1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.NoSuchResourceException;
27  import com.liferay.portal.PortalException;
28  import com.liferay.portal.SystemException;
29  import com.liferay.portal.kernel.util.GetterUtil;
30  import com.liferay.portal.kernel.util.Validator;
31  import com.liferay.portal.model.Group;
32  import com.liferay.portal.model.OrgGroupPermission;
33  import com.liferay.portal.model.Organization;
34  import com.liferay.portal.model.Permission;
35  import com.liferay.portal.model.Resource;
36  import com.liferay.portal.model.ResourceCode;
37  import com.liferay.portal.model.ResourceConstants;
38  import com.liferay.portal.model.Role;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserGroup;
41  import com.liferay.portal.security.permission.PermissionCacheUtil;
42  import com.liferay.portal.security.permission.PermissionCheckerBag;
43  import com.liferay.portal.security.permission.ResourceActionsUtil;
44  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
45  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
46  import com.liferay.portal.util.PropsValues;
47  import com.liferay.portal.util.comparator.PermissionComparator;
48  
49  import java.util.ArrayList;
50  import java.util.Iterator;
51  import java.util.List;
52  
53  import org.apache.commons.lang.time.StopWatch;
54  import org.apache.commons.logging.Log;
55  import org.apache.commons.logging.LogFactory;
56  
57  /**
58   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
59   *
60   * @author Charles May
61   * @author Brian Wing Shun Chan
62   * @author Raymond Augé
63   *
64   */
65  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
66  
67      public Permission addPermission(
68              long companyId, String actionId, long resourceId)
69          throws SystemException {
70  
71          Permission permission = permissionPersistence.fetchByA_R(
72              actionId, resourceId);
73  
74          if (permission == null) {
75              long permissionId = counterLocalService.increment(
76                  Permission.class.getName());
77  
78              permission = permissionPersistence.create(permissionId);
79  
80              permission.setCompanyId(companyId);
81              permission.setActionId(actionId);
82              permission.setResourceId(resourceId);
83  
84              permissionPersistence.update(permission, false);
85          }
86  
87          return permission;
88      }
89  
90      public List<Permission> addPermissions(
91              long companyId, String name, long resourceId,
92              boolean portletActions)
93          throws SystemException {
94  
95          List<Permission> permissions = new ArrayList<Permission>();
96  
97          List<String> actions = null;
98  
99          if (portletActions) {
100             actions =
101                 ResourceActionsUtil.getPortletResourceActions(companyId, name);
102         }
103         else {
104             actions = ResourceActionsUtil.getModelResourceActions(name);
105         }
106 
107         for (int i = 0; i < actions.size(); i++) {
108             String actionId = actions.get(i);
109 
110             Permission permission = addPermission(
111                 companyId, actionId, resourceId);
112 
113             permissions.add(permission);
114         }
115 
116         return permissions;
117     }
118 
119     public void addUserPermissions(
120             long userId, String[] actionIds, long resourceId)
121         throws PortalException, SystemException {
122 
123         User user = userPersistence.findByPrimaryKey(userId);
124 
125         List<Permission> permissions = permissionFinder.findByU_R(
126             userId, resourceId);
127 
128         permissions = getPermissions(
129             user.getCompanyId(), actionIds, resourceId);
130 
131         userPersistence.addPermissions(userId, permissions);
132 
133         PermissionCacheUtil.clearCache();
134     }
135 
136     public List<String> getActions(List<Permission> permissions) {
137         List<String> actions = new ArrayList<String>();
138 
139         Iterator<Permission> itr = permissions.iterator();
140 
141         while (itr.hasNext()) {
142             Permission permission = itr.next();
143 
144             actions.add(permission.getActionId());
145         }
146 
147         return actions;
148     }
149 
150     public List<Permission> getGroupPermissions(long groupId, long resourceId)
151         throws SystemException {
152 
153         return permissionFinder.findByG_R(groupId, resourceId);
154     }
155 
156     public List<Permission> getGroupPermissions(
157             long groupId, long companyId, String name, int scope,
158             String primKey)
159         throws SystemException {
160 
161         return permissionFinder.findByG_C_N_S_P(
