1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.impl;
21  
22  import com.liferay.portal.NoSuchPermissionException;
23  import com.liferay.portal.PortalException;
24  import com.liferay.portal.SystemException;
25  import com.liferay.portal.kernel.log.Log;
26  import com.liferay.portal.kernel.log.LogFactoryUtil;
27  import com.liferay.portal.kernel.search.SearchEngineUtil;
28  import com.liferay.portal.kernel.util.GetterUtil;
29  import com.liferay.portal.kernel.util.ListUtil;
30  import com.liferay.portal.kernel.util.Validator;
31  import com.liferay.portal.model.Group;
32  import com.liferay.portal.model.OrgGroupPermission;
33  import com.liferay.portal.model.Organization;
34  import com.liferay.portal.model.Permission;
35  import com.liferay.portal.model.Resource;
36  import com.liferay.portal.model.ResourceCode;
37  import com.liferay.portal.model.ResourceConstants;
38  import com.liferay.portal.model.Role;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserGroup;
41  import com.liferay.portal.security.permission.PermissionCacheUtil;
42  import com.liferay.portal.security.permission.PermissionCheckerBag;
43  import com.liferay.portal.security.permission.ResourceActionsUtil;
44  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
45  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
46  import com.liferay.portal.util.PropsValues;
47  import com.liferay.portal.util.comparator.PermissionComparator;
48  
49  import java.util.ArrayList;
50  import java.util.HashSet;
51  import java.util.Iterator;
52  import java.util.List;
53  import java.util.Set;
54  
55  import org.apache.commons.lang.time.StopWatch;
56  
57  /**
58   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
59   *
60   * @author Charles May
61   * @author Brian Wing Shun Chan
62   * @author Raymond Augé
63   *
64   */
65  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
66  
67      public Permission addPermission(
68              long companyId, String actionId, long resourceId)
69          throws SystemException {
70  
71          Permission permission = permissionPersistence.fetchByA_R(
72              actionId, resourceId);
73  
74          if (permission == null) {
75              long permissionId = counterLocalService.increment(
76                  Permission.class.getName());
77  
78              permission = permissionPersistence.create(permissionId);
79  
80              permission.setCompanyId(companyId);
81              permission.setActionId(actionId);
82              permission.setResourceId(resourceId);
83  
84              permissionPersistence.update(permission, false);
85          }
86  
87          return permission;
88      }
89  
90      public List<Permission> addPermissions(
91              long companyId, String name, long resourceId,
92              boolean portletActions)
93          throws SystemException {
94  
95          List<String> actionIds = null;
96  
97          if (portletActions) {
98              actionIds = ResourceActionsUtil.getPortletResourceActions(name);
99          }
100         else {
101             actionIds = ResourceActionsUtil.getModelResourceActions(name);
102         }
103 
104         return addPermissions(companyId, actionIds, resourceId);
105     }
106 
107     public List<Permission> addPermissions(
108             long companyId, List<String> actionIds, long resourceId)
109         throws SystemException {
110 
111         List<Permission> permissions = permissionPersistence.findByResourceId(
112             resourceId);
113 
114         permissions = ListUtil.copy(permissions);
115 
116         Set<String> actionIdsSet = new HashSet<String>();
117 
118         for (Permission permission : permissions) {
119             actionIdsSet.add(permission.getActionId());
120         }
121 
122         for (String actionId : actionIds) {
123             if (actionIdsSet.contains(actionId)) {
124                 continue;
125             }
126 
127             long permissionId = counterLocalService.increment(
128                 Permission.class.getName());
129 
130             Permission permission = permissionPersistence.create(permissionId);
131 
132             permission.setCompanyId(companyId);
133             permission.setActionId(actionId);
134             permission.setResourceId(resourceId);
135 
136             try {
137                 permissionPersistence.update(permission, false);
138             }
139             catch (SystemException se) {
140                 if (_log.isWarnEnabled()) {
141                     _log.warn(
142                         "Add failed, fetch {actionId=" + actionId +
143                             ", resourceId=" + resourceId + "}");
144                 }
145 
146                 permission = permissionPersistence.fetchByA_R(
