001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.NoSuchPermissionException;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.search.SearchEngineUtil;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.model.Company;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.OrgGroupPermission;
029 import com.liferay.portal.model.Organization;
030 import com.liferay.portal.model.Permission;
031 import com.liferay.portal.model.Resource;
032 import com.liferay.portal.model.ResourceCode;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.RoleConstants;
036 import com.liferay.portal.model.User;
037 import com.liferay.portal.model.UserGroup;
038 import com.liferay.portal.security.permission.PermissionCacheUtil;
039 import com.liferay.portal.security.permission.PermissionCheckerBag;
040 import com.liferay.portal.security.permission.PermissionThreadLocal;
041 import com.liferay.portal.security.permission.ResourceActionsUtil;
042 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044 import com.liferay.portal.util.PropsValues;
045 import com.liferay.portal.util.comparator.PermissionComparator;
046
047 import java.util.ArrayList;
048 import java.util.HashSet;
049 import java.util.Iterator;
050 import java.util.List;
051 import java.util.Map;
052 import java.util.Set;
053
054 import org.apache.commons.lang.time.StopWatch;
055
056
063 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
064
065
081 public Permission addPermission(
082 long companyId, String actionId, long resourceId)
083 throws SystemException {
084
085 Permission permission = permissionPersistence.fetchByA_R(
086 actionId, resourceId);
087
088 if (permission == null) {
089 long permissionId = counterLocalService.increment(
090 Permission.class.getName());
091
092 permission = permissionPersistence.create(permissionId);
093
094 permission.setCompanyId(companyId);
095 permission.setActionId(actionId);
096 permission.setResourceId(resourceId);
097
098 permissionPersistence.update(permission, false);
099 }
100
101 return permission;
102 }
103
104
119 public List<Permission> addPermissions(
120 long companyId, List<String> actionIds, long resourceId)
121 throws SystemException {
122
123 List<Permission> permissions = permissionPersistence.findByResourceId(
124 resourceId);
125
126 permissions = ListUtil.copy(permissions);
127
128 Set<String> actionIdsSet = new HashSet<String>();
129
130 for (Permission permission : permissions) {
131 actionIdsSet.add(permission.getActionId());
132 }
133
134 for (String actionId : actionIds) {
135 if (actionIdsSet.contains(actionId)) {
136 continue;
137 }
138
139 long permissionId = counterLocalService.increment(
140 Permission.class.getName());
141
142 Permission permission = permissionPersistence.create(permissionId);
143
144 permission.setCompanyId(companyId);
145 permission.setActionId(actionId);
146 permission.setResourceId(resourceId);
147
148 try {
149 permissionPersistence.update(permission, false);
150 }
151 catch (SystemException se) {
152 if (_log.isWarnEnabled()) {
153 _log.warn(
154 "Add failed, fetch {actionId=" + actionId +
155 ", resourceId=" + resourceId + "}");
156 }
157
158 permission = permissionPersistence.fetchByA_R(
159 actionId, resourceId, false);
160
161 if (permission == null) {
162 throw se;
163 }
164 }
165
166 permissions.add(permission);
167 }
168
169 return permissions;
170 }
171
172
190 public List<Permission> addPermissions(
191 long companyId, String name, long resourceId,
192 boolean portletActions)
193 throws SystemException {
194
195 List<String> actionIds = null;
196
197 if (portletActions) {
198 actionIds = ResourceActionsUtil.getPortletResourceActions(name);
199 }
200 else {
201 actionIds = ResourceActionsUtil.getModelResourceActions(name);
202 }
203
204 return addPermissions(companyId, actionIds, resourceId);
205 }
206
207
216 public void addUserPermissions(
217 long userId, String[] actionIds, long resourceId)
218 throws PortalException, SystemException {
219
220 User user = userPersistence.findByPrimaryKey(userId);
221
222 List<Permission> permissions = permissionFinder.findByU_R(
223 userId, resourceId);
224
225 permissions = getPermissions(
226 user.getCompanyId(), actionIds, resourceId);
227
228 userPersistence.addPermissions(userId, permissions);
229
230 PermissionCacheUtil.clearCache();
231 }
232
233
242 public void checkPermissions(String name, List<String> actionIds)
243 throws PortalException, SystemException {
