1
22
23 package com.liferay.portlet.enterpriseadmin.action;
24
25 import com.liferay.portal.NoSuchRoleException;
26 import com.liferay.portal.RolePermissionsException;
27 import com.liferay.portal.kernel.servlet.SessionErrors;
28 import com.liferay.portal.kernel.servlet.SessionMessages;
29 import com.liferay.portal.kernel.util.ArrayUtil;
30 import com.liferay.portal.kernel.util.Constants;
31 import com.liferay.portal.kernel.util.ListUtil;
32 import com.liferay.portal.kernel.util.ParamUtil;
33 import com.liferay.portal.kernel.util.StringUtil;
34 import com.liferay.portal.kernel.util.Validator;
35 import com.liferay.portal.model.GroupConstants;
36 import com.liferay.portal.model.ResourceConstants;
37 import com.liferay.portal.model.Role;
38 import com.liferay.portal.model.RoleConstants;
39 import com.liferay.portal.security.auth.PrincipalException;
40 import com.liferay.portal.security.permission.ResourceActionsUtil;
41 import com.liferay.portal.security.permission.comparator.ActionComparator;
42 import com.liferay.portal.service.PermissionServiceUtil;
43 import com.liferay.portal.service.ResourcePermissionServiceUtil;
44 import com.liferay.portal.service.RoleLocalServiceUtil;
45 import com.liferay.portal.struts.PortletAction;
46 import com.liferay.portal.theme.ThemeDisplay;
47 import com.liferay.portal.util.PropsValues;
48 import com.liferay.portal.util.WebKeys;
49
50 import java.util.HashMap;
51 import java.util.List;
52 import java.util.Map;
53
54 import javax.portlet.ActionRequest;
55 import javax.portlet.ActionResponse;
56 import javax.portlet.PortletConfig;
57 import javax.portlet.RenderRequest;
58 import javax.portlet.RenderResponse;
59
60 import org.apache.struts.action.ActionForm;
61 import org.apache.struts.action.ActionForward;
62 import org.apache.struts.action.ActionMapping;
63
64
71 public class EditRolePermissionsAction extends PortletAction {
72
73 public void processAction(
74 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
75 ActionRequest actionRequest, ActionResponse actionResponse)
76 throws Exception {
77
78 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
79
80 try {
81 if (cmd.equals("actions")) {
82 updateActions(actionRequest, actionResponse);
83 }
84 else if (cmd.equals("delete_permission")) {
85 deletePermission(actionRequest, actionResponse);
86 }
87 }
88 catch (Exception e) {
89 if (e instanceof NoSuchRoleException ||
90 e instanceof PrincipalException ||
91 e instanceof RolePermissionsException) {
92
93 SessionErrors.add(actionRequest, e.getClass().getName());
94
95 setForward(actionRequest, "portlet.enterprise_admin.error");
96 }
97 else {
98 throw e;
99 }
100 }
101 }
102
103 public ActionForward render(
104 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
105 RenderRequest renderRequest, RenderResponse renderResponse)
106 throws Exception {
107
108 try {
109 ActionUtil.getRole(renderRequest);
110 }
111 catch (Exception e) {
112 if (e instanceof NoSuchRoleException ||
113 e instanceof PrincipalException) {
114
115 SessionErrors.add(renderRequest, e.getClass().getName());
116
117 return mapping.findForward("portlet.enterprise_admin.error");
118 }
119 else {
120 throw e;
121 }
122 }
123
124 return mapping.findForward(getForward(
125 renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
126 }
127
128 protected void deletePermission(
129 ActionRequest actionRequest, ActionResponse actionResponse)
130 throws Exception {
131
132 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
133 WebKeys.THEME_DISPLAY);
134
135 long roleId = ParamUtil.getLong(actionRequest, "roleId");
136 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
137 String name = ParamUtil.getString(actionRequest, "name");
138 int scope = ParamUtil.getInteger(actionRequest, "scope");
139 String primKey = ParamUtil.getString(actionRequest, "primKey");
140 String actionId = ParamUtil.getString(actionRequest, "actionId");
141
142 Role role = RoleLocalServiceUtil.getRole(roleId);
143
144 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
145 role.getName().equals(RoleConstants.OWNER) ||
146 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
147 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
148 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
149 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
150
151 throw new RolePermissionsException(role.getName());
152 }
153
154 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
155 ResourcePermissionServiceUtil.removeResourcePermission(
156 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
157 name, scope, primKey, roleId, actionId);
158 }
159 else {
160 PermissionServiceUtil.unsetRolePermission(
161 roleId, themeDisplay.getScopeGroupId(), permissionId);
162 }
163
164
166 SessionMessages.add(actionRequest, "permissionDeleted");
167
168 String redirect = ParamUtil.getString(actionRequest, "redirect");
169
170 actionResponse.sendRedirect(redirect);
171 }
172
173 protected void updateAction_1to5(
174 ActionRequest actionRequest, Role role, long groupId,
175 String selResource, String actionId)
176 throws Exception {
177
178 long roleId = role.getRoleId();
179
180 int scope = ParamUtil.getInteger(
181 actionRequest, "scope" + selResource + actionId);
182
183 if (scope == ResourceConstants.SCOPE_COMPANY) {
184 PermissionServiceUtil.setRolePermission(
185 roleId, groupId, selResource, scope,
186 String.valueOf(role.getCompanyId()), actionId);
187 }
188 else if (scope == ResourceConstants.SCOPE_GROUP) {
189 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
190 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
191
192 PermissionServiceUtil.setRolePermission(
193 roleId, groupId, selResource,
