1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.upgrade.v5_2_0;
16  
17  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
18  import com.liferay.portal.kernel.dao.jdbc.SmartResultSet;
19  import com.liferay.portal.kernel.log.Log;
20  import com.liferay.portal.kernel.log.LogFactoryUtil;
21  import com.liferay.portal.kernel.upgrade.UpgradeProcess;
22  import com.liferay.portal.kernel.util.GetterUtil;
23  import com.liferay.portal.kernel.util.StringBundler;
24  import com.liferay.portal.model.PortletConstants;
25  import com.liferay.portal.model.Resource;
26  import com.liferay.portal.model.ResourceConstants;
27  import com.liferay.portal.service.ResourceLocalServiceUtil;
28  
29  import java.sql.Connection;
30  import java.sql.PreparedStatement;
31  import java.sql.ResultSet;
32  
33  /**
34   * <a href="UpgradePortletPermissions.java.html"><b><i>View Source</i></b></a>
35   *
36   * @author Jorge Ferrer
37   */
38  public class UpgradePortletPermissions extends UpgradeProcess {
39  
40      protected void doUpgrade() throws Exception {
41          updatePortletPermissions(
42              "33", "com.liferay.portlet.blogs", new String[] {"ADD_ENTRY"});
43  
44          updatePortletPermissions(
45              "28", "com.liferay.portlet.bookmarks", new String[] {"ADD_FOLDER"});
46  
47          updatePortletPermissions(
48              "8", "com.liferay.portlet.calendar",
49              new String[] {"ADD_EVENT", "EXPORT_ALL_EVENTS"});
50  
51          updatePortletPermissions(
52              "20", "com.liferay.portlet.documentlibrary",
53              new String[] {"ADD_FOLDER"});
54  
55          updatePortletPermissions(
56              "31", "com.liferay.portlet.imagegallery",
57              new String[] {"ADD_FOLDER"});
58  
59          updatePortletPermissions(
60              "15", "com.liferay.portlet.journal",
61              new String[] {
62                  "ADD_ARTICLE", "ADD_FEED", "ADD_STRUCTURE", "ADD_TEMPLATE",
63                  "APPROVE_ARTICLE"
64              });
65  
66          updatePortletPermissions(
67              "19", "com.liferay.portlet.messageboards",
68              new String[] {"ADD_CATEGORY", "BAN_USER"});
69  
70          updatePortletPermissions(
71              "25", "com.liferay.portlet.polls", new String[] {"ADD_QUESTION"});
72  
73          updatePortletPermissions(
74              "34", "com.liferay.portlet.shopping",
75              new String[] {"ADD_CATEGORY", "MANAGE_COUPONS", "MANAGE_ORDERS"});
76  
77          updatePortletPermissions(
78              "98", "com.liferay.portlet.softwarecatalog",
79              new String[] {"ADD_FRAMEWORK_VERSION", "ADD_PRODUCT_ENTRY"});
80  
81          updatePortletPermissions(
82              "99", "com.liferay.portlet.tags",
83              new String[] {"ADD_ENTRY", "ADD_VOCABULARY"});
84  
85          updatePortletPermissions(
86              "36", "com.liferay.portlet.wiki", new String[] {"ADD_NODE"});
87      }
88  
89      protected Object[] getLayout(long plid) throws Exception {
90          Object[] layout = null;
91  
92          Connection con = null;
93          PreparedStatement ps = null;
94          ResultSet rs = null;
95  
96          try {
97              con = DataAccess.getConnection();
98  
99              ps = con.prepareStatement(_GET_LAYOUT);
100 
101             ps.setLong(1, plid);
102 
103             rs = ps.executeQuery();
104 
105             while (rs.next()) {
106                 long groupId = rs.getLong("groupId");
107                 long companyId = rs.getLong("companyId");
108 
109                 layout = new Object[] {groupId, companyId};
110             }
111         }
112         finally {
113             DataAccess.cleanUp(con, ps, rs);
114         }
115 
116         return layout;
117     }
118 
119     protected long getPortletPermissionsCount(
120             String actionId, long resourceId, String modelName)
121         throws Exception {
122 
123         Connection con = null;
124         PreparedStatement ps = null;
125         ResultSet rs = null;
126 
127         try {
128             con = DataAccess.getConnection();
129 
130             StringBundler sb = new StringBundler(7);
131 
132             sb.append("select count(*) from Permission_ ");
133             sb.append("inner join Resource_ on Resource_.resourceId = ");
134             sb.append("Permission_.resourceId inner join ResourceCode on ");
135             sb.append("ResourceCode.codeId = Resource_.codeId where ");
136             sb.append("Permission_.actionId = ? and ");
137             sb.append("Permission_.resourceId = ? and ResourceCode.name = ? ");
