1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.upgrade.v4_4_0;
21  
22  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
23  import com.liferay.portal.kernel.log.Log;
24  import com.liferay.portal.kernel.log.LogFactoryUtil;
25  import com.liferay.portal.model.Group;
26  import com.liferay.portal.model.Location;
27  import com.liferay.portal.model.Organization;
28  import com.liferay.portal.model.ResourceConstants;
29  import com.liferay.portal.model.Role;
30  import com.liferay.portal.model.UserGroup;
31  import com.liferay.portal.upgrade.UpgradeException;
32  import com.liferay.portal.upgrade.UpgradeProcess;
33  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
34  import com.liferay.portlet.documentlibrary.model.DLFolder;
35  import com.liferay.portlet.imagegallery.model.IGFolder;
36  import com.liferay.portlet.messageboards.model.MBCategory;
37  import com.liferay.portlet.shopping.model.ShoppingCategory;
38  
39  import java.sql.Connection;
40  import java.sql.PreparedStatement;
41  import java.sql.ResultSet;
42  
43  /**
44   * <a href="UpgradePermission.java.html"><b><i>View Source</i></b></a>
45   *
46   * @author Brian Wing Shun Chan
47   *
48   */
49  public class UpgradePermission extends UpgradeProcess {
50  
51      public void upgrade() throws UpgradeException {
52          _log.info("Upgrading");
53  
54          try {
55              doUpgrade();
56          }
57          catch (Exception e) {
58              throw new UpgradeException(e);
59          }
60      }
61  
62      protected void deletePermissionByActionIdAndResourceName(
63              String actionId, String resourceName)
64          throws Exception {
65  
66          Connection con = null;
67          PreparedStatement ps = null;
68          ResultSet rs = null;
69  
70          try {
71              con = DataAccess.getConnection();
72  
73              ps = con.prepareStatement(_GET_PERMISSION_SQL);
74  
75              ps.setString(1, actionId);
76              ps.setString(2, resourceName);
77  
78              rs = ps.executeQuery();
79  
80              while (rs.next()) {
81                  long permissionId = rs.getLong("permissionId");
82  
83                  deletePermissionByPermissionId(permissionId);
84              }
85          }
86          finally {
87              DataAccess.cleanUp(con, ps, rs);
88          }
89      }
90  
91      protected void deletePermissionByPermissionId(long permissionId)
92          throws Exception {
93  
94          runSQL(
95              "delete from Permission_ where permissionId = " + permissionId);
96          runSQL(
97              "delete from Groups_Permissions where permissionId = " +
98                  permissionId);
99          runSQL(
100             "delete from Roles_Permissions where permissionId = " +
101                 permissionId);
102         runSQL(
103             "delete from Users_Permissions where permissionId = " +
104                 permissionId);
105     }
106 
107     protected void deletePermissionByResourceId(long resourceId)
108         throws Exception {
109 
110         Connection con = null;
111         PreparedStatement ps = null;
112         ResultSet rs = null;
113 
114         try {
115             con = DataAccess.getConnection();
116 
117             ps = con.prepareStatement(
118                 "select permissionId from Permission_ where resourceId = ?");
119 
120             ps.setLong(1, resourceId);
121 
122             rs = ps.executeQuery();
123 
124             while (rs.next()) {
125                 long permissionId = rs.getLong("permissionId");
126 
127                 deletePermissionByPermissionId(permissionId);
128             }
129         }
130         finally {
131             DataAccess.cleanUp(con, ps, rs);
132         }
133     }
134 
135     protected void deleteResource(long codeId) throws Exception {
136         Connection con = null;
137         PreparedStatement ps = null;
138         ResultSet rs = null;
139 
140         try {
141             con = DataAccess.getConnection();
142 
143             ps = con.prepareStatement(
144                 "select resourceId from Resource_ where codeId = ?");
145 
146             ps.setLong(1, codeId);
147 
148             rs = ps.executeQuery();
149 
150             while (rs.next()) {
151                 long resourceId = rs.getLong("resourceId");
152 
