1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.NoSuchPermissionException;
26 import com.liferay.portal.NoSuchResourceException;
27 import com.liferay.portal.PortalException;
28 import com.liferay.portal.SystemException;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.Validator;
31 import com.liferay.portal.model.Group;
32 import com.liferay.portal.model.OrgGroupPermission;
33 import com.liferay.portal.model.Organization;
34 import com.liferay.portal.model.Permission;
35 import com.liferay.portal.model.Resource;
36 import com.liferay.portal.model.ResourceCode;
37 import com.liferay.portal.model.ResourceConstants;
38 import com.liferay.portal.model.Role;
39 import com.liferay.portal.model.User;
40 import com.liferay.portal.model.UserGroup;
41 import com.liferay.portal.security.permission.PermissionCacheUtil;
42 import com.liferay.portal.security.permission.PermissionCheckerBag;
43 import com.liferay.portal.security.permission.PermissionCheckerImpl;
44 import com.liferay.portal.security.permission.ResourceActionsUtil;
45 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
46 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
47 import com.liferay.portal.util.comparator.PermissionComparator;
48
49 import java.util.ArrayList;
50 import java.util.Iterator;
51 import java.util.List;
52
53 import org.apache.commons.lang.time.StopWatch;
54 import org.apache.commons.logging.Log;
55 import org.apache.commons.logging.LogFactory;
56
57
64 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
65
66 public Permission addPermission(
67 long companyId, String actionId, long resourceId)
68 throws PortalException, SystemException {
69
70 Permission permission = permissionPersistence.fetchByA_R(
71 actionId, resourceId);
72
73 if (permission == null) {
74 long permissionId = counterLocalService.increment(
75 Permission.class.getName());
76
77 permission = permissionPersistence.create(permissionId);
78
79 permission.setCompanyId(companyId);
80 permission.setActionId(actionId);
81 permission.setResourceId(resourceId);
82
83 permissionPersistence.update(permission, false);
84 }
85
86 return permission;
87 }
88
89 public List<Permission> addPermissions(
90 long companyId, String name, long resourceId,
91 boolean portletActions)
92 throws PortalException, SystemException {
93
94 List<Permission> permissions = new ArrayList<Permission>();
95
96 List<String> actions = null;
97
98 if (portletActions) {
99 actions =
100 ResourceActionsUtil.getPortletResourceActions(companyId, name);
101 }
102 else {
103 actions = ResourceActionsUtil.getModelResourceActions(name);
104 }
105
106 for (int i = 0; i < actions.size(); i++) {
107 String actionId = actions.get(i);
108
109 Permission permission = addPermission(
110 companyId, actionId, resourceId);
111
112 permissions.add(permission);
113 }
114
115 return permissions;
116 }
117
118 public void addUserPermissions(
119 long userId, String[] actionIds, long resourceId)
120 throws PortalException, SystemException {
121
122 User user = userPersistence.findByPrimaryKey(userId);
123
124 List<Permission> permissions = permissionFinder.findByU_R(
125 userId, resourceId);
126
127 permissions = getPermissions(
128 user.getCompanyId(), actionIds, resourceId);
129
130 userPersistence.addPermissions(userId, permissions);
131
132 PermissionCacheUtil.clearCache();
133 }
134
135 public List<String> getActions(List<Permission> permissions)
136 throws SystemException {
137
138 List<String> actions = new ArrayList<String>();
139
140 Iterator<Permission> itr = permissions.iterator();
141
142 while (itr.hasNext()) {
143 Permission permission = itr.next();
144
145 actions.add(permission.getActionId());
146 }
147
148 return actions;
149 }
150
151 public List<Permission> getGroupPermissions(long groupId, long resourceId)
152 throws SystemException {
153
154 return permissionFinder.findByG_R(groupId, resourceId);
155 }
156
157 public List<Permission> getGroupPermissions(
158 long groupId, long companyId, String name, int scope,
159 String primKey)
160 throws SystemException {
161
162 return permissionFinder.findByG_C_N_S_P(
163 groupId, companyId, name, scope, primKey);
164 }
165
166 public List<Permission> getOrgGroupPermissions(
167 long organizationId, long groupId, long resourceId)
168 throws SystemException {
169
170 return permissionFinder.findByO_G_R(
171 organizationId, groupId, resourceId);
172 }
173
174 public long getLatestPermissionId()
175 throws PortalException, SystemException {
176