244
245 List<Resource> resources = resourceFinder.findByN_S(
246 name, ResourceConstants.SCOPE_INDIVIDUAL);
247
248 for (Resource resource : resources) {
249 for (String actionId : actionIds) {
250 Permission permission = permissionPersistence.fetchByA_R(
251 actionId, resource.getResourceId());
252
253 if (permission != null) {
254 continue;
255 }
256
257 checkPermission(resource, actionId);
258 }
259 }
260
261 PermissionCacheUtil.clearCache();
262 }
263
264
270 public List<String> getActions(List<Permission> permissions) {
271 List<String> actionIds = new ArrayList<String>();
272
273 Iterator<Permission> itr = permissions.iterator();
274
275 while (itr.hasNext()) {
276 Permission permission = itr.next();
277
278 actionIds.add(permission.getActionId());
279 }
280
281 return actionIds;
282 }
283
284
292 public List<Permission> getGroupPermissions(long groupId, long resourceId)
293 throws SystemException {
294
295 return permissionFinder.findByG_R(groupId, resourceId);
296 }
297
298
311 public List<Permission> getGroupPermissions(
312 long groupId, long companyId, String name, int scope,
313 String primKey)
314 throws SystemException {
315
316 return permissionFinder.findByG_C_N_S_P(
317 groupId, companyId, name, scope, primKey);
318 }
319
320
326 public long getLatestPermissionId() throws SystemException {
327 List<Permission> permissions = permissionPersistence.findAll(
328 0, 1, new PermissionComparator());
329
330 if (permissions.size() == 0) {
331 return 0;
332 }
333 else {
334 Permission permission = permissions.get(0);
335
336 return permission.getPermissionId();
337 }
338 }
339
340
351 public List<Permission> getOrgGroupPermissions(
352 long organizationId, long groupId, long resourceId)
353 throws SystemException {
354
355 return permissionFinder.findByO_G_R(
356 organizationId, groupId, resourceId);
357 }
358
359
370 public List<Permission> getPermissions(
371 long companyId, String[] actionIds, long resourceId)
372 throws SystemException {
373
374 List<Permission> permissions = new ArrayList<Permission>();
375
376 for (String actionId : actionIds) {
377 Permission permission = addPermission(
378 companyId, actionId, resourceId);
379
380 permissions.add(permission);
381 }
382
383 return permissions;
384 }
385
386
393 public List<Permission> getRolePermissions(long roleId)
394 throws SystemException {
395
396 return rolePersistence.getPermissions(roleId);
397 }
398
399 public List<Permission> getRolePermissions(long roleId, int[] scopes)
400 throws SystemException {
401
402 return permissionFinder.findByR_S(roleId, scopes);
403 }
404
405
413 public List<Permission> getRolePermissions(long roleId, long resourceId)
414 throws SystemException {
415
416 return permissionFinder.findByR_R(roleId, resourceId);
417 }
418
419
426 public List<Permission> getUserPermissions(long userId)
427 throws SystemException {
428
429 return userPersistence.getPermissions(userId);
430 }
431
432
440 public List<Permission> getUserPermissions(long userId, long resourceId)
441 throws SystemException {
442
443 return permissionFinder.findByU_R(userId, resourceId);
444 }
445
446
458 public List<Permission> getUserPermissions(
459 long userId, long companyId, String name, int scope, String primKey)
460 throws SystemException {
461
462 return permissionFinder.findByU_C_N_S_P(
463 userId, companyId, name, scope, primKey);
464 }
465
466
477 public boolean hasGroupPermission(
478 long groupId, String actionId, long resourceId)
479 throws SystemException {
480
481 Permission permission = permissionPersistence.fetchByA_R(
482 actionId, resourceId);
483
484
485
486
487 if (permission == null) {
488 return false;
489 }
490
491 return groupPersistence.containsPermission(
492 groupId, permission.getPermissionId());
493 }
494
495
509 public boolean hasRolePermission(
510 long roleId, long companyId, String name, int scope,
511 String actionId)
512 throws SystemException {
513
514 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
515 companyId, name, scope);
516
517 if (permissionFinder.countByR_A_C(
518 roleId, actionId, resourceCode.getCodeId()) > 0) {
519
520 return true;
521 }
522 else {
523 return false;
524 }
525 }
526
527
542 public boolean hasRolePermission(
543 long roleId, long companyId, String name, int scope, String primKey,
544 String actionId)
545 throws SystemException {
546
547 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
