groupPermissions, guestPermissions, null);
104            }
105    
106            public void addModelResources(
107                            long companyId, long groupId, long userId, String name,
108                            String primKey, String[] groupPermissions,
109                            String[] guestPermissions)
110                    throws PortalException, SystemException {
111    
112                    addModelResources(
113                            companyId, groupId, userId, name, primKey, groupPermissions,
114                            guestPermissions, null);
115            }
116    
117            public Resource addResource(
118                            long companyId, String name, int scope, String primKey)
119                    throws SystemException {
120    
121                    if (!PermissionThreadLocal.isAddResource()) {
122                            return null;
123                    }
124    
125                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
126                            return addResource_6(companyId, name, scope, primKey);
127                    }
128                    else {
129                            return addResource_1to5(companyId, name, scope, primKey);
130                    }
131            }
132    
133            public void addResources(
134                            long companyId, long groupId, long userId, String name,
135                            long primKey, boolean portletActions, boolean addGroupPermissions,
136                            boolean addGuestPermissions)
137                    throws PortalException, SystemException {
138    
139                    addResources(
140                            companyId, groupId, userId, name, String.valueOf(primKey),
141                            portletActions, addGroupPermissions, addGuestPermissions, null);
142            }
143    
144            public void addResources(
145                            long companyId, long groupId, long userId, String name,
146                            String primKey, boolean portletActions, boolean addGroupPermissions,
147                            boolean addGuestPermissions)
148                    throws PortalException, SystemException {
149    
150                    addResources(
151                            companyId, groupId, userId, name, primKey, portletActions,
152                            addGroupPermissions, addGuestPermissions, null);
153            }
154    
155            public void addResources(
156                            long companyId, long groupId, String name, boolean portletActions)
157                    throws PortalException, SystemException {
158    
159                    addResources(
160                            companyId, groupId, 0, name, null, portletActions, false, false);
161            }
162    
163            public void deleteResource(AuditedModel auditedModel, int scope)
164                    throws PortalException, SystemException {
165    
166                    ClassedModel classedModel = (ClassedModel)auditedModel;
167    
168                    deleteResource(
169                            auditedModel.getCompanyId(), classedModel.getModelClassName(),
170                            scope, String.valueOf(classedModel.getPrimaryKeyObj()),
171                            getPermissionedModel(auditedModel));
172            }
173    
174            @Override
175            public void deleteResource(long resourceId) throws SystemException {
176                    try {
177                            Resource resource = resourcePersistence.findByPrimaryKey(
178                                    resourceId);
179    
180                            deleteResource(resource);
181                    }
182                    catch (NoSuchResourceException nsre) {
183                            if (_log.isWarnEnabled()) {
184                                    _log.warn(nsre);
185                            }
186                    }
187            }
188    
189            public void deleteResource(
190                            long companyId, String name, int scope, long primKey)
191                    throws PortalException, SystemException {
192    
193                    deleteResource(companyId, name, scope, String.valueOf(primKey), null);
194            }
195    
196            public void deleteResource(
197                            long companyId, String name, int scope, String primKey)
198                    throws PortalException, SystemException {
199    
200                    deleteResource(companyId, name, scope, primKey, null);
201            }
202    
203            @Override
204            public void deleteResource(Resource resource) throws SystemException {
205    
206                    // Permissions
207    
208                    List<Permission> permissions = permissionPersistence.findByResourceId(
209                            resource.getResourceId());
210    
211                    for (Permission permission : permissions) {
212                            orgGroupPermissionPersistence.removeByPermissionId(
213                                    permission.getPermissionId());
214                    }
215    
216                    permissionPersistence.removeByResourceId(resource.getResourceId());
217    
218                    // Resource
219    
220                    resourcePersistence.remove(resource);
221            }
222    
223            public void deleteResources(String name) throws SystemException {
224                    List<Resource> resources = resourceFinder.findByName(name);
225    
226                    for (Resource resource : resources) {
227                            deleteResource(resource);
228                    }
229            }
230    
231            public Resource fetchResource(
232                            long companyId, String name, int scope, String primKey)
233                    throws SystemException {
234    
235                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
236                            return getResource_6(companyId, name, scope, primKey);
237                    }
238                    else {
239                            return fetchResource_1to5(companyId, name, scope, primKey);
240                    }
241            }
242    
243            public long getLatestResourceId() throws SystemException {
244                    List<Resource> resources = resourcePersistence.findAll(
245                            0, 1, new ResourceComparator());
246    
247                    if (resources.size() == 0) {
248                            return 0;
249                    }
250                    else {
251                            Resource resource = resources.get(0);
252    
253                            return resource.getResourceId();
254                    }
255            }
256    
257            @Override
258            public Resource getResource(long resourceId)
259                    throws PortalException, SystemException {
260    
261                    return resourcePersistence.findByPrimaryKey(resourceId);
