001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.NoSuchPermissionException;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.kernel.log.Log;
021    import com.liferay.portal.kernel.log.LogFactoryUtil;
022    import com.liferay.portal.kernel.search.SearchEngineUtil;
023    import com.liferay.portal.kernel.util.GetterUtil;
024    import com.liferay.portal.kernel.util.ListUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Group;
027    import com.liferay.portal.model.OrgGroupPermission;
028    import com.liferay.portal.model.Organization;
029    import com.liferay.portal.model.Permission;
030    import com.liferay.portal.model.Resource;
031    import com.liferay.portal.model.ResourceCode;
032    import com.liferay.portal.model.ResourceConstants;
033    import com.liferay.portal.model.Role;
034    import com.liferay.portal.model.User;
035    import com.liferay.portal.model.UserGroup;
036    import com.liferay.portal.security.permission.PermissionCacheUtil;
037    import com.liferay.portal.security.permission.PermissionCheckerBag;
038    import com.liferay.portal.security.permission.ResourceActionsUtil;
039    import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
040    import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
041    import com.liferay.portal.util.PropsValues;
042    import com.liferay.portal.util.comparator.PermissionComparator;
043    
044    import java.util.ArrayList;
045    import java.util.HashSet;
046    import java.util.Iterator;
047    import java.util.List;
048    import java.util.Set;
049    
050    import org.apache.commons.lang.time.StopWatch;
051    
052    /**
053     * @author Charles May
054     * @author Brian Wing Shun Chan
055     * @author Raymond Augé
056     */
057    public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
058    
059            public Permission addPermission(
060                            long companyId, String actionId, long resourceId)
061                    throws SystemException {
062    
063                    Permission permission = permissionPersistence.fetchByA_R(
064                            actionId, resourceId);
065    
066                    if (permission == null) {
067                            long permissionId = counterLocalService.increment(
068                                    Permission.class.getName());
069    
070                            permission = permissionPersistence.create(permissionId);
071    
072                            permission.setCompanyId(companyId);
073                            permission.setActionId(actionId);
074                            permission.setResourceId(resourceId);
075    
076                            permissionPersistence.update(permission, false);
077                    }
078    
079                    return permission;
080            }
081    
082            public List<Permission> addPermissions(
083                            long companyId, String name, long resourceId,
084                            boolean portletActions)
085                    throws SystemException {
086    
087                    List<String> actionIds = null;
088    
089                    if (portletActions) {
090                            actionIds = ResourceActionsUtil.getPortletResourceActions(name);
091                    }
092                    else {
093                            actionIds = ResourceActionsUtil.getModelResourceActions(name);
094                    }
095    
096                    return addPermissions(companyId, actionIds, resourceId);
097            }
098    
099            public List<Permission> addPermissions(
100                            long companyId, List<String> actionIds, long resourceId)
101                    throws SystemException {
102    
103                    List<Permission> permissions = permissionPersistence.findByResourceId(
104                            resourceId);
105    
106                    permissions = ListUtil.copy(permissions);
107    
108                    Set<String> actionIdsSet = new HashSet<String>();
109    
110                    for (Permission permission : permissions) {
111                            actionIdsSet.add(permission.getActionId());
112                    }
113    
114                    for (String actionId : actionIds) {
115                            if (actionIdsSet.contains(actionId)) {
116                                    continue;
117                            }
118    
119                            long permissionId = counterLocalService.increment(
120                                    Permission.class.getName());
121    
122                            Permission permission = permissionPersistence.create(permissionId);
123    
124                            permission.setCompanyId(companyId);
125                            permission.setActionId(actionId);
126                            permission.setResourceId(resourceId);
127    
128                            try {
129                                    permissionPersistence.update(permission, false);
130                            }
131                            catch (SystemException se) {
132                                    if (_log.isWarnEnabled()) {
133                                            _log.warn(
134                                                    "Add failed, fetch {actionId=" + actionId +
135                                                            ", resourceId=" + resourceId + "}");
136                                    }
137    
138                                    permission = permissionPersistence.fetchByA_R(
139                                            actionId, resourceId, false);
140    
141                                    if (permission == null) {
