1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portlet.enterpriseadmin.action;
21  
22  import com.liferay.portal.NoSuchRoleException;
23  import com.liferay.portal.RolePermissionsException;
24  import com.liferay.portal.kernel.servlet.SessionErrors;
25  import com.liferay.portal.kernel.servlet.SessionMessages;
26  import com.liferay.portal.kernel.util.ArrayUtil;
27  import com.liferay.portal.kernel.util.Constants;
28  import com.liferay.portal.kernel.util.ListUtil;
29  import com.liferay.portal.kernel.util.ParamUtil;
30  import com.liferay.portal.kernel.util.StringUtil;
31  import com.liferay.portal.kernel.util.Validator;
32  import com.liferay.portal.model.GroupConstants;
33  import com.liferay.portal.model.ResourceConstants;
34  import com.liferay.portal.model.Role;
35  import com.liferay.portal.model.RoleConstants;
36  import com.liferay.portal.security.auth.PrincipalException;
37  import com.liferay.portal.security.permission.ResourceActionsUtil;
38  import com.liferay.portal.security.permission.comparator.ActionComparator;
39  import com.liferay.portal.service.PermissionServiceUtil;
40  import com.liferay.portal.service.ResourcePermissionServiceUtil;
41  import com.liferay.portal.service.RoleLocalServiceUtil;
42  import com.liferay.portal.struts.PortletAction;
43  import com.liferay.portal.theme.ThemeDisplay;
44  import com.liferay.portal.util.PropsValues;
45  import com.liferay.portal.util.WebKeys;
46  
47  import java.util.HashMap;
48  import java.util.List;
49  import java.util.Map;
50  
51  import javax.portlet.ActionRequest;
52  import javax.portlet.ActionResponse;
53  import javax.portlet.PortletConfig;
54  import javax.portlet.RenderRequest;
55  import javax.portlet.RenderResponse;
56  
57  import org.apache.struts.action.ActionForm;
58  import org.apache.struts.action.ActionForward;
59  import org.apache.struts.action.ActionMapping;
60  
61  /**
62   * <a href="EditRolePermissionsAction.java.html"><b><i>View Source</i></b></a>
63   *
64   * @author Brian Wing Shun Chan
65   * @author Jorge Ferrer
66   *
67   */
68  public class EditRolePermissionsAction extends PortletAction {
69  
70      public void processAction(
71              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
72              ActionRequest actionRequest, ActionResponse actionResponse)
73          throws Exception {
74  
75          String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
76  
77          try {
78              if (cmd.equals("actions")) {
79                  updateActions(actionRequest, actionResponse);
80              }
81              else if (cmd.equals("delete_permission")) {
82                  deletePermission(actionRequest, actionResponse);
83              }
84          }
85          catch (Exception e) {
86              if (e instanceof NoSuchRoleException ||
87                  e instanceof PrincipalException ||
88                  e instanceof RolePermissionsException) {
89  
90                  SessionErrors.add(actionRequest, e.getClass().getName());
91  
92                  setForward(actionRequest, "portlet.enterprise_admin.error");
93              }
94              else {
95                  throw e;
96              }
97          }
98      }
99  
100     public ActionForward render(
101             ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
102             RenderRequest renderRequest, RenderResponse renderResponse)
103         throws Exception {
104 
105         try {
106             ActionUtil.getRole(renderRequest);
107         }
108         catch (Exception e) {
109             if (e instanceof NoSuchRoleException ||
110                 e instanceof PrincipalException) {
111 
112                 SessionErrors.add(renderRequest, e.getClass().getName());
113 
114                 return mapping.findForward("portlet.enterprise_admin.error");
115             }
116             else {
117                 throw e;
118             }
119         }
120 
121         return mapping.findForward(getForward(
122             renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
123     }
124 
125     protected void deletePermission(
126             ActionRequest actionRequest, ActionResponse actionResponse)
127         throws Exception {
128 
129         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
130             WebKeys.THEME_DISPLAY);
131 
132         long roleId = ParamUtil.getLong(actionRequest, "roleId");
133         long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
134         String name = ParamUtil.getString(actionRequest, "name");
135         int scope = ParamUtil.getInteger(actionRequest, "scope");
136         String primKey = ParamUtil.getString(actionRequest, "primKey");
137         String actionId = ParamUtil.getString(actionRequest, "actionId");
138 
139         Role role = RoleLocalServiceUtil.getRole(roleId);
140 
141         if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
142             role.getName().equals(RoleConstants.OWNER) ||