147                     actionId, resourceId, false);
148 
149                 if (permission == null) {
150                     throw se;
151                 }
152             }
153 
154             permissions.add(permission);
155         }
156 
157         return permissions;
158     }
159 
160     public void addUserPermissions(
161             long userId, String[] actionIds, long resourceId)
162         throws PortalException, SystemException {
163 
164         User user = userPersistence.findByPrimaryKey(userId);
165 
166         List<Permission> permissions = permissionFinder.findByU_R(
167             userId, resourceId);
168 
169         permissions = getPermissions(
170             user.getCompanyId(), actionIds, resourceId);
171 
172         userPersistence.addPermissions(userId, permissions);
173 
174         PermissionCacheUtil.clearCache();
175     }
176 
177     public List<String> getActions(List<Permission> permissions) {
178         List<String> actionIds = new ArrayList<String>();
179 
180         Iterator<Permission> itr = permissions.iterator();
181 
182         while (itr.hasNext()) {
183             Permission permission = itr.next();
184 
185             actionIds.add(permission.getActionId());
186         }
187 
188         return actionIds;
189     }
190 
191     public List<Permission> getGroupPermissions(long groupId, long resourceId)
192         throws SystemException {
193 
194         return permissionFinder.findByG_R(groupId, resourceId);
195     }
196 
197     public List<Permission> getGroupPermissions(
198             long groupId, long companyId, String name, int scope,
199             String primKey)
200         throws SystemException {
201 
202         return permissionFinder.findByG_C_N_S_P(
203             groupId, companyId, name, scope, primKey);
204     }
205 
206     public List<Permission> getOrgGroupPermissions(
207             long organizationId, long groupId, long resourceId)
208         throws SystemException {
209 
210         return permissionFinder.findByO_G_R(
211             organizationId, groupId, resourceId);
212     }
213 
214     public long getLatestPermissionId() throws SystemException {
215         List<Permission> permissions = permissionPersistence.findAll(
216             0, 1, new PermissionComparator());
217 
218         if (permissions.size() == 0) {
219             return 0;
220         }
221         else {
222             Permission permission = permissions.get(0);
223 
224             return permission.getPermissionId();
225         }
226     }
227 
228     public List<Permission> getPermissions(
229             long companyId, String[] actionIds, long resourceId)
230         throws SystemException {
231 
232         List<Permission> permissions = new ArrayList<Permission>();
233 
234         for (int i = 0; i < actionIds.length; i++) {
235             Permission permission = addPermission(
236                 companyId, actionIds[i], resourceId);
237 
238             permissions.add(permission);
239         }
240 
241         return permissions;
242     }
243 
244     public List<Permission> getRolePermissions(long roleId)
245         throws SystemException {
246 
247         return rolePersistence.getPermissions(roleId);
248     }
249 
250     public List<Permission> getRolePermissions(long roleId, long resourceId)
251         throws SystemException {
252 
253         return permissionFinder.findByR_R(roleId, resourceId);
254     }
255 
256     public List<Permission> getUserPermissions(long userId, long resourceId)
257         throws SystemException {
258 
259         return permissionFinder.findByU_R(userId, resourceId);
260     }
261 
262     public List<Permission> getUserPermissions(
263             long userId, long companyId, String name, int scope, String primKey)
264         throws SystemException {
265 
266         return permissionFinder.findByU_C_N_S_P(
267             userId, companyId, name, scope, primKey);
268     }
269 
270     public boolean hasGroupPermission(
271             long groupId, String actionId, long resourceId)
272         throws SystemException {
273 
274         Permission permission = permissionPersistence.fetchByA_R(
275             actionId, resourceId);
276 
277         // Return false if there is no permission based on the given action
278         // id and resource id
279 
280         if (permission == null) {
281             return false;
282         }
283 
284         return groupPersistence.containsPermission(
285             groupId, permission.getPermissionId());
286     }
287 
288     public boolean hasRolePermission(
289             long roleId, long companyId, String name, int scope,
290             String actionId)
