1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.NoSuchResourceException;
27  import com.liferay.portal.PortalException;
28  import com.liferay.portal.SystemException;
29  import com.liferay.portal.kernel.util.GetterUtil;
30  import com.liferay.portal.kernel.util.Validator;
31  import com.liferay.portal.model.Group;
32  import com.liferay.portal.model.OrgGroupPermission;
33  import com.liferay.portal.model.Organization;
34  import com.liferay.portal.model.Permission;
35  import com.liferay.portal.model.Resource;
36  import com.liferay.portal.model.ResourceCode;
37  import com.liferay.portal.model.ResourceConstants;
38  import com.liferay.portal.model.Role;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserGroup;
41  import com.liferay.portal.security.permission.PermissionCacheUtil;
42  import com.liferay.portal.security.permission.PermissionCheckerBag;
43  import com.liferay.portal.security.permission.PermissionCheckerImpl;
44  import com.liferay.portal.security.permission.ResourceActionsUtil;
45  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
46  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
47  import com.liferay.portal.util.comparator.PermissionComparator;
48  
49  import java.util.ArrayList;
50  import java.util.Iterator;
51  import java.util.List;
52  
53  import org.apache.commons.lang.time.StopWatch;
54  import org.apache.commons.logging.Log;
55  import org.apache.commons.logging.LogFactory;
56  
57  /**
58   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
59   *
60   * @author Charles May
61   * @author Brian Wing Shun Chan
62   *
63   */
64  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
65  
66      public Permission addPermission(
67              long companyId, String actionId, long resourceId)
68          throws PortalException, SystemException {
69  
70          Permission permission = permissionPersistence.fetchByA_R(
71              actionId, resourceId);
72  
73          if (permission == null) {
74              long permissionId = counterLocalService.increment(
75                  Permission.class.getName());
76  
77              permission = permissionPersistence.create(permissionId);
78  
79              permission.setCompanyId(companyId);
80              permission.setActionId(actionId);
81              permission.setResourceId(resourceId);
82  
83              permissionPersistence.update(permission, false);
84          }
85  
86          return permission;
87      }
88  
89      public List<Permission> addPermissions(
90              long companyId, String name, long resourceId,
91              boolean portletActions)
92          throws PortalException, SystemException {
93  
94          List<Permission> permissions = new ArrayList<Permission>();
95  
96          List<String> actions = null;
97  
98          if (portletActions) {
99              actions =
100                 ResourceActionsUtil.getPortletResourceActions(companyId, name);
101         }
102         else {
103             actions = ResourceActionsUtil.getModelResourceActions(name);
104         }
105 
106         for (int i = 0; i < actions.size(); i++) {
107             String actionId = actions.get(i);
108 
109             Permission permission = addPermission(
110                 companyId, actionId, resourceId);
111 
112             permissions.add(permission);
113         }
114 
115         return permissions;
116     }
117 
118     public void addUserPermissions(
119             long userId, String[] actionIds, long resourceId)
120         throws PortalException, SystemException {
121 
122         User user = userPersistence.findByPrimaryKey(userId);
123 
124         List<Permission> permissions = permissionFinder.findByU_R(
125             userId, resourceId);
126 
127         permissions = getPermissions(
128             user.getCompanyId(), actionIds, resourceId);
129 
130         userPersistence.addPermissions(userId, permissions);
131 
132         PermissionCacheUtil.clearCache();
133     }
134 
135     public List<String> getActions(List<Permission> permissions)
136         throws SystemException {
137 
138         List<String> actions = new ArrayList<String>();
139 
140         Iterator<Permission> itr = permissions.iterator();
141 
142         while (itr.hasNext()) {
143             Permission permission = itr.next();
144 
145             actions.add(permission.getActionId());
146         }
147 
148         return actions;
149     }
150 
151     public List<Permission> getGroupPermissions(long groupId, long resourceId)
152         throws SystemException {
153 
154         return permissionFinder.findByG_R(groupId, resourceId);
155     }
156 
157     public List<Permission> getGroupPermissions(
158             long groupId, long companyId, String name, int scope,
159             String primKey)
160         throws SystemException {
161 
162         return permissionFinder.findByG_C_N_S_P(
163             groupId, companyId, name, scope, primKey);
164     }
165 
166     public List<Permission> getOrgGroupPermissions(
