001
014
015 package com.liferay.portal.lar;
016
017 import com.liferay.portal.NoSuchTeamException;
018 import com.liferay.portal.kernel.lar.PortletDataContext;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portal.kernel.util.KeyValuePair;
023 import com.liferay.portal.kernel.util.LocalizationUtil;
024 import com.liferay.portal.kernel.xml.Document;
025 import com.liferay.portal.kernel.xml.Element;
026 import com.liferay.portal.kernel.xml.SAXReaderUtil;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.Layout;
030 import com.liferay.portal.model.Portlet;
031 import com.liferay.portal.model.PortletConstants;
032 import com.liferay.portal.model.Resource;
033 import com.liferay.portal.model.ResourceConstants;
034 import com.liferay.portal.model.Role;
035 import com.liferay.portal.model.Team;
036 import com.liferay.portal.model.User;
037 import com.liferay.portal.service.GroupLocalServiceUtil;
038 import com.liferay.portal.service.PermissionLocalServiceUtil;
039 import com.liferay.portal.service.PortletLocalServiceUtil;
040 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
041 import com.liferay.portal.service.RoleLocalServiceUtil;
042 import com.liferay.portal.service.TeamLocalServiceUtil;
043 import com.liferay.portal.service.permission.PortletPermissionUtil;
044 import com.liferay.portal.util.PropsValues;
045
046 import java.util.ArrayList;
047 import java.util.HashMap;
048 import java.util.List;
049 import java.util.Locale;
050 import java.util.Map;
051
052
063 public class PermissionImporter {
064
065 protected List<String> getActions(Element element) {
066 List<String> actions = new ArrayList<String>();
067
068 List<Element> actionKeyElements = element.elements("action-key");
069
070 for (Element actionKeyElement : actionKeyElements) {
071 actions.add(actionKeyElement.getText());
072 }
073
074 return actions;
075 }
076
077 protected void importGroupPermissions(
078 LayoutCache layoutCache, long companyId, long groupId,
079 String resourceName, String resourcePrimKey, Element parentElement,
080 String elementName, boolean portletActions)
081 throws Exception {
082
083 Element actionElement = parentElement.element(elementName);
084
085 if (actionElement == null) {
086 return;
087 }
088
089 List<String> actions = getActions(actionElement);
090
091 Resource resource = layoutCache.getResource(
092 companyId, groupId, resourceName,
093 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
094 portletActions);
095
096 PermissionLocalServiceUtil.setGroupPermissions(
097 groupId, actions.toArray(new String[actions.size()]),
098 resource.getResourceId());
099 }
100
101 protected void importGroupRoles(
102 LayoutCache layoutCache, long companyId, long groupId,
103 String resourceName, String entityName, Element parentElement)
104 throws Exception {
105
106 Element entityRolesElement = parentElement.element(
107 entityName + "-roles");
108
109 if (entityRolesElement == null) {
110 return;
111 }
112
113 importRolePermissions(
114 layoutCache, companyId, resourceName, ResourceConstants.SCOPE_GROUP,
115 String.valueOf(groupId), entityRolesElement, true);
116 }
117
118 protected void importInheritedPermissions(
119 LayoutCache layoutCache, long companyId, String resourceName,
120 String resourcePrimKey, Element permissionsElement,
121 String entityName, boolean portletActions)
122 throws Exception {
123
124 Element entityPermissionsElement = permissionsElement.element(
125 entityName + "-permissions");
126
127 if (entityPermissionsElement == null) {
128 return;
129 }
130
131 List<Element> actionsElements = entityPermissionsElement.elements(
132 entityName + "-actions");
133
134 for (int i = 0; i < actionsElements.size(); i++) {
135 Element actionElement = actionsElements.get(i);
136
137 String name = actionElement.attributeValue("name");
138
139 long entityGroupId = layoutCache.getEntityGroupId(
140 companyId, entityName, name);
141
142 if (entityGroupId == 0) {
143 _log.warn(
144 "Ignore inherited permissions for entity " + entityName +
145 " with name " + name);
146 }
147 else {
148 Element parentElement = SAXReaderUtil.createElement("parent");
149
150 parentElement.add(actionElement.createCopy());
151
152 importGroupPermissions(
153 layoutCache, companyId, entityGroupId, resourceName,
154 resourcePrimKey, parentElement, entityName + "-actions",
155 portletActions);
156 }
157 }
158 }
159
160 protected void importInheritedRoles(
161 LayoutCache layoutCache, long companyId, long groupId,
