1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portlet.enterpriseadmin.action;
24  
25  import com.liferay.portal.NoSuchRoleException;
26  import com.liferay.portal.kernel.util.ArrayUtil;
27  import com.liferay.portal.kernel.util.Constants;
28  import com.liferay.portal.kernel.util.ParamUtil;
29  import com.liferay.portal.kernel.util.StringUtil;
30  import com.liferay.portal.kernel.util.Validator;
31  import com.liferay.portal.model.ResourceConstants;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.impl.GroupImpl;
34  import com.liferay.portal.model.impl.RoleImpl;
35  import com.liferay.portal.security.auth.PrincipalException;
36  import com.liferay.portal.security.permission.ResourceActionsUtil;
37  import com.liferay.portal.security.permission.comparator.ActionComparator;
38  import com.liferay.portal.service.PermissionServiceUtil;
39  import com.liferay.portal.service.RoleServiceUtil;
40  import com.liferay.portal.struts.PortletAction;
41  import com.liferay.portal.theme.ThemeDisplay;
42  import com.liferay.portal.util.WebKeys;
43  import com.liferay.util.servlet.SessionErrors;
44  import com.liferay.util.servlet.SessionMessages;
45  
46  import java.util.Collections;
47  import java.util.HashMap;
48  import java.util.List;
49  import java.util.Map;
50  
51  import javax.portlet.ActionRequest;
52  import javax.portlet.ActionResponse;
53  import javax.portlet.PortletConfig;
54  import javax.portlet.RenderRequest;
55  import javax.portlet.RenderResponse;
56  
57  import org.apache.struts.action.ActionForm;
58  import org.apache.struts.action.ActionForward;
59  import org.apache.struts.action.ActionMapping;
60  
61  /**
62   * <a href="EditRolePermissionsAction.java.html"><b><i>View Source</i></b></a>
63   *
64   * @author Brian Wing Shun Chan
65   * @author Jorge Ferrer
66   *
67   */
68  public class EditRolePermissionsAction extends PortletAction {
69  
70      public void processAction(
71              ActionMapping mapping, ActionForm form, PortletConfig config,
72              ActionRequest req, ActionResponse res)
73          throws Exception {
74  
75          String cmd = ParamUtil.getString(req, Constants.CMD);
76  
77          try {
78              if (cmd.equals("actions")) {
79                  updateActions(req, res);
80              }
81              else if (cmd.equals("delete_permission")) {
82                  deletePermission(req, res);
83              }
84          }
85          catch (Exception e) {
86              if (e instanceof NoSuchRoleException ||
87                  e instanceof PrincipalException) {
88  
89                  SessionErrors.add(req, e.getClass().getName());
90  
91                  setForward(req, "portlet.enterprise_admin.error");
92              }
93              else {
94                  throw e;
95              }
96          }
97      }
98  
99      public ActionForward render(
100             ActionMapping mapping, ActionForm form, PortletConfig config,
101             RenderRequest req, RenderResponse res)
102         throws Exception {
103 
104         try {
105             ActionUtil.getRole(req);
106         }
107         catch (Exception e) {
108             if (e instanceof NoSuchRoleException ||
109                 e instanceof PrincipalException) {
110 
111                 SessionErrors.add(req, e.getClass().getName());
112 
113                 return mapping.findForward("portlet.enterprise_admin.error");
114             }
115             else {
116                 throw e;
117             }
118         }
119 
120         return mapping.findForward(
121             getForward(req, "portlet.enterprise_admin.edit_role_permissions"));
122     }
123 
124     protected void deletePermission(ActionRequest req, ActionResponse res)
125         throws Exception {
126 
127         ThemeDisplay themeDisplay =
128             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
129 
130         long roleId = ParamUtil.getLong(req, "roleId");
131         long permissionId = ParamUtil.getLong(req, "permissionId");
132 
133         PermissionServiceUtil.unsetRolePermission(
134             roleId, themeDisplay.getPortletGroupId(), permissionId);
135 
136         // Send redirect
137 
138         SessionMessages.add(req, "permissionDeleted");
139 
140         String redirect = ParamUtil.getString(req, "redirect");
141 
142         res.sendRedirect(redirect);
143     }
144 
145     protected void updateActions(ActionRequest req, ActionResponse res)
146         throws Exception {
147 
148         ThemeDisplay themeDisplay =
149             (ThemeDisplay)req.getAttribute(WebKeys.THEME_DISPLAY);
150 
151         long roleId = ParamUtil.getLong(req, "roleId");
152 
153         String portletResource = ParamUtil.getString(req, "portletResource");
154         String[] modelResources = StringUtil.split(
