1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.NoSuchPermissionException;
18  import com.liferay.portal.PortalException;
19  import com.liferay.portal.SystemException;
20  import com.liferay.portal.kernel.log.Log;
21  import com.liferay.portal.kernel.log.LogFactoryUtil;
22  import com.liferay.portal.kernel.search.SearchEngineUtil;
23  import com.liferay.portal.kernel.util.GetterUtil;
24  import com.liferay.portal.kernel.util.ListUtil;
25  import com.liferay.portal.kernel.util.Validator;
26  import com.liferay.portal.model.Group;
27  import com.liferay.portal.model.OrgGroupPermission;
28  import com.liferay.portal.model.Organization;
29  import com.liferay.portal.model.Permission;
30  import com.liferay.portal.model.Resource;
31  import com.liferay.portal.model.ResourceCode;
32  import com.liferay.portal.model.ResourceConstants;
33  import com.liferay.portal.model.Role;
34  import com.liferay.portal.model.User;
35  import com.liferay.portal.model.UserGroup;
36  import com.liferay.portal.security.permission.PermissionCacheUtil;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.security.permission.ResourceActionsUtil;
39  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
40  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
41  import com.liferay.portal.util.PropsValues;
42  import com.liferay.portal.util.comparator.PermissionComparator;
43  
44  import java.util.ArrayList;
45  import java.util.HashSet;
46  import java.util.Iterator;
47  import java.util.List;
48  import java.util.Set;
49  
50  import org.apache.commons.lang.time.StopWatch;
51  
52  /**
53   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
54   *
55   * @author Charles May
56   * @author Brian Wing Shun Chan
57   * @author Raymond Augé
58   */
59  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
60  
61      public Permission addPermission(
62              long companyId, String actionId, long resourceId)
63          throws SystemException {
64  
65          Permission permission = permissionPersistence.fetchByA_R(
66              actionId, resourceId);
67  
68          if (permission == null) {
69              long permissionId = counterLocalService.increment(
70                  Permission.class.getName());
71  
72              permission = permissionPersistence.create(permissionId);
73  
74              permission.setCompanyId(companyId);
75              permission.setActionId(actionId);
76              permission.setResourceId(resourceId);
77  
78              permissionPersistence.update(permission, false);
79          }
80  
81          return permission;
82      }
83  
84      public List<Permission> addPermissions(
85              long companyId, String name, long resourceId,
86              boolean portletActions)
87          throws SystemException {
88  
89          List<String> actionIds = null;
90  
91          if (portletActions) {
92              actionIds = ResourceActionsUtil.getPortletResourceActions(name);
93          }
94          else {
95              actionIds = ResourceActionsUtil.getModelResourceActions(name);
96          }
97  
98          return addPermissions(companyId, actionIds, resourceId);
99      }
100 
101     public List<Permission> addPermissions(
102             long companyId, List<String> actionIds, long resourceId)
103         throws SystemException {
104 
105         List<Permission> permissions = permissionPersistence.findByResourceId(
106             resourceId);
107 
108         permissions = ListUtil.copy(permissions);
109 
110         Set<String> actionIdsSet = new HashSet<String>();
111 
112         for (Permission permission : permissions) {
113             actionIdsSet.add(permission.getActionId());
114         }
115 
116         for (String actionId : actionIds) {
117             if (actionIdsSet.contains(actionId)) {
118                 continue;
119             }
120 
121             long permissionId = counterLocalService.increment(
122                 Permission.class.getName());
123 
124             Permission permission = permissionPersistence.create(permissionId);
125 
126             permission.setCompanyId(companyId);
127             permission.setActionId(actionId);
128             permission.setResourceId(resourceId);
129 
130             try {
131                 permissionPersistence.update(permission, false);
132             }
133             catch (SystemException se) {
134                 if (_log.isWarnEnabled()) {
135                     _log.warn(
136                         "Add failed, fetch {actionId=" + actionId +
137                             ", resourceId=" + resourceId + "}");
138                 }
139 
140                 permission = permissionPersistence.fetchByA_R(
141                     actionId, resourceId, false);
142 
143                 if (permission == null) {
144                     throw se;
145                 }
146             }
147 
148             permissions.add(permission);
149         }
150 
151         return permissions;
152     }
153 
154     public void addUserPermissions(
155             long userId, String[] actionIds, long resourceId)
156         throws PortalException, SystemException {
157 
158         User user = userPersistence.findByPrimaryKey(userId);
159 
160         List<Permission> permissions = permissionFinder.findByU_R(
161             userId, resourceId);
162 
163         permissions = getPermissions(
164             user.getCompanyId(), actionIds, resourceId);
165 
166         userPersistence.addPermissions(userId, permissions);
167 
168         PermissionCacheUtil.clearCache();
169     }
170 
