1   /**
2    * Copyright (c) 2000-2007 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.portletconfiguration.action;
24  
25  import com.liferay.portal.kernel.util.Constants;
26  import com.liferay.portal.kernel.util.ParamUtil;
27  import com.liferay.portal.kernel.util.StringUtil;
28  import com.liferay.portal.kernel.util.Validator;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.Organization;
31  import com.liferay.portal.model.Portlet;
32  import com.liferay.portal.model.Resource;
33  import com.liferay.portal.model.UserGroup;
34  import com.liferay.portal.model.impl.PortletImpl;
35  import com.liferay.portal.security.auth.PrincipalException;
36  import com.liferay.portal.service.PermissionServiceUtil;
37  import com.liferay.portal.service.PortletLocalServiceUtil;
38  import com.liferay.portal.service.ResourceLocalServiceUtil;
39  import com.liferay.portal.servlet.filters.layoutcache.LayoutCacheUtil;
40  import com.liferay.portal.struts.PortletAction;
41  import com.liferay.portal.theme.ThemeDisplay;
42  import com.liferay.portal.util.PortalUtil;
43  import com.liferay.portal.util.WebKeys;
44  import com.liferay.util.servlet.SessionErrors;
45  
46  import javax.portlet.ActionRequest;
47  import javax.portlet.ActionResponse;
48  import javax.portlet.PortletConfig;
49  import javax.portlet.RenderRequest;
50  import javax.portlet.RenderResponse;
51  
52  import javax.servlet.ServletContext;
53  
54  import org.apache.struts.action.ActionForm;
55  import org.apache.struts.action.ActionForward;
56  import org.apache.struts.action.ActionMapping;
57  
58  /**
59   * <a href="EditPermissionsAction.java.html"><b><i>View Source</i></b></a>
60   *
61   * @author Brian Wing Shun Chan
62   *
63   */
64  public class EditPermissionsAction extends PortletAction {
65  
66      public void processAction(
67              ActionMapping mapping, ActionForm form, PortletConfig config,
68              ActionRequest req, ActionResponse res)
69          throws Exception {
70  
71          String cmd = ParamUtil.getString(req, Constants.CMD);
72  
73          try {
74              if (cmd.equals("group_permissions")) {
75                  updateGroupPermissions(req);
76              }
77              else if (cmd.equals("guest_permissions")) {
78                  updateGuestPermissions(req);
79              }
80              else if (cmd.equals("organization_permissions")) {
81                  updateOrganizationPermissions(req);
82              }
83              else if (cmd.equals("user_group_permissions")) {
84                  updateUserGroupPermissions(req);
85              }
86              else if (cmd.equals("user_permissions")) {
87                  updateUserPermissions(req);
88              }
89  
90              String redirect = ParamUtil.getString(req, "permissionsRedirect");
91  
92              sendRedirect(req, res, redirect);
93          }
94          catch (Exception e) {
95              if (e instanceof PrincipalException) {
96                  SessionErrors.add(req, e.getClass().getName());
97  
98                  setForward(req, "portlet.portlet_configuration.error");
99              }
100             else {
101                 throw e;
102             }
103         }
104     }
105 
106     public ActionForward render(
107             ActionMapping mapping, ActionForm form, PortletConfig config,
108             RenderRequest req, RenderResponse res)
109         throws Exception {
110 
111         ThemeDisplay themeDisplay =
112             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
113 
114         long groupId = themeDisplay.getPortletGroupId();
115 
116         String portletResource = ParamUtil.getString(req, "portletResource");
117         String modelResource = ParamUtil.getString(req, "modelResource");
118         String resourcePrimKey = ParamUtil.getString(req, "resourcePrimKey");
119 
120         String selResource = portletResource;
121 
122         if (Validator.isNotNull(modelResource)) {
123             selResource = modelResource;
124         }
125 
126         try {
127             PermissionServiceUtil.checkPermission(
128                 groupId, selResource, resourcePrimKey);
129         }
130         catch (PrincipalException pe) {
131             SessionErrors.add(req, PrincipalException.class.getName());
132 
133             setForward(req, "portlet.portlet_configuration.error");
134         }
