1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.NoSuchResourceException;
27  import com.liferay.portal.PortalException;
28  import com.liferay.portal.SystemException;
29  import com.liferay.portal.kernel.security.permission.PermissionCheckerBag;
30  import com.liferay.portal.kernel.util.GetterUtil;
31  import com.liferay.portal.kernel.util.Validator;
32  import com.liferay.portal.model.Group;
33  import com.liferay.portal.model.OrgGroupPermission;
34  import com.liferay.portal.model.Organization;
35  import com.liferay.portal.model.Permission;
36  import com.liferay.portal.model.Resource;
37  import com.liferay.portal.model.ResourceCode;
38  import com.liferay.portal.model.Role;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserGroup;
41  import com.liferay.portal.model.impl.ResourceImpl;
42  import com.liferay.portal.security.permission.PermissionCacheUtil;
43  import com.liferay.portal.security.permission.PermissionCheckerImpl;
44  import com.liferay.portal.security.permission.ResourceActionsUtil;
45  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
46  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
47  import com.liferay.portal.util.comparator.PermissionComparator;
48  
49  import java.util.ArrayList;
50  import java.util.Iterator;
51  import java.util.List;
52  
53  import org.apache.commons.lang.time.StopWatch;
54  import org.apache.commons.logging.Log;
55  import org.apache.commons.logging.LogFactory;
56  
57  /**
58   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
59   *
60   * @author Charles May
61   * @author Brian Wing Shun Chan
62   *
63   */
64  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
65  
66      public Permission addPermission(
67              long companyId, String actionId, long resourceId)
68          throws PortalException, SystemException {
69  
70          Permission permission = permissionPersistence.fetchByA_R(
71              actionId, resourceId);
72  
73          if (permission == null) {
74              long permissionId = counterLocalService.increment(
75                  Permission.class.getName());
76  
77              permission = permissionPersistence.create(permissionId);
78  
79              permission.setCompanyId(companyId);
80              permission.setActionId(actionId);
81              permission.setResourceId(resourceId);
82  
83              permissionPersistence.update(permission);
84          }
85  
86          return permission;
87      }
88  
89      public List addPermissions(
90              long companyId, String name, long resourceId,
91              boolean portletActions)
92          throws PortalException, SystemException {
93  
94          List permissions = new ArrayList();
95  
96          List actions = null;
97  
98          if (portletActions) {
99              actions =
100                 ResourceActionsUtil.getPortletResourceActions(companyId, name);
101         }
102         else {
103             actions = ResourceActionsUtil.getModelResourceActions(name);
104         }
105 
106         for (int i = 0; i < actions.size(); i++) {
107             String actionId = (String)actions.get(i);
108 
109             Permission permission =
110                 addPermission(companyId, actionId, resourceId);
111 
112             permissions.add(permission);
113         }
114 
115         return permissions;
116     }
117 
118     public void addUserPermissions(
119             long userId, String[] actionIds, long resourceId)
120         throws PortalException, SystemException {
121 
122         User user = userPersistence.findByPrimaryKey(userId);
123 
124         List permissions = permissionFinder.findByU_R(userId, resourceId);
125 
126         permissions = getPermissions(
127             user.getCompanyId(), actionIds, resourceId);
128 
129         userPersistence.addPermissions(userId, permissions);
130 
131         PermissionCacheUtil.clearCache();
132     }
133 
134     public List getActions(List permissions) throws SystemException {
135         List actions = new ArrayList();
136 
137         Iterator itr = permissions.iterator();
138 
139         while (itr.hasNext()) {
140             Permission permission = (Permission)itr.next();
141 
142             actions.add(permission.getActionId());
143         }
144 
145         return actions;
146     }
147 
148     public List getGroupPermissions(long groupId, long resourceId)
149         throws SystemException {
150 
151         return permissionFinder.findByG_R(groupId, resourceId);
152     }
153 
154     public List getGroupPermissions(
155             long groupId, long companyId, String name, int scope,
156             String primKey)
157         throws SystemException {
158 
159         return permissionFinder.findByG_C_N_S_P(
160             groupId, companyId, name, scope, primKey);
161     }
162 
163     public List getOrgGroupPermissions(
164             long organizationId, long groupId, long resourceId)
165         throws SystemException {
166 