262            }
263    
264            public Resource getResource(
265                            long companyId, String name, int scope, String primKey)
266                    throws PortalException, SystemException {
267    
268                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
269                            return getResource_6(companyId, name, scope, primKey);
270                    }
271                    else {
272                            return getResource_1to5(companyId, name, scope, primKey);
273                    }
274            }
275    
276            public List<Resource> getResources() throws SystemException {
277                    return resourcePersistence.findAll();
278            }
279    
280            public void updateModelResources(
281                            AuditedModel auditedModel, ServiceContext serviceContext)
282                    throws PortalException, SystemException {
283    
284                    ClassedModel classedModel = (ClassedModel)auditedModel;
285    
286                    updateResources(
287                            auditedModel.getCompanyId(), getGroupId(auditedModel),
288                            classedModel.getModelClassName(),
289                            String.valueOf(classedModel.getPrimaryKeyObj()),
290                            serviceContext.getGroupPermissions(),
291                            serviceContext.getGuestPermissions(),
292                            getPermissionedModel(auditedModel));
293            }
294    
295            public void updateResources(
296                            long companyId, long groupId, String name, long primKey,
297                            String[] groupPermissions, String[] guestPermissions)
298                    throws PortalException, SystemException {
299    
300                    updateResources(
301                            companyId, groupId, name, String.valueOf(primKey), groupPermissions,
302                            guestPermissions, null);
303            }
304    
305            public void updateResources(
306                            long companyId, long groupId, String name, String primKey,
307                            String[] groupPermissions, String[] guestPermissions)
308                    throws PortalException, SystemException {
309    
310                    updateResources(
311                            companyId, groupId, name, primKey, groupPermissions,
312                            guestPermissions, null);
313            }
314    
315            public void updateResources(
316                            long companyId, String name, int scope, String primKey,
317                            String newPrimKey)
318                    throws PortalException, SystemException {
319    
320                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
321                            if (resourceBlockLocalService.isSupported(name)) {
322    
323                                    // Assuming that this method is used when the primary key of an
324                                    // existing record is changed, then nothing needs to happen
325                                    // here, as it should still have its resource block ID.
326    
327                            }
328                            else {
329                                    updateResources_6(companyId, name, scope, primKey, newPrimKey);
330                            }
331                    }
332                    else {
333                            updateResources_1to5(companyId, name, scope, primKey, newPrimKey);
334                    }
335            }
336    
337            protected void addGroupPermissions(
338                            long companyId, long groupId, long userId, String name,
339                            Resource resource, boolean portletActions,
340                            PermissionedModel permissionedModel)
341                    throws PortalException, SystemException {
342    
343                    List<String> actions = null;
344    
345                    if (portletActions) {
346                            actions = ResourceActionsUtil.getPortletResourceGroupDefaultActions(
347                                    name);
348                    }
349                    else {
350                            actions = ResourceActionsUtil.getModelResourceGroupDefaultActions(
351                                    name);
352                    }
353    
354                    String[] actionIds = actions.toArray(new String[actions.size()]);
355    
356                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
357                            if (resourceBlockLocalService.isSupported(name)) {
358                                    addGroupPermissions_6Blocks(
359                                            groupId, resource, actions, permissionedModel);
360                            }
361                            else {
362                                    addGroupPermissions_6(groupId, resource, actionIds);
363                            }
364                    }
365                    else {
366                            addGroupPermissions_1to5(
367                                    companyId, groupId, userId, name, resource, portletActions,
368                                    actionIds);
369                    }
370            }
371    
372            protected void addGroupPermissions_1to5(
373                            long companyId, long groupId, long userId, String name,
374                            Resource resource, boolean portletActions, String[] actionIds)
375                    throws PortalException, SystemException {
376    
377                    long resourceId = resource.getResourceId();
378                    String primKey = resource.getPrimKey();
379    
380                    List<Permission> groupPermissionsList =
381                            permissionLocalService.getPermissions(
382                                    companyId, actionIds, resourceId);
383    
384                    PermissionsListFilter permissionsListFilter =
385                            PermissionsListFilterFactory.getInstance();
386    
387                    groupPermissionsList = permissionsListFilter.filterGroupPermissions(
388                            companyId, groupId, userId, name, primKey, portletActions,
389                            groupPermissionsList);
390    
391                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
392                            Role role = roleLocalService.getDefaultGroupRole(groupId);
393    
394                            rolePersistence.addPermissions(
395                                    role.getRoleId(), groupPermissionsList);
396                    }
397                    else {
398                            groupPersistence.addPermissions(groupId, groupPermissionsList);
399                    }
400            }
401    
402            protected void addGroupPermissions_6(
403                            long groupId, Resource resource, String[] actionIds)