135 
136         Portlet portlet = PortletLocalServiceUtil.getPortletById(
137             themeDisplay.getCompanyId(), portletResource);
138 
139         ServletContext ctx =
140             (ServletContext)req.getAttribute(WebKeys.CTX);
141 
142         if (portlet != null) {
143             res.setTitle(
144                 PortalUtil.getPortletTitle(
145                     portlet, ctx, themeDisplay.getLocale()));
146         }
147 
148         return mapping.findForward(
149             getForward(req, "portlet.portlet_configuration.edit_permissions"));
150     }
151 
152     protected void updateGroupPermissions(ActionRequest req) throws Exception {
153         Layout layout = (Layout)req.getAttribute(WebKeys.LAYOUT);
154 
155         long resourceId = ParamUtil.getLong(req, "resourceId");
156         long groupId = ParamUtil.getLong(req, "groupId");
157         String[] actionIds = StringUtil.split(
158             ParamUtil.getString(req, "groupIdActionIds"));
159 
160         PermissionServiceUtil.setGroupPermissions(
161             groupId, actionIds, resourceId);
162 
163         if (!layout.isPrivateLayout()) {
164             Resource resource =
165                 ResourceLocalServiceUtil.getResource(resourceId);
166 
167             if (resource.getPrimKey().startsWith(
168                     layout.getPlid() + PortletImpl.LAYOUT_SEPARATOR)) {
169 
170                 LayoutCacheUtil.clearCache(layout.getCompanyId());
171             }
172         }
173     }
174 
175     protected void updateGuestPermissions(ActionRequest req) throws Exception {
176         ThemeDisplay themeDisplay =
177             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
178 
179         long resourceId = ParamUtil.getLong(req, "resourceId");
180         String[] actionIds = StringUtil.split(
181             ParamUtil.getString(req, "guestActionIds"));
182 
183         PermissionServiceUtil.setUserPermissions(
184             themeDisplay.getDefaultUserId(), themeDisplay.getPortletGroupId(),
185             actionIds, resourceId);
186     }
187 
188     protected void updateOrganizationPermissions(ActionRequest req)
189         throws Exception {
190 
191         Layout layout = (Layout)req.getAttribute(WebKeys.LAYOUT);
192 
193         long resourceId = ParamUtil.getLong(req, "resourceId");
194         long organizationId = ParamUtil.getLong(
195             req, "organizationIdsPosValue");
196         String[] actionIds = StringUtil.split(
197             ParamUtil.getString(req, "organizationIdActionIds"));
198         boolean organizationIntersection = ParamUtil.getBoolean(
199             req, "organizationIntersection");
200 
201         if (!organizationIntersection) {
202             PermissionServiceUtil.setGroupPermissions(
203                 Organization.class.getName(), String.valueOf(organizationId),
204                 layout.getGroupId(), actionIds, resourceId);
205         }
206         else {
207             PermissionServiceUtil.setOrgGroupPermissions(
208                 organizationId, layout.getGroupId(), actionIds, resourceId);
209         }
210     }
211 
212     protected void updateUserGroupPermissions(ActionRequest req)
213         throws Exception {
214 
215         Layout layout = (Layout)req.getAttribute(WebKeys.LAYOUT);
216 
217         long resourceId = ParamUtil.getLong(req, "resourceId");
218         long userGroupId = ParamUtil.getLong(
219             req, "userGroupIdsPosValue");
220         String[] actionIds = StringUtil.split(
221             ParamUtil.getString(req, "userGroupIdActionIds"));
222 
223         PermissionServiceUtil.setGroupPermissions(
224             UserGroup.class.getName(), String.valueOf(userGroupId),
225             layout.getGroupId(), actionIds, resourceId);
226     }
227 
228     protected void updateUserPermissions(ActionRequest req) throws Exception {
229         ThemeDisplay themeDisplay =
230             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
231 
232         long resourceId = ParamUtil.getLong(req, "resourceId");
233         long userId = ParamUtil.getLong(req, "userIdsPosValue");
234         String[] actionIds = StringUtil.split(
235             ParamUtil.getString(req, "userIdActionIds"));
236 
237         PermissionServiceUtil.setUserPermissions(
238             userId, themeDisplay.getPortletGroupId(), actionIds, resourceId);
239     }
240 
241 }