001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchPermissionException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.search.SearchEngineUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.model.Group;
028    import com.liferay.portal.model.OrgGroupPermission;
029    import com.liferay.portal.model.Organization;
030    import com.liferay.portal.model.Permission;
031    import com.liferay.portal.model.Resource;
032    import com.liferay.portal.model.ResourceCode;
033    import com.liferay.portal.model.ResourceConstants;
034    import com.liferay.portal.model.Role;
035    import com.liferay.portal.model.RoleConstants;
036    import com.liferay.portal.model.User;
037    import com.liferay.portal.model.UserGroup;
038    import com.liferay.portal.security.permission.PermissionCacheUtil;
039    import com.liferay.portal.security.permission.PermissionCheckerBag;
040    import com.liferay.portal.security.permission.PermissionThreadLocal;
041    import com.liferay.portal.security.permission.ResourceActionsUtil;
042    import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
043    import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
044    import com.liferay.portal.util.PropsValues;
045    import com.liferay.portal.util.comparator.PermissionComparator;
046    
047    import java.util.ArrayList;
048    import java.util.HashSet;
049    import java.util.Iterator;
050    import java.util.List;
051    import java.util.Map;
052    import java.util.Set;
053    
054    import org.apache.commons.lang.time.StopWatch;
055    
056    /**
057     * The implementation of the permission local service.
058     *
059     * @author Charles May
060     * @author Brian Wing Shun Chan
061     * @author Raymond Augé
062     */
063    public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
064    
065            /**
066             * Adds a permission to perform the action on the resource.
067             *
068             * <p>
069             * This method will retrieve the permission of the company, action, and
070             * resource with the primary keys. The method creates the permission if it
071             * fails to retrieve it.
072             * </p>
073             *
074             * @param  companyId the primary key of the company
075             * @param  actionId the action's ID
076             * @param  resourceId the primary key of the resource
077             * @return the permission of the company, action, and resource with the
078             *         primary keys
079             * @throws SystemException if a system exception occurred
080             */
081            public Permission addPermission(
082                            long companyId, String actionId, long resourceId)
083                    throws SystemException {
084    
085                    Permission permission = permissionPersistence.fetchByA_R(
086                            actionId, resourceId);
087    
088                    if (permission == null) {
089                            long permissionId = counterLocalService.increment(
090                                    Permission.class.getName());
091    
092                            permission = permissionPersistence.create(permissionId);
093    
094                            permission.setCompanyId(companyId);
095                            permission.setActionId(actionId);
096                            permission.setResourceId(resourceId);
097    
098                            permissionPersistence.update(permission, false);
099                    }
100    
101                    return permission;
102            }
103    
104            /**
105             * Adds permissions to perform the actions on the resource.
106             *
107             * <p>
108             * This method will retrieve the permissions of the company, actions, and
109             * resource with the primary keys. The method creates any permissions it
110             * fails to retrieve.
111             * </p>
112             *
113             * @param  companyId the primary key of the company
114             * @param  actionIds the primary keys of the actions
115             * @param  resourceId the primary key of the resource
116             * @return the permissions to perform the actions on the resource
117             * @throws SystemException if a system exception occurred
118             */
119            public List<Permission> addPermissions(
120                            long companyId, List<String> actionIds, long resourceId)
121                    throws SystemException {
122    
123                    List<Permission> permissions = permissionPersistence.findByResourceId(
124                            resourceId);
125    
126                    permissions = ListUtil.copy(permissions);
127    
128                    Set<String> actionIdsSet = new HashSet<String>();
129    
130                    for (Permission permission : permissions) {
131                            actionIdsSet.add(permission.getActionId());
132                    }
133    
134                    for (String actionId : actionIds) {
135                            if (actionIdsSet.contains(actionId)) {
136                                    continue;
137                            }
138    
139                            long permissionId = counterLocalService.increment(
140                                    Permission.class.getName());
141    
142                            Permission permission = permissionPersistence.create(permissionId);
143    
144                            permission.setCompanyId(companyId);
145                            permission.setActionId(actionId);
146                            permission.setResourceId(resourceId);
147    
148                            try {
149                                    permissionPersistence.update(permission, false);
150                            }
151                            catch (SystemException se) {
152                                    if (_log.isWarnEnabled()) {
153                                            _log.warn(
154                                                    "Add failed, fetch {actionId=" + actionId +
155                                                            ", resourceId=" + resourceId + "}");
156                                    }
157    
158                                    permission = permissionPersistence.fetchByA_R(
159                                            actionId, resourceId, false);
160    
161                                    if (permission == null) {
162                                            throw se;
163                                    }
164                            }
165    
166                            permissions.add(permission);
167                    }
168    
169                    return permissions;
170            }
171    
172            /**
173             * Adds permissions to perform either the portlet resource actions or model
174             * resource actions on the resource.
175             *
176             * <p>
177             * This method will retrieve the permissions of the company, actions, and
178             * resource with the primary keys. The method creates any permissions it
179             * fails to retrieve.
180             * </p>
181             *
182             * @param  companyId the primary key of the company
183             * @param  name the resource name
184             * @param  resourceId the primary key of the resource
185             * @param  portletActions whether to retrieve the action primary keys from
186             *         the portlet or the model resource
187             * @return the permissions to perform the actions on the resource
188             * @throws SystemException if a system exception occurred
189             */
190            public List<Permission> addPermissions(
191                            long companyId, String name, long resourceId,
192                            boolean portletActions)
193                    throws SystemException {
194    
195                    List<String> actionIds = null;
196    
197                    if (portletActions) {
198                            actionIds = ResourceActionsUtil.getPortletResourceActions(name);
199                    }
200                    else {
201                            actionIds = ResourceActionsUtil.getModelResourceActions(name);
202                    }
203    
204                    return addPermissions(companyId, actionIds, resourceId);
205            }
206    
207            /**
208             * Adds user permissions to perform the actions on the resource.