167         return permissionFinder.findByO_G_R(
168             organizationId, groupId, resourceId);
169     }
170 
171     public long getLatestPermissionId()
172         throws PortalException, SystemException {
173 
174         List list = permissionPersistence.findAll(
175             0, 1, new PermissionComparator());
176 
177         if (list.size() == 0) {
178             return 0;
179         }
180         else {
181             Permission permission = (Permission)list.get(0);
182 
183             return permission.getPermissionId();
184         }
185     }
186 
187     public List getPermissions(
188             long companyId, String[] actionIds, long resourceId)
189         throws PortalException, SystemException {
190 
191         List permissions = new ArrayList();
192 
193         for (int i = 0; i < actionIds.length; i++) {
194             Permission permission =
195                 addPermission(companyId, actionIds[i], resourceId);
196 
197             permissions.add(permission);
198         }
199 
200         return permissions;
201     }
202 
203     public List getRolePermissions(long roleId)
204         throws PortalException, SystemException {
205 
206         return rolePersistence.getPermissions(roleId);
207     }
208 
209     public List getRolePermissions(long roleId, long resourceId)
210         throws SystemException {
211 
212         return permissionFinder.findByR_R(roleId, resourceId);
213     }
214 
215     public List getUserPermissions(long userId, long resourceId)
216         throws SystemException {
217 
218         return permissionFinder.findByU_R(userId, resourceId);
219     }
220 
221     public List getUserPermissions(
222             long userId, long companyId, String name, int scope, String primKey)
223         throws SystemException {
224 
225         return permissionFinder.findByU_C_N_S_P(
226             userId, companyId, name, scope, primKey);
227     }
228 
229     public boolean hasGroupPermission(
230             long groupId, String actionId, long resourceId)
231         throws PortalException, SystemException {
232 
233         Permission permission = null;
234 
235         try {
236             permission = permissionPersistence.findByA_R(actionId, resourceId);
237         }
238         catch (NoSuchPermissionException nspe) {
239 
240             // Return false if there is no permission based on the given action
241             // id and resource id
242 
243             return false;
244         }
245 
246         return groupPersistence.containsPermission(
247             groupId, permission.getPermissionId());
248     }
249 
250     public boolean hasRolePermission(
251             long roleId, long companyId, String name, int scope,
252             String actionId)
253         throws PortalException, SystemException {
254 
255         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
256             companyId, name, scope);
257 
258         Iterator itr = resourcePersistence.findByCodeId(
259             resourceCode.getCodeId()).iterator();
260 
261         while (itr.hasNext()) {
262             Resource resource = (Resource)itr.next();
263 
264             try {
265                 Permission permission = permissionPersistence.findByA_R(
266                     actionId, resource.getResourceId());
267 
268                 if (rolePersistence.containsPermission(
269                         roleId, permission.getPermissionId())) {
270 
271                     return true;
272                 }
273             }
274             catch (NoSuchPermissionException nspe) {
275             }
276         }
277 
278         return false;
279     }
280 
281     public boolean hasRolePermission(
282             long roleId, long companyId, String name, int scope, String primKey,
283             String actionId)
284         throws PortalException, SystemException {
285 
286         try {
287             ResourceCode resourceCode =
288                 resourceCodeLocalService.getResourceCode(
289                     companyId, name, scope);
290 
291             Resource resource = resourcePersistence.findByC_P(
292                 resourceCode.getCodeId(), primKey);
293 
294             Permission permission = permissionPersistence.findByA_R(
295                 actionId, resource.getResourceId());
296 
297             return rolePersistence.containsPermission(
298                 roleId, permission.getPermissionId());
299         }
300         catch (NoSuchPermissionException nspe) {
301         }
302         catch (NoSuchResourceException nsre) {
303         }
304 
305         return false;
306     }
307 
308     public boolean hasUserPermission(
309             long userId, String actionId, long resourceId)
310         throws PortalException, SystemException {
311 
312         Permission permission = null;
313 
314         try {
315             permission = permissionPersistence.findByA_R(actionId, resourceId);
316         }
317         catch (NoSuchPermissionException nspe) {
