1
14
15 package com.liferay.portal.lar;
16
17 import com.liferay.portal.PortalException;
18 import com.liferay.portal.SystemException;
19 import com.liferay.portal.kernel.log.Log;
20 import com.liferay.portal.kernel.log.LogFactoryUtil;
21 import com.liferay.portal.kernel.util.GetterUtil;
22 import com.liferay.portal.kernel.util.KeyValuePair;
23 import com.liferay.portal.kernel.xml.Document;
24 import com.liferay.portal.kernel.xml.Element;
25 import com.liferay.portal.kernel.xml.SAXReaderUtil;
26 import com.liferay.portal.model.Group;
27 import com.liferay.portal.model.GroupConstants;
28 import com.liferay.portal.model.Layout;
29 import com.liferay.portal.model.Portlet;
30 import com.liferay.portal.model.PortletConstants;
31 import com.liferay.portal.model.Resource;
32 import com.liferay.portal.model.ResourceConstants;
33 import com.liferay.portal.model.Role;
34 import com.liferay.portal.model.User;
35 import com.liferay.portal.service.GroupLocalServiceUtil;
36 import com.liferay.portal.service.PermissionLocalServiceUtil;
37 import com.liferay.portal.service.PortletLocalServiceUtil;
38 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
39 import com.liferay.portal.service.RoleLocalServiceUtil;
40 import com.liferay.portal.service.permission.PortletPermissionUtil;
41 import com.liferay.portal.util.PropsValues;
42
43 import java.util.ArrayList;
44 import java.util.Iterator;
45 import java.util.List;
46
47
60 public class PermissionImporter {
61
62 protected List<String> getActions(Element el) {
63 List<String> actions = new ArrayList<String>();
64
65 Iterator<Element> itr = el.elements("action-key").iterator();
66
67 while (itr.hasNext()) {
68 Element actionEl = itr.next();
69
70 actions.add(actionEl.getText());
71 }
72
73 return actions;
74 }
75
76 protected void importGroupPermissions(
77 LayoutCache layoutCache, long companyId, long groupId,
78 String resourceName, String resourcePrimKey, Element parentEl,
79 String elName, boolean portletActions)
80 throws PortalException, SystemException {
81
82 Element actionEl = parentEl.element(elName);
83
84 if (actionEl == null) {
85 return;
86 }
87
88 List<String> actions = getActions(actionEl);
89
90 Resource resource = layoutCache.getResource(
91 companyId, groupId, resourceName,
92 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
93 portletActions);
94
95 PermissionLocalServiceUtil.setGroupPermissions(
96 groupId, actions.toArray(new String[actions.size()]),
97 resource.getResourceId());
98 }
99
100 protected void importGroupRoles(
101 LayoutCache layoutCache, long companyId, long groupId,
102 String resourceName, String entityName,
103 Element parentEl)
104 throws PortalException, SystemException {
105
106 Element entityRolesEl = parentEl.element(entityName + "-roles");
107
108 if (entityRolesEl == null) {
109 return;
110 }
111
112 importRolePermissions(
113 layoutCache, companyId, resourceName, ResourceConstants.SCOPE_GROUP,
114 String.valueOf(groupId), entityRolesEl, true);
115 }
116
117 protected void importInheritedPermissions(
118 LayoutCache layoutCache, long companyId, String resourceName,
119 String resourcePrimKey, Element permissionsEl, String entityName,
120 boolean portletActions)
121 throws PortalException, SystemException {
122
123 Element entityPermissionsEl = permissionsEl.element(
124 entityName + "-permissions");
125
126 if (entityPermissionsEl == null) {
127 return;
128 }
129
130 List<Element> actionsEls = entityPermissionsEl.elements(
131 entityName + "-actions");
132
133 for (int i = 0; i < actionsEls.size(); i++) {
134 Element actionEl = actionsEls.get(i);
135
136 String name = actionEl.attributeValue("name");
137
138 long entityGroupId = layoutCache.getEntityGroupId(
139 companyId, entityName, name);
140
141 if (entityGroupId == 0) {
142 _log.warn(
143 "Ignore inherited permissions for entity " + entityName +
144 " with name " + name);
145 }
146 else {
147 Element parentEl = SAXReaderUtil.createElement("parent");
148
149 parentEl.add(actionEl.createCopy());
150
151 importGroupPermissions(
