001
014
015 package com.liferay.portlet.rolesadmin.action;
016
017 import com.liferay.portal.NoSuchRoleException;
018 import com.liferay.portal.RolePermissionsException;
019 import com.liferay.portal.kernel.servlet.SessionErrors;
020 import com.liferay.portal.kernel.servlet.SessionMessages;
021 import com.liferay.portal.kernel.util.ArrayUtil;
022 import com.liferay.portal.kernel.util.Constants;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.ParamUtil;
026 import com.liferay.portal.kernel.util.StringUtil;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.ResourceConstants;
030 import com.liferay.portal.model.Role;
031 import com.liferay.portal.model.RoleConstants;
032 import com.liferay.portal.security.auth.PrincipalException;
033 import com.liferay.portal.security.permission.ResourceActionsUtil;
034 import com.liferay.portal.security.permission.comparator.ActionComparator;
035 import com.liferay.portal.service.PermissionServiceUtil;
036 import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
037 import com.liferay.portal.service.ResourceBlockServiceUtil;
038 import com.liferay.portal.service.ResourcePermissionServiceUtil;
039 import com.liferay.portal.service.RoleLocalServiceUtil;
040 import com.liferay.portal.struts.PortletAction;
041 import com.liferay.portal.theme.ThemeDisplay;
042 import com.liferay.portal.util.PortalUtil;
043 import com.liferay.portal.util.PropsValues;
044 import com.liferay.portal.util.WebKeys;
045
046 import java.util.HashMap;
047 import java.util.List;
048 import java.util.Map;
049
050 import javax.portlet.ActionRequest;
051 import javax.portlet.ActionResponse;
052 import javax.portlet.PortletConfig;
053 import javax.portlet.RenderRequest;
054 import javax.portlet.RenderResponse;
055
056 import org.apache.struts.action.ActionForm;
057 import org.apache.struts.action.ActionForward;
058 import org.apache.struts.action.ActionMapping;
059
060
065 public class EditRolePermissionsAction extends PortletAction {
066
067 @Override
068 public void processAction(
069 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
070 ActionRequest actionRequest, ActionResponse actionResponse)
071 throws Exception {
072
073 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
074
075 try {
076 if (cmd.equals("actions")) {
077 updateActions(actionRequest, actionResponse);
078 }
079 else if (cmd.equals("delete_permission")) {
080 deletePermission(actionRequest, actionResponse);
081 }
082 }
083 catch (Exception e) {
084 if (e instanceof NoSuchRoleException ||
085 e instanceof PrincipalException ||
086 e instanceof RolePermissionsException) {
087
088 SessionErrors.add(actionRequest, e.getClass().getName());
089
090 setForward(actionRequest, "portlet.roles_admin.error");
091 }
092 else {
093 throw e;
094 }
095 }
096 }
097
098 @Override
099 public ActionForward render(
100 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
101 RenderRequest renderRequest, RenderResponse renderResponse)
102 throws Exception {
103
104 try {
105 ActionUtil.getRole(renderRequest);
106 }
107 catch (Exception e) {
108 if (e instanceof NoSuchRoleException ||
109 e instanceof PrincipalException) {
110
111 SessionErrors.add(renderRequest, e.getClass().getName());
112
113 return mapping.findForward("portlet.roles_admin.error");
114 }
115 else {
116 throw e;
117 }
118 }
119
120 return mapping.findForward(getForward(
121 renderRequest, "portlet.roles_admin.edit_role_permissions"));
122 }
123
124 protected void deletePermission(
125 ActionRequest actionRequest, ActionResponse actionResponse)
126 throws Exception {
127
128 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
129 WebKeys.THEME_DISPLAY);
130
131 long roleId = ParamUtil.getLong(actionRequest, "roleId");
132 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
133 String name = ParamUtil.getString(actionRequest, "name");
134 int scope = ParamUtil.getInteger(actionRequest, "scope");
135 String primKey = ParamUtil.getString(actionRequest, "primKey");
136 String actionId = ParamUtil.getString(actionRequest, "actionId");
137
138 Role role = RoleLocalServiceUtil.getRole(roleId);
139
140 String roleName = role.getName();
141
142 if (roleName.equals(RoleConstants.ADMINISTRATOR) ||
143 roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
144 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
145 roleName.equals(RoleConstants.OWNER) ||
146 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
147 roleName.equals(RoleConstants.SITE_OWNER)) {
148
149 throw new RolePermissionsException(roleName);
150 }
151
152 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
