1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.NoSuchPermissionException;
26 import com.liferay.portal.NoSuchResourceException;
27 import com.liferay.portal.PortalException;
28 import com.liferay.portal.SystemException;
29 import com.liferay.portal.kernel.security.permission.PermissionCheckerBag;
30 import com.liferay.portal.kernel.util.GetterUtil;
31 import com.liferay.portal.kernel.util.Validator;
32 import com.liferay.portal.model.Group;
33 import com.liferay.portal.model.OrgGroupPermission;
34 import com.liferay.portal.model.Organization;
35 import com.liferay.portal.model.Permission;
36 import com.liferay.portal.model.Resource;
37 import com.liferay.portal.model.ResourceCode;
38 import com.liferay.portal.model.Role;
39 import com.liferay.portal.model.User;
40 import com.liferay.portal.model.UserGroup;
41 import com.liferay.portal.model.impl.ResourceImpl;
42 import com.liferay.portal.security.permission.PermissionCacheUtil;
43 import com.liferay.portal.security.permission.PermissionCheckerImpl;
44 import com.liferay.portal.security.permission.ResourceActionsUtil;
45 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
46 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
47 import com.liferay.portal.util.comparator.PermissionComparator;
48
49 import java.util.ArrayList;
50 import java.util.Iterator;
51 import java.util.List;
52
53 import org.apache.commons.lang.time.StopWatch;
54 import org.apache.commons.logging.Log;
55 import org.apache.commons.logging.LogFactory;
56
57
64 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
65
66 public Permission addPermission(
67 long companyId, String actionId, long resourceId)
68 throws PortalException, SystemException {
69
70 Permission permission = permissionPersistence.fetchByA_R(
71 actionId, resourceId);
72
73 if (permission == null) {
74 long permissionId = counterLocalService.increment(
75 Permission.class.getName());
76
77 permission = permissionPersistence.create(permissionId);
78
79 permission.setCompanyId(companyId);
80 permission.setActionId(actionId);
81 permission.setResourceId(resourceId);
82
83 permissionPersistence.update(permission);
84 }
85
86 return permission;
87 }
88
89 public List addPermissions(
90 long companyId, String name, long resourceId,
91 boolean portletActions)
92 throws PortalException, SystemException {
93
94 List permissions = new ArrayList();
95
96 List actions = null;
97
98 if (portletActions) {
99 actions =
100 ResourceActionsUtil.getPortletResourceActions(companyId, name);
101 }
102 else {
103 actions = ResourceActionsUtil.getModelResourceActions(name);
104 }
105
106 for (int i = 0; i < actions.size(); i++) {
107 String actionId = (String)actions.get(i);
108
109 Permission permission =
110 addPermission(companyId, actionId, resourceId);
111
112 permissions.add(permission);
113 }
114
115 return permissions;
116 }
117
118 public void addUserPermissions(
119 long userId, String[] actionIds, long resourceId)
120 throws PortalException, SystemException {
121
122 User user = userPersistence.findByPrimaryKey(userId);
123
124 List permissions = permissionFinder.findByU_R(userId, resourceId);
125
126 permissions = getPermissions(
127 user.getCompanyId(), actionIds, resourceId);
128
129 userPersistence.addPermissions(userId, permissions);
130
131 PermissionCacheUtil.clearCache();
132 }
133
134 public List getActions(List permissions) throws SystemException {
135 List actions = new ArrayList();
136
137 Iterator itr = permissions.iterator();
138
139 while (itr.hasNext()) {
140 Permission permission = (Permission)itr.next();
141
142 actions.add(permission.getActionId());
143 }
144
145 return actions;
146 }
147
148 public List getGroupPermissions(long groupId, long resourceId)
149 throws SystemException {
150
151 return permissionFinder.findByG_R(groupId, resourceId);
152 }
153
154 public List getGroupPermissions(
155 long groupId, long companyId, String name, int scope,
156 String primKey)
157 throws SystemException {
158
159 return permissionFinder.findByG_C_N_S_P(
160 groupId, companyId, name, scope, primKey);
161 }
162
163 public List getOrgGroupPermissions(
164 long organizationId, long groupId, long resourceId)
165 throws SystemException {
166
167 return permissionFinder.findByO_G_R(
168 organizationId, groupId, resourceId);
169 }
170
171 public long getLatestPermissionId()
172 throws PortalException, SystemException {
173
174 List list = permissionPersistence.findAll(
175 0, 1, new PermissionComparator());
