001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.util.ArrayUtil;
018    import com.liferay.portal.kernel.util.StringBundler;
019    import com.liferay.portal.kernel.util.StringPool;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.kernel.util.Validator;
022    import com.liferay.portal.util.PropsValues;
023    import com.liferay.util.dao.orm.CustomSQLUtil;
024    
025    /**
026     * @author Raymond Augé
027     */
028    public class InlineSQLHelperImpl implements InlineSQLHelper {
029    
030            public static final String JOIN_RESOURCE_PERMISSION =
031                    InlineSQLHelper.class.getName() + ".joinResourcePermission";
032    
033            public boolean isEnabled() {
034                    return isEnabled(0);
035            }
036    
037            public boolean isEnabled(long groupId) {
038                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
039                            return false;
040                    }
041    
042                    PermissionChecker permissionChecker =
043                            PermissionThreadLocal.getPermissionChecker();
044    
045                    if (permissionChecker == null) {
046                            return false;
047                    }
048    
049                    if (groupId > 0) {
050                            if (permissionChecker.isCommunityAdmin(groupId) ||
051                                    permissionChecker.isCommunityOwner(groupId)) {
052    
053                                    return false;
054                            }
055                    }
056                    else {
057                            if (permissionChecker.isCompanyAdmin()) {
058                                    return false;
059                            }
060                    }
061    
062                    return true;
063            }
064    
065            public boolean isEnabled(long[] groupIds) {
066                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
067                            return false;
068                    }
069    
070                    for (long groupId : groupIds) {
071                            if (!isEnabled(groupId)) {
072                                    return false;
073                            }
074                    }
075    
076                    return true;
077            }
078    
079            public String replacePermissionCheck(
080                    String sql, String className, String classPKField, String userIdField) {
081    
082                    return replacePermissionCheck(
083                            sql, className, classPKField, userIdField, new long[] {0}, null);
084            }
085    
086            public String replacePermissionCheck(
087                    String sql, String className, String classPKField, String userIdField,
088                    long groupId) {
089    
090                    return replacePermissionCheck(
091                            sql, className, classPKField, userIdField, new long[] {groupId},
092                            null);
093            }
094    
095            public String replacePermissionCheck(
096                    String sql, String className, String classPKField, String userIdField,
097                    long groupId, String bridgeJoin) {
098    
099                    return replacePermissionCheck(
100                            sql, className, classPKField, userIdField, new long[] {groupId},
101                            bridgeJoin);
102            }
103    
104            public String replacePermissionCheck(
105                    String sql, String className, String classPKField, String userIdField,
106                    long[] groupIds) {
107    
108                    return replacePermissionCheck(
109                            sql, className, classPKField, userIdField, groupIds, null);
110            }
111    
112            public String replacePermissionCheck(
113                    String sql, String className, String classPKField, String userIdField,
114                    long[] groupIds, String bridgeJoin) {
115    
116                    if (!isEnabled(groupIds)) {
117                            return sql;
118                    }
119    
120                    if (Validator.isNull(className)) {
121                            throw new IllegalArgumentException("className is null");
122                    }
123    
124                    if (Validator.isNull(classPKField)) {
125                            throw new IllegalArgumentException("classPKField is null");
126                    }
127    
128                    if (Validator.isNull(sql)) {
129                            return sql;
130                    }
131    
132                    PermissionChecker permissionChecker =
133                            PermissionThreadLocal.getPermissionChecker();
134    
135                    String permissionJoin = StringPool.BLANK;
136    
137                    if (Validator.isNotNull(bridgeJoin)) {
138                            permissionJoin = bridgeJoin;
139                    }
140    
141                    permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
142    
143                    StringBundler ownerSQL = new StringBundler(5);
144    
145                    if (Validator.isNotNull(userIdField)) {
146                            ownerSQL.append("(");
147                            ownerSQL.append(userIdField);
148                            ownerSQL.append(" = ");
149                            ownerSQL.append(String.valueOf(getUserId()));
150                            ownerSQL.append(") OR ");
151                    }
152    
153                    permissionJoin = StringUtil.replace(
154                            permissionJoin,
155                            new String[] {
156                                    "[$CLASS_NAME$]",
157                                    "[$CLASS_PK_FIELD$]",
158                                    "[$COMPANY_ID$]",
159                                    "[$GROUP_IDS$]",
160                                    "[$OWNER_CHECK$]",
161                                    "[$ROLE_IDS$]"
162                            },
163                            new String[] {
164                                    className,
165                                    classPKField,
166                                    String.valueOf(permissionChecker.getCompanyId()),
167                                    StringUtil.merge(groupIds, "','"),
168                                    ownerSQL.toString(),
169                                    StringUtil.merge(getRoleIds(groupIds))
170                            });
171    
172                    int pos = sql.indexOf(_WHERE_CLAUSE);
173    
174                    if (pos != -1) {
175                            return sql.substring(0, pos + 1).concat(permissionJoin).concat(
176                                    sql.substring(pos + 1));
177                    }
178    
179                    pos = sql.indexOf(_ORDER_BY_CLAUSE);
180    
181                    if (pos != -1) {
182                            return sql.substring(0, pos + 1).concat(permissionJoin).concat(
183                                    sql.substring(pos + 1));
184                    }
185    
186                    return sql.concat(StringPool.SPACE).concat(permissionJoin);
187            }
188    
189            public String replacePermissionCheck(
190                    String sql, String className, String classPKField, String userIdField,
191                    String bridgeJoin) {
192    
193                    return replacePermissionCheck(
194                            sql, className, classPKField, userIdField, 0, bridgeJoin);
195            }
196    
197            protected long[] getRoleIds(long groupId) {
198                    long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
199    
200                    PermissionChecker permissionChecker =
201                            PermissionThreadLocal.getPermissionChecker();
202    
203                    if (permissionChecker != null) {
204                            roleIds = permissionChecker.getRoleIds(
205                                    permissionChecker.getUserId(), groupId);
206                    }
207    
208                    return roleIds;
209            }
210    
211            protected long[] getRoleIds(long[] groupIds) {
212                    long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
213    
214                    for (long groupId : groupIds) {
215                            for (long roleId : getRoleIds(groupId)) {
216                                    if (!ArrayUtil.contains(roleIds, roleId)) {
217                                            roleIds = ArrayUtil.append(roleIds, roleId);
218                                    }
219                            }
220                    }
221    
222                    return roleIds;
223            }
224    
225            protected long getUserId() {
226                    long userId = 0;
227    
228                    PermissionChecker permissionChecker =
229                            PermissionThreadLocal.getPermissionChecker();
230    
231                    if (permissionChecker != null) {
232                            userId = permissionChecker.getUserId();
233                    }
234    
235                    return userId;
236            }
237    
238            private static final String _ORDER_BY_CLAUSE = " ORDER BY ";
239    
240            private static final String _WHERE_CLAUSE = " WHERE ";
241    
242    }