404                    throws PortalException, SystemException {
405    
406                    Role role = roleLocalService.getDefaultGroupRole(groupId);
407    
408                    resourcePermissionLocalService.setResourcePermissions(
409                            resource.getCompanyId(), resource.getName(), resource.getScope(),
410                            resource.getPrimKey(), role.getRoleId(), actionIds);
411            }
412    
413            protected void addGroupPermissions_6Blocks(
414                            long groupId, Resource resource, List<String> actionIds,
415                            PermissionedModel permissionedModel)
416                    throws PortalException, SystemException {
417    
418                    if (permissionedModel == null) {
419                            throw new IllegalArgumentException("Permissioned model is null");
420                    }
421    
422                    // Scope is assumed to always be individual
423    
424                    Role role = roleLocalService.getDefaultGroupRole(groupId);
425    
426                    resourceBlockLocalService.setIndividualScopePermissions(
427                            resource.getCompanyId(), groupId, resource.getName(),
428                            permissionedModel, role.getRoleId(), actionIds);
429            }
430    
431            protected void addGuestPermissions(
432                            long companyId, long groupId, long userId, String name,
433                            Resource resource, boolean portletActions,
434                            PermissionedModel permissionedModel)
435                    throws PortalException, SystemException {
436    
437                    List<String> actions = null;
438    
439                    if (portletActions) {
440                            actions = ResourceActionsUtil.getPortletResourceGuestDefaultActions(
441                                    name);
442                    }
443                    else {
444                            actions = ResourceActionsUtil.getModelResourceGuestDefaultActions(
445                                    name);
446                    }
447    
448                    String[] actionIds = actions.toArray(new String[actions.size()]);
449    
450                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
451                            if (resourceBlockLocalService.isSupported(name)) {
452                                    addGuestPermissions_6Blocks(
453                                            companyId, groupId, resource, actions, permissionedModel);
454                            }
455                            else {
456                                    addGuestPermissions_6(companyId, resource, actionIds);
457                            }
458                    }
459                    else {
460                            addGuestPermissions_1to5(
461                                    companyId, groupId, userId, name, resource, portletActions,
462                                    actionIds);
463                    }
464            }
465    
466            protected void addGuestPermissions_1to5(
467                            long companyId, long groupId, long userId, String name,
468                            Resource resource, boolean portletActions, String[] actionIds)
469                    throws PortalException, SystemException {
470    
471                    List<Permission> guestPermissionsList =
472                            permissionLocalService.getPermissions(
473                                    companyId, actionIds, resource.getResourceId());
474    
475                    PermissionsListFilter permissionsListFilter =
476                            PermissionsListFilterFactory.getInstance();
477    
478                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
479                            companyId, groupId, userId, name, resource.getPrimKey(),
480                            portletActions, guestPermissionsList);
481    
482                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
483                            Role guestRole = roleLocalService.getRole(
484                                    companyId, RoleConstants.GUEST);
485    
486                            rolePersistence.addPermissions(
487                                    guestRole.getRoleId(), guestPermissionsList);
488                    }
489                    else {
490                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
491    
492                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
493                    }
494            }
495    
496            protected void addGuestPermissions_6(
497                            long companyId, Resource resource, String[] actionIds)
498                    throws PortalException, SystemException {
499    
500                    Role guestRole = roleLocalService.getRole(
501                            companyId, RoleConstants.GUEST);
502    
503                    resourcePermissionLocalService.setResourcePermissions(
504                            resource.getCompanyId(), resource.getName(), resource.getScope(),
505                            resource.getPrimKey(), guestRole.getRoleId(), actionIds);
506            }
507    
508            protected void addGuestPermissions_6Blocks(
509                            long companyId, long groupId, Resource resource,
510                            List<String> actionIds, PermissionedModel permissionedModel)
511                    throws PortalException, SystemException {
512    
513                    if (permissionedModel == null) {
514                            throw new IllegalArgumentException("Permissioned model is null");
515                    }
516    
517                    // Scope is assumed to always be individual
518    
519                    Role guestRole = roleLocalService.getRole(
520                            companyId, RoleConstants.GUEST);
521    
522                    resourceBlockLocalService.setIndividualScopePermissions(
523                            resource.getCompanyId(), groupId, resource.getName(),
524                            permissionedModel, guestRole.getRoleId(), actionIds);
525            }
526    
527            protected void addModelResources(
528                            long companyId, long groupId, long userId, String name,
529                            String primKey, String[] groupPermissions,
530                            String[] guestPermissions, PermissionedModel permissionedModel)
531                    throws PortalException, SystemException {
532    
533                    if (!PermissionThreadLocal.isAddResource()) {
534                            return;
535                    }
536    
537                    validate(name, false);
538    
539                    // Company
540    
541                    addResource(
542                            companyId, name, ResourceConstants.SCOPE_COMPANY,
543                            String.valueOf(companyId));
544    
