1
19
20 package com.liferay.portlet.enterpriseadmin.action;
21
22 import com.liferay.portal.NoSuchRoleException;
23 import com.liferay.portal.RolePermissionsException;
24 import com.liferay.portal.kernel.servlet.SessionErrors;
25 import com.liferay.portal.kernel.servlet.SessionMessages;
26 import com.liferay.portal.kernel.util.ArrayUtil;
27 import com.liferay.portal.kernel.util.Constants;
28 import com.liferay.portal.kernel.util.ListUtil;
29 import com.liferay.portal.kernel.util.ParamUtil;
30 import com.liferay.portal.kernel.util.StringUtil;
31 import com.liferay.portal.kernel.util.Validator;
32 import com.liferay.portal.model.GroupConstants;
33 import com.liferay.portal.model.ResourceConstants;
34 import com.liferay.portal.model.Role;
35 import com.liferay.portal.model.RoleConstants;
36 import com.liferay.portal.security.auth.PrincipalException;
37 import com.liferay.portal.security.permission.ResourceActionsUtil;
38 import com.liferay.portal.security.permission.comparator.ActionComparator;
39 import com.liferay.portal.service.PermissionServiceUtil;
40 import com.liferay.portal.service.ResourcePermissionServiceUtil;
41 import com.liferay.portal.service.RoleLocalServiceUtil;
42 import com.liferay.portal.struts.PortletAction;
43 import com.liferay.portal.theme.ThemeDisplay;
44 import com.liferay.portal.util.PropsValues;
45 import com.liferay.portal.util.WebKeys;
46
47 import java.util.HashMap;
48 import java.util.List;
49 import java.util.Map;
50
51 import javax.portlet.ActionRequest;
52 import javax.portlet.ActionResponse;
53 import javax.portlet.PortletConfig;
54 import javax.portlet.RenderRequest;
55 import javax.portlet.RenderResponse;
56
57 import org.apache.struts.action.ActionForm;
58 import org.apache.struts.action.ActionForward;
59 import org.apache.struts.action.ActionMapping;
60
61
68 public class EditRolePermissionsAction extends PortletAction {
69
70 public void processAction(
71 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
72 ActionRequest actionRequest, ActionResponse actionResponse)
73 throws Exception {
74
75 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
76
77 try {
78 if (cmd.equals("actions")) {
79 updateActions(actionRequest, actionResponse);
80 }
81 else if (cmd.equals("delete_permission")) {
82 deletePermission(actionRequest, actionResponse);
83 }
84 }
85 catch (Exception e) {
86 if (e instanceof NoSuchRoleException ||
87 e instanceof PrincipalException ||
88 e instanceof RolePermissionsException) {
89
90 SessionErrors.add(actionRequest, e.getClass().getName());
91
92 setForward(actionRequest, "portlet.enterprise_admin.error");
93 }
94 else {
95 throw e;
96 }
97 }
98 }
99
100 public ActionForward render(
101 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
102 RenderRequest renderRequest, RenderResponse renderResponse)
103 throws Exception {
104
105 try {
106 ActionUtil.getRole(renderRequest);
107 }
108 catch (Exception e) {
109 if (e instanceof NoSuchRoleException ||
110 e instanceof PrincipalException) {
111
112 SessionErrors.add(renderRequest, e.getClass().getName());
113
114 return mapping.findForward("portlet.enterprise_admin.error");
115 }
116 else {
117 throw e;
118 }
119 }
120
121 return mapping.findForward(getForward(
122 renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
123 }
124
125 protected void deletePermission(
126 ActionRequest actionRequest, ActionResponse actionResponse)
127 throws Exception {
128
129 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
130 WebKeys.THEME_DISPLAY);
131
132 long roleId = ParamUtil.getLong(actionRequest, "roleId");
133 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
134 String name = ParamUtil.getString(actionRequest, "name");
135 int scope = ParamUtil.getInteger(actionRequest, "scope");
136 String primKey = ParamUtil.getString(actionRequest, "primKey");
137 String actionId = ParamUtil.getString(actionRequest, "actionId");
138
139 Role role = RoleLocalServiceUtil.getRole(roleId);
140
141 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
142 role.getName().equals(RoleConstants.OWNER) ||
143 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
144 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
145 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
146 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
147
148 throw new RolePermissionsException(role.getName());
149 }
150
151 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
152 ResourcePermissionServiceUtil.removeResourcePermission(
153 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
154 name, scope, primKey, roleId, actionId);
155 }
156 else {
157 PermissionServiceUtil.unsetRolePermission(
158 roleId, themeDisplay.getScopeGroupId(), permissionId);
159 }
160
161
163 SessionMessages.add(actionRequest, "permissionDeleted");
164
165 String redirect = ParamUtil.getString(actionRequest, "redirect");
166
167 actionResponse.sendRedirect(redirect);
168 }
169
170 protected void updateAction_1to5(
171 ActionRequest actionRequest, Role role, long groupId,
172 String selResource, String actionId)
173 throws Exception {
174
175 long roleId = role.getRoleId();
176
177 int scope = ParamUtil.getInteger(
178 actionRequest, "scope" + selResource + actionId);
179
180 if (scope == ResourceConstants.SCOPE_COMPANY) {
181 PermissionServiceUtil.setRolePermission(
182 roleId, groupId, selResource, scope,
183 String.valueOf(role.getCompanyId()), actionId);
184 }
185 else if (scope == ResourceConstants.SCOPE_GROUP) {
186 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
187 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
188
189 PermissionServiceUtil.setRolePermission(
190 roleId, groupId, selResource,
