1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.counter.service.CounterLocalServiceUtil;
26 import com.liferay.portal.NoSuchPermissionException;
27 import com.liferay.portal.NoSuchResourceException;
28 import com.liferay.portal.PortalException;
29 import com.liferay.portal.SystemException;
30 import com.liferay.portal.kernel.security.permission.PermissionCheckerBag;
31 import com.liferay.portal.kernel.util.GetterUtil;
32 import com.liferay.portal.kernel.util.Validator;
33 import com.liferay.portal.model.Group;
34 import com.liferay.portal.model.OrgGroupPermission;
35 import com.liferay.portal.model.Organization;
36 import com.liferay.portal.model.Permission;
37 import com.liferay.portal.model.Resource;
38 import com.liferay.portal.model.ResourceCode;
39 import com.liferay.portal.model.User;
40 import com.liferay.portal.model.UserGroup;
41 import com.liferay.portal.model.impl.ResourceImpl;
42 import com.liferay.portal.security.permission.PermissionCacheUtil;
43 import com.liferay.portal.security.permission.PermissionCheckerImpl;
44 import com.liferay.portal.security.permission.ResourceActionsUtil;
45 import com.liferay.portal.service.ResourceCodeLocalServiceUtil;
46 import com.liferay.portal.service.ResourceLocalServiceUtil;
47 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
48 import com.liferay.portal.service.persistence.GroupUtil;
49 import com.liferay.portal.service.persistence.OrgGroupPermissionFinder;
50 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
51 import com.liferay.portal.service.persistence.OrgGroupPermissionUtil;
52 import com.liferay.portal.service.persistence.OrganizationUtil;
53 import com.liferay.portal.service.persistence.PermissionFinder;
54 import com.liferay.portal.service.persistence.PermissionUtil;
55 import com.liferay.portal.service.persistence.ResourceUtil;
56 import com.liferay.portal.service.persistence.RoleUtil;
57 import com.liferay.portal.service.persistence.UserGroupUtil;
58 import com.liferay.portal.service.persistence.UserUtil;
59 import com.liferay.portal.util.comparator.PermissionComparator;
60
61 import java.util.ArrayList;
62 import java.util.Iterator;
63 import java.util.List;
64
65 import org.apache.commons.lang.time.StopWatch;
66 import org.apache.commons.logging.Log;
67 import org.apache.commons.logging.LogFactory;
68
69
76 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
77
78 public Permission addPermission(
79 long companyId, String actionId, long resourceId)
80 throws PortalException, SystemException {
81
82 Permission permission = PermissionUtil.fetchByA_R(actionId, resourceId);
83
84 if (permission == null) {
85 long permissionId = CounterLocalServiceUtil.increment(
86 Permission.class.getName());
87
88 permission = PermissionUtil.create(permissionId);
89
90 permission.setCompanyId(companyId);
91 permission.setActionId(actionId);
92 permission.setResourceId(resourceId);
93
94 PermissionUtil.update(permission);
95 }
96
97 return permission;
98 }
99
100 public List addPermissions(
101 long companyId, String name, long resourceId,
102 boolean portletActions)
103 throws PortalException, SystemException {
104
105 List permissions = new ArrayList();
106
107 List actions = null;
108
109 if (portletActions) {
110 actions =
111 ResourceActionsUtil.getPortletResourceActions(companyId, name);
112 }
113 else {
114 actions = ResourceActionsUtil.getModelResourceActions(name);
115 }
116
117 for (int i = 0; i < actions.size(); i++) {
118 String actionId = (String)actions.get(i);
119
120 Permission permission =
121 addPermission(companyId, actionId, resourceId);
122
123 permissions.add(permission);
124 }
125
126 return permissions;
127 }
128
129 public void addUserPermissions(
130 long userId, String[] actionIds, long resourceId)
131 throws PortalException, SystemException {
132
133 User user = UserUtil.findByPrimaryKey(userId);
134
135 List permissions = PermissionFinder.findByU_R(userId, resourceId);
136
137 permissions = getPermissions(
138 user.getCompanyId(), actionIds, resourceId);
139
140 UserUtil.addPermissions(userId, permissions);
141
142 PermissionCacheUtil.clearCache();
143 }
144
145 public List getActions(List permissions) throws SystemException {
146 List actions = new ArrayList();
147
148 Iterator itr = permissions.iterator();
149
150 while (itr.hasNext()) {
151 Permission permission = (Permission)itr.next();
152
153 actions.add(permission.getActionId());
154 }
155
156 return actions;
157 }
158
159 public List getGroupPermissions(long groupId, long resourceId)