153                 deletePermissionByResourceId(resourceId);
154 
155                 runSQL(
156                     "delete from Resource_ where resourceId = " + resourceId);
157             }
158         }
159         finally {
160             DataAccess.cleanUp(con, ps, rs);
161         }
162     }
163 
164     protected void deleteResourceCode(String resourceName)
165         throws Exception {
166 
167         Connection con = null;
168         PreparedStatement ps = null;
169         ResultSet rs = null;
170 
171         try {
172             con = DataAccess.getConnection();
173 
174             ps = con.prepareStatement(
175                 "select codeId from ResourceCode where name = ?");
176 
177             ps.setString(1, resourceName);
178 
179             rs = ps.executeQuery();
180 
181             while (rs.next()) {
182                 long codeId = rs.getLong("codeId");
183 
184                 deleteResource(codeId);
185 
186                 runSQL(
187                     "delete from ResourceCode where name = '" + resourceName +
188                         "'");
189             }
190         }
191         finally {
192             DataAccess.cleanUp(con, ps, rs);
193         }
194     }
195 
196     protected void deleteRolesPermissions(String roleName) throws Exception {
197         Connection con = null;
198         PreparedStatement ps = null;
199         ResultSet rs = null;
200 
201         try {
202             con = DataAccess.getConnection();
203 
204             ps = con.prepareStatement(_GET_ROLES_PERMISSIONS_SQL);
205 
206             ps.setString(1, roleName);
207 
208             rs = ps.executeQuery();
209 
210             while (rs.next()) {
211                 long roleId = rs.getLong("roleId");
212 
213                 runSQL(
214                     "delete from Roles_Permissions where roleId = " + roleId);
215             }
216         }
217         finally {
218             DataAccess.cleanUp(con, ps, rs);
219         }
220     }
221 
222     protected void deleteUsersPermissions(int scope) throws Exception {
223         Connection con = null;
224         PreparedStatement ps = null;
225         ResultSet rs = null;
226 
227         try {
228             con = DataAccess.getConnection();
229 
230             ps = con.prepareStatement(_GET_USERS_PERMISSIONS_SQL);
231 
232             ps.setLong(1, scope);
233 
234             rs = ps.executeQuery();
235 
236             while (rs.next()) {
237                 long permissionId = rs.getLong("permissionId");
238 
239                 runSQL(
240                     "delete from Users_Permissions where permissionId = " +
241                         permissionId);
242             }
243         }
244         finally {
245             DataAccess.cleanUp(con, ps, rs);
246         }
247     }
248 
249     protected void doUpgrade() throws Exception {
250         runSQL("delete from OrgGroupPermission");
251 
252         for (int i = 0; i < _DELETE_PERMISSIONS.length; i++) {
253             Object[] permission = _DELETE_PERMISSIONS[i];
254 
255             String actionId = (String)permission[0];
256             String resourceName = ((Class<?>)permission[1]).getName();
257 
258             deletePermissionByActionIdAndResourceName(actionId, resourceName);
259         }
260 
261         for (int i = 0; i < _UPDATE_PERMISSIONS.length; i++) {
262             Object[] permission = _UPDATE_PERMISSIONS[i];
263 
264             String oldActionId = (String)permission[0];
265             String newActionId = (String)permission[1];
266             String resourceName = ((Class<?>)permission[2]).getName();
267 
268             updatePermission(oldActionId, newActionId, resourceName);
269         }
270 
271         deleteResourceCode("com.liferay.portlet.blogs.model.BlogsCategory");
272 
273         deleteRolesPermissions("Community Administrator");
274         deleteRolesPermissions("Community Owner");
275         deleteRolesPermissions("Organization Administrator");
276 
277         deleteUsersPermissions(ResourceConstants.SCOPE_GROUP);
278     }
279 
280     protected void updatePermission(
281             String oldActionId, String newActionId, String resourceName)
282         throws Exception {
283 
284         Connection con = null;
285         PreparedStatement ps = null;
286         ResultSet rs = null;
287 
288         try {
289             con = DataAccess.getConnection();
290 