155             ParamUtil.getString(req, "modelResources"));
156 
157         Map<String, List<String>> resourceActionsMap =
158             new HashMap<String, List<String>>();
159 
160         if (Validator.isNotNull(portletResource)) {
161             resourceActionsMap.put(
162                 portletResource,
163                 ResourceActionsUtil.getResourceActions(
164                     themeDisplay.getCompanyId(), portletResource, null));
165         }
166 
167         for (int i = 0; i < modelResources.length; i++) {
168             resourceActionsMap.put(
169                 modelResources[i],
170                 ResourceActionsUtil.getResourceActions(
171                     themeDisplay.getCompanyId(), null, modelResources[i]));
172         }
173 
174         for (Map.Entry<String, List<String>> entry :
175                 resourceActionsMap.entrySet()) {
176 
177             String selResource = entry.getKey();
178             List<String> actions = entry.getValue();
179 
180             Collections.sort(
181                 actions,
182                 new ActionComparator(
183                     themeDisplay.getCompanyId(), themeDisplay.getLocale()));
184 
185             Role role = RoleServiceUtil.getRole(roleId);
186 
187             for (String actionId : actions) {
188                 int scope = ParamUtil.getInteger(
189                     req, "scope" + selResource + actionId);
190 
191                 if (scope == ResourceConstants.SCOPE_COMPANY) {
192                     PermissionServiceUtil.setRolePermission(
193                         roleId, themeDisplay.getPortletGroupId(), selResource,
194                         scope, String.valueOf(themeDisplay.getCompanyId()),
195                         actionId);
196                 }
197                 else if (scope == ResourceConstants.SCOPE_GROUP) {
198                     if ((role.getType() == RoleImpl.TYPE_COMMUNITY) ||
199                         (role.getType() == RoleImpl.TYPE_ORGANIZATION)) {
200 
201                         PermissionServiceUtil.setRolePermission(
202                             roleId, themeDisplay.getPortletGroupId(),
203                             selResource, ResourceConstants.SCOPE_GROUP_TEMPLATE,
204                             String.valueOf(GroupImpl.DEFAULT_PARENT_GROUP_ID),
205                             actionId);
206                     }
207                     else {
208                         String[] groupIds = StringUtil.split(
209                             ParamUtil.getString(
210                                 req, "groupIds" + selResource + actionId));
211 
212                         if (groupIds.length == 0) {
213                             SessionErrors.add(req, "missingGroupIdsForAction");
214                             return;
215                         }
216 
217                         groupIds = ArrayUtil.distinct(groupIds);
218 
219                         PermissionServiceUtil.unsetRolePermissions(
220                             roleId, themeDisplay.getPortletGroupId(),
221                             selResource, ResourceConstants.SCOPE_GROUP,
222                             actionId);
223 
224                         for (int j = 0; j < groupIds.length; j++) {
225                             PermissionServiceUtil.setRolePermission(
226                                 roleId, themeDisplay.getPortletGroupId(),
227                                 selResource, ResourceConstants.SCOPE_GROUP,
228                                 groupIds[j], actionId);
229                         }
230                     }
231                 }
232                 else {
233 
234                     // Remove company, group template, and group permissions
235 
236                     PermissionServiceUtil.unsetRolePermissions(
237                         roleId, themeDisplay.getPortletGroupId(), selResource,
238                         ResourceConstants.SCOPE_COMPANY, actionId);
239 
240                     PermissionServiceUtil.unsetRolePermissions(
241                         roleId, themeDisplay.getPortletGroupId(), selResource,
242                         ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
243 
244                     PermissionServiceUtil.unsetRolePermissions(
245                         roleId, themeDisplay.getPortletGroupId(), selResource,
246                         ResourceConstants.SCOPE_GROUP, actionId);
247                 }
248             }
249         }
250 
251         // Send redirect
252 
253         SessionMessages.add(req, "permissionsUpdated");
254 
255         String redirect =
256             ParamUtil.getString(req, "redirect") + "&" + Constants.CMD + "=" +
257                 Constants.VIEW;
258 
259         res.sendRedirect(redirect);
260     }
261 
262 }