1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.persistence;
21  
22  import com.liferay.portal.SystemException;
23  import com.liferay.portal.kernel.dao.orm.FinderCacheUtil;
24  import com.liferay.portal.kernel.dao.orm.FinderPath;
25  import com.liferay.portal.kernel.dao.orm.QueryPos;
26  import com.liferay.portal.kernel.dao.orm.SQLQuery;
27  import com.liferay.portal.kernel.dao.orm.Session;
28  import com.liferay.portal.kernel.dao.orm.Type;
29  import com.liferay.portal.kernel.util.ArrayUtil;
30  import com.liferay.portal.kernel.util.ListUtil;
31  import com.liferay.portal.kernel.util.StringUtil;
32  import com.liferay.portal.model.Group;
33  import com.liferay.portal.model.Permission;
34  import com.liferay.portal.model.Role;
35  import com.liferay.portal.model.impl.PermissionImpl;
36  import com.liferay.portal.model.impl.PermissionModelImpl;
37  import com.liferay.portal.service.persistence.impl.BasePersistenceImpl;
38  import com.liferay.util.dao.orm.CustomSQLUtil;
39  
40  import java.util.ArrayList;
41  import java.util.Iterator;
42  import java.util.List;
43  
44  /**
45   * <a href="PermissionFinderImpl.java.html"><b><i>View Source</i></b></a>
46   *
47   * @author Brian Wing Shun Chan
48   *
49   */
50  public class PermissionFinderImpl
51      extends BasePersistenceImpl implements PermissionFinder {
52  
53      public static String COUNT_BY_GROUPS_PERMISSIONS =
54          PermissionFinder.class.getName() + ".countByGroupsPermissions";
55  
56      public static String COUNT_BY_GROUPS_ROLES =
57          PermissionFinder.class.getName() + ".countByGroupsRoles";
58  
59      public static String COUNT_BY_ROLES_PERMISSIONS =
60          PermissionFinder.class.getName() + ".countByRolesPermissions";
61  
62      public static String COUNT_BY_USER_GROUP_ROLE =
63          PermissionFinder.class.getName() + ".countByUserGroupRole";
64  
65      public static String COUNT_BY_USERS_PERMISSIONS =
66          PermissionFinder.class.getName() + ".countByUsersPermissions";
67  
68      public static String COUNT_BY_USERS_ROLES =
69          PermissionFinder.class.getName() + ".countByUsersRoles";
70  
71      public static String FIND_BY_A_R =
72          PermissionFinder.class.getName() + ".findByA_R";
73  
74      public static String FIND_BY_G_R =
75          PermissionFinder.class.getName() + ".findByG_R";
76  
77      public static String FIND_BY_R_R =
78          PermissionFinder.class.getName() + ".findByR_R";
79  
80      public static String FIND_BY_U_R =
81          PermissionFinder.class.getName() + ".findByU_R";
82  
83      public static String FIND_BY_O_G_R =
84          PermissionFinder.class.getName() + ".findByO_G_R";
85  
86      public static String FIND_BY_U_A_R =
87          PermissionFinder.class.getName() + ".findByU_A_R";
88  
89      public static String FIND_BY_G_C_N_S_P =
90          PermissionFinder.class.getName() + ".findByG_C_N_S_P";
91  
92      public static String FIND_BY_U_C_N_S_P =
93          PermissionFinder.class.getName() + ".findByU_C_N_S_P";
94  
95      public static final FinderPath FINDER_PATH_COUNT_BY_ROLES_PERMISSIONS =
96          new FinderPath(
97              PermissionModelImpl.ENTITY_CACHE_ENABLED,
98              PermissionModelImpl.FINDER_CACHE_ENABLED, "Roles_Permissions",
99              "customCountByRolesPermissions",
100             new String[] {
101                 java.util.List.class.getName(), java.util.List.class.getName()
102             });
103 
104     public static final FinderPath FINDER_PATH_FIND_BY_A_R = new FinderPath(
105         PermissionModelImpl.ENTITY_CACHE_ENABLED,
106         PermissionModelImpl.FINDER_CACHE_ENABLED,
107         PermissionPersistenceImpl.FINDER_CLASS_NAME_LIST, "customFindByA_R",
108         new String[] {
109             String.class.getName(), "[L" + Long.class.getName()
110         });
111 
112     public boolean containsPermissions_2(
113             List<Permission> permissions, long userId, List<Group> groups,
114             long groupId)
115         throws SystemException {
116 
117         Session session = null;
118 
119         try {
120             session = openSession();
121 
122             String sql = null;
123 
124             StringBuilder sb = new StringBuilder();
125 
126             if (groups.size() > 0) {
127                 sb.append("(");
128                 sb.append(CustomSQLUtil.get(COUNT_BY_GROUPS_ROLES));
