1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.log.Log;
29  import com.liferay.portal.kernel.log.LogFactoryUtil;
30  import com.liferay.portal.kernel.util.GetterUtil;
31  import com.liferay.portal.kernel.util.ListUtil;
32  import com.liferay.portal.kernel.util.Validator;
33  import com.liferay.portal.model.Group;
34  import com.liferay.portal.model.OrgGroupPermission;
35  import com.liferay.portal.model.Organization;
36  import com.liferay.portal.model.Permission;
37  import com.liferay.portal.model.Resource;
38  import com.liferay.portal.model.ResourceCode;
39  import com.liferay.portal.model.ResourceConstants;
40  import com.liferay.portal.model.Role;
41  import com.liferay.portal.model.User;
42  import com.liferay.portal.model.UserGroup;
43  import com.liferay.portal.security.permission.PermissionCacheUtil;
44  import com.liferay.portal.security.permission.PermissionCheckerBag;
45  import com.liferay.portal.security.permission.ResourceActionsUtil;
46  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
47  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
48  import com.liferay.portal.util.PropsValues;
49  import com.liferay.portal.util.comparator.PermissionComparator;
50  
51  import java.util.ArrayList;
52  import java.util.HashSet;
53  import java.util.Iterator;
54  import java.util.List;
55  import java.util.Set;
56  
57  import org.apache.commons.lang.time.StopWatch;
58  
59  /**
60   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
61   *
62   * @author Charles May
63   * @author Brian Wing Shun Chan
64   * @author Raymond Augé
65   *
66   */
67  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
68  
69      public Permission addPermission(
70              long companyId, String actionId, long resourceId)
71          throws SystemException {
72  
73          Permission permission = permissionPersistence.fetchByA_R(
74              actionId, resourceId);
75  
76          if (permission == null) {
77              long permissionId = counterLocalService.increment(
78                  Permission.class.getName());
79  
80              permission = permissionPersistence.create(permissionId);
81  
82              permission.setCompanyId(companyId);
83              permission.setActionId(actionId);
84              permission.setResourceId(resourceId);
85  
86              permissionPersistence.update(permission, false);
87          }
88  
89          return permission;
90      }
91  
92      public List<Permission> addPermissions(
93              long companyId, String name, long resourceId,
94              boolean portletActions)
95          throws SystemException {
96  
97          List<String> actionIds = null;
98  
99          if (portletActions) {
100             actionIds = ResourceActionsUtil.getPortletResourceActions(name);
101         }
102         else {
103             actionIds = ResourceActionsUtil.getModelResourceActions(name);
104         }
105 
106         return addPermissions(companyId, actionIds, resourceId);
107     }
108 
109     public List<Permission> addPermissions(
110             long companyId, List<String> actionIds, long resourceId)
111         throws SystemException {
112 
113         List<Permission> permissions = permissionPersistence.findByResourceId(
114             resourceId);
115 
116         permissions = ListUtil.copy(permissions);
117 
118         Set<String> actionIdsSet = new HashSet<String>();
119 
120         for (Permission permission : permissions) {
121             actionIdsSet.add(permission.getActionId());
122         }
123 
124         for (String actionId : actionIds) {
125             if (actionIdsSet.contains(actionId)) {
126                 continue;
127             }
128 
129             long permissionId = counterLocalService.increment(
130                 Permission.class.getName());
131 
132             Permission permission = permissionPersistence.create(permissionId);
133 
134             permission.setCompanyId(companyId);
135             permission.setActionId(actionId);
136             permission.setResourceId(resourceId);
137 
138             try {
139                 permissionPersistence.update(permission, false);
140             }
141             catch (SystemException se) {
142                 if (_log.isWarnEnabled()) {
143                     _log.warn(
144                         "Add failed, fetch {actionId=" + actionId +
145                             ", resourceId=" + resourceId + "}");
146                 }
147 
148                 permission = permissionPersistence.fetchByA_R(
149                     actionId, resourceId, false);
150 
151                 if (permission == null) {
152                     throw se;
153                 }
154             }
155 
156             permissions.add(permission);
157         }
158 
159         return permissions;
160     }
161 
162     public void addUserPermissions(
163             long userId, String[] actionIds, long resourceId)
164         throws PortalException, SystemException {
165 
166         User user = userPersistence.findByPrimaryKey(userId);
167 
168         List<Permission> permissions = permissionFinder.findByU_R(
169             userId, resourceId);
170 
171         permissions = getPermissions(
172             user.getCompanyId(), actionIds, resourceId);
173 
174         userPersistence.addPermissions(userId, permissions);
175 
176         PermissionCacheUtil.clearCache();
177     }
178 
179     public List<String> getActions(List<Permission> permissions) {
180         List<String> actionIds = new ArrayList<String>();
181 
182         Iterator<Permission> itr = permissions.iterator();
183 