548 companyId, name, scope);
549
550 Resource resource = resourcePersistence.fetchByC_P(
551 resourceCode.getCodeId(), primKey);
552
553 if (resource == null) {
554 return false;
555 }
556
557 Permission permission = permissionPersistence.fetchByA_R(
558 actionId, resource.getResourceId());
559
560 if (permission == null) {
561 return false;
562 }
563
564 return rolePersistence.containsPermission(
565 roleId, permission.getPermissionId());
566 }
567
568
579 public boolean hasUserPermission(
580 long userId, String actionId, long resourceId)
581 throws SystemException {
582
583 Permission permission = permissionPersistence.fetchByA_R(
584 actionId, resourceId);
585
586
587
588
589 if (permission == null) {
590 return false;
591 }
592
593 return userPersistence.containsPermission(
594 userId, permission.getPermissionId());
595 }
596
597
620 public boolean hasUserPermissions(
621 long userId, long groupId, List<Resource> resources,
622 String actionId, PermissionCheckerBag permissionCheckerBag)
623 throws PortalException, SystemException {
624
625 StopWatch stopWatch = null;
626
627 if (_log.isDebugEnabled()) {
628 stopWatch = new StopWatch();
629
630 stopWatch.start();
631 }
632
633 int block = 1;
634
635
636
637 if (Validator.isNull(actionId) || resources.isEmpty()) {
638 return false;
639 }
640
641 long[] resourceIds = null;
642
643 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
644 resourceIds = new long[resources.size()];
645
646 for (int i = 0; i < resources.size(); i++) {
647 Resource resource = resources.get(i);
648
649 resourceIds[i] = resource.getResourceId();
650 }
651 }
652
653 List<Permission> permissions = null;
654
655 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
656 permissions = permissionFinder.findByA_R(actionId, resourceIds);
657
658
659
660 if (permissions.size() == 0) {
661 return false;
662 }
663 }
664
665
666
667 long resourceId = 0;
668
669 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
670 resourceId = resourceIds[0];
671 }
672 else {
673 resourceId = resources.get(0).getResourceId();
674 }
675
676 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
677
678
679
680
681
682
683 List<Group> groups = permissionCheckerBag.getGroups();
684 List<Role> roles = permissionCheckerBag.getRoles();
685
686 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
687
688
689
690
691
692
693
694
695
696 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
697
698 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
699 return hasUserPermissions_1(
700 userId, resourceId, actionId, permissions, groups, groupId,
701 stopWatch, block);
702 }
703 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
704 return hasUserPermissions_2(
705 userId, resourceId, actionId, permissions, groups, groupId,
706 stopWatch, block);
707 }
708 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
709 return hasUserPermissions_3(
710 userId, resourceId, actionId, permissions, groups, roles,
711 stopWatch, block);
712 }
713 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
714 return hasUserPermissions_4(
715 userId, resourceId, actionId, permissions, groups, roles,
716 stopWatch, block);
717 }
718 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
719 return hasUserPermissions_5(
720 userId, resourceId, actionId, permissions, roles, stopWatch,
721 block);
722 }
723 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
724 return hasUserPermissions_6(
725 userId, resourceId, resources, actionId,
726 permissionCheckerBag.getRoleIds(), stopWatch, block);
727 }
728
729 return false;
730 }
731
732
746 public void setContainerResourcePermissions(
747 String name, String roleName, String actionId)
748 throws PortalException, SystemException {
749
750 List<Company> companies = companyPersistence.findAll();
751
752 for (Company company : companies) {
753 setContainerResourcePermissions(
754 company.getCompanyId(), name, roleName, actionId);
755 }
756 }
757
758
769 public void setGroupPermissions(
770 long groupId, String[] actionIds, long resourceId)
771 throws PortalException, SystemException {
772
773 Group group = groupPersistence.findByPrimaryKey(groupId);
774
775 List<Permission> permissions = permissionFinder.findByG_R(
776 groupId, resourceId);
777
778 for (Permission permission : permissions) {
779 groupPersistence.removePermission(groupId, permission);
780 }
781
782 permissions = getPermissions(
