1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.impl;
21  
22  import com.liferay.portal.PortalException;
23  import com.liferay.portal.RequiredUserException;
24  import com.liferay.portal.ReservedUserEmailAddressException;
25  import com.liferay.portal.SystemException;
26  import com.liferay.portal.kernel.util.ArrayUtil;
27  import com.liferay.portal.model.Address;
28  import com.liferay.portal.model.Company;
29  import com.liferay.portal.model.Contact;
30  import com.liferay.portal.model.EmailAddress;
31  import com.liferay.portal.model.Group;
32  import com.liferay.portal.model.GroupConstants;
33  import com.liferay.portal.model.Organization;
34  import com.liferay.portal.model.Phone;
35  import com.liferay.portal.model.Role;
36  import com.liferay.portal.model.User;
37  import com.liferay.portal.model.UserGroupRole;
38  import com.liferay.portal.model.Website;
39  import com.liferay.portal.security.auth.PrincipalException;
40  import com.liferay.portal.security.permission.ActionKeys;
41  import com.liferay.portal.security.permission.PermissionChecker;
42  import com.liferay.portal.service.ServiceContext;
43  import com.liferay.portal.service.base.UserServiceBaseImpl;
44  import com.liferay.portal.service.permission.GroupPermissionUtil;
45  import com.liferay.portal.service.permission.OrganizationPermissionUtil;
46  import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
47  import com.liferay.portal.service.permission.RolePermissionUtil;
48  import com.liferay.portal.service.permission.UserGroupPermissionUtil;
49  import com.liferay.portal.service.permission.UserPermissionUtil;
50  import com.liferay.portal.util.PropsValues;
51  import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
52  import com.liferay.portlet.enterpriseadmin.util.EnterpriseAdminUtil;
53  
54  import java.util.List;
55  import java.util.Locale;
56  
57  /**
58   * <a href="UserServiceImpl.java.html"><b><i>View Source</i></b></a>
59   *
60   * @author Brian Wing Shun Chan
61   * @author Brian Myunghun Kim
62   * @author Scott Lee
63   * @author Jorge Ferrer
64   * @author Julio Camarero
65   *
66   */
67  public class UserServiceImpl extends UserServiceBaseImpl {
68  
69      public void addGroupUsers(long groupId, long[] userIds)
70          throws PortalException, SystemException {
71  
72          try {
73              GroupPermissionUtil.check(
74                  getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
75          }
76          catch (PrincipalException pe) {
77  
78              // Allow any user to join open communities
79  
80              boolean hasPermission = false;
81  
82              if (userIds.length == 0) {
83                  hasPermission = true;
84              }
85              else if (userIds.length == 1) {
86                  User user = getUser();
87  
88                  if (user.getUserId() == userIds[0]) {
89                      Group group = groupPersistence.findByPrimaryKey(groupId);
90  
91                      if (user.getCompanyId() == group.getCompanyId()) {
92                          int type = group.getType();
93  
94                          if (type == GroupConstants.TYPE_COMMUNITY_OPEN) {
95                              hasPermission = true;
96                          }
97                      }
98                  }
99              }
100 
101             if (!hasPermission) {
102                 throw new PrincipalException();
103             }
104         }
105 
106         userLocalService.addGroupUsers(groupId, userIds);
107     }
108 
109     public void addOrganizationUsers(long organizationId, long[] userIds)
110         throws PortalException, SystemException {
111 
112         OrganizationPermissionUtil.check(
113             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
114 
115         validateOrganizationUsers(userIds);
116 
117         userLocalService.addOrganizationUsers(organizationId, userIds);
118     }
119 
120     public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
121         throws PortalException, SystemException {
122 
123         PasswordPolicyPermissionUtil.check(
124             getPermissionChecker(), passwordPolicyId,
125             ActionKeys.ASSIGN_MEMBERS);
126 
127         userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
128     }
129 
130     public void addRoleUsers(long roleId, long[] userIds)
131         throws PortalException, SystemException {
132 
133         RolePermissionUtil.check(
134             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
135 
136         userLocalService.addRoleUsers(roleId, userIds);
137     }
138 
139     public void addUserGroupUsers(long userGroupId, long[] userIds)
140         throws PortalException, SystemException {
141 
142         UserGroupPermissionUtil.check(
143             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
144 