318 
319             // Return false if there is no permission based on the given action
320             // id and resource id
321 
322             return false;
323         }
324 
325         return userPersistence.containsPermission(
326             userId, permission.getPermissionId());
327     }
328 
329     public boolean hasUserPermissions(
330             long userId, long groupId, String actionId, long[] resourceIds,
331             PermissionCheckerBag permissionCheckerBag)
332         throws PortalException, SystemException {
333 
334         StopWatch stopWatch = null;
335 
336         if (_log.isDebugEnabled()) {
337             stopWatch = new StopWatch();
338 
339             stopWatch.start();
340         }
341 
342         int block = 1;
343 
344         // Return false if there is no resources
345 
346         if ((Validator.isNull(actionId)) || (resourceIds == null) ||
347             (resourceIds.length == 0)) {
348 
349             return false;
350         }
351 
352         List permissions = permissionFinder.findByA_R(actionId, resourceIds);
353 
354         // Return false if there are no permissions
355 
356         if (permissions.size() == 0) {
357             return false;
358         }
359 
360         // Record logs with the first resource id
361 
362         long resourceId = resourceIds[0];
363 
364         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
365 
366         //List userGroups = permissionCheckerBag.getUserGroups();
367         //List userOrgs = permissionCheckerBag.getUserOrgs();
368         //List userOrgGroups = permissionCheckerBag.getUserOrgGroups();
369         //List userUserGroupGroups =
370         //  permissionCheckerBag.getUserUserGroupGroups();
371         List groups = permissionCheckerBag.getGroups();
372         List roles = permissionCheckerBag.getRoles();
373 
374         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
375 
376         // Check the organization and community intersection table. Break out of
377         // this method if the user has one of the permissions set at the
378         // intersection because that takes priority.
379 
380         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
381         //  return true;
382         //}
383 
384         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
385 
386         if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 1) {
387             return hasUserPermissions_1(
388                 userId, actionId, resourceId, permissions, groups, groupId,
389                 stopWatch, block);
390         }
391         else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 2) {
392             return hasUserPermissions_2(
393                 userId, actionId, resourceId, permissions, groups, groupId,
394                 stopWatch, block);
395         }
396         else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 3) {
397             return hasUserPermissions_3(
398                 userId, actionId, resourceId, permissions, groups, roles,
399                 stopWatch, block);
400         }
401         else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 4) {
402             return hasUserPermissions_4(
403                 userId, actionId, resourceId, permissions, groups, roles,
404                 stopWatch, block);
405         }
406 
407         return false;
408     }
409 
410     public void setGroupPermissions(
411             long groupId, String[] actionIds, long resourceId)
412         throws PortalException, SystemException {
413 
414         Group group = groupPersistence.findByPrimaryKey(groupId);
415 
416         Iterator itr = permissionFinder.findByG_R(
417             groupId, resourceId).iterator();
418 
419         while (itr.hasNext()) {
420             Permission permission = (Permission)itr.next();
421 
422             groupPersistence.removePermission(groupId, permission);
423         }
424 
425         List permissions = getPermissions(
426             group.getCompanyId(), actionIds, resourceId);
427 
428         groupPersistence.addPermissions(groupId, permissions);
429 
430         PermissionCacheUtil.clearCache();
431     }
432 
433     public void setGroupPermissions(
434             String className, String classPK, long groupId,
435             String[] actionIds, long resourceId)
436         throws PortalException, SystemException {
437 
438         long associatedGroupId = 0;
439 
440         if (className.equals(Organization.class.getName())) {
441             long organizationId = GetterUtil.getLong(classPK);
442 
443             Organization organization =
444                 organizationPersistence.findByPrimaryKey(organizationId);
445 
446             orgGroupPermissionFinder.removeByO_G_R(
447                 organizationId, groupId, resourceId);
448 
449             associatedGroupId = organization.getGroup().getGroupId();
450         }
451         else if (className.equals(UserGroup.class.getName())) {