209             *
210             * @param  userId the primary key of the user
211             * @param  actionIds the primary keys of the actions
212             * @param  resourceId the primary key of the resource
213             * @throws PortalException if a user with the primary key could not be found
214             * @throws SystemException if a system exception occurred
215             */
216            public void addUserPermissions(
217                            long userId, String[] actionIds, long resourceId)
218                    throws PortalException, SystemException {
219    
220                    User user = userPersistence.findByPrimaryKey(userId);
221    
222                    List<Permission> permissions = permissionFinder.findByU_R(
223                            userId, resourceId);
224    
225                    permissions = getPermissions(
226                            user.getCompanyId(), actionIds, resourceId);
227    
228                    userPersistence.addPermissions(userId, permissions);
229    
230                    PermissionCacheUtil.clearCache();
231            }
232    
233            /**
234             * Checks to see if the actions are permitted on the named resource.
235             *
236             * @param  name the resource name
237             * @param  actionIds the primary keys of the actions
238             * @throws PortalException if the resource company or name could not be
239             *         found or were invalid
240             * @throws SystemException if a system exception occurred
241             */
242            public void checkPermissions(String name, List<String> actionIds)
243                    throws PortalException, SystemException {
244    
245                    List<Resource> resources = resourceFinder.findByN_S(
246                            name, ResourceConstants.SCOPE_INDIVIDUAL);
247    
248                    for (Resource resource : resources) {
249                            for (String actionId : actionIds) {
250                                    Permission permission = permissionPersistence.fetchByA_R(
251                                            actionId, resource.getResourceId());
252    
253                                    if (permission != null) {
254                                            continue;
255                                    }
256    
257                                    checkPermission(resource, actionId);
258                            }
259                    }
260    
261                    PermissionCacheUtil.clearCache();
262            }
263    
264            /**
265             * Returns the IDs of all the actions belonging to the permissions.
266             *
267             * @param  permissions the permissions
268             * @return the IDs of all the actions belonging to the permissions
269             */
270            public List<String> getActions(List<Permission> permissions) {
271                    List<String> actionIds = new ArrayList<String>();
272    
273                    Iterator<Permission> itr = permissions.iterator();
274    
275                    while (itr.hasNext()) {
276                            Permission permission = itr.next();
277    
278                            actionIds.add(permission.getActionId());
279                    }
280    
281                    return actionIds;
282            }
283    
284            /**
285             * Returns all the group's permissions on the resource.
286             *
287             * @param  groupId the primary key of the group
288             * @param  resourceId the primary key of the resource
289             * @return the group's permissions on the resource
290             * @throws SystemException if a system exception occurred
291             */
292            public List<Permission> getGroupPermissions(long groupId, long resourceId)
293                    throws SystemException {
294    
295                    return permissionFinder.findByG_R(groupId, resourceId);
296            }
297    
298            /**
299             * Returns all the group's permissions on the named resource with the scope
300             * and primKey.
301             *
302             * @param  groupId the primary key of the group
303             * @param  companyId the primary key of the company
304             * @param  name the resource name
305             * @param  scope the resource scope
306             * @param  primKey the resource primKey
307             * @return the group's permissions on the named resource with the scope and
308             *         primKey
309             * @throws SystemException if a system exception occurred
310             */
311            public List<Permission> getGroupPermissions(
312                            long groupId, long companyId, String name, int scope,
313                            String primKey)
314                    throws SystemException {
315    
316                    return permissionFinder.findByG_C_N_S_P(
317                            groupId, companyId, name, scope, primKey);
318            }
319    
320            /**
321             * Returns the primary key of the latest permission created.
322             *
323             * @return the primary key of the latest permission created
324             * @throws SystemException if a system exception occurred
325             */
326            public long getLatestPermissionId() throws SystemException {
327                    List<Permission> permissions = permissionPersistence.findAll(
328                            0, 1, new PermissionComparator());
329    
330                    if (permissions.size() == 0) {
331                            return 0;
332                    }
333                    else {
334                            Permission permission = permissions.get(0);
335    
336                            return permission.getPermissionId();
337                    }
338            }
339    
340            /**
341             * Returns all the permissions of the organization's group with respect to
342             * the resource.
343             *
344             * @param  organizationId the primary key of the organization
345             * @param  groupId the primary key of the group
346             * @param  resourceId the primary key of the resource
347             * @return the permissions of the organization's group with respect to the
348             *         resource
349             * @throws SystemException if a system exception occurred
350             */
351            public List<Permission> getOrgGroupPermissions(
352                            long organizationId, long groupId, long resourceId)
353                    throws SystemException {
354    
355                    return permissionFinder.findByO_G_R(
356                            organizationId, groupId, resourceId);
357            }
358    
359            /**
360             * Returns all the permissions to perform the actions on the resource,
361             * creating new permissions for any permissions not found.
362             *
363             * @param  companyId the primary key of the company
364             * @param  actionIds the primary keys of the actions
365             * @param  resourceId the primary key of the resource
366             * @return the permissions to perform the actions on the resource
367             * @throws SystemException if a system exception occurred
368             * @see    #addPermission(long, String, long)
369             */
370            public List<Permission> getPermissions(
371                            long companyId, String[] actionIds, long resourceId)
372                    throws SystemException {
373    
374                    List<Permission> permissions = new ArrayList<Permission>();
375    
376                    for (String actionId : actionIds) {
377                            Permission permission = addPermission(
378                                    companyId, actionId, resourceId);
379    
380                            permissions.add(permission);
381                    }
382    
383                    return permissions;
384            }
385    
386            /**
387             * Returns all the role's permissions.
388             *
389             * @param  roleId the primary key of the role
390             * @return the role's permissions
391             * @throws SystemException if a system exception occurred
392             */
393            public List<Permission> getRolePermissions(long roleId)
394                    throws SystemException {
395    
396                    return rolePersistence.getPermissions(roleId);
397            }
398    
399            public List<Permission> getRolePermissions(long roleId, int[] scopes)
400                    throws SystemException {
401    
402                    return permissionFinder.findByR_S(roleId, scopes);
403            }
404    
405            /**
406             * Returns all the role's permissions on the resource.
407             *
408             * @param  roleId the primary key of the role
409             * @param  resourceId the primary key of the resource
410             * @return the role's permissions on the resource
411             * @throws SystemException if a system exception occurred
412             */
413            public List<Permission> getRolePermissions(long roleId, long resourceId)
414                    throws SystemException {
415    
416                    return permissionFinder.findByR_R(roleId, resourceId);
417            }
418    
419            /**
420             * Returns all the user's permissions.