162 String resourceName, String entityName, Element parentElement)
163 throws Exception {
164
165 Element entityRolesElement = parentElement.element(
166 entityName + "-roles");
167
168 if (entityRolesElement == null) {
169 return;
170 }
171
172 List<Element> entityElements = entityRolesElement.elements(entityName);
173
174 for (Element entityElement : entityElements) {
175 String name = entityElement.attributeValue("name");
176
177 long entityGroupId = layoutCache.getEntityGroupId(
178 companyId, entityName, name);
179
180 if (entityGroupId == 0) {
181 _log.warn(
182 "Ignore inherited roles for entity " + entityName +
183 " with name " + name);
184 }
185 else {
186 importRolePermissions(
187 layoutCache, companyId, resourceName,
188 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
189 entityElement, false);
190 }
191 }
192 }
193
194 protected void importLayoutPermissions(
195 LayoutCache layoutCache, long companyId, long groupId, long userId,
196 Layout layout, Element layoutElement, Element parentElement,
197 boolean importUserPermissions)
198 throws Exception {
199
200 Element permissionsElement = layoutElement.element("permissions");
201
202 if (permissionsElement != null) {
203 String resourceName = Layout.class.getName();
204 String resourcePrimKey = String.valueOf(layout.getPlid());
205
206 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
207 importPermissions_5(
208 layoutCache, companyId, groupId, userId, resourceName,
209 resourcePrimKey, permissionsElement, false);
210 }
211 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
212 importPermissions_6(
213 layoutCache, companyId, groupId, userId, resourceName,
214 resourcePrimKey, permissionsElement, false);
215 }
216 else {
217 Group guestGroup = GroupLocalServiceUtil.getGroup(
218 companyId, GroupConstants.GUEST);
219
220 importLayoutPermissions_1to4(
221 layoutCache, companyId, groupId, guestGroup, layout,
222 resourceName, resourcePrimKey, permissionsElement,
223 importUserPermissions);
224 }
225 }
226
227 Element rolesElement = parentElement.element("roles");
228
229 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
230 (rolesElement != null)) {
231
232 importLayoutRoles(layoutCache, companyId, groupId, rolesElement);
233 }
234 }
235
236 protected void importLayoutPermissions_1to4(
237 LayoutCache layoutCache, long companyId, long groupId,
238 Group guestGroup, Layout layout, String resourceName,
239 String resourcePrimKey, Element permissionsElement,
240 boolean importUserPermissions)
241 throws Exception {
242
243 importGroupPermissions(
244 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
245 permissionsElement, "community-actions", false);
246
247 if (groupId != guestGroup.getGroupId()) {
248 importGroupPermissions(
249 layoutCache, companyId, guestGroup.getGroupId(), resourceName,
250 resourcePrimKey, permissionsElement, "guest-actions", false);
251 }
252
253 if (importUserPermissions) {
254 importUserPermissions(
255 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
256 permissionsElement, false);
257 }
258
259 importInheritedPermissions(
260 layoutCache, companyId, resourceName, resourcePrimKey,
261 permissionsElement, "organization", false);
262
263 importInheritedPermissions(
264 layoutCache, companyId, resourceName, resourcePrimKey,
265 permissionsElement, "user-group", false);
266 }
267
268 protected void importLayoutRoles(
269 LayoutCache layoutCache, long companyId, long groupId,
270 Element rolesElement)
271 throws Exception {
272
273 String resourceName = Layout.class.getName();
274
275 importGroupRoles(
276 layoutCache, companyId, groupId, resourceName, "community",
277 rolesElement);
278
279 importUserRoles(
280 layoutCache, companyId, groupId, resourceName, rolesElement);
281
282 importInheritedRoles(
283 layoutCache, companyId, groupId, resourceName, "organization",
284 rolesElement);
285
286 importInheritedRoles(
287 layoutCache, companyId, groupId, resourceName, "user-group",
288 rolesElement);
289 }
290
291 protected void importPermissions_5(
292 LayoutCache layoutCache, long companyId, long groupId, long userId,
293 String resourceName, String resourcePrimKey,
294 Element permissionsElement, boolean portletActions)
295 throws Exception {
296
297 Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
298
299 List<Element> roleElements = permissionsElement.elements("role");
300
301 for (Element roleElement : roleElements) {
302 String name = roleElement.attributeValue("name");
303
304 Role role = null;
305
