001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.util.ArrayUtil;
018 import com.liferay.portal.kernel.util.StringBundler;
019 import com.liferay.portal.kernel.util.StringPool;
020 import com.liferay.portal.kernel.util.StringUtil;
021 import com.liferay.portal.kernel.util.Validator;
022 import com.liferay.portal.util.PropsValues;
023 import com.liferay.util.dao.orm.CustomSQLUtil;
024
025
028 public class InlineSQLHelperImpl implements InlineSQLHelper {
029
030 public static final String JOIN_RESOURCE_PERMISSION =
031 InlineSQLHelper.class.getName() + ".joinResourcePermission";
032
033 public boolean isEnabled() {
034 return isEnabled(0);
035 }
036
037 public boolean isEnabled(long groupId) {
038 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
039 return false;
040 }
041
042 PermissionChecker permissionChecker =
043 PermissionThreadLocal.getPermissionChecker();
044
045 if (permissionChecker == null) {
046 return false;
047 }
048
049 if (groupId > 0) {
050 if (permissionChecker.isCommunityAdmin(groupId) ||
051 permissionChecker.isCommunityOwner(groupId)) {
052
053 return false;
054 }
055 }
056 else {
057 if (permissionChecker.isCompanyAdmin()) {
058 return false;
059 }
060 }
061
062 return true;
063 }
064
065 public boolean isEnabled(long[] groupIds) {
066 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
067 return false;
068 }
069
070 for (long groupId : groupIds) {
071 if (!isEnabled(groupId)) {
072 return false;
073 }
074 }
075
076 return true;
077 }
078
079 public String replacePermissionCheck(
080 String sql, String className, String classPKField, String userIdField) {
081
082 return replacePermissionCheck(
083 sql, className, classPKField, userIdField, new long[] {0}, null);
084 }
085
086 public String replacePermissionCheck(
087 String sql, String className, String classPKField, String userIdField,
088 long groupId) {
089
090 return replacePermissionCheck(
091 sql, className, classPKField, userIdField, new long[] {groupId},
092 null);
093 }
094
095 public String replacePermissionCheck(
096 String sql, String className, String classPKField, String userIdField,
097 long groupId, String bridgeJoin) {
098
099 return replacePermissionCheck(
100 sql, className, classPKField, userIdField, new long[] {groupId},
101 bridgeJoin);
102 }
103
104 public String replacePermissionCheck(
105 String sql, String className, String classPKField, String userIdField,
106 long[] groupIds) {
107
108 return replacePermissionCheck(
109 sql, className, classPKField, userIdField, groupIds, null);
110 }
111
112 public String replacePermissionCheck(
113 String sql, String className, String classPKField, String userIdField,
114 long[] groupIds, String bridgeJoin) {
115
116 if (!isEnabled(groupIds)) {
117 return sql;
118 }
119
120 if (Validator.isNull(className)) {
121 throw new IllegalArgumentException("className is null");
122 }
123
124 if (Validator.isNull(classPKField)) {
125 throw new IllegalArgumentException("classPKField is null");
126 }
127
128 if (Validator.isNull(sql)) {
129 return sql;
130 }
131
132 PermissionChecker permissionChecker =
133 PermissionThreadLocal.getPermissionChecker();
134
135 String permissionJoin = StringPool.BLANK;
136
137 if (Validator.isNotNull(bridgeJoin)) {
138 permissionJoin = bridgeJoin;
139 }
140
141 permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
142
143 StringBundler ownerSQL = new StringBundler(5);
144
145 if (Validator.isNotNull(userIdField)) {
146 ownerSQL.append("(");
147 ownerSQL.append(userIdField);
148 ownerSQL.append(" = ");
149 ownerSQL.append(String.valueOf(getUserId()));
150 ownerSQL.append(") OR ");
151 }
152
153 permissionJoin = StringUtil.replace(
154 permissionJoin,
155 new String[] {
156 "[$CLASS_NAME$]",
157 "[$CLASS_PK_FIELD$]",
158 "[$COMPANY_ID$]",
159 "[$GROUP_IDS$]",
160 "[$OWNER_CHECK$]",
161 "[$ROLE_IDS$]"
162 },
163 new String[] {
164 className,
165 classPKField,
166 String.valueOf(permissionChecker.getCompanyId()),
167 StringUtil.merge(groupIds, "','"),
168 ownerSQL.toString(),
169 StringUtil.merge(getRoleIds(groupIds))
170 });
171
172 int pos = sql.indexOf(_WHERE_CLAUSE);
173
174 if (pos != -1) {
175 return sql.substring(0, pos + 1).concat(permissionJoin).concat(
176 sql.substring(pos + 1));
177 }
178
179 pos = sql.indexOf(_ORDER_BY_CLAUSE);
180
181 if (pos != -1) {
182 return sql.substring(0, pos + 1).concat(permissionJoin).concat(
183 sql.substring(pos + 1));
184 }
185
186 return sql.concat(StringPool.SPACE).concat(permissionJoin);
187 }
188
189 public String replacePermissionCheck(
190 String sql, String className, String classPKField, String userIdField,
191 String bridgeJoin) {
192
193 return replacePermissionCheck(
194 sql, className, classPKField, userIdField, 0, bridgeJoin);
195 }
196
197 protected long[] getRoleIds(long groupId) {
198 long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
199
200 PermissionChecker permissionChecker =
201 PermissionThreadLocal.getPermissionChecker();
202
203 if (permissionChecker != null) {
204 roleIds = permissionChecker.getRoleIds(
205 permissionChecker.getUserId(), groupId);
206 }
207
208 return roleIds;
209 }
210
211 protected long[] getRoleIds(long[] groupIds) {
212 long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
213
214 for (long groupId : groupIds) {
215 for (long roleId : getRoleIds(groupId)) {
216 if (!ArrayUtil.contains(roleIds, roleId)) {
217 roleIds = ArrayUtil.append(roleIds, roleId);
218 }
219 }
220 }
221
222 return roleIds;
223 }
224
225 protected long getUserId() {
226 long userId = 0;
227
228 PermissionChecker permissionChecker =
229 PermissionThreadLocal.getPermissionChecker();
230
231 if (permissionChecker != null) {
232 userId = permissionChecker.getUserId();
233 }
234
235 return userId;
236 }
237
238 private static final String _ORDER_BY_CLAUSE = " ORDER BY ";
239
240 private static final String _WHERE_CLAUSE = " WHERE ";
241
242 }