1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.upgrade.v5_2_0;
24  
25  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
26  import com.liferay.portal.kernel.dao.jdbc.SmartResultSet;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.util.GetterUtil;
30  import com.liferay.portal.model.Layout;
31  import com.liferay.portal.model.Permission;
32  import com.liferay.portal.model.PortletConstants;
33  import com.liferay.portal.model.Resource;
34  import com.liferay.portal.model.ResourceConstants;
35  import com.liferay.portal.service.LayoutLocalServiceUtil;
36  import com.liferay.portal.service.PermissionLocalServiceUtil;
37  import com.liferay.portal.service.ResourceLocalServiceUtil;
38  import com.liferay.portal.upgrade.UpgradeException;
39  import com.liferay.portal.upgrade.UpgradeProcess;
40  
41  import java.sql.Connection;
42  import java.sql.PreparedStatement;
43  import java.sql.ResultSet;
44  
45  /**
46   * <a href="UpgradePortletPermissions.java.html"><b><i>View Source</i></b></a>
47   *
48   * @author Jorge Ferrer
49   *
50   */
51  public class UpgradePortletPermissions extends UpgradeProcess {
52  
53      public void upgrade() throws UpgradeException {
54          _log.info("Upgrading portlet permissions");
55  
56          try {
57              updatePortletPermissions(
58                  "33", "com.liferay.portlet.blogs",
59                  new String[] {"ADD_ENTRY"});
60  
61              updatePortletPermissions(
62                  "28", "com.liferay.portlet.bookmarks",
63                  new String[] {"ADD_FOLDER"});
64  
65              updatePortletPermissions(
66                  "8", "com.liferay.portlet.calendar",
67                  new String[] {"ADD_EVENT", "EXPORT_ALL_EVENTS"});
68  
69              updatePortletPermissions(
70                  "20", "com.liferay.portlet.documentlibrary",
71                  new String[] {"ADD_FOLDER"});
72  
73              updatePortletPermissions(
74                  "31", "com.liferay.portlet.imagegallery",
75                  new String[] {"ADD_FOLDER"});
76  
77              updatePortletPermissions(
78                  "15", "com.liferay.portlet.journal",
79                  new String[] {
80                      "ADD_ARTICLE", "ADD_FEED", "ADD_STRUCTURE", "ADD_TEMPLATE",
81                      "APPROVE_ARTICLE"
82                  });
83  
84              updatePortletPermissions(
85                  "19", "com.liferay.portlet.messageboards",
86                  new String[] {"ADD_CATEGORY", "BAN_USER"});
87  
88              updatePortletPermissions(
89                  "25", "com.liferay.portlet.polls",
90                  new String[] {"ADD_QUESTION"});
91  
92              updatePortletPermissions(
93                  "34", "com.liferay.portlet.shopping",
94                  new String[] {
95                      "ADD_CATEGORY", "MANAGE_COUPONS", "MANAGE_ORDERS"
96                  });
97  
98              updatePortletPermissions(
99                  "98", "com.liferay.portlet.softwarecatalog",
100                 new String[] {"ADD_FRAMEWORK_VERSION", "ADD_PRODUCT_ENTRY"});
101 
102             updatePortletPermissions(
103                 "99", "com.liferay.portlet.tags",
104                 new String[] {"ADD_ENTRY", "ADD_VOCABULARY"});
105 
106             updatePortletPermissions(
107                 "36", "com.liferay.portlet.wiki",
108                 new String[] {"ADD_NODE"});
109         }
110         catch (Exception e) {
111             throw new UpgradeException(e);
112         }
113     }
114 
115     protected long getPortletPermissionsCount(
116             String actionId, long resourceId, String modelName)
117         throws Exception {
118 
119         Connection con = null;
120         PreparedStatement ps = null;
121         ResultSet rs = null;
122 
123         try {
124             con = DataAccess.getConnection();
125 
126             StringBuilder sb = new StringBuilder();
127 
128             sb.append("select count(*) from Permission_ ");
129             sb.append("inner join Resource_ on Resource_.resourceId = ");
130             sb.append("Permission_.resourceId inner join ResourceCode on ");
131             sb.append("ResourceCode.codeId = Resource_.codeId where ");
132             sb.append("Permission_.actionId = ? and ");
133             sb.append("Permission_.resourceId = ? and ResourceCode.name = ? ");