291             ps = con.prepareStatement(_GET_PERMISSION_SQL);
292 
293             ps.setString(1, oldActionId);
294             ps.setString(2, resourceName);
295 
296             rs = ps.executeQuery();
297 
298             while (rs.next()) {
299                 long permissionId = rs.getLong("permissionId");
300 
301                 runSQL(
302                     "update Permission_ set actionId = '" + newActionId +
303                         "' where permissionId = " + permissionId);
304             }
305         }
306         finally {
307             DataAccess.cleanUp(con, ps, rs);
308         }
309     }
310 
311     private static final String _GET_PERMISSION_SQL =
312         "select Permission_.permissionId from Permission_ inner join " +
313             "Resource_ on Resource_.resourceId = Permission_.resourceId " +
314                 "inner join ResourceCode on ResourceCode.codeId = " +
315                     "Resource_.codeId where Permission_.actionId = ? and " +
316                         "ResourceCode.name = ?";
317 
318     private static final String _GET_ROLES_PERMISSIONS_SQL =
319         "select Roles_Permissions.roleId from Roles_Permissions inner join " +
320             "Role_ on Role_.roleId = Roles_Permissions.roleId where " +
321                 "Role_.name = ?";
322 
323     private static final String _GET_USERS_PERMISSIONS_SQL =
324         "select Users_Permissions.permissionId from Users_Permissions inner " +
325             "join Permission_ on Permission_.permissionId = " +
326                 "Users_Permissions.permissionId inner join Resource_ on " +
327                     "Resource_.resourceId = Permission_.resourceId inner " +
328                         "join ResourceCode on ResourceCode.codeId = " +
329                             "Resource_.codeId where ResourceCode.scope = ?";
330 
331     private static Object[][] _DELETE_PERMISSIONS = new Object[][] {
332         new Object[] {
333             "ADMINISTRATE", Group.class
334         },
335         new Object[] {
336             "ADD_USER", Location.class
337         },
338         new Object[] {
339             "ADD_USER", Organization.class
340         },
341         new Object[] {
342             "DELETE_USER", Location.class
343         },
344         new Object[] {
345             "DELETE_USER", Organization.class
346         },
347         new Object[] {
348             "PERMISSIONS_USER", Location.class
349         },
350         new Object[] {
351             "PERMISSIONS_USER", Organization.class
352         },
353         new Object[] {
354             "UPDATE_USER", Location.class
355         },
356         new Object[] {
357             "UPDATE_USER", Organization.class
358         },
359         new Object[] {
360             "VIEW_USER", Location.class
361         },
362         new Object[] {
363             "VIEW_USER", Organization.class
364         }
365     };
366 
367     private static Object[][] _UPDATE_PERMISSIONS = new Object[][] {
368         new Object[] {
369             "ADD_CATEGORY", "ADD_SUBCATEGORY", MBCategory.class
370         },
371         new Object[] {
372             "ADD_CATEGORY", "ADD_SUBCATEGORY", ShoppingCategory.class
373         },
374         new Object[] {
375             "ADD_FOLDER", "ADD_SUBFOLDER", DLFolder.class
376         },
377         new Object[] {
378             "ADD_FOLDER", "ADD_SUBFOLDER", IGFolder.class
379         },
380         new Object[] {
381             "ADD_FOLDER", "ADD_SUBFOLDER", BookmarksFolder.class
382         },
383         new Object[] {
384             "ADD_LOCATION", "MANAGE_SUBORGANIZATIONS", Organization.class
385         },
386         new Object[] {
387             "ADD_PERMISSIONS", "DEFINE_PERMISSIONS", Role.class
388         },
389         new Object[] {
390             "ADD_USER", "MANAGE_USERS", Location.class
391         },
392         new Object[] {
393             "ADD_USER", "MANAGE_USERS", Organization.class
394         },
395         new Object[] {
396             "ASSIGN_USERS", "ASSIGN_MEMBERS", Group.class
397         },
398         new Object[] {
399             "ASSIGN_USERS", "ASSIGN_MEMBERS", Role.class
400         },
401         new Object[] {
402             "ASSIGN_USERS", "ASSIGN_MEMBERS", UserGroup.class
403         }
404     };
405 
406     private static Log _log = LogFactoryUtil.getLog(UpgradePermission.class);
407 
408 }