1
22
23 package com.liferay.portlet.portletconfiguration.action;
24
25 import com.liferay.portal.kernel.servlet.SessionErrors;
26 import com.liferay.portal.kernel.util.Constants;
27 import com.liferay.portal.kernel.util.ParamUtil;
28 import com.liferay.portal.kernel.util.StringUtil;
29 import com.liferay.portal.kernel.util.Validator;
30 import com.liferay.portal.model.Group;
31 import com.liferay.portal.model.Layout;
32 import com.liferay.portal.model.Organization;
33 import com.liferay.portal.model.Portlet;
34 import com.liferay.portal.model.PortletConstants;
35 import com.liferay.portal.model.Resource;
36 import com.liferay.portal.model.Role;
37 import com.liferay.portal.model.UserGroup;
38 import com.liferay.portal.security.auth.PrincipalException;
39 import com.liferay.portal.security.permission.ResourceActionsUtil;
40 import com.liferay.portal.service.PermissionServiceUtil;
41 import com.liferay.portal.service.PortletLocalServiceUtil;
42 import com.liferay.portal.service.ResourceLocalServiceUtil;
43 import com.liferay.portal.service.ResourcePermissionServiceUtil;
44 import com.liferay.portal.servlet.filters.cache.CacheUtil;
45 import com.liferay.portal.theme.ThemeDisplay;
46 import com.liferay.portal.util.PropsValues;
47 import com.liferay.portal.util.WebKeys;
48
49 import java.util.ArrayList;
50 import java.util.Enumeration;
51 import java.util.List;
52
53 import javax.portlet.ActionRequest;
54 import javax.portlet.ActionResponse;
55 import javax.portlet.PortletConfig;
56 import javax.portlet.RenderRequest;
57 import javax.portlet.RenderResponse;
58
59 import org.apache.struts.action.ActionForm;
60 import org.apache.struts.action.ActionForward;
61 import org.apache.struts.action.ActionMapping;
62
63
69 public class EditPermissionsAction extends EditConfigurationAction {
70
71 public void processAction(
72 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
73 ActionRequest actionRequest, ActionResponse actionResponse)
74 throws Exception {
75
76 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
77
78 try {
79 if (cmd.equals("group_permissions")) {
80 updateGroupPermissions(actionRequest);
81 }
82 else if (cmd.equals("guest_permissions")) {
83 updateGuestPermissions(actionRequest);
84 }
85 else if (cmd.equals("organization_permissions")) {
86 updateOrganizationPermissions(actionRequest);
87 }
88 else if (cmd.equals("role_permissions")) {
89 updateRolePermissions(actionRequest);
90 }
91 else if (cmd.equals("user_group_permissions")) {
92 updateUserGroupPermissions(actionRequest);
93 }
94 else if (cmd.equals("user_permissions")) {
95 updateUserPermissions(actionRequest);
96 }
97
98 String redirect = ParamUtil.getString(
99 actionRequest, "permissionsRedirect");
100
101 sendRedirect(actionRequest, actionResponse, redirect);
102 }
103 catch (Exception e) {
104 if (e instanceof PrincipalException) {
105 SessionErrors.add(actionRequest, e.getClass().getName());
106
107 setForward(
108 actionRequest, "portlet.portlet_configuration.error");
109 }
110 else {
111 throw e;
112 }
113 }
114 }
115
116 public ActionForward render(
117 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
118 RenderRequest renderRequest, RenderResponse renderResponse)
119 throws Exception {
120
121 ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
122 WebKeys.THEME_DISPLAY);
123
124 long groupId = themeDisplay.getScopeGroupId();
125
126 String portletResource = ParamUtil.getString(
127 renderRequest, "portletResource");
128 String modelResource = ParamUtil.getString(
129 renderRequest, "modelResource");
130 String resourcePrimKey = ParamUtil.getString(
131 renderRequest, "resourcePrimKey");
132
133 String selResource = portletResource;
134
135 if (Validator.isNotNull(modelResource)) {
136 selResource = modelResource;
137 }
138
139 try {
140 PermissionServiceUtil.checkPermission(
141 groupId, selResource, resourcePrimKey);
142 }
143 catch (PrincipalException pe) {
144 SessionErrors.add(
145 renderRequest, PrincipalException.class.getName());
146
147 setForward(renderRequest, "portlet.portlet_configuration.error");
148 }
149
150 Portlet portlet = PortletLocalServiceUtil.getPortletById(
151 themeDisplay.getCompanyId(), portletResource);
152
153 if (portlet != null) {
154 renderResponse.setTitle(getTitle(portlet, renderRequest));
155 }
156
157 return mapping.findForward(getForward(
158 renderRequest, "portlet.portlet_configuration.edit_permissions"));
159 }
160
161 protected String[] getActionIds(ActionRequest actionRequest, long roleId) {
162 List<String> actionIds = new ArrayList<String>();
163
164 Enumeration<String> enu = actionRequest.getParameterNames();
165
166 while (enu.hasMoreElements()) {
167 String name = enu.nextElement();
168
169 if (name.startsWith(roleId + "_ACTION_")) {
170 int pos = name.indexOf("_ACTION_");
171
172 String actionId = name.substring(pos + 8);
173
174 actionIds.add(actionId);
175 }
176 }
177
178 return actionIds.toArray(new String[actionIds.size()]);
179 }
180
181 protected void updateGroupPermissions(ActionRequest actionRequest)
182 throws Exception {
183
184 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
185
186 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
187 long groupId = ParamUtil.getLong(actionRequest, "groupId");
188 String[] actionIds = StringUtil.split(
189 ParamUtil.getString(actionRequest, "groupIdActionIds"));
190
