1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.enterpriseadmin.action;
24  
25  import com.liferay.portal.NoSuchRoleException;
26  import com.liferay.portal.kernel.util.ArrayUtil;
27  import com.liferay.portal.kernel.util.Constants;
28  import com.liferay.portal.kernel.util.ParamUtil;
29  import com.liferay.portal.kernel.util.StringUtil;
30  import com.liferay.portal.kernel.util.Validator;
31  import com.liferay.portal.model.Role;
32  import com.liferay.portal.model.impl.GroupImpl;
33  import com.liferay.portal.model.impl.ResourceImpl;
34  import com.liferay.portal.model.impl.RoleImpl;
35  import com.liferay.portal.security.auth.PrincipalException;
36  import com.liferay.portal.security.permission.ResourceActionsUtil;
37  import com.liferay.portal.security.permission.comparator.ActionComparator;
38  import com.liferay.portal.service.PermissionServiceUtil;
39  import com.liferay.portal.service.RoleServiceUtil;
40  import com.liferay.portal.struts.PortletAction;
41  import com.liferay.portal.theme.ThemeDisplay;
42  import com.liferay.portal.util.WebKeys;
43  import com.liferay.util.servlet.SessionErrors;
44  import com.liferay.util.servlet.SessionMessages;
45  
46  import java.util.Collections;
47  import java.util.HashMap;
48  import java.util.Iterator;
49  import java.util.List;
50  import java.util.Map;
51  
52  import javax.portlet.ActionRequest;
53  import javax.portlet.ActionResponse;
54  import javax.portlet.PortletConfig;
55  import javax.portlet.RenderRequest;
56  import javax.portlet.RenderResponse;
57  
58  import org.apache.struts.action.ActionForm;
59  import org.apache.struts.action.ActionForward;
60  import org.apache.struts.action.ActionMapping;
61  
62  /**
63   * <a href="EditRolePermissionsAction.java.html"><b><i>View Source</i></b></a>
64   *
65   * @author Brian Wing Shun Chan
66   * @author Jorge Ferrer
67   *
68   */
69  public class EditRolePermissionsAction extends PortletAction {
70  
71      public void processAction(
72              ActionMapping mapping, ActionForm form, PortletConfig config,
73              ActionRequest req, ActionResponse res)
74          throws Exception {
75  
76          String cmd = ParamUtil.getString(req, Constants.CMD);
77  
78          try {
79              if (cmd.equals("actions")) {
80                  updateActions(req, res);
81              }
82              else if (cmd.equals("delete_permission")) {
83                  deletePermission(req, res);
84              }
85          }
86          catch (Exception e) {
87              if (e instanceof NoSuchRoleException ||
88                  e instanceof PrincipalException) {
89  
90                  SessionErrors.add(req, e.getClass().getName());
91  
92                  setForward(req, "portlet.enterprise_admin.error");
93              }
94              else {
95                  throw e;
96              }
97          }
98      }
99  
100     public ActionForward render(
101             ActionMapping mapping, ActionForm form, PortletConfig config,
102             RenderRequest req, RenderResponse res)
103         throws Exception {
104 
105         try {
106             ActionUtil.getRole(req);
107         }
108         catch (Exception e) {
109             if (e instanceof NoSuchRoleException ||
110                 e instanceof PrincipalException) {
111 
112                 SessionErrors.add(req, e.getClass().getName());
113 
114                 return mapping.findForward("portlet.enterprise_admin.error");
115             }
116             else {
117                 throw e;
118             }
119         }
120 
121         return mapping.findForward(
122             getForward(req, "portlet.enterprise_admin.edit_role_permissions"));
123     }
124 
125     protected void deletePermission(ActionRequest req, ActionResponse res)
126         throws Exception {
127 
128         ThemeDisplay themeDisplay =
129             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
130 
131         long roleId = ParamUtil.getLong(req, "roleId");
132         long permissionId = ParamUtil.getLong(req, "permissionId");
133 
134         PermissionServiceUtil.unsetRolePermission(
135             roleId, themeDisplay.getPortletGroupId(), permissionId);
136 
137         // Send redirect
138 
139         SessionMessages.add(req, "permissionDeleted");
140 
141         String redirect = ParamUtil.getString(req, "redirect");
142 
143         res.sendRedirect(redirect);
144     }
145 
146     protected void updateActions(ActionRequest req, ActionResponse res)
147         throws Exception {
148 
149         ThemeDisplay themeDisplay =
150             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
151 
152         long roleId = ParamUtil.getLong(req, "roleId");
153 
154         String portletResource = ParamUtil.getString(req, "portletResource");