152 layoutCache, companyId, entityGroupId, resourceName,
153 resourcePrimKey, parentEl, entityName + "-actions",
154 portletActions);
155 }
156 }
157 }
158
159 protected void importInheritedRoles(
160 LayoutCache layoutCache, long companyId, long groupId,
161 String resourceName, String entityName, Element parentEl)
162 throws PortalException, SystemException {
163
164 Element entityRolesEl = parentEl.element(entityName + "-roles");
165
166 if (entityRolesEl == null) {
167 return;
168 }
169
170 List<Element> entityEls = entityRolesEl.elements(entityName);
171
172 for (int i = 0; i < entityEls.size(); i++) {
173 Element entityEl = entityEls.get(i);
174
175 String name = entityEl.attributeValue("name");
176
177 long entityGroupId = layoutCache.getEntityGroupId(
178 companyId, entityName, name);
179
180 if (entityGroupId == 0) {
181 _log.warn(
182 "Ignore inherited roles for entity " + entityName +
183 " with name " + name);
184 }
185 else {
186 importRolePermissions(
187 layoutCache, companyId, resourceName,
188 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
189 entityEl, false);
190 }
191 }
192 }
193
194 protected void importLayoutPermissions(
195 LayoutCache layoutCache, long companyId, long groupId, long userId,
196 Layout layout, Element layoutEl, Element parentEl,
197 boolean importUserPermissions)
198 throws PortalException, SystemException {
199
200 Element permissionsEl = layoutEl.element("permissions");
201
202 if (permissionsEl != null) {
203 String resourceName = Layout.class.getName();
204 String resourcePrimKey = String.valueOf(layout.getPlid());
205
206 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
207 importPermissions_5(
208 layoutCache, companyId, groupId, userId, resourceName,
209 resourcePrimKey, permissionsEl, false);
210 }
211 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
212 importPermissions_6(
213 layoutCache, companyId, groupId, userId, resourceName,
214 resourcePrimKey, permissionsEl, false);
215 }
216 else {
217 Group guestGroup = GroupLocalServiceUtil.getGroup(
218 companyId, GroupConstants.GUEST);
219
220 importLayoutPermissions_1to4(
221 layoutCache, companyId, groupId, guestGroup, layout,
222 resourceName, resourcePrimKey, permissionsEl,
223 importUserPermissions);
224 }
225 }
226
227 Element rolesEl = parentEl.element("roles");
228
229 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
230 (rolesEl != null)) {
231
232 importLayoutRoles(layoutCache, companyId, groupId, rolesEl);
233 }
234 }
235
236 protected void importLayoutPermissions_1to4(
237 LayoutCache layoutCache, long companyId, long groupId,
238 Group guestGroup, Layout layout, String resourceName,
239 String resourcePrimKey, Element permissionsEl,
240 boolean importUserPermissions)
241 throws PortalException, SystemException {
242
243 importGroupPermissions(
244 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
245 permissionsEl, "community-actions", false);
246
247 if (groupId != guestGroup.getGroupId()) {
248 importGroupPermissions(
249 layoutCache, companyId, guestGroup.getGroupId(), resourceName,
250 resourcePrimKey, permissionsEl, "guest-actions", false);
251 }
252
253 if (importUserPermissions) {
254 importUserPermissions(
255 layoutCache, companyId, groupId, resourceName, resourcePrimKey,
256 permissionsEl, false);
257 }
258
259 importInheritedPermissions(
260 layoutCache, companyId, resourceName, resourcePrimKey,
261 permissionsEl, "organization", false);
262
263 importInheritedPermissions(
264 layoutCache, companyId, resourceName, resourcePrimKey,
265 permissionsEl, "user-group", false);
266 }
267
268 protected void importLayoutRoles(
269 LayoutCache layoutCache, long companyId, long groupId,
270 Element rolesEl)
271 throws PortalException, SystemException {
272
273 String resourceName = Layout.class.getName();
274
275 importGroupRoles(
276 layoutCache, companyId, groupId, resourceName, "community",
277 rolesEl);
278
279 importUserRoles(layoutCache, companyId, groupId, resourceName, rolesEl);
280
281 importInheritedRoles(
282 layoutCache, companyId, groupId, resourceName, "organization",
