1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.enterpriseadmin.action;
24  
25  import com.liferay.portal.NoSuchRoleException;
26  import com.liferay.portal.RolePermissionsException;
27  import com.liferay.portal.kernel.servlet.SessionErrors;
28  import com.liferay.portal.kernel.servlet.SessionMessages;
29  import com.liferay.portal.kernel.util.ArrayUtil;
30  import com.liferay.portal.kernel.util.Constants;
31  import com.liferay.portal.kernel.util.ListUtil;
32  import com.liferay.portal.kernel.util.ParamUtil;
33  import com.liferay.portal.kernel.util.StringUtil;
34  import com.liferay.portal.kernel.util.Validator;
35  import com.liferay.portal.model.GroupConstants;
36  import com.liferay.portal.model.ResourceConstants;
37  import com.liferay.portal.model.Role;
38  import com.liferay.portal.model.RoleConstants;
39  import com.liferay.portal.security.auth.PrincipalException;
40  import com.liferay.portal.security.permission.ResourceActionsUtil;
41  import com.liferay.portal.security.permission.comparator.ActionComparator;
42  import com.liferay.portal.service.PermissionServiceUtil;
43  import com.liferay.portal.service.ResourcePermissionServiceUtil;
44  import com.liferay.portal.service.RoleLocalServiceUtil;
45  import com.liferay.portal.struts.PortletAction;
46  import com.liferay.portal.theme.ThemeDisplay;
47  import com.liferay.portal.util.PropsValues;
48  import com.liferay.portal.util.WebKeys;
49  
50  import java.util.HashMap;
51  import java.util.List;
52  import java.util.Map;
53  
54  import javax.portlet.ActionRequest;
55  import javax.portlet.ActionResponse;
56  import javax.portlet.PortletConfig;
57  import javax.portlet.RenderRequest;
58  import javax.portlet.RenderResponse;
59  
60  import org.apache.struts.action.ActionForm;
61  import org.apache.struts.action.ActionForward;
62  import org.apache.struts.action.ActionMapping;
63  
64  /**
65   * <a href="EditRolePermissionsAction.java.html"><b><i>View Source</i></b></a>
66   *
67   * @author Brian Wing Shun Chan
68   * @author Jorge Ferrer
69   *
70   */
71  public class EditRolePermissionsAction extends PortletAction {
72  
73      public void processAction(
74              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
75              ActionRequest actionRequest, ActionResponse actionResponse)
76          throws Exception {
77  
78          String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
79  
80          try {
81              if (cmd.equals("actions")) {
82                  updateActions(actionRequest, actionResponse);
83              }
84              else if (cmd.equals("delete_permission")) {
85                  deletePermission(actionRequest, actionResponse);
86              }
87          }
88          catch (Exception e) {
89              if (e instanceof NoSuchRoleException ||
90                  e instanceof PrincipalException ||
91                  e instanceof RolePermissionsException) {
92  
93                  SessionErrors.add(actionRequest, e.getClass().getName());
94  
95                  setForward(actionRequest, "portlet.enterprise_admin.error");
96              }
97              else {
98                  throw e;
99              }
100         }
101     }
102 
103     public ActionForward render(
104             ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
105             RenderRequest renderRequest, RenderResponse renderResponse)
106         throws Exception {
107 
108         try {
109             ActionUtil.getRole(renderRequest);
110         }
111         catch (Exception e) {
112             if (e instanceof NoSuchRoleException ||
113                 e instanceof PrincipalException) {
114 
115                 SessionErrors.add(renderRequest, e.getClass().getName());
116 
117                 return mapping.findForward("portlet.enterprise_admin.error");
118             }
119             else {
120                 throw e;
121             }
122         }
123 
124         return mapping.findForward(getForward(
125             renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
126     }
127 
128     protected void deletePermission(
129             ActionRequest actionRequest, ActionResponse actionResponse)
130         throws Exception {
131 
132         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
133             WebKeys.THEME_DISPLAY);
134 
135         long roleId = ParamUtil.getLong(actionRequest, "roleId");
136         long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
137         String name = ParamUtil.getString(actionRequest, "name");
138         int scope = ParamUtil.getInteger(actionRequest, "scope");
139         String primKey = ParamUtil.getString(actionRequest, "primKey");
140         String actionId = ParamUtil.getString(actionRequest, "actionId");
141 
142         Role role = RoleLocalServiceUtil.getRole(roleId);
143 
144         if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
145             role.getName().equals(RoleConstants.OWNER) ||