129                 sb.append(") ");
130 
131                 sql = sb.toString();
132 
133                 sql = StringUtil.replace(
134                     sql, "[$PERMISSION_IDS$]",
135                     getPermissionIds(permissions, "Roles_Permissions"));
136                 sql = StringUtil.replace(
137                     sql, "[$GROUP_IDS$]", getGroupIds(groups, "Groups_Roles"));
138 
139                 sb = new StringBuilder();
140 
141                 sb.append(sql);
142 
143                 sb.append("UNION ALL (");
144                 sb.append(CustomSQLUtil.get(COUNT_BY_GROUPS_PERMISSIONS));
145                 sb.append(") ");
146 
147                 sql = sb.toString();
148 
149                 sql = StringUtil.replace(
150                     sql, "[$PERMISSION_IDS$]",
151                     getPermissionIds(permissions, "Groups_Permissions"));
152                 sql = StringUtil.replace(
153                     sql, "[$GROUP_IDS$]",
154                     getGroupIds(groups, "Groups_Permissions"));
155 
156                 sb = new StringBuilder();
157 
158                 sb.append(sql);
159 
160                 sb.append("UNION ALL ");
161             }
162 
163             sb.append("(");
164             sb.append(CustomSQLUtil.get(COUNT_BY_USERS_ROLES));
165             sb.append(") ");
166 
167             sql = sb.toString();
168 
169             sql = StringUtil.replace(
170                 sql, "[$PERMISSION_IDS$]",
171                 getPermissionIds(permissions, "Roles_Permissions"));
172 
173             sb = new StringBuilder();
174 
175             sb.append(sql);
176 
177             sb.append("UNION ALL (");
178             sb.append(CustomSQLUtil.get(COUNT_BY_USER_GROUP_ROLE));
179             sb.append(") ");
180 
181             sql = sb.toString();
182 
183             sql = StringUtil.replace(
184                 sql, "[$PERMISSION_IDS$]",
185                 getPermissionIds(permissions, "Roles_Permissions"));
186 
187             sb = new StringBuilder();
188 
189             sb.append(sql);
190 
191             sb.append("UNION ALL (");
192             sb.append(CustomSQLUtil.get(COUNT_BY_USERS_PERMISSIONS));
193             sb.append(") ");
194 
195             sql = sb.toString();
196 
197             sql = StringUtil.replace(
198                 sql, "[$PERMISSION_IDS$]",
199                 getPermissionIds(permissions, "Users_Permissions"));
200 
201             SQLQuery q = session.createSQLQuery(sql);
202 
203             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
204 
205             QueryPos qPos = QueryPos.getInstance(q);
206 
207             if (groups.size() > 0) {
208                 setPermissionIds(qPos, permissions);
209                 setGroupIds(qPos, groups);
210                 setPermissionIds(qPos, permissions);
211                 setGroupIds(qPos, groups);
212             }
213 
214             setPermissionIds(qPos, permissions);
215             qPos.add(userId);
216 
217             qPos.add(groupId);
218             setPermissionIds(qPos, permissions);
219             qPos.add(userId);
220 
221             setPermissionIds(qPos, permissions);
222             qPos.add(userId);
223 
224             Iterator<Long> itr = q.list().iterator();
225 
226             while (itr.hasNext()) {
227                 Long count = itr.next();
228 
229                 if ((count != null) && (count.intValue() > 0)) {
230                     return true;
231                 }
232             }
233 
234             return false;
235         }
236         catch (Exception e) {
237             throw new SystemException(e);
238         }
239         finally {
240             closeSession(session);
241         }
242     }
243 
244     public boolean containsPermissions_4(
245             List<Permission> permissions, long userId, List<Group> groups,
246             List<Role> roles)
247         throws SystemException {
248 
249         Session session = null;
250 
251         try {
252             session = openSession();
253 
254             String sql = null;
255 
256             StringBuilder sb = new StringBuilder();
257 
258             if (groups.size() > 0) {
259                 sb.append("(");
260                 sb.append(CustomSQLUtil.get(COUNT_BY_GROUPS_PERMISSIONS));
261                 sb.append(") ");
262 
263                 sql = sb.toString();
264 
265                 sql = StringUtil.replace(
