1
14
15 package com.liferay.portlet.enterpriseadmin.action;
16
17 import com.liferay.portal.NoSuchRoleException;
18 import com.liferay.portal.RolePermissionsException;
19 import com.liferay.portal.kernel.servlet.SessionErrors;
20 import com.liferay.portal.kernel.servlet.SessionMessages;
21 import com.liferay.portal.kernel.util.ArrayUtil;
22 import com.liferay.portal.kernel.util.Constants;
23 import com.liferay.portal.kernel.util.ListUtil;
24 import com.liferay.portal.kernel.util.ParamUtil;
25 import com.liferay.portal.kernel.util.StringUtil;
26 import com.liferay.portal.kernel.util.Validator;
27 import com.liferay.portal.model.GroupConstants;
28 import com.liferay.portal.model.ResourceConstants;
29 import com.liferay.portal.model.Role;
30 import com.liferay.portal.model.RoleConstants;
31 import com.liferay.portal.security.auth.PrincipalException;
32 import com.liferay.portal.security.permission.ResourceActionsUtil;
33 import com.liferay.portal.security.permission.comparator.ActionComparator;
34 import com.liferay.portal.service.PermissionServiceUtil;
35 import com.liferay.portal.service.ResourcePermissionServiceUtil;
36 import com.liferay.portal.service.RoleLocalServiceUtil;
37 import com.liferay.portal.struts.PortletAction;
38 import com.liferay.portal.theme.ThemeDisplay;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import java.util.HashMap;
43 import java.util.List;
44 import java.util.Map;
45
46 import javax.portlet.ActionRequest;
47 import javax.portlet.ActionResponse;
48 import javax.portlet.PortletConfig;
49 import javax.portlet.RenderRequest;
50 import javax.portlet.RenderResponse;
51
52 import org.apache.struts.action.ActionForm;
53 import org.apache.struts.action.ActionForward;
54 import org.apache.struts.action.ActionMapping;
55
56
62 public class EditRolePermissionsAction extends PortletAction {
63
64 public void processAction(
65 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
66 ActionRequest actionRequest, ActionResponse actionResponse)
67 throws Exception {
68
69 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
70
71 try {
72 if (cmd.equals("actions")) {
73 updateActions(actionRequest, actionResponse);
74 }
75 else if (cmd.equals("delete_permission")) {
76 deletePermission(actionRequest, actionResponse);
77 }
78 }
79 catch (Exception e) {
80 if (e instanceof NoSuchRoleException ||
81 e instanceof PrincipalException ||
82 e instanceof RolePermissionsException) {
83
84 SessionErrors.add(actionRequest, e.getClass().getName());
85
86 setForward(actionRequest, "portlet.enterprise_admin.error");
87 }
88 else {
89 throw e;
90 }
91 }
92 }
93
94 public ActionForward render(
95 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
96 RenderRequest renderRequest, RenderResponse renderResponse)
97 throws Exception {
98
99 try {
100 ActionUtil.getRole(renderRequest);
101 }
102 catch (Exception e) {
103 if (e instanceof NoSuchRoleException ||
104 e instanceof PrincipalException) {
105
106 SessionErrors.add(renderRequest, e.getClass().getName());
107
108 return mapping.findForward("portlet.enterprise_admin.error");
109 }
110 else {
111 throw e;
112 }
113 }
114
115 return mapping.findForward(getForward(
116 renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
117 }
118
119 protected void deletePermission(
120 ActionRequest actionRequest, ActionResponse actionResponse)
121 throws Exception {
122
123 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
124 WebKeys.THEME_DISPLAY);
125
126 long roleId = ParamUtil.getLong(actionRequest, "roleId");
127 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
128 String name = ParamUtil.getString(actionRequest, "name");
129 int scope = ParamUtil.getInteger(actionRequest, "scope");
130 String primKey = ParamUtil.getString(actionRequest, "primKey");
131 String actionId = ParamUtil.getString(actionRequest, "actionId");
132
133 Role role = RoleLocalServiceUtil.getRole(roleId);
134
135 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
136 role.getName().equals(RoleConstants.OWNER) ||
137 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
138 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
139 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
140 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
141
142 throw new RolePermissionsException(role.getName());
143 }
144
145 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
146 ResourcePermissionServiceUtil.removeResourcePermission(
147 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
148 name, scope, primKey, roleId, actionId);
149 }
150 else {
151 PermissionServiceUtil.unsetRolePermission(
152 roleId, themeDisplay.getScopeGroupId(), permissionId);
153 }
154
155
157 SessionMessages.add(actionRequest, "permissionDeleted");
158
159 String redirect = ParamUtil.getString(actionRequest, "redirect");
160
161 actionResponse.sendRedirect(redirect);
162 }
163
164 protected void updateAction_1to5(
165 ActionRequest actionRequest, Role role, long groupId,
166 String selResource, String actionId)
167 throws Exception {
168
169 long roleId = role.getRoleId();
170
171 int scope = ParamUtil.getInteger(
172 actionRequest, "scope" + selResource + actionId);
173
174 if (scope == ResourceConstants.SCOPE_COMPANY) {
175 PermissionServiceUtil.setRolePermission(
176 roleId, groupId, selResource, scope,
177 String.valueOf(role.getCompanyId()), actionId);
178 }
179 else if (scope == ResourceConstants.SCOPE_GROUP) {
180 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
181 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
182
183 PermissionServiceUtil.setRolePermission(
184 roleId, groupId, selResource,