160 throws SystemException {
161
162 return PermissionFinder.findByG_R(groupId, resourceId);
163 }
164
165 public List getGroupPermissions(
166 long groupId, long companyId, String name, int scope,
167 String primKey)
168 throws SystemException {
169
170 return PermissionFinder.findByG_C_N_S_P(
171 groupId, companyId, name, scope, primKey);
172 }
173
174 public List getOrgGroupPermissions(
175 long organizationId, long groupId, long resourceId)
176 throws SystemException {
177
178 return PermissionFinder.findByO_G_R(
179 organizationId, groupId, resourceId);
180 }
181
182 public long getLatestPermissionId()
183 throws PortalException, SystemException {
184
185 List list = PermissionUtil.findAll(0, 1, new PermissionComparator());
186
187 if (list.size() == 0) {
188 return 0;
189 }
190 else {
191 Permission permission = (Permission)list.get(0);
192
193 return permission.getPermissionId();
194 }
195 }
196
197 public List getPermissions(
198 long companyId, String[] actionIds, long resourceId)
199 throws PortalException, SystemException {
200
201 List permissions = new ArrayList();
202
203 for (int i = 0; i < actionIds.length; i++) {
204 Permission permission =
205 addPermission(companyId, actionIds[i], resourceId);
206
207 permissions.add(permission);
208 }
209
210 return permissions;
211 }
212
213 public List getRolePermissions(long roleId)
214 throws PortalException, SystemException {
215
216 return RoleUtil.getPermissions(roleId);
217 }
218
219 public List getUserPermissions(long userId, long resourceId)
220 throws SystemException {
221
222 return PermissionFinder.findByU_R(userId, resourceId);
223 }
224
225 public List getUserPermissions(
226 long userId, long companyId, String name, int scope, String primKey)
227 throws SystemException {
228
229 return PermissionFinder.findByU_C_N_S_P(
230 userId, companyId, name, scope, primKey);
231 }
232
233 public boolean hasGroupPermission(
234 long groupId, String actionId, long resourceId)
235 throws PortalException, SystemException {
236
237 Permission permission = null;
238
239 try {
240 permission = PermissionUtil.findByA_R(actionId, resourceId);
241 }
242 catch (NoSuchPermissionException nspe) {
243
244
247 return false;
248 }
249
250 return GroupUtil.containsPermission(
251 groupId, permission.getPermissionId());
252 }
253
254 public boolean hasRolePermission(
255 long roleId, long companyId, String name, int scope,
256 String actionId)
257 throws PortalException, SystemException {
258
259 ResourceCode resourceCode =
260 ResourceCodeLocalServiceUtil.getResourceCode(
261 companyId, name, scope);
262
263 Iterator itr = ResourceUtil.findByCodeId(
264 resourceCode.getCodeId()).iterator();
265
266 while (itr.hasNext()) {
267 Resource resource = (Resource)itr.next();
268
269 try {
270 Permission permission = PermissionUtil.findByA_R(
271 actionId, resource.getResourceId());
272
273 if (RoleUtil.containsPermission(
274 roleId, permission.getPermissionId())) {
275
276 return true;
277 }
278 }
279 catch (NoSuchPermissionException nspe) {
280 }
281 }
282
283 return false;
284 }
285
286 public boolean hasRolePermission(
287 long roleId, long companyId, String name, int scope, String primKey,
288 String actionId)
289 throws PortalException, SystemException {
290
291 try {
292 ResourceCode resourceCode =
293 ResourceCodeLocalServiceUtil.getResourceCode(
294 companyId, name, scope);
295
296 Resource resource = ResourceUtil.findByC_P(
297 resourceCode.getCodeId(), primKey);
298
299 Permission permission = PermissionUtil.findByA_R(
300 actionId, resource.getResourceId());
301
302 return RoleUtil.containsPermission(
303 roleId, permission.getPermissionId());
304 }
305 catch (NoSuchPermissionException nspe) {
306 }
307 catch (NoSuchResourceException nsre) {
308 }
309
310 return false;
311 }
312
313 public boolean hasUserPermission(
314 long userId, String actionId, long resourceId)
315 throws PortalException, SystemException {
316
317 Permission permission = null;
318
319 try {
320 permission = PermissionUtil.findByA_R(actionId, resourceId);
321 }
322 catch (NoSuchPermissionException nspe) {
323
324
327 return false;
328 }
329
330 return UserUtil.containsPermission(
331 userId, permission.getPermissionId());
332 }
333
334 public boolean hasUserPermissions(
335 long userId, long groupId, String actionId, long[] resourceIds,
336 PermissionCheckerBag permissionCheckerBag)
337 throws PortalException, SystemException {
338
339 StopWatch stopWatch = null;