142                                            throw se;
143                                    }
144                            }
145    
146                            permissions.add(permission);
147                    }
148    
149                    return permissions;
150            }
151    
152            public void addUserPermissions(
153                            long userId, String[] actionIds, long resourceId)
154                    throws PortalException, SystemException {
155    
156                    User user = userPersistence.findByPrimaryKey(userId);
157    
158                    List<Permission> permissions = permissionFinder.findByU_R(
159                            userId, resourceId);
160    
161                    permissions = getPermissions(
162                            user.getCompanyId(), actionIds, resourceId);
163    
164                    userPersistence.addPermissions(userId, permissions);
165    
166                    PermissionCacheUtil.clearCache();
167            }
168    
169            public List<String> getActions(List<Permission> permissions) {
170                    List<String> actionIds = new ArrayList<String>();
171    
172                    Iterator<Permission> itr = permissions.iterator();
173    
174                    while (itr.hasNext()) {
175                            Permission permission = itr.next();
176    
177                            actionIds.add(permission.getActionId());
178                    }
179    
180                    return actionIds;
181            }
182    
183            public List<Permission> getGroupPermissions(long groupId, long resourceId)
184                    throws SystemException {
185    
186                    return permissionFinder.findByG_R(groupId, resourceId);
187            }
188    
189            public List<Permission> getGroupPermissions(
190                            long groupId, long companyId, String name, int scope,
191                            String primKey)
192                    throws SystemException {
193    
194                    return permissionFinder.findByG_C_N_S_P(
195                            groupId, companyId, name, scope, primKey);
196            }
197    
198            public List<Permission> getOrgGroupPermissions(
199                            long organizationId, long groupId, long resourceId)
200                    throws SystemException {
201    
202                    return permissionFinder.findByO_G_R(
203                            organizationId, groupId, resourceId);
204            }
205    
206            public long getLatestPermissionId() throws SystemException {
207                    List<Permission> permissions = permissionPersistence.findAll(
208                            0, 1, new PermissionComparator());
209    
210                    if (permissions.size() == 0) {
211                            return 0;
212                    }
213                    else {
214                            Permission permission = permissions.get(0);
215    
216                            return permission.getPermissionId();
217                    }
218            }
219    
220            public List<Permission> getPermissions(
221                            long companyId, String[] actionIds, long resourceId)
222                    throws SystemException {
223    
224                    List<Permission> permissions = new ArrayList<Permission>();
225    
226                    for (int i = 0; i < actionIds.length; i++) {
227                            Permission permission = addPermission(
228                                    companyId, actionIds[i], resourceId);
229    
230                            permissions.add(permission);
231                    }
232    
233                    return permissions;
234            }
235    
236            public List<Permission> getRolePermissions(long roleId)
237                    throws SystemException {
238    
239                    return rolePersistence.getPermissions(roleId);
240            }
241    
242            public List<Permission> getRolePermissions(long roleId, long resourceId)
243                    throws SystemException {
244    
245                    return permissionFinder.findByR_R(roleId, resourceId);
246            }
247    
248            public List<Permission> getUserPermissions(long userId, long resourceId)
249                    throws SystemException {
250    
251                    return permissionFinder.findByU_R(userId, resourceId);
252            }
253    
254            public List<Permission> getUserPermissions(
255                            long userId, long companyId, String name, int scope, String primKey)
256                    throws SystemException {
257    
258                    return permissionFinder.findByU_C_N_S_P(
259                            userId, companyId, name, scope, primKey);
260            }
261    
262            public boolean hasGroupPermission(
263                            long groupId, String actionId, long resourceId)
264                    throws SystemException {
265    
266                    Permission permission = permissionPersistence.fetchByA_R(
267                            actionId, resourceId);
268    
269                    // Return false if there is no permission based on the given action
270                    // id and resource id
271    
272                    if (permission == null) {
273                            return false;
274                    }
275    
276                    return groupPersistence.containsPermission(
277                            groupId, permission.getPermissionId());
278            }
279    
280            public boolean hasRolePermission(