177 List<Permission> permissions = permissionPersistence.findAll(
178 0, 1, new PermissionComparator());
179
180 if (permissions.size() == 0) {
181 return 0;
182 }
183 else {
184 Permission permission = permissions.get(0);
185
186 return permission.getPermissionId();
187 }
188 }
189
190 public List<Permission> getPermissions(
191 long companyId, String[] actionIds, long resourceId)
192 throws PortalException, SystemException {
193
194 List<Permission> permissions = new ArrayList<Permission>();
195
196 for (int i = 0; i < actionIds.length; i++) {
197 Permission permission = addPermission(
198 companyId, actionIds[i], resourceId);
199
200 permissions.add(permission);
201 }
202
203 return permissions;
204 }
205
206 public List<Permission> getRolePermissions(long roleId)
207 throws PortalException, SystemException {
208
209 return rolePersistence.getPermissions(roleId);
210 }
211
212 public List<Permission> getRolePermissions(long roleId, long resourceId)
213 throws SystemException {
214
215 return permissionFinder.findByR_R(roleId, resourceId);
216 }
217
218 public List<Permission> getUserPermissions(long userId, long resourceId)
219 throws SystemException {
220
221 return permissionFinder.findByU_R(userId, resourceId);
222 }
223
224 public List<Permission> getUserPermissions(
225 long userId, long companyId, String name, int scope, String primKey)
226 throws SystemException {
227
228 return permissionFinder.findByU_C_N_S_P(
229 userId, companyId, name, scope, primKey);
230 }
231
232 public boolean hasGroupPermission(
233 long groupId, String actionId, long resourceId)
234 throws PortalException, SystemException {
235
236 Permission permission = null;
237
238 try {
239 permission = permissionPersistence.findByA_R(actionId, resourceId);
240 }
241 catch (NoSuchPermissionException nspe) {
242
243
246 return false;
247 }
248
249 return groupPersistence.containsPermission(
250 groupId, permission.getPermissionId());
251 }
252
253 public boolean hasRolePermission(
254 long roleId, long companyId, String name, int scope,
255 String actionId)
256 throws PortalException, SystemException {
257
258 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
259 companyId, name, scope);
260
261 List<Resource> resources = resourcePersistence.findByCodeId(
262 resourceCode.getCodeId());
263
264 for (Resource resource : resources) {
265 try {
266 Permission permission = permissionPersistence.findByA_R(
267 actionId, resource.getResourceId());
268
269 if (rolePersistence.containsPermission(
270 roleId, permission.getPermissionId())) {
271
272 return true;
273 }
274 }
275 catch (NoSuchPermissionException nspe) {
276 }
277 }
278
279 return false;
280 }
281
282 public boolean hasRolePermission(
283 long roleId, long companyId, String name, int scope, String primKey,
284 String actionId)
285 throws PortalException, SystemException {
286
287 try {
288 ResourceCode resourceCode =
289 resourceCodeLocalService.getResourceCode(
290 companyId, name, scope);
291
292 Resource resource = resourcePersistence.findByC_P(
293 resourceCode.getCodeId(), primKey);
294
295 Permission permission = permissionPersistence.findByA_R(
296 actionId, resource.getResourceId());
297
298 return rolePersistence.containsPermission(
299 roleId, permission.getPermissionId());
300 }
301 catch (NoSuchPermissionException nspe) {
302 }
303 catch (NoSuchResourceException nsre) {
304 }
305
306 return false;
307 }
308
309 public boolean hasUserPermission(
310 long userId, String actionId, long resourceId)
311 throws PortalException, SystemException {
312
313 Permission permission = null;
314
315 try {
316 permission = permissionPersistence.findByA_R(actionId, resourceId);
317 }
318 catch (NoSuchPermissionException nspe) {
319
320
323 return false;
324 }
325
326 return userPersistence.containsPermission(
327 userId, permission.getPermissionId());
328 }
329
330 public boolean hasUserPermissions(
331 long userId, long groupId, String actionId, long[] resourceIds,
332 PermissionCheckerBag permissionCheckerBag)
333 throws PortalException, SystemException {
334
335 StopWatch stopWatch = null;
336
337 if (_log.isDebugEnabled()) {
338 stopWatch = new StopWatch();
339
340 stopWatch.start();
341 }
342
343 int block = 1;
344
345
347 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
348 (resourceIds.length == 0)) {
349
350 return false;
351 }
352
353 List<Permission> permissions = permissionFinder.findByA_R(
354 actionId, resourceIds);
355
356
358 if (permissions.size() == 0) {
359 return false;