184         while (itr.hasNext()) {
185             Permission permission = itr.next();
186 
187             actionIds.add(permission.getActionId());
188         }
189 
190         return actionIds;
191     }
192 
193     public List<Permission> getGroupPermissions(long groupId, long resourceId)
194         throws SystemException {
195 
196         return permissionFinder.findByG_R(groupId, resourceId);
197     }
198 
199     public List<Permission> getGroupPermissions(
200             long groupId, long companyId, String name, int scope,
201             String primKey)
202         throws SystemException {
203 
204         return permissionFinder.findByG_C_N_S_P(
205             groupId, companyId, name, scope, primKey);
206     }
207 
208     public List<Permission> getOrgGroupPermissions(
209             long organizationId, long groupId, long resourceId)
210         throws SystemException {
211 
212         return permissionFinder.findByO_G_R(
213             organizationId, groupId, resourceId);
214     }
215 
216     public long getLatestPermissionId() throws SystemException {
217         List<Permission> permissions = permissionPersistence.findAll(
218             0, 1, new PermissionComparator());
219 
220         if (permissions.size() == 0) {
221             return 0;
222         }
223         else {
224             Permission permission = permissions.get(0);
225 
226             return permission.getPermissionId();
227         }
228     }
229 
230     public List<Permission> getPermissions(
231             long companyId, String[] actionIds, long resourceId)
232         throws SystemException {
233 
234         List<Permission> permissions = new ArrayList<Permission>();
235 
236         for (int i = 0; i < actionIds.length; i++) {
237             Permission permission = addPermission(
238                 companyId, actionIds[i], resourceId);
239 
240             permissions.add(permission);
241         }
242 
243         return permissions;
244     }
245 
246     public List<Permission> getRolePermissions(long roleId)
247         throws SystemException {
248 
249         return rolePersistence.getPermissions(roleId);
250     }
251 
252     public List<Permission> getRolePermissions(long roleId, long resourceId)
253         throws SystemException {
254 
255         return permissionFinder.findByR_R(roleId, resourceId);
256     }
257 
258     public List<Permission> getUserPermissions(long userId, long resourceId)
259         throws SystemException {
260 
261         return permissionFinder.findByU_R(userId, resourceId);
262     }
263 
264     public List<Permission> getUserPermissions(
265             long userId, long companyId, String name, int scope, String primKey)
266         throws SystemException {
267 
268         return permissionFinder.findByU_C_N_S_P(
269             userId, companyId, name, scope, primKey);
270     }
271 
272     public boolean hasGroupPermission(
273             long groupId, String actionId, long resourceId)
274         throws SystemException {
275 
276         Permission permission = permissionPersistence.fetchByA_R(
277             actionId, resourceId);
278 
279         // Return false if there is no permission based on the given action
280         // id and resource id
281 
282         if (permission == null) {
283             return false;
284         }
285 
286         return groupPersistence.containsPermission(
287             groupId, permission.getPermissionId());
288     }
289 
290     public boolean hasRolePermission(
291             long roleId, long companyId, String name, int scope,
292             String actionId)
293         throws SystemException {
294 
295         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
296             companyId, name, scope);
297 
298         List<Resource> resources = resourcePersistence.findByCodeId(
299             resourceCode.getCodeId());
300 
301         for (Resource resource : resources) {
302             Permission permission = permissionPersistence.fetchByA_R(
303                 actionId, resource.getResourceId());
304 
305             if (permission != null) {
306                 if (rolePersistence.containsPermission(
307                         roleId, permission.getPermissionId())) {
308 
309                     return true;
310                 }
311             }
312         }
313 
314         return false;
315     }
316 
317     public boolean hasRolePermission(
318             long roleId, long companyId, String name, int scope, String primKey,
319             String actionId)
320         throws SystemException {
321 
322         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
323             companyId, name, scope);
324 
325         Resource resource = resourcePersistence.fetchByC_P(
326             resourceCode.getCodeId(), primKey);
327 
328         if (resource == null) {
329             return false;
330         }
331 
332         Permission permission = permissionPersistence.fetchByA_R(
333             actionId, resource.getResourceId());
334 
335         if (permission == null) {
336             return false;
337         }
338 
339         return rolePersistence.containsPermission(
340             roleId, permission.getPermissionId());
341     }
342 
343     public boolean hasUserPermission(
344             long userId, String actionId, long resourceId)
345         throws SystemException {
346 
347         Permission permission = permissionPersistence.fetchByA_R(
348             actionId, resourceId);
349 
350         // Return false if there is no permission based on the given action
351         // id and resource id
352 
353         if (permission == null) {