281                            long roleId, long companyId, String name, int scope,
282                            String actionId)
283                    throws SystemException {
284    
285                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
286                            companyId, name, scope);
287    
288                    if (permissionFinder.countByR_A_C(
289                                    roleId, actionId, resourceCode.getCodeId()) > 0) {
290    
291                            return true;
292                    }
293                    else {
294                            return false;
295                    }
296            }
297    
298            public boolean hasRolePermission(
299                            long roleId, long companyId, String name, int scope, String primKey,
300                            String actionId)
301                    throws SystemException {
302    
303                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
304                            companyId, name, scope);
305    
306                    Resource resource = resourcePersistence.fetchByC_P(
307                            resourceCode.getCodeId(), primKey);
308    
309                    if (resource == null) {
310                            return false;
311                    }
312    
313                    Permission permission = permissionPersistence.fetchByA_R(
314                            actionId, resource.getResourceId());
315    
316                    if (permission == null) {
317                            return false;
318                    }
319    
320                    return rolePersistence.containsPermission(
321                            roleId, permission.getPermissionId());
322            }
323    
324            public boolean hasUserPermission(
325                            long userId, String actionId, long resourceId)
326                    throws SystemException {
327    
328                    Permission permission = permissionPersistence.fetchByA_R(
329                            actionId, resourceId);
330    
331                    // Return false if there is no permission based on the given action
332                    // id and resource id
333    
334                    if (permission == null) {
335                            return false;
336                    }
337    
338                    return userPersistence.containsPermission(
339                            userId, permission.getPermissionId());
340            }
341    
342            public boolean hasUserPermissions(
343                            long userId, long groupId, List<Resource> resources,
344                            String actionId, PermissionCheckerBag permissionCheckerBag)
345                    throws PortalException, SystemException {
346    
347                    StopWatch stopWatch = null;
348    
349                    if (_log.isDebugEnabled()) {
350                            stopWatch = new StopWatch();
351    
352                            stopWatch.start();
353                    }
354    
355                    int block = 1;
356    
357                    // Return false if there are no resources
358    
359                    if (Validator.isNull(actionId) || resources.isEmpty()) {
360                            return false;
361                    }
362    
363                    long[] resourceIds = null;
364    
365                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
366                            resourceIds = new long[resources.size()];
367    
368                            for (int i = 0; i < resources.size(); i++) {
369                                    Resource resource = resources.get(i);
370    
371                                    resourceIds[i] = resource.getResourceId();
372                            }
373                    }
374    
375                    List<Permission> permissions = null;
376    
377                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
378                            permissions = permissionFinder.findByA_R(actionId, resourceIds);
379    
380                            // Return false if there are no permissions
381    
382                            if (permissions.size() == 0) {
383                                    return false;
384                            }
385                    }
386    
387                    // Record logs with the first resource id
388    
389                    long resourceId = 0;
390    
391                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
392                            resourceId = resourceIds[0];
393                    }
394                    else {
395                            resourceId = resources.get(0).getResourceId();
396                    }
397    
398                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
399    
400                    //List<Group> userGroups = permissionCheckerBag.getUserGroups();
401                    //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
402                    //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
403                    //List<Group> userUserGroupGroups =
404                    //        permissionCheckerBag.getUserUserGroupGroups();
405                    List<Group> groups = permissionCheckerBag.getGroups();
406                    List<Role> roles = permissionCheckerBag.getRoles();
407    
408                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
409    
410                    // Check the organization and community intersection table. Break out of
411                    // this method if the user has one of the permissions set at the
412                    // intersection because that takes priority.