545                    // Guest
546    
547                    Group guestGroup = groupLocalService.getGroup(
548                            companyId, GroupConstants.GUEST);
549    
550                    addResource(
551                            companyId, name, ResourceConstants.SCOPE_GROUP,
552                            String.valueOf(guestGroup.getGroupId()));
553    
554                    // Group
555    
556                    if ((groupId > 0) && (guestGroup.getGroupId() != groupId)) {
557                            addResource(
558                                    companyId, name, ResourceConstants.SCOPE_GROUP,
559                                    String.valueOf(groupId));
560                    }
561    
562                    if (primKey == null) {
563                            return;
564                    }
565    
566                    // Individual
567    
568                    Resource resource = addResource(
569                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
570    
571                    // Permissions
572    
573                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
574    
575                    PermissionThreadLocal.setIndexEnabled(false);
576    
577                    try {
578                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
579                                    addModelResources_6(
580                                            companyId, groupId, userId, resource, groupPermissions,
581                                            guestPermissions, permissionedModel);
582                            }
583                            else {
584                                    addModelResources_1to5(
585                                            companyId, groupId, userId, resource, groupPermissions,
586                                            guestPermissions);
587                            }
588                    }
589                    finally {
590                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
591    
592                            PermissionCacheUtil.clearCache();
593    
594                            SearchEngineUtil.updatePermissionFields(name, primKey);
595                    }
596            }
597    
598            protected void addModelResources_1to5(
599                            long companyId, long groupId, long userId, Resource resource,
600                            String[] groupPermissions, String[] guestPermissions)
601                    throws PortalException, SystemException {
602    
603                    long defaultUserId = userLocalService.getDefaultUserId(companyId);
604    
605                    PermissionsListFilter permissionsListFilter =
606                            PermissionsListFilterFactory.getInstance();
607    
608                    List<Permission> permissionsList =
609                            permissionLocalService.addPermissions(
610                                    companyId, resource.getName(), resource.getResourceId(), false);
611    
612                    List<Permission> userPermissionsList =
613                            permissionsListFilter.filterUserPermissions(
614                                    companyId, groupId, userId, resource.getName(),
615                                    resource.getPrimKey(), false, permissionsList);
616    
617                    filterOwnerPermissions(resource.getName(), userPermissionsList);
618    
619                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
620    
621                            // Owner permissions
622    
623                            Role ownerRole = roleLocalService.getRole(
624                                    companyId, RoleConstants.OWNER);
625    
626                            rolePersistence.addPermissions(
627                                    ownerRole.getRoleId(), userPermissionsList);
628                    }
629                    else {
630    
631                            // User permissions
632    
633                            if ((userId > 0) && (userId != defaultUserId)) {
634                                    userPersistence.addPermissions(userId, userPermissionsList);
635                            }
636                    }
637    
638                    // Group permissions
639    
640                    if (groupId > 0) {
641                            if (groupPermissions == null) {
642                                    groupPermissions = new String[0];
643                            }
644    
645                            List<Permission> groupPermissionsList =
646                                    permissionLocalService.getPermissions(
647                                            companyId, groupPermissions, resource.getResourceId());
648    
649                            groupPermissionsList = permissionsListFilter.filterGroupPermissions(
650                                    companyId, groupId, userId, resource.getName(),
651                                    resource.getPrimKey(), false, groupPermissionsList);
652    
653                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
654                                    Role role = roleLocalService.getDefaultGroupRole(groupId);
655    
656                                    rolePersistence.addPermissions(
657                                            role.getRoleId(), groupPermissionsList);
658                            }
659                            else {
660                                    groupPersistence.addPermissions(groupId, groupPermissionsList);
661                            }
662                    }
663    
664                    // Guest permissions
665    
666                    if (guestPermissions == null) {
667                            guestPermissions = new String[0];
668                    }
669    
670                    List<Permission> guestPermissionsList =
671                            permissionLocalService.getPermissions(
672                                    companyId, guestPermissions, resource.getResourceId());
673    
674                    guestPermissionsList = permissionsListFilter.filterGuestPermissions(
675                            companyId, groupId, userId, resource.getName(),
676                            resource.getPrimKey(), false, guestPermissionsList);
677    
678                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
679                            Role guestRole = roleLocalService.getRole(
680                                    companyId, RoleConstants.GUEST);
681    
682                            rolePersistence.addPermissions(
683                                    guestRole.getRoleId(), guestPermissionsList);
684                    }
685                    else {
686                            userPersistence.addPermissions(defaultUserId, guestPermissionsList);
687                    }
688            }
689    
690            protected void addModelResources_6(
691                            long companyId, long groupId, long userId, Resource resource,