360 }
361
362
364 long resourceId = resourceIds[0];
365
366 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
367
368 List<Group> groups = permissionCheckerBag.getGroups();
374 List<Role> roles = permissionCheckerBag.getRoles();
375
376 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
377
378
382
386 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
387
388 if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 1) {
389 return hasUserPermissions_1(
390 userId, actionId, resourceId, permissions, groups, groupId,
391 stopWatch, block);
392 }
393 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 2) {
394 return hasUserPermissions_2(
395 userId, actionId, resourceId, permissions, groups, groupId,
396 stopWatch, block);
397 }
398 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 3) {
399 return hasUserPermissions_3(
400 userId, actionId, resourceId, permissions, groups, roles,
401 stopWatch, block);
402 }
403 else if (PermissionCheckerImpl.USER_CHECK_ALGORITHM == 4) {
404 return hasUserPermissions_4(
405 userId, actionId, resourceId, permissions, groups, roles,
406 stopWatch, block);
407 }
408
409 return false;
410 }
411
412 public void setGroupPermissions(
413 long groupId, String[] actionIds, long resourceId)
414 throws PortalException, SystemException {
415
416 Group group = groupPersistence.findByPrimaryKey(groupId);
417
418 List<Permission> permissions = permissionFinder.findByG_R(
419 groupId, resourceId);
420
421 for (Permission permission : permissions) {
422 groupPersistence.removePermission(groupId, permission);
423 }
424
425 permissions = getPermissions(
426 group.getCompanyId(), actionIds, resourceId);
427
428 groupPersistence.addPermissions(groupId, permissions);
429
430 PermissionCacheUtil.clearCache();
431 }
432
433 public void setGroupPermissions(
434 String className, String classPK, long groupId,
435 String[] actionIds, long resourceId)
436 throws PortalException, SystemException {
437
438 long associatedGroupId = 0;
439
440 if (className.equals(Organization.class.getName())) {
441 long organizationId = GetterUtil.getLong(classPK);
442
443 Organization organization =
444 organizationPersistence.findByPrimaryKey(organizationId);
445
446 orgGroupPermissionFinder.removeByO_G_R(
447 organizationId, groupId, resourceId);
448
449 associatedGroupId = organization.getGroup().getGroupId();
450 }
451 else if (className.equals(UserGroup.class.getName())) {
452 long userGroupId = GetterUtil.getLong(classPK);
453
454 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
455 userGroupId);
456
457 associatedGroupId = userGroup.getGroup().getGroupId();
458 }
459
460 setGroupPermissions(associatedGroupId, actionIds, resourceId);
461 }
462
463 public void setOrgGroupPermissions(
464 long organizationId, long groupId, String[] actionIds,
465 long resourceId)
466 throws PortalException, SystemException {
467
468 Organization organization =
469 organizationPersistence.findByPrimaryKey(organizationId);
470
471 long orgGroupId = organization.getGroup().getGroupId();
472
473 List<Permission> permissions = permissionPersistence.findByResourceId(
474 resourceId);
475
476 for (Permission permission : permissions) {
477 groupPersistence.removePermission(orgGroupId, permission);
478 }
479
480 permissions = getPermissions(
481 organization.getCompanyId(), actionIds, resourceId);
482
483 orgGroupPermissionFinder.removeByO_G_R(
484 organizationId, groupId, resourceId);
485
486 for (Permission permission : permissions) {
487 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
488 organizationId, groupId, permission.getPermissionId());
489
490 OrgGroupPermission orgGroupPermission =
491 orgGroupPermissionPersistence.create(pk);
492
493 orgGroupPermissionPersistence.update(orgGroupPermission, false);
494 }
495
496 PermissionCacheUtil.clearCache();
497 }
498
499 public void setRolePermission(
500 long roleId, long companyId, String name, int scope, String primKey,
501 String actionId)
502 throws PortalException, SystemException {
503
504 if (scope == ResourceConstants.SCOPE_COMPANY) {
505
506
508 unsetRolePermissions(
509 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
510 actionId);
511 }
512 else if (scope == ResourceConstants.SCOPE_GROUP) {
513
514
516 unsetRolePermissions(
517 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
518 actionId);
519 }
520 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
521 throw new NoSuchPermissionException();
522 }
523
524 Resource resource = resourceLocalService.addResource(
