1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.lar;
16  
17  import com.liferay.portal.PortalException;
18  import com.liferay.portal.SystemException;
19  import com.liferay.portal.kernel.log.Log;
20  import com.liferay.portal.kernel.log.LogFactoryUtil;
21  import com.liferay.portal.kernel.util.GetterUtil;
22  import com.liferay.portal.kernel.util.KeyValuePair;
23  import com.liferay.portal.kernel.xml.Document;
24  import com.liferay.portal.kernel.xml.Element;
25  import com.liferay.portal.kernel.xml.SAXReaderUtil;
26  import com.liferay.portal.model.Group;
27  import com.liferay.portal.model.GroupConstants;
28  import com.liferay.portal.model.Layout;
29  import com.liferay.portal.model.Portlet;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.ResourceConstants;
33  import com.liferay.portal.model.Role;
34  import com.liferay.portal.model.User;
35  import com.liferay.portal.service.GroupLocalServiceUtil;
36  import com.liferay.portal.service.PermissionLocalServiceUtil;
37  import com.liferay.portal.service.PortletLocalServiceUtil;
38  import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
39  import com.liferay.portal.service.RoleLocalServiceUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.util.PropsValues;
42  
43  import java.util.ArrayList;
44  import java.util.Iterator;
45  import java.util.List;
46  
47  /**
48   * <a href="PermissionImporter.java.html"><b><i>View Source</i></b></a>
49   *
50   * @author Brian Wing Shun Chan
51   * @author Joel Kozikowski
52   * @author Charles May
53   * @author Raymond Augé
54   * @author Jorge Ferrer
55   * @author Bruno Farache
56   * @author Wesley Gong
57   * @author Zsigmond Rab
58   * @author Douglas Wong
59   */
60  public class PermissionImporter {
61  
62      protected List<String> getActions(Element el) {
63          List<String> actions = new ArrayList<String>();
64  
65          Iterator<Element> itr = el.elements("action-key").iterator();
66  
67          while (itr.hasNext()) {
68              Element actionEl = itr.next();
69  
70              actions.add(actionEl.getText());
71          }
72  
73          return actions;
74      }
75  
76      protected void importGroupPermissions(
77              LayoutCache layoutCache, long companyId, long groupId,
78              String resourceName, String resourcePrimKey, Element parentEl,
79              String elName, boolean portletActions)
80          throws PortalException, SystemException {
81  
82          Element actionEl = parentEl.element(elName);
83  
84          if (actionEl == null) {
85              return;
86          }
87  
88          List<String> actions = getActions(actionEl);
89  
90          Resource resource = layoutCache.getResource(
91              companyId, groupId, resourceName,
92              ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
93              portletActions);
94  
95          PermissionLocalServiceUtil.setGroupPermissions(
96              groupId, actions.toArray(new String[actions.size()]),
97              resource.getResourceId());
98      }
99  
100     protected void importGroupRoles(
101             LayoutCache layoutCache, long companyId, long groupId,
102             String resourceName, String entityName,
103             Element parentEl)
104         throws PortalException, SystemException {
105 
106         Element entityRolesEl = parentEl.element(entityName + "-roles");
107 
108         if (entityRolesEl == null) {
109             return;
110         }
111 
112         importRolePermissions(
113             layoutCache, companyId, resourceName, ResourceConstants.SCOPE_GROUP,
114             String.valueOf(groupId), entityRolesEl, true);
115     }
116 
117     protected void importInheritedPermissions(
118             LayoutCache layoutCache, long companyId, String resourceName,
119             String resourcePrimKey, Element permissionsEl, String entityName,
120             boolean portletActions)
121         throws PortalException, SystemException {
122 
123         Element entityPermissionsEl = permissionsEl.element(
124             entityName + "-permissions");
125 
126         if (entityPermissionsEl == null) {
127             return;
128         }
129 
130         List<Element> actionsEls = entityPermissionsEl.elements(
131             entityName + "-actions");
132 
133         for (int i = 0; i < actionsEls.size(); i++) {
134             Element actionEl = actionsEls.get(i);
135 
136             String name = actionEl.attributeValue("name");
137 
138             long entityGroupId = layoutCache.getEntityGroupId(
139                 companyId, entityName, name);
140 
141             if (entityGroupId == 0) {
142                 _log.warn(
143                     "Ignore inherited permissions for entity " + entityName +
144                         " with name " + name);
145             }
146             else {
147                 Element parentEl = SAXReaderUtil.createElement("parent");
148 
149                 parentEl.add(actionEl.createCopy());
150 
151                 importGroupPermissions(
152                     layoutCache, companyId, entityGroupId, resourceName,
153                     resourcePrimKey, parentEl, entityName + "-actions",
154                     portletActions);
155             }
156         }
157     }
158 
159     protected void importInheritedRoles(
160             LayoutCache layoutCache, long companyId, long groupId,