692                            String[] groupPermissions, String[] guestPermissions,
693                            PermissionedModel permissionedModel)
694                    throws PortalException, SystemException {
695    
696                    // Owner permissions
697    
698                    Role ownerRole = roleLocalService.getRole(
699                            companyId, RoleConstants.OWNER);
700    
701                    List<String> ownerActionIds =
702                            ResourceActionsUtil.getModelResourceActions(resource.getName());
703    
704                    ownerActionIds = ListUtil.copy(ownerActionIds);
705    
706                    filterOwnerActions(resource.getName(), ownerActionIds);
707    
708                    String[] ownerPermissions = ownerActionIds.toArray(
709                            new String[ownerActionIds.size()]);
710    
711                    // Group permissions
712    
713                    Role defaultGroupRole = null;
714    
715                    if (groupId > 0) {
716                            defaultGroupRole = roleLocalService.getDefaultGroupRole(groupId);
717    
718                            if (groupPermissions == null) {
719                                    groupPermissions = new String[0];
720                            }
721                    }
722    
723                    // Guest permissions
724    
725                    Role guestRole = roleLocalService.getRole(
726                            companyId, RoleConstants.GUEST);
727    
728                    if (guestPermissions == null) {
729                            guestPermissions = new String[0];
730                    }
731    
732                    if (resourceBlockLocalService.isSupported(resource.getName())) {
733    
734                            if (permissionedModel == null) {
735                                    throw new IllegalArgumentException(
736                                            "Permissioned model is null");
737                            }
738    
739                            // Scope is assumed to always be individual
740    
741                            resourceBlockLocalService.setIndividualScopePermissions(
742                                    resource.getCompanyId(), groupId, resource.getName(),
743                                    permissionedModel, ownerRole.getRoleId(), ownerActionIds);
744    
745                            if (groupId > 0) {
746                                    resourceBlockLocalService.setIndividualScopePermissions(
747                                            resource.getCompanyId(), groupId, resource.getName(),
748                                            permissionedModel, defaultGroupRole.getRoleId(),
749                                            Arrays.asList(groupPermissions));
750                            }
751    
752                            resourceBlockLocalService.setIndividualScopePermissions(
753                                    resource.getCompanyId(), groupId, resource.getName(),
754                                    permissionedModel, guestRole.getRoleId(),
755                                    Arrays.asList(guestPermissions));
756                    }
757                    else {
758                            resourcePermissionLocalService.setOwnerResourcePermissions(
759                                    resource.getCompanyId(), resource.getName(),
760                                    resource.getScope(), resource.getPrimKey(),
761                                    ownerRole.getRoleId(), userId, ownerPermissions);
762    
763                            if (groupId > 0) {
764                                    resourcePermissionLocalService.setResourcePermissions(
765                                            resource.getCompanyId(), resource.getName(),
766                                            resource.getScope(), resource.getPrimKey(),
767                                            defaultGroupRole.getRoleId(), groupPermissions);
768                            }
769    
770                            resourcePermissionLocalService.setResourcePermissions(
771                                    resource.getCompanyId(), resource.getName(),
772                                    resource.getScope(), resource.getPrimKey(),
773                                    guestRole.getRoleId(), guestPermissions);
774                    }
775            }
776    
777            protected Resource addResource_1to5(
778                            long companyId, String name, int scope, String primKey)
779                    throws SystemException {
780    
781                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
782                            companyId, name, scope);
783    
784                    long codeId = resourceCode.getCodeId();
785    
786                    Resource resource = resourcePersistence.fetchByC_P(codeId, primKey);
787    
788                    if (resource == null) {
789                            long resourceId = counterLocalService.increment(
790                                    Resource.class.getName());
791    
792                            resource = resourcePersistence.create(resourceId);
793    
794                            resource.setCodeId(codeId);
795                            resource.setPrimKey(primKey);
796    
797                            try {
798                                    resourcePersistence.update(resource, false);
799                            }
800                            catch (SystemException se) {
801                                    if (_log.isWarnEnabled()) {
802                                            _log.warn(
803                                                    "Add failed, fetch {codeId=" + codeId + ", primKey=" +
804                                                            primKey + "}");
805                                    }
806    
807                                    resource = resourcePersistence.fetchByC_P(
808                                            codeId, primKey, false);
809    
810                                    if (resource == null) {
811                                            throw se;
812                                    }
813                            }
814                    }
815    
816                    return resource;
817            }
818    
819            protected Resource addResource_6(
820                    long companyId, String name, int scope, String primKey) {
821    
822                    Resource resource = new ResourceImpl();
823    
824                    resource.setCompanyId(companyId);
825                    resource.setName(name);
826                    resource.setScope(scope);
827                    resource.setPrimKey(primKey);
828    
829                    return resource;
830            }
831    
832            protected void addResources(
833                            long companyId, long groupId, long userId, String name,
834                            String primKey, boolean portletActions, boolean addGroupPermissions,