145         userLocalService.addUserGroupUsers(userGroupId, userIds);
146     }
147 
148     public User addUser(
149             long companyId, boolean autoPassword, String password1,
150             String password2, boolean autoScreenName, String screenName,
151             String emailAddress, String openId, Locale locale, String firstName,
152             String middleName, String lastName, int prefixId, int suffixId,
153             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
154             String jobTitle, long[] groupIds, long[] organizationIds,
155             long[] roleIds, long[] userGroupIds, boolean sendEmail,
156             ServiceContext serviceContext)
157         throws PortalException, SystemException {
158 
159         Company company = companyPersistence.findByPrimaryKey(companyId);
160 
161         long creatorUserId = 0;
162 
163         try {
164             creatorUserId = getUserId();
165         }
166         catch (PrincipalException pe) {
167         }
168 
169         if ((creatorUserId != 0) || !company.isStrangers()) {
170             UserPermissionUtil.check(
171                 getPermissionChecker(), 0, organizationIds,
172                 ActionKeys.ADD_USER);
173         }
174 
175         if (creatorUserId == 0) {
176             if (!company.isStrangersWithMx() &&
177                 company.hasCompanyMx(emailAddress)) {
178 
179                 throw new ReservedUserEmailAddressException();
180             }
181         }
182 
183         return userLocalService.addUser(
184             creatorUserId, companyId, autoPassword, password1, password2,
185             autoScreenName, screenName, emailAddress, openId, locale, firstName,
186             middleName, lastName, prefixId, suffixId, male, birthdayMonth,
187             birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
188             roleIds, userGroupIds, sendEmail, serviceContext);
189     }
190 
191     public User addUser(
192             long companyId, boolean autoPassword, String password1,
193             String password2, boolean autoScreenName, String screenName,
194             String emailAddress, String openId, Locale locale, String firstName,
195             String middleName, String lastName, int prefixId, int suffixId,
196             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
197             String jobTitle, long[] groupIds, long[] organizationIds,
198             long[] roleIds, long[] userGroupIds, boolean sendEmail,
199             List<Address> addresses, List<EmailAddress> emailAddresses,
200             List<Phone> phones, List<Website> websites,
201             List<AnnouncementsDelivery> announcementsDelivers,
202             ServiceContext serviceContext)
203         throws PortalException, SystemException {
204 
205         User user = addUser(
206             companyId, autoPassword, password1, password2, autoScreenName,
207             screenName, emailAddress, openId, locale, firstName, middleName,
208             lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay,
209             birthdayYear, jobTitle, groupIds, organizationIds, roleIds,
210             userGroupIds, sendEmail, serviceContext);
211 
212         EnterpriseAdminUtil.updateAddresses(
213             Contact.class.getName(), user.getContactId(), addresses);
214 
215         EnterpriseAdminUtil.updateEmailAddresses(
216             Contact.class.getName(), user.getContactId(), emailAddresses);
217 
218         EnterpriseAdminUtil.updatePhones(
219             Contact.class.getName(), user.getContactId(), phones);
220 
221         EnterpriseAdminUtil.updateWebsites(
222             Contact.class.getName(), user.getContactId(), websites);
223 
224         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
225 
226         return user;
227     }
228 
229     public void deletePortrait(long userId)
230         throws PortalException, SystemException {
231 
232         UserPermissionUtil.check(
233             getPermissionChecker(), userId, ActionKeys.UPDATE);
234 
235         userLocalService.deletePortrait(userId);
236     }
237 
238     public void deleteRoleUser(long roleId, long userId)
239         throws PortalException, SystemException {
240 
241         RolePermissionUtil.check(
242             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
243 
244         userLocalService.deleteRoleUser(roleId, userId);
245     }
246 
247     public void deleteUser(long userId)
248         throws PortalException, SystemException {
249 
250         if (getUserId() == userId) {
251             throw new RequiredUserException();
252         }
253 
254         UserPermissionUtil.check(
255             getPermissionChecker(), userId, ActionKeys.DELETE);
256 
257         userLocalService.deleteUser(userId);
258     }
259 
260     public long getDefaultUserId(long companyId)