161             String resourceName, String entityName, Element parentEl)
162         throws PortalException, SystemException {
163 
164         Element entityRolesEl = parentEl.element(entityName + "-roles");
165 
166         if (entityRolesEl == null) {
167             return;
168         }
169 
170         List<Element> entityEls = entityRolesEl.elements(entityName);
171 
172         for (int i = 0; i < entityEls.size(); i++) {
173             Element entityEl = entityEls.get(i);
174 
175             String name = entityEl.attributeValue("name");
176 
177             long entityGroupId = layoutCache.getEntityGroupId(
178                 companyId, entityName, name);
179 
180             if (entityGroupId == 0) {
181                 _log.warn(
182                     "Ignore inherited roles for entity " + entityName +
183                         " with name " + name);
184             }
185             else {
186                 importRolePermissions(
187                     layoutCache, companyId, resourceName,
188                     ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
189                     entityEl, false);
190             }
191         }
192     }
193 
194     protected void importLayoutPermissions(
195             LayoutCache layoutCache, long companyId, long groupId, long userId,
196             Layout layout, Element layoutEl, Element parentEl,
197             boolean importUserPermissions)
198         throws PortalException, SystemException {
199 
200         Element permissionsEl = layoutEl.element("permissions");
201 
202         if (permissionsEl != null) {
203             String resourceName = Layout.class.getName();
204             String resourcePrimKey = String.valueOf(layout.getPlid());
205 
206             if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
207                 importPermissions_5(
208                     layoutCache, companyId, groupId, userId, resourceName,
209                     resourcePrimKey, permissionsEl, false);
210             }
211             else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
212                 importPermissions_6(
213                     layoutCache, companyId, groupId, userId, resourceName,
214                     resourcePrimKey, permissionsEl, false);
215             }
216             else {
217                 Group guestGroup = GroupLocalServiceUtil.getGroup(
218                     companyId, GroupConstants.GUEST);
219 
220                 importLayoutPermissions_1to4(
221                     layoutCache, companyId, groupId, guestGroup, layout,
222                     resourceName, resourcePrimKey, permissionsEl,
223                     importUserPermissions);
224             }
225         }
226 
227         Element rolesEl = parentEl.element("roles");
228 
229         if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
230             (rolesEl != null)) {
231 
232             importLayoutRoles(layoutCache, companyId, groupId, rolesEl);
233         }
234     }
235 
236     protected void importLayoutPermissions_1to4(
237             LayoutCache layoutCache, long companyId, long groupId,
238             Group guestGroup, Layout layout, String resourceName,
239             String resourcePrimKey, Element permissionsEl,
240             boolean importUserPermissions)
241         throws PortalException, SystemException {
242 
243         importGroupPermissions(
244             layoutCache, companyId, groupId, resourceName, resourcePrimKey,
245             permissionsEl, "community-actions", false);
246 
247         if (groupId != guestGroup.getGroupId()) {
248             importGroupPermissions(
249                 layoutCache, companyId, guestGroup.getGroupId(), resourceName,
250                 resourcePrimKey, permissionsEl, "guest-actions", false);
251         }
252 
253         if (importUserPermissions) {
254             importUserPermissions(
255                 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
256                 permissionsEl, false);
257         }
258 
259         importInheritedPermissions(
260             layoutCache, companyId, resourceName, resourcePrimKey,
261             permissionsEl, "organization", false);
262 
263         importInheritedPermissions(
264             layoutCache, companyId, resourceName, resourcePrimKey,
265             permissionsEl, "user-group", false);
266     }
267 
268     protected void importLayoutRoles(
269             LayoutCache layoutCache, long companyId, long groupId,
270             Element rolesEl)
271         throws PortalException, SystemException {
272 
273         String resourceName = Layout.class.getName();
274 
275         importGroupRoles(
276             layoutCache, companyId, groupId, resourceName, "community",
277             rolesEl);
278 
279         importUserRoles(layoutCache, companyId, groupId, resourceName, rolesEl);
280 
281         importInheritedRoles(
282             layoutCache, companyId, groupId, resourceName, "organization",
283             rolesEl);
284 
285         importInheritedRoles(
286             layoutCache, companyId, groupId, resourceName, "user-group",
287             rolesEl);
288     }
289 
290     protected void importPermissions_5(
291             LayoutCache layoutCache, long companyId, long groupId, long userId,