452             long userGroupId = GetterUtil.getLong(classPK);
453 
454             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
455                 userGroupId);
456 
457             associatedGroupId = userGroup.getGroup().getGroupId();
458         }
459 
460         setGroupPermissions(associatedGroupId, actionIds, resourceId);
461     }
462 
463     public void setOrgGroupPermissions(
464             long organizationId, long groupId, String[] actionIds,
465             long resourceId)
466         throws PortalException, SystemException {
467 
468         Organization organization =
469             organizationPersistence.findByPrimaryKey(organizationId);
470 
471         long orgGroupId = organization.getGroup().getGroupId();
472 
473         Iterator itr = permissionPersistence.findByResourceId(
474             resourceId).iterator();
475 
476         while (itr.hasNext()) {
477             Permission permission = (Permission)itr.next();
478 
479             groupPersistence.removePermission(orgGroupId, permission);
480         }
481 
482         itr = getPermissions(
483             organization.getCompanyId(), actionIds, resourceId).iterator();
484 
485         orgGroupPermissionFinder.removeByO_G_R(
486             organizationId, groupId, resourceId);
487 
488         while (itr.hasNext()) {
489             Permission permission = (Permission)itr.next();
490 
491             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
492                 organizationId, groupId, permission.getPermissionId());
493 
494             OrgGroupPermission orgGroupPermission =
495                 orgGroupPermissionPersistence.create(pk);
496 
497             orgGroupPermissionPersistence.update(orgGroupPermission);
498         }
499 
500         PermissionCacheUtil.clearCache();
501     }
502 
503     public void setRolePermission(
504             long roleId, long companyId, String name, int scope, String primKey,
505             String actionId)
506         throws PortalException, SystemException {
507 
508         if (scope == ResourceImpl.SCOPE_COMPANY) {
509 
510             // Remove group permission
511 
512             unsetRolePermissions(
513                 roleId, companyId, name, ResourceImpl.SCOPE_GROUP, actionId);
514         }
515         else if (scope == ResourceImpl.SCOPE_GROUP) {
516 
517             // Remove company permission
518 
519             unsetRolePermissions(
520                 roleId, companyId, name, ResourceImpl.SCOPE_COMPANY, actionId);
521         }
522         else if (scope == ResourceImpl.SCOPE_INDIVIDUAL) {
523             throw new NoSuchPermissionException();
524         }
525 
526         Resource resource = resourceLocalService.addResource(
527             companyId, name, scope, primKey);
528 
529         Permission permission = null;
530 
531         try {
532             permission = permissionPersistence.findByA_R(
533                 actionId, resource.getResourceId());
534         }
535         catch (NoSuchPermissionException nspe) {
536             long permissionId = counterLocalService.increment(
537                 Permission.class.getName());
538 
539             permission = permissionPersistence.create(permissionId);
540 
541             permission.setCompanyId(companyId);
542             permission.setActionId(actionId);
543             permission.setResourceId(resource.getResourceId());
544 
545             permissionPersistence.update(permission);
546         }
547 
548         rolePersistence.addPermission(roleId, permission);
549 
550         PermissionCacheUtil.clearCache();
551     }
552 
553     public void setRolePermissions(
554             long roleId, long companyId, String name, int scope, String primKey,
555             String[] actionIds)
556         throws PortalException, SystemException {
557 
558         for (int i = 0; i < actionIds.length; i++) {
559             String actionId = actionIds[i];
560 
561             setRolePermission(
562                 roleId, companyId, name, scope, primKey, actionId);
563         }
564     }
565 
566     public void setRolePermissions(
567             long roleId, String[] actionIds, long resourceId)
568         throws PortalException, SystemException {
569 
570         Role role = rolePersistence.findByPrimaryKey(roleId);
571 
572         List permissions = permissionFinder.findByR_R(roleId, resourceId);
573 
574         rolePersistence.removePermissions(roleId, permissions);
575 
576         permissions = getPermissions(
577             role.getCompanyId(), actionIds, resourceId);
578 
579         rolePersistence.addPermissions(roleId, permissions);
580 
581         PermissionCacheUtil.clearCache();
582     }
583 
584     public void setUserPermissions(
585             long userId, String[] actionIds, long resourceId)
586         throws PortalException, SystemException {
587 
588         User user = userPersistence.findByPrimaryKey(userId);
589 