413    
414                    //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
415                    //        return true;
416                    //}
417    
418                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
419    
420                    if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
421                            return hasUserPermissions_1(
422                                    userId, resourceId, actionId, permissions, groups, groupId,
423                                    stopWatch, block);
424                    }
425                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
426                            return hasUserPermissions_2(
427                                    userId, resourceId, actionId, permissions, groups, groupId,
428                                    stopWatch, block);
429                    }
430                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
431                            return hasUserPermissions_3(
432                                    userId, resourceId, actionId, permissions, groups, roles,
433                                    stopWatch, block);
434                    }
435                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
436                            return hasUserPermissions_4(
437                                    userId, resourceId, actionId, permissions, groups, roles,
438                                    stopWatch, block);
439                    }
440                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
441                            return hasUserPermissions_5(
442                                    userId, resourceId, actionId, permissions, roles, stopWatch,
443                                    block);
444                    }
445                    else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
446                            return hasUserPermissions_6(
447                                    userId, resourceId, resources, actionId, roles, stopWatch,
448                                    block);
449                    }
450    
451                    return false;
452            }
453    
454            public void setGroupPermissions(
455                            long groupId, String[] actionIds, long resourceId)
456                    throws PortalException, SystemException {
457    
458                    Group group = groupPersistence.findByPrimaryKey(groupId);
459    
460                    List<Permission> permissions = permissionFinder.findByG_R(
461                            groupId, resourceId);
462    
463                    for (Permission permission : permissions) {
464                            groupPersistence.removePermission(groupId, permission);
465                    }
466    
467                    permissions = getPermissions(
468                            group.getCompanyId(), actionIds, resourceId);
469    
470                    groupPersistence.addPermissions(groupId, permissions);
471    
472                    PermissionCacheUtil.clearCache();
473            }
474    
475            public void setGroupPermissions(
476                            String className, String classPK, long groupId,
477                            String[] actionIds, long resourceId)
478                    throws PortalException, SystemException {
479    
480                    long associatedGroupId = 0;
481    
482                    if (className.equals(Organization.class.getName())) {
483                            long organizationId = GetterUtil.getLong(classPK);
484    
485                            Organization organization =
486                                    organizationPersistence.findByPrimaryKey(organizationId);
487    
488                            orgGroupPermissionFinder.removeByO_G_R(
489                                    organizationId, groupId, resourceId);
490    
491                            associatedGroupId = organization.getGroup().getGroupId();
492                    }
493                    else if (className.equals(UserGroup.class.getName())) {
494                            long userGroupId = GetterUtil.getLong(classPK);
495    
496                            UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
497                                    userGroupId);
498    
499                            associatedGroupId = userGroup.getGroup().getGroupId();
500                    }
501    
502                    setGroupPermissions(associatedGroupId, actionIds, resourceId);
503            }
504    
505            public void setOrgGroupPermissions(
506                            long organizationId, long groupId, String[] actionIds,
507                            long resourceId)
508                    throws PortalException, SystemException {
509    
510                    Organization organization =
511                            organizationPersistence.findByPrimaryKey(organizationId);
512    
513                    long orgGroupId = organization.getGroup().getGroupId();
514    
515                    List<Permission> permissions = permissionPersistence.findByResourceId(
516                            resourceId);
517    
518                    for (Permission permission : permissions) {
519                            groupPersistence.removePermission(orgGroupId, permission);
520                    }
521    
522                    permissions = getPermissions(
523                            organization.getCompanyId(), actionIds, resourceId);
524    
525                    orgGroupPermissionFinder.removeByO_G_R(
526                            organizationId, groupId, resourceId);
527    
528                    for (Permission permission : permissions) {
529                            OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
530                                    organizationId, groupId, permission.getPermissionId());
531    
532                            OrgGroupPermission orgGroupPermission =
533                                    orgGroupPermissionPersistence.create(pk);
534    
535                            orgGroupPermissionPersistence.update(orgGroupPermission, false);
536                    }
537    
538                    PermissionCacheUtil.clearCache();