292             String resourceName, String resourcePrimKey, Element permissionsEl,
293             boolean portletActions)
294         throws PortalException, SystemException {
295 
296         Resource resource = layoutCache.getResource(
297             companyId, groupId, resourceName,
298             ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
299             portletActions);
300 
301         List<Element> roleEls = permissionsEl.elements("role");
302 
303         for (Element roleEl : roleEls) {
304             String name = roleEl.attributeValue("name");
305 
306             Role role = layoutCache.getRole(companyId, name);
307 
308             if (role == null) {
309                 String description = roleEl.attributeValue("description");
310                 int type = Integer.valueOf(roleEl.attributeValue("type"));
311 
312                 role = RoleLocalServiceUtil.addRole(
313                     userId, companyId, name, description, type);
314             }
315 
316             List<String> actions = getActions(roleEl);
317 
318             PermissionLocalServiceUtil.setRolePermissions(
319                 role.getRoleId(), actions.toArray(new String[actions.size()]),
320                 resource.getResourceId());
321         }
322     }
323 
324     protected void importPermissions_6(
325             LayoutCache layoutCache, long companyId, long groupId, long userId,
326             String resourceName, String resourcePrimKey, Element permissionsEl,
327             boolean portletActions)
328         throws PortalException, SystemException {
329 
330         List<Element> roleEls = permissionsEl.elements("role");
331 
332         for (Element roleEl : roleEls) {
333             String name = roleEl.attributeValue("name");
334 
335             Role role = layoutCache.getRole(companyId, name);
336 
337             if (role == null) {
338                 String description = roleEl.attributeValue("description");
339                 int type = Integer.valueOf(roleEl.attributeValue("type"));
340 
341                 role = RoleLocalServiceUtil.addRole(
342                     userId, companyId, name, description, type);
343             }
344 
345             List<String> actions = getActions(roleEl);
346 
347             ResourcePermissionLocalServiceUtil.setResourcePermissions(
348                 companyId, resourceName, ResourceConstants.SCOPE_INDIVIDUAL,
349                 resourcePrimKey, role.getRoleId(),
350                 actions.toArray(new String[actions.size()]));
351         }
352     }
353 
354     protected void importPortletPermissions(
355             LayoutCache layoutCache, long companyId, long groupId, long userId,
356             Layout layout, Element portletEl, String portletId,
357             boolean importUserPermissions)
358         throws PortalException, SystemException {
359 
360         Element permissionsEl = portletEl.element("permissions");
361 
362         if (permissionsEl != null) {
363             String resourceName = PortletConstants.getRootPortletId(portletId);
364 
365             String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
366                 layout.getPlid(), portletId);
367 
368             if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
369                 importPermissions_5(
370                     layoutCache, companyId, groupId, userId, resourceName,
371                     resourcePrimKey, permissionsEl, true);
372             }
373             else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
374                 importPermissions_6(
375                     layoutCache, companyId, groupId, userId, resourceName,
376                     resourcePrimKey, permissionsEl, true);
377             }
378             else {
379                 Group guestGroup = GroupLocalServiceUtil.getGroup(
380                     companyId, GroupConstants.GUEST);
381 
382                 importPortletPermissions_1to4(
383                     layoutCache, companyId, groupId, guestGroup, layout,
384                     permissionsEl, importUserPermissions);
385             }
386         }
387 
388         Element rolesEl = portletEl.element("roles");
389 
390         if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
391                 (rolesEl != null)) {
392 
393             importPortletRoles(layoutCache, companyId, groupId, portletEl);
394             importPortletRoles(
395                 layoutCache, companyId, groupId, portletId, rolesEl);
396         }
397     }
398 
399     protected void importPortletPermissions_1to4(
400             LayoutCache layoutCache, long companyId, long groupId,
401             Group guestGroup, Layout layout, Element permissionsEl,
402             boolean importUserPermissions)
403         throws PortalException, SystemException {
404 
405         Iterator<Element> itr = permissionsEl.elements("portlet").iterator();
406 
407         while (itr.hasNext()) {
408             Element portletEl = itr.next();
409 
410             String portletId = portletEl.attributeValue("portlet-id");
411 
412             String resourceName = PortletConstants.getRootPortletId(portletId);
413             String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
414                 layout.getPlid(), portletId);
415 
416             Portlet portlet = PortletLocalServiceUtil.getPortletById(
417                 companyId, resourceName);