421             *
422             * @param  userId the primary key of the user
423             * @return the user's permissions
424             * @throws SystemException if a system exception occurred
425             */
426            public List<Permission> getUserPermissions(long userId)
427                    throws SystemException {
428    
429                    return userPersistence.getPermissions(userId);
430            }
431    
432            /**
433             * Returns all the user's permissions on the resource.
434             *
435             * @param  userId the primary key of the user
436             * @param  resourceId the primary key of the resource
437             * @return the user's permissions on the resource
438             * @throws SystemException if a system exception occurred
439             */
440            public List<Permission> getUserPermissions(long userId, long resourceId)
441                    throws SystemException {
442    
443                    return permissionFinder.findByU_R(userId, resourceId);
444            }
445    
446            /**
447             * Returns all the user's permissions on the named resource with the scope
448             * and primKey.
449             *
450             * @param  userId the primary key of the user
451             * @param  companyId the primary key of the company
452             * @param  name the resource name
453             * @param  scope the resource scope
454             * @param  primKey the resource primKey
455             * @return the user permissions of the resource name, scope, and primKey
456             * @throws SystemException if a system exception occurred
457             */
458            public List<Permission> getUserPermissions(
459                            long userId, long companyId, String name, int scope, String primKey)
460                    throws SystemException {
461    
462                    return permissionFinder.findByU_C_N_S_P(
463                            userId, companyId, name, scope, primKey);
464            }
465    
466            /**
467             * Returns <code>true</code> if the group has permission to perform the
468             * action on the resource.
469             *
470             * @param  groupId the primary key of the group
471             * @param  actionId the action's ID
472             * @param  resourceId the primary key of the resource
473             * @return <code>true</code> if the group has permission to perform the
474             *         action on the resource; <code>false</code> otherwise
475             * @throws SystemException if a system exception occurred
476             */
477            public boolean hasGroupPermission(
478                            long groupId, String actionId, long resourceId)
479                    throws SystemException {
480    
481                    Permission permission = permissionPersistence.fetchByA_R(
482                            actionId, resourceId);
483    
484                    // Return false if there is no permission based on the given action
485                    // id and resource id
486    
487                    if (permission == null) {
488                            return false;
489                    }
490    
491                    return groupPersistence.containsPermission(
492                            groupId, permission.getPermissionId());
493            }
494    
495            /**
496             * Returns <code>true</code> if the role has permission to perform the
497             * action on the named resource with the scope.
498             *
499             * @param  roleId the primary key of the role
500             * @param  companyId the primary key of the company
501             * @param  name the resource name
502             * @param  scope the resource scope
503             * @param  actionId the action's ID
504             * @return <code>true</code> if the role has permission to perform the
505             *         action on the named resource with the scope; <code>false</code>
506             *         otherwise
507             * @throws SystemException if a system exception occurred
508             */
509            public boolean hasRolePermission(
510                            long roleId, long companyId, String name, int scope,
511                            String actionId)
512                    throws SystemException {
513    
514                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
515                            companyId, name, scope);
516    
517                    if (permissionFinder.countByR_A_C(
518                                    roleId, actionId, resourceCode.getCodeId()) > 0) {
519    
520                            return true;
521                    }
522                    else {
523                            return false;
524                    }
525            }
526    
527            /**
528             * Returns <code>true</code> if the role has permission to perform the
529             * action on the named resource with the scope and primKey.
530             *
531             * @param  roleId the primary key of the role
532             * @param  companyId the primary key of the company
533             * @param  name the resource name
534             * @param  scope the resource scope
535             * @param  primKey the resource primKey
536             * @param  actionId the action's ID
537             * @return <code>true</code> if the role has permission to perform the
538             *         action on the named resource with the scope and primKey;
539             *         <code>false</code> otherwise
540             * @throws SystemException if a system exception occurred
541             */
542            public boolean hasRolePermission(
543                            long roleId, long companyId, String name, int scope, String primKey,
544                            String actionId)
545                    throws SystemException {
546    
547                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
548                            companyId, name, scope);
549    
550                    Resource resource = resourcePersistence.fetchByC_P(
551                            resourceCode.getCodeId(), primKey);
552    
553                    if (resource == null) {
554                            return false;
555                    }
556    
557                    Permission permission = permissionPersistence.fetchByA_R(
558                            actionId, resource.getResourceId());
559    
560                    if (permission == null) {
561                            return false;
562                    }
563    
564                    return rolePersistence.containsPermission(
565                            roleId, permission.getPermissionId());
566            }
567    
568            /**
569             * Returns <code>true</code> if the user has permission to perform the
570             * action on the resource.
571             *
572             * @param  userId the primary key of the user
573             * @param  actionId the action's ID
574             * @param  resourceId the primary key of the resource
575             * @return <code>true</code> if the user has permission to perform the
576             *         action on the resource; <code>false</code> otherwise
577             * @throws SystemException if a system exception occurred
578             */
579            public boolean hasUserPermission(
580                            long userId, String actionId, long resourceId)
581                    throws SystemException {
582    
583                    Permission permission = permissionPersistence.fetchByA_R(
584                            actionId, resourceId);
585    
586                    // Return false if there is no permission based on the given action
587                    // id and resource id
588    
589                    if (permission == null) {
590                            return false;
591                    }
592    
593                    return userPersistence.containsPermission(
594                            userId, permission.getPermissionId());
595            }
596    
597            /**
598             * Returns <code>true</code> if the user has permission to perform the
599             * action on the resources.
600             *
601             * <p>
602             * This method does not support resources managed by the resource block
603             * system.