291         throws SystemException {
292 
293         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
294             companyId, name, scope);
295 
296         List<Resource> resources = resourcePersistence.findByCodeId(
297             resourceCode.getCodeId());
298 
299         for (Resource resource : resources) {
300             Permission permission = permissionPersistence.fetchByA_R(
301                 actionId, resource.getResourceId());
302 
303             if (permission != null) {
304                 if (rolePersistence.containsPermission(
305                         roleId, permission.getPermissionId())) {
306 
307                     return true;
308                 }
309             }
310         }
311 
312         return false;
313     }
314 
315     public boolean hasRolePermission(
316             long roleId, long companyId, String name, int scope, String primKey,
317             String actionId)
318         throws SystemException {
319 
320         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
321             companyId, name, scope);
322 
323         Resource resource = resourcePersistence.fetchByC_P(
324             resourceCode.getCodeId(), primKey);
325 
326         if (resource == null) {
327             return false;
328         }
329 
330         Permission permission = permissionPersistence.fetchByA_R(
331             actionId, resource.getResourceId());
332 
333         if (permission == null) {
334             return false;
335         }
336 
337         return rolePersistence.containsPermission(
338             roleId, permission.getPermissionId());
339     }
340 
341     public boolean hasUserPermission(
342             long userId, String actionId, long resourceId)
343         throws SystemException {
344 
345         Permission permission = permissionPersistence.fetchByA_R(
346             actionId, resourceId);
347 
348         // Return false if there is no permission based on the given action
349         // id and resource id
350 
351         if (permission == null) {
352             return false;
353         }
354 
355         return userPersistence.containsPermission(
356             userId, permission.getPermissionId());
357     }
358 
359     public boolean hasUserPermissions(
360             long userId, long groupId, List<Resource> resources,
361             String actionId, PermissionCheckerBag permissionCheckerBag)
362         throws PortalException, SystemException {
363 
364         StopWatch stopWatch = null;
365 
366         if (_log.isDebugEnabled()) {
367             stopWatch = new StopWatch();
368 
369             stopWatch.start();
370         }
371 
372         int block = 1;
373 
374         // Return false if there are no resources
375 
376         if (Validator.isNull(actionId) || resources.isEmpty()) {
377             return false;
378         }
379 
380         long[] resourceIds = null;
381 
382         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
383             resourceIds = new long[resources.size()];
384 
385             for (int i = 0; i < resources.size(); i++) {
386                 Resource resource = resources.get(i);
387 
388                 resourceIds[i] = resource.getResourceId();
389             }
390         }
391 
392         List<Permission> permissions = null;
393 
394         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
395             permissions = permissionFinder.findByA_R(actionId, resourceIds);
396 
397             // Return false if there are no permissions
398 
399             if (permissions.size() == 0) {
400                 return false;
401             }
402         }
403 
404         // Record logs with the first resource id
405 
406         long resourceId = 0;
407 
408         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
409             resourceId = resourceIds[0];
410         }
411         else {
412             resourceId = resources.get(0).getResourceId();
413         }
414 
415         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
416 
417         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
418         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
419         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
420         //List<Group> userUserGroupGroups =
421         //  permissionCheckerBag.getUserUserGroupGroups();
422         List<Group> groups = permissionCheckerBag.getGroups();
423         List<Role> roles = permissionCheckerBag.getRoles();
424 
425         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
426 
427         // Check the organization and community intersection table. Break out of
428         // this method if the user has one of the permissions set at the
429         // intersection because that takes priority.
