1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.security.permission;
16  
17  import com.liferay.portal.kernel.util.StringBundler;
18  import com.liferay.portal.kernel.util.StringPool;
19  import com.liferay.portal.kernel.util.StringUtil;
20  import com.liferay.portal.kernel.util.Validator;
21  import com.liferay.portal.util.PropsValues;
22  import com.liferay.util.dao.orm.CustomSQLUtil;
23  
24  /**
25   * <a href="InlineSQLHelperImpl.java.html"><b><i>View Source</i></b></a>
26   *
27   * @author Raymond Augé
28   */
29  public class InlineSQLHelperImpl implements InlineSQLHelper {
30  
31      public static final String JOIN_RESOURCE_PERMISSION =
32          InlineSQLHelper.class.getName() + ".joinResourcePermission";
33  
34      public boolean isEnabled() {
35          return isEnabled(0);
36      }
37  
38      public boolean isEnabled(long groupId) {
39          if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
40              return false;
41          }
42  
43          PermissionChecker permissionChecker =
44              PermissionThreadLocal.getPermissionChecker();
45  
46          if (permissionChecker == null) {
47              return false;
48          }
49  
50          if (groupId > 0) {
51              if (permissionChecker.isCommunityAdmin(groupId) ||
52                  permissionChecker.isCommunityOwner(groupId)) {
53  
54                  return false;
55              }
56          }
57          else {
58              if (permissionChecker.isCompanyAdmin()) {
59                  return false;
60              }
61          }
62  
63          return true;
64      }
65  
66      public String replacePermissionCheck(
67          String sql, String className, String classPKField, String userIdField) {
68  
69          return replacePermissionCheck(
70              sql, className, classPKField, userIdField, 0, null);
71      }
72  
73      public String replacePermissionCheck(
74          String sql, String className, String classPKField, String userIdField,
75          long groupId) {
76  
77          return replacePermissionCheck(
78              sql, className, classPKField, userIdField, groupId, null);
79      }
80  
81      public String replacePermissionCheck(
82          String sql, String className, String classPKField, String userIdField,
83          long groupId, String bridgeJoin) {
84  
85          if (!isEnabled(groupId)) {
86              return sql;
87          }
88  
89          if (Validator.isNull(className)) {
90              new IllegalArgumentException("className is null");
91          }
92  
93          if (Validator.isNull(classPKField)) {
94              new IllegalArgumentException("classPKField is null");
95          }
96  
97          if (Validator.isNull(sql)) {
98              return sql;
99          }
100 
101         PermissionChecker permissionChecker =
102             PermissionThreadLocal.getPermissionChecker();
103 
104         String permissionJoin = StringPool.BLANK;
105 
106         if (Validator.isNotNull(bridgeJoin)) {
107             permissionJoin = bridgeJoin;
108         }
109 
110         permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
111 
112         StringBundler ownerSQL = new StringBundler(5);
113 
114         if (Validator.isNotNull(userIdField)) {
115             ownerSQL.append("(");
116             ownerSQL.append(userIdField);
117             ownerSQL.append(" = ");
118             ownerSQL.append(String.valueOf(getUserId()));
119             ownerSQL.append(") OR ");
120         }
121 
122         permissionJoin = StringUtil.replace(
123             permissionJoin,
124             new String[] {
125                 "[$CLASS_NAME$]",
126                 "[$CLASS_PK_FIELD$]",
127                 "[$COMPANY_ID$]",
128                 "[$GROUP_ID$]",
129                 "[$OWNER_CHECK$]",
130                 "[$ROLE_IDS$]"
131             },
132             new String[] {
133                 className,
134                 classPKField,
135                 String.valueOf(permissionChecker.getCompanyId()),
136                 String.valueOf(groupId),
137                 ownerSQL.toString(),
138                 StringUtil.merge(getRoleIds(groupId))
139             });
140 
141         int pos = sql.indexOf(_WHERE_CLAUSE);
142 
143         if (pos != -1) {
144             return sql.substring(0, pos + 1).concat(permissionJoin).concat(
145                 sql.substring(pos + 1));
146         }
147 
148         pos = sql.indexOf(_ORDER_BY_CLAUSE);
149 
150         if (pos != -1) {
151             return sql.substring(0, pos + 1).concat(permissionJoin).concat(
152                 sql.substring(pos + 1));
153         }
154 
155         return sql.concat(StringPool.SPACE).concat(permissionJoin);
156     }
157 
158     public String replacePermissionCheck(
159         String sql, String className, String classPKField, String userIdField,
160         String bridgeJoin) {
161 
162         return replacePermissionCheck(
163             sql, className, classPKField, userIdField, 0, bridgeJoin);
164     }
165 
166     protected long[] getRoleIds(long groupId) {
167         long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
168 
169         PermissionChecker permissionChecker =
170             PermissionThreadLocal.getPermissionChecker();
171 
172         if (permissionChecker != null) {
173             roleIds = permissionChecker.getRoleIds(
174                 permissionChecker.getUserId(), groupId);
175         }
176 
177         return roleIds;
178     }
179 
180     protected long getUserId() {
181         long userId = 0;
182 
183         PermissionChecker permissionChecker =
184             PermissionThreadLocal.getPermissionChecker();
185 
186         if (permissionChecker != null) {
187             userId = permissionChecker.getUserId();
188         }
189 
190         return userId;
191     }
192 
193     private static final String _ORDER_BY_CLAUSE = " ORDER BY ";
194 
195     private static final String _WHERE_CLAUSE = " WHERE ";
196 
197 }