418 
419             if (portlet == null) {
420                 if (_log.isDebugEnabled()) {
421                     _log.debug(
422                         "Do not import portlet permissions for " + portletId +
423                             " because the portlet does not exist");
424                 }
425             }
426             else {
427                 importGroupPermissions(
428                     layoutCache, companyId, groupId, resourceName,
429                     resourcePrimKey, portletEl, "community-actions", true);
430 
431                 if (groupId != guestGroup.getGroupId()) {
432                     importGroupPermissions(
433                         layoutCache, companyId, guestGroup.getGroupId(),
434                         resourceName, resourcePrimKey, portletEl,
435                         "guest-actions", true);
436                 }
437 
438                 if (importUserPermissions) {
439                     importUserPermissions(
440                         layoutCache, companyId, groupId, resourceName,
441                         resourcePrimKey, portletEl, true);
442                 }
443 
444                 importInheritedPermissions(
445                     layoutCache, companyId, resourceName, resourcePrimKey,
446                     portletEl, "organization", true);
447 
448                 importInheritedPermissions(
449                     layoutCache, companyId, resourceName, resourcePrimKey,
450                     portletEl, "user-group", true);
451             }
452         }
453     }
454 
455     protected void importPortletRoles(
456             LayoutCache layoutCache, long companyId, long groupId,
457             String portletId, Element rolesEl)
458         throws PortalException, SystemException {
459 
460         String resourceName = PortletConstants.getRootPortletId(portletId);
461 
462         Portlet portlet = PortletLocalServiceUtil.getPortletById(
463             companyId, resourceName);
464 
465         if (portlet == null) {
466             if (_log.isDebugEnabled()) {
467                 _log.debug(
468                     "Do not import portlet roles for " + portletId +
469                         " because the portlet does not exist");
470             }
471         }
472         else {
473             importGroupRoles(
474                 layoutCache, companyId, groupId, resourceName, "community",
475                 rolesEl);
476 
477             importUserRoles(
478                 layoutCache, companyId, groupId, resourceName, rolesEl);
479 
480             importInheritedRoles(
481                 layoutCache, companyId, groupId, resourceName,
482                 "organization", rolesEl);
483 
484             importInheritedRoles(
485                 layoutCache, companyId, groupId, resourceName, "user-group",
486                 rolesEl);
487         }
488     }
489 
490     protected void importPortletRoles(
491             LayoutCache layoutCache, long companyId, long groupId,
492             Element rolesEl)
493         throws PortalException, SystemException {
494 
495         Iterator<Element> itr = rolesEl.elements("portlet").iterator();
496 
497         while (itr.hasNext()) {
498             Element portletEl = itr.next();
499 
500             String portletId = portletEl.attributeValue("portlet-id");
501 
502             String resourceName = PortletConstants.getRootPortletId(portletId);
503 
504             Portlet portlet = PortletLocalServiceUtil.getPortletById(
505                 companyId, resourceName);
506 
507             if (portlet == null) {
508                 if (_log.isDebugEnabled()) {
509                     _log.debug(
510                         "Do not import portlet roles for " + portletId +
511                             " because the portlet does not exist");
512                 }
513             }
514             else {
515                 importGroupRoles(
516                     layoutCache, companyId, groupId, resourceName, "community",
517                     portletEl);
518 
519                 importUserRoles(
520                     layoutCache, companyId, groupId, resourceName, portletEl);
521 
522                 importInheritedRoles(
523                     layoutCache, companyId, groupId, resourceName,
524                     "organization", portletEl);
525 
526                 importInheritedRoles(
527                     layoutCache, companyId, groupId, resourceName, "user-group",
528                     portletEl);
529             }
530         }
531     }
532 
533     protected void importRolePermissions(
534             LayoutCache layoutCache, long companyId, String resourceName,
535             int scope, String resourcePrimKey, Element parentEl,
536             boolean communityRole)
537         throws PortalException, SystemException {
538 
539         List<Element> roleEls = parentEl.elements("role");
540 
541         for (int i = 0; i < roleEls.size(); i++) {
542             Element roleEl = roleEls.get(i);
543 
544             String roleName = roleEl.attributeValue("name");
545 
546             Role role = layoutCache.getRole(companyId, roleName);
547 
548             if (role == null) {
549                 _log.warn(
550                     "Ignoring permissions for role with name " + roleName);
551             }
552             else {