783 group.getCompanyId(), actionIds, resourceId);
784
785 groupPersistence.addPermissions(groupId, permissions);
786
787 PermissionCacheUtil.clearCache();
788 }
789
790
806 public void setGroupPermissions(
807 String className, String classPK, long groupId, String[] actionIds,
808 long resourceId)
809 throws PortalException, SystemException {
810
811 long associatedGroupId = 0;
812
813 if (className.equals(Organization.class.getName())) {
814 long organizationId = GetterUtil.getLong(classPK);
815
816 Organization organization =
817 organizationPersistence.findByPrimaryKey(organizationId);
818
819 orgGroupPermissionFinder.removeByO_G_R(
820 organizationId, groupId, resourceId);
821
822 associatedGroupId = organization.getGroup().getGroupId();
823 }
824 else if (className.equals(UserGroup.class.getName())) {
825 long userGroupId = GetterUtil.getLong(classPK);
826
827 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
828 userGroupId);
829
830 associatedGroupId = userGroup.getGroup().getGroupId();
831 }
832
833 setGroupPermissions(associatedGroupId, actionIds, resourceId);
834 }
835
836
850 public void setOrgGroupPermissions(
851 long organizationId, long groupId, String[] actionIds,
852 long resourceId)
853 throws PortalException, SystemException {
854
855 Organization organization = organizationPersistence.findByPrimaryKey(
856 organizationId);
857
858 long orgGroupId = organization.getGroup().getGroupId();
859
860 List<Permission> permissions = permissionPersistence.findByResourceId(
861 resourceId);
862
863 for (Permission permission : permissions) {
864 groupPersistence.removePermission(orgGroupId, permission);
865 }
866
867 permissions = getPermissions(
868 organization.getCompanyId(), actionIds, resourceId);
869
870 orgGroupPermissionFinder.removeByO_G_R(
871 organizationId, groupId, resourceId);
872
873 for (Permission permission : permissions) {
874 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
875 organizationId, groupId, permission.getPermissionId());
876
877 OrgGroupPermission orgGroupPermission =
878 orgGroupPermissionPersistence.create(pk);
879
880 orgGroupPermissionPersistence.update(orgGroupPermission, false);
881 }
882
883 PermissionCacheUtil.clearCache();
884 }
885
886
900 public void setRolePermission(
901 long roleId, long companyId, String name, int scope, String primKey,
902 String actionId)
903 throws PortalException, SystemException {
904
905 if (scope == ResourceConstants.SCOPE_COMPANY) {
906
907
908
909 unsetRolePermissions(
910 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
911 actionId);
912 }
913 else if (scope == ResourceConstants.SCOPE_GROUP) {
914
915
916
917 unsetRolePermissions(
918 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
919 actionId);
920 }
921 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
922 throw new NoSuchPermissionException();
923 }
924
925 Resource resource = resourceLocalService.addResource(
926 companyId, name, scope, primKey);
927
928 long resourceId = resource.getResourceId();
929
930 Permission permission = permissionPersistence.fetchByA_R(
931 actionId, resourceId);
932
933 if (permission == null) {
934 long permissionId = counterLocalService.increment(
935 Permission.class.getName());
936
937 permission = permissionPersistence.create(permissionId);
938
939 permission.setCompanyId(companyId);
940 permission.setActionId(actionId);
941 permission.setResourceId(resourceId);
942
943 permissionPersistence.update(permission, false);
944 }
945
946 rolePersistence.addPermission(roleId, permission);
947
948 PermissionCacheUtil.clearCache();
949
950 SearchEngineUtil.updatePermissionFields(resourceId);
951 }
952
953
968 public void setRolePermissions(
969 long roleId, long companyId, String name, int scope, String primKey,
970 String[] actionIds)
971 throws PortalException, SystemException {
972
973 for (String actionId : actionIds) {
974 setRolePermission(
975 roleId, companyId, name, scope, primKey, actionId);
976 }
977 }
978
979
989 public void setRolePermissions(
990 long roleId, String[] actionIds, long resourceId)
991 throws PortalException, SystemException {
992
993 Role role = rolePersistence.findByPrimaryKey(roleId);
994
995 List<Permission> permissions = permissionFinder.findByR_R(
996 roleId, resourceId);
997
998 rolePersistence.removePermissions(roleId, permissions);
999
1000 permissions = getPermissions(
1001 role.getCompanyId(), actionIds, resourceId);
1002