590         List permissions = permissionFinder.findByU_R(userId, resourceId);
591 
592         userPersistence.removePermissions(userId, permissions);
593 
594         permissions = getPermissions(
595             user.getCompanyId(), actionIds, resourceId);
596 
597         userPersistence.addPermissions(userId, permissions);
598 
599         PermissionCacheUtil.clearCache();
600     }
601 
602     public void unsetRolePermission(long roleId, long permissionId)
603         throws SystemException, PortalException {
604 
605         try {
606             Permission permission = permissionPersistence.findByPrimaryKey(
607                 permissionId);
608 
609             rolePersistence.removePermission(roleId, permission);
610         }
611         catch (NoSuchPermissionException nspe) {
612         }
613 
614         PermissionCacheUtil.clearCache();
615     }
616 
617     public void unsetRolePermission(
618             long roleId, long companyId, String name, int scope, String primKey,
619             String actionId)
620         throws PortalException, SystemException {
621 
622         try {
623             ResourceCode resourceCode =
624                 resourceCodeLocalService.getResourceCode(
625                     companyId, name, scope);
626 
627             Resource resource = resourcePersistence.findByC_P(
628                 resourceCode.getCodeId(), primKey);
629 
630             Permission permission = permissionPersistence.findByA_R(
631                 actionId, resource.getResourceId());
632 
633             rolePersistence.removePermission(roleId, permission);
634         }
635         catch (NoSuchPermissionException nspe) {
636         }
637         catch (NoSuchResourceException nsre) {
638         }
639 
640         PermissionCacheUtil.clearCache();
641     }
642 
643     public void unsetRolePermissions(
644             long roleId, long companyId, String name, int scope,
645             String actionId)
646         throws PortalException, SystemException {
647 
648         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
649             companyId, name, scope);
650 
651         Iterator itr = resourcePersistence.findByCodeId(
652             resourceCode.getCodeId()).iterator();
653 
654         while (itr.hasNext()) {
655             Resource resource = (Resource)itr.next();
656 
657             try {
658                 Permission permission = permissionPersistence.findByA_R(
659                     actionId, resource.getResourceId());
660 
661                 rolePersistence.removePermission(roleId, permission);
662             }
663             catch (NoSuchPermissionException nspe) {
664             }
665         }
666 
667         PermissionCacheUtil.clearCache();
668     }
669 
670     public void unsetUserPermissions(
671             long userId, String[] actionIds, long resourceId)
672         throws PortalException, SystemException {
673 
674         List permissions = permissionFinder.findByU_A_R(
675             userId, actionIds, resourceId);
676 
677         userPersistence.removePermissions(userId, permissions);
678 
679         PermissionCacheUtil.clearCache();
680     }
681 
682     protected boolean checkOrgGroupPermission(
683             List organizations, List groups, List permissions)
684         throws PortalException, SystemException {
685 
686         for (int i = 0; i < permissions.size(); i++) {
687             Permission permission = (Permission)permissions.get(i);
688 
689             if (checkOrgGroupPermission(organizations, groups, permission)) {
690                 return true;
691             }
692         }
693 
694         return false;
695     }
696 
697     protected boolean checkOrgGroupPermission(
698             List organizations, List groups, Permission permission)
699         throws PortalException, SystemException {
700 
701         // Do not check for an OrgGroupPermission intersection unless there is
702         // at least one organization and one group to check
703 
704         if ((organizations.size() == 0) || (groups.size() == 0)) {
705             return false;
706         }
707 
708         // Do not check unless the OrgGroupPermission intersection contains at
709         // least one permission
710 
711         List orgGroupPermissions =
712             orgGroupPermissionPersistence.findByPermissionId(
713                 permission.getPermissionId());
714 
715         if (orgGroupPermissions.size() == 0) {
716             return false;
717         }
718 
719         Iterator itr = orgGroupPermissions.iterator();
720 
721         while (itr.hasNext()) {
722             OrgGroupPermission orgGroupPermission =
723                 (OrgGroupPermission)itr.next();
724 
725             if (orgGroupPermission.containsOrganization(organizations) &&
726                 orgGroupPermission.containsGroup(groups)) {
727 
728                 return true;
729             }
730         }
731 
732         // Throw an exception so that we do not continue checking permissions.