153 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
154 if (scope == ResourceConstants.SCOPE_GROUP) {
155 ResourceBlockServiceUtil.removeGroupScopePermission(
156 themeDisplay.getScopeGroupId(),
157 themeDisplay.getCompanyId(),
158 GetterUtil.getLong(primKey), name, roleId, actionId);
159 }
160 else {
161 ResourceBlockServiceUtil.removeCompanyScopePermission(
162 themeDisplay.getScopeGroupId(),
163 themeDisplay.getCompanyId(), name, roleId, actionId);
164 }
165 }
166 else {
167 ResourcePermissionServiceUtil.removeResourcePermission(
168 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
169 name, scope, primKey, roleId, actionId);
170 }
171 }
172 else {
173 PermissionServiceUtil.unsetRolePermission(
174 roleId, themeDisplay.getScopeGroupId(), permissionId);
175 }
176
177
178
179 SessionMessages.add(actionRequest, "permissionDeleted");
180
181 String redirect = PortalUtil.escapeRedirect(
182 ParamUtil.getString(actionRequest, "redirect"));
183
184 if (Validator.isNotNull(redirect)) {
185 actionResponse.sendRedirect(redirect);
186 }
187 }
188
189 protected void updateAction_1to5(
190 Role role, long groupId, String selResource, String actionId,
191 boolean selected, int scope, String[] groupIds)
192 throws Exception {
193
194 long roleId = role.getRoleId();
195
196 if (selected) {
197 if (scope == ResourceConstants.SCOPE_COMPANY) {
198 PermissionServiceUtil.setRolePermission(
199 roleId, groupId, selResource, scope,
200 String.valueOf(role.getCompanyId()), actionId);
201 }
202 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
203 PermissionServiceUtil.setRolePermission(
204 roleId, groupId, selResource,
205 ResourceConstants.SCOPE_GROUP_TEMPLATE,
206 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
207 actionId);
208 }
209 else {
210 PermissionServiceUtil.unsetRolePermissions(
211 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
212 actionId);
213
214 for (String curGroupId : groupIds) {
215 PermissionServiceUtil.setRolePermission(
216 roleId, groupId, selResource,
217 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
218 }
219 }
220 }
221 else {
222
223
224
225 PermissionServiceUtil.unsetRolePermissions(
226 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
227 actionId);
228
229 PermissionServiceUtil.unsetRolePermissions(
230 roleId, groupId, selResource,
231 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
232
233 PermissionServiceUtil.unsetRolePermissions(
234 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
235 actionId);
236 }
237 }
238
239 protected void updateAction_6(
240 Role role, long groupId, String selResource, String actionId,
241 boolean selected, int scope, String[] groupIds)
242 throws Exception {
243
244 long companyId = role.getCompanyId();
245 long roleId = role.getRoleId();
246
247 if (selected) {
248 if (scope == ResourceConstants.SCOPE_COMPANY) {
249 ResourcePermissionServiceUtil.addResourcePermission(
250 groupId, companyId, selResource, scope,
251 String.valueOf(role.getCompanyId()), roleId, actionId);
252 }
253 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
254 ResourcePermissionServiceUtil.addResourcePermission(
255 groupId, companyId, selResource,
256 ResourceConstants.SCOPE_GROUP_TEMPLATE,
257 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
258 roleId, actionId);
259 }
260 else if (scope == ResourceConstants.SCOPE_GROUP) {
261 ResourcePermissionServiceUtil.removeResourcePermissions(
262 groupId, companyId, selResource,
263 ResourceConstants.SCOPE_GROUP, roleId, actionId);
264
265 for (String curGroupId : groupIds) {
266 ResourcePermissionServiceUtil.addResourcePermission(
267 groupId, companyId, selResource,
268 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
269 actionId);
270 }
271 }
272 }
273 else {
274
275
276
277 ResourcePermissionServiceUtil.removeResourcePermissions(
278 groupId, companyId, selResource,
279 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
280
281 ResourcePermissionServiceUtil.removeResourcePermissions(
282 groupId, companyId, selResource,
283 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
284
285 ResourcePermissionServiceUtil.removeResourcePermissions(
286 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
287 roleId, actionId);
288 }
289 }
290
291 protected void updateActions(
292 ActionRequest actionRequest, ActionResponse actionResponse)
293 throws Exception {
294
295 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
296 WebKeys.THEME_DISPLAY);
297
298 long roleId = ParamUtil.getLong(actionRequest, "roleId");
299