162             groupId, companyId, name, scope, primKey);
163     }
164 
165     public List<Permission> getOrgGroupPermissions(
166             long organizationId, long groupId, long resourceId)
167         throws SystemException {
168 
169         return permissionFinder.findByO_G_R(
170             organizationId, groupId, resourceId);
171     }
172 
173     public long getLatestPermissionId() throws SystemException {
174         List<Permission> permissions = permissionPersistence.findAll(
175             0, 1, new PermissionComparator());
176 
177         if (permissions.size() == 0) {
178             return 0;
179         }
180         else {
181             Permission permission = permissions.get(0);
182 
183             return permission.getPermissionId();
184         }
185     }
186 
187     public List<Permission> getPermissions(
188             long companyId, String[] actionIds, long resourceId)
189         throws SystemException {
190 
191         List<Permission> permissions = new ArrayList<Permission>();
192 
193         for (int i = 0; i < actionIds.length; i++) {
194             Permission permission = addPermission(
195                 companyId, actionIds[i], resourceId);
196 
197             permissions.add(permission);
198         }
199 
200         return permissions;
201     }
202 
203     public List<Permission> getRolePermissions(long roleId)
204         throws SystemException {
205 
206         return rolePersistence.getPermissions(roleId);
207     }
208 
209     public List<Permission> getRolePermissions(long roleId, long resourceId)
210         throws SystemException {
211 
212         return permissionFinder.findByR_R(roleId, resourceId);
213     }
214 
215     public List<Permission> getUserPermissions(long userId, long resourceId)
216         throws SystemException {
217 
218         return permissionFinder.findByU_R(userId, resourceId);
219     }
220 
221     public List<Permission> getUserPermissions(
222             long userId, long companyId, String name, int scope, String primKey)
223         throws SystemException {
224 
225         return permissionFinder.findByU_C_N_S_P(
226             userId, companyId, name, scope, primKey);
227     }
228 
229     public boolean hasGroupPermission(
230             long groupId, String actionId, long resourceId)
231         throws SystemException {
232 
233         Permission permission = null;
234 
235         try {
236             permission = permissionPersistence.findByA_R(actionId, resourceId);
237         }
238         catch (NoSuchPermissionException nspe) {
239 
240             // Return false if there is no permission based on the given action
241             // id and resource id
242 
243             return false;
244         }
245 
246         return groupPersistence.containsPermission(
247             groupId, permission.getPermissionId());
248     }
249 
250     public boolean hasRolePermission(
251             long roleId, long companyId, String name, int scope,
252             String actionId)
253         throws SystemException {
254 
255         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
256             companyId, name, scope);
257 
258         List<Resource> resources = resourcePersistence.findByCodeId(
259             resourceCode.getCodeId());
260 
261         for (Resource resource : resources) {
262             try {
263                 Permission permission = permissionPersistence.findByA_R(
264                     actionId, resource.getResourceId());
265 
266                 if (rolePersistence.containsPermission(
267                         roleId, permission.getPermissionId())) {
268 
269                     return true;
270                 }
271             }
272             catch (NoSuchPermissionException nspe) {
273             }
274         }
275 
276         return false;
277     }
278 
279     public boolean hasRolePermission(
280             long roleId, long companyId, String name, int scope, String primKey,
281             String actionId)
282         throws SystemException {
283 
284         try {
285             ResourceCode resourceCode =
286                 resourceCodeLocalService.getResourceCode(
287                     companyId, name, scope);
288 
289             Resource resource = resourcePersistence.findByC_P(
290                 resourceCode.getCodeId(), primKey);
291 
292             Permission permission = permissionPersistence.findByA_R(
293                 actionId, resource.getResourceId());
294 
295             return rolePersistence.containsPermission(
296                 roleId, permission.getPermissionId());
297         }
298         catch (NoSuchPermissionException nspe) {
299         }
300         catch (NoSuchResourceException nsre) {
301         }
302 
303         return false;
304     }
305 
306     public boolean hasUserPermission(