354             return false;
355         }
356 
357         return userPersistence.containsPermission(
358             userId, permission.getPermissionId());
359     }
360 
361     public boolean hasUserPermissions(
362             long userId, long groupId, List<Resource> resources,
363             String actionId, PermissionCheckerBag permissionCheckerBag)
364         throws PortalException, SystemException {
365 
366         StopWatch stopWatch = null;
367 
368         if (_log.isDebugEnabled()) {
369             stopWatch = new StopWatch();
370 
371             stopWatch.start();
372         }
373 
374         int block = 1;
375 
376         // Return false if there are no resources
377 
378         if (Validator.isNull(actionId) || resources.isEmpty()) {
379             return false;
380         }
381 
382         long[] resourceIds = null;
383 
384         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
385             resourceIds = new long[resources.size()];
386 
387             for (int i = 0; i < resources.size(); i++) {
388                 Resource resource = resources.get(i);
389 
390                 resourceIds[i] = resource.getResourceId();
391             }
392         }
393 
394         List<Permission> permissions = null;
395 
396         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
397             permissions = permissionFinder.findByA_R(actionId, resourceIds);
398 
399             // Return false if there are no permissions
400 
401             if (permissions.size() == 0) {
402                 return false;
403             }
404         }
405 
406         // Record logs with the first resource id
407 
408         long resourceId = 0;
409 
410         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
411             resourceId = resourceIds[0];
412         }
413         else {
414             resourceId = resources.get(0).getResourceId();
415         }
416 
417         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
418 
419         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
420         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
421         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
422         //List<Group> userUserGroupGroups =
423         //  permissionCheckerBag.getUserUserGroupGroups();
424         List<Group> groups = permissionCheckerBag.getGroups();
425         List<Role> roles = permissionCheckerBag.getRoles();
426 
427         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
428 
429         // Check the organization and community intersection table. Break out of
430         // this method if the user has one of the permissions set at the
431         // intersection because that takes priority.
432 
433         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
434         //  return true;
435         //}
436 
437         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
438 
439         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
440             return hasUserPermissions_1(
441                 userId, resourceId, actionId, permissions, groups, groupId,
442                 stopWatch, block);
443         }
444         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
445             return hasUserPermissions_2(
446                 userId, resourceId, actionId, permissions, groups, groupId,
447                 stopWatch, block);
448         }
449         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
450             return hasUserPermissions_3(
451                 userId, resourceId, actionId, permissions, groups, roles,
452                 stopWatch, block);
453         }
454         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
455             return hasUserPermissions_4(
456                 userId, resourceId, actionId, permissions, groups, roles,
457                 stopWatch, block);
458         }
459         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
460             return hasUserPermissions_5(
461                 userId, resourceId, actionId, permissions, roles, stopWatch,
462                 block);
463         }
464         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
465             return hasUserPermissions_6(
466                 userId, resourceId, resources, actionId, roles, stopWatch,
467                 block);
468         }
469 
470         return false;
471     }
472 
473     public void setGroupPermissions(
474             long groupId, String[] actionIds, long resourceId)
475         throws PortalException, SystemException {
476 
477         Group group = groupPersistence.findByPrimaryKey(groupId);
478 
479         List<Permission> permissions = permissionFinder.findByG_R(
480             groupId, resourceId);
481 
482         for (Permission permission : permissions) {
483             groupPersistence.removePermission(groupId, permission);
484         }
485 
486         permissions = getPermissions(
487             group.getCompanyId(), actionIds, resourceId);
488 
489         groupPersistence.addPermissions(groupId, permissions);
490 
491         PermissionCacheUtil.clearCache();
492     }
493 
494     public void setGroupPermissions(
495             String className, String classPK, long groupId,
496             String[] actionIds, long resourceId)
497         throws PortalException, SystemException {
498 
499         long associatedGroupId = 0;
500 
501         if (className.equals(Organization.class.getName())) {
502             long organizationId = GetterUtil.getLong(classPK);
503 
504             Organization organization =
505                 organizationPersistence.findByPrimaryKey(organizationId);