300 Role role = RoleLocalServiceUtil.getRole(roleId);
301
302 String roleName = role.getName();
303
304 if (roleName.equals(RoleConstants.ADMINISTRATOR) ||
305 roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
306 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
307 roleName.equals(RoleConstants.OWNER) ||
308 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
309 roleName.equals(RoleConstants.SITE_OWNER)) {
310
311 throw new RolePermissionsException(roleName);
312 }
313
314 String portletResource = ParamUtil.getString(
315 actionRequest, "portletResource");
316 String[] modelResources = StringUtil.split(
317 ParamUtil.getString(actionRequest, "modelResources"));
318 boolean showModelResources = ParamUtil.getBoolean(
319 actionRequest, "showModelResources");
320
321 Map<String, List<String>> resourceActionsMap =
322 new HashMap<String, List<String>>();
323
324 if (showModelResources) {
325 for (String modelResource : modelResources) {
326 resourceActionsMap.put(
327 modelResource,
328 ResourceActionsUtil.getResourceActions(
329 null, modelResource));
330 }
331 }
332 else if (Validator.isNotNull(portletResource)) {
333 resourceActionsMap.put(
334 portletResource,
335 ResourceActionsUtil.getResourceActions(portletResource, null));
336 }
337
338 String[] selectedTargets = StringUtil.split(
339 ParamUtil.getString(actionRequest, "selectedTargets"));
340
341 for (Map.Entry<String, List<String>> entry :
342 resourceActionsMap.entrySet()) {
343
344 String selResource = entry.getKey();
345 List<String> actions = entry.getValue();
346
347 actions = ListUtil.sort(
348 actions, new ActionComparator(themeDisplay.getLocale()));
349
350 for (String actionId : actions) {
351 String target = selResource + actionId;
352
353 boolean selected = ArrayUtil.contains(selectedTargets, target);
354
355 String[] groupIds = StringUtil.split(
356 ParamUtil.getString(actionRequest, "groupIds" + target));
357
358 groupIds = ArrayUtil.distinct(groupIds);
359
360 int scope = ResourceConstants.SCOPE_COMPANY;
361
362 if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) ||
363 (role.getType() == RoleConstants.TYPE_PROVIDER) ||
364 (role.getType() == RoleConstants.TYPE_SITE)) {
365
366 scope = ResourceConstants.SCOPE_GROUP_TEMPLATE;
367 }
368 else {
369 if (groupIds.length > 0) {
370 scope = ResourceConstants.SCOPE_GROUP;
371 }
372 }
373
374 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
375 if (ResourceBlockLocalServiceUtil.isSupported(
376 selResource)) {
377
378 updateActions_6Blocks(
379 role, themeDisplay.getScopeGroupId(), selResource,
380 actionId, selected, scope, groupIds);
381 }
382 else {
383 updateAction_6(
384 role, themeDisplay.getScopeGroupId(), selResource,
385 actionId, selected, scope, groupIds);
386 }
387 }
388 else {
389 updateAction_1to5(
390 role, themeDisplay.getScopeGroupId(), selResource,
391 actionId, selected, scope, groupIds);
392 }
393 }
394 }
395
396
397
398 SessionMessages.add(actionRequest, "permissionsUpdated");
399
400 String redirect = PortalUtil.escapeRedirect(
401 ParamUtil.getString(actionRequest, "redirect"));
402
403 if (Validator.isNotNull(redirect)) {
404 redirect = redirect + "&" + Constants.CMD + "=" + Constants.VIEW;
405
406 actionResponse.sendRedirect(redirect);
407 }
408 }
409
410 protected void updateActions_6Blocks(
411 Role role, long scopeGroupId, String selResource, String actionId,
412 boolean selected, int scope, String[] groupIds)
413 throws Exception {
414
415 long companyId = role.getCompanyId();
416 long roleId = role.getRoleId();
417
418 if (selected) {
419 if (scope == ResourceConstants.SCOPE_GROUP) {
420 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
421 scopeGroupId, companyId, selResource, roleId, actionId);
422 ResourceBlockServiceUtil.removeCompanyScopePermission(
423 scopeGroupId, companyId, selResource, roleId, actionId);
424
425 for (String groupId : groupIds) {
426 ResourceBlockServiceUtil.addGroupScopePermission(
427 scopeGroupId, companyId, GetterUtil.getLong(groupId),
428 selResource, roleId, actionId);
429 }
430 }
431 else {
432 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
433 scopeGroupId, companyId, selResource, roleId, actionId);
434 ResourceBlockServiceUtil.addCompanyScopePermission(
435 scopeGroupId, companyId, selResource, roleId, actionId);
436 }
437 }
438 else {
439 ResourceBlockServiceUtil.removeAllGroupScopePermissions(
440 scopeGroupId, companyId, selResource, roleId, actionId);
441 ResourceBlockServiceUtil.removeCompanyScopePermission(
442 scopeGroupId, companyId, selResource, roleId, actionId);
443 }
444 }
445
446 }