604             * </p>
605             *
606             * @param  userId the primary key of the user
607             * @param  groupId the primary key of the group containing the resource
608             * @param  resources representations of the resource at each scope level
609             *         returned by {@link
610             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
611             *         long, long, String, String, String)}
612             * @param  actionId the action's ID
613             * @param  permissionCheckerBag the permission checker bag
614             * @return <code>true</code> if the user has permission to perform the
615             *         action on the resources; <code>false</code> otherwise
616             * @throws PortalException if a resource action based on any one of the
617             *         resources and the action ID could not be found
618             * @throws SystemException if a system exception occurred
619             */
620            public boolean hasUserPermissions(
621                            long userId, long groupId, List<Resource> resources,
622                            String actionId, PermissionCheckerBag permissionCheckerBag)
623                    throws PortalException, SystemException {
624    
625                    StopWatch stopWatch = null;
626    
627                    if (_log.isDebugEnabled()) {
628                            stopWatch = new StopWatch();
629    
630                            stopWatch.start();
631                    }
632    
633                    int block = 1;
634    
635                    // Return false if there are no resources
636    
637                    if (Validator.isNull(actionId) || resources.isEmpty()) {
638                            return false;
639                    }
640    
641                    long[] resourceIds = null;
642    
643                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
644                            resourceIds = new long[resources.size()];
645    
646                            for (int i = 0; i < resources.size(); i++) {
647                                    Resource resource = resources.get(i);
648    
649                                    resourceIds[i] = resource.getResourceId();
650                            }
651                    }
652    
653                    List<Permission> permissions = null;
654    
655                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
656                            permissions = permissionFinder.findByA_R(actionId, resourceIds);
657    
658                            // Return false if there are no permissions
659    
660                            if (permissions.size() == 0) {
661                                    return false;
662                            }
663                    }
664    
665                    // Record logs with the first resource id
666    
667                    long resourceId = 0;
668    
669                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
670                            resourceId = resourceIds[0];
671                    }
672                    else {
673                            resourceId = resources.get(0).getResourceId();
674                    }
675    
676                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
677    
678                    //List<Group> userGroups = permissionCheckerBag.getUserGroups();
679                    //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
680                    //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
681                    //List<Group> userUserGroupGroups =
682                    //        permissionCheckerBag.getUserUserGroupGroups();
683                    List<Group> groups = permissionCheckerBag.getGroups();
684                    List<Role> roles = permissionCheckerBag.getRoles();
685    
686                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
687    
688                    // Check the organization and group intersection table. Break out of
689                    // this method if the user has one of the permissions set at the
690                    // intersection because that takes priority.
691    
692                    //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
693                    //        return true;
694                    //}
695    
696                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
697    
698                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
699                            return hasUserPermissions_1(
700                                    userId, resourceId, actionId, permissions, groups, groupId,
701                                    stopWatch, block);
702                    }
703                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
704                            return hasUserPermissions_2(
705                                    userId, resourceId, actionId, permissions, groups, groupId,
706                                    stopWatch, block);
707                    }
708                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
709                            return hasUserPermissions_3(
710                                    userId, resourceId, actionId, permissions, groups, roles,
711                                    stopWatch, block);
712                    }
713                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
714                            return hasUserPermissions_4(
715                                    userId, resourceId, actionId, permissions, groups, roles,
716                                    stopWatch, block);
717                    }
718                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
719                            return hasUserPermissions_5(
720                                    userId, resourceId, actionId, permissions, roles, stopWatch,
721                                    block);
722                    }
723                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
724                            return hasUserPermissions_6(
725                                    userId, resourceId, resources, actionId,
726                                    permissionCheckerBag.getRoleIds(), stopWatch, block);
727                    }
728    
729                    return false;
730            }
731    
732            /**
733             * Sets the container wide permissions of either the role or the default
734             * user of each company to perform the actions on the named resource.
735             *
736             * @param  name the resource name
737             * @param  roleName the role name. Supported role names include {@link
738             *         com.liferay.portal.model.RoleConstants#ORGANIZATION_USER}, {@link
739             *         com.liferay.portal.model.RoleConstants#OWNER}, and {@link
740             *         com.liferay.portal.model.RoleConstants#SITE_MEMBER}.
741             * @param  actionId the action's ID
742             * @throws PortalException if a matching role could not be found or if a
743             *         default user for the company could not be found
744             * @throws SystemException if a system exception occurred
745             */
746            public void setContainerResourcePermissions(
747                            String name, String roleName, String actionId)
748                    throws PortalException, SystemException {
749    
750                    List<Company> companies = companyPersistence.findAll();
751    
752                    for (Company company : companies) {
753                            setContainerResourcePermissions(
754                                    company.getCompanyId(), name, roleName, actionId);
755                    }
756            }
757    
758            /**
759             * Sets the group's permissions to perform the actions on the resource,
760             * replacing the group's existing permissions on the resource.
761             *
762             * @param  groupId the primary key of the group
763             * @param  actionIds the primary keys of the actions
764             * @param  resourceId the primary key of the resource
765             * @throws PortalException if a group with the primary key could not be
766             *         found
767             * @throws SystemException if a system exception occurred
768             */
769            public void setGroupPermissions(
770                            long groupId, String[] actionIds, long resourceId)
771                    throws PortalException, SystemException {
772    
773                    Group group = groupPersistence.findByPrimaryKey(groupId);
774    
775                    List<Permission> permissions = permissionFinder.findByG_R(
776                            groupId, resourceId);
777    
778                    for (Permission permission : permissions) {
779                            groupPersistence.removePermission(groupId, permission);
780                    }
781    
782                    permissions = getPermissions(
783                            group.getCompanyId(), actionIds, resourceId);
784    
785                    groupPersistence.addPermissions(groupId, permissions);
786    
787                    PermissionCacheUtil.clearCache();
788            }
789    
790            /**
791             * Sets the entity's group permissions to perform the actions on the
792             * resource, replacing the entity's existing group permissions on the
793             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
794             * com.liferay.portal.model.UserGroup} class entities are supported.