835                            boolean addGuestPermissions, PermissionedModel permissionedModel)
836                    throws PortalException, SystemException {
837    
838                    if (!PermissionThreadLocal.isAddResource()) {
839                            return;
840                    }
841    
842                    validate(name, portletActions);
843    
844                    // Company
845    
846                    addResource(
847                            companyId, name, ResourceConstants.SCOPE_COMPANY,
848                            String.valueOf(companyId));
849    
850                    if (groupId > 0) {
851                            addResource(
852                                    companyId, name, ResourceConstants.SCOPE_GROUP,
853                                    String.valueOf(groupId));
854                    }
855    
856                    if (primKey == null) {
857                            return;
858                    }
859    
860                    // Individual
861    
862                    Resource resource = addResource(
863                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
864    
865                    // Permissions
866    
867                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
868    
869                    PermissionThreadLocal.setIndexEnabled(false);
870    
871                    List<ResourcePermission> resourcePermissions =
872                            resourcePermissionPersistence.findByC_N_S_P(
873                                    companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
874    
875                    ResourcePermissionsThreadLocal.setResourcePermissions(
876                            resourcePermissions);
877    
878                    try {
879                            if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
880                                    addResources_6(
881                                            companyId, groupId, userId, resource, portletActions,
882                                            permissionedModel);
883                            }
884                            else {
885                                    addResources_1to5(
886                                            companyId, groupId, userId, resource, portletActions);
887                            }
888    
889                            // Group permissions
890    
891                            if ((groupId > 0) && addGroupPermissions) {
892                                    addGroupPermissions(
893                                            companyId, groupId, userId, name, resource, portletActions,
894                                            permissionedModel);
895                            }
896    
897                            // Guest permissions
898    
899                            if (addGuestPermissions) {
900    
901                                    // Don't add guest permissions when you've already added group
902                                    // permissions and the given group is the guest group.
903    
904                                    addGuestPermissions(
905                                            companyId, groupId, userId, name, resource, portletActions,
906                                            permissionedModel);
907                            }
908                    }
909                    finally {
910                            ResourcePermissionsThreadLocal.setResourcePermissions(null);
911    
912                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
913    
914                            PermissionCacheUtil.clearCache();
915    
916                            SearchEngineUtil.updatePermissionFields(name, primKey);
917                    }
918            }
919    
920            protected void addResources_1to5(
921                            long companyId, long groupId, long userId, Resource resource,
922                            boolean portletActions)
923                    throws PortalException, SystemException {
924    
925                    List<Permission> permissionsList =
926                            permissionLocalService.addPermissions(
927                                    companyId, resource.getName(), resource.getResourceId(),
928                                    portletActions);
929    
930                    PermissionsListFilter permissionsListFilter =
931                            PermissionsListFilterFactory.getInstance();
932    
933                    List<Permission> userPermissionsList =
934                            permissionsListFilter.filterUserPermissions(
935                                    companyId, groupId, userId, resource.getName(),
936                                    resource.getPrimKey(), portletActions, permissionsList);
937    
938                    filterOwnerPermissions(resource.getName(), userPermissionsList);
939    
940                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
941    
942                            // Owner permissions
943    
944                            Role ownerRole = roleLocalService.getRole(
945                                    companyId, RoleConstants.OWNER);
946    
947                            rolePersistence.addPermissions(
948                                    ownerRole.getRoleId(), userPermissionsList);
949                    }
950                    else {
951    
952                            // User permissions
953    
954                            long defaultUserId = userLocalService.getDefaultUserId(companyId);
955    
956                            if ((userId > 0) && (userId != defaultUserId)) {
957                                    userPersistence.addPermissions(userId, userPermissionsList);
958                            }
959                    }
960            }
961    
962            protected void addResources_6(
963                            long companyId, long groupId, long userId, Resource resource,
964                            boolean portletActions, PermissionedModel permissionedModel)
965                    throws PortalException, SystemException {
966    
967                    List<String> actionIds = null;
968    
969                    if (portletActions) {
970                            actionIds = ResourceActionsUtil.getPortletResourceActions(
971                                    resource.getName());
972                    }
973                    else {
974                            actionIds = ResourceActionsUtil.getModelResourceActions(
975                                    resource.getName());
976    
977                            actionIds = ListUtil.copy(actionIds);
978    
979                            filterOwnerActions(resource.getName(), actionIds);
980                    }
981    
982                    Role role = roleLocalService.getRole(companyId, RoleConstants.OWNER);
983    
984                    if (resourceBlockLocalService.isSupported(resource.getName())) {
985                            if (permissionedModel == null) {
986                                    throw new IllegalArgumentException(