167             long organizationId, long groupId, long resourceId)
168         throws SystemException {
169 
170         return permissionFinder.findByO_G_R(
171             organizationId, groupId, resourceId);
172     }
173 
174     public long getLatestPermissionId()
175         throws PortalException, SystemException {
176 
177         List<Permission> permissions = permissionPersistence.findAll(
178             0, 1, new PermissionComparator());
179 
180         if (permissions.size() == 0) {
181             return 0;
182         }
183         else {
184             Permission permission = permissions.get(0);
185 
186             return permission.getPermissionId();
187         }
188     }
189 
190     public List<Permission> getPermissions(
191             long companyId, String[] actionIds, long resourceId)
192         throws PortalException, SystemException {
193 
194         List<Permission> permissions = new ArrayList<Permission>();
195 
196         for (int i = 0; i < actionIds.length; i++) {
197             Permission permission = addPermission(
198                 companyId, actionIds[i], resourceId);
199 
200             permissions.add(permission);
201         }
202 
203         return permissions;
204     }
205 
206     public List<Permission> getRolePermissions(long roleId)
207         throws PortalException, SystemException {
208 
209         return rolePersistence.getPermissions(roleId);
210     }
211 
212     public List<Permission> getRolePermissions(long roleId, long resourceId)
213         throws SystemException {
214 
215         return permissionFinder.findByR_R(roleId, resourceId);
216     }
217 
218     public List<Permission> getUserPermissions(long userId, long resourceId)
219         throws SystemException {
220 
221         return permissionFinder.findByU_R(userId, resourceId);
222     }
223 
224     public List<Permission> getUserPermissions(
225             long userId, long companyId, String name, int scope, String primKey)
226         throws SystemException {
227 
228         return permissionFinder.findByU_C_N_S_P(
229             userId, companyId, name, scope, primKey);
230     }
231 
232     public boolean hasGroupPermission(
233             long groupId, String actionId, long resourceId)
234         throws PortalException, SystemException {
235 
236         Permission permission = null;
237 
238         try {
239             permission = permissionPersistence.findByA_R(actionId, resourceId);
240         }
241         catch (NoSuchPermissionException nspe) {
242 
243             // Return false if there is no permission based on the given action
244             // id and resource id
245 
246             return false;
247         }
248 
249         return groupPersistence.containsPermission(
250             groupId, permission.getPermissionId());
251     }
252 
253     public boolean hasRolePermission(
254             long roleId, long companyId, String name, int scope,
255             String actionId)
256         throws PortalException, SystemException {
257 
258         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
259             companyId, name, scope);
260 
261         List<Resource> resources = resourcePersistence.findByCodeId(
262             resourceCode.getCodeId());
263 
264         for (Resource resource : resources) {
265             try {
266                 Permission permission = permissionPersistence.findByA_R(
267                     actionId, resource.getResourceId());
268 
269                 if (rolePersistence.containsPermission(
270                         roleId, permission.getPermissionId())) {
271 
272                     return true;
273                 }
274             }
275             catch (NoSuchPermissionException nspe) {
276             }
277         }
278 
279         return false;
280     }
281 
282     public boolean hasRolePermission(
283             long roleId, long companyId, String name, int scope, String primKey,
284             String actionId)
285         throws PortalException, SystemException {
286 
287         try {
288             ResourceCode resourceCode =
289                 resourceCodeLocalService.getResourceCode(
290                     companyId, name, scope);
291 
292             Resource resource = resourcePersistence.findByC_P(
293                 resourceCode.getCodeId(), primKey);
294 
295             Permission permission = permissionPersistence.findByA_R(
296                 actionId, resource.getResourceId());
297 
298             return rolePersistence.containsPermission(
299                 roleId, permission.getPermissionId());
300         }
301         catch (NoSuchPermissionException nspe) {
302         }
303         catch (NoSuchResourceException nsre) {
304         }
305 
306         return false;
307     }
308 
309     public boolean hasUserPermission(
310             long userId, String actionId, long resourceId)
311         throws PortalException, SystemException {
312 