306 if (name.startsWith(PermissionExporter.ROLE_TEAM_PREFIX)) {
307 name = name.substring(
308 PermissionExporter.ROLE_TEAM_PREFIX.length());
309
310 String description = roleElement.attributeValue("description");
311
312 Team team = null;
313
314 try {
315 team = TeamLocalServiceUtil.getTeam(groupId, name);
316 }
317 catch (NoSuchTeamException nste) {
318 team = TeamLocalServiceUtil.addTeam(
319 userId, groupId, name, description);
320 }
321
322 role = RoleLocalServiceUtil.getTeamRole(
323 companyId, team.getTeamId());
324 }
325 else {
326 role = layoutCache.getRole(companyId, name);
327 }
328
329 if (role == null) {
330 String title = roleElement.attributeValue("title");
331
332 Map<Locale, String> titleMap =
333 LocalizationUtil.getLocalizationMap(title);
334
335 String description = roleElement.attributeValue("description");
336
337 Map<Locale, String> descriptionMap =
338 LocalizationUtil.getLocalizationMap(description);
339
340 int type = Integer.valueOf(roleElement.attributeValue("type"));
341
342 role = RoleLocalServiceUtil.addRole(
343 userId, companyId, name, titleMap, descriptionMap, type);
344 }
345
346 List<String> actions = getActions(roleElement);
347
348 roleIdsToActionIds.put(
349 role.getRoleId(), actions.toArray(new String[actions.size()]));
350 }
351
352 if (roleIdsToActionIds.isEmpty()) {
353 return;
354 }
355
356 PermissionLocalServiceUtil.setRolesPermissions(
357 companyId, roleIdsToActionIds, resourceName,
358 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey);
359 }
360
361 protected void importPermissions_6(
362 LayoutCache layoutCache, long companyId, long groupId, long userId,
363 String resourceName, String resourcePrimKey,
364 Element permissionsElement, boolean portletActions)
365 throws Exception {
366
367 Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
368
369 List<Element> roleElements = permissionsElement.elements("role");
370
371 for (Element roleElement : roleElements) {
372 String name = roleElement.attributeValue("name");
373 int type = GetterUtil.getInteger(
374 roleElement.attributeValue("type"));
375
376 Role role = null;
377
378 if (name.startsWith(PermissionExporter.ROLE_TEAM_PREFIX)) {
379 name = name.substring(
380 PermissionExporter.ROLE_TEAM_PREFIX.length());
381
382 String description = roleElement.attributeValue("description");
383
384 Team team = null;
385
386 try {
387 team = TeamLocalServiceUtil.getTeam(groupId, name);
388 }
389 catch (NoSuchTeamException nste) {
390 team = TeamLocalServiceUtil.addTeam(
391 userId, groupId, name, description);
392 }
393
394 role = RoleLocalServiceUtil.getTeamRole(
395 companyId, team.getTeamId());
396 }
397 else {
398 role = layoutCache.getRole(companyId, name);
399 }
400
401 if (role == null) {
402 String title = roleElement.attributeValue("title");
403
404 Map<Locale, String> titleMap =
405 LocalizationUtil.getLocalizationMap(title);
406
407 String description = roleElement.attributeValue("description");
408
409 Map<Locale, String> descriptionMap =
410 LocalizationUtil.getLocalizationMap(description);
411
412 role = RoleLocalServiceUtil.addRole(
413 userId, companyId, name, titleMap, descriptionMap, type);
414 }
415
416 List<String> actions = getActions(roleElement);
417
418 roleIdsToActionIds.put(
419 role.getRoleId(), actions.toArray(new String[actions.size()]));
420 }
421
422 if (roleIdsToActionIds.isEmpty()) {
423 return;
424 }
425
426 ResourcePermissionLocalServiceUtil.setResourcePermissions(
427 companyId, resourceName, ResourceConstants.SCOPE_INDIVIDUAL,
428 resourcePrimKey, roleIdsToActionIds);
429 }
430
431 protected void importPortletPermissions(
432 LayoutCache layoutCache, long companyId, long groupId, long userId,
433 Layout layout, Element portletElement, String portletId,
434 boolean importUserPermissions)
435 throws Exception {
436
437 Element permissionsElement = portletElement.element("permissions");
438
439 if (permissionsElement != null) {
440 String resourceName = PortletConstants.getRootPortletId(portletId);
441
442 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
443 layout.getPlid(), portletId);
444
445 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
446 importPermissions_5(
447 layoutCache, companyId, groupId, userId, resourceName,
448 resourcePrimKey, permissionsElement, true);
449 }
450 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
451 importPermissions_6(
452 layoutCache, companyId, groupId, userId, resourceName,
453 resourcePrimKey, permissionsElement, true);
454 }
455 else {