171     public List<String> getActions(List<Permission> permissions) {
172         List<String> actionIds = new ArrayList<String>();
173 
174         Iterator<Permission> itr = permissions.iterator();
175 
176         while (itr.hasNext()) {
177             Permission permission = itr.next();
178 
179             actionIds.add(permission.getActionId());
180         }
181 
182         return actionIds;
183     }
184 
185     public List<Permission> getGroupPermissions(long groupId, long resourceId)
186         throws SystemException {
187 
188         return permissionFinder.findByG_R(groupId, resourceId);
189     }
190 
191     public List<Permission> getGroupPermissions(
192             long groupId, long companyId, String name, int scope,
193             String primKey)
194         throws SystemException {
195 
196         return permissionFinder.findByG_C_N_S_P(
197             groupId, companyId, name, scope, primKey);
198     }
199 
200     public List<Permission> getOrgGroupPermissions(
201             long organizationId, long groupId, long resourceId)
202         throws SystemException {
203 
204         return permissionFinder.findByO_G_R(
205             organizationId, groupId, resourceId);
206     }
207 
208     public long getLatestPermissionId() throws SystemException {
209         List<Permission> permissions = permissionPersistence.findAll(
210             0, 1, new PermissionComparator());
211 
212         if (permissions.size() == 0) {
213             return 0;
214         }
215         else {
216             Permission permission = permissions.get(0);
217 
218             return permission.getPermissionId();
219         }
220     }
221 
222     public List<Permission> getPermissions(
223             long companyId, String[] actionIds, long resourceId)
224         throws SystemException {
225 
226         List<Permission> permissions = new ArrayList<Permission>();
227 
228         for (int i = 0; i < actionIds.length; i++) {
229             Permission permission = addPermission(
230                 companyId, actionIds[i], resourceId);
231 
232             permissions.add(permission);
233         }
234 
235         return permissions;
236     }
237 
238     public List<Permission> getRolePermissions(long roleId)
239         throws SystemException {
240 
241         return rolePersistence.getPermissions(roleId);
242     }
243 
244     public List<Permission> getRolePermissions(long roleId, long resourceId)
245         throws SystemException {
246 
247         return permissionFinder.findByR_R(roleId, resourceId);
248     }
249 
250     public List<Permission> getUserPermissions(long userId, long resourceId)
251         throws SystemException {
252 
253         return permissionFinder.findByU_R(userId, resourceId);
254     }
255 
256     public List<Permission> getUserPermissions(
257             long userId, long companyId, String name, int scope, String primKey)
258         throws SystemException {
259 
260         return permissionFinder.findByU_C_N_S_P(
261             userId, companyId, name, scope, primKey);
262     }
263 
264     public boolean hasGroupPermission(
265             long groupId, String actionId, long resourceId)
266         throws SystemException {
267 
268         Permission permission = permissionPersistence.fetchByA_R(
269             actionId, resourceId);
270 
271         // Return false if there is no permission based on the given action
272         // id and resource id
273 
274         if (permission == null) {
275             return false;
276         }
277 
278         return groupPersistence.containsPermission(
279             groupId, permission.getPermissionId());
280     }
281 
282     public boolean hasRolePermission(
283             long roleId, long companyId, String name, int scope,
284             String actionId)
285         throws SystemException {
286 
287         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
288             companyId, name, scope);
289 
290         if (permissionFinder.countByR_A_C(
291                 roleId, actionId, resourceCode.getCodeId()) > 0) {
292 
293             return true;
294         }
295         else {
296             return false;
297         }
298     }
299 
300     public boolean hasRolePermission(
301             long roleId, long companyId, String name, int scope, String primKey,
302             String actionId)
303         throws SystemException {
304 
305         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
306             companyId, name, scope);
307 
308         Resource resource = resourcePersistence.fetchByC_P(
309             resourceCode.getCodeId(), primKey);
310 
311         if (resource == null) {
312             return false;
313         }
314 
315         Permission permission = permissionPersistence.fetchByA_R(
316             actionId, resource.getResourceId());
317 
318         if (permission == null) {
319             return false;
320         }
321 
322         return rolePersistence.containsPermission(
323             roleId, permission.getPermissionId());
324     }
325 
326     public boolean hasUserPermission(
327             long userId, String actionId, long resourceId)
328         throws SystemException {
329 
330         Permission permission = permissionPersistence.fetchByA_R(
331             actionId, resourceId);
332 
333         // Return false if there is no permission based on the given action
334         // id and resource id
335 
336         if (permission == null) {
337             return false;
338         }
339 
340         return userPersistence.containsPermission(