176
177 if (list.size() == 0) {
178 return 0;
179 }
180 else {
181 Permission permission = (Permission)list.get(0);
182
183 return permission.getPermissionId();
184 }
185 }
186
187 public List getPermissions(
188 long companyId, String[] actionIds, long resourceId)
189 throws PortalException, SystemException {
190
191 List permissions = new ArrayList();
192
193 for (int i = 0; i < actionIds.length; i++) {
194 Permission permission =
195 addPermission(companyId, actionIds[i], resourceId);
196
197 permissions.add(permission);
198 }
199
200 return permissions;
201 }
202
203 public List getRolePermissions(long roleId)
204 throws PortalException, SystemException {
205
206 return rolePersistence.getPermissions(roleId);
207 }
208
209 public List getRolePermissions(long roleId, long resourceId)
210 throws SystemException {
211
212 return permissionFinder.findByR_R(roleId, resourceId);
213 }
214
215 public List getUserPermissions(long userId, long resourceId)
216 throws SystemException {
217
218 return permissionFinder.findByU_R(userId, resourceId);
219 }
220
221 public List getUserPermissions(
222 long userId, long companyId, String name, int scope, String primKey)
223 throws SystemException {
224
225 return permissionFinder.findByU_C_N_S_P(
226 userId, companyId, name, scope, primKey);
227 }
228
229 public boolean hasGroupPermission(
230 long groupId, String actionId, long resourceId)
231 throws PortalException, SystemException {
232
233 Permission permission = null;
234
235 try {
236 permission = permissionPersistence.findByA_R(actionId, resourceId);
237 }
238 catch (NoSuchPermissionException nspe) {
239
240
243 return false;
244 }
245
246 return groupPersistence.containsPermission(
247 groupId, permission.getPermissionId());
248 }
249
250 public boolean hasRolePermission(
251 long roleId, long companyId, String name, int scope,
252 String actionId)
253 throws PortalException, SystemException {
254
255 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
256 companyId, name, scope);
257
258 Iterator itr = resourcePersistence.findByCodeId(
259 resourceCode.getCodeId()).iterator();
260
261 while (itr.hasNext()) {
262 Resource resource = (Resource)itr.next();
263
264 try {
265 Permission permission = permissionPersistence.findByA_R(
266 actionId, resource.getResourceId());
267
268 if (rolePersistence.containsPermission(
269 roleId, permission.getPermissionId())) {
270
271 return true;
272 }
273 }
274 catch (NoSuchPermissionException nspe) {
275 }
276 }
277
278 return false;
279 }
280
281 public boolean hasRolePermission(
282 long roleId, long companyId, String name, int scope, String primKey,
283 String actionId)
284 throws PortalException, SystemException {
285
286 try {
287 ResourceCode resourceCode =
288 resourceCodeLocalService.getResourceCode(
289 companyId, name, scope);
290
291 Resource resource = resourcePersistence.findByC_P(
292 resourceCode.getCodeId(), primKey);
293
294 Permission permission = permissionPersistence.findByA_R(
295 actionId, resource.getResourceId());
296
297 return rolePersistence.containsPermission(
298 roleId, permission.getPermissionId());
299 }
300 catch (NoSuchPermissionException nspe) {
301 }
302 catch (NoSuchResourceException nsre) {
303 }
304
305 return false;
306 }
307
308 public boolean hasUserPermission(
309 long userId, String actionId, long resourceId)
310 throws PortalException, SystemException {
311
312 Permission permission = null;
313
314 try {
315 permission = permissionPersistence.findByA_R(actionId, resourceId);
316 }
317 catch (NoSuchPermissionException nspe) {
318
319
322 return false;
323 }
324
325 return userPersistence.containsPermission(
326 userId, permission.getPermissionId());
327 }
328
329 public boolean hasUserPermissions(
330 long userId, long groupId, String actionId, long[] resourceIds,
331 PermissionCheckerBag permissionCheckerBag)
332 throws PortalException, SystemException {
333
334 StopWatch stopWatch = null;
335
336 if (_log.isDebugEnabled()) {
337 stopWatch = new StopWatch();
338
339 stopWatch.start();
340 }
341
342 int block = 1;
343
344
346 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
347 (resourceIds.length == 0)) {
348
349 return false;
350 }
351
352 List permissions = permissionFinder.findByA_R(actionId, resourceIds);
353
354
356 if (permissions.size() == 0) {
357 return false;
358 }
359
360
362 long resourceId = resourceIds[0];
363
364 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