456 Group guestGroup = GroupLocalServiceUtil.getGroup(
457 companyId, GroupConstants.GUEST);
458
459 importPortletPermissions_1to4(
460 layoutCache, companyId, groupId, guestGroup, layout,
461 permissionsElement, importUserPermissions);
462 }
463 }
464
465 Element rolesElement = portletElement.element("roles");
466
467 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
468 (rolesElement != null)) {
469
470 importPortletRoles(layoutCache, companyId, groupId, portletElement);
471 importPortletRoles(
472 layoutCache, companyId, groupId, portletId, rolesElement);
473 }
474 }
475
476 protected void importPortletPermissions_1to4(
477 LayoutCache layoutCache, long companyId, long groupId,
478 Group guestGroup, Layout layout, Element permissionsElement,
479 boolean importUserPermissions)
480 throws Exception {
481
482 List<Element> portletElements = permissionsElement.elements("portlet");
483
484 for (Element portletElement : portletElements) {
485 String portletId = portletElement.attributeValue("portlet-id");
486
487 String resourceName = PortletConstants.getRootPortletId(portletId);
488 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
489 layout.getPlid(), portletId);
490
491 Portlet portlet = PortletLocalServiceUtil.getPortletById(
492 companyId, resourceName);
493
494 if (portlet == null) {
495 if (_log.isDebugEnabled()) {
496 _log.debug(
497 "Do not import portlet permissions for " + portletId +
498 " because the portlet does not exist");
499 }
500 }
501 else {
502 importGroupPermissions(
503 layoutCache, companyId, groupId, resourceName,
504 resourcePrimKey, portletElement, "community-actions", true);
505
506 if (groupId != guestGroup.getGroupId()) {
507 importGroupPermissions(
508 layoutCache, companyId, guestGroup.getGroupId(),
509 resourceName, resourcePrimKey, portletElement,
510 "guest-actions", true);
511 }
512
513 if (importUserPermissions) {
514 importUserPermissions(
515 layoutCache, companyId, groupId, resourceName,
516 resourcePrimKey, portletElement, true);
517 }
518
519 importInheritedPermissions(
520 layoutCache, companyId, resourceName, resourcePrimKey,
521 portletElement, "organization", true);
522
523 importInheritedPermissions(
524 layoutCache, companyId, resourceName, resourcePrimKey,
525 portletElement, "user-group", true);
526 }
527 }
528 }
529
530 protected void importPortletRoles(
531 LayoutCache layoutCache, long companyId, long groupId,
532 Element rolesElement)
533 throws Exception {
534
535 List<Element> portletElements = rolesElement.elements("portlet");
536
537 for (Element portletElement : portletElements) {
538 String portletId = portletElement.attributeValue("portlet-id");
539
540 String resourceName = PortletConstants.getRootPortletId(portletId);
541
542 Portlet portlet = PortletLocalServiceUtil.getPortletById(
543 companyId, resourceName);
544
545 if (portlet == null) {
546 if (_log.isDebugEnabled()) {
547 _log.debug(
548 "Do not import portlet roles for " + portletId +
549 " because the portlet does not exist");
550 }
551 }
552 else {
553 importGroupRoles(
554 layoutCache, companyId, groupId, resourceName, "community",
555 portletElement);
556
557 importUserRoles(
558 layoutCache, companyId, groupId, resourceName,
559 portletElement);
560
561 importInheritedRoles(
562 layoutCache, companyId, groupId, resourceName,
563 "organization", portletElement);
564
565 importInheritedRoles(
566 layoutCache, companyId, groupId, resourceName, "user-group",
567 portletElement);
568 }
569 }
570 }
571
572 protected void importPortletRoles(
573 LayoutCache layoutCache, long companyId, long groupId,
574 String portletId, Element rolesElement)
575 throws Exception {
576
577 String resourceName = PortletConstants.getRootPortletId(portletId);
578
579 Portlet portlet = PortletLocalServiceUtil.getPortletById(
580 companyId, resourceName);
581
582 if (portlet == null) {
583 if (_log.isDebugEnabled()) {
584 _log.debug(
585 "Do not import portlet roles for " + portletId +
586 " because the portlet does not exist");
587 }
588 }
589 else {
590 importGroupRoles(
591 layoutCache, companyId, groupId, resourceName, "community",
592 rolesElement);
593
594 importUserRoles(
595 layoutCache, companyId, groupId, resourceName, rolesElement);
596
597 importInheritedRoles(
598 layoutCache, companyId, groupId, resourceName, "organization",
599 rolesElement);
600
601 importInheritedRoles(
602 layoutCache, companyId, groupId, resourceName, "user-group",
603 rolesElement);
604 }
605 }
606
607 protected void importRolePermissions(