341             userId, permission.getPermissionId());
342     }
343 
344     public boolean hasUserPermissions(
345             long userId, long groupId, List<Resource> resources,
346             String actionId, PermissionCheckerBag permissionCheckerBag)
347         throws PortalException, SystemException {
348 
349         StopWatch stopWatch = null;
350 
351         if (_log.isDebugEnabled()) {
352             stopWatch = new StopWatch();
353 
354             stopWatch.start();
355         }
356 
357         int block = 1;
358 
359         // Return false if there are no resources
360 
361         if (Validator.isNull(actionId) || resources.isEmpty()) {
362             return false;
363         }
364 
365         long[] resourceIds = null;
366 
367         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
368             resourceIds = new long[resources.size()];
369 
370             for (int i = 0; i < resources.size(); i++) {
371                 Resource resource = resources.get(i);
372 
373                 resourceIds[i] = resource.getResourceId();
374             }
375         }
376 
377         List<Permission> permissions = null;
378 
379         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
380             permissions = permissionFinder.findByA_R(actionId, resourceIds);
381 
382             // Return false if there are no permissions
383 
384             if (permissions.size() == 0) {
385                 return false;
386             }
387         }
388 
389         // Record logs with the first resource id
390 
391         long resourceId = 0;
392 
393         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
394             resourceId = resourceIds[0];
395         }
396         else {
397             resourceId = resources.get(0).getResourceId();
398         }
399 
400         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
401 
402         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
403         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
404         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
405         //List<Group> userUserGroupGroups =
406         //  permissionCheckerBag.getUserUserGroupGroups();
407         List<Group> groups = permissionCheckerBag.getGroups();
408         List<Role> roles = permissionCheckerBag.getRoles();
409 
410         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
411 
412         // Check the organization and community intersection table. Break out of
413         // this method if the user has one of the permissions set at the
414         // intersection because that takes priority.
415 
416         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
417         //  return true;
418         //}
419 
420         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
421 
422         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
423             return hasUserPermissions_1(
424                 userId, resourceId, actionId, permissions, groups, groupId,
425                 stopWatch, block);
426         }
427         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
428             return hasUserPermissions_2(
429                 userId, resourceId, actionId, permissions, groups, groupId,
430                 stopWatch, block);
431         }
432         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
433             return hasUserPermissions_3(
434                 userId, resourceId, actionId, permissions, groups, roles,
435                 stopWatch, block);
436         }
437         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
438             return hasUserPermissions_4(
439                 userId, resourceId, actionId, permissions, groups, roles,
440                 stopWatch, block);
441         }
442         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
443             return hasUserPermissions_5(
444                 userId, resourceId, actionId, permissions, roles, stopWatch,
445                 block);
446         }
447         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
448             return hasUserPermissions_6(
449                 userId, resourceId, resources, actionId, roles, stopWatch,
450                 block);
451         }
452 
453         return false;
454     }
455 
456     public void setGroupPermissions(
457             long groupId, String[] actionIds, long resourceId)
458         throws PortalException, SystemException {
459 
460         Group group = groupPersistence.findByPrimaryKey(groupId);
461 
462         List<Permission> permissions = permissionFinder.findByG_R(
463             groupId, resourceId);
464 
465         for (Permission permission : permissions) {
466             groupPersistence.removePermission(groupId, permission);
467         }
468 
469         permissions = getPermissions(
470             group.getCompanyId(), actionIds, resourceId);
471 
472         groupPersistence.addPermissions(groupId, permissions);
473 
474         PermissionCacheUtil.clearCache();
475     }
476 
477     public void setGroupPermissions(
478             String className, String classPK, long groupId,
479             String[] actionIds, long resourceId)
480         throws PortalException, SystemException {
481 
482         long associatedGroupId = 0;
483 
484         if (className.equals(Organization.class.getName())) {
485             long organizationId = GetterUtil.getLong(classPK);
486 
487             Organization organization =
488                 organizationPersistence.findByPrimaryKey(organizationId);
489 
490             orgGroupPermissionFinder.removeByO_G_R(