261         throws PortalException, SystemException {
262 
263         return userLocalService.getDefaultUserId(companyId);
264     }
265 
266     public long[] getGroupUserIds(long groupId) throws SystemException {
267         return userLocalService.getGroupUserIds(groupId);
268     }
269 
270     public long[] getOrganizationUserIds(long organizationId)
271         throws SystemException {
272 
273         return userLocalService.getOrganizationUserIds(organizationId);
274     }
275 
276     public long[] getRoleUserIds(long roleId) throws SystemException {
277         return userLocalService.getRoleUserIds(roleId);
278     }
279 
280     public User getUserByEmailAddress(long companyId, String emailAddress)
281         throws PortalException, SystemException {
282 
283         User user = userLocalService.getUserByEmailAddress(
284             companyId, emailAddress);
285 
286         UserPermissionUtil.check(
287             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
288 
289         return user;
290     }
291 
292     public User getUserById(long userId)
293         throws PortalException, SystemException {
294 
295         User user = userLocalService.getUserById(userId);
296 
297         UserPermissionUtil.check(
298             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
299 
300         return user;
301     }
302 
303     public User getUserByScreenName(long companyId, String screenName)
304         throws PortalException, SystemException {
305 
306         User user = userLocalService.getUserByScreenName(
307             companyId, screenName);
308 
309         UserPermissionUtil.check(
310             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
311 
312         return user;
313     }
314 
315     public long getUserIdByEmailAddress(long companyId, String emailAddress)
316         throws PortalException, SystemException {
317 
318         User user = getUserByEmailAddress(companyId, emailAddress);
319 
320         return user.getUserId();
321     }
322 
323     public long getUserIdByScreenName(long companyId, String screenName)
324         throws PortalException, SystemException {
325 
326         User user = getUserByScreenName(companyId, screenName);
327 
328         return user.getUserId();
329     }
330 
331     public boolean hasGroupUser(long groupId, long userId)
332         throws SystemException {
333 
334         return userLocalService.hasGroupUser(groupId, userId);
335     }
336 
337     public boolean hasRoleUser(long roleId, long userId)
338         throws SystemException {
339 
340         return userLocalService.hasRoleUser(roleId, userId);
341     }
342 
343     public boolean hasRoleUser(
344             long companyId, String name, long userId, boolean inherited)
345         throws PortalException, SystemException {
346 
347         return userLocalService.hasRoleUser(companyId, name, userId, inherited);
348     }
349 
350     public void setRoleUsers(long roleId, long[] userIds)
351         throws PortalException, SystemException {
352 
353         RolePermissionUtil.check(
354             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
355 
356         userLocalService.setRoleUsers(roleId, userIds);
357     }
358 
359     public void setUserGroupUsers(long userGroupId, long[] userIds)
360         throws PortalException, SystemException {
361 
362         UserGroupPermissionUtil.check(
363             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
364 
365         userLocalService.setUserGroupUsers(userGroupId, userIds);
366     }
367 
368     public void unsetGroupUsers(long groupId, long[] userIds)
369         throws PortalException, SystemException {
370 
371         try {
372             GroupPermissionUtil.check(
373                 getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
374         }
375         catch (PrincipalException pe) {
376 
377             // Allow any user to leave open and restricted communities
378 
379             boolean hasPermission = false;
380 
381             if (userIds.length == 0) {
382                 hasPermission = true;
383             }
384             else if (userIds.length == 1) {
385                 User user = getUser();
386 
387                 if (user.getUserId() == userIds[0]) {
388                     Group group = groupPersistence.findByPrimaryKey(groupId);
389 
390                     if (user.getCompanyId() == group.getCompanyId()) {
391                         int type = group.getType();
392 
393                         if ((type == GroupConstants.TYPE_COMMUNITY_OPEN) ||
394                             (type ==
395                                 GroupConstants.TYPE_COMMUNITY_RESTRICTED)) {
396 
397                             hasPermission = true;
398                         }
399                     }
400                 }
401             }