283 rolesEl);
284
285 importInheritedRoles(
286 layoutCache, companyId, groupId, resourceName, "user-group",
287 rolesEl);
288 }
289
290 protected void importPermissions_5(
291 LayoutCache layoutCache, long companyId, long groupId, long userId,
292 String resourceName, String resourcePrimKey, Element permissionsEl,
293 boolean portletActions)
294 throws PortalException, SystemException {
295
296 Resource resource = layoutCache.getResource(
297 companyId, groupId, resourceName,
298 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
299 portletActions);
300
301 List<Element> roleEls = permissionsEl.elements("role");
302
303 for (Element roleEl : roleEls) {
304 String name = roleEl.attributeValue("name");
305
306 Role role = layoutCache.getRole(companyId, name);
307
308 if (role == null) {
309 String description = roleEl.attributeValue("description");
310 int type = Integer.valueOf(roleEl.attributeValue("type"));
311
312 role = RoleLocalServiceUtil.addRole(
313 userId, companyId, name, description, type);
314 }
315
316 List<String> actions = getActions(roleEl);
317
318 PermissionLocalServiceUtil.setRolePermissions(
319 role.getRoleId(), actions.toArray(new String[actions.size()]),
320 resource.getResourceId());
321 }
322 }
323
324 protected void importPermissions_6(
325 LayoutCache layoutCache, long companyId, long groupId, long userId,
326 String resourceName, String resourcePrimKey, Element permissionsEl,
327 boolean portletActions)
328 throws PortalException, SystemException {
329
330 List<Element> roleEls = permissionsEl.elements("role");
331
332 for (Element roleEl : roleEls) {
333 String name = roleEl.attributeValue("name");
334
335 Role role = layoutCache.getRole(companyId, name);
336
337 if (role == null) {
338 String description = roleEl.attributeValue("description");
339 int type = Integer.valueOf(roleEl.attributeValue("type"));
340
341 role = RoleLocalServiceUtil.addRole(
342 userId, companyId, name, description, type);
343 }
344
345 List<String> actions = getActions(roleEl);
346
347 ResourcePermissionLocalServiceUtil.setResourcePermissions(
348 companyId, resourceName, ResourceConstants.SCOPE_INDIVIDUAL,
349 resourcePrimKey, role.getRoleId(),
350 actions.toArray(new String[actions.size()]));
351 }
352 }
353
354 protected void importPortletPermissions(
355 LayoutCache layoutCache, long companyId, long groupId, long userId,
356 Layout layout, Element portletEl, String portletId,
357 boolean importUserPermissions)
358 throws PortalException, SystemException {
359
360 Element permissionsEl = portletEl.element("permissions");
361
362 if (permissionsEl != null) {
363 String resourceName = PortletConstants.getRootPortletId(portletId);
364
365 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
366 layout.getPlid(), portletId);
367
368 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
369 importPermissions_5(
370 layoutCache, companyId, groupId, userId, resourceName,
371 resourcePrimKey, permissionsEl, true);
372 }
373 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
374 importPermissions_6(
375 layoutCache, companyId, groupId, userId, resourceName,
376 resourcePrimKey, permissionsEl, true);
377 }
378 else {
379 Group guestGroup = GroupLocalServiceUtil.getGroup(
380 companyId, GroupConstants.GUEST);
381
382 importPortletPermissions_1to4(
383 layoutCache, companyId, groupId, guestGroup, layout,
384 permissionsEl, importUserPermissions);
385 }
386 }
387
388 Element rolesEl = portletEl.element("roles");
389
390 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) &&
391 (rolesEl != null)) {
392
393 importPortletRoles(layoutCache, companyId, groupId, portletEl);
394 importPortletRoles(
395 layoutCache, companyId, groupId, portletId, rolesEl);
396 }
397 }
398
399 protected void importPortletPermissions_1to4(
400 LayoutCache layoutCache, long companyId, long groupId,
401 Group guestGroup, Layout layout, Element permissionsEl,
402 boolean importUserPermissions)
403 throws PortalException, SystemException {
404
405 Iterator<Element> itr = permissionsEl.elements("portlet").iterator();