191 PermissionServiceUtil.setGroupPermissions(
192 groupId, actionIds, resourceId);
193
194 if (!layout.isPrivateLayout()) {
195 Resource resource =
196 ResourceLocalServiceUtil.getResource(resourceId);
197
198 if (resource.getPrimKey().startsWith(
199 layout.getPlid() + PortletConstants.LAYOUT_SEPARATOR)) {
200
201 CacheUtil.clearCache(layout.getCompanyId());
202 }
203 }
204 }
205
206 protected void updateGuestPermissions(ActionRequest actionRequest)
207 throws Exception {
208
209 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
210 WebKeys.THEME_DISPLAY);
211
212 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
213 String[] actionIds = StringUtil.split(
214 ParamUtil.getString(actionRequest, "guestActionIds"));
215
216 PermissionServiceUtil.setUserPermissions(
217 themeDisplay.getDefaultUserId(), themeDisplay.getScopeGroupId(),
218 actionIds, resourceId);
219 }
220
221 protected void updateOrganizationPermissions(ActionRequest actionRequest)
222 throws Exception {
223
224 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
225
226 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
227 long organizationId = ParamUtil.getLong(
228 actionRequest, "organizationIdsPosValue");
229 String[] actionIds = StringUtil.split(
230 ParamUtil.getString(actionRequest, "organizationIdActionIds"));
231
234 PermissionServiceUtil.setGroupPermissions(
236 Organization.class.getName(), String.valueOf(organizationId),
237 layout.getGroupId(), actionIds, resourceId);
238
243 }
244
245 protected void updateRolePermissions(ActionRequest actionRequest)
246 throws Exception {
247
248 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
249 updateRolePermissions_5(actionRequest);
250 }
251 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
252 updateRolePermissions_6(actionRequest);
253 }
254 else {
255 updateRolePermissions_1to4(actionRequest);
256 }
257 }
258
259 protected void updateRolePermissions_1to4(ActionRequest actionRequest)
260 throws Exception {
261
262 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
263 WebKeys.THEME_DISPLAY);
264
265 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
266 long roleId = ParamUtil.getLong(actionRequest, "roleIdsPosValue");
267 String[] actionIds = StringUtil.split(
268 ParamUtil.getString(actionRequest, "roleIdActionIds"));
269
270 PermissionServiceUtil.setRolePermissions(
271 roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
272 }
273
274 protected void updateRolePermissions_5(ActionRequest actionRequest)
275 throws Exception {
276
277 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
278 WebKeys.THEME_DISPLAY);
279
280 Layout layout = themeDisplay.getLayout();
281
282 String modelResource = ParamUtil.getString(
283 actionRequest, "modelResource");
284 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
285
286 List<Role> roles = ResourceActionsUtil.getRoles(
287 layout.getGroup(), modelResource);
288
289 for (Role role : roles) {
290 String[] actionIds = getActionIds(actionRequest, role.getRoleId());
291
292 PermissionServiceUtil.setRolePermissions(
293 role.getRoleId(), themeDisplay.getScopeGroupId(), actionIds,
294 resourceId);
295 }
296 }
297
298 protected void updateRolePermissions_6(ActionRequest actionRequest)
299 throws Exception {
300
301 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
302 WebKeys.THEME_DISPLAY);
303
304 String portletResource = ParamUtil.getString(
305 actionRequest, "portletResource");
306 String modelResource = ParamUtil.getString(
307 actionRequest, "modelResource");
308
309 String selResource = portletResource;
310
311 if (Validator.isNotNull(modelResource)) {
312 selResource = modelResource;
313 }
314
315 String resourcePrimKey = ParamUtil.getString(
316 actionRequest, "resourcePrimKey");
317
318 Layout layout = themeDisplay.getLayout();
319
320 Group group = layout.getGroup();
321
322 List<Role> roles = ResourceActionsUtil.getRoles(group, modelResource);
323
324 for (Role role : roles) {
325 String[] actionIds = getActionIds(actionRequest, role.getRoleId());
326
327 ResourcePermissionServiceUtil.setIndividualResourcePermissions(
328 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
329 selResource, resourcePrimKey, role.getRoleId(), actionIds);
330 }
331 }
332
333 protected void updateUserGroupPermissions(ActionRequest actionRequest)
334 throws Exception {
335
336 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
337
338 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
339 long userGroupId = ParamUtil.getLong(
340 actionRequest, "userGroupIdsPosValue");
341 String[] actionIds = StringUtil.split(
342 ParamUtil.getString(actionRequest, "userGroupIdActionIds"));
343
344 PermissionServiceUtil.setGroupPermissions(
345 UserGroup.class.getName(), String.valueOf(userGroupId),
346 layout.getGroupId(), actionIds, resourceId);
347 }
348
349 protected void updateUserPermissions(ActionRequest actionRequest)
350 throws Exception {
351
352 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
353 WebKeys.THEME_DISPLAY);
354
355 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
356 long userId = ParamUtil.getLong(actionRequest, "userIdsPosValue");
357 String[] actionIds = StringUtil.split(
358 ParamUtil.getString(actionRequest, "userIdActionIds"));
359
360 PermissionServiceUtil.setUserPermissions(
361 userId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
362 }
363
364 }