795             *
796             * @param  className the class name of an organization or user group
797             * @param  classPK the primary key of the class
798             * @param  groupId the primary key of the group
799             * @param  actionIds the primary keys of the actions
800             * @param  resourceId the primary key of the resource
801             * @throws PortalException if an entity with the class name and primary key
802             *         could not be found or if the entity's associated group could not
803             *         be found
804             * @throws SystemException if a system exception occurred
805             */
806            public void setGroupPermissions(
807                            String className, String classPK, long groupId, String[] actionIds,
808                            long resourceId)
809                    throws PortalException, SystemException {
810    
811                    long associatedGroupId = 0;
812    
813                    if (className.equals(Organization.class.getName())) {
814                            long organizationId = GetterUtil.getLong(classPK);
815    
816                            Organization organization =
817                                    organizationPersistence.findByPrimaryKey(organizationId);
818    
819                            orgGroupPermissionFinder.removeByO_G_R(
820                                    organizationId, groupId, resourceId);
821    
822                            associatedGroupId = organization.getGroup().getGroupId();
823                    }
824                    else if (className.equals(UserGroup.class.getName())) {
825                            long userGroupId = GetterUtil.getLong(classPK);
826    
827                            UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
828                                    userGroupId);
829    
830                            associatedGroupId = userGroup.getGroup().getGroupId();
831                    }
832    
833                    setGroupPermissions(associatedGroupId, actionIds, resourceId);
834            }
835    
836            /**
837             * Sets the organization's group permissions to perform the actions on the
838             * resource, replacing the organization's existing group permissions on the
839             * resource.
840             *
841             * @param  organizationId the primary key of the organization
842             * @param  groupId the primary key of the group in which to scope the
843             *         permissions
844             * @param  actionIds the primary keys of the actions
845             * @param  resourceId the primary key of the resource
846             * @throws PortalException if an organization with the primary key could not
847             *         be found
848             * @throws SystemException if a system exception occurred
849             */
850            public void setOrgGroupPermissions(
851                            long organizationId, long groupId, String[] actionIds,
852                            long resourceId)
853                    throws PortalException, SystemException {
854    
855                    Organization organization = organizationPersistence.findByPrimaryKey(
856                            organizationId);
857    
858                    long orgGroupId = organization.getGroup().getGroupId();
859    
860                    List<Permission> permissions = permissionPersistence.findByResourceId(
861                            resourceId);
862    
863                    for (Permission permission : permissions) {
864                            groupPersistence.removePermission(orgGroupId, permission);
865                    }
866    
867                    permissions = getPermissions(
868                            organization.getCompanyId(), actionIds, resourceId);
869    
870                    orgGroupPermissionFinder.removeByO_G_R(
871                            organizationId, groupId, resourceId);
872    
873                    for (Permission permission : permissions) {
874                            OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
875                                    organizationId, groupId, permission.getPermissionId());
876    
877                            OrgGroupPermission orgGroupPermission =
878                                    orgGroupPermissionPersistence.create(pk);
879    
880                            orgGroupPermissionPersistence.update(orgGroupPermission, false);
881                    }
882    
883                    PermissionCacheUtil.clearCache();
884            }
885    
886            /**
887             * Sets the role's permissions to perform the action on the named resource,
888             * replacing the role's existing permissions on the resource.
889             *
890             * @param  roleId the primary key of the role
891             * @param  companyId the primary key of the company
892             * @param  name the resource name
893             * @param  scope the resource scope
894             * @param  primKey the resource primKey
895             * @param  actionId the action's ID
896             * @throws PortalException if the scope was {@link
897             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
898             * @throws SystemException if a system exception occurred
899             */
900            public void setRolePermission(
901                            long roleId, long companyId, String name, int scope, String primKey,
902                            String actionId)
903                    throws PortalException, SystemException {
904    
905                    if (scope == ResourceConstants.SCOPE_COMPANY) {
906    
907                            // Remove group permission
908    
909                            unsetRolePermissions(
910                                    roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
911                                    actionId);
912                    }
913                    else if (scope == ResourceConstants.SCOPE_GROUP) {
914    
915                            // Remove company permission
916    
917                            unsetRolePermissions(
918                                    roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
919                                    actionId);
920                    }
921                    else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
922                            throw new NoSuchPermissionException();
923                    }
924    
925                    Resource resource = resourceLocalService.addResource(
926                            companyId, name, scope, primKey);
927    
928                    long resourceId = resource.getResourceId();
929    
930                    Permission permission = permissionPersistence.fetchByA_R(
931                            actionId, resourceId);
932    
933                    if (permission == null) {
934                            long permissionId = counterLocalService.increment(
935                                    Permission.class.getName());
936    
937                            permission = permissionPersistence.create(permissionId);
938    
939                            permission.setCompanyId(companyId);
940                            permission.setActionId(actionId);
941                            permission.setResourceId(resourceId);
942    
943                            permissionPersistence.update(permission, false);
944                    }
945    
946                    rolePersistence.addPermission(roleId, permission);
947    
948                    PermissionCacheUtil.clearCache();
949    
950                    SearchEngineUtil.updatePermissionFields(resourceId);
951            }
952    
953            /**
954             * Sets the role's permissions to perform the actions on the named resource,
955             * replacing the role's existing permission for each of these actions on the
956             * resource.
957             *
958             * @param  roleId the primary key of the role
959             * @param  companyId the primary key of the company
960             * @param  name the resource name
961             * @param  scope the resource scope
962             * @param  primKey the resource primKey
963             * @param  actionIds the primary keys of the actions
964             * @throws PortalException if the scope was {@link
965             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
966             * @throws SystemException if a system exception occurred
967             */
968            public void setRolePermissions(
969                            long roleId, long companyId, String name, int scope, String primKey,
970                            String[] actionIds)
971                    throws PortalException, SystemException {
972    
973                    for (String actionId : actionIds) {
974                            setRolePermission(
975                                    roleId, companyId, name, scope, primKey, actionId);
976                    }
977            }
978    
979            /**
980             * Sets the role's permissions to perform the actions on the resource,
981             * replacing the role's existing permissions on the resource.
982             *
983             * @param  roleId the primary key of the role
984             * @param  actionIds the primary keys of the actions
985             * @param  resourceId the primary key of the resource
986             * @throws PortalException if a role with the primary key could not be found
987             * @throws SystemException if a system exception occurred
988             */
989            public void setRolePermissions(
990                            long roleId, String[] actionIds, long resourceId)
991                    throws PortalException, SystemException {
992    
993                    Role role = rolePersistence.findByPrimaryKey(roleId);
994    
995                    List<Permission> permissions = permissionFinder.findByR_R(
996                            roleId, resourceId);
997    
998                    rolePersistence.removePermissions(roleId, permissions);
999    
1000                    permissions = getPermissions(
1001                            role.getCompanyId(), actionIds, resourceId);
1002    
1003                    rolePersistence.addPermissions(roleId, permissions);
1004    
1005                    PermissionCacheUtil.clearCache();
1006    
1007                    SearchEngineUtil.updatePermissionFields(resourceId);
1008            }
1009    
1010            /**
1011             * Sets the permissions of each role to perform respective actions on the
1012             * resource, replacing the existing permissions of each role on the
1013             * resource.