313         Permission permission = null;
314 
315         try {
316             permission = permissionPersistence.findByA_R(actionId, resourceId);
317         }
318         catch (NoSuchPermissionException nspe) {
319 
320             // Return false if there is no permission based on the given action
321             // id and resource id
322 
323             return false;
324         }
325 
326         return userPersistence.containsPermission(
327             userId, permission.getPermissionId());
328     }
329 
330     public boolean hasUserPermissions(
331             long userId, long groupId, String actionId, long[] resourceIds,
332             PermissionCheckerBag permissionCheckerBag)
333         throws PortalException, SystemException {
334 
335         StopWatch stopWatch = null;
336 
337         if (_log.isDebugEnabled()) {
338             stopWatch = new StopWatch();
339 
340             stopWatch.start();
341         }
342 
343         int block = 1;
344 
345         // Return false if there is no resources
346 
347         if ((Validator.isNull(actionId)) || (resourceIds == null) ||
348             (resourceIds.length == 0)) {
349 
350             return false;
351         }
352 
353         List<Permission> permissions = permissionFinder.findByA_R(
354             actionId, resourceIds);
355 
356         // Return false if there are no permissions
357 
358         if (permissions.size() == 0) {
359             return false;
360         }
361 
362         // Record logs with the first resource id
363 
364         long resourceId = resourceIds[0];
365 
366         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
367 
368         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
369         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
370         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
371         //List<Group> userUserGroupGroups =
372         //  permissionCheckerBag.getUserUserGroupGroups();
373         List<Group> groups = permissionCheckerBag.getGroups();
374         List<Role> roles = permissionCheckerBag.getRoles();
375 
376         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
377 
378         // Check the organization and community intersection table. Break out of
379         // this method if the user has one of the permissions set at the
380         // intersection because that takes priority.
381 
382         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
383         //  return true;
384         //}
385 
386         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
387 
388         if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 1) {
389             return hasUserPermissions_1(
390                 userId, actionId, resourceId, permissions, groups, groupId,
391                 stopWatch, block);
392         }
393         else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 2) {
394             return hasUserPermissions_2(
395                 userId, actionId, resourceId, permissions, groups, groupId,
396                 stopWatch, block);
397         }
398         else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 3) {
399             return hasUserPermissions_3(
400                 userId, actionId, resourceId, permissions, groups, roles,
401                 stopWatch, block);
402         }
403         else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 4) {
404             return hasUserPermissions_4(
405                 userId, actionId, resourceId, permissions, groups, roles,
406                 stopWatch, block);
407         }
408 
409         return false;
410     }
411 
412     public void setGroupPermissions(
413             long groupId, String[] actionIds, long resourceId)
414         throws PortalException, SystemException {
415 
416         Group group = groupPersistence.findByPrimaryKey(groupId);
417 
418         List<Permission> permissions = permissionFinder.findByG_R(
419             groupId, resourceId);
420 
421         for (Permission permission : permissions) {
422             groupPersistence.removePermission(groupId, permission);
423         }
424 
425         permissions = getPermissions(
426             group.getCompanyId(), actionIds, resourceId);
427 
428         groupPersistence.addPermissions(groupId, permissions);
429 
430         PermissionCacheUtil.clearCache();
431     }
432 
433     public void setGroupPermissions(
434             String className, String classPK, long groupId,
435             String[] actionIds, long resourceId)
436         throws PortalException, SystemException {
437 
438         long associatedGroupId = 0;
439 
440         if (className.equals(Organization.class.getName())) {
441             long organizationId = GetterUtil.getLong(classPK);
442 
443             Organization organization =
444                 organizationPersistence.findByPrimaryKey(organizationId);
445 
446             orgGroupPermissionFinder.removeByO_G_R(
447                 organizationId, groupId, resourceId);
