1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portlet.portletconfiguration.action;
16  
17  import com.liferay.portal.kernel.servlet.SessionErrors;
18  import com.liferay.portal.kernel.util.Constants;
19  import com.liferay.portal.kernel.util.ParamUtil;
20  import com.liferay.portal.kernel.util.StringUtil;
21  import com.liferay.portal.kernel.util.Validator;
22  import com.liferay.portal.model.Layout;
23  import com.liferay.portal.model.Organization;
24  import com.liferay.portal.model.Portlet;
25  import com.liferay.portal.model.PortletConstants;
26  import com.liferay.portal.model.Resource;
27  import com.liferay.portal.model.UserGroup;
28  import com.liferay.portal.security.auth.PrincipalException;
29  import com.liferay.portal.service.PermissionServiceUtil;
30  import com.liferay.portal.service.PortletLocalServiceUtil;
31  import com.liferay.portal.service.ResourceLocalServiceUtil;
32  import com.liferay.portal.service.ResourcePermissionServiceUtil;
33  import com.liferay.portal.servlet.filters.cache.CacheUtil;
34  import com.liferay.portal.theme.ThemeDisplay;
35  import com.liferay.portal.util.PropsValues;
36  import com.liferay.portal.util.WebKeys;
37  
38  import java.util.ArrayList;
39  import java.util.Enumeration;
40  import java.util.List;
41  
42  import javax.portlet.ActionRequest;
43  import javax.portlet.ActionResponse;
44  import javax.portlet.PortletConfig;
45  import javax.portlet.RenderRequest;
46  import javax.portlet.RenderResponse;
47  
48  import org.apache.struts.action.ActionForm;
49  import org.apache.struts.action.ActionForward;
50  import org.apache.struts.action.ActionMapping;
51  
52  /**
53   * <a href="EditPermissionsAction.java.html"><b><i>View Source</i></b></a>
54   *
55   * @author Brian Wing Shun Chan
56   */
57  public class EditPermissionsAction extends EditConfigurationAction {
58  
59      public void processAction(
60              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
61              ActionRequest actionRequest, ActionResponse actionResponse)
62          throws Exception {
63  
64          String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
65  
66          try {
67              if (cmd.equals("group_permissions")) {
68                  updateGroupPermissions(actionRequest);
69              }
70              else if (cmd.equals("guest_permissions")) {
71                  updateGuestPermissions(actionRequest);
72              }
73              else if (cmd.equals("organization_permissions")) {
74                  updateOrganizationPermissions(actionRequest);
75              }
76              else if (cmd.equals("role_permissions")) {
77                  updateRolePermissions(actionRequest);
78              }
79              else if (cmd.equals("user_group_permissions")) {
80                  updateUserGroupPermissions(actionRequest);
81              }
82              else if (cmd.equals("user_permissions")) {
83                  updateUserPermissions(actionRequest);
84              }
85  
86              if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) {
87                  String redirect = ParamUtil.getString(
88                      actionRequest, "permissionsRedirect");
89  
90                  sendRedirect(actionRequest, actionResponse, redirect);
91              }
92              else {
93                  addSuccessMessage(actionRequest, actionResponse);
94              }
95          }
96          catch (Exception e) {
97              if (e instanceof PrincipalException) {
98                  SessionErrors.add(actionRequest, e.getClass().getName());
99  
100                 setForward(
101                     actionRequest, "portlet.portlet_configuration.error");
102             }
103             else {
104                 throw e;
105             }
106         }
107     }
108 
109     public ActionForward render(
110             ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
111             RenderRequest renderRequest, RenderResponse renderResponse)
112         throws Exception {
113 
114         ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
115             WebKeys.THEME_DISPLAY);
116 
117         long groupId = themeDisplay.getScopeGroupId();
118 
119         String portletResource = ParamUtil.getString(
120             renderRequest, "portletResource");
121         String modelResource = ParamUtil.getString(
122             renderRequest, "modelResource");
123         String resourcePrimKey = ParamUtil.getString(
124             renderRequest, "resourcePrimKey");
125 
126         String selResource = portletResource;
127 
128         if (Validator.isNotNull(modelResource)) {
129             selResource = modelResource;
130         }
131 
132         try {
133             PermissionServiceUtil.checkPermission(
134                 groupId, selResource, resourcePrimKey);
135         }
136         catch (PrincipalException pe) {
137             SessionErrors.add(
138                 renderRequest, PrincipalException.class.getName());
139 
140             setForward(renderRequest, "portlet.portlet_configuration.error");
141         }
142 
143         Portlet portlet = PortletLocalServiceUtil.getPortletById(
144             themeDisplay.getCompanyId(), portletResource);
145 
146         if (portlet != null) {
147             renderResponse.setTitle(getTitle(portlet, renderRequest));
148         }
149 
150         return mapping.findForward(getForward(
151             renderRequest, "portlet.portlet_configuration.edit_permissions"));
152     }
153 
154     protected String[] getActionIds(ActionRequest actionRequest, long roleId) {
155         List<String> actionIds = new ArrayList<String>();
156 
157         Enumeration<String> enu = actionRequest.getParameterNames();
158 
159         while (enu.hasMoreElements()) {
160             String name = enu.nextElement();
161 
162             if (name.startsWith(roleId + "_ACTION_")) {
163                 int pos = name.indexOf("_ACTION_");
164 
165                 String actionId = name.substring(pos + 8);
166 
167                 actionIds.add(actionId);
168             }
169         }
170 
171         return actionIds.toArray(new String[actionIds.size()]);
172     }
173 
174     protected void updateGroupPermissions(ActionRequest actionRequest)
175         throws Exception {
176 
177         Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
178 
179         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
180         long groupId = ParamUtil.getLong(actionRequest, "groupId");
181         String[] actionIds = StringUtil.split(
182             ParamUtil.getString(actionRequest, "groupIdActionIds"));
183 
184         PermissionServiceUtil.setGroupPermissions(