539            }
540    
541            public void setRolePermission(
542                            long roleId, long companyId, String name, int scope, String primKey,
543                            String actionId)
544                    throws PortalException, SystemException {
545    
546                    if (scope == ResourceConstants.SCOPE_COMPANY) {
547    
548                            // Remove group permission
549    
550                            unsetRolePermissions(
551                                    roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
552                                    actionId);
553                    }
554                    else if (scope == ResourceConstants.SCOPE_GROUP) {
555    
556                            // Remove company permission
557    
558                            unsetRolePermissions(
559                                    roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
560                                    actionId);
561                    }
562                    else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
563                            throw new NoSuchPermissionException();
564                    }
565    
566                    Resource resource = resourceLocalService.addResource(
567                            companyId, name, scope, primKey);
568    
569                    long resourceId = resource.getResourceId();
570    
571                    Permission permission = permissionPersistence.fetchByA_R(
572                            actionId, resourceId);
573    
574                    if (permission == null) {
575                            long permissionId = counterLocalService.increment(
576                                    Permission.class.getName());
577    
578                            permission = permissionPersistence.create(permissionId);
579    
580                            permission.setCompanyId(companyId);
581                            permission.setActionId(actionId);
582                            permission.setResourceId(resourceId);
583    
584                            permissionPersistence.update(permission, false);
585                    }
586    
587                    rolePersistence.addPermission(roleId, permission);
588    
589                    PermissionCacheUtil.clearCache();
590    
591                    SearchEngineUtil.updatePermissionFields(resourceId);
592            }
593    
594            public void setRolePermissions(
595                            long roleId, long companyId, String name, int scope, String primKey,
596                            String[] actionIds)
597                    throws PortalException, SystemException {
598    
599                    for (int i = 0; i < actionIds.length; i++) {
600                            String actionId = actionIds[i];
601    
602                            setRolePermission(
603                                    roleId, companyId, name, scope, primKey, actionId);
604                    }
605            }
606    
607            public void setRolePermissions(
608                            long roleId, String[] actionIds, long resourceId)
609                    throws PortalException, SystemException {
610    
611                    Role role = rolePersistence.findByPrimaryKey(roleId);
612    
613                    List<Permission> permissions = permissionFinder.findByR_R(
614                            roleId, resourceId);
615    
616                    rolePersistence.removePermissions(roleId, permissions);
617    
618                    permissions = getPermissions(
619                            role.getCompanyId(), actionIds, resourceId);
620    
621                    rolePersistence.addPermissions(roleId, permissions);
622    
623                    PermissionCacheUtil.clearCache();
624    
625                    SearchEngineUtil.updatePermissionFields(resourceId);
626            }
627    
628            public void setUserPermissions(
629                            long userId, String[] actionIds, long resourceId)
630                    throws PortalException, SystemException {
631    
632                    User user = userPersistence.findByPrimaryKey(userId);
633    
634                    List<Permission> permissions = permissionFinder.findByU_R(
635                            userId, resourceId);
636    
637                    userPersistence.removePermissions(userId, permissions);
638    
639                    permissions = getPermissions(
640                            user.getCompanyId(), actionIds, resourceId);
641    
642                    userPersistence.addPermissions(userId, permissions);
643    
644                    PermissionCacheUtil.clearCache();
645            }
646    
647            public void unsetRolePermission(long roleId, long permissionId)
648                    throws SystemException {
649    
650                    Permission permission = permissionPersistence.fetchByPrimaryKey(
651                            permissionId);
652    
653                    if (permission != null) {
654                            rolePersistence.removePermission(roleId, permission);
655                    }
656    
657                    PermissionCacheUtil.clearCache();
658            }
659    
660            public void unsetRolePermission(
661                            long roleId, long companyId, String name, int scope, String primKey,
662                            String actionId)
663                    throws SystemException {
664    
665                    ResourceCode resourceCode =
666                            resourceCodeLocalService.getResourceCode(
667                                    companyId, name, scope);
668    
669                    Resource resource = resourcePersistence.fetchByC_P(
670                            resourceCode.getCodeId(), primKey);
671    
672                    if (resource != null) {
673                            Permission permission = permissionPersistence.fetchByA_R(
674                                    actionId, resource.getResourceId());
675    
676                            if (permission != null) {
677                                    rolePersistence.removePermission(roleId, permission);