506 
507             orgGroupPermissionFinder.removeByO_G_R(
508                 organizationId, groupId, resourceId);
509 
510             associatedGroupId = organization.getGroup().getGroupId();
511         }
512         else if (className.equals(UserGroup.class.getName())) {
513             long userGroupId = GetterUtil.getLong(classPK);
514 
515             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
516                 userGroupId);
517 
518             associatedGroupId = userGroup.getGroup().getGroupId();
519         }
520 
521         setGroupPermissions(associatedGroupId, actionIds, resourceId);
522     }
523 
524     public void setOrgGroupPermissions(
525             long organizationId, long groupId, String[] actionIds,
526             long resourceId)
527         throws PortalException, SystemException {
528 
529         Organization organization =
530             organizationPersistence.findByPrimaryKey(organizationId);
531 
532         long orgGroupId = organization.getGroup().getGroupId();
533 
534         List<Permission> permissions = permissionPersistence.findByResourceId(
535             resourceId);
536 
537         for (Permission permission : permissions) {
538             groupPersistence.removePermission(orgGroupId, permission);
539         }
540 
541         permissions = getPermissions(
542             organization.getCompanyId(), actionIds, resourceId);
543 
544         orgGroupPermissionFinder.removeByO_G_R(
545             organizationId, groupId, resourceId);
546 
547         for (Permission permission : permissions) {
548             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
549                 organizationId, groupId, permission.getPermissionId());
550 
551             OrgGroupPermission orgGroupPermission =
552                 orgGroupPermissionPersistence.create(pk);
553 
554             orgGroupPermissionPersistence.update(orgGroupPermission, false);
555         }
556 
557         PermissionCacheUtil.clearCache();
558     }
559 
560     public void setRolePermission(
561             long roleId, long companyId, String name, int scope, String primKey,
562             String actionId)
563         throws PortalException, SystemException {
564 
565         if (scope == ResourceConstants.SCOPE_COMPANY) {
566 
567             // Remove group permission
568 
569             unsetRolePermissions(
570                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
571                 actionId);
572         }
573         else if (scope == ResourceConstants.SCOPE_GROUP) {
574 
575             // Remove company permission
576 
577             unsetRolePermissions(
578                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
579                 actionId);
580         }
581         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
582             throw new NoSuchPermissionException();
583         }
584 
585         Resource resource = resourceLocalService.addResource(
586             companyId, name, scope, primKey);
587 
588         Permission permission = permissionPersistence.fetchByA_R(
589             actionId, resource.getResourceId());
590 
591         if (permission == null) {
592             long permissionId = counterLocalService.increment(
593                 Permission.class.getName());
594 
595             permission = permissionPersistence.create(permissionId);
596 
597             permission.setCompanyId(companyId);
598             permission.setActionId(actionId);
599             permission.setResourceId(resource.getResourceId());
600 
601             permissionPersistence.update(permission, false);
602         }
603 
604         rolePersistence.addPermission(roleId, permission);
605 
606         PermissionCacheUtil.clearCache();
607     }
608 
609     public void setRolePermissions(
610             long roleId, long companyId, String name, int scope, String primKey,
611             String[] actionIds)
612         throws PortalException, SystemException {
613 
614         for (int i = 0; i < actionIds.length; i++) {
615             String actionId = actionIds[i];
616 
617             setRolePermission(
618                 roleId, companyId, name, scope, primKey, actionId);
619         }
620     }
621 
622     public void setRolePermissions(
623             long roleId, String[] actionIds, long resourceId)
624         throws PortalException, SystemException {
625 
626         Role role = rolePersistence.findByPrimaryKey(roleId);
627 
628         List<Permission> permissions = permissionFinder.findByR_R(
629             roleId, resourceId);
630 
631         rolePersistence.removePermissions(roleId, permissions);
632 
633         permissions = getPermissions(
634             role.getCompanyId(), actionIds, resourceId);
635 
636         rolePersistence.addPermissions(roleId, permissions);
637 
638         PermissionCacheUtil.clearCache();
639     }
640 
641     public void setUserPermissions(
642             long userId, String[] actionIds, long resourceId)
643         throws PortalException, SystemException {
644 
645         User user = userPersistence.findByPrimaryKey(userId);
646 
647         List<Permission> permissions = permissionFinder.findByU_R(
648             userId, resourceId);
649 
650         userPersistence.removePermissions(userId, permissions);
651 
652         permissions = getPermissions(
653             user.getCompanyId(), actionIds, resourceId);
654 
655         userPersistence.addPermissions(userId, permissions);
656 
657         PermissionCacheUtil.clearCache();
658     }
659 
660     public void unsetRolePermission(long roleId, long permissionId)