185             groupId, actionIds, resourceId);
186 
187         if (!layout.isPrivateLayout()) {
188             Resource resource =
189                 ResourceLocalServiceUtil.getResource(resourceId);
190 
191             if (resource.getPrimKey().startsWith(
192                     layout.getPlid() + PortletConstants.LAYOUT_SEPARATOR)) {
193 
194                 CacheUtil.clearCache(layout.getCompanyId());
195             }
196         }
197     }
198 
199     protected void updateGuestPermissions(ActionRequest actionRequest)
200         throws Exception {
201 
202         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
203             WebKeys.THEME_DISPLAY);
204 
205         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
206         String[] actionIds = StringUtil.split(
207             ParamUtil.getString(actionRequest, "guestActionIds"));
208 
209         PermissionServiceUtil.setUserPermissions(
210             themeDisplay.getDefaultUserId(), themeDisplay.getScopeGroupId(),
211             actionIds, resourceId);
212     }
213 
214     protected void updateOrganizationPermissions(ActionRequest actionRequest)
215         throws Exception {
216 
217         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
218             WebKeys.THEME_DISPLAY);
219 
220         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
221         long organizationId = ParamUtil.getLong(
222             actionRequest, "organizationIdsPosValue");
223         String[] actionIds = StringUtil.split(
224             ParamUtil.getString(actionRequest, "organizationIdActionIds"));
225         //boolean organizationIntersection = ParamUtil.getBoolean(
226         //  actionRequest, "organizationIntersection");
227 
228         //if (!organizationIntersection) {
229             PermissionServiceUtil.setGroupPermissions(
230                 Organization.class.getName(), String.valueOf(organizationId),
231                 themeDisplay.getScopeGroupId(), actionIds, resourceId);
232         /*}
233         else {
234             PermissionServiceUtil.setOrgGroupPermissions(
235                 organizationId, layout.getGroupId(), actionIds, resourceId);
236         }*/
237     }
238 
239     protected void updateRolePermissions(ActionRequest actionRequest)
240         throws Exception {
241 
242         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
243             updateRolePermissions_5(actionRequest);
244         }
245         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
246             updateRolePermissions_6(actionRequest);
247         }
248         else {
249             updateRolePermissions_1to4(actionRequest);
250         }
251     }
252 
253     protected void updateRolePermissions_1to4(ActionRequest actionRequest)
254         throws Exception {
255 
256         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
257             WebKeys.THEME_DISPLAY);
258 
259         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
260         long roleId = ParamUtil.getLong(actionRequest, "roleIdsPosValue");
261         String[] actionIds = StringUtil.split(
262             ParamUtil.getString(actionRequest, "roleIdActionIds"));
263 
264         PermissionServiceUtil.setRolePermissions(
265             roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
266     }
267 
268     protected void updateRolePermissions_5(ActionRequest actionRequest)
269         throws Exception {
270 
271         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
272             WebKeys.THEME_DISPLAY);
273 
274         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
275         long[] roleIds = StringUtil.split(
276             ParamUtil.getString(
277                 actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
278 
279         for (long roleId : roleIds) {
280             String[] actionIds = getActionIds(actionRequest, roleId);
281 
282             PermissionServiceUtil.setRolePermissions(
283                 roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
284         }
285     }
286 
287     protected void updateRolePermissions_6(ActionRequest actionRequest)
288         throws Exception {
289 
290         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
291             WebKeys.THEME_DISPLAY);
292 
293         String portletResource = ParamUtil.getString(
294             actionRequest, "portletResource");
295         String modelResource = ParamUtil.getString(
296             actionRequest, "modelResource");
297         long[] roleIds = StringUtil.split(
298             ParamUtil.getString(
299                 actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
300 
301         String selResource = PortletConstants.getRootPortletId(portletResource);
302 
303         if (Validator.isNotNull(modelResource)) {
304             selResource = modelResource;
305         }
306 
307         String resourcePrimKey = ParamUtil.getString(
308             actionRequest, "resourcePrimKey");
309 
310         for (long roleId : roleIds) {
311             String[] actionIds = getActionIds(actionRequest, roleId);
312 
313             ResourcePermissionServiceUtil.setIndividualResourcePermissions(
314                 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
315                 selResource, resourcePrimKey, roleId, actionIds);
316         }
317     }
318 
319     protected void updateUserGroupPermissions(ActionRequest actionRequest)
320         throws Exception {
321 
322         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
323             WebKeys.THEME_DISPLAY);
324 
325         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
326         long userGroupId = ParamUtil.getLong(
327             actionRequest, "userGroupIdsPosValue");
328         String[] actionIds = StringUtil.split(
329             ParamUtil.getString(actionRequest, "userGroupIdActionIds"));
330 
331         PermissionServiceUtil.setGroupPermissions(
332             UserGroup.class.getName(), String.valueOf(userGroupId),
333             themeDisplay.getScopeGroupId(), actionIds, resourceId);
334     }
335 
336     protected void updateUserPermissions(ActionRequest actionRequest)
337         throws Exception {
338 
339         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
340             WebKeys.THEME_DISPLAY);
341 
342         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
343         long userId = ParamUtil.getLong(actionRequest, "userIdsPosValue");
344         String[] actionIds = StringUtil.split(
345             ParamUtil.getString(actionRequest, "userIdActionIds"));
346 
347         PermissionServiceUtil.setUserPermissions(
348             userId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
349     }
350 
351 }