340
341 if (_log.isDebugEnabled()) {
342 stopWatch = new StopWatch();
343
344 stopWatch.start();
345 }
346
347 int block = 1;
348
349
351 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
352 (resourceIds.length == 0)) {
353
354 return false;
355 }
356
357 List permissions = PermissionFinder.findByA_R(actionId, resourceIds);
358
359
361 if (permissions.size() == 0) {
362 return false;
363 }
364
365
367 long resourceId = resourceIds[0];
368
369 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
370
371 List userGroups = permissionCheckerBag.getUserGroups();
372 List userOrgs = permissionCheckerBag.getUserOrgs();
373 List groups = permissionCheckerBag.getGroups();
377 List roles = permissionCheckerBag.getRoles();
378
379 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
380
381
385 if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
386 return true;
387 }
388
389 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
390
391 if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 1) {
392 return hasUserPermissions_1(
393 userId, actionId, resourceId, permissions, groups, groupId,
394 stopWatch, block);
395 }
396 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 2) {
397 return hasUserPermissions_2(
398 userId, actionId, resourceId, permissions, groups, groupId,
399 stopWatch, block);
400 }
401 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 3) {
402 return hasUserPermissions_3(
403 userId, actionId, resourceId, permissions, groups, roles,
404 stopWatch, block);
405 }
406 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 4) {
407 return hasUserPermissions_4(
408 userId, actionId, resourceId, permissions, groups, roles,
409 stopWatch, block);
410 }
411
412 return false;
413 }
414
415 public void setGroupPermissions(
416 long groupId, String[] actionIds, long resourceId)
417 throws PortalException, SystemException {
418
419 Group group = GroupUtil.findByPrimaryKey(groupId);
420
421 Iterator itr = PermissionFinder.findByG_R(
422 groupId, resourceId).iterator();
423
424 while (itr.hasNext()) {
425 Permission permission = (Permission)itr.next();
426
427 GroupUtil.removePermission(groupId, permission);
428 }
429
430 List permissions = getPermissions(
431 group.getCompanyId(), actionIds, resourceId);
432
433 GroupUtil.addPermissions(groupId, permissions);
434
435 PermissionCacheUtil.clearCache();
436 }
437
438 public void setGroupPermissions(
439 String className, String classPK, long groupId,
440 String[] actionIds, long resourceId)
441 throws PortalException, SystemException {
442
443 long associatedGroupId = 0;
444
445 if (className.equals(Organization.class.getName())) {
446 long organizationId = GetterUtil.getLong(classPK);
447
448 Organization organization =
449 OrganizationUtil.findByPrimaryKey(organizationId);
450
451 OrgGroupPermissionFinder.removeByO_G_R(
452 organizationId, groupId, resourceId);
453
454 associatedGroupId = organization.getGroup().getGroupId();
455 }
456 else if (className.equals(UserGroup.class.getName())) {
457 long userGroupId = GetterUtil.getLong(classPK);
458
459 UserGroup userGroup = UserGroupUtil.findByPrimaryKey(userGroupId);
460
461 associatedGroupId = userGroup.getGroup().getGroupId();
462 }
463
464 setGroupPermissions(associatedGroupId, actionIds, resourceId);
465 }
466
467 public void setOrgGroupPermissions(
468 long organizationId, long groupId, String[] actionIds,
469 long resourceId)
470 throws PortalException, SystemException {
471
472 Organization organization =
473 OrganizationUtil.findByPrimaryKey(organizationId);
474
475 long orgGroupId = organization.getGroup().getGroupId();
476
477 Iterator itr = PermissionUtil.findByResourceId(resourceId).iterator();
478
479 while (itr.hasNext()) {
480 Permission permission = (Permission)itr.next();
481
482 GroupUtil.removePermission(orgGroupId, permission);
483 }
484
485 itr = getPermissions(
486 organization.getCompanyId(), actionIds, resourceId).iterator();
487
488 OrgGroupPermissionFinder.removeByO_G_R(
489 organizationId, groupId, resourceId);
490
491 while (itr.hasNext()) {
492 Permission permission = (Permission)itr.next();
493
494 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
495 organizationId, groupId, permission.getPermissionId());
496
497 OrgGroupPermission orgGroupPermission =
498 OrgGroupPermissionUtil.create(pk);
499
500 OrgGroupPermissionUtil.update(orgGroupPermission);
501 }
502
503 PermissionCacheUtil.clearCache();
504 }
505
506 public void setRolePermission(