134             sb.append("and ResourceCode.scope = ? ");
135 
136             String sql = sb.toString();
137 
138             ps = con.prepareStatement(sql);
139 
140             ps.setString(1, actionId);
141             ps.setLong(2, resourceId);
142             ps.setString(3, modelName);
143             ps.setInt(4, ResourceConstants.SCOPE_INDIVIDUAL);
144 
145             rs = ps.executeQuery();
146 
147             rs.next();
148 
149             return rs.getLong(1);
150         }
151         finally {
152             DataAccess.cleanUp(con, ps, rs);
153         }
154     }
155 
156     protected void updatePortletPermission(
157             long permissionId, String actionId, String primKey,
158             String modelName, int scope)
159         throws Exception {
160 
161         long plid = GetterUtil.getLong(
162             primKey.substring(
163                 0, primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR)));
164 
165         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
166 
167         Resource resource = ResourceLocalServiceUtil.addResource(
168             layout.getCompanyId(), modelName, scope,
169             String.valueOf(layout.getGroupId()));
170 
171         long portletPermissionCount = getPortletPermissionsCount(
172             actionId, resource.getResourceId(), modelName);
173 
174         if (portletPermissionCount == 0) {
175             Permission permission = PermissionLocalServiceUtil.getPermission(
176                 permissionId);
177 
178             permission.setResourceId(resource.getResourceId());
179 
180             PermissionLocalServiceUtil.updatePermission(permission);
181         }
182         else {
183             runSQL(
184                 "delete from Permission_ where permissionId = " + permissionId);
185         }
186     }
187 
188     protected void updatePortletPermissions(
189             String portletName, String modelName, String[] actionIds)
190         throws Exception {
191 
192         Connection con = null;
193         PreparedStatement ps = null;
194         ResultSet rs = null;
195 
196         try {
197             con = DataAccess.getConnection();
198 
199             StringBuilder sb = new StringBuilder();
200 
201             sb.append("select Permission_.permissionId, ");
202             sb.append("Permission_.actionId, Resource_.primKey, ");
203             sb.append("ResourceCode.scope from Permission_ ");
204             sb.append("inner join Resource_ on Resource_.resourceId = ");
205             sb.append("Permission_.resourceId inner join ResourceCode on ");
206             sb.append("ResourceCode.codeId = Resource_.codeId where (");
207 
208             for (int i = 0; i < actionIds.length; i++) {
209                 String actionId = actionIds[i];
210 
211                 sb.append("Permission_.actionId = '");
212                 sb.append(actionId);
213                 sb.append("'");
214 
215                 if (i < (actionIds.length - 1)) {
216                     sb.append(" or ");
217                 }
218             }
219 
220             sb.append(") and ResourceCode.name = ? and ResourceCode.scope = ?");
221 
222             String sql = sb.toString();
223 
224             ps = con.prepareStatement(sql);
225 
226             ps.setString(1, portletName);
227             ps.setInt(2, ResourceConstants.SCOPE_INDIVIDUAL);
228 
229             rs = ps.executeQuery();
230 
231             SmartResultSet srs = new SmartResultSet(rs);
232 
233             while (srs.next()) {
234                 long permissionId = srs.getLong("Permission_.permissionId");
235                 String actionId = srs.getString("Permission_.actionId");
236                 String primKey = srs.getString("Resource_.primKey");
237                 int scope = srs.getInt("ResourceCode.scope");
238 
239                 try {
240                     updatePortletPermission(
241                         permissionId, actionId, primKey, modelName, scope);
242                 }
243                 catch (Exception e) {
244                     _log.error(
245                         "Unable to upgrade permission " + permissionId, e);
246                 }
247             }
248         }
249         finally {
250             DataAccess.cleanUp(con, ps, rs);
251         }
252     }
253 
254     private static Log _log = LogFactoryUtil.getLog(
255         UpgradePortletPermissions.class);
256 
257 }