402 
403             if (!hasPermission) {
404                 throw new PrincipalException();
405             }
406         }
407 
408         userLocalService.unsetGroupUsers(groupId, userIds);
409     }
410 
411     public void unsetOrganizationUsers(long organizationId, long[] userIds)
412         throws PortalException, SystemException {
413 
414         OrganizationPermissionUtil.check(
415             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
416 
417         userLocalService.unsetOrganizationUsers(organizationId, userIds);
418     }
419 
420     public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
421         throws PortalException, SystemException {
422 
423         PasswordPolicyPermissionUtil.check(
424             getPermissionChecker(), passwordPolicyId,
425             ActionKeys.ASSIGN_MEMBERS);
426 
427         userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
428     }
429 
430     public void unsetRoleUsers(long roleId, long[] userIds)
431         throws PortalException, SystemException {
432 
433         RolePermissionUtil.check(
434             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
435 
436         userLocalService.unsetRoleUsers(roleId, userIds);
437     }
438 
439     public void unsetUserGroupUsers(long userGroupId, long[] userIds)
440         throws PortalException, SystemException {
441 
442         UserGroupPermissionUtil.check(
443             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
444 
445         userLocalService.unsetUserGroupUsers(userGroupId, userIds);
446     }
447 
448     public User updateActive(long userId, boolean active)
449         throws PortalException, SystemException {
450 
451         if ((getUserId() == userId) && !active) {
452             throw new RequiredUserException();
453         }
454 
455         UserPermissionUtil.check(
456             getPermissionChecker(), userId, ActionKeys.DELETE);
457 
458         return userLocalService.updateActive(userId, active);
459     }
460 
461     public User updateAgreedToTermsOfUse(
462             long userId, boolean agreedToTermsOfUse)
463         throws PortalException, SystemException {
464 
465         UserPermissionUtil.check(
466             getPermissionChecker(), userId, ActionKeys.UPDATE);
467 
468         return userLocalService.updateAgreedToTermsOfUse(
469             userId, agreedToTermsOfUse);
470     }
471 
472     public void updateEmailAddress(
473             long userId, String password, String emailAddress1,
474             String emailAddress2)
475         throws PortalException, SystemException {
476 
477         UserPermissionUtil.check(
478             getPermissionChecker(), userId, ActionKeys.UPDATE);
479 
480         userLocalService.updateEmailAddress(
481             userId, password, emailAddress1, emailAddress2);
482     }
483 
484     public User updateLockout(long userId, boolean lockout)
485         throws PortalException, SystemException {
486 
487         UserPermissionUtil.check(
488             getPermissionChecker(), userId, ActionKeys.DELETE);
489 
490         return userLocalService.updateLockoutById(userId, lockout);
491     }
492 
493     public void updateOpenId(long userId, String openId)
494         throws PortalException, SystemException {
495 
496         UserPermissionUtil.check(
497             getPermissionChecker(), userId, ActionKeys.UPDATE);
498 
499         userLocalService.updateOpenId(userId, openId);
500     }
501 
502     public void updateOrganizations(long userId, long[] organizationIds)
503         throws PortalException, SystemException {
504 
505         UserPermissionUtil.check(
506             getPermissionChecker(), userId, ActionKeys.UPDATE);
507 
508         userLocalService.updateOrganizations(userId, organizationIds);
509     }
510 
511     public User updatePassword(
512             long userId, String password1, String password2,
513             boolean passwordReset)
514         throws PortalException, SystemException {
515 
516         UserPermissionUtil.check(
517             getPermissionChecker(), userId, ActionKeys.UPDATE);
518 
519         return userLocalService.updatePassword(
520             userId, password1, password2, passwordReset);
521     }
522 
523     public void updatePortrait(long userId, byte[] bytes)
524         throws PortalException, SystemException {
525 
526         UserPermissionUtil.check(
527             getPermissionChecker(), userId, ActionKeys.UPDATE);
528 
529         userLocalService.updatePortrait(userId, bytes);
530     }
531 
532     public void updateReminderQuery(
533             long userId, String question, String answer)
534         throws PortalException, SystemException {
535 
536         UserPermissionUtil.check(
537             getPermissionChecker(), userId, ActionKeys.UPDATE);
538 