194 ResourceConstants.SCOPE_GROUP_TEMPLATE,
195 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
196 actionId);
197 }
198 else {
199 String[] groupIds = StringUtil.split(
200 ParamUtil.getString(
201 actionRequest, "groupIds" + selResource + actionId));
202
203 if (groupIds.length == 0) {
204 SessionErrors.add(
205 actionRequest, "missingGroupIdsForAction");
206
207 return;
208 }
209
210 groupIds = ArrayUtil.distinct(groupIds);
211
212 PermissionServiceUtil.unsetRolePermissions(
213 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
214 actionId);
215
216 for (String curGroupId : groupIds) {
217 PermissionServiceUtil.setRolePermission(
218 roleId, groupId, selResource,
219 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
220 }
221 }
222 }
223 else {
224
225
227 PermissionServiceUtil.unsetRolePermissions(
228 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
229 actionId);
230
231 PermissionServiceUtil.unsetRolePermissions(
232 roleId, groupId, selResource,
233 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
234
235 PermissionServiceUtil.unsetRolePermissions(
236 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
237 actionId);
238 }
239 }
240
241 protected void updateAction_6(
242 ActionRequest actionRequest, Role role, long groupId,
243 String selResource, String actionId)
244 throws Exception {
245
246 long companyId = role.getCompanyId();
247 long roleId = role.getRoleId();
248
249 int scope = ParamUtil.getInteger(
250 actionRequest, "scope" + selResource + actionId);
251
252 if (scope == ResourceConstants.SCOPE_COMPANY) {
253 ResourcePermissionServiceUtil.addResourcePermission(
254 groupId, companyId, selResource, scope,
255 String.valueOf(role.getCompanyId()), roleId, actionId);
256 }
257 else if (scope == ResourceConstants.SCOPE_GROUP) {
258 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
259 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
260
261 ResourcePermissionServiceUtil.addResourcePermission(
262 groupId, companyId, selResource,
263 ResourceConstants.SCOPE_GROUP_TEMPLATE,
264 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
265 roleId, actionId);
266 }
267 else {
268 String[] groupIds = StringUtil.split(
269 ParamUtil.getString(
270 actionRequest, "groupIds" + selResource + actionId));
271
272 if (groupIds.length == 0) {
273 SessionErrors.add(
274 actionRequest, "missingGroupIdsForAction");
275
276 return;
277 }
278
279 groupIds = ArrayUtil.distinct(groupIds);
280
281 ResourcePermissionServiceUtil.removeResourcePermissions(
282 groupId, companyId, selResource,
283 ResourceConstants.SCOPE_GROUP, roleId, actionId);
284
285 for (String curGroupId : groupIds) {
286 ResourcePermissionServiceUtil.addResourcePermission(
287 groupId, companyId, selResource,
288 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
289 actionId);
290 }
291 }
292 }
293 else {
294
295
297 ResourcePermissionServiceUtil.removeResourcePermissions(
298 groupId, companyId, selResource,
299 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
300
301 ResourcePermissionServiceUtil.removeResourcePermissions(
302 groupId, companyId, selResource,
303 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
304
305 ResourcePermissionServiceUtil.removeResourcePermissions(
306 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
307 roleId, actionId);
308 }
309 }
310
311 protected void updateActions(
312 ActionRequest actionRequest, ActionResponse actionResponse)
313 throws Exception {
314
315 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
316 WebKeys.THEME_DISPLAY);
317
318 long roleId = ParamUtil.getLong(actionRequest, "roleId");
319
320 Role role = RoleLocalServiceUtil.getRole(roleId);
321
322 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
323 role.getName().equals(RoleConstants.OWNER) ||
324 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
325 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
326 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
327 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
328
329 throw new RolePermissionsException(role.getName());
330 }
331
332 String portletResource = ParamUtil.getString(
333 actionRequest, "portletResource");
334 String[] modelResources = StringUtil.split(
335 ParamUtil.getString(actionRequest, "modelResources"));
336
337 Map<String, List<String>> resourceActionsMap =
338 new HashMap<String, List<String>>();
339
340 if (Validator.isNotNull(portletResource)) {
341 resourceActionsMap.put(
342 portletResource,
343 ResourceActionsUtil.getResourceActions(portletResource, null));
344 }
345
346 for (String modelResource : modelResources) {
347 resourceActionsMap.put(
348 modelResource,
349 ResourceActionsUtil.getResourceActions(null, modelResource));
350 }
351
352 for (Map.Entry<String, List<String>> entry :
353 resourceActionsMap.entrySet()) {
354
355 String selResource = entry.getKey();
356 List<String> actions = entry.getValue();
357
358 actions = ListUtil.sort(
359 actions,
360 new ActionComparator(
361 themeDisplay.getCompanyId(), themeDisplay.getLocale()));
362
363 for (String actionId : actions) {
364 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
365 updateAction_6(
366 actionRequest, role, themeDisplay.getScopeGroupId(),
367 selResource, actionId);
368 }
369 else {
370 updateAction_1to5(
371 actionRequest, role, themeDisplay.getScopeGroupId(),
372 selResource, actionId);
373 }
374 }
375 }
376
377
379 SessionMessages.add(actionRequest, "permissionsUpdated");
380
381 String redirect =
382 ParamUtil.getString(actionRequest, "redirect") + "&" +
383 Constants.CMD + "=" + Constants.VIEW;
384
385 actionResponse.sendRedirect(redirect);
386 }
387
388 }