1014             *
1015             * @param  companyId the primary key of the company
1016             * @param  roleIdsToActionIds the map of roles to their new actions on the
1017             *         resource
1018             * @param  resourceId the primary key of the resource
1019             * @throws SystemException if a system exception occurred
1020             */
1021            public void setRolesPermissions(
1022                            long companyId, Map<Long, String[]> roleIdsToActionIds,
1023                            long resourceId)
1024                    throws SystemException {
1025    
1026                    boolean flushEnabled = PermissionThreadLocal.isFlushEnabled();
1027    
1028                    PermissionThreadLocal.setIndexEnabled(false);
1029    
1030                    try {
1031                            for (Map.Entry<Long, String[]> entry :
1032                                            roleIdsToActionIds.entrySet()) {
1033    
1034                                    long roleId = entry.getKey();
1035                                    String[] actionIds = entry.getValue();
1036    
1037                                    List<Permission> permissions = permissionFinder.findByR_R(
1038                                            roleId, resourceId);
1039    
1040                                    rolePersistence.removePermissions(roleId, permissions);
1041    
1042                                    permissions = getPermissions(companyId, actionIds, resourceId);
1043    
1044                                    rolePersistence.addPermissions(roleId, permissions);
1045                            }
1046                    }
1047                    finally {
1048                            PermissionThreadLocal.setIndexEnabled(flushEnabled);
1049    
1050                            PermissionCacheUtil.clearCache();
1051    
1052                            SearchEngineUtil.updatePermissionFields(resourceId);
1053                    }
1054            }
1055    
1056            /**
1057             * Sets the permissions of each role to perform respective actions on the
1058             * named resource, replacing the existing permissions of each role on the
1059             * resource.
1060             *
1061             * @param  companyId the primary key of the company
1062             * @param  roleIdsToActionIds the map of roles to their new actions on the
1063             *         resource
1064             * @param  name the resource name
1065             * @param  scope the resource scope
1066             * @param  primKey the resource primKey
1067             * @throws SystemException if a system exception occurred
1068             */
1069            public void setRolesPermissions(
1070                            long companyId, Map<Long, String[]> roleIdsToActionIds, String name,
1071                            int scope, String primKey)
1072                    throws SystemException {
1073    
1074                    Resource resource = resourceLocalService.fetchResource(
1075                            companyId, name, scope, String.valueOf(primKey));
1076    
1077                    if (resource == null) {
1078                            resource = resourceLocalService.addResource(
1079                                    companyId, name, scope, String.valueOf(primKey));
1080                    }
1081    
1082                    if (resource == null) {
1083                            return;
1084                    }
1085    
1086                    setRolesPermissions(
1087                            companyId, roleIdsToActionIds, resource.getResourceId());
1088            }
1089    
1090            /**
1091             * Sets the user's permissions to perform the actions on the resource,
1092             * replacing the user's existing permissions on the resource.
1093             *
1094             * @param  userId the primary key of the user
1095             * @param  actionIds the primary keys of the actions
1096             * @param  resourceId the primary key of the resource
1097             * @throws PortalException if a user with the primary key could not be found
1098             * @throws SystemException if a system exception occurred
1099             */
1100            public void setUserPermissions(
1101                            long userId, String[] actionIds, long resourceId)
1102                    throws PortalException, SystemException {
1103    
1104                    User user = userPersistence.findByPrimaryKey(userId);
1105    
1106                    List<Permission> permissions = permissionFinder.findByU_R(
1107                            userId, resourceId);
1108    
1109                    userPersistence.removePermissions(userId, permissions);
1110    
1111                    permissions = getPermissions(
1112                            user.getCompanyId(), actionIds, resourceId);
1113    
1114                    userPersistence.addPermissions(userId, permissions);
1115    
1116                    PermissionCacheUtil.clearCache();
1117            }
1118    
1119            /**
1120             * Removes the permission from the role.
1121             *
1122             * @param  roleId the primary key of the role
1123             * @param  permissionId the primary key of the permission
1124             * @throws SystemException if a system exception occurred
1125             */
1126            public void unsetRolePermission(long roleId, long permissionId)
1127                    throws SystemException {
1128    
1129                    Permission permission = permissionPersistence.fetchByPrimaryKey(
1130                            permissionId);
1131    
1132                    if (permission != null) {
1133                            rolePersistence.removePermission(roleId, permission);
1134                    }
1135    
1136                    PermissionCacheUtil.clearCache();
1137            }
1138    
1139            /**
1140             * Removes the role's permissions to perform the action on the named
1141             * resource with the scope and primKey.
1142             *
1143             * @param  roleId the primary key of the role
1144             * @param  companyId the primary key of the company
1145             * @param  name the resource name
1146             * @param  scope the resource scope
1147             * @param  primKey the resource primKey
1148             * @param  actionId the action's ID
1149             * @throws SystemException if a system exception occurred
1150             */
1151            public void unsetRolePermission(
1152                            long roleId, long companyId, String name, int scope, String primKey,
1153                            String actionId)
1154                    throws SystemException {
1155    
1156                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1157                            companyId, name, scope);
1158    
1159                    Resource resource = resourcePersistence.fetchByC_P(
1160                            resourceCode.getCodeId(), primKey);
1161    
1162                    if (resource != null) {
1163                            Permission permission = permissionPersistence.fetchByA_R(
1164                                    actionId, resource.getResourceId());
1165    
1166                            if (permission != null) {
1167                                    rolePersistence.removePermission(roleId, permission);
1168                            }
1169                    }
1170    
1171                    PermissionCacheUtil.clearCache();
1172            }
1173    
1174            /**
1175             * Removes the role's permissions to perform the action on the named
1176             * resource.