430 
431         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
432         //  return true;
433         //}
434 
435         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
436 
437         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
438             return hasUserPermissions_1(
439                 userId, resourceId, actionId, permissions, groups, groupId,
440                 stopWatch, block);
441         }
442         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
443             return hasUserPermissions_2(
444                 userId, resourceId, actionId, permissions, groups, groupId,
445                 stopWatch, block);
446         }
447         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
448             return hasUserPermissions_3(
449                 userId, resourceId, actionId, permissions, groups, roles,
450                 stopWatch, block);
451         }
452         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
453             return hasUserPermissions_4(
454                 userId, resourceId, actionId, permissions, groups, roles,
455                 stopWatch, block);
456         }
457         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
458             return hasUserPermissions_5(
459                 userId, resourceId, actionId, permissions, roles, stopWatch,
460                 block);
461         }
462         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
463             return hasUserPermissions_6(
464                 userId, resourceId, resources, actionId, roles, stopWatch,
465                 block);
466         }
467 
468         return false;
469     }
470 
471     public void setGroupPermissions(
472             long groupId, String[] actionIds, long resourceId)
473         throws PortalException, SystemException {
474 
475         Group group = groupPersistence.findByPrimaryKey(groupId);
476 
477         List<Permission> permissions = permissionFinder.findByG_R(
478             groupId, resourceId);
479 
480         for (Permission permission : permissions) {
481             groupPersistence.removePermission(groupId, permission);
482         }
483 
484         permissions = getPermissions(
485             group.getCompanyId(), actionIds, resourceId);
486 
487         groupPersistence.addPermissions(groupId, permissions);
488 
489         PermissionCacheUtil.clearCache();
490     }
491 
492     public void setGroupPermissions(
493             String className, String classPK, long groupId,
494             String[] actionIds, long resourceId)
495         throws PortalException, SystemException {
496 
497         long associatedGroupId = 0;
498 
499         if (className.equals(Organization.class.getName())) {
500             long organizationId = GetterUtil.getLong(classPK);
501 
502             Organization organization =
503                 organizationPersistence.findByPrimaryKey(organizationId);
504 
505             orgGroupPermissionFinder.removeByO_G_R(
506                 organizationId, groupId, resourceId);
507 
508             associatedGroupId = organization.getGroup().getGroupId();
509         }
510         else if (className.equals(UserGroup.class.getName())) {
511             long userGroupId = GetterUtil.getLong(classPK);
512 
513             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
514                 userGroupId);
515 
516             associatedGroupId = userGroup.getGroup().getGroupId();
517         }
518 
519         setGroupPermissions(associatedGroupId, actionIds, resourceId);
520     }
521 
522     public void setOrgGroupPermissions(
523             long organizationId, long groupId, String[] actionIds,
524             long resourceId)
525         throws PortalException, SystemException {
526 
527         Organization organization =
528             organizationPersistence.findByPrimaryKey(organizationId);
529 
530         long orgGroupId = organization.getGroup().getGroupId();
531 
532         List<Permission> permissions = permissionPersistence.findByResourceId(
533             resourceId);
534 
535         for (Permission permission : permissions) {
536             groupPersistence.removePermission(orgGroupId, permission);
537         }
538 
539         permissions = getPermissions(
540             organization.getCompanyId(), actionIds, resourceId);
541 
542         orgGroupPermissionFinder.removeByO_G_R(
543             organizationId, groupId, resourceId);
544 
545         for (Permission permission : permissions) {
546             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
547                 organizationId, groupId, permission.getPermissionId());
548 
549             OrgGroupPermission orgGroupPermission =
550                 orgGroupPermissionPersistence.create(pk);
551 
552             orgGroupPermissionPersistence.update(orgGroupPermission, false);
553         }
554 
555         PermissionCacheUtil.clearCache();
556     }
557 
558     public void setRolePermission(