266                     sql, "[$PERMISSION_IDS$]",
267                     getPermissionIds(permissions, "Groups_Permissions"));
268                 sql = StringUtil.replace(
269                     sql, "[$GROUP_IDS$]",
270                     getGroupIds(groups, "Groups_Permissions"));
271 
272                 sb = new StringBuilder();
273 
274                 sb.append(sql);
275 
276                 sb.append("UNION ALL ");
277             }
278 
279             if (roles.size() > 0) {
280                 sb.append("(");
281                 sb.append(CustomSQLUtil.get(COUNT_BY_ROLES_PERMISSIONS));
282                 sb.append(") ");
283 
284                 sql = sb.toString();
285 
286                 sql = StringUtil.replace(
287                     sql, "[$PERMISSION_IDS$]",
288                     getPermissionIds(permissions, "Roles_Permissions"));
289                 sql = StringUtil.replace(
290                     sql, "[$ROLE_IDS$]",
291                     getRoleIds(roles, "Roles_Permissions"));
292 
293                 sb = new StringBuilder();
294 
295                 sb.append(sql);
296 
297                 sb.append("UNION ALL ");
298             }
299 
300             sb.append("(");
301             sb.append(CustomSQLUtil.get(COUNT_BY_USERS_PERMISSIONS));
302             sb.append(") ");
303 
304             sql = sb.toString();
305 
306             sql = StringUtil.replace(
307                 sql, "[$PERMISSION_IDS$]",
308                 getPermissionIds(permissions, "Users_Permissions"));
309 
310             SQLQuery q = session.createSQLQuery(sql);
311 
312             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
313 
314             QueryPos qPos = QueryPos.getInstance(q);
315 
316             if (groups.size() > 0) {
317                 setPermissionIds(qPos, permissions);
318                 setGroupIds(qPos, groups);
319             }
320 
321             if (roles.size() > 0) {
322                 setPermissionIds(qPos, permissions);
323                 setRoleIds(qPos, roles);
324             }
325 
326             setPermissionIds(qPos, permissions);
327             qPos.add(userId);
328 
329             Iterator<Long> itr = q.list().iterator();
330 
331             while (itr.hasNext()) {
332                 Long count = itr.next();
333 
334                 if ((count != null) && (count.intValue() > 0)) {
335                     return true;
336                 }
337             }
338 
339             return false;
340         }
341         catch (Exception e) {
342             throw new SystemException(e);
343         }
344         finally {
345             closeSession(session);
346         }
347     }
348 
349     public int countByGroupsPermissions(
350             List<Permission> permissions, List<Group> groups)
351         throws SystemException {
352 
353         Session session = null;
354 
355         try {
356             session = openSession();
357 
358             String sql = CustomSQLUtil.get(COUNT_BY_GROUPS_PERMISSIONS);
359 
360             sql = StringUtil.replace(
361                 sql, "[$PERMISSION_IDS$]",
362                 getPermissionIds(permissions, "Groups_Permissions"));
363             sql = StringUtil.replace(
364                 sql, "[$GROUP_IDS$]",
365                 getGroupIds(groups, "Groups_Permissions"));
366 
367             SQLQuery q = session.createSQLQuery(sql);
368 
369             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
370 
371             QueryPos qPos = QueryPos.getInstance(q);
372 
373             setPermissionIds(qPos, permissions);
374             setGroupIds(qPos, groups);
375 
376             Iterator<Long> itr = q.list().iterator();
377 
378             if (itr.hasNext()) {
379                 Long count = itr.next();
380 
381                 if (count != null) {
382                     return count.intValue();
383                 }
384             }
385 
386             return 0;
387         }
388         catch (Exception e) {
389             throw new SystemException(e);
390         }
391         finally {
392             closeSession(session);
393         }
394     }
395 
396     public int countByGroupsRoles(
397             List<Permission> permissions, List<Group> groups)
398         throws SystemException {
399 
400         Session session = null;
401 
402         try {
403             session = openSession();
404 