507 long roleId, long companyId, String name, int scope, String primKey,
508 String actionId)
509 throws PortalException, SystemException {
510
511 if (scope == ResourceImpl.SCOPE_COMPANY) {
512
513
515 unsetRolePermissions(
516 roleId, companyId, name, ResourceImpl.SCOPE_GROUP, actionId);
517 }
518 else if (scope == ResourceImpl.SCOPE_GROUP) {
519
520
522 unsetRolePermissions(
523 roleId, companyId, name, ResourceImpl.SCOPE_COMPANY, actionId);
524 }
525 else if (scope == ResourceImpl.SCOPE_INDIVIDUAL) {
526 throw new NoSuchPermissionException();
527 }
528
529 Resource resource = ResourceLocalServiceUtil.addResource(
530 companyId, name, scope, primKey);
531
532 Permission permission = null;
533
534 try {
535 permission = PermissionUtil.findByA_R(
536 actionId, resource.getResourceId());
537 }
538 catch (NoSuchPermissionException nspe) {
539 long permissionId = CounterLocalServiceUtil.increment(
540 Permission.class.getName());
541
542 permission = PermissionUtil.create(permissionId);
543
544 permission.setCompanyId(companyId);
545 permission.setActionId(actionId);
546 permission.setResourceId(resource.getResourceId());
547
548 PermissionUtil.update(permission);
549 }
550
551 RoleUtil.addPermission(roleId, permission);
552
553 PermissionCacheUtil.clearCache();
554 }
555
556 public void setRolePermissions(
557 long roleId, long companyId, String name, int scope, String primKey,
558 String[] actionIds)
559 throws PortalException, SystemException {
560
561 for (int i = 0; i < actionIds.length; i++) {
562 String actionId = actionIds[i];
563
564 setRolePermission(
565 roleId, companyId, name, scope, primKey, actionId);
566 }
567 }
568
569 public void setUserPermissions(
570 long userId, String[] actionIds, long resourceId)
571 throws PortalException, SystemException {
572
573 User user = UserUtil.findByPrimaryKey(userId);
574
575 List permissions = PermissionFinder.findByU_R(userId, resourceId);
576
577 UserUtil.removePermissions(userId, permissions);
578
579 permissions = getPermissions(
580 user.getCompanyId(), actionIds, resourceId);
581
582 UserUtil.addPermissions(userId, permissions);
583
584 PermissionCacheUtil.clearCache();
585 }
586
587 public void unsetRolePermission(long roleId, long permissionId)
588 throws SystemException, PortalException {
589
590 try {
591 Permission permission =
592 PermissionUtil.findByPrimaryKey(permissionId);
593
594 RoleUtil.removePermission(roleId, permission);
595 }
596 catch (NoSuchPermissionException nspe) {
597 }
598
599 PermissionCacheUtil.clearCache();
600 }
601
602 public void unsetRolePermission(
603 long roleId, long companyId, String name, int scope, String primKey,
604 String actionId)
605 throws PortalException, SystemException {
606
607 try {
608 ResourceCode resourceCode =
609 ResourceCodeLocalServiceUtil.getResourceCode(
610 companyId, name, scope);
611
612 Resource resource = ResourceUtil.findByC_P(
613 resourceCode.getCodeId(), primKey);
614
615 Permission permission = PermissionUtil.findByA_R(
616 actionId, resource.getResourceId());
617
618 RoleUtil.removePermission(roleId, permission);
619 }
620 catch (NoSuchPermissionException nspe) {
621 }
622 catch (NoSuchResourceException nsre) {
623 }
624
625 PermissionCacheUtil.clearCache();
626 }
627
628 public void unsetRolePermissions(
629 long roleId, long companyId, String name, int scope,
630 String actionId)
631 throws PortalException, SystemException {
632
633 ResourceCode resourceCode =
634 ResourceCodeLocalServiceUtil.getResourceCode(
635 companyId, name, scope);
636
637 Iterator itr = ResourceUtil.findByCodeId(
638 resourceCode.getCodeId()).iterator();
639
640 while (itr.hasNext()) {
641 Resource resource = (Resource)itr.next();
642
643 try {
644 Permission permission = PermissionUtil.findByA_R(
645 actionId, resource.getResourceId());
646
647 RoleUtil.removePermission(roleId, permission);
648 }
649 catch (NoSuchPermissionException nspe) {
650 }
651 }
652
653 PermissionCacheUtil.clearCache();
654 }
655
656 public void unsetUserPermissions(
657 long userId, String[] actionIds, long resourceId)
658 throws PortalException, SystemException {
659
660 List permissions = PermissionFinder.findByU_A_R(
661 userId, actionIds, resourceId);
662
663 UserUtil.removePermissions(userId, permissions);
664
665 PermissionCacheUtil.clearCache();
666 }
667
668 protected boolean checkOrgGroupPermission(
669 List organizations, List groups, List permissions)
670 throws PortalException, SystemException {
671
672 for (int i = 0; i < permissions.size(); i++) {