559             long roleId, long companyId, String name, int scope, String primKey,
560             String actionId)
561         throws PortalException, SystemException {
562 
563         if (scope == ResourceConstants.SCOPE_COMPANY) {
564 
565             // Remove group permission
566 
567             unsetRolePermissions(
568                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
569                 actionId);
570         }
571         else if (scope == ResourceConstants.SCOPE_GROUP) {
572 
573             // Remove company permission
574 
575             unsetRolePermissions(
576                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
577                 actionId);
578         }
579         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
580             throw new NoSuchPermissionException();
581         }
582 
583         Resource resource = resourceLocalService.addResource(
584             companyId, name, scope, primKey);
585 
586         long resourceId = resource.getResourceId();
587 
588         Permission permission = permissionPersistence.fetchByA_R(
589             actionId, resourceId);
590 
591         if (permission == null) {
592             long permissionId = counterLocalService.increment(
593                 Permission.class.getName());
594 
595             permission = permissionPersistence.create(permissionId);
596 
597             permission.setCompanyId(companyId);
598             permission.setActionId(actionId);
599             permission.setResourceId(resourceId);
600 
601             permissionPersistence.update(permission, false);
602         }
603 
604         rolePersistence.addPermission(roleId, permission);
605 
606         PermissionCacheUtil.clearCache();
607 
608         SearchEngineUtil.updatePermissionFields(resourceId);
609     }
610 
611     public void setRolePermissions(
612             long roleId, long companyId, String name, int scope, String primKey,
613             String[] actionIds)
614         throws PortalException, SystemException {
615 
616         for (int i = 0; i < actionIds.length; i++) {
617             String actionId = actionIds[i];
618 
619             setRolePermission(
620                 roleId, companyId, name, scope, primKey, actionId);
621         }
622     }
623 
624     public void setRolePermissions(
625             long roleId, String[] actionIds, long resourceId)
626         throws PortalException, SystemException {
627 
628         Role role = rolePersistence.findByPrimaryKey(roleId);
629 
630         List<Permission> permissions = permissionFinder.findByR_R(
631             roleId, resourceId);
632 
633         rolePersistence.removePermissions(roleId, permissions);
634 
635         permissions = getPermissions(
636             role.getCompanyId(), actionIds, resourceId);
637 
638         rolePersistence.addPermissions(roleId, permissions);
639 
640         PermissionCacheUtil.clearCache();
641 
642         SearchEngineUtil.updatePermissionFields(resourceId);
643     }
644 
645     public void setUserPermissions(
646             long userId, String[] actionIds, long resourceId)
647         throws PortalException, SystemException {
648 
649         User user = userPersistence.findByPrimaryKey(userId);
650 
651         List<Permission> permissions = permissionFinder.findByU_R(
652             userId, resourceId);
653 
654         userPersistence.removePermissions(userId, permissions);
655 
656         permissions = getPermissions(
657             user.getCompanyId(), actionIds, resourceId);
658 
659         userPersistence.addPermissions(userId, permissions);
660 
661         PermissionCacheUtil.clearCache();
662     }
663 
664     public void unsetRolePermission(long roleId, long permissionId)
665         throws SystemException {
666 
667         Permission permission = permissionPersistence.fetchByPrimaryKey(
668             permissionId);
669 
670         if (permission != null) {
671             rolePersistence.removePermission(roleId, permission);
672         }
673 
674         PermissionCacheUtil.clearCache();
675     }
676 
677     public void unsetRolePermission(
678             long roleId, long companyId, String name, int scope, String primKey,
679             String actionId)
680         throws SystemException {
681 
682         ResourceCode resourceCode =
683             resourceCodeLocalService.getResourceCode(
684                 companyId, name, scope);
685 
686         Resource resource = resourcePersistence.fetchByC_P(
687             resourceCode.getCodeId(), primKey);
688 
689         if (resource != null) {
690             Permission permission = permissionPersistence.fetchByA_R(
691                 actionId, resource.getResourceId());
692 
693             if (permission != null) {
694                 rolePersistence.removePermission(roleId, permission);
695             }
696         }
697 
698         PermissionCacheUtil.clearCache();
699     }
700 
701     public void unsetRolePermissions(