406
407 while (itr.hasNext()) {
408 Element portletEl = itr.next();
409
410 String portletId = portletEl.attributeValue("portlet-id");
411
412 String resourceName = PortletConstants.getRootPortletId(portletId);
413 String resourcePrimKey = PortletPermissionUtil.getPrimaryKey(
414 layout.getPlid(), portletId);
415
416 Portlet portlet = PortletLocalServiceUtil.getPortletById(
417 companyId, resourceName);
418
419 if (portlet == null) {
420 if (_log.isDebugEnabled()) {
421 _log.debug(
422 "Do not import portlet permissions for " + portletId +
423 " because the portlet does not exist");
424 }
425 }
426 else {
427 importGroupPermissions(
428 layoutCache, companyId, groupId, resourceName,
429 resourcePrimKey, portletEl, "community-actions", true);
430
431 if (groupId != guestGroup.getGroupId()) {
432 importGroupPermissions(
433 layoutCache, companyId, guestGroup.getGroupId(),
434 resourceName, resourcePrimKey, portletEl,
435 "guest-actions", true);
436 }
437
438 if (importUserPermissions) {
439 importUserPermissions(
440 layoutCache, companyId, groupId, resourceName,
441 resourcePrimKey, portletEl, true);
442 }
443
444 importInheritedPermissions(
445 layoutCache, companyId, resourceName, resourcePrimKey,
446 portletEl, "organization", true);
447
448 importInheritedPermissions(
449 layoutCache, companyId, resourceName, resourcePrimKey,
450 portletEl, "user-group", true);
451 }
452 }
453 }
454
455 protected void importPortletRoles(
456 LayoutCache layoutCache, long companyId, long groupId,
457 String portletId, Element rolesEl)
458 throws PortalException, SystemException {
459
460 String resourceName = PortletConstants.getRootPortletId(portletId);
461
462 Portlet portlet = PortletLocalServiceUtil.getPortletById(
463 companyId, resourceName);
464
465 if (portlet == null) {
466 if (_log.isDebugEnabled()) {
467 _log.debug(
468 "Do not import portlet roles for " + portletId +
469 " because the portlet does not exist");
470 }
471 }
472 else {
473 importGroupRoles(
474 layoutCache, companyId, groupId, resourceName, "community",
475 rolesEl);
476
477 importUserRoles(
478 layoutCache, companyId, groupId, resourceName, rolesEl);
479
480 importInheritedRoles(
481 layoutCache, companyId, groupId, resourceName,
482 "organization", rolesEl);
483
484 importInheritedRoles(
485 layoutCache, companyId, groupId, resourceName, "user-group",
486 rolesEl);
487 }
488 }
489
490 protected void importPortletRoles(
491 LayoutCache layoutCache, long companyId, long groupId,
492 Element rolesEl)
493 throws PortalException, SystemException {
494
495 Iterator<Element> itr = rolesEl.elements("portlet").iterator();
496
497 while (itr.hasNext()) {
498 Element portletEl = itr.next();
499
500 String portletId = portletEl.attributeValue("portlet-id");
501
502 String resourceName = PortletConstants.getRootPortletId(portletId);
503
504 Portlet portlet = PortletLocalServiceUtil.getPortletById(
505 companyId, resourceName);
506
507 if (portlet == null) {
508 if (_log.isDebugEnabled()) {
509 _log.debug(
510 "Do not import portlet roles for " + portletId +
511 " because the portlet does not exist");
512 }
513 }
514 else {
515 importGroupRoles(
516 layoutCache, companyId, groupId, resourceName, "community",
517 portletEl);
518
519 importUserRoles(
520 layoutCache, companyId, groupId, resourceName, portletEl);
521
522 importInheritedRoles(
523 layoutCache, companyId, groupId, resourceName,
524 "organization", portletEl);
525
526 importInheritedRoles(
527 layoutCache, companyId, groupId, resourceName, "user-group",
528 portletEl);
529 }
530 }
531 }
532
533 protected void importRolePermissions(
534 LayoutCache layoutCache, long companyId, String resourceName,
535 int scope, String resourcePrimKey, Element parentEl,
536 boolean communityRole)
537 throws PortalException, SystemException {
538
539 List<Element> roleEls = parentEl.elements("role");
540
541 for (int i = 0; i < roleEls.size(); i++) {
542 Element roleEl = roleEls.get(i);
543
544 String roleName = roleEl.attributeValue("name");
545
546 Role role = layoutCache.getRole(companyId, roleName);