1003 rolePersistence.addPermissions(roleId, permissions);
1004
1005 PermissionCacheUtil.clearCache();
1006
1007 SearchEngineUtil.updatePermissionFields(resourceId);
1008 }
1009
1010
1021 public void setRolesPermissions(
1022 long companyId, Map<Long, String[]> roleIdsToActionIds,
1023 long resourceId)
1024 throws SystemException {
1025
1026 boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1027
1028 PermissionThreadLocal.setIndexEnabled(false);
1029
1030 try {
1031 for (Map.Entry<Long, String[]> entry :
1032 roleIdsToActionIds.entrySet()) {
1033
1034 long roleId = entry.getKey();
1035 String[] actionIds = entry.getValue();
1036
1037 List<Permission> permissions = permissionFinder.findByR_R(
1038 roleId, resourceId);
1039
1040 rolePersistence.removePermissions(roleId, permissions);
1041
1042 permissions = getPermissions(companyId, actionIds, resourceId);
1043
1044 rolePersistence.addPermissions(roleId, permissions);
1045 }
1046 }
1047 finally {
1048 PermissionThreadLocal.setIndexEnabled(flushEnabled);
1049
1050 PermissionCacheUtil.clearCache();
1051
1052 SearchEngineUtil.updatePermissionFields(resourceId);
1053 }
1054 }
1055
1056
1069 public void setRolesPermissions(
1070 long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1071 int scope, String primKey)
1072 throws SystemException {
1073
1074 Resource resource = resourceLocalService.fetchResource(
1075 companyId, name, scope, String.valueOf(primKey));
1076
1077 if (resource == null) {
1078 resource = resourceLocalService.addResource(
1079 companyId, name, scope, String.valueOf(primKey));
1080 }
1081
1082 if (resource == null) {
1083 return;
1084 }
1085
1086 setRolesPermissions(
1087 companyId, roleIdsToActionIds, resource.getResourceId());
1088 }
1089
1090
1100 public void setUserPermissions(
1101 long userId, String[] actionIds, long resourceId)
1102 throws PortalException, SystemException {
1103
1104 User user = userPersistence.findByPrimaryKey(userId);
1105
1106 List<Permission> permissions = permissionFinder.findByU_R(
1107 userId, resourceId);
1108
1109 userPersistence.removePermissions(userId, permissions);
1110
1111 permissions = getPermissions(
1112 user.getCompanyId(), actionIds, resourceId);
1113
1114 userPersistence.addPermissions(userId, permissions);
1115
1116 PermissionCacheUtil.clearCache();
1117 }
1118
1119
1126 public void unsetRolePermission(long roleId, long permissionId)
1127 throws SystemException {
1128
1129 Permission permission = permissionPersistence.fetchByPrimaryKey(
1130 permissionId);
1131
1132 if (permission != null) {
1133 rolePersistence.removePermission(roleId, permission);
1134 }
1135
1136 PermissionCacheUtil.clearCache();
1137 }
1138
1139
1151 public void unsetRolePermission(
1152 long roleId, long companyId, String name, int scope, String primKey,
1153 String actionId)
1154 throws SystemException {
1155
1156 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1157 companyId, name, scope);
1158
1159 Resource resource = resourcePersistence.fetchByC_P(
1160 resourceCode.getCodeId(), primKey);
1161
1162 if (resource != null) {
1163 Permission permission = permissionPersistence.fetchByA_R(
1164 actionId, resource.getResourceId());
1165
1166 if (permission != null) {
1167 rolePersistence.removePermission(roleId, permission);
1168 }
1169 }
1170
1171 PermissionCacheUtil.clearCache();
1172 }
1173
1174
1185 public void unsetRolePermissions(
1186 long roleId, long companyId, String name, int scope,
1187 String actionId)
1188 throws SystemException {
1189
1190 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1191 companyId, name, scope);
1192
1193 List<Permission> permissions = permissionFinder.findByA_C(
1194 actionId, resourceCode.getCodeId());
1195
1196 for (Permission permission : permissions) {
1197 rolePersistence.removePermission(roleId, permission);
1198 }
1199
1200 PermissionCacheUtil.clearCache();
1201 }
1202
1203
1211 public void unsetUserPermissions(
1212 long userId, String[] actionIds, long resourceId)
1213 throws SystemException {
1214
1215 List<Permission> permissions = permissionFinder.findByU_A_R(
1216 userId, actionIds, resourceId);
1217
1218 userPersistence.removePermissions(userId, permissions);
1219
1220 PermissionCacheUtil.clearCache();
1221 }
1222
1223 protected void addRolePermissions(String roleName, Permission permission)
1224 throws SystemException {
1225
1226 List<Role> roles = rolePersistence.findByName(roleName);
1227