987                                            "Permissioned model is null");
988                            }
989    
990                            // Scope is assumed to always be individual
991    
992                            resourceBlockLocalService.setIndividualScopePermissions(
993                                    resource.getCompanyId(), groupId, resource.getName(),
994                                    permissionedModel, role.getRoleId(), actionIds);
995                    }
996                    else {
997                            resourcePermissionLocalService.setOwnerResourcePermissions(
998                                    resource.getCompanyId(), resource.getName(),
999                                    resource.getScope(), resource.getPrimKey(), role.getRoleId(),
1000                                    userId, actionIds.toArray(new String[actionIds.size()]));
1001                    }
1002            }
1003    
1004            protected void deleteResource(
1005                            long companyId, String name, int scope, String primKey,
1006                            PermissionedModel permissionedModel)
1007                    throws PortalException, SystemException{
1008    
1009                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1010                            if (resourceBlockLocalService.isSupported(name)) {
1011                                    if (permissionedModel == null) {
1012                                            throw new IllegalArgumentException(
1013                                                    "Permissioned model is null");
1014                                    }
1015    
1016                                    resourceBlockLocalService.releasePermissionedModelResourceBlock(
1017                                            permissionedModel);
1018    
1019                                    return;
1020                            }
1021                            else {
1022                                    resourcePermissionLocalService.deleteResourcePermissions(
1023                                            companyId, name, scope, primKey);
1024    
1025                                    return;
1026                            }
1027                    }
1028    
1029                    try {
1030                            Resource resource = getResource(companyId, name, scope, primKey);
1031    
1032                            deleteResource(resource.getResourceId());
1033                    }
1034                    catch (NoSuchResourceException nsre) {
1035                            if (_log.isWarnEnabled()) {
1036                                    _log.warn(nsre);
1037                            }
1038                    }
1039            }
1040    
1041            protected Resource fetchResource_1to5(
1042                            long companyId, String name, int scope, String primKey)
1043                    throws SystemException {
1044    
1045                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1046                            companyId, name, scope);
1047    
1048                    return resourcePersistence.fetchByC_P(
1049                            resourceCode.getCodeId(), primKey);
1050            }
1051    
1052            protected void filterOwnerActions(String name, List<String> actionIds) {
1053                    List<String> defaultOwnerActions =
1054                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1055    
1056                    if (defaultOwnerActions.isEmpty()) {
1057                            return;
1058                    }
1059    
1060                    Iterator<String> itr = actionIds.iterator();
1061    
1062                    while (itr.hasNext()) {
1063                            String actionId = itr.next();
1064    
1065                            if (!defaultOwnerActions.contains(actionId)) {
1066                                    itr.remove();
1067                            }
1068                    }
1069            }
1070    
1071            protected void filterOwnerPermissions(
1072                    String name, List<Permission> permissions) {
1073    
1074                    List<String> defaultOwnerActions =
1075                            ResourceActionsUtil.getModelResourceOwnerDefaultActions(name);
1076    
1077                    if (defaultOwnerActions.isEmpty()) {
1078                            return;
1079                    }
1080    
1081                    Iterator<Permission> itr = permissions.iterator();
1082    
1083                    while (itr.hasNext()) {
1084                            Permission permission = itr.next();
1085    
1086                            String actionId = permission.getActionId();
1087    
1088                            if (!defaultOwnerActions.contains(actionId)) {
1089                                    itr.remove();
1090                            }
1091                    }
1092            }
1093    
1094            protected long getGroupId(AuditedModel auditedModel) {
1095                    long groupId = 0;
1096    
1097                    if (auditedModel instanceof GroupedModel) {
1098                            GroupedModel groupedModel = (GroupedModel)auditedModel;
1099    
1100                            groupId = groupedModel.getGroupId();
1101                    }
1102    
1103                    return groupId;
1104            }
1105    
1106            protected PermissionedModel getPermissionedModel(
1107                    AuditedModel auditedModel) {
1108    
1109                    PermissionedModel permissionedModel = null;
1110    
1111                    if (auditedModel instanceof PermissionedModel) {
1112                            permissionedModel = (PermissionedModel)auditedModel;
1113                    }
1114    
1115                    return permissionedModel;
1116            }
1117    
1118            protected Resource getResource_1to5(
1119                            long companyId, String name, int scope, String primKey)
1120                    throws PortalException, SystemException {
1121    
1122                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1123                            companyId, name, scope);
1124    
1125                    return resourcePersistence.findByC_P(resourceCode.getCodeId(), primKey);
1126            }
1127    
1128            protected Resource getResource_6(
1129                    long companyId, String name, int scope, String primKey) {
1130    
1131                    Resource resource = new ResourceImpl();
1132    
1133                    resource.setCompanyId(companyId);
1134                    resource.setName(name);
1135                    resource.setScope(scope);
1136                    resource.setPrimKey(primKey);
1137    
1138                    return resource;
1139            }
1140    
1141            protected void updateResources(
1142                            long companyId, long groupId, String name, String primKey,
1143                            String[] groupPermissions, String[] guestPermissions,