539         userLocalService.updateReminderQuery(userId, question, answer);
540     }
541 
542     public void updateScreenName(long userId, String screenName)
543         throws PortalException, SystemException {
544 
545         UserPermissionUtil.check(
546             getPermissionChecker(), userId, ActionKeys.UPDATE);
547 
548         userLocalService.updateScreenName(userId, screenName);
549     }
550 
551     public User updateUser(
552             long userId, String oldPassword, String newPassword1,
553             String newPassword2, boolean passwordReset,
554             String reminderQueryQuestion, String reminderQueryAnswer,
555             String screenName, String emailAddress, String openId,
556             String languageId, String timeZoneId, String greeting,
557             String comments, String firstName, String middleName,
558             String lastName, int prefixId, int suffixId, boolean male,
559             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
560             String aimSn, String facebookSn, String icqSn, String jabberSn,
561             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
562             String ymSn, String jobTitle, long[] groupIds,
563             long[] organizationIds, long[] roleIds,
564             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
565             ServiceContext serviceContext)
566         throws PortalException, SystemException {
567 
568         UserPermissionUtil.check(
569             getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
570 
571         long curUserId = getUserId();
572 
573         if (curUserId == userId) {
574             emailAddress = emailAddress.trim().toLowerCase();
575 
576             User user = userPersistence.findByPrimaryKey(userId);
577 
578             if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
579                 if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
580                     Company company = companyPersistence.findByPrimaryKey(
581                         user.getCompanyId());
582 
583                     if (!company.isStrangersWithMx()) {
584                         throw new ReservedUserEmailAddressException();
585                     }
586                 }
587             }
588         }
589 
590         if (groupIds != null) {
591             groupIds = checkGroups(userId, groupIds);
592         }
593 
594         if (organizationIds != null) {
595             organizationIds = checkOrganizations(userId, organizationIds);
596         }
597 
598         if (roleIds != null) {
599             roleIds = checkRoles(userId, roleIds);
600         }
601 
602         if (userGroupRoles != null) {
603             userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
604         }
605 
606         return userLocalService.updateUser(
607             userId, oldPassword, newPassword1, newPassword2, passwordReset,
608             reminderQueryQuestion, reminderQueryAnswer, screenName,
609             emailAddress, openId, languageId, timeZoneId, greeting, comments,
610             firstName, middleName, lastName, prefixId, suffixId, male,
611             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
612             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
613             jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
614             userGroupIds, serviceContext);
615     }
616 
617     public User updateUser(
618             long userId, String oldPassword, String newPassword1,
619             String newPassword2, boolean passwordReset,
620             String reminderQueryQuestion, String reminderQueryAnswer,
621             String screenName, String emailAddress, String openId,
622             String languageId, String timeZoneId, String greeting,
623             String comments, String firstName, String middleName,
624             String lastName, int prefixId, int suffixId, boolean male,
625             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
626             String aimSn, String facebookSn, String icqSn, String jabberSn,
627             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
628             String ymSn, String jobTitle, long[] groupIds,
629             long[] organizationIds, long[] roleIds,
630             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
631             List<Address> addresses, List<EmailAddress> emailAddresses,
632             List<Phone> phones, List<Website> websites,
633             List<AnnouncementsDelivery> announcementsDelivers,
634             ServiceContext serviceContext)
635         throws PortalException, SystemException {
636 
637         User user = updateUser(
638             userId, oldPassword, newPassword1, newPassword2, passwordReset,
639             reminderQueryQuestion, reminderQueryAnswer, screenName,
640             emailAddress, openId, languageId, timeZoneId, greeting, comments,