733         // The user has a specific permission given in the OrgGroupPermission
734         // intersection that prohibits him from going further.
735 
736         throw new NoSuchPermissionException(
737             "User has a permission in OrgGroupPermission that does not match");
738     }
739 
740     protected boolean hasUserPermissions_1(
741             long userId, String actionId, long resourceId, List permissions,
742             List groups, long groupId, StopWatch stopWatch, int block)
743         throws PortalException, SystemException {
744 
745         // Is the user connected to one of the permissions via group or
746         // organization roles?
747 
748         if (groups.size() > 0) {
749             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
750                 return true;
751             }
752         }
753 
754         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
755 
756         // Is the user associated with groups or organizations that are directly
757         // connected to one of the permissions?
758 
759         if (groups.size() > 0) {
760             if (permissionFinder.countByGroupsPermissions(
761                     permissions, groups) > 0) {
762 
763                 return true;
764             }
765         }
766 
767         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
768 
769         // Is the user connected to one of the permissions via user roles?
770 
771         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
772             return true;
773         }
774 
775         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
776 
777         // Is the user connected to one of the permissions via user group roles?
778 
779         if (permissionFinder.countByUserGroupRole(
780                 permissions, userId, groupId) > 0) {
781 
782             return true;
783         }
784 
785         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
786 
787         // Is the user directly connected to one of the permissions?
788 
789         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
790             return true;
791         }
792 
793         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
794 
795         return false;
796     }
797 
798     protected boolean hasUserPermissions_2(
799             long userId, String actionId, long resourceId, List permissions,
800             List groups, long groupId, StopWatch stopWatch, int block)
801         throws PortalException, SystemException {
802 
803         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
804         // countByUserGroupRole, and countByUsersPermissions in one method
805 
806         if (permissionFinder.containsPermissions_2(
807                 permissions, userId, groups, groupId)) {
808 
809             return true;
810         }
811 
812         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
813 
814         return false;
815     }
816 
817     protected boolean hasUserPermissions_3(
818             long userId, String actionId, long resourceId, List permissions,
819             List groups, List roles, StopWatch stopWatch, int block)
820         throws PortalException, SystemException {
821 
822         // Is the user associated with groups or organizations that are directly
823         // connected to one of the permissions?
824 
825         if (groups.size() > 0) {
826             if (permissionFinder.countByGroupsPermissions(
827                     permissions, groups) > 0) {
828 
829                 return true;
830             }
831         }
832 
833         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
834 
835         // Is the user associated with a role that is directly connected to one
836         // of the permissions?
837 
838         if (roles.size() > 0) {
839             if (permissionFinder.countByRolesPermissions(
840                     permissions, roles) > 0) {
841 
842                 return true;
843             }
844         }
845 
846         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
847 
848         // Is the user directly connected to one of the permissions?
849 
850         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
851             return true;
852         }
853 
854         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
855 
856         return false;
857     }
858 
859     protected boolean hasUserPermissions_4(
860             long userId, String actionId, long resourceId, List permissions,
861             List groups, List roles, StopWatch stopWatch, int block)
862         throws PortalException, SystemException {
863 
864         // Call countByGroupsPermissions, countByRolesPermissions, and
865         // countByUsersPermissions in one method
866 
867         if (permissionFinder.containsPermissions_4(
868                 permissions, userId, groups, roles)) {
869 
870             return true;
871         }
872 
873         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
874 
875         return false;
876     }
877 
878     protected void logHasUserPermissions(
879         long userId, String actionId, long resourceId, StopWatch stopWatch,
880         int block) {
881 
882         if (!_log.isDebugEnabled()) {
883             return;
884         }
885 
886         _log.debug(
887             "Checking user permissions block " + block + " for " + userId +
888                 " " + actionId + " " + resourceId + " takes " +
889                     stopWatch.getTime() + " ms");
890     }
891 
892     private static Log _log =
893         LogFactory.getLog(PermissionLocalServiceImpl.class);
894 
895 }