146             role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
147             role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
148             role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
149             role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
150 
151             throw new RolePermissionsException(role.getName());
152         }
153 
154         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
155             ResourcePermissionServiceUtil.removeResourcePermission(
156                 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
157                 name, scope, primKey, roleId, actionId);
158         }
159         else {
160             PermissionServiceUtil.unsetRolePermission(
161                 roleId, themeDisplay.getScopeGroupId(), permissionId);
162         }
163 
164         // Send redirect
165 
166         SessionMessages.add(actionRequest, "permissionDeleted");
167 
168         String redirect = ParamUtil.getString(actionRequest, "redirect");
169 
170         actionResponse.sendRedirect(redirect);
171     }
172 
173     protected void updateAction_1to5(
174             ActionRequest actionRequest, Role role, long groupId,
175             String selResource, String actionId)
176         throws Exception {
177 
178         long roleId = role.getRoleId();
179 
180         int scope = ParamUtil.getInteger(
181             actionRequest, "scope" + selResource + actionId);
182 
183         if (scope == ResourceConstants.SCOPE_COMPANY) {
184             PermissionServiceUtil.setRolePermission(
185                 roleId, groupId, selResource, scope,
186                 String.valueOf(role.getCompanyId()), actionId);
187         }
188         else if (scope == ResourceConstants.SCOPE_GROUP) {
189             if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
190                 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
191 
192                 PermissionServiceUtil.setRolePermission(
193                     roleId, groupId, selResource,
194                     ResourceConstants.SCOPE_GROUP_TEMPLATE,
195                     String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
196                     actionId);
197             }
198             else {
199                 String[] groupIds = StringUtil.split(
200                     ParamUtil.getString(
201                         actionRequest, "groupIds" + selResource + actionId));
202 
203                 if (groupIds.length == 0) {
204                     SessionErrors.add(
205                         actionRequest, "missingGroupIdsForAction");
206 
207                     return;
208                 }
209 
210                 groupIds = ArrayUtil.distinct(groupIds);
211 
212                 PermissionServiceUtil.unsetRolePermissions(
213                     roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
214                     actionId);
215 
216                 for (String curGroupId : groupIds) {
217                     PermissionServiceUtil.setRolePermission(
218                         roleId, groupId, selResource,
219                         ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
220                 }
221             }
222         }
223         else {
224 
225             // Remove company, group template, and group permissions
226 
227             PermissionServiceUtil.unsetRolePermissions(
228                 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
229                 actionId);
230 
231             PermissionServiceUtil.unsetRolePermissions(
232                 roleId, groupId, selResource,
233                 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
234 
235             PermissionServiceUtil.unsetRolePermissions(
236                 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
237                 actionId);
238         }
239     }
240 
241     protected void updateAction_6(
242             ActionRequest actionRequest, Role role, long groupId,
243             String selResource, String actionId)
244         throws Exception {
245 
246         long companyId = role.getCompanyId();
247         long roleId = role.getRoleId();
248 
249         int scope = ParamUtil.getInteger(
250             actionRequest, "scope" + selResource + actionId);
251 
252         if (scope == ResourceConstants.SCOPE_COMPANY) {
253             ResourcePermissionServiceUtil.addResourcePermission(
254                 groupId, companyId, selResource, scope,
255                 String.valueOf(role.getCompanyId()), roleId, actionId);
256         }
257         else if (scope == ResourceConstants.SCOPE_GROUP) {
258             if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
259                 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
260 
261                 ResourcePermissionServiceUtil.addResourcePermission(
262                     groupId, companyId, selResource,
263                     ResourceConstants.SCOPE_GROUP_TEMPLATE,