608 LayoutCache layoutCache, long companyId, String resourceName,
609 int scope, String resourcePrimKey, Element parentElement,
610 boolean communityRole)
611 throws Exception {
612
613 List<Element> roleElements = parentElement.elements("role");
614
615 for (Element roleElement : roleElements) {
616 String roleName = roleElement.attributeValue("name");
617
618 Role role = layoutCache.getRole(companyId, roleName);
619
620 if (role == null) {
621 _log.warn(
622 "Ignoring permissions for role with name " + roleName);
623 }
624 else {
625 List<String> actions = getActions(roleElement);
626
627 PermissionLocalServiceUtil.setRolePermissions(
628 role.getRoleId(), companyId, resourceName, scope,
629 resourcePrimKey,
630 actions.toArray(new String[actions.size()]));
631
632 if (communityRole) {
633 long[] groupIds = {GetterUtil.getLong(resourcePrimKey)};
634
635 GroupLocalServiceUtil.addRoleGroups(
636 role.getRoleId(), groupIds);
637 }
638 }
639 }
640 }
641
642 protected void importUserPermissions(
643 LayoutCache layoutCache, long companyId, long groupId,
644 String resourceName, String resourcePrimKey, Element parentElement,
645 boolean portletActions)
646 throws Exception {
647
648 Element userPermissionsElement = parentElement.element(
649 "user-permissions");
650
651 if (userPermissionsElement == null) {
652 return;
653 }
654
655 List<Element> userActionsElements = userPermissionsElement.elements(
656 "user-actions");
657
658 for (Element userActionsElement : userActionsElements) {
659 String uuid = userActionsElement.attributeValue("uuid");
660
661 User user = layoutCache.getUser(companyId, groupId, uuid);
662
663 if (user == null) {
664 if (_log.isWarnEnabled()) {
665 _log.warn(
666 "Ignoring permissions for user with uuid " + uuid);
667 }
668 }
669 else {
670 List<String> actions = getActions(userActionsElement);
671
672 Resource resource = layoutCache.getResource(
673 companyId, groupId, resourceName,
674 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
675 portletActions);
676
677 PermissionLocalServiceUtil.setUserPermissions(
678 user.getUserId(),
679 actions.toArray(new String[actions.size()]),
680 resource.getResourceId());
681 }
682 }
683 }
684
685 protected void importUserRoles(
686 LayoutCache layoutCache, long companyId, long groupId,
687 String resourceName, Element parentElement)
688 throws Exception {
689
690 Element userRolesElement = parentElement.element("user-roles");
691
692 if (userRolesElement == null) {
693 return;
694 }
695
696 List<Element> userElements = userRolesElement.elements("user");
697
698 for (Element userElement : userElements) {
699 String uuid = userElement.attributeValue("uuid");
700
701 User user = layoutCache.getUser(companyId, groupId, uuid);
702
703 if (user == null) {
704 if (_log.isWarnEnabled()) {
705 _log.warn("Ignoring roles for user with uuid " + uuid);
706 }
707 }
708 else {
709 importRolePermissions(
710 layoutCache, companyId, resourceName,
711 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
712 userElement, false);
713 }
714 }
715 }
716
717 protected void readPortletDataPermissions(
718 PortletDataContext portletDataContext)
719 throws Exception {
720
721 String xml = portletDataContext.getZipEntryAsString(
722 portletDataContext.getSourceRootPath() +
723 "/portlet-data-permissions.xml");
724
725 if (xml == null) {
726 return;
727 }
728
729 Document document = SAXReaderUtil.read(xml);
730
731 Element rootElement = document.getRootElement();
732
733 List<Element> portletDataElements = rootElement.elements(
734 "portlet-data");
735
736 for (Element portletDataElement : portletDataElements) {
737 String resourceName = portletDataElement.attributeValue(
738 "resource-name");
739 long resourcePK = GetterUtil.getLong(
740 portletDataElement.attributeValue("resource-pk"));
741
742 List<KeyValuePair> permissions = new ArrayList<KeyValuePair>();
743
744 List<Element> permissionsElements = portletDataElement.elements(
745 "permissions");
746
747 for (Element permissionsElement : permissionsElements) {
748 String roleName = permissionsElement.attributeValue(
749 "role-name");
750 String actions = permissionsElement.attributeValue("actions");
751
752 KeyValuePair permission = new KeyValuePair(roleName, actions);
753
754 permissions.add(permission);
755 }
756
757 portletDataContext.addPermissions(
758 resourceName, resourcePK, permissions);
759 }
760 }
761
762 private static Log _log = LogFactoryUtil.getLog(PermissionImporter.class);
763
764 }