448 
449             associatedGroupId = organization.getGroup().getGroupId();
450         }
451         else if (className.equals(UserGroup.class.getName())) {
452             long userGroupId = GetterUtil.getLong(classPK);
453 
454             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
455                 userGroupId);
456 
457             associatedGroupId = userGroup.getGroup().getGroupId();
458         }
459 
460         setGroupPermissions(associatedGroupId, actionIds, resourceId);
461     }
462 
463     public void setOrgGroupPermissions(
464             long organizationId, long groupId, String[] actionIds,
465             long resourceId)
466         throws PortalException, SystemException {
467 
468         Organization organization =
469             organizationPersistence.findByPrimaryKey(organizationId);
470 
471         long orgGroupId = organization.getGroup().getGroupId();
472 
473         List<Permission> permissions = permissionPersistence.findByResourceId(
474             resourceId);
475 
476         for (Permission permission : permissions) {
477             groupPersistence.removePermission(orgGroupId, permission);
478         }
479 
480         permissions = getPermissions(
481             organization.getCompanyId(), actionIds, resourceId);
482 
483         orgGroupPermissionFinder.removeByO_G_R(
484             organizationId, groupId, resourceId);
485 
486         for (Permission permission : permissions) {
487             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
488                 organizationId, groupId, permission.getPermissionId());
489 
490             OrgGroupPermission orgGroupPermission =
491                 orgGroupPermissionPersistence.create(pk);
492 
493             orgGroupPermissionPersistence.update(orgGroupPermission, false);
494         }
495 
496         PermissionCacheUtil.clearCache();
497     }
498 
499     public void setRolePermission(
500             long roleId, long companyId, String name, int scope, String primKey,
501             String actionId)
502         throws PortalException, SystemException {
503 
504         if (scope == ResourceConstants.SCOPE_COMPANY) {
505 
506             // Remove group permission
507 
508             unsetRolePermissions(
509                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
510                 actionId);
511         }
512         else if (scope == ResourceConstants.SCOPE_GROUP) {
513 
514             // Remove company permission
515 
516             unsetRolePermissions(
517                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
518                 actionId);
519         }
520         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
521             throw new NoSuchPermissionException();
522         }
523 
524         Resource resource = resourceLocalService.addResource(
525             companyId, name, scope, primKey);
526 
527         Permission permission = null;
528 
529         try {
530             permission = permissionPersistence.findByA_R(
531                 actionId, resource.getResourceId());
532         }
533         catch (NoSuchPermissionException nspe) {
534             long permissionId = counterLocalService.increment(
535                 Permission.class.getName());
536 
537             permission = permissionPersistence.create(permissionId);
538 
539             permission.setCompanyId(companyId);
540             permission.setActionId(actionId);
541             permission.setResourceId(resource.getResourceId());
542 
543             permissionPersistence.update(permission, false);
544         }
545 
546         rolePersistence.addPermission(roleId, permission);
547 
548         PermissionCacheUtil.clearCache();
549     }
550 
551     public void setRolePermissions(
552             long roleId, long companyId, String name, int scope, String primKey,
553             String[] actionIds)
554         throws PortalException, SystemException {
555 
556         for (int i = 0; i < actionIds.length; i++) {
557             String actionId = actionIds[i];
558 
559             setRolePermission(
560                 roleId, companyId, name, scope, primKey, actionId);
561         }
562     }
563 
564     public void setRolePermissions(
565             long roleId, String[] actionIds, long resourceId)
566         throws PortalException, SystemException {
567 
568         Role role = rolePersistence.findByPrimaryKey(roleId);
569 
570         List<Permission> permissions = permissionFinder.findByR_R(
571             roleId, resourceId);
572 
573         rolePersistence.removePermissions(roleId, permissions);
574 
575         permissions = getPermissions(
576             role.getCompanyId(), actionIds, resourceId);
577 
578         rolePersistence.addPermissions(roleId, permissions);
579 
580         PermissionCacheUtil.clearCache();
581     }
582 
583     public void setUserPermissions(
584             long userId, String[] actionIds, long resourceId)