405             String sql = CustomSQLUtil.get(COUNT_BY_GROUPS_ROLES);
406 
407             sql = StringUtil.replace(
408                 sql, "[$PERMISSION_IDS$]",
409                 getPermissionIds(permissions, "Roles_Permissions"));
410             sql = StringUtil.replace(
411                 sql, "[$GROUP_IDS$]", getGroupIds(groups, "Groups_Roles"));
412 
413             SQLQuery q = session.createSQLQuery(sql);
414 
415             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
416 
417             QueryPos qPos = QueryPos.getInstance(q);
418 
419             setPermissionIds(qPos, permissions);
420             setGroupIds(qPos, groups);
421 
422             Iterator<Long> itr = q.list().iterator();
423 
424             if (itr.hasNext()) {
425                 Long count = itr.next();
426 
427                 if (count != null) {
428                     return count.intValue();
429                 }
430             }
431 
432             return 0;
433         }
434         catch (Exception e) {
435             throw new SystemException(e);
436         }
437         finally {
438             closeSession(session);
439         }
440     }
441 
442     public int countByRolesPermissions(
443             List<Permission> permissions, List<Role> roles)
444         throws SystemException {
445 
446         Object finderArgs[] = new Object[] {
447             ListUtil.toString(permissions, "permissionId"),
448             ListUtil.toString(roles, "roleId")
449         };
450 
451         Long count = (Long)FinderCacheUtil.getResult(
452             FINDER_PATH_COUNT_BY_ROLES_PERMISSIONS, finderArgs, this);
453 
454         if (count == null) {
455             Session session = null;
456 
457             try {
458                 session = openSession();
459 
460                 String sql = CustomSQLUtil.get(COUNT_BY_ROLES_PERMISSIONS);
461 
462                 sql = StringUtil.replace(
463                     sql, "[$PERMISSION_IDS$]",
464                     getPermissionIds(permissions, "Roles_Permissions"));
465                 sql = StringUtil.replace(
466                     sql, "[$ROLE_IDS$]",
467                     getRoleIds(roles, "Roles_Permissions"));
468 
469                 SQLQuery q = session.createSQLQuery(sql);
470 
471                 q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
472 
473                 QueryPos qPos = QueryPos.getInstance(q);
474 
475                 setPermissionIds(qPos, permissions);
476                 setRoleIds(qPos, roles);
477 
478                 count = (Long)q.uniqueResult();
479             }
480             catch (Exception e) {
481                 throw new SystemException(e);
482             }
483             finally {
484                 if (count == null) {
485                     count = Long.valueOf(0);
486                 }
487 
488                 FinderCacheUtil.putResult(
489                     FINDER_PATH_COUNT_BY_ROLES_PERMISSIONS, finderArgs, count);
490 
491                 closeSession(session);
492             }
493         }
494 
495         return count.intValue();
496     }
497 
498     public int countByUserGroupRole(
499             List<Permission> permissions, long userId, long groupId)
500         throws SystemException {
501 
502         Session session = null;
503 
504         try {
505             session = openSession();
506 
507             String sql = CustomSQLUtil.get(COUNT_BY_USER_GROUP_ROLE);
508 
509             sql = StringUtil.replace(
510                 sql, "[$PERMISSION_IDS$]",
511                 getPermissionIds(permissions, "Roles_Permissions"));
512 
513             SQLQuery q = session.createSQLQuery(sql);
514 
515             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
516 
517             QueryPos qPos = QueryPos.getInstance(q);
518 
519             qPos.add(groupId);
520             setPermissionIds(qPos, permissions);
521             qPos.add(userId);
522 
523             Iterator<Long> itr = q.list().iterator();
524 
525             if (itr.hasNext()) {
526                 Long count = itr.next();
527 
528                 if (count != null) {
529                     return count.intValue();
530                 }
531             }
532 
533             return 0;
534         }
535         catch (Exception e) {
536             throw new SystemException(e);
537         }
538         finally {
539             closeSession(session);