702             long roleId, long companyId, String name, int scope,
703             String actionId)
704         throws SystemException {
705 
706         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
707             companyId, name, scope);
708 
709         List<Resource> resources = resourcePersistence.findByCodeId(
710             resourceCode.getCodeId());
711 
712         for (Resource resource : resources) {
713             Permission permission = permissionPersistence.fetchByA_R(
714                 actionId, resource.getResourceId());
715 
716             if (permission != null) {
717                 rolePersistence.removePermission(roleId, permission);
718             }
719         }
720 
721         PermissionCacheUtil.clearCache();
722     }
723 
724     public void unsetUserPermissions(
725             long userId, String[] actionIds, long resourceId)
726         throws SystemException {
727 
728         List<Permission> permissions = permissionFinder.findByU_A_R(
729             userId, actionIds, resourceId);
730 
731         userPersistence.removePermissions(userId, permissions);
732 
733         PermissionCacheUtil.clearCache();
734     }
735 
736     protected boolean checkOrgGroupPermission(
737             List<Organization> organizations, List<Group> groups,
738             List<Permission> permissions)
739         throws PortalException, SystemException {
740 
741         for (Permission permission : permissions) {
742             if (checkOrgGroupPermission(organizations, groups, permission)) {
743                 return true;
744             }
745         }
746 
747         return false;
748     }
749 
750     protected boolean checkOrgGroupPermission(
751             List<Organization> organizations, List<Group> groups,
752             Permission permission)
753         throws PortalException, SystemException {
754 
755         // Do not check for an OrgGroupPermission intersection unless there is
756         // at least one organization and one group to check
757 
758         if ((organizations.size() == 0) || (groups.size() == 0)) {
759             return false;
760         }
761 
762         // Do not check unless the OrgGroupPermission intersection contains at
763         // least one permission
764 
765         List<OrgGroupPermission> orgGroupPermissions =
766             orgGroupPermissionPersistence.findByPermissionId(
767                 permission.getPermissionId());
768 
769         if (orgGroupPermissions.size() == 0) {
770             return false;
771         }
772 
773         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
774             if (orgGroupPermission.containsOrganization(organizations) &&
775                 orgGroupPermission.containsGroup(groups)) {
776 
777                 return true;
778             }
779         }
780 
781         // Throw an exception so that we do not continue checking permissions.
782         // The user has a specific permission given in the OrgGroupPermission
783         // intersection that prohibits him from going further.
784 
785         throw new NoSuchPermissionException(
786             "User has a permission in OrgGroupPermission that does not match");
787     }
788 
789     protected boolean hasUserPermissions_1(
790             long userId, long resourceId, String actionId,
791             List<Permission> permissions, List<Group> groups, long groupId,
792             StopWatch stopWatch, int block)
793         throws SystemException {
794 
795         // Is the user connected to one of the permissions via group or
796         // organization roles?
797 
798         if (groups.size() > 0) {
799             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
800                 return true;
801             }
802         }
803 
804         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
805 
806         // Is the user associated with groups or organizations that are directly
807         // connected to one of the permissions?
808 
809         if (groups.size() > 0) {
810             if (permissionFinder.countByGroupsPermissions(
811                     permissions, groups) > 0) {
812 
813                 return true;
814             }
815         }
816 
817         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
818 
819         // Is the user connected to one of the permissions via user roles?
820 
821         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
822             return true;
823         }
824 
825         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
826 
827         // Is the user connected to one of the permissions via user group roles?
828 
829         if (permissionFinder.countByUserGroupRole(
830                 permissions, userId, groupId) > 0) {
831 
832             return true;
833         }
834 
835         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
836 
837         // Is the user directly connected to one of the permissions?