1228 for (Role role : roles) {
1229 rolePersistence.addPermission(role.getRoleId(), permission);
1230 }
1231 }
1232
1233 protected boolean checkOrgGroupPermission(
1234 List<Organization> organizations, List<Group> groups,
1235 List<Permission> permissions)
1236 throws PortalException, SystemException {
1237
1238 for (Permission permission : permissions) {
1239 if (checkOrgGroupPermission(organizations, groups, permission)) {
1240 return true;
1241 }
1242 }
1243
1244 return false;
1245 }
1246
1247 protected boolean checkOrgGroupPermission(
1248 List<Organization> organizations, List<Group> groups,
1249 Permission permission)
1250 throws PortalException, SystemException {
1251
1252
1253
1254
1255 if ((organizations.size() == 0) || (groups.size() == 0)) {
1256 return false;
1257 }
1258
1259
1260
1261
1262 List<OrgGroupPermission> orgGroupPermissions =
1263 orgGroupPermissionPersistence.findByPermissionId(
1264 permission.getPermissionId());
1265
1266 if (orgGroupPermissions.size() == 0) {
1267 return false;
1268 }
1269
1270 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1271 if (orgGroupPermission.containsOrganization(organizations) &&
1272 orgGroupPermission.containsGroup(groups)) {
1273
1274 return true;
1275 }
1276 }
1277
1278
1279
1280
1281
1282 throw new NoSuchPermissionException(
1283 "User has a permission in OrgGroupPermission that does not match");
1284 }
1285
1286 protected void checkPermission(Resource resource, String actionId)
1287 throws PortalException, SystemException {
1288
1289 long permissionId = counterLocalService.increment(
1290 Permission.class.getName());
1291
1292 Permission permission = permissionPersistence.create(permissionId);
1293
1294 permission.setCompanyId(resource.getCompanyId());
1295 permission.setActionId(actionId);
1296 permission.setResourceId(resource.getResourceId());
1297
1298 permissionPersistence.update(permission, false);
1299
1300 List<String> groupDefaultActions =
1301 ResourceActionsUtil.getModelResourceGroupDefaultActions(
1302 resource.getName());
1303
1304 if (groupDefaultActions.contains(actionId)) {
1305 addRolePermissions(RoleConstants.SITE_MEMBER, permission);
1306 }
1307
1308 List<String> guestDefaultActions =
1309 ResourceActionsUtil.getModelResourceGuestDefaultActions(
1310 resource.getName());
1311
1312 if (guestDefaultActions.contains(actionId)) {
1313 addRolePermissions(RoleConstants.GUEST, permission);
1314 }
1315
1316 addRolePermissions(RoleConstants.OWNER, permission);
1317
1318 SearchEngineUtil.updatePermissionFields(resource.getResourceId());
1319 }
1320
1321 protected boolean hasUserPermissions_1(
1322 long userId, long resourceId, String actionId,
1323 List<Permission> permissions, List<Group> groups, long groupId,
1324 StopWatch stopWatch, int block)
1325 throws SystemException {
1326
1327
1328
1329
1330 if (groups.size() > 0) {
1331 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1332 return true;
1333 }
1334 }
1335
1336 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1337
1338
1339
1340
1341 if (groups.size() > 0) {
1342 if (permissionFinder.countByGroupsPermissions(
1343 permissions, groups) > 0) {
1344
1345 return true;
1346 }
1347 }
1348
1349 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1350
1351
1352
1353 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1354 return true;
1355 }
1356
1357 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1358
1359
1360
1361 if (permissionFinder.countByUserGroupRole(
1362 permissions, userId, groupId) > 0) {
1363
1364 return true;
1365 }
1366
1367 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1368
1369
1370
1371 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1372 return true;
1373 }
1374
1375 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1376
1377 return false;
1378 }
1379
1380 protected boolean hasUserPermissions_2(
1381 long userId, long resourceId, String actionId,
1382 List<Permission> permissions, List<Group> groups, long groupId,
1383 StopWatch stopWatch, int block)
1384 throws SystemException {
1385
1386
1387
1388
1389 if (permissionFinder.containsPermissions_2(
1390 permissions, userId, groups, groupId)) {
1391
1392 return true;
1393 }
1394
1395 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1396
1397 return false;
1398 }
1399
1400 protected boolean hasUserPermissions_3(
1401 long userId, long resourceId, String actionId,
1402 List<Permission> permissions, List<Group> groups, List<Role> roles,