540         }
541     }
542 
543     public int countByUsersPermissions(
544             List<Permission> permissions, long userId)
545         throws SystemException {
546 
547         Session session = null;
548 
549         try {
550             session = openSession();
551 
552             String sql = CustomSQLUtil.get(COUNT_BY_USERS_PERMISSIONS);
553 
554             sql = StringUtil.replace(
555                 sql, "[$PERMISSION_IDS$]",
556                 getPermissionIds(permissions, "Users_Permissions"));
557 
558             SQLQuery q = session.createSQLQuery(sql);
559 
560             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
561 
562             QueryPos qPos = QueryPos.getInstance(q);
563 
564             setPermissionIds(qPos, permissions);
565             qPos.add(userId);
566 
567             Iterator<Long> itr = q.list().iterator();
568 
569             if (itr.hasNext()) {
570                 Long count = itr.next();
571 
572                 if (count != null) {
573                     return count.intValue();
574                 }
575             }
576 
577             return 0;
578         }
579         catch (Exception e) {
580             throw new SystemException(e);
581         }
582         finally {
583             closeSession(session);
584         }
585     }
586 
587     public int countByUsersRoles(List<Permission> permissions, long userId)
588         throws SystemException {
589 
590         Session session = null;
591 
592         try {
593             session = openSession();
594 
595             String sql = CustomSQLUtil.get(COUNT_BY_USERS_ROLES);
596 
597             sql = StringUtil.replace(
598                 sql, "[$PERMISSION_IDS$]",
599                 getPermissionIds(permissions, "Roles_Permissions"));
600 
601             SQLQuery q = session.createSQLQuery(sql);
602 
603             q.addScalar(COUNT_COLUMN_NAME, Type.LONG);
604 
605             QueryPos qPos = QueryPos.getInstance(q);
606 
607             setPermissionIds(qPos, permissions);
608             qPos.add(userId);
609 
610             Iterator<Long> itr = q.list().iterator();
611 
612             if (itr.hasNext()) {
613                 Long count = itr.next();
614 
615                 if (count != null) {
616                     return count.intValue();
617                 }
618             }
619 
620             return 0;
621         }
622         catch (Exception e) {
623             throw new SystemException(e);
624         }
625         finally {
626             closeSession(session);
627         }
628     }
629 
630     public List<Permission> findByA_R(String actionId, long[] resourceIds)
631         throws SystemException {
632 
633         Object finderArgs[] = new Object[] {
634             actionId, StringUtil.merge(ArrayUtil.toArray(resourceIds))
635         };
636 
637         List<Permission> list = (List<Permission>)FinderCacheUtil.getResult(
638             FINDER_PATH_FIND_BY_A_R, finderArgs, this);
639 
640         if (list == null) {
641             Session session = null;
642 
643             try {
644                 session = openSession();
645 
646                 String sql = CustomSQLUtil.get(FIND_BY_A_R);
647 
648                 sql = StringUtil.replace(
649                     sql, "[$RESOURCE_IDS$]", getResourceIds(resourceIds));
650 
651                 SQLQuery q = session.createSQLQuery(sql);
652 
653                 q.addEntity("Permission_", PermissionImpl.class);
654 
655                 QueryPos qPos = QueryPos.getInstance(q);
656 
657                 qPos.add(actionId);
658                 setResourceIds(qPos, resourceIds);
659 
660                 list = q.list();
661             }
662             catch (Exception e) {
663                 throw new SystemException(e);
664             }
665             finally {
666                 if (list == null) {
667                     list = new ArrayList<Permission>();
668                 }
669 
670                 FinderCacheUtil.putResult(
671                     FINDER_PATH_FIND_BY_A_R, finderArgs, list);
672 
673                 closeSession(session);
674             }
675         }
676 
677         return list;
678     }
679 
680     public List<Permission> findByG_R(long groupId, long resourceId)
681         throws SystemException {
682 
683         Session session = null;
684 
685         try {
686             session = openSession();
687 
