001
014
015 package com.liferay.portlet.admin.util;
016
017 import com.liferay.portal.model.Group;
018 import com.liferay.portal.model.GroupConstants;
019 import com.liferay.portal.model.Permission;
020 import com.liferay.portal.model.ResourceConstants;
021 import com.liferay.portal.model.ResourcePermission;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.security.permission.ActionKeys;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.PermissionLocalServiceUtil;
027 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
028 import com.liferay.portal.service.RoleLocalServiceUtil;
029 import com.liferay.portal.util.PortalUtil;
030 import com.liferay.portal.util.PropsValues;
031
032 import java.util.List;
033
034 import javax.portlet.ActionRequest;
035
036
039 public class CleanUpPermissionsUtil {
040
041 public static void cleanUpAddToPagePermissions(ActionRequest actionRequest)
042 throws Exception {
043
044 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
045 _cleanUpAddToPagePermissions_5(actionRequest);
046 }
047 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
048 _cleanUpAddToPagePermissions_6(actionRequest);
049 }
050 }
051
052 private static void _cleanUpAddToPagePermissions_5(
053 ActionRequest actionRequest)
054 throws Exception {
055
056 long companyId = PortalUtil.getCompanyId(actionRequest);
057
058 Role role = RoleLocalServiceUtil.getRole(
059 companyId, RoleConstants.GUEST);
060
061 _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), false);
062
063 role = RoleLocalServiceUtil.getRole(
064 companyId, RoleConstants.POWER_USER);
065
066 _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), false);
067
068 role = RoleLocalServiceUtil.getRole(companyId, RoleConstants.USER);
069
070 _cleanUpAddToPagePermissions_5(companyId, role.getRoleId(), true);
071 }
072
073 private static void _cleanUpAddToPagePermissions_5(
074 long companyId, long roleId, boolean limitScope)
075 throws Exception {
076
077 List<Permission> rolePermissions =
078 PermissionLocalServiceUtil.getRolePermissions(roleId);
079
080 Group userPersonalSite = GroupLocalServiceUtil.getGroup(
081 companyId, GroupConstants.USER_PERSONAL_SITE);
082
083 String groupIdString = String.valueOf(userPersonalSite.getGroupId());
084
085 for (Permission permission : rolePermissions) {
086 if (permission.getActionId() != ActionKeys.ADD_TO_PAGE) {
087 continue;
088 }
089
090 PermissionLocalServiceUtil.unsetRolePermission(
091 roleId, companyId, permission.getName(), permission.getScope(),
092 permission.getPrimKey(), ActionKeys.ADD_TO_PAGE);
093
094 if (!limitScope || groupIdString.equals(permission.getPrimKey())) {
095 continue;
096 }
097
098 PermissionLocalServiceUtil.setRolePermission(
099 roleId, companyId, permission.getName(),
100 ResourceConstants.SCOPE_GROUP, groupIdString,
101 ActionKeys.ADD_TO_PAGE);
102 }
103 }
104
105 private static void _cleanUpAddToPagePermissions_6(
106 ActionRequest actionRequest)
107 throws Exception {
108
109 long companyId = PortalUtil.getCompanyId(actionRequest);
110
111 Role role = RoleLocalServiceUtil.getRole(
112 companyId, RoleConstants.GUEST);
113
114 _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), false);
115
116 role = RoleLocalServiceUtil.getRole(
117 companyId, RoleConstants.POWER_USER);
118
119 _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), false);
120
121 role = RoleLocalServiceUtil.getRole(companyId, RoleConstants.USER);
122
123 _cleanUpAddToPagePermissions_6(companyId, role.getRoleId(), true);
124 }
125
126 private static void _cleanUpAddToPagePermissions_6(
127 long companyId, long roleId, boolean limitScope)
128 throws Exception {
129
130 List<ResourcePermission> roleResourcePermissions =
131 ResourcePermissionLocalServiceUtil.getRoleResourcePermissions(
132 roleId);
133
134 Group userPersonalSite = GroupLocalServiceUtil.getGroup(
135 companyId, GroupConstants.USER_PERSONAL_SITE);
136
137 String groupIdString = String.valueOf(userPersonalSite.getGroupId());
138
139 for (ResourcePermission resourcePermission : roleResourcePermissions) {
140 if (!resourcePermission.hasActionId(ActionKeys.ADD_TO_PAGE)) {
141 continue;
142 }
143
144 ResourcePermissionLocalServiceUtil.removeResourcePermission(
145 companyId, resourcePermission.getName(),
146 resourcePermission.getScope(), resourcePermission.getPrimKey(),
147 roleId, ActionKeys.ADD_TO_PAGE);
148
149 if (!limitScope ||
150 groupIdString.equals(resourcePermission.getPrimKey())) {
151
152 continue;
153 }
154
155 ResourcePermissionLocalServiceUtil.addResourcePermission(
156 companyId, resourcePermission.getName(),
157 ResourceConstants.SCOPE_GROUP, groupIdString, roleId,
158 ActionKeys.ADD_TO_PAGE);
159 }
160 }
161
162 }