1144                            PermissionedModel permissionedModel)
1145                    throws PortalException, SystemException {
1146    
1147                    Resource resource = getResource(
1148                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
1149    
1150                    if (groupPermissions == null) {
1151                            groupPermissions = new String[0];
1152                    }
1153    
1154                    if (guestPermissions == null) {
1155                            guestPermissions = new String[0];
1156                    }
1157    
1158                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
1159                            if (resourceBlockLocalService.isSupported(name)) {
1160                                    updateResources_6Blocks(
1161                                            companyId, groupId, resource, groupPermissions,
1162                                            guestPermissions, permissionedModel);
1163                            }
1164                            else {
1165                                    updateResources_6(
1166                                            companyId, groupId, resource, groupPermissions,
1167                                            guestPermissions);
1168                            }
1169                    }
1170                    else {
1171                            updateResources_1to5(
1172                                    companyId, groupId, resource, groupPermissions,
1173                                    guestPermissions);
1174                    }
1175            }
1176    
1177            protected void updateResources_1to5(
1178                            long companyId, long groupId, Resource resource,
1179                            String[] groupPermissions, String[] guestPermissions)
1180                    throws PortalException, SystemException {
1181    
1182                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1183    
1184                    permissionLocalService.setRolePermissions(
1185                            role.getRoleId(), groupPermissions, resource.getResourceId());
1186    
1187                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1188    
1189                    permissionLocalService.setRolePermissions(
1190                            role.getRoleId(), guestPermissions, resource.getResourceId());
1191            }
1192    
1193            protected void updateResources_1to5(
1194                            long companyId, String name, int scope, String primKey,
1195                            String newPrimKey)
1196                    throws PortalException, SystemException {
1197    
1198                    Resource resource = getResource(companyId, name, scope, primKey);
1199    
1200                    resource.setPrimKey(newPrimKey);
1201    
1202                    resourcePersistence.update(resource, false);
1203            }
1204    
1205            protected void updateResources_6(
1206                            long companyId, long groupId, Resource resource,
1207                            String[] groupPermissions, String[] guestPermissions)
1208                    throws PortalException, SystemException {
1209    
1210                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1211    
1212                    resourcePermissionLocalService.setResourcePermissions(
1213                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1214                            resource.getPrimKey(), role.getRoleId(), groupPermissions);
1215    
1216                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1217    
1218                    resourcePermissionLocalService.setResourcePermissions(
1219                            resource.getCompanyId(), resource.getName(), resource.getScope(),
1220                            resource.getPrimKey(), role.getRoleId(), guestPermissions);
1221            }
1222    
1223            protected void updateResources_6(
1224                            long companyId, String name, int scope, String primKey,
1225                            String newPrimKey)
1226                    throws SystemException {
1227    
1228                    List<ResourcePermission> resourcePermissions =
1229                            resourcePermissionLocalService.getResourcePermissions(
1230                                    companyId, name, scope, primKey);
1231    
1232                    for (ResourcePermission resourcePermission : resourcePermissions) {
1233                            resourcePermission.setPrimKey(newPrimKey);
1234    
1235                            resourcePermissionPersistence.update(resourcePermission, false);
1236                    }
1237            }
1238    
1239            protected void updateResources_6Blocks(
1240                            long companyId, long groupId, Resource resource,
1241                            String[] groupPermissions, String[] guestPermissions,
1242                            PermissionedModel permissionedModel)
1243                    throws PortalException, SystemException {
1244    
1245                    if (permissionedModel == null) {
1246                            throw new IllegalArgumentException("Permissioned model is null");
1247                    }
1248    
1249                    // Scope is assumed to always be individual
1250    
1251                    Role role = roleLocalService.getDefaultGroupRole(groupId);
1252    
1253                    resourceBlockLocalService.setIndividualScopePermissions(
1254                            companyId, groupId, resource.getName(), permissionedModel,
1255                            role.getRoleId(), Arrays.asList(groupPermissions));
1256    
1257                    role = roleLocalService.getRole(companyId, RoleConstants.GUEST);
1258    
1259                    resourceBlockLocalService.setIndividualScopePermissions(
1260                            companyId, groupId, resource.getName(), permissionedModel,
1261                            role.getRoleId(), Arrays.asList(guestPermissions));
1262            }
1263    
1264            protected void validate(String name, boolean portletActions)
1265                    throws PortalException {
1266    
1267                    List<String> actions = null;
1268    
1269                    if (portletActions) {
1270                            actions = ResourceActionsUtil.getPortletResourceActions(name);
1271                    }
1272                    else {
1273                            actions = ResourceActionsUtil.getModelResourceActions(name);
1274                    }
1275    
1276                    if (actions.size() == 0) {
1277                            throw new ResourceActionsException(
1278                                    "There are no actions associated with the resource " + name);
1279                    }
1280            }
1281    
1282            private static Log _log = LogFactoryUtil.getLog(
1283                    ResourceLocalServiceImpl.class);
1284    
1285    }