547
548 if (role == null) {
549 _log.warn(
550 "Ignoring permissions for role with name " + roleName);
551 }
552 else {
553 List<String> actions = getActions(roleEl);
554
555 PermissionLocalServiceUtil.setRolePermissions(
556 role.getRoleId(), companyId, resourceName, scope,
557 resourcePrimKey,
558 actions.toArray(new String[actions.size()]));
559
560 if (communityRole) {
561 long[] groupIds = {GetterUtil.getLong(resourcePrimKey)};
562
563 GroupLocalServiceUtil.addRoleGroups(
564 role.getRoleId(), groupIds);
565 }
566 }
567 }
568 }
569
570 protected void importUserPermissions(
571 LayoutCache layoutCache, long companyId, long groupId,
572 String resourceName, String resourcePrimKey, Element parentEl,
573 boolean portletActions)
574 throws PortalException, SystemException {
575
576 Element userPermissionsEl = parentEl.element("user-permissions");
577
578 if (userPermissionsEl == null) {
579 return;
580 }
581
582 List<Element> userActionsEls = userPermissionsEl.elements(
583 "user-actions");
584
585 for (int i = 0; i < userActionsEls.size(); i++) {
586 Element userActionsEl = userActionsEls.get(i);
587
588 String uuid = userActionsEl.attributeValue("uuid");
589
590 User user = layoutCache.getUser(companyId, groupId, uuid);
591
592 if (user == null) {
593 if (_log.isWarnEnabled()) {
594 _log.warn(
595 "Ignoring permissions for user with uuid " + uuid);
596 }
597 }
598 else {
599 List<String> actions = getActions(userActionsEl);
600
601 Resource resource = layoutCache.getResource(
602 companyId, groupId, resourceName,
603 ResourceConstants.SCOPE_INDIVIDUAL, resourcePrimKey,
604 portletActions);
605
606 PermissionLocalServiceUtil.setUserPermissions(
607 user.getUserId(),
608 actions.toArray(new String[actions.size()]),
609 resource.getResourceId());
610 }
611 }
612 }
613
614 protected void importUserRoles(
615 LayoutCache layoutCache, long companyId, long groupId,
616 String resourceName, Element parentEl)
617 throws PortalException, SystemException {
618
619 Element userRolesEl = parentEl.element("user-roles");
620
621 if (userRolesEl == null) {
622 return;
623 }
624
625 List<Element> userEls = userRolesEl.elements("user");
626
627 for (int i = 0; i < userEls.size(); i++) {
628 Element userEl = userEls.get(i);
629
630 String uuid = userEl.attributeValue("uuid");
631
632 User user = layoutCache.getUser(companyId, groupId, uuid);
633
634 if (user == null) {
635 if (_log.isWarnEnabled()) {
636 _log.warn("Ignoring roles for user with uuid " + uuid);
637 }
638 }
639 else {
640 importRolePermissions(
641 layoutCache, companyId, resourceName,
642 ResourceConstants.SCOPE_GROUP, String.valueOf(groupId),
643 userEl, false);
644 }
645 }
646 }
647
648 protected void readPortletDataPermissions(PortletDataContext context)
649 throws SystemException {
650
651 try {
652 String xml = context.getZipEntryAsString(
653 context.getSourceRootPath() + "/portlet-data-permissions.xml");
654
655 if (xml == null) {
656 return;
657 }
658
659 Document doc = SAXReaderUtil.read(xml);
660
661 Element root = doc.getRootElement();
662
663 List<Element> portletDataEls = root.elements("portlet-data");
664
665 for (Element portletDataEl : portletDataEls) {
666 String resourceName = portletDataEl.attributeValue(
667 "resource-name");
668 long resourcePK = GetterUtil.getLong(
669 portletDataEl.attributeValue("resource-pk"));
670
671 List<KeyValuePair> permissions = new ArrayList<KeyValuePair>();
672
673 List<Element> permissionsEls = portletDataEl.elements(
674 "permissions");
675
676 for (Element permissionsEl : permissionsEls) {
677 String roleName = permissionsEl.attributeValue("role-name");
678 String actions = permissionsEl.attributeValue("actions");
679
680 KeyValuePair permission = new KeyValuePair(
681 roleName, actions);
682
683 permissions.add(permission);
684 }
685
686 context.addPermissions(resourceName, resourcePK, permissions);
687 }
688 }
689 catch (Exception e) {
690 throw new SystemException(e);
691 }
692 }
693
694 private static Log _log = LogFactoryUtil.getLog(PermissionImporter.class);
695
696 }