264                     String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
265                     roleId, actionId);
266             }
267             else {
268                 String[] groupIds = StringUtil.split(
269                     ParamUtil.getString(
270                         actionRequest, "groupIds" + selResource + actionId));
271 
272                 if (groupIds.length == 0) {
273                     SessionErrors.add(
274                         actionRequest, "missingGroupIdsForAction");
275 
276                     return;
277                 }
278 
279                 groupIds = ArrayUtil.distinct(groupIds);
280 
281                 ResourcePermissionServiceUtil.removeResourcePermissions(
282                     groupId, companyId, selResource,
283                     ResourceConstants.SCOPE_GROUP, roleId, actionId);
284 
285                 for (String curGroupId : groupIds) {
286                     ResourcePermissionServiceUtil.addResourcePermission(
287                         groupId, companyId, selResource,
288                         ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
289                         actionId);
290                 }
291             }
292         }
293         else {
294 
295             // Remove company, group template, and group permissions
296 
297             ResourcePermissionServiceUtil.removeResourcePermissions(
298                 groupId, companyId, selResource,
299                 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
300 
301             ResourcePermissionServiceUtil.removeResourcePermissions(
302                 groupId, companyId, selResource,
303                 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
304 
305             ResourcePermissionServiceUtil.removeResourcePermissions(
306                 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
307                 roleId, actionId);
308         }
309     }
310 
311     protected void updateActions(
312             ActionRequest actionRequest, ActionResponse actionResponse)
313         throws Exception {
314 
315         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
316             WebKeys.THEME_DISPLAY);
317 
318         long roleId = ParamUtil.getLong(actionRequest, "roleId");
319 
320         Role role = RoleLocalServiceUtil.getRole(roleId);
321 
322         if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
323             role.getName().equals(RoleConstants.OWNER) ||
324             role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
325             role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
326             role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
327             role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
328 
329             throw new RolePermissionsException(role.getName());
330         }
331 
332         String portletResource = ParamUtil.getString(
333             actionRequest, "portletResource");
334         String[] modelResources = StringUtil.split(
335             ParamUtil.getString(actionRequest, "modelResources"));
336 
337         Map<String, List<String>> resourceActionsMap =
338             new HashMap<String, List<String>>();
339 
340         if (Validator.isNotNull(portletResource)) {
341             resourceActionsMap.put(
342                 portletResource,
343                 ResourceActionsUtil.getResourceActions(portletResource, null));
344         }
345 
346         for (String modelResource : modelResources) {
347             resourceActionsMap.put(
348                 modelResource,
349                 ResourceActionsUtil.getResourceActions(null, modelResource));
350         }
351 
352         for (Map.Entry<String, List<String>> entry :
353                 resourceActionsMap.entrySet()) {
354 
355             String selResource = entry.getKey();
356             List<String> actions = entry.getValue();
357 
358             actions = ListUtil.sort(
359                 actions,
360                 new ActionComparator(
361                     themeDisplay.getCompanyId(), themeDisplay.getLocale()));
362 
363             for (String actionId : actions) {
364                 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
365                     updateAction_6(
366                         actionRequest, role, themeDisplay.getScopeGroupId(),
367                         selResource, actionId);
368                 }
369                 else {
370                     updateAction_1to5(
371                         actionRequest, role, themeDisplay.getScopeGroupId(),
372                         selResource, actionId);
373                 }
374             }
375         }
376 
377         // Send redirect
378 
379         SessionMessages.add(actionRequest, "permissionsUpdated");
380 
381         String redirect =
382             ParamUtil.getString(actionRequest, "redirect") + "&" +
383                 Constants.CMD + "=" + Constants.VIEW;
384 
385         actionResponse.sendRedirect(redirect);
386     }
387 
388 }