491                 organizationId, groupId, resourceId);
492 
493             associatedGroupId = organization.getGroup().getGroupId();
494         }
495         else if (className.equals(UserGroup.class.getName())) {
496             long userGroupId = GetterUtil.getLong(classPK);
497 
498             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
499                 userGroupId);
500 
501             associatedGroupId = userGroup.getGroup().getGroupId();
502         }
503 
504         setGroupPermissions(associatedGroupId, actionIds, resourceId);
505     }
506 
507     public void setOrgGroupPermissions(
508             long organizationId, long groupId, String[] actionIds,
509             long resourceId)
510         throws PortalException, SystemException {
511 
512         Organization organization =
513             organizationPersistence.findByPrimaryKey(organizationId);
514 
515         long orgGroupId = organization.getGroup().getGroupId();
516 
517         List<Permission> permissions = permissionPersistence.findByResourceId(
518             resourceId);
519 
520         for (Permission permission : permissions) {
521             groupPersistence.removePermission(orgGroupId, permission);
522         }
523 
524         permissions = getPermissions(
525             organization.getCompanyId(), actionIds, resourceId);
526 
527         orgGroupPermissionFinder.removeByO_G_R(
528             organizationId, groupId, resourceId);
529 
530         for (Permission permission : permissions) {
531             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
532                 organizationId, groupId, permission.getPermissionId());
533 
534             OrgGroupPermission orgGroupPermission =
535                 orgGroupPermissionPersistence.create(pk);
536 
537             orgGroupPermissionPersistence.update(orgGroupPermission, false);
538         }
539 
540         PermissionCacheUtil.clearCache();
541     }
542 
543     public void setRolePermission(
544             long roleId, long companyId, String name, int scope, String primKey,
545             String actionId)
546         throws PortalException, SystemException {
547 
548         if (scope == ResourceConstants.SCOPE_COMPANY) {
549 
550             // Remove group permission
551 
552             unsetRolePermissions(
553                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
554                 actionId);
555         }
556         else if (scope == ResourceConstants.SCOPE_GROUP) {
557 
558             // Remove company permission
559 
560             unsetRolePermissions(
561                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
562                 actionId);
563         }
564         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
565             throw new NoSuchPermissionException();
566         }
567 
568         Resource resource = resourceLocalService.addResource(
569             companyId, name, scope, primKey);
570 
571         long resourceId = resource.getResourceId();
572 
573         Permission permission = permissionPersistence.fetchByA_R(
574             actionId, resourceId);
575 
576         if (permission == null) {
577             long permissionId = counterLocalService.increment(
578                 Permission.class.getName());
579 
580             permission = permissionPersistence.create(permissionId);
581 
582             permission.setCompanyId(companyId);
583             permission.setActionId(actionId);
584             permission.setResourceId(resourceId);
585 
586             permissionPersistence.update(permission, false);
587         }
588 
589         rolePersistence.addPermission(roleId, permission);
590 
591         PermissionCacheUtil.clearCache();
592 
593         SearchEngineUtil.updatePermissionFields(resourceId);
594     }
595 
596     public void setRolePermissions(
597             long roleId, long companyId, String name, int scope, String primKey,
598             String[] actionIds)
599         throws PortalException, SystemException {
600 
601         for (int i = 0; i < actionIds.length; i++) {
602             String actionId = actionIds[i];
603 
604             setRolePermission(
605                 roleId, companyId, name, scope, primKey, actionId);
606         }
607     }
608 
609     public void setRolePermissions(
610             long roleId, String[] actionIds, long resourceId)
611         throws PortalException, SystemException {
612 
613         Role role = rolePersistence.findByPrimaryKey(roleId);
614 
615         List<Permission> permissions = permissionFinder.findByR_R(
616             roleId, resourceId);
617 
618         rolePersistence.removePermissions(roleId, permissions);
619 
620         permissions = getPermissions(
621             role.getCompanyId(), actionIds, resourceId);
622 
623         rolePersistence.addPermissions(roleId, permissions);
624 
625         PermissionCacheUtil.clearCache();
626 
627         SearchEngineUtil.updatePermissionFields(resourceId);
628     }
629 
630     public void setUserPermissions(
631             long userId, String[] actionIds, long resourceId)
632         throws PortalException, SystemException {
633 
634         User user = userPersistence.findByPrimaryKey(userId);
635 
636         List<Permission> permissions = permissionFinder.findByU_R(
637             userId, resourceId);
638 
639         userPersistence.removePermissions(userId, permissions);
640 
641         permissions = getPermissions(
642             user.getCompanyId(), actionIds, resourceId);
643 
644         userPersistence.addPermissions(userId, permissions);