365
366 List groups = permissionCheckerBag.getGroups();
372 List roles = permissionCheckerBag.getRoles();
373
374 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
375
376
380
384 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
385
386 if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 1) {
387 return hasUserPermissions_1(
388 userId, actionId, resourceId, permissions, groups, groupId,
389 stopWatch, block);
390 }
391 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 2) {
392 return hasUserPermissions_2(
393 userId, actionId, resourceId, permissions, groups, groupId,
394 stopWatch, block);
395 }
396 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 3) {
397 return hasUserPermissions_3(
398 userId, actionId, resourceId, permissions, groups, roles,
399 stopWatch, block);
400 }
401 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 4) {
402 return hasUserPermissions_4(
403 userId, actionId, resourceId, permissions, groups, roles,
404 stopWatch, block);
405 }
406
407 return false;
408 }
409
410 public void setGroupPermissions(
411 long groupId, String[] actionIds, long resourceId)
412 throws PortalException, SystemException {
413
414 Group group = groupPersistence.findByPrimaryKey(groupId);
415
416 Iterator itr = permissionFinder.findByG_R(
417 groupId, resourceId).iterator();
418
419 while (itr.hasNext()) {
420 Permission permission = (Permission)itr.next();
421
422 groupPersistence.removePermission(groupId, permission);
423 }
424
425 List permissions = getPermissions(
426 group.getCompanyId(), actionIds, resourceId);
427
428 groupPersistence.addPermissions(groupId, permissions);
429
430 PermissionCacheUtil.clearCache();
431 }
432
433 public void setGroupPermissions(
434 String className, String classPK, long groupId,
435 String[] actionIds, long resourceId)
436 throws PortalException, SystemException {
437
438 long associatedGroupId = 0;
439
440 if (className.equals(Organization.class.getName())) {
441 long organizationId = GetterUtil.getLong(classPK);
442
443 Organization organization =
444 organizationPersistence.findByPrimaryKey(organizationId);
445
446 orgGroupPermissionFinder.removeByO_G_R(
447 organizationId, groupId, resourceId);
448
449 associatedGroupId = organization.getGroup().getGroupId();
450 }
451 else if (className.equals(UserGroup.class.getName())) {
452 long userGroupId = GetterUtil.getLong(classPK);
453
454 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
455 userGroupId);
456
457 associatedGroupId = userGroup.getGroup().getGroupId();
458 }
459
460 setGroupPermissions(associatedGroupId, actionIds, resourceId);
461 }
462
463 public void setOrgGroupPermissions(
464 long organizationId, long groupId, String[] actionIds,
465 long resourceId)
466 throws PortalException, SystemException {
467
468 Organization organization =
469 organizationPersistence.findByPrimaryKey(organizationId);
470
471 long orgGroupId = organization.getGroup().getGroupId();
472
473 Iterator itr = permissionPersistence.findByResourceId(
474 resourceId).iterator();
475
476 while (itr.hasNext()) {
477 Permission permission = (Permission)itr.next();
478
479 groupPersistence.removePermission(orgGroupId, permission);
480 }
481
482 itr = getPermissions(
483 organization.getCompanyId(), actionIds, resourceId).iterator();
484
485 orgGroupPermissionFinder.removeByO_G_R(
486 organizationId, groupId, resourceId);
487
488 while (itr.hasNext()) {
489 Permission permission = (Permission)itr.next();
490
491 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
492 organizationId, groupId, permission.getPermissionId());
493
494 OrgGroupPermission orgGroupPermission =
495 orgGroupPermissionPersistence.create(pk);
496
497 orgGroupPermissionPersistence.update(orgGroupPermission);
498 }
499
500 PermissionCacheUtil.clearCache();
501 }
502
503 public void setRolePermission(
504 long roleId, long companyId, String name, int scope, String primKey,
505 String actionId)
506 throws PortalException, SystemException {
507
508 if (scope == ResourceImpl.SCOPE_COMPANY) {
509
510
512 unsetRolePermissions(
513 roleId, companyId, name, ResourceImpl.SCOPE_GROUP, actionId);
514 }
515 else if (scope == ResourceImpl.SCOPE_GROUP) {
516
517
519 unsetRolePermissions(
520 roleId, companyId, name, ResourceImpl.SCOPE_COMPANY, actionId);
521 }
522 else if (scope == ResourceImpl.SCOPE_INDIVIDUAL) {
523 throw new NoSuchPermissionException();
524 }
525
526 Resource resource = resourceLocalService.addResource(