553                 List<String> actions = getActions(roleEl);
554 
555                 PermissionLocalServiceUtil.setRolePermissions(
556                     role.getRoleId(), companyId, resourceName, scope,
557                     resourcePrimKey,
558                     actions.toArray(new String[actions.size()]));
559 
560                 if (communityRole) {
561                     long[] groupIds = {GetterUtil.getLong(resourcePrimKey)};
562 
563                     GroupLocalServiceUtil.addRoleGroups(
564                         role.getRoleId(), groupIds);
565                 }
566             }
567         }
568     }
569 
570     protected void importUserPermissions(
571             LayoutCache layoutCache, long companyId, long groupId,
572             String resourceName, String resourcePrimKey, Element parentEl,
573             boolean portletActions)
574         throws PortalException, SystemException {
575 
576         Element userPermissionsEl = parentEl.element("user-permissions");
577 
578         if (userPermissionsEl == null) {
579             return;
580         }
581 
582         List<Element> userActionsEls = userPermissionsEl.elements(
583             "user-actions");
584 
585         for (int i = 0; i < userActionsEls.size(); i++) {
586             Element userActionsEl = userActionsEls.get(i);
587 
588             String uuid = userActionsEl.attributeValue("uuid");
589 
590             User user = layoutCache.getUser(companyId, groupId, uuid);
591 
592             if (user == null) {
593                 if (_log.isWarnEnabled()) {
594                     _log.warn(
595                         "Ignoring permissions for user with uuid " + uuid);
596                 }
597             }
598             else {
599                 List<String> actions = getActions(userActionsEl);
600 
601                 Resource resource = layoutCache.getResource(
602                     companyId, groupId, resourceName,
603                     ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
604                     portletActions);
605 
606                 PermissionLocalServiceUtil.setUserPermissions(
607                     user.getUserId(),
608                     actions.toArray(new String[actions.size()]),
609                     resource.getResourceId());
610             }
611         }
612     }
613 
614     protected void importUserRoles(
615             LayoutCache layoutCache, long companyId, long groupId,
616             String resourceName, Element parentEl)
617         throws PortalException, SystemException {
618 
619         Element userRolesEl = parentEl.element("user-roles");
620 
621         if (userRolesEl == null) {
622             return;
623         }
624 
625         List<Element> userEls = userRolesEl.elements("user");
626 
627         for (int i = 0; i < userEls.size(); i++) {
628             Element userEl = userEls.get(i);
629 
630             String uuid = userEl.attributeValue("uuid");
631 
632             User user = layoutCache.getUser(companyId, groupId, uuid);
633 
634             if (user == null) {
635                 if (_log.isWarnEnabled()) {
636                     _log.warn("Ignoring roles for user with uuid " + uuid);
637                 }
638             }
639             else {
640                 importRolePermissions(
641                     layoutCache, companyId, resourceName,
642                     ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
643                     userEl, false);
644             }
645         }
646     }
647 
648     protected void readPortletDataPermissions(PortletDataContext context)
649         throws SystemException {
650 
651         try {
652             String xml = context.getZipEntryAsString(
653                 context.getSourceRootPath() + "/portlet-data-permissions.xml");
654 
655             if (xml == null) {
656                 return;
657             }
658 
659             Document doc = SAXReaderUtil.read(xml);
660 
661             Element root = doc.getRootElement();
662 
663             List<Element> portletDataEls = root.elements("portlet-data");
664 
665             for (Element portletDataEl : portletDataEls) {
666                 String resourceName = portletDataEl.attributeValue(
667                     "resource-name");
668                 long resourcePK = GetterUtil.getLong(
669                     portletDataEl.attributeValue("resource-pk"));
670 
671                 List<KeyValuePair> permissions = new ArrayList<KeyValuePair>();
672 
673                 List<Element> permissionsEls = portletDataEl.elements(
674                     "permissions");
675 
676                 for (Element permissionsEl : permissionsEls) {
677                     String roleName = permissionsEl.attributeValue("role-name");
678                     String actions = permissionsEl.attributeValue("actions");
679 
680                     KeyValuePair permission = new KeyValuePair(
681                         roleName, actions);
682 
683                     permissions.add(permission);
684                 }
685 
686                 context.addPermissions(resourceName, resourcePK, permissions);
687             }
688         }
689         catch (Exception e) {
690             throw new SystemException(e);
691         }
692     }
693 
694     private static Log _log = LogFactoryUtil.getLog(PermissionImporter.class);
695 
696 }