525 companyId, name, scope, primKey);
526
527 Permission permission = null;
528
529 try {
530 permission = permissionPersistence.findByA_R(
531 actionId, resource.getResourceId());
532 }
533 catch (NoSuchPermissionException nspe) {
534 long permissionId = counterLocalService.increment(
535 Permission.class.getName());
536
537 permission = permissionPersistence.create(permissionId);
538
539 permission.setCompanyId(companyId);
540 permission.setActionId(actionId);
541 permission.setResourceId(resource.getResourceId());
542
543 permissionPersistence.update(permission, false);
544 }
545
546 rolePersistence.addPermission(roleId, permission);
547
548 PermissionCacheUtil.clearCache();
549 }
550
551 public void setRolePermissions(
552 long roleId, long companyId, String name, int scope, String primKey,
553 String[] actionIds)
554 throws PortalException, SystemException {
555
556 for (int i = 0; i < actionIds.length; i++) {
557 String actionId = actionIds[i];
558
559 setRolePermission(
560 roleId, companyId, name, scope, primKey, actionId);
561 }
562 }
563
564 public void setRolePermissions(
565 long roleId, String[] actionIds, long resourceId)
566 throws PortalException, SystemException {
567
568 Role role = rolePersistence.findByPrimaryKey(roleId);
569
570 List<Permission> permissions = permissionFinder.findByR_R(
571 roleId, resourceId);
572
573 rolePersistence.removePermissions(roleId, permissions);
574
575 permissions = getPermissions(
576 role.getCompanyId(), actionIds, resourceId);
577
578 rolePersistence.addPermissions(roleId, permissions);
579
580 PermissionCacheUtil.clearCache();
581 }
582
583 public void setUserPermissions(
584 long userId, String[] actionIds, long resourceId)
585 throws PortalException, SystemException {
586
587 User user = userPersistence.findByPrimaryKey(userId);
588
589 List<Permission> permissions = permissionFinder.findByU_R(
590 userId, resourceId);
591
592 userPersistence.removePermissions(userId, permissions);
593
594 permissions = getPermissions(
595 user.getCompanyId(), actionIds, resourceId);
596
597 userPersistence.addPermissions(userId, permissions);
598
599 PermissionCacheUtil.clearCache();
600 }
601
602 public void unsetRolePermission(long roleId, long permissionId)
603 throws SystemException, PortalException {
604
605 try {
606 Permission permission = permissionPersistence.findByPrimaryKey(
607 permissionId);
608
609 rolePersistence.removePermission(roleId, permission);
610 }
611 catch (NoSuchPermissionException nspe) {
612 }
613
614 PermissionCacheUtil.clearCache();
615 }
616
617 public void unsetRolePermission(
618 long roleId, long companyId, String name, int scope, String primKey,
619 String actionId)
620 throws PortalException, SystemException {
621
622 try {
623 ResourceCode resourceCode =
624 resourceCodeLocalService.getResourceCode(
625 companyId, name, scope);
626
627 Resource resource = resourcePersistence.findByC_P(
628 resourceCode.getCodeId(), primKey);
629
630 Permission permission = permissionPersistence.findByA_R(
631 actionId, resource.getResourceId());
632
633 rolePersistence.removePermission(roleId, permission);
634 }
635 catch (NoSuchPermissionException nspe) {
636 }
637 catch (NoSuchResourceException nsre) {
638 }
639
640 PermissionCacheUtil.clearCache();
641 }
642
643 public void unsetRolePermissions(
644 long roleId, long companyId, String name, int scope,
645 String actionId)
646 throws PortalException, SystemException {
647
648 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
649 companyId, name, scope);
650
651 List<Resource> resources = resourcePersistence.findByCodeId(
652 resourceCode.getCodeId());
653
654 for (Resource resource : resources) {
655 try {
656 Permission permission = permissionPersistence.findByA_R(
657 actionId, resource.getResourceId());
658
659 rolePersistence.removePermission(roleId, permission);
660 }
661 catch (NoSuchPermissionException nspe) {
662 }
663 }
664
665 PermissionCacheUtil.clearCache();
666 }
667
668 public void unsetUserPermissions(
669 long userId, String[] actionIds, long resourceId)
670 throws PortalException, SystemException {
671
672 List<Permission> permissions = permissionFinder.findByU_A_R(
673 userId, actionIds, resourceId);
674
675 userPersistence.removePermissions(userId, permissions);
676
677 PermissionCacheUtil.clearCache();
678 }
679
680 protected boolean checkOrgGroupPermission(
681 List<Organization> organizations, List<Group> groups,
682 List<Permission> permissions)