527 companyId, name, scope, primKey);
528
529 Permission permission = null;
530
531 try {
532 permission = permissionPersistence.findByA_R(
533 actionId, resource.getResourceId());
534 }
535 catch (NoSuchPermissionException nspe) {
536 long permissionId = counterLocalService.increment(
537 Permission.class.getName());
538
539 permission = permissionPersistence.create(permissionId);
540
541 permission.setCompanyId(companyId);
542 permission.setActionId(actionId);
543 permission.setResourceId(resource.getResourceId());
544
545 permissionPersistence.update(permission);
546 }
547
548 rolePersistence.addPermission(roleId, permission);
549
550 PermissionCacheUtil.clearCache();
551 }
552
553 public void setRolePermissions(
554 long roleId, long companyId, String name, int scope, String primKey,
555 String[] actionIds)
556 throws PortalException, SystemException {
557
558 for (int i = 0; i < actionIds.length; i++) {
559 String actionId = actionIds[i];
560
561 setRolePermission(
562 roleId, companyId, name, scope, primKey, actionId);
563 }
564 }
565
566 public void setRolePermissions(
567 long roleId, String[] actionIds, long resourceId)
568 throws PortalException, SystemException {
569
570 Role role = rolePersistence.findByPrimaryKey(roleId);
571
572 List permissions = permissionFinder.findByR_R(roleId, resourceId);
573
574 rolePersistence.removePermissions(roleId, permissions);
575
576 permissions = getPermissions(
577 role.getCompanyId(), actionIds, resourceId);
578
579 rolePersistence.addPermissions(roleId, permissions);
580
581 PermissionCacheUtil.clearCache();
582 }
583
584 public void setUserPermissions(
585 long userId, String[] actionIds, long resourceId)
586 throws PortalException, SystemException {
587
588 User user = userPersistence.findByPrimaryKey(userId);
589
590 List permissions = permissionFinder.findByU_R(userId, resourceId);
591
592 userPersistence.removePermissions(userId, permissions);
593
594 permissions = getPermissions(
595 user.getCompanyId(), actionIds, resourceId);
596
597 userPersistence.addPermissions(userId, permissions);
598
599 PermissionCacheUtil.clearCache();
600 }
601
602 public void unsetRolePermission(long roleId, long permissionId)
603 throws SystemException, PortalException {
604
605 try {
606 Permission permission = permissionPersistence.findByPrimaryKey(
607 permissionId);
608
609 rolePersistence.removePermission(roleId, permission);
610 }
611 catch (NoSuchPermissionException nspe) {
612 }
613
614 PermissionCacheUtil.clearCache();
615 }
616
617 public void unsetRolePermission(
618 long roleId, long companyId, String name, int scope, String primKey,
619 String actionId)
620 throws PortalException, SystemException {
621
622 try {
623 ResourceCode resourceCode =
624 resourceCodeLocalService.getResourceCode(
625 companyId, name, scope);
626
627 Resource resource = resourcePersistence.findByC_P(
628 resourceCode.getCodeId(), primKey);
629
630 Permission permission = permissionPersistence.findByA_R(
631 actionId, resource.getResourceId());
632
633 rolePersistence.removePermission(roleId, permission);
634 }
635 catch (NoSuchPermissionException nspe) {
636 }
637 catch (NoSuchResourceException nsre) {
638 }
639
640 PermissionCacheUtil.clearCache();
641 }
642
643 public void unsetRolePermissions(
644 long roleId, long companyId, String name, int scope,
645 String actionId)
646 throws PortalException, SystemException {
647
648 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
649 companyId, name, scope);
650
651 Iterator itr = resourcePersistence.findByCodeId(
652 resourceCode.getCodeId()).iterator();
653
654 while (itr.hasNext()) {
655 Resource resource = (Resource)itr.next();
656
657 try {
658 Permission permission = permissionPersistence.findByA_R(
659 actionId, resource.getResourceId());
660
661 rolePersistence.removePermission(roleId, permission);
662 }
663 catch (NoSuchPermissionException nspe) {
664 }
665 }
666
667 PermissionCacheUtil.clearCache();
668 }
669
670 public void unsetUserPermissions(
671 long userId, String[] actionIds, long resourceId)
672 throws PortalException, SystemException {
673
674 List permissions = permissionFinder.findByU_A_R(
675 userId, actionIds, resourceId);
676
677 userPersistence.removePermissions(userId, permissions);
678
679 PermissionCacheUtil.clearCache();
680 }
681
682 protected boolean checkOrgGroupPermission(
683 List organizations, List groups, List permissions)
684 throws PortalException, SystemException {
685