155         String[] modelResources = StringUtil.split(
156             ParamUtil.getString(req, "modelResources"));
157 
158         Map resourceActionsMap = new HashMap();
159 
160         if (Validator.isNotNull(portletResource)) {
161             resourceActionsMap.put(
162                 portletResource,
163                 ResourceActionsUtil.getResourceActions(
164                     themeDisplay.getCompanyId(), portletResource, null));
165         }
166 
167         for (int i = 0; i < modelResources.length; i++) {
168             resourceActionsMap.put(
169                 modelResources[i],
170                 ResourceActionsUtil.getResourceActions(
171                     themeDisplay.getCompanyId(), null, modelResources[i]));
172         }
173 
174         Iterator itr = resourceActionsMap.keySet().iterator();
175 
176         while (itr.hasNext()) {
177             String selResource = (String)itr.next();
178 
179             List actions = (List)resourceActionsMap.get(selResource);
180 
181             Collections.sort(
182                 actions,
183                 new ActionComparator(
184                     themeDisplay.getCompanyId(), themeDisplay.getLocale()));
185 
186             Role role = RoleServiceUtil.getRole(roleId);
187 
188             for (int i = 0; i < actions.size(); i++) {
189                 String actionId = (String)actions.get(i);
190 
191                 int scope = ParamUtil.getInteger(
192                     req, "scope" + selResource + actionId);
193 
194                 if (scope == ResourceImpl.SCOPE_COMPANY) {
195                     PermissionServiceUtil.setRolePermission(
196                         roleId, themeDisplay.getPortletGroupId(), selResource,
197                         scope, String.valueOf(themeDisplay.getCompanyId()),
198                         actionId);
199                 }
200                 else if (scope == ResourceImpl.SCOPE_GROUP) {
201                     if ((role.getType() == RoleImpl.TYPE_COMMUNITY) ||
202                         (role.getType() == RoleImpl.TYPE_ORGANIZATION)) {
203 
204                         PermissionServiceUtil.setRolePermission(
205                             roleId, themeDisplay.getPortletGroupId(),
206                             selResource, ResourceImpl.SCOPE_GROUP_TEMPLATE,
207                             String.valueOf(GroupImpl.DEFAULT_PARENT_GROUP_ID),
208                             actionId);
209                     }
210                     else {
211                         String[] groupIds = StringUtil.split(
212                             ParamUtil.getString(
213                                 req, "groupIds" + selResource + actionId));
214 
215                         if (groupIds.length == 0) {
216                             SessionErrors.add(req, "missingGroupIdsForAction");
217                             return;
218                         }
219 
220                         groupIds = ArrayUtil.distinct(groupIds);
221 
222                         PermissionServiceUtil.unsetRolePermissions(
223                             roleId, themeDisplay.getPortletGroupId(),
224                             selResource, ResourceImpl.SCOPE_GROUP, actionId);
225 
226                         for (int j = 0; j < groupIds.length; j++) {
227                             PermissionServiceUtil.setRolePermission(
228                                 roleId, themeDisplay.getPortletGroupId(),
229                                 selResource, ResourceImpl.SCOPE_GROUP,
230                                 groupIds[j], actionId);
231                         }
232                     }
233                 }
234                 else {
235 
236                     // Remove company, group template, and group permissions
237 
238                     PermissionServiceUtil.unsetRolePermissions(
239                         roleId, themeDisplay.getPortletGroupId(), selResource,
240                         ResourceImpl.SCOPE_COMPANY, actionId);
241 
242                     PermissionServiceUtil.unsetRolePermissions(
243                         roleId, themeDisplay.getPortletGroupId(), selResource,
244                         ResourceImpl.SCOPE_GROUP_TEMPLATE, actionId);
245 
246                     PermissionServiceUtil.unsetRolePermissions(
247                         roleId, themeDisplay.getPortletGroupId(), selResource,
248                         ResourceImpl.SCOPE_GROUP, actionId);
249                 }
250             }
251         }
252 
253         // Send redirect
254 
255         SessionMessages.add(req, "permissionsUpdated");
256 
257         String redirect =
258             ParamUtil.getString(req, "redirect") + "&" + Constants.CMD + "=" +
259                 Constants.VIEW;
260 
261         res.sendRedirect(redirect);
262     }
263 
264 }