585         throws PortalException, SystemException {
586 
587         User user = userPersistence.findByPrimaryKey(userId);
588 
589         List<Permission> permissions = permissionFinder.findByU_R(
590             userId, resourceId);
591 
592         userPersistence.removePermissions(userId, permissions);
593 
594         permissions = getPermissions(
595             user.getCompanyId(), actionIds, resourceId);
596 
597         userPersistence.addPermissions(userId, permissions);
598 
599         PermissionCacheUtil.clearCache();
600     }
601 
602     public void unsetRolePermission(long roleId, long permissionId)
603         throws SystemException, PortalException {
604 
605         try {
606             Permission permission = permissionPersistence.findByPrimaryKey(
607                 permissionId);
608 
609             rolePersistence.removePermission(roleId, permission);
610         }
611         catch (NoSuchPermissionException nspe) {
612         }
613 
614         PermissionCacheUtil.clearCache();
615     }
616 
617     public void unsetRolePermission(
618             long roleId, long companyId, String name, int scope, String primKey,
619             String actionId)
620         throws PortalException, SystemException {
621 
622         try {
623             ResourceCode resourceCode =
624                 resourceCodeLocalService.getResourceCode(
625                     companyId, name, scope);
626 
627             Resource resource = resourcePersistence.findByC_P(
628                 resourceCode.getCodeId(), primKey);
629 
630             Permission permission = permissionPersistence.findByA_R(
631                 actionId, resource.getResourceId());
632 
633             rolePersistence.removePermission(roleId, permission);
634         }
635         catch (NoSuchPermissionException nspe) {
636         }
637         catch (NoSuchResourceException nsre) {
638         }
639 
640         PermissionCacheUtil.clearCache();
641     }
642 
643     public void unsetRolePermissions(
644             long roleId, long companyId, String name, int scope,
645             String actionId)
646         throws PortalException, SystemException {
647 
648         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
649             companyId, name, scope);
650 
651         List<Resource> resources = resourcePersistence.findByCodeId(
652             resourceCode.getCodeId());
653 
654         for (Resource resource : resources) {
655             try {
656                 Permission permission = permissionPersistence.findByA_R(
657                     actionId, resource.getResourceId());
658 
659                 rolePersistence.removePermission(roleId, permission);
660             }
661             catch (NoSuchPermissionException nspe) {
662             }
663         }
664 
665         PermissionCacheUtil.clearCache();
666     }
667 
668     public void unsetUserPermissions(
669             long userId, String[] actionIds, long resourceId)
670         throws PortalException, SystemException {
671 
672         List<Permission> permissions = permissionFinder.findByU_A_R(
673             userId, actionIds, resourceId);
674 
675         userPersistence.removePermissions(userId, permissions);
676 
677         PermissionCacheUtil.clearCache();
678     }
679 
680     protected boolean checkOrgGroupPermission(
681             List<Organization> organizations, List<Group> groups,
682             List<Permission> permissions)
683         throws PortalException, SystemException {
684 
685         for (Permission permission : permissions) {
686             if (checkOrgGroupPermission(organizations, groups, permission)) {
687                 return true;
688             }
689         }
690 
691         return false;
692     }
693 
694     protected boolean checkOrgGroupPermission(
695             List<Organization> organizations, List<Group> groups,
696             Permission permission)
697         throws PortalException, SystemException {
698 
699         // Do not check for an OrgGroupPermission intersection unless there is
700         // at least one organization and one group to check
701 
702         if ((organizations.size() == 0) || (groups.size() == 0)) {
703             return false;
704         }
705 
706         // Do not check unless the OrgGroupPermission intersection contains at
707         // least one permission
708 
709         List<OrgGroupPermission> orgGroupPermissions =
710             orgGroupPermissionPersistence.findByPermissionId(
711                 permission.getPermissionId());
712 
713         if (orgGroupPermissions.size() == 0) {
714             return false;
715         }
716 
717         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
718             if (orgGroupPermission.containsOrganization(organizations) &&
719                 orgGroupPermission.containsGroup(groups)) {
720 
721                 return true;
722             }
723         }
724 
725         // Throw an exception so that we do not continue checking permissions.