1177             *
1178             * @param  roleId the primary key of the role
1179             * @param  companyId the primary key of the company
1180             * @param  name the resource name
1181             * @param  scope the resource scope
1182             * @param  actionId the action's ID
1183             * @throws SystemException if a system exception occurred
1184             */
1185            public void unsetRolePermissions(
1186                            long roleId, long companyId, String name, int scope,
1187                            String actionId)
1188                    throws SystemException {
1189    
1190                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
1191                            companyId, name, scope);
1192    
1193                    List<Permission> permissions = permissionFinder.findByA_C(
1194                            actionId, resourceCode.getCodeId());
1195    
1196                    for (Permission permission : permissions) {
1197                            rolePersistence.removePermission(roleId, permission);
1198                    }
1199    
1200                    PermissionCacheUtil.clearCache();
1201            }
1202    
1203            /**
1204             * Removes the user's permissions to perform the actions on the resource.
1205             *
1206             * @param  userId the primary key of the user
1207             * @param  actionIds the primary keys of the actions
1208             * @param  resourceId the primary key of the resource
1209             * @throws SystemException if a system exception occurred
1210             */
1211            public void unsetUserPermissions(
1212                            long userId, String[] actionIds, long resourceId)
1213                    throws SystemException {
1214    
1215                    List<Permission> permissions = permissionFinder.findByU_A_R(
1216                            userId, actionIds, resourceId);
1217    
1218                    userPersistence.removePermissions(userId, permissions);
1219    
1220                    PermissionCacheUtil.clearCache();
1221            }
1222    
1223            protected void addRolePermissions(String roleName, Permission permission)
1224                    throws SystemException {
1225    
1226                    List<Role> roles = rolePersistence.findByName(roleName);
1227    
1228                    for (Role role : roles) {
1229                            rolePersistence.addPermission(role.getRoleId(), permission);
1230                    }
1231            }
1232    
1233            protected boolean checkOrgGroupPermission(
1234                            List<Organization> organizations, List<Group> groups,
1235                            List<Permission> permissions)
1236                    throws PortalException, SystemException {
1237    
1238                    for (Permission permission : permissions) {
1239                            if (checkOrgGroupPermission(organizations, groups, permission)) {
1240                                    return true;
1241                            }
1242                    }
1243    
1244                    return false;
1245            }
1246    
1247            protected boolean checkOrgGroupPermission(
1248                            List<Organization> organizations, List<Group> groups,
1249                            Permission permission)
1250                    throws PortalException, SystemException {
1251    
1252                    // Do not check for an OrgGroupPermission intersection unless there is
1253                    // at least one organization and one group to check
1254    
1255                    if ((organizations.size() == 0) || (groups.size() == 0)) {
1256                            return false;
1257                    }
1258    
1259                    // Do not check unless the OrgGroupPermission intersection contains at
1260                    // least one permission
1261    
1262                    List<OrgGroupPermission> orgGroupPermissions =
1263                            orgGroupPermissionPersistence.findByPermissionId(
1264                                    permission.getPermissionId());
1265    
1266                    if (orgGroupPermissions.size() == 0) {
1267                            return false;
1268                    }
1269    
1270                    for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
1271                            if (orgGroupPermission.containsOrganization(organizations) &&
1272                                    orgGroupPermission.containsGroup(groups)) {
1273    
1274                                    return true;
1275                            }
1276                    }
1277    
1278                    // Throw an exception so that we do not continue checking permissions.
1279                    // The user has a specific permission given in the OrgGroupPermission
1280                    // intersection that prohibits him from going further.
1281    
1282                    throw new NoSuchPermissionException(
1283                            "User has a permission in OrgGroupPermission that does not match");
1284            }
1285    
1286            protected void checkPermission(Resource resource, String actionId)
1287                    throws PortalException, SystemException {
1288    
1289                    long permissionId = counterLocalService.increment(
1290                            Permission.class.getName());
1291    
1292                    Permission permission = permissionPersistence.create(permissionId);
1293    
1294                    permission.setCompanyId(resource.getCompanyId());
1295                    permission.setActionId(actionId);
1296                    permission.setResourceId(resource.getResourceId());
1297    
1298                    permissionPersistence.update(permission, false);
1299    
1300                    List<String> groupDefaultActions =
1301                            ResourceActionsUtil.getModelResourceGroupDefaultActions(
1302                                    resource.getName());
1303    
1304                    if (groupDefaultActions.contains(actionId)) {
1305                            addRolePermissions(RoleConstants.SITE_MEMBER, permission);
1306                    }
1307    
1308                    List<String> guestDefaultActions =
1309                            ResourceActionsUtil.getModelResourceGuestDefaultActions(
1310                                    resource.getName());
1311    
1312                    if (guestDefaultActions.contains(actionId)) {
1313                            addRolePermissions(RoleConstants.GUEST, permission);
1314                    }
1315    
1316                    addRolePermissions(RoleConstants.OWNER, permission);
1317    
1318                    SearchEngineUtil.updatePermissionFields(resource.getResourceId());
1319            }
1320    
1321            protected boolean hasUserPermissions_1(
1322                            long userId, long resourceId, String actionId,
1323                            List<Permission> permissions, List<Group> groups, long groupId,
1324                            StopWatch stopWatch, int block)
1325                    throws SystemException {
1326    
1327                    // Is the user connected to one of the permissions via group or
1328                    // organization roles?
1329    
1330                    if (groups.size() > 0) {
1331                            if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
1332                                    return true;
1333                            }
1334                    }
1335    
1336                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1337    
1338                    // Is the user associated with groups or organizations that are directly
1339                    // connected to one of the permissions?
1340    
1341                    if (groups.size() > 0) {
1342                            if (permissionFinder.countByGroupsPermissions(
1343                                            permissions, groups) > 0) {
1344    
1345                                    return true;
1346                            }
1347                    }
1348    
1349                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1350    
1351                    // Is the user connected to one of the permissions via user roles?
1352    
1353                    if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
1354                            return true;
1355                    }
1356    
1357                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1358    
1359                    // Is the user connected to one of the permissions via user group roles?
1360    
1361                    if (permissionFinder.countByUserGroupRole(
1362                                    permissions, userId, groupId) > 0) {
1363    
1364                            return true;
1365                    }
1366    
1367                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1368    
1369                    // Is the user directly connected to one of the permissions?