688             String sql = CustomSQLUtil.get(FIND_BY_G_R);
689 
690             SQLQuery q = session.createSQLQuery(sql);
691 
692             q.addEntity("Permission_", PermissionImpl.class);
693 
694             QueryPos qPos = QueryPos.getInstance(q);
695 
696             qPos.add(groupId);
697             qPos.add(resourceId);
698 
699             return q.list();
700         }
701         catch (Exception e) {
702             throw new SystemException(e);
703         }
704         finally {
705             closeSession(session);
706         }
707     }
708 
709     public List<Permission> findByR_R(
710             long roleId, long resourceId) throws SystemException {
711         Session session = null;
712 
713         try {
714             session = openSession();
715 
716             String sql = CustomSQLUtil.get(FIND_BY_R_R);
717 
718             SQLQuery q = session.createSQLQuery(sql);
719 
720             q.addEntity("Permission_", PermissionImpl.class);
721 
722             QueryPos qPos = QueryPos.getInstance(q);
723 
724             qPos.add(roleId);
725             qPos.add(resourceId);
726 
727             return q.list();
728         }
729         catch (Exception e) {
730             throw new SystemException(e);
731         }
732         finally {
733             closeSession(session);
734         }
735     }
736 
737     public List<Permission> findByU_R(long userId, long resourceId)
738         throws SystemException {
739 
740         Session session = null;
741 
742         try {
743             session = openSession();
744 
745             String sql = CustomSQLUtil.get(FIND_BY_U_R);
746 
747             SQLQuery q = session.createSQLQuery(sql);
748 
749             q.addEntity("Permission_", PermissionImpl.class);
750 
751             QueryPos qPos = QueryPos.getInstance(q);
752 
753             qPos.add(userId);
754             qPos.add(resourceId);
755 
756             return q.list();
757         }
758         catch (Exception e) {
759             throw new SystemException(e);
760         }
761         finally {
762             closeSession(session);
763         }
764     }
765 
766     public List<Permission> findByO_G_R(
767             long organizationId, long groupId, long resourceId)
768         throws SystemException {
769 
770         Session session = null;
771 
772         try {
773             session = openSession();
774 
775             String sql = CustomSQLUtil.get(FIND_BY_O_G_R);
776 
777             SQLQuery q = session.createSQLQuery(sql);
778 
779             q.addEntity("Permission_", PermissionImpl.class);
780 
781             QueryPos qPos = QueryPos.getInstance(q);
782 
783             qPos.add(organizationId);
784             qPos.add(groupId);
785             qPos.add(resourceId);
786 
787             return q.list();
788         }
789         catch (Exception e) {
790             throw new SystemException(e);
791         }
792         finally {
793             closeSession(session);
794         }
795     }
796 
797     public List<Permission> findByU_A_R(
798             long userId, String[] actionIds, long resourceId)
799         throws SystemException {
800 
801         Session session = null;
802 
803         try {
804             session = openSession();
805 
806             String sql = CustomSQLUtil.get(FIND_BY_U_R);
807 
808             sql = StringUtil.replace(
809                 sql, "[$ACTION_IDS$]", getActionIds(actionIds));
810 
811             SQLQuery q = session.createSQLQuery(sql);
812 
813             q.addEntity("Permission_", PermissionImpl.class);
814 
815             QueryPos qPos = QueryPos.getInstance(q);
816 
817             qPos.add(userId);
818             qPos.add(resourceId);
819 
820             return q.list();
821         }
822         catch (Exception e) {
823             throw new SystemException(e);
824         }
825         finally {
826             closeSession(session);
827         }
828     }
829 
830     public List<Permission> findByG_C_N_S_P(
831             long groupId, long companyId, String name, int scope,
832             String primKey)
833         throws SystemException {
834 
835         Session session = null;
836 
837         try {
838             session = openSession();
839 
840             String sql = CustomSQLUtil.get(FIND_BY_G_C_N_S_P);
841 
842             SQLQuery q = session.createSQLQuery(sql);
843 
844             q.addEntity("Permission_", PermissionImpl.class);