683 throws PortalException, SystemException {
684
685 for (Permission permission : permissions) {
686 if (checkOrgGroupPermission(organizations, groups, permission)) {
687 return true;
688 }
689 }
690
691 return false;
692 }
693
694 protected boolean checkOrgGroupPermission(
695 List<Organization> organizations, List<Group> groups,
696 Permission permission)
697 throws PortalException, SystemException {
698
699
702 if ((organizations.size() == 0) || (groups.size() == 0)) {
703 return false;
704 }
705
706
709 List<OrgGroupPermission> orgGroupPermissions =
710 orgGroupPermissionPersistence.findByPermissionId(
711 permission.getPermissionId());
712
713 if (orgGroupPermissions.size() == 0) {
714 return false;
715 }
716
717 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
718 if (orgGroupPermission.containsOrganization(organizations) &&
719 orgGroupPermission.containsGroup(groups)) {
720
721 return true;
722 }
723 }
724
725
729 throw new NoSuchPermissionException(
730 "User has a permission in OrgGroupPermission that does not match");
731 }
732
733 protected boolean hasUserPermissions_1(
734 long userId, String actionId, long resourceId,
735 List<Permission> permissions, List<Group> groups, long groupId,
736 StopWatch stopWatch, int block)
737 throws PortalException, SystemException {
738
739
742 if (groups.size() > 0) {
743 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
744 return true;
745 }
746 }
747
748 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
749
750
753 if (groups.size() > 0) {
754 if (permissionFinder.countByGroupsPermissions(
755 permissions, groups) > 0) {
756
757 return true;
758 }
759 }
760
761 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
762
763
765 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
766 return true;
767 }
768
769 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
770
771
773 if (permissionFinder.countByUserGroupRole(
774 permissions, userId, groupId) > 0) {
775
776 return true;
777 }
778
779 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
780
781
783 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
784 return true;
785 }
786
787 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
788
789 return false;
790 }
791
792 protected boolean hasUserPermissions_2(
793 long userId, String actionId, long resourceId,
794 List<Permission> permissions, List<Group> groups, long groupId,
795 StopWatch stopWatch, int block)
796 throws PortalException, SystemException {
797
798
801 if (permissionFinder.containsPermissions_2(
802 permissions, userId, groups, groupId)) {
803
804 return true;
805 }
806
807 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
808
809 return false;
810 }
811
812 protected boolean hasUserPermissions_3(
813 long userId, String actionId, long resourceId,
814 List<Permission> permissions, List<Group> groups, List<Role> roles,
815 StopWatch stopWatch, int block)
816 throws PortalException, SystemException {
817
818
821 if (groups.size() > 0) {
822 if (permissionFinder.countByGroupsPermissions(
823 permissions, groups) > 0) {
824
825 return true;
826 }
827 }
828
829 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
830
831
834 if (roles.size() > 0) {
835 if (permissionFinder.countByRolesPermissions(
836 permissions, roles) > 0) {
837
838 return true;
839 }
840 }
841
842 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
843
844
846 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
847 return true;
848 }
849
850 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
851
852 return false;
853 }
854
855 protected boolean hasUserPermissions_4(
856 long userId, String actionId, long resourceId,
857 List<Permission> permissions, List<Group> groups, List<Role> roles,
858 StopWatch stopWatch, int block)
859 throws PortalException, SystemException {
860
861
864 if (permissionFinder.containsPermissions_4(
865 permissions, userId, groups, roles)) {
866
867 return true;
868 }
869
870 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
871
872 return false;
873 }
874
875 protected void logHasUserPermissions(
876 long userId, String actionId, long resourceId, StopWatch stopWatch,
877 int block) {
878
879 if (!_log.isDebugEnabled()) {
880 return;
881 }
882
883 _log.debug(
884 "Checking user permissions block " + block + " for " + userId +
885 " " + actionId + " " + resourceId + " takes " +
886 stopWatch.getTime() + " ms");
887 }
888
889 private static Log _log =
890 LogFactory.getLog(PermissionLocalServiceImpl.class);
891
892 }