645 
646         PermissionCacheUtil.clearCache();
647     }
648 
649     public void unsetRolePermission(long roleId, long permissionId)
650         throws SystemException {
651 
652         Permission permission = permissionPersistence.fetchByPrimaryKey(
653             permissionId);
654 
655         if (permission != null) {
656             rolePersistence.removePermission(roleId, permission);
657         }
658 
659         PermissionCacheUtil.clearCache();
660     }
661 
662     public void unsetRolePermission(
663             long roleId, long companyId, String name, int scope, String primKey,
664             String actionId)
665         throws SystemException {
666 
667         ResourceCode resourceCode =
668             resourceCodeLocalService.getResourceCode(
669                 companyId, name, scope);
670 
671         Resource resource = resourcePersistence.fetchByC_P(
672             resourceCode.getCodeId(), primKey);
673 
674         if (resource != null) {
675             Permission permission = permissionPersistence.fetchByA_R(
676                 actionId, resource.getResourceId());
677 
678             if (permission != null) {
679                 rolePersistence.removePermission(roleId, permission);
680             }
681         }
682 
683         PermissionCacheUtil.clearCache();
684     }
685 
686     public void unsetRolePermissions(
687             long roleId, long companyId, String name, int scope,
688             String actionId)
689         throws SystemException {
690 
691         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
692             companyId, name, scope);
693 
694         List<Permission> permissions = permissionFinder.findByA_C(
695             actionId, resourceCode.getCodeId());
696 
697         for (Permission permission : permissions) {
698             rolePersistence.removePermission(roleId, permission);
699         }
700 
701         PermissionCacheUtil.clearCache();
702     }
703 
704     public void unsetUserPermissions(
705             long userId, String[] actionIds, long resourceId)
706         throws SystemException {
707 
708         List<Permission> permissions = permissionFinder.findByU_A_R(
709             userId, actionIds, resourceId);
710 
711         userPersistence.removePermissions(userId, permissions);
712 
713         PermissionCacheUtil.clearCache();
714     }
715 
716     protected boolean checkOrgGroupPermission(
717             List<Organization> organizations, List<Group> groups,
718             List<Permission> permissions)
719         throws PortalException, SystemException {
720 
721         for (Permission permission : permissions) {
722             if (checkOrgGroupPermission(organizations, groups, permission)) {
723                 return true;
724             }
725         }
726 
727         return false;
728     }
729 
730     protected boolean checkOrgGroupPermission(
731             List<Organization> organizations, List<Group> groups,
732             Permission permission)
733         throws PortalException, SystemException {
734 
735         // Do not check for an OrgGroupPermission intersection unless there is
736         // at least one organization and one group to check
737 
738         if ((organizations.size() == 0) || (groups.size() == 0)) {
739             return false;
740         }
741 
742         // Do not check unless the OrgGroupPermission intersection contains at
743         // least one permission
744 
745         List<OrgGroupPermission> orgGroupPermissions =
746             orgGroupPermissionPersistence.findByPermissionId(
747                 permission.getPermissionId());
748 
749         if (orgGroupPermissions.size() == 0) {
750             return false;
751         }
752 
753         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
754             if (orgGroupPermission.containsOrganization(organizations) &&
755                 orgGroupPermission.containsGroup(groups)) {
756 
757                 return true;
758             }
759         }
760 
761         // Throw an exception so that we do not continue checking permissions.
762         // The user has a specific permission given in the OrgGroupPermission
763         // intersection that prohibits him from going further.
764 
765         throw new NoSuchPermissionException(
766             "User has a permission in OrgGroupPermission that does not match");
767     }
768 
769     protected boolean hasUserPermissions_1(
770             long userId, long resourceId, String actionId,
771             List<Permission> permissions, List<Group> groups, long groupId,
772             StopWatch stopWatch, int block)
773         throws SystemException {
774 
775         // Is the user connected to one of the permissions via group or
776         // organization roles?
777 
778         if (groups.size() > 0) {
779             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
780                 return true;
781             }
782         }
783 
784         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
785 
786         // Is the user associated with groups or organizations that are directly
787         // connected to one of the permissions?
788 
789         if (groups.size() > 0) {
790             if (permissionFinder.countByGroupsPermissions(
791                     permissions, groups) > 0) {
792 
793                 return true;
794             }
795         }
796 
797         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
798 
799         // Is the user connected to one of the permissions via user roles?