838 
839         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
840             return true;
841         }
842 
843         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
844 
845         return false;
846     }
847 
848     protected boolean hasUserPermissions_2(
849             long userId, long resourceId, String actionId,
850             List<Permission> permissions, List<Group> groups, long groupId,
851             StopWatch stopWatch, int block)
852         throws SystemException {
853 
854         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
855         // countByUserGroupRole, and countByUsersPermissions in one method
856 
857         if (permissionFinder.containsPermissions_2(
858                 permissions, userId, groups, groupId)) {
859 
860             return true;
861         }
862 
863         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
864 
865         return false;
866     }
867 
868     protected boolean hasUserPermissions_3(
869             long userId, long resourceId, String actionId,
870             List<Permission> permissions, List<Group> groups, List<Role> roles,
871             StopWatch stopWatch, int block)
872         throws SystemException {
873 
874         // Is the user associated with groups or organizations that are directly
875         // connected to one of the permissions?
876 
877         if (groups.size() > 0) {
878             if (permissionFinder.countByGroupsPermissions(
879                     permissions, groups) > 0) {
880 
881                 return true;
882             }
883         }
884 
885         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
886 
887         // Is the user associated with a role that is directly connected to one
888         // of the permissions?
889 
890         if (roles.size() > 0) {
891             if (permissionFinder.countByRolesPermissions(
892                     permissions, roles) > 0) {
893 
894                 return true;
895             }
896         }
897 
898         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
899 
900         // Is the user directly connected to one of the permissions?
901 
902         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
903             return true;
904         }
905 
906         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
907 
908         return false;
909     }
910 
911     protected boolean hasUserPermissions_4(
912             long userId, long resourceId, String actionId,
913             List<Permission> permissions, List<Group> groups, List<Role> roles,
914             StopWatch stopWatch, int block)
915         throws SystemException {
916 
917         // Call countByGroupsPermissions, countByRolesPermissions, and
918         // countByUsersPermissions in one method
919 
920         if (permissionFinder.containsPermissions_4(
921                 permissions, userId, groups, roles)) {
922 
923             return true;
924         }
925 
926         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
927 
928         return false;
929     }
930 
931     protected boolean hasUserPermissions_5(
932             long userId, long resourceId, String actionId,
933             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
934             int block)
935         throws SystemException {
936 
937         if (roles.size() > 0) {
938             if (permissionFinder.countByRolesPermissions(
939                     permissions, roles) > 0) {
940 
941                 return true;
942             }
943         }
944 
945         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
946 
947         return false;
948     }
949 
950     protected boolean hasUserPermissions_6(
951             long userId, long resourceId, List<Resource> resources,
952             String actionId, List<Role> roles, StopWatch stopWatch,
953             int block)
954         throws PortalException, SystemException {
955 
956         // Iterate the list of resources in reverse order to test permissions
957         // from company scope to individual scope because it is more likely that
958         // a permission is assigned at a higher scope. Optimizing this method
959         // to one SQL call may actually slow things down since most of the calls
960         // will pull from the cache after the first request.
961 
962         for (int i = resources.size() - 1; i >= 0; i--) {
963             Resource resource = resources.get(i);
964 
965             for (Role role : roles) {
966                 if (resourcePermissionLocalService.hasResourcePermission(
967                         resource.getCompanyId(), resource.getName(),
968                         resource.getScope(), resource.getPrimKey(),
969                         role.getRoleId(), actionId)) {
970 
971                     return true;
972                 }
973             }
974         }
975 
976         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
977 
978         return false;
979     }
980 
981     protected void logHasUserPermissions(
982         long userId, long resourceId, String actionId, StopWatch stopWatch,
983         int block) {
984 
985         if (!_log.isDebugEnabled()) {
986             return;
987         }
988 
989         _log.debug(
990             "Checking user permissions block " + block + " for " + userId +
991                 " " + resourceId + " " + actionId + " takes " +
992                     stopWatch.getTime() + " ms");
993     }
994 
995     private static Log _log =
996         LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
997 
998 }