185 ResourceConstants.SCOPE_GROUP_TEMPLATE,
186 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
187 actionId);
188 }
189 else {
190 String[] groupIds = StringUtil.split(
191 ParamUtil.getString(
192 actionRequest, "groupIds" + selResource + actionId));
193
194 if (groupIds.length == 0) {
195 SessionErrors.add(
196 actionRequest, "missingGroupIdsForAction");
197
198 return;
199 }
200
201 groupIds = ArrayUtil.distinct(groupIds);
202
203 PermissionServiceUtil.unsetRolePermissions(
204 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
205 actionId);
206
207 for (String curGroupId : groupIds) {
208 PermissionServiceUtil.setRolePermission(
209 roleId, groupId, selResource,
210 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
211 }
212 }
213 }
214 else {
215
216
218 PermissionServiceUtil.unsetRolePermissions(
219 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
220 actionId);
221
222 PermissionServiceUtil.unsetRolePermissions(
223 roleId, groupId, selResource,
224 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
225
226 PermissionServiceUtil.unsetRolePermissions(
227 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
228 actionId);
229 }
230 }
231
232 protected void updateAction_6(
233 ActionRequest actionRequest, Role role, long groupId,
234 String selResource, String actionId)
235 throws Exception {
236
237 long companyId = role.getCompanyId();
238 long roleId = role.getRoleId();
239
240 int scope = ParamUtil.getInteger(
241 actionRequest, "scope" + selResource + actionId);
242
243 if (scope == ResourceConstants.SCOPE_COMPANY) {
244 ResourcePermissionServiceUtil.addResourcePermission(
245 groupId, companyId, selResource, scope,
246 String.valueOf(role.getCompanyId()), roleId, actionId);
247 }
248 else if (scope == ResourceConstants.SCOPE_GROUP) {
249 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
250 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
251
252 ResourcePermissionServiceUtil.addResourcePermission(
253 groupId, companyId, selResource,
254 ResourceConstants.SCOPE_GROUP_TEMPLATE,
255 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
256 roleId, actionId);
257 }
258 else {
259 String[] groupIds = StringUtil.split(
260 ParamUtil.getString(
261 actionRequest, "groupIds" + selResource + actionId));
262
263 if (groupIds.length == 0) {
264 SessionErrors.add(
265 actionRequest, "missingGroupIdsForAction");
266
267 return;
268 }
269
270 groupIds = ArrayUtil.distinct(groupIds);
271
272 ResourcePermissionServiceUtil.removeResourcePermissions(
273 groupId, companyId, selResource,
274 ResourceConstants.SCOPE_GROUP, roleId, actionId);
275
276 for (String curGroupId : groupIds) {
277 ResourcePermissionServiceUtil.addResourcePermission(
278 groupId, companyId, selResource,
279 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
280 actionId);
281 }
282 }
283 }
284 else {
285
286
288 ResourcePermissionServiceUtil.removeResourcePermissions(
289 groupId, companyId, selResource,
290 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
291
292 ResourcePermissionServiceUtil.removeResourcePermissions(
293 groupId, companyId, selResource,
294 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
295
296 ResourcePermissionServiceUtil.removeResourcePermissions(
297 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
298 roleId, actionId);
299 }
300 }
301
302 protected void updateActions(
303 ActionRequest actionRequest, ActionResponse actionResponse)
304 throws Exception {
305
306 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
307 WebKeys.THEME_DISPLAY);
308
309 long roleId = ParamUtil.getLong(actionRequest, "roleId");
310
311 Role role = RoleLocalServiceUtil.getRole(roleId);
312
313 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
314 role.getName().equals(RoleConstants.OWNER) ||
315 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
316 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
317 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
318 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
319
320 throw new RolePermissionsException(role.getName());
321 }
322
323 String portletResource = ParamUtil.getString(
324 actionRequest, "portletResource");
325 String[] modelResources = StringUtil.split(
326 ParamUtil.getString(actionRequest, "modelResources"));
327
328 Map<String, List<String>> resourceActionsMap =
329 new HashMap<String, List<String>>();
330
331 if (Validator.isNotNull(portletResource)) {
332 resourceActionsMap.put(
333 portletResource,
334 ResourceActionsUtil.getResourceActions(portletResource, null));
335 }
336
337 for (String modelResource : modelResources) {
338 resourceActionsMap.put(
339 modelResource,
340 ResourceActionsUtil.getResourceActions(null, modelResource));
341 }
342
343 for (Map.Entry<String, List<String>> entry :
344 resourceActionsMap.entrySet()) {
345
346 String selResource = entry.getKey();
347 List<String> actions = entry.getValue();
348
349 actions = ListUtil.sort(
350 actions, new ActionComparator(themeDisplay.getLocale()));
351
352 for (String actionId : actions) {
353 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
354 updateAction_6(
355 actionRequest, role, themeDisplay.getScopeGroupId(),
356 selResource, actionId);
357 }
358 else {
359 updateAction_1to5(
360 actionRequest, role, themeDisplay.getScopeGroupId(),
361 selResource, actionId);
362 }
363 }
364 }
365
366
368 SessionMessages.add(actionRequest, "permissionsUpdated");
369
370 String redirect =
371 ParamUtil.getString(actionRequest, "redirect") + "&" +
372 Constants.CMD + "=" + Constants.VIEW;
373
374 actionResponse.sendRedirect(redirect);
375 }
376
377 }