138             sb.append("and ResourceCode.scope = ? ");
139 
140             String sql = sb.toString();
141 
142             ps = con.prepareStatement(sql);
143 
144             ps.setString(1, actionId);
145             ps.setLong(2, resourceId);
146             ps.setString(3, modelName);
147             ps.setInt(4, ResourceConstants.SCOPE_INDIVIDUAL);
148 
149             rs = ps.executeQuery();
150 
151             rs.next();
152 
153             return rs.getLong(1);
154         }
155         finally {
156             DataAccess.cleanUp(con, ps, rs);
157         }
158     }
159 
160     protected void updatePortletPermission(
161             long permissionId, String actionId, String primKey,
162             String modelName, int scope)
163         throws Exception {
164 
165         long plid = GetterUtil.getLong(
166             primKey.substring(
167                 0, primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR)));
168 
169         Object[] layout = getLayout(plid);
170 
171         if (layout == null) {
172             return;
173         }
174 
175         long groupId = (Long)layout[0];
176         long companyId = (Long)layout[1];
177 
178         Resource resource = ResourceLocalServiceUtil.addResource(
179             companyId, modelName, scope, String.valueOf(groupId));
180 
181         long portletPermissionCount = getPortletPermissionsCount(
182             actionId, resource.getResourceId(), modelName);
183 
184         if (portletPermissionCount == 0) {
185             runSQL(
186                 "update Permission_ set resourceId = " +
187                     resource.getResourceId() + " where permissionId = " +
188                         permissionId);
189         }
190         else {
191             runSQL(
192                 "delete from Permission_ where permissionId = " + permissionId);
193         }
194     }
195 
196     protected void updatePortletPermissions(
197             String portletName, String modelName, String[] actionIds)
198         throws Exception {
199 
200         Connection con = null;
201         PreparedStatement ps = null;
202         ResultSet rs = null;
203 
204         try {
205             con = DataAccess.getConnection();
206 
207             StringBundler sb = new StringBundler(4 * actionIds.length + 7);
208 
209             sb.append("select Permission_.permissionId, ");
210             sb.append("Permission_.actionId, Resource_.primKey, ");
211             sb.append("ResourceCode.scope from Permission_ ");
212             sb.append("inner join Resource_ on Resource_.resourceId = ");
213             sb.append("Permission_.resourceId inner join ResourceCode on ");
214             sb.append("ResourceCode.codeId = Resource_.codeId where (");
215 
216             for (int i = 0; i < actionIds.length; i++) {
217                 String actionId = actionIds[i];
218 
219                 sb.append("Permission_.actionId = '");
220                 sb.append(actionId);
221                 sb.append("'");
222 
223                 if (i < (actionIds.length - 1)) {
224                     sb.append(" or ");
225                 }
226             }
227 
228             sb.append(") and ResourceCode.name = ? and ResourceCode.scope = ?");
229 
230             String sql = sb.toString();
231 
232             ps = con.prepareStatement(sql);
233 
234             ps.setString(1, portletName);
235             ps.setInt(2, ResourceConstants.SCOPE_INDIVIDUAL);
236 
237             rs = ps.executeQuery();
238 
239             SmartResultSet srs = new SmartResultSet(rs);
240 
241             while (srs.next()) {
242                 long permissionId = srs.getLong("Permission_.permissionId");
243                 String actionId = srs.getString("Permission_.actionId");
244                 String primKey = srs.getString("Resource_.primKey");
245                 int scope = srs.getInt("ResourceCode.scope");
246 
247                 try {
248                     updatePortletPermission(
249                         permissionId, actionId, primKey, modelName, scope);
250                 }
251                 catch (Exception e) {
252                     _log.error(
253                         "Unable to upgrade permission " + permissionId, e);
254                 }
255             }
256         }
257         finally {
258             DataAccess.cleanUp(con, ps, rs);
259         }
260     }
261 
262     private static final String _GET_LAYOUT =
263         "select * from Layout where plid = ?";
264 
265     private static Log _log = LogFactoryUtil.getLog(
266         UpgradePortletPermissions.class);
267 
268 }