641             firstName, middleName, lastName, prefixId, suffixId, male,
642             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
643             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
644             jobTitle, groupIds, organizationIds, roleIds,
645             userGroupRoles, userGroupIds, serviceContext);
646 
647         EnterpriseAdminUtil.updateAddresses(
648             Contact.class.getName(), user.getContactId(), addresses);
649 
650         EnterpriseAdminUtil.updateEmailAddresses(
651             Contact.class.getName(), user.getContactId(), emailAddresses);
652 
653         EnterpriseAdminUtil.updatePhones(
654             Contact.class.getName(), user.getContactId(), phones);
655 
656         EnterpriseAdminUtil.updateWebsites(
657             Contact.class.getName(), user.getContactId(), websites);
658 
659         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
660 
661         return user;
662     }
663 
664     protected long[] checkGroups(long userId, long[] groupIds)
665         throws PortalException, SystemException {
666 
667         // Add back any groups that the administrator does not have the rights
668         // to remove and check that he has the permission to add any new group
669 
670         List<Group> oldGroups = groupLocalService.getUserGroups(userId);
671         long[] oldGroupIds = new long[oldGroups.size()];
672 
673         for (int i = 0; i < oldGroups.size(); i++) {
674             Group group = oldGroups.get(i);
675 
676             if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
677                 !GroupPermissionUtil.contains(
678                     getPermissionChecker(), group.getGroupId(),
679                     ActionKeys.ASSIGN_MEMBERS)) {
680 
681                 groupIds = ArrayUtil.append(groupIds, group.getGroupId());
682             }
683 
684             oldGroupIds[i] = group.getGroupId();
685         }
686 
687         for (long groupId : groupIds) {
688             if (!ArrayUtil.contains(oldGroupIds, groupId)) {
689                 GroupPermissionUtil.check(
690                     getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
691             }
692         }
693 
694         return groupIds;
695     }
696 
697     protected long[] checkOrganizations(long userId, long[] organizationIds)
698         throws PortalException, SystemException {
699 
700         // Add back any organizations that the administrator does not have the
701         // rights to remove and check that he has the permission to add any new
702         // organization
703 
704         List<Organization> oldOrganizations =
705             organizationLocalService.getUserOrganizations(userId);
706         long[] oldOrganizationIds = new long[oldOrganizations.size()];
707 
708         for (int i = 0; i < oldOrganizations.size(); i++) {
709             Organization organization = oldOrganizations.get(i);
710 
711             if (!ArrayUtil.contains(
712                     organizationIds, organization.getOrganizationId()) &&
713                 !OrganizationPermissionUtil.contains(
714                     getPermissionChecker(), organization.getOrganizationId(),
715                     ActionKeys.ASSIGN_MEMBERS)) {
716 
717                 organizationIds = ArrayUtil.append(
718                     organizationIds, organization.getOrganizationId());
719             }
720 
721             oldOrganizationIds[i] = organization.getOrganizationId();
722         }
723 
724         for (long organizationId : organizationIds) {
725             if (!ArrayUtil.contains(oldOrganizationIds, organizationId)) {
726                 OrganizationPermissionUtil.check(
727                     getPermissionChecker(), organizationId,
728                     ActionKeys.ASSIGN_MEMBERS);
729             }
730         }
731 
732         return organizationIds;
733     }
734 
735     protected long[] checkRoles(long userId, long[] roleIds)
736         throws PrincipalException, SystemException {
737 
738         // Add back any roles that the administrator does not have the rights to
739         // remove and check that he has the permission to add any new role
740 
741         List<Role> oldRoles = roleLocalService.getUserRoles(userId);
742         long[] oldRoleIds = new long[oldRoles.size()];
743 
744         for (int i = 0; i < oldRoles.size(); i++) {
745             Role role = oldRoles.get(i);
746 
747             if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
748                 !RolePermissionUtil.contains(
749                     getPermissionChecker(), role.getRoleId(),
750                     ActionKeys.ASSIGN_MEMBERS)) {
751 
752                 roleIds = ArrayUtil.append(roleIds, role.getRoleId());
753             }
754 
755             oldRoleIds[i] = role.getRoleId();
756         }