678                            }
679                    }
680    
681                    PermissionCacheUtil.clearCache();
682            }
683    
684            public void unsetRolePermissions(
685                            long roleId, long companyId, String name, int scope,
686                            String actionId)
687                    throws SystemException {
688    
689                    ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
690                            companyId, name, scope);
691    
692                    List<Permission> permissions = permissionFinder.findByA_C(
693                            actionId, resourceCode.getCodeId());
694    
695                    for (Permission permission : permissions) {
696                            rolePersistence.removePermission(roleId, permission);
697                    }
698    
699                    PermissionCacheUtil.clearCache();
700            }
701    
702            public void unsetUserPermissions(
703                            long userId, String[] actionIds, long resourceId)
704                    throws SystemException {
705    
706                    List<Permission> permissions = permissionFinder.findByU_A_R(
707                            userId, actionIds, resourceId);
708    
709                    userPersistence.removePermissions(userId, permissions);
710    
711                    PermissionCacheUtil.clearCache();
712            }
713    
714            protected boolean checkOrgGroupPermission(
715                            List<Organization> organizations, List<Group> groups,
716                            List<Permission> permissions)
717                    throws PortalException, SystemException {
718    
719                    for (Permission permission : permissions) {
720                            if (checkOrgGroupPermission(organizations, groups, permission)) {
721                                    return true;
722                            }
723                    }
724    
725                    return false;
726            }
727    
728            protected boolean checkOrgGroupPermission(
729                            List<Organization> organizations, List<Group> groups,
730                            Permission permission)
731                    throws PortalException, SystemException {
732    
733                    // Do not check for an OrgGroupPermission intersection unless there is
734                    // at least one organization and one group to check
735    
736                    if ((organizations.size() == 0) || (groups.size() == 0)) {
737                            return false;
738                    }
739    
740                    // Do not check unless the OrgGroupPermission intersection contains at
741                    // least one permission
742    
743                    List<OrgGroupPermission> orgGroupPermissions =
744                            orgGroupPermissionPersistence.findByPermissionId(
745                                    permission.getPermissionId());
746    
747                    if (orgGroupPermissions.size() == 0) {
748                            return false;
749                    }
750    
751                    for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
752                            if (orgGroupPermission.containsOrganization(organizations) &&
753                                    orgGroupPermission.containsGroup(groups)) {
754    
755                                    return true;
756                            }
757                    }
758    
759                    // Throw an exception so that we do not continue checking permissions.
760                    // The user has a specific permission given in the OrgGroupPermission
761                    // intersection that prohibits him from going further.
762    
763                    throw new NoSuchPermissionException(
764                            "User has a permission in OrgGroupPermission that does not match");
765            }
766    
767            protected boolean hasUserPermissions_1(
768                            long userId, long resourceId, String actionId,
769                            List<Permission> permissions, List<Group> groups, long groupId,
770                            StopWatch stopWatch, int block)
771                    throws SystemException {
772    
773                    // Is the user connected to one of the permissions via group or
774                    // organization roles?
775    
776                    if (groups.size() > 0) {
777                            if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
778                                    return true;
779                            }
780                    }
781    
782                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
783    
784                    // Is the user associated with groups or organizations that are directly
785                    // connected to one of the permissions?
786    
787                    if (groups.size() > 0) {
788                            if (permissionFinder.countByGroupsPermissions(
789                                            permissions, groups) > 0) {
790    
791                                    return true;
792                            }
793                    }
794    
795                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
796    
797                    // Is the user connected to one of the permissions via user roles?
798    
799                    if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
800                            return true;
801                    }
802    
803                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
804    
805                    // Is the user connected to one of the permissions via user group roles?
806    
807                    if (permissionFinder.countByUserGroupRole(
808                                    permissions, userId, groupId) > 0) {
809    
810                            return true;
811                    }
812    
813                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
814    
815                    // Is the user directly connected to one of the permissions?