661         throws SystemException {
662 
663         Permission permission = permissionPersistence.fetchByPrimaryKey(
664             permissionId);
665 
666         if (permission != null) {
667             rolePersistence.removePermission(roleId, permission);
668         }
669 
670         PermissionCacheUtil.clearCache();
671     }
672 
673     public void unsetRolePermission(
674             long roleId, long companyId, String name, int scope, String primKey,
675             String actionId)
676         throws SystemException {
677 
678         ResourceCode resourceCode =
679             resourceCodeLocalService.getResourceCode(
680                 companyId, name, scope);
681 
682         Resource resource = resourcePersistence.fetchByC_P(
683             resourceCode.getCodeId(), primKey);
684 
685         if (resource != null) {
686             Permission permission = permissionPersistence.fetchByA_R(
687                 actionId, resource.getResourceId());
688 
689             if (permission != null) {
690                 rolePersistence.removePermission(roleId, permission);
691             }
692         }
693 
694         PermissionCacheUtil.clearCache();
695     }
696 
697     public void unsetRolePermissions(
698             long roleId, long companyId, String name, int scope,
699             String actionId)
700         throws SystemException {
701 
702         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
703             companyId, name, scope);
704 
705         List<Resource> resources = resourcePersistence.findByCodeId(
706             resourceCode.getCodeId());
707 
708         for (Resource resource : resources) {
709             Permission permission = permissionPersistence.fetchByA_R(
710                 actionId, resource.getResourceId());
711 
712             if (permission != null) {
713                 rolePersistence.removePermission(roleId, permission);
714             }
715         }
716 
717         PermissionCacheUtil.clearCache();
718     }
719 
720     public void unsetUserPermissions(
721             long userId, String[] actionIds, long resourceId)
722         throws SystemException {
723 
724         List<Permission> permissions = permissionFinder.findByU_A_R(
725             userId, actionIds, resourceId);
726 
727         userPersistence.removePermissions(userId, permissions);
728 
729         PermissionCacheUtil.clearCache();
730     }
731 
732     protected boolean checkOrgGroupPermission(
733             List<Organization> organizations, List<Group> groups,
734             List<Permission> permissions)
735         throws PortalException, SystemException {
736 
737         for (Permission permission : permissions) {
738             if (checkOrgGroupPermission(organizations, groups, permission)) {
739                 return true;
740             }
741         }
742 
743         return false;
744     }
745 
746     protected boolean checkOrgGroupPermission(
747             List<Organization> organizations, List<Group> groups,
748             Permission permission)
749         throws PortalException, SystemException {
750 
751         // Do not check for an OrgGroupPermission intersection unless there is
752         // at least one organization and one group to check
753 
754         if ((organizations.size() == 0) || (groups.size() == 0)) {
755             return false;
756         }
757 
758         // Do not check unless the OrgGroupPermission intersection contains at
759         // least one permission
760 
761         List<OrgGroupPermission> orgGroupPermissions =
762             orgGroupPermissionPersistence.findByPermissionId(
763                 permission.getPermissionId());
764 
765         if (orgGroupPermissions.size() == 0) {
766             return false;
767         }
768 
769         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
770             if (orgGroupPermission.containsOrganization(organizations) &&
771                 orgGroupPermission.containsGroup(groups)) {
772 
773                 return true;
774             }
775         }
776 
777         // Throw an exception so that we do not continue checking permissions.
778         // The user has a specific permission given in the OrgGroupPermission
779         // intersection that prohibits him from going further.
780 
781         throw new NoSuchPermissionException(
782             "User has a permission in OrgGroupPermission that does not match");
783     }
784 
785     protected boolean hasUserPermissions_1(
786             long userId, long resourceId, String actionId,
787             List<Permission> permissions, List<Group> groups, long groupId,
788             StopWatch stopWatch, int block)
789         throws SystemException {
790 
791         // Is the user connected to one of the permissions via group or
792         // organization roles?
793 
794         if (groups.size() > 0) {
795             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
796                 return true;
797             }
798         }
799 
800         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
801 
802         // Is the user associated with groups or organizations that are directly
803         // connected to one of the permissions?
804 
805         if (groups.size() > 0) {
806             if (permissionFinder.countByGroupsPermissions(
807                     permissions, groups) > 0) {
808 
809                 return true;
810             }
811         }
812 
813         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
814 
815         // Is the user connected to one of the permissions via user roles?