800 
801         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
802             return true;
803         }
804 
805         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
806 
807         // Is the user connected to one of the permissions via user group roles?
808 
809         if (permissionFinder.countByUserGroupRole(
810                 permissions, userId, groupId) > 0) {
811 
812             return true;
813         }
814 
815         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
816 
817         // Is the user directly connected to one of the permissions?
818 
819         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
820             return true;
821         }
822 
823         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
824 
825         return false;
826     }
827 
828     protected boolean hasUserPermissions_2(
829             long userId, long resourceId, String actionId,
830             List<Permission> permissions, List<Group> groups, long groupId,
831             StopWatch stopWatch, int block)
832         throws SystemException {
833 
834         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
835         // countByUserGroupRole, and countByUsersPermissions in one method
836 
837         if (permissionFinder.containsPermissions_2(
838                 permissions, userId, groups, groupId)) {
839 
840             return true;
841         }
842 
843         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
844 
845         return false;
846     }
847 
848     protected boolean hasUserPermissions_3(
849             long userId, long resourceId, String actionId,
850             List<Permission> permissions, List<Group> groups, List<Role> roles,
851             StopWatch stopWatch, int block)
852         throws SystemException {
853 
854         // Is the user associated with groups or organizations that are directly
855         // connected to one of the permissions?
856 
857         if (groups.size() > 0) {
858             if (permissionFinder.countByGroupsPermissions(
859                     permissions, groups) > 0) {
860 
861                 return true;
862             }
863         }
864 
865         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
866 
867         // Is the user associated with a role that is directly connected to one
868         // of the permissions?
869 
870         if (roles.size() > 0) {
871             if (permissionFinder.countByRolesPermissions(
872                     permissions, roles) > 0) {
873 
874                 return true;
875             }
876         }
877 
878         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
879 
880         // Is the user directly connected to one of the permissions?
881 
882         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
883             return true;
884         }
885 
886         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
887 
888         return false;
889     }
890 
891     protected boolean hasUserPermissions_4(
892             long userId, long resourceId, String actionId,
893             List<Permission> permissions, List<Group> groups, List<Role> roles,
894             StopWatch stopWatch, int block)
895         throws SystemException {
896 
897         // Call countByGroupsPermissions, countByRolesPermissions, and
898         // countByUsersPermissions in one method
899 
900         if (permissionFinder.containsPermissions_4(
901                 permissions, userId, groups, roles)) {
902 
903             return true;
904         }
905 
906         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
907 
908         return false;
909     }
910 
911     protected boolean hasUserPermissions_5(
912             long userId, long resourceId, String actionId,
913             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
914             int block)
915         throws SystemException {
916 
917         if (roles.size() > 0) {
918             if (permissionFinder.countByRolesPermissions(
919                     permissions, roles) > 0) {
920 
921                 return true;
922             }
923         }
924 
925         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
926 
927         return false;
928     }
929 
930     protected boolean hasUserPermissions_6(
931             long userId, long resourceId, List<Resource> resources,
932             String actionId, List<Role> roles, StopWatch stopWatch,
933             int block)
934         throws PortalException, SystemException {
935 
936         // Iterate the list of resources in reverse order to test permissions
937         // from company scope to individual scope because it is more likely that
938         // a permission is assigned at a higher scope. Optimizing this method
939         // to one SQL call may actually slow things down since most of the calls
940         // will pull from the cache after the first request.
941 
942         for (int i = resources.size() - 1; i >= 0; i--) {
943             Resource resource = resources.get(i);
944 
945             for (Role role : roles) {
946                 if (resourcePermissionLocalService.hasResourcePermission(
947                         resource.getCompanyId(), resource.getName(),
948                         resource.getScope(), resource.getPrimKey(),
949                         role.getRoleId(), actionId)) {
950 
951                     return true;
952                 }
953             }
954         }
955 
956         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
957 
958         return false;
959     }
960 
961     protected void logHasUserPermissions(
962         long userId, long resourceId, String actionId, StopWatch stopWatch,
963         int block) {
964 
965         if (!_log.isDebugEnabled()) {
966             return;
967         }
968 
969         _log.debug(
970             "Checking user permissions block " + block + " for " + userId +
971                 " " + resourceId + " " + actionId + " takes " +
972                     stopWatch.getTime() + " ms");
973     }
974 
975     private static Log _log = LogFactoryUtil.getLog(
976         PermissionLocalServiceImpl.class);
977 
978 }