143             role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
144             role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
145             role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
146             role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
147 
148             throw new RolePermissionsException(role.getName());
149         }
150 
151         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
152             ResourcePermissionServiceUtil.removeResourcePermission(
153                 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
154                 name, scope, primKey, roleId, actionId);
155         }
156         else {
157             PermissionServiceUtil.unsetRolePermission(
158                 roleId, themeDisplay.getScopeGroupId(), permissionId);
159         }
160 
161         // Send redirect
162 
163         SessionMessages.add(actionRequest, "permissionDeleted");
164 
165         String redirect = ParamUtil.getString(actionRequest, "redirect");
166 
167         actionResponse.sendRedirect(redirect);
168     }
169 
170     protected void updateAction_1to5(
171             ActionRequest actionRequest, Role role, long groupId,
172             String selResource, String actionId)
173         throws Exception {
174 
175         long roleId = role.getRoleId();
176 
177         int scope = ParamUtil.getInteger(
178             actionRequest, "scope" + selResource + actionId);
179 
180         if (scope == ResourceConstants.SCOPE_COMPANY) {
181             PermissionServiceUtil.setRolePermission(
182                 roleId, groupId, selResource, scope,
183                 String.valueOf(role.getCompanyId()), actionId);
184         }
185         else if (scope == ResourceConstants.SCOPE_GROUP) {
186             if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
187                 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
188 
189                 PermissionServiceUtil.setRolePermission(
190                     roleId, groupId, selResource,
191                     ResourceConstants.SCOPE_GROUP_TEMPLATE,
192                     String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
193                     actionId);
194             }
195             else {
196                 String[] groupIds = StringUtil.split(
197                     ParamUtil.getString(
198                         actionRequest, "groupIds" + selResource + actionId));
199 
200                 if (groupIds.length == 0) {
201                     SessionErrors.add(
202                         actionRequest, "missingGroupIdsForAction");
203 
204                     return;
205                 }
206 
207                 groupIds = ArrayUtil.distinct(groupIds);
208 
209                 PermissionServiceUtil.unsetRolePermissions(
210                     roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
211                     actionId);
212 
213                 for (String curGroupId : groupIds) {
214                     PermissionServiceUtil.setRolePermission(
215                         roleId, groupId, selResource,
216                         ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
217                 }
218             }
219         }
220         else {
221 
222             // Remove company, group template, and group permissions
223 
224             PermissionServiceUtil.unsetRolePermissions(
225                 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
226                 actionId);
227 
228             PermissionServiceUtil.unsetRolePermissions(
229                 roleId, groupId, selResource,
230                 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
231 
232             PermissionServiceUtil.unsetRolePermissions(
233                 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
234                 actionId);
235         }
236     }
237 
238     protected void updateAction_6(
239             ActionRequest actionRequest, Role role, long groupId,
240             String selResource, String actionId)
241         throws Exception {
242 
243         long companyId = role.getCompanyId();
244         long roleId = role.getRoleId();
245 
246         int scope = ParamUtil.getInteger(
247             actionRequest, "scope" + selResource + actionId);
248 
249         if (scope == ResourceConstants.SCOPE_COMPANY) {
250             ResourcePermissionServiceUtil.addResourcePermission(
251                 groupId, companyId, selResource, scope,
252                 String.valueOf(role.getCompanyId()), roleId, actionId);
253         }
254         else if (scope == ResourceConstants.SCOPE_GROUP) {
255             if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
256                 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
257 
258                 ResourcePermissionServiceUtil.addResourcePermission(
259                     groupId, companyId, selResource,
260                     ResourceConstants.SCOPE_GROUP_TEMPLATE,