1403 StopWatch stopWatch, int block)
1404 throws SystemException {
1405
1406
1407
1408
1409 if (groups.size() > 0) {
1410 if (permissionFinder.countByGroupsPermissions(
1411 permissions, groups) > 0) {
1412
1413 return true;
1414 }
1415 }
1416
1417 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1418
1419
1420
1421
1422 if (roles.size() > 0) {
1423 if (permissionFinder.countByRolesPermissions(
1424 permissions, roles) > 0) {
1425
1426 return true;
1427 }
1428 }
1429
1430 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1431
1432
1433
1434 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1435 return true;
1436 }
1437
1438 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1439
1440 return false;
1441 }
1442
1443 protected boolean hasUserPermissions_4(
1444 long userId, long resourceId, String actionId,
1445 List<Permission> permissions, List<Group> groups, List<Role> roles,
1446 StopWatch stopWatch, int block)
1447 throws SystemException {
1448
1449
1450
1451
1452 if (permissionFinder.containsPermissions_4(
1453 permissions, userId, groups, roles)) {
1454
1455 return true;
1456 }
1457
1458 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1459
1460 return false;
1461 }
1462
1463 protected boolean hasUserPermissions_5(
1464 long userId, long resourceId, String actionId,
1465 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1466 int block)
1467 throws SystemException {
1468
1469 if (roles.size() > 0) {
1470 if (permissionFinder.countByRolesPermissions(
1471 permissions, roles) > 0) {
1472
1473 return true;
1474 }
1475 }
1476
1477 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1478
1479 return false;
1480 }
1481
1482 protected boolean hasUserPermissions_6(
1483 long userId, long resourceId, List<Resource> resources,
1484 String actionId, long[] roleIds, StopWatch stopWatch, int block)
1485 throws PortalException, SystemException {
1486
1487 boolean hasUserPermissions =
1488 resourcePermissionLocalService.hasResourcePermission(
1489 resources, roleIds, actionId);
1490
1491 logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1492
1493 return hasUserPermissions;
1494 }
1495
1496 protected void logHasUserPermissions(
1497 long userId, long resourceId, String actionId, StopWatch stopWatch,
1498 int block) {
1499
1500 if (!_log.isDebugEnabled()) {
1501 return;
1502 }
1503
1504 _log.debug(
1505 "Checking user permissions block " + block + " for " + userId +
1506 " " + resourceId + " " + actionId + " takes " +
1507 stopWatch.getTime() + " ms");
1508 }
1509
1510 protected void setContainerResourcePermissions(
1511 long companyId, String name, String roleName, String actionId)
1512 throws PortalException, SystemException {
1513
1514 ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1515 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1516
1517 if (resourceCode == null) {
1518 return;
1519 }
1520
1521 List<Group> groups = groupPersistence.findByCompanyId(companyId);
1522
1523 for (Group group : groups) {
1524 String primKey = Long.toString(group.getGroupId());
1525
1526 Resource resource = resourcePersistence.fetchByC_P(
1527 resourceCode.getCodeId(), primKey);
1528
1529 if (resource == null) {
1530 continue;
1531 }
1532
1533 Permission permission = permissionPersistence.fetchByA_R(
1534 actionId, resource.getResourceId());
1535
1536 if (permission == null) {
1537 long permissionId = counterLocalService.increment(
1538 Permission.class.getName());
1539
1540 permission = permissionPersistence.create(permissionId);
1541
1542 permission.setCompanyId(companyId);
1543 permission.setActionId(actionId);
1544 permission.setResourceId(resource.getResourceId());
1545
1546 permissionPersistence.update(permission, false);
1547 }
1548
1549 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1550 roleName.equals(RoleConstants.ORGANIZATION_USER) ||
1551 roleName.equals(RoleConstants.OWNER) ||
1552 roleName.equals(RoleConstants.SITE_MEMBER)) {
1553
1554 Role role = rolePersistence.findByC_N(companyId, roleName);
1555
1556 permissionPersistence.addRole(
1557 permission.getPermissionId(), role);
1558 }
1559 else {
1560 long defaultUserId = userLocalService.getDefaultUserId(
1561 companyId);
1562
1563 permissionPersistence.addUser(
1564 permission.getPermissionId(), defaultUserId);
1565 }
1566 }
1567 }
1568
1569 private static Log _log = LogFactoryUtil.getLog(
1570 PermissionLocalServiceImpl.class);
1571
1572 }