816    
817                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
818                            return true;
819                    }
820    
821                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
822    
823                    return false;
824            }
825    
826            protected boolean hasUserPermissions_2(
827                            long userId, long resourceId, String actionId,
828                            List<Permission> permissions, List<Group> groups, long groupId,
829                            StopWatch stopWatch, int block)
830                    throws SystemException {
831    
832                    // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
833                    // countByUserGroupRole, and countByUsersPermissions in one method
834    
835                    if (permissionFinder.containsPermissions_2(
836                                    permissions, userId, groups, groupId)) {
837    
838                            return true;
839                    }
840    
841                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
842    
843                    return false;
844            }
845    
846            protected boolean hasUserPermissions_3(
847                            long userId, long resourceId, String actionId,
848                            List<Permission> permissions, List<Group> groups, List<Role> roles,
849                            StopWatch stopWatch, int block)
850                    throws SystemException {
851    
852                    // Is the user associated with groups or organizations that are directly
853                    // connected to one of the permissions?
854    
855                    if (groups.size() > 0) {
856                            if (permissionFinder.countByGroupsPermissions(
857                                            permissions, groups) > 0) {
858    
859                                    return true;
860                            }
861                    }
862    
863                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
864    
865                    // Is the user associated with a role that is directly connected to one
866                    // of the permissions?
867    
868                    if (roles.size() > 0) {
869                            if (permissionFinder.countByRolesPermissions(
870                                            permissions, roles) > 0) {
871    
872                                    return true;
873                            }
874                    }
875    
876                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
877    
878                    // Is the user directly connected to one of the permissions?
879    
880                    if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
881                            return true;
882                    }
883    
884                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
885    
886                    return false;
887            }
888    
889            protected boolean hasUserPermissions_4(
890                            long userId, long resourceId, String actionId,
891                            List<Permission> permissions, List<Group> groups, List<Role> roles,
892                            StopWatch stopWatch, int block)
893                    throws SystemException {
894    
895                    // Call countByGroupsPermissions, countByRolesPermissions, and
896                    // countByUsersPermissions in one method
897    
898                    if (permissionFinder.containsPermissions_4(
899                                    permissions, userId, groups, roles)) {
900    
901                            return true;
902                    }
903    
904                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
905    
906                    return false;
907            }
908    
909            protected boolean hasUserPermissions_5(
910                            long userId, long resourceId, String actionId,
911                            List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
912                            int block)
913                    throws SystemException {
914    
915                    if (roles.size() > 0) {
916                            if (permissionFinder.countByRolesPermissions(
917                                            permissions, roles) > 0) {
918    
919                                    return true;
920                            }
921                    }
922    
923                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
924    
925                    return false;
926            }
927    
928            protected boolean hasUserPermissions_6(
929                            long userId, long resourceId, List<Resource> resources,
930                            String actionId, List<Role> roles, StopWatch stopWatch,
931                            int block)
932                    throws PortalException, SystemException {
933    
934                    // Iterate the list of resources in reverse order to test permissions
935                    // from company scope to individual scope because it is more likely that
936                    // a permission is assigned at a higher scope. Optimizing this method
937                    // to one SQL call may actually slow things down since most of the calls
938                    // will pull from the cache after the first request.
939    
940                    for (int i = resources.size() - 1; i >= 0; i--) {
941                            Resource resource = resources.get(i);
942    
943                            for (Role role : roles) {
944                                    if (resourcePermissionLocalService.hasResourcePermission(
945                                                    resource.getCompanyId(), resource.getName(),
946                                                    resource.getScope(), resource.getPrimKey(),
947                                                    role.getRoleId(), actionId)) {
948    
949                                            return true;
950                                    }
951                            }
952                    }
953    
954                    logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
955    
956                    return false;
957            }
958    
959            protected void logHasUserPermissions(
960                    long userId, long resourceId, String actionId, StopWatch stopWatch,
961                    int block) {
962    
963                    if (!_log.isDebugEnabled()) {
964                            return;
965                    }
966    
967                    _log.debug(
968                            "Checking user permissions block " + block + " for " + userId +
969                                    " " + resourceId + " " + actionId + " takes " +
970                                            stopWatch.getTime() + " ms");
971            }
972    
973            private static Log _log = LogFactoryUtil.getLog(
974                    PermissionLocalServiceImpl.class);
975    
976    }