261                     String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
262                     roleId, actionId);
263             }
264             else {
265                 String[] groupIds = StringUtil.split(
266                     ParamUtil.getString(
267                         actionRequest, "groupIds" + selResource + actionId));
268 
269                 if (groupIds.length == 0) {
270                     SessionErrors.add(
271                         actionRequest, "missingGroupIdsForAction");
272 
273                     return;
274                 }
275 
276                 groupIds = ArrayUtil.distinct(groupIds);
277 
278                 ResourcePermissionServiceUtil.removeResourcePermissions(
279                     groupId, companyId, selResource,
280                     ResourceConstants.SCOPE_GROUP, roleId, actionId);
281 
282                 for (String curGroupId : groupIds) {
283                     ResourcePermissionServiceUtil.addResourcePermission(
284                         groupId, companyId, selResource,
285                         ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
286                         actionId);
287                 }
288             }
289         }
290         else {
291 
292             // Remove company, group template, and group permissions
293 
294             ResourcePermissionServiceUtil.removeResourcePermissions(
295                 groupId, companyId, selResource,
296                 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
297 
298             ResourcePermissionServiceUtil.removeResourcePermissions(
299                 groupId, companyId, selResource,
300                 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
301 
302             ResourcePermissionServiceUtil.removeResourcePermissions(
303                 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
304                 roleId, actionId);
305         }
306     }
307 
308     protected void updateActions(
309             ActionRequest actionRequest, ActionResponse actionResponse)
310         throws Exception {
311 
312         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
313             WebKeys.THEME_DISPLAY);
314 
315         long roleId = ParamUtil.getLong(actionRequest, "roleId");
316 
317         Role role = RoleLocalServiceUtil.getRole(roleId);
318 
319         if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
320             role.getName().equals(RoleConstants.OWNER) ||
321             role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
322             role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
323             role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
324             role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
325 
326             throw new RolePermissionsException(role.getName());
327         }
328 
329         String portletResource = ParamUtil.getString(
330             actionRequest, "portletResource");
331         String[] modelResources = StringUtil.split(
332             ParamUtil.getString(actionRequest, "modelResources"));
333 
334         Map<String, List<String>> resourceActionsMap =
335             new HashMap<String, List<String>>();
336 
337         if (Validator.isNotNull(portletResource)) {
338             resourceActionsMap.put(
339                 portletResource,
340                 ResourceActionsUtil.getResourceActions(portletResource, null));
341         }
342 
343         for (String modelResource : modelResources) {
344             resourceActionsMap.put(
345                 modelResource,
346                 ResourceActionsUtil.getResourceActions(null, modelResource));
347         }
348 
349         for (Map.Entry<String, List<String>> entry :
350                 resourceActionsMap.entrySet()) {
351 
352             String selResource = entry.getKey();
353             List<String> actions = entry.getValue();
354 
355             actions = ListUtil.sort(
356                 actions,
357                 new ActionComparator(
358                     themeDisplay.getCompanyId(), themeDisplay.getLocale()));
359 
360             for (String actionId : actions) {
361                 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
362                     updateAction_6(
363                         actionRequest, role, themeDisplay.getScopeGroupId(),
364                         selResource, actionId);
365                 }
366                 else {
367                     updateAction_1to5(
368                         actionRequest, role, themeDisplay.getScopeGroupId(),
369                         selResource, actionId);
370                 }
371             }
372         }
373 
374         // Send redirect
375 
376         SessionMessages.add(actionRequest, "permissionsUpdated");
377 
378         String redirect =
379             ParamUtil.getString(actionRequest, "redirect") + "&" +
380                 Constants.CMD + "=" + Constants.VIEW;
381 
382         actionResponse.sendRedirect(redirect);
383     }
384 
385 }