757 
758         for (long roleId : roleIds) {
759             if (!ArrayUtil.contains(oldRoleIds, roleId)) {
760                 RolePermissionUtil.check(
761                     getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
762             }
763         }
764 
765         return roleIds;
766     }
767 
768     protected List<UserGroupRole> checkUserGroupRoles(
769             long userId, List<UserGroupRole> userGroupRoles)
770         throws PortalException, SystemException {
771 
772         // Add back any group roles that the administrator does not have the
773         // rights to remove
774 
775         List<UserGroupRole> oldUserGroupRoles =
776             userGroupRoleLocalService.getUserGroupRoles(userId);
777 
778         for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
779             if (!userGroupRoles.contains(oldUserGroupRole) &&
780                 (!GroupPermissionUtil.contains(
781                     getPermissionChecker(), oldUserGroupRole.getGroupId(),
782                     ActionKeys.ASSIGN_MEMBERS) ||
783                 !RolePermissionUtil.contains(
784                     getPermissionChecker(), oldUserGroupRole.getRoleId(),
785                     ActionKeys.ASSIGN_MEMBERS))) {
786 
787                 userGroupRoles.add(oldUserGroupRole);
788             }
789         }
790 
791         for (UserGroupRole userGroupRole : userGroupRoles) {
792             if (!oldUserGroupRoles.contains(userGroupRole)) {
793 
794                 if (!GroupPermissionUtil.contains(
795                         getPermissionChecker(), userGroupRole.getGroupId(),
796                         ActionKeys.ASSIGN_MEMBERS) ||
797                     !RolePermissionUtil.contains(
798                         getPermissionChecker(), userGroupRole.getRoleId(),
799                         ActionKeys.ASSIGN_MEMBERS)) {
800 
801                     throw new PrincipalException();
802                 }
803             }
804         }
805 
806         return userGroupRoles;
807     }
808 
809     protected void updateAnnouncementsDeliveries(
810             long userId, List<AnnouncementsDelivery> announcementsDeliveries)
811         throws PortalException, SystemException {
812 
813         for (AnnouncementsDelivery announcementsDelivery :
814                 announcementsDeliveries) {
815 
816             announcementsDeliveryService.updateDelivery(
817                 userId, announcementsDelivery.getType(),
818                 announcementsDelivery.getEmail(),
819                 announcementsDelivery.getSms(),
820                 announcementsDelivery.getWebsite());
821         }
822     }
823 
824     protected void validateOrganizationUsers(long[] userIds)
825         throws PortalException, SystemException {
826 
827         PermissionChecker permissionChecker = getPermissionChecker();
828 
829         if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
830             permissionChecker.isCompanyAdmin()) {
831 
832             return;
833         }
834 
835         List<Organization> organizations =
836             organizationLocalService.getUserOrganizations(
837                 permissionChecker.getUserId());
838 
839         for (long userId : userIds) {
840             boolean allowed = false;
841 
842             for (Organization organization : organizations) {
843                 boolean manageUsers = OrganizationPermissionUtil.contains(
844                     permissionChecker, organization, ActionKeys.MANAGE_USERS);
845                 boolean manageSuborganizations =
846                     OrganizationPermissionUtil.contains(
847                         permissionChecker, organization,
848                         ActionKeys.MANAGE_SUBORGANIZATIONS);
849 
850                 if (!manageUsers && !manageSuborganizations) {
851                     continue;
852                 }
853 
854                 boolean inherited = false;
855                 boolean includeSpecifiedOrganization = false;
856 
857                 if (manageUsers && manageSuborganizations) {
858                     inherited = true;
859                     includeSpecifiedOrganization = true;
860                 }
861                 else if (!manageUsers && manageSuborganizations) {
862                     inherited = true;
863                     includeSpecifiedOrganization = false;
864                 }
865 
866                 if (organizationLocalService.hasUserOrganization(
867                         userId, organization.getOrganizationId(), inherited,
868                         includeSpecifiedOrganization)) {
869 
870                     allowed = true;
871 
872                     break;
873                 }
874             }
875 
876             if (!allowed) {
877                 throw new PrincipalException();
878             }
879         }
880     }
881 
882 }