191 ResourceConstants.SCOPE_GROUP_TEMPLATE,
192 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
193 actionId);
194 }
195 else {
196 String[] groupIds = StringUtil.split(
197 ParamUtil.getString(
198 actionRequest, "groupIds" + selResource + actionId));
199
200 if (groupIds.length == 0) {
201 SessionErrors.add(
202 actionRequest, "missingGroupIdsForAction");
203
204 return;
205 }
206
207 groupIds = ArrayUtil.distinct(groupIds);
208
209 PermissionServiceUtil.unsetRolePermissions(
210 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
211 actionId);
212
213 for (String curGroupId : groupIds) {
214 PermissionServiceUtil.setRolePermission(
215 roleId, groupId, selResource,
216 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
217 }
218 }
219 }
220 else {
221
222
224 PermissionServiceUtil.unsetRolePermissions(
225 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
226 actionId);
227
228 PermissionServiceUtil.unsetRolePermissions(
229 roleId, groupId, selResource,
230 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
231
232 PermissionServiceUtil.unsetRolePermissions(
233 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
234 actionId);
235 }
236 }
237
238 protected void updateAction_6(
239 ActionRequest actionRequest, Role role, long groupId,
240 String selResource, String actionId)
241 throws Exception {
242
243 long companyId = role.getCompanyId();
244 long roleId = role.getRoleId();
245
246 int scope = ParamUtil.getInteger(
247 actionRequest, "scope" + selResource + actionId);
248
249 if (scope == ResourceConstants.SCOPE_COMPANY) {
250 ResourcePermissionServiceUtil.addResourcePermission(
251 groupId, companyId, selResource, scope,
252 String.valueOf(role.getCompanyId()), roleId, actionId);
253 }
254 else if (scope == ResourceConstants.SCOPE_GROUP) {
255 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
256 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
257
258 ResourcePermissionServiceUtil.addResourcePermission(
259 groupId, companyId, selResource,
260 ResourceConstants.SCOPE_GROUP_TEMPLATE,
261 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
262 roleId, actionId);
263 }
264 else {
265 String[] groupIds = StringUtil.split(
266 ParamUtil.getString(
267 actionRequest, "groupIds" + selResource + actionId));
268
269 if (groupIds.length == 0) {
270 SessionErrors.add(
271 actionRequest, "missingGroupIdsForAction");
272
273 return;
274 }
275
276 groupIds = ArrayUtil.distinct(groupIds);
277
278 ResourcePermissionServiceUtil.removeResourcePermissions(
279 groupId, companyId, selResource,
280 ResourceConstants.SCOPE_GROUP, roleId, actionId);
281
282 for (String curGroupId : groupIds) {
283 ResourcePermissionServiceUtil.addResourcePermission(
284 groupId, companyId, selResource,
285 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
286 actionId);
287 }
288 }
289 }
290 else {
291
292
294 ResourcePermissionServiceUtil.removeResourcePermissions(
295 groupId, companyId, selResource,
296 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
297
298 ResourcePermissionServiceUtil.removeResourcePermissions(
299 groupId, companyId, selResource,
300 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
301
302 ResourcePermissionServiceUtil.removeResourcePermissions(
303 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
304 roleId, actionId);
305 }
306 }
307
308 protected void updateActions(
309 ActionRequest actionRequest, ActionResponse actionResponse)
310 throws Exception {
311
312 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
313 WebKeys.THEME_DISPLAY);
314
315 long roleId = ParamUtil.getLong(actionRequest, "roleId");
316
317 Role role = RoleLocalServiceUtil.getRole(roleId);
318
319 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
320 role.getName().equals(RoleConstants.OWNER) ||
321 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
322 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
323 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
324 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
325
326 throw new RolePermissionsException(role.getName());
327 }
328
329 String portletResource = ParamUtil.getString(
330 actionRequest, "portletResource");
331 String[] modelResources = StringUtil.split(
332 ParamUtil.getString(actionRequest, "modelResources"));
333
334 Map<String, List<String>> resourceActionsMap =
335 new HashMap<String, List<String>>();
336
337 if (Validator.isNotNull(portletResource)) {
338 resourceActionsMap.put(
339 portletResource,
340 ResourceActionsUtil.getResourceActions(portletResource, null));
341 }
342
343 for (String modelResource : modelResources) {
344 resourceActionsMap.put(
345 modelResource,
346 ResourceActionsUtil.getResourceActions(null, modelResource));
347 }
348
349 for (Map.Entry<String, List<String>> entry :
350 resourceActionsMap.entrySet()) {
351
352 String selResource = entry.getKey();
353 List<String> actions = entry.getValue();
354
355 actions = ListUtil.sort(
356 actions,
357 new ActionComparator(
358 themeDisplay.getCompanyId(), themeDisplay.getLocale()));
359
360 for (String actionId : actions) {
361 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
362 updateAction_6(
363 actionRequest, role, themeDisplay.getScopeGroupId(),
364 selResource, actionId);
365 }
366 else {
367 updateAction_1to5(
368 actionRequest, role, themeDisplay.getScopeGroupId(),
369 selResource, actionId);
370 }
371 }
372 }
373
374
376 SessionMessages.add(actionRequest, "permissionsUpdated");
377
378 String redirect =
379 ParamUtil.getString(actionRequest, "redirect") + "&" +
380 Constants.CMD + "=" + Constants.VIEW;
381
382 actionResponse.sendRedirect(redirect);
383 }
384
385 }