686 for (int i = 0; i < permissions.size(); i++) {
687 Permission permission = (Permission)permissions.get(i);
688
689 if (checkOrgGroupPermission(organizations, groups, permission)) {
690 return true;
691 }
692 }
693
694 return false;
695 }
696
697 protected boolean checkOrgGroupPermission(
698 List organizations, List groups, Permission permission)
699 throws PortalException, SystemException {
700
701
704 if ((organizations.size() == 0) || (groups.size() == 0)) {
705 return false;
706 }
707
708
711 List orgGroupPermissions =
712 orgGroupPermissionPersistence.findByPermissionId(
713 permission.getPermissionId());
714
715 if (orgGroupPermissions.size() == 0) {
716 return false;
717 }
718
719 Iterator itr = orgGroupPermissions.iterator();
720
721 while (itr.hasNext()) {
722 OrgGroupPermission orgGroupPermission =
723 (OrgGroupPermission)itr.next();
724
725 if (orgGroupPermission.containsOrganization(organizations) &&
726 orgGroupPermission.containsGroup(groups)) {
727
728 return true;
729 }
730 }
731
732
736 throw new NoSuchPermissionException(
737 "User has a permission in OrgGroupPermission that does not match");
738 }
739
740 protected boolean hasUserPermissions_1(
741 long userId, String actionId, long resourceId, List permissions,
742 List groups, long groupId, StopWatch stopWatch, int block)
743 throws PortalException, SystemException {
744
745
748 if (groups.size() > 0) {
749 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
750 return true;
751 }
752 }
753
754 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
755
756
759 if (groups.size() > 0) {
760 if (permissionFinder.countByGroupsPermissions(
761 permissions, groups) > 0) {
762
763 return true;
764 }
765 }
766
767 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
768
769
771 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
772 return true;
773 }
774
775 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
776
777
779 if (permissionFinder.countByUserGroupRole(
780 permissions, userId, groupId) > 0) {
781
782 return true;
783 }
784
785 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
786
787
789 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
790 return true;
791 }
792
793 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
794
795 return false;
796 }
797
798 protected boolean hasUserPermissions_2(
799 long userId, String actionId, long resourceId, List permissions,
800 List groups, long groupId, StopWatch stopWatch, int block)
801 throws PortalException, SystemException {
802
803
806 if (permissionFinder.containsPermissions_2(
807 permissions, userId, groups, groupId)) {
808
809 return true;
810 }
811
812 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
813
814 return false;
815 }
816
817 protected boolean hasUserPermissions_3(
818 long userId, String actionId, long resourceId, List permissions,
819 List groups, List roles, StopWatch stopWatch, int block)
820 throws PortalException, SystemException {
821
822
825 if (groups.size() > 0) {
826 if (permissionFinder.countByGroupsPermissions(
827 permissions, groups) > 0) {
828
829 return true;
830 }
831 }
832
833 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
834
835
838 if (roles.size() > 0) {
839 if (permissionFinder.countByRolesPermissions(
840 permissions, roles) > 0) {
841
842 return true;
843 }
844 }
845
846 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
847
848
850 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
851 return true;
852 }
853
854 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
855
856 return false;
857 }
858
859 protected boolean hasUserPermissions_4(
860 long userId, String actionId, long resourceId, List permissions,
861 List groups, List roles, StopWatch stopWatch, int block)
862 throws PortalException, SystemException {
863
864
867 if (permissionFinder.containsPermissions_4(
868 permissions, userId, groups, roles)) {
869
870 return true;
871 }
872
873 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
874
875 return false;
876 }
877
878 protected void logHasUserPermissions(
879 long userId, String actionId, long resourceId, StopWatch stopWatch,
880 int block) {
881
882 if (!_log.isDebugEnabled()) {
883 return;
884 }
885
886 _log.debug(
887 "Checking user permissions block " + block + " for " + userId +
888 " " + actionId + " " + resourceId + " takes " +
889 stopWatch.getTime() + " ms");
890 }
891
892 private static Log _log =
893 LogFactory.getLog(PermissionLocalServiceImpl.class);
894
895 }