816 
817         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
818             return true;
819         }
820 
821         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
822 
823         // Is the user connected to one of the permissions via user group roles?
824 
825         if (permissionFinder.countByUserGroupRole(
826                 permissions, userId, groupId) > 0) {
827 
828             return true;
829         }
830 
831         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
832 
833         // Is the user directly connected to one of the permissions?
834 
835         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
836             return true;
837         }
838 
839         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
840 
841         return false;
842     }
843 
844     protected boolean hasUserPermissions_2(
845             long userId, long resourceId, String actionId,
846             List<Permission> permissions, List<Group> groups, long groupId,
847             StopWatch stopWatch, int block)
848         throws SystemException {
849 
850         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
851         // countByUserGroupRole, and countByUsersPermissions in one method
852 
853         if (permissionFinder.containsPermissions_2(
854                 permissions, userId, groups, groupId)) {
855 
856             return true;
857         }
858 
859         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
860 
861         return false;
862     }
863 
864     protected boolean hasUserPermissions_3(
865             long userId, long resourceId, String actionId,
866             List<Permission> permissions, List<Group> groups, List<Role> roles,
867             StopWatch stopWatch, int block)
868         throws SystemException {
869 
870         // Is the user associated with groups or organizations that are directly
871         // connected to one of the permissions?
872 
873         if (groups.size() > 0) {
874             if (permissionFinder.countByGroupsPermissions(
875                     permissions, groups) > 0) {
876 
877                 return true;
878             }
879         }
880 
881         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
882 
883         // Is the user associated with a role that is directly connected to one
884         // of the permissions?
885 
886         if (roles.size() > 0) {
887             if (permissionFinder.countByRolesPermissions(
888                     permissions, roles) > 0) {
889 
890                 return true;
891             }
892         }
893 
894         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
895 
896         // Is the user directly connected to one of the permissions?
897 
898         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
899             return true;
900         }
901 
902         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
903 
904         return false;
905     }
906 
907     protected boolean hasUserPermissions_4(
908             long userId, long resourceId, String actionId,
909             List<Permission> permissions, List<Group> groups, List<Role> roles,
910             StopWatch stopWatch, int block)
911         throws SystemException {
912 
913         // Call countByGroupsPermissions, countByRolesPermissions, and
914         // countByUsersPermissions in one method
915 
916         if (permissionFinder.containsPermissions_4(
917                 permissions, userId, groups, roles)) {
918 
919             return true;
920         }
921 
922         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
923 
924         return false;
925     }
926 
927     protected boolean hasUserPermissions_5(
928             long userId, long resourceId, String actionId,
929             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
930             int block)
931         throws SystemException {
932 
933         if (roles.size() > 0) {
934             if (permissionFinder.countByRolesPermissions(
935                     permissions, roles) > 0) {
936 
937                 return true;
938             }
939         }
940 
941         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
942 
943         return false;
944     }
945 
946     protected boolean hasUserPermissions_6(
947             long userId, long resourceId, List<Resource> resources,
948             String actionId, List<Role> roles, StopWatch stopWatch,
949             int block)
950         throws PortalException, SystemException {
951 
952         // Iterate the list of resources in reverse order to test permissions
953         // from company scope to individual scope because it is more likely that
954         // a permission is assigned at a higher scope. Optimizing this method
955         // to one SQL call may actually slow things down since most of the calls
956         // will pull from the cache after the first request.
957 
958         for (int i = resources.size() - 1; i >= 0; i--) {
959             Resource resource = resources.get(i);
960 
961             for (Role role : roles) {
962                 if (resourcePermissionLocalService.hasResourcePermission(
963                         resource.getCompanyId(), resource.getName(),
964                         resource.getScope(), resource.getPrimKey(),
965                         role.getRoleId(), actionId)) {
966 
967                     return true;
968                 }
969             }
970         }
971 
972         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
973 
974         return false;
975     }
976 
977     protected void logHasUserPermissions(
978         long userId, long resourceId, String actionId, StopWatch stopWatch,
979         int block) {
980 
981         if (!_log.isDebugEnabled()) {
982             return;
983         }
984 
985         _log.debug(
986             "Checking user permissions block " + block + " for " + userId +
987                 " " + resourceId + " " + actionId + " takes " +
988                     stopWatch.getTime() + " ms");
989     }
990 
991     private static Log _log =
992         LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
993 
994 }