1370    
1371                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1372                            return true;
1373                    }
1374    
1375                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1376    
1377                    return false;
1378            }
1379    
1380            protected boolean hasUserPermissions_2(
1381                            long userId, long resourceId, String actionId,
1382                            List<Permission> permissions, List<Group> groups, long groupId,
1383                            StopWatch stopWatch, int block)
1384                    throws SystemException {
1385    
1386                    // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
1387                    // countByUserGroupRole, and countByUsersPermissions in one method
1388    
1389                    if (permissionFinder.containsPermissions_2(
1390                                    permissions, userId, groups, groupId)) {
1391    
1392                            return true;
1393                    }
1394    
1395                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1396    
1397                    return false;
1398            }
1399    
1400            protected boolean hasUserPermissions_3(
1401                            long userId, long resourceId, String actionId,
1402                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1403                            StopWatch stopWatch, int block)
1404                    throws SystemException {
1405    
1406                    // Is the user associated with groups or organizations that are directly
1407                    // connected to one of the permissions?
1408    
1409                    if (groups.size() > 0) {
1410                            if (permissionFinder.countByGroupsPermissions(
1411                                            permissions, groups) > 0) {
1412    
1413                                    return true;
1414                            }
1415                    }
1416    
1417                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1418    
1419                    // Is the user associated with a role that is directly connected to one
1420                    // of the permissions?
1421    
1422                    if (roles.size() > 0) {
1423                            if (permissionFinder.countByRolesPermissions(
1424                                            permissions, roles) > 0) {
1425    
1426                                    return true;
1427                            }
1428                    }
1429    
1430                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1431    
1432                    // Is the user directly connected to one of the permissions?
1433    
1434                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
1435                            return true;
1436                    }
1437    
1438                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1439    
1440                    return false;
1441            }
1442    
1443            protected boolean hasUserPermissions_4(
1444                            long userId, long resourceId, String actionId,
1445                            List<Permission> permissions, List<Group> groups, List<Role> roles,
1446                            StopWatch stopWatch, int block)
1447                    throws SystemException {
1448    
1449                    // Call countByGroupsPermissions, countByRolesPermissions, and
1450                    // countByUsersPermissions in one method
1451    
1452                    if (permissionFinder.containsPermissions_4(
1453                                    permissions, userId, groups, roles)) {
1454    
1455                            return true;
1456                    }
1457    
1458                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1459    
1460                    return false;
1461            }
1462    
1463            protected boolean hasUserPermissions_5(
1464                            long userId, long resourceId, String actionId,
1465                            List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
1466                            int block)
1467                    throws SystemException {
1468    
1469                    if (roles.size() > 0) {
1470                            if (permissionFinder.countByRolesPermissions(
1471                                            permissions, roles) > 0) {
1472    
1473                                    return true;
1474                            }
1475                    }
1476    
1477                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1478    
1479                    return false;
1480            }
1481    
1482            protected boolean hasUserPermissions_6(
1483                            long userId, long resourceId, List<Resource> resources,
1484                            String actionId, long[] roleIds, StopWatch stopWatch, int block)
1485                    throws PortalException, SystemException {
1486    
1487                    boolean hasUserPermissions =
1488                            resourcePermissionLocalService.hasResourcePermission(
1489                                    resources, roleIds, actionId);
1490    
1491                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
1492    
1493                    return hasUserPermissions;
1494            }
1495    
1496            protected void logHasUserPermissions(
1497                    long userId, long resourceId, String actionId, StopWatch stopWatch,
1498                    int block) {
1499    
1500                    if (!_log.isDebugEnabled()) {
1501                            return;
1502                    }
1503    
1504                    _log.debug(
1505                            "Checking user permissions block " + block + " for " + userId +
1506                                    " " + resourceId + " " + actionId + " takes " +
1507                                            stopWatch.getTime() + " ms");
1508            }
1509    
1510            protected void setContainerResourcePermissions(
1511                            long companyId, String name, String roleName, String actionId)
1512                    throws PortalException, SystemException {
1513    
1514                    ResourceCode resourceCode = resourceCodePersistence.fetchByC_N_S(
1515                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL);
1516    
1517                    if (resourceCode == null) {
1518                            return;
1519                    }
1520    
1521                    List<Group> groups = groupPersistence.findByCompanyId(companyId);
1522    
1523                    for (Group group : groups) {
1524                            String primKey = Long.toString(group.getGroupId());
1525    
1526                            Resource resource = resourcePersistence.fetchByC_P(
1527                                    resourceCode.getCodeId(), primKey);
1528    
1529                            if (resource == null) {
1530                                    continue;
1531                            }
1532    
1533                            Permission permission = permissionPersistence.fetchByA_R(
1534                                    actionId, resource.getResourceId());
1535    
1536                            if (permission == null) {
1537                                    long permissionId = counterLocalService.increment(
1538                                            Permission.class.getName());
1539    
1540                                    permission = permissionPersistence.create(permissionId);
1541    
1542                                    permission.setCompanyId(companyId);
1543                                    permission.setActionId(actionId);
1544                                    permission.setResourceId(resource.getResourceId());
1545    
1546                                    permissionPersistence.update(permission, false);
1547                            }
1548    
1549                            if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
1550                                    roleName.equals(RoleConstants.ORGANIZATION_USER) ||
1551                                    roleName.equals(RoleConstants.OWNER) ||
1552                                    roleName.equals(RoleConstants.SITE_MEMBER)) {
1553    
1554                                    Role role = rolePersistence.findByC_N(companyId, roleName);
1555    
1556                                    permissionPersistence.addRole(
1557                                            permission.getPermissionId(), role);
1558                            }
1559                            else {
1560                                    long defaultUserId = userLocalService.getDefaultUserId(
1561                                            companyId);
1562    
1563                                    permissionPersistence.addUser(
1564                                            permission.getPermissionId(), defaultUserId);
1565                            }
1566                    }
1567            }
1568    
1569            private static Log _log = LogFactoryUtil.getLog(
1570                    PermissionLocalServiceImpl.class);
1571    
1572    }