845 
846             QueryPos qPos = QueryPos.getInstance(q);
847 
848             qPos.add(groupId);
849             qPos.add(companyId);
850             qPos.add(name);
851             qPos.add(scope);
852             qPos.add(primKey);
853 
854             return q.list();
855         }
856         catch (Exception e) {
857             throw new SystemException(e);
858         }
859         finally {
860             closeSession(session);
861         }
862     }
863 
864     public List<Permission> findByU_C_N_S_P(
865             long userId, long companyId, String name, int scope, String primKey)
866         throws SystemException {
867 
868         Session session = null;
869 
870         try {
871             session = openSession();
872 
873             String sql = CustomSQLUtil.get(FIND_BY_U_C_N_S_P);
874 
875             SQLQuery q = session.createSQLQuery(sql);
876 
877             q.addEntity("Permission_", PermissionImpl.class);
878 
879             QueryPos qPos = QueryPos.getInstance(q);
880 
881             qPos.add(userId);
882             qPos.add(companyId);
883             qPos.add(name);
884             qPos.add(scope);
885             qPos.add(primKey);
886 
887             return q.list();
888         }
889         catch (Exception e) {
890             throw new SystemException(e);
891         }
892         finally {
893             closeSession(session);
894         }
895     }
896 
897     protected String getActionIds(String[] actionIds) {
898         StringBuilder sb = new StringBuilder();
899 
900         for (int i = 0; i < actionIds.length; i++) {
901             sb.append("Permission_.actionId = ?");
902 
903             if ((i + 1) < actionIds.length) {
904                 sb.append(" OR ");
905             }
906         }
907 
908         return sb.toString();
909     }
910 
911     protected String getGroupIds(List<Group> groups, String table) {
912         StringBuilder sb = new StringBuilder();
913 
914         for (int i = 0; i < groups.size(); i++) {
915             sb.append(table);
916             sb.append(".groupId = ?");
917 
918             if ((i + 1) < groups.size()) {
919                 sb.append(" OR ");
920             }
921         }
922 
923         return sb.toString();
924     }
925 
926     protected String getPermissionIds(
927         List<Permission> permissions, String table) {
928 
929         StringBuilder sb = new StringBuilder();
930 
931         for (int i = 0; i < permissions.size(); i++) {
932             sb.append(table);
933             sb.append(".permissionId = ?");
934 
935             if ((i + 1) < permissions.size()) {
936                 sb.append(" OR ");
937             }
938         }
939 
940         return sb.toString();
941     }
942 
943     protected String getResourceIds(long[] resourceIds) {
944         StringBuilder sb = new StringBuilder();
945 
946         for (int i = 0; i < resourceIds.length; i++) {
947             sb.append("resourceId = ?");
948 
949             if ((i + 1) < resourceIds.length) {
950                 sb.append(" OR ");
951             }
952         }
953 
954         return sb.toString();
955     }
956 
957     protected String getRoleIds(List<Role> roles, String table) {
958         StringBuilder sb = new StringBuilder();
959 
960         for (int i = 0; i < roles.size(); i++) {
961             sb.append(table);
962             sb.append(".roleId = ?");
963 
964             if ((i + 1) < roles.size()) {
965                 sb.append(" OR ");
966             }
967         }
968 
969         return sb.toString();
970     }
971 
972     protected void setGroupIds(QueryPos qPos, List<Group> groups) {
973         for (Group group : groups) {
974             qPos.add(group.getGroupId());
975         }
976     }
977 
978     protected void setPermissionIds(
979         QueryPos qPos, List<Permission> permissions) {
980 
981         for (Permission permission : permissions) {
982             qPos.add(permission.getPermissionId());
983         }
984     }
985 
986     protected void setResourceIds(QueryPos qPos, long[] resourceIds) {
987         for (long resourceId : resourceIds) {
988             qPos.add(resourceId);
989         }
990     }
991 
992     protected void setRoleIds(QueryPos qPos, List<Role> roles) {
993         for (Role role : roles) {
994             qPos.add(role.getRoleId());
995         }
996     }
997 
998 }