726         // The user has a specific permission given in the OrgGroupPermission
727         // intersection that prohibits him from going further.
728 
729         throw new NoSuchPermissionException(
730             "User has a permission in OrgGroupPermission that does not match");
731     }
732 
733     protected boolean hasUserPermissions_1(
734             long userId, String actionId, long resourceId,
735             List<Permission> permissions, List<Group> groups, long groupId,
736             StopWatch stopWatch, int block)
737         throws PortalException, SystemException {
738 
739         // Is the user connected to one of the permissions via group or
740         // organization roles?
741 
742         if (groups.size() > 0) {
743             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
744                 return true;
745             }
746         }
747 
748         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
749 
750         // Is the user associated with groups or organizations that are directly
751         // connected to one of the permissions?
752 
753         if (groups.size() > 0) {
754             if (permissionFinder.countByGroupsPermissions(
755                     permissions, groups) > 0) {
756 
757                 return true;
758             }
759         }
760 
761         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
762 
763         // Is the user connected to one of the permissions via user roles?
764 
765         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
766             return true;
767         }
768 
769         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
770 
771         // Is the user connected to one of the permissions via user group roles?
772 
773         if (permissionFinder.countByUserGroupRole(
774                 permissions, userId, groupId) > 0) {
775 
776             return true;
777         }
778 
779         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
780 
781         // Is the user directly connected to one of the permissions?
782 
783         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
784             return true;
785         }
786 
787         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
788 
789         return false;
790     }
791 
792     protected boolean hasUserPermissions_2(
793             long userId, String actionId, long resourceId,
794             List<Permission> permissions, List<Group> groups, long groupId,
795             StopWatch stopWatch, int block)
796         throws PortalException, SystemException {
797 
798         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
799         // countByUserGroupRole, and countByUsersPermissions in one method
800 
801         if (permissionFinder.containsPermissions_2(
802                 permissions, userId, groups, groupId)) {
803 
804             return true;
805         }
806 
807         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
808 
809         return false;
810     }
811 
812     protected boolean hasUserPermissions_3(
813             long userId, String actionId, long resourceId,
814             List<Permission> permissions, List<Group> groups, List<Role> roles,
815             StopWatch stopWatch, int block)
816         throws PortalException, SystemException {
817 
818         // Is the user associated with groups or organizations that are directly
819         // connected to one of the permissions?
820 
821         if (groups.size() > 0) {
822             if (permissionFinder.countByGroupsPermissions(
823                     permissions, groups) > 0) {
824 
825                 return true;
826             }
827         }
828 
829         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
830 
831         // Is the user associated with a role that is directly connected to one
832         // of the permissions?
833 
834         if (roles.size() > 0) {
835             if (permissionFinder.countByRolesPermissions(
836                     permissions, roles) > 0) {
837 
838                 return true;
839             }
840         }
841 
842         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
843 
844         // Is the user directly connected to one of the permissions?
845 
846         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
847             return true;
848         }
849 
850         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
851 
852         return false;
853     }
854 
855     protected boolean hasUserPermissions_4(
856             long userId, String actionId, long resourceId,
857             List<Permission> permissions, List<Group> groups, List<Role> roles,
858             StopWatch stopWatch, int block)
859         throws PortalException, SystemException {
860 
861         // Call countByGroupsPermissions, countByRolesPermissions, and
862         // countByUsersPermissions in one method
863 
864         if (permissionFinder.containsPermissions_4(
865                 permissions, userId, groups, roles)) {
866 
867             return true;
868         }
869 
870         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
871 
872         return false;
873     }
874 
875     protected void logHasUserPermissions(
876         long userId, String actionId, long resourceId, StopWatch stopWatch,
877         int block) {
878 
879         if (!_log.isDebugEnabled()) {
880             return;
881         }
882 
883         _log.debug(
884             "Checking user permissions block " + block + " for " + userId +
885                 " " + actionId + " " + resourceId + " takes " +
886                     stopWatch.getTime() + " ms");
887     }
888 
889     private static Log _log =
890         LogFactory.getLog(PermissionLocalServiceImpl.class);
891 
892 }