001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.admin.util;
016    
017    import com.liferay.portal.model.Group;
018    import com.liferay.portal.model.GroupConstants;
019    import com.liferay.portal.model.Permission;
020    import com.liferay.portal.model.ResourceConstants;
021    import com.liferay.portal.model.ResourcePermission;
022    import com.liferay.portal.model.Role;
023    import com.liferay.portal.model.RoleConstants;
024    import com.liferay.portal.security.permission.ActionKeys;
025    import com.liferay.portal.service.GroupLocalServiceUtil;
026    import com.liferay.portal.service.PermissionLocalServiceUtil;
027    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
028    import com.liferay.portal.service.RoleLocalServiceUtil;
029    import com.liferay.portal.util.PortalUtil;
030    import com.liferay.portal.util.PropsValues;
031    
032    import java.util.List;
033    
034    import javax.portlet.ActionRequest;
035    
036    /**
037     * @author Raymond Augé
038     */
039    public class CleanUpPermissionsUtil {
040    
041            public static void cleanUpAddToPagePermissions(ActionRequest actionRequest)
042                    throws Exception {
043    
044                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
045                            _cleanUpAddToPagePermissions_5(actionRequest);
046                    }
047                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
048                            _cleanUpAddToPagePermissions_6(actionRequest);
049                    }
050            }
051    
052            private static void _cleanUpAddToPagePermissions_5(
053                            ActionRequest actionRequest)
054                    throws Exception {
055    
056                    long companyId = PortalUtil.getCompanyId(actionRequest);
057    
058                    Role role = RoleLocalServiceUtil.getRole(
059                            companyId, RoleConstants.GUEST);
060    
061                    _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), false);
062    
063                    role = RoleLocalServiceUtil.getRole(
064                            companyId, RoleConstants.POWER_USER);
065    
066                    _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), false);
067    
068                    role = RoleLocalServiceUtil.getRole(companyId, RoleConstants.USER);
069    
070                    _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), true);
071            }
072    
073            private static void _cleanUpAddToPagePermissions_5(
074                            long companyId, long roleId, boolean limitScope)
075                    throws Exception {
076    
077                    List<Permission> rolePermissions =
078                            PermissionLocalServiceUtil.getRolePermissions(roleId);
079    
080                    Group userPersonalSite = GroupLocalServiceUtil.getGroup(
081                            companyId, GroupConstants.USER_PERSONAL_SITE);
082    
083                    String groupIdString = String.valueOf(userPersonalSite.getGroupId());
084    
085                    for (Permission permission : rolePermissions) {
086                            if (permission.getActionId() != ActionKeys.ADD_TO_PAGE) {
087                                    continue;
088                            }
089    
090                            PermissionLocalServiceUtil.unsetRolePermission(
091                                    roleId, companyId, permission.getName(), permission.getScope(),
092                                    permission.getPrimKey(), ActionKeys.ADD_TO_PAGE);
093    
094                            if (!limitScope || groupIdString.equals(permission.getPrimKey())) {
095                                    continue;
096                            }
097    
098                            PermissionLocalServiceUtil.setRolePermission(
099                                    roleId, companyId, permission.getName(),
100                                    ResourceConstants.SCOPE_GROUP, groupIdString,
101                                    ActionKeys.ADD_TO_PAGE);
102                    }
103            }
104    
105            private static void _cleanUpAddToPagePermissions_6(
106                            ActionRequest actionRequest)
107                    throws Exception {
108    
109                    long companyId = PortalUtil.getCompanyId(actionRequest);
110    
111                    Role role = RoleLocalServiceUtil.getRole(
112                            companyId, RoleConstants.GUEST);
113    
114                    _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), false);
115    
116                    role = RoleLocalServiceUtil.getRole(
117                            companyId, RoleConstants.POWER_USER);
118    
119                    _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), false);
120    
121                    role = RoleLocalServiceUtil.getRole(companyId, RoleConstants.USER);
122    
123                    _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), true);
124            }
125    
126            private static void _cleanUpAddToPagePermissions_6(
127                            long companyId, long roleId, boolean limitScope)
128                    throws Exception {
129    
130                    List<ResourcePermission> roleResourcePermissions =
131                            ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
132                                    roleId);
133    
134                    Group userPersonalSite = GroupLocalServiceUtil.getGroup(
135                            companyId, GroupConstants.USER_PERSONAL_SITE);
136    
137                    String groupIdString = String.valueOf(userPersonalSite.getGroupId());
138    
139                    for (ResourcePermission resourcePermission : roleResourcePermissions) {
140                            if (!resourcePermission.hasActionId(ActionKeys.ADD_TO_PAGE)) {
141                                    continue;
142                            }
143    
144                            ResourcePermissionLocalServiceUtil.removeResourcePermission(
145                                    companyId, resourcePermission.getName(),
146                                    resourcePermission.getScope(), resourcePermission.getPrimKey(),
147                                    roleId, ActionKeys.ADD_TO_PAGE);
148    
149                            if (!limitScope ||
150                                    groupIdString.equals(resourcePermission.getPrimKey())) {
151    
152                                    continue;
153                            }
154    
155                            ResourcePermissionLocalServiceUtil.addResourcePermission(
156                                    companyId, resourcePermission.getName(),
157                                    ResourceConstants.SCOPE_GROUP, groupIdString, roleId,
158                                    ActionKeys.ADD_TO_PAGE);
159                    }
160            }
161    
162    }