673 Permission permission = (Permission)permissions.get(i);
674
675 if (checkOrgGroupPermission(organizations, groups, permission)) {
676 return true;
677 }
678 }
679
680 return false;
681 }
682
683 protected boolean checkOrgGroupPermission(
684 List organizations, List groups, Permission permission)
685 throws PortalException, SystemException {
686
687
690 if ((organizations.size() == 0) || (groups.size() == 0)) {
691 return false;
692 }
693
694
697 List orgGroupPermissions = OrgGroupPermissionUtil.findByPermissionId(
698 permission.getPermissionId());
699
700 if (orgGroupPermissions.size() == 0) {
701 return false;
702 }
703
704 Iterator itr = orgGroupPermissions.iterator();
705
706 while (itr.hasNext()) {
707 OrgGroupPermission orgGroupPermission =
708 (OrgGroupPermission)itr.next();
709
710 if (orgGroupPermission.containsOrganization(organizations) &&
711 orgGroupPermission.containsGroup(groups)) {
712
713 return true;
714 }
715 }
716
717
721 throw new NoSuchPermissionException(
722 "User has a permission in OrgGroupPermission that does not match");
723 }
724
725 protected boolean hasUserPermissions_1(
726 long userId, String actionId, long resourceId, List permissions,
727 List groups, long groupId, StopWatch stopWatch, int block)
728 throws PortalException, SystemException {
729
730
733 if (groups.size() > 0) {
734 if (PermissionFinder.countByGroupsRoles(permissions, groups) > 0) {
735 return true;
736 }
737 }
738
739 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
740
741
744 if (groups.size() > 0) {
745 if (PermissionFinder.countByGroupsPermissions(
746 permissions, groups) > 0) {
747
748 return true;
749 }
750 }
751
752 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
753
754
756 if (PermissionFinder.countByUsersRoles(permissions, userId) > 0) {
757 return true;
758 }
759
760 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
761
762
764 if (PermissionFinder.countByUserGroupRole(
765 permissions, userId, groupId) > 0) {
766
767 return true;
768 }
769
770 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
771
772
774 if (PermissionFinder.countByUsersPermissions(permissions, userId) > 0) {
775 return true;
776 }
777
778 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
779
780 return false;
781 }
782
783 protected boolean hasUserPermissions_2(
784 long userId, String actionId, long resourceId, List permissions,
785 List groups, long groupId, StopWatch stopWatch, int block)
786 throws PortalException, SystemException {
787
788
791 if (PermissionFinder.containsPermissions_2(
792 permissions, userId, groups, groupId)) {
793
794 return true;
795 }
796
797 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
798
799 return false;
800 }
801
802 protected boolean hasUserPermissions_3(
803 long userId, String actionId, long resourceId, List permissions,
804 List groups, List roles, StopWatch stopWatch, int block)
805 throws PortalException, SystemException {
806
807
810 if (groups.size() > 0) {
811 if (PermissionFinder.countByGroupsPermissions(
812 permissions, groups) > 0) {
813
814 return true;
815 }
816 }
817
818 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
819
820
823 if (roles.size() > 0) {
824 if (PermissionFinder.countByRolesPermissions(
825 permissions, roles) > 0) {
826
827 return true;
828 }
829 }
830
831 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
832
833
835 if (PermissionFinder.countByUsersPermissions(permissions, userId) > 0) {
836 return true;
837 }
838
839 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
840
841 return false;
842 }
843
844 protected boolean hasUserPermissions_4(
845 long userId, String actionId, long resourceId, List permissions,
846 List groups, List roles, StopWatch stopWatch, int block)
847 throws PortalException, SystemException {
848
849
852 if (PermissionFinder.containsPermissions_4(
853 permissions, userId, groups, roles)) {
854
855 return true;
856 }
857
858 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
859
860 return false;
861 }
862
863 protected void logHasUserPermissions(
864 long userId, String actionId, long resourceId, StopWatch stopWatch,
865 int block) {
866
867 if (!_log.isDebugEnabled()) {
868 return;
869 }
870
871 _log.debug(
872 "Checking user permissions block " + block + " for " + userId +
873 " " + actionId + " " + resourceId + " takes " +
874 stopWatch.getTime() + " ms");
875 }
876
877 private static Log _log =
878 LogFactory.getLog(PermissionLocalServiceImpl.class);
879
880 }