307             long userId, String actionId, long resourceId)
308         throws SystemException {
309 
310         Permission permission = null;
311 
312         try {
313             permission = permissionPersistence.findByA_R(actionId, resourceId);
314         }
315         catch (NoSuchPermissionException nspe) {
316 
317             // Return false if there is no permission based on the given action
318             // id and resource id
319 
320             return false;
321         }
322 
323         return userPersistence.containsPermission(
324             userId, permission.getPermissionId());
325     }
326 
327     public boolean hasUserPermissions(
328             long userId, long groupId, String actionId, long[] resourceIds,
329             PermissionCheckerBag permissionCheckerBag)
330         throws SystemException {
331 
332         StopWatch stopWatch = null;
333 
334         if (_log.isDebugEnabled()) {
335             stopWatch = new StopWatch();
336 
337             stopWatch.start();
338         }
339 
340         int block = 1;
341 
342         // Return false if there is no resources
343 
344         if ((Validator.isNull(actionId)) || (resourceIds == null) ||
345             (resourceIds.length == 0)) {
346 
347             return false;
348         }
349 
350         List<Permission> permissions = permissionFinder.findByA_R(
351             actionId, resourceIds);
352 
353         // Return false if there are no permissions
354 
355         if (permissions.size() == 0) {
356             return false;
357         }
358 
359         // Record logs with the first resource id
360 
361         long resourceId = resourceIds[0];
362 
363         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
364 
365         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
366         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
367         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
368         //List<Group> userUserGroupGroups =
369         //  permissionCheckerBag.getUserUserGroupGroups();
370         List<Group> groups = permissionCheckerBag.getGroups();
371         List<Role> roles = permissionCheckerBag.getRoles();
372 
373         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
374 
375         // Check the organization and community intersection table. Break out of
376         // this method if the user has one of the permissions set at the
377         // intersection because that takes priority.
378 
379         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
380         //  return true;
381         //}
382 
383         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
384 
385         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
386             return hasUserPermissions_1(
387                 userId, actionId, resourceId, permissions, groups, groupId,
388                 stopWatch, block);
389         }
390         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
391             return hasUserPermissions_2(
392                 userId, actionId, resourceId, permissions, groups, groupId,
393                 stopWatch, block);
394         }
395         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
396             return hasUserPermissions_3(
397                 userId, actionId, resourceId, permissions, groups, roles,
398                 stopWatch, block);
399         }
400         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
401             return hasUserPermissions_4(
402                 userId, actionId, resourceId, permissions, groups, roles,
403                 stopWatch, block);
404         }
405         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
406             return hasUserPermissions_5(
407                 userId, actionId, resourceId, permissions, roles, stopWatch,
408                 block);
409         }
410 
411         return false;
412     }
413 
414     public void setGroupPermissions(
415             long groupId, String[] actionIds, long resourceId)
416         throws PortalException, SystemException {
417 
418         Group group = groupPersistence.findByPrimaryKey(groupId);
419 
420         List<Permission> permissions = permissionFinder.findByG_R(
421             groupId, resourceId);
422 
423         for (Permission permission : permissions) {
424             groupPersistence.removePermission(groupId, permission);
425         }
426 
427         permissions = getPermissions(
428             group.getCompanyId(), actionIds, resourceId);
429 
430         groupPersistence.addPermissions(groupId, permissions);
431 
432         PermissionCacheUtil.clearCache();
433     }
434 
435     public void setGroupPermissions(
436             String className, String classPK, long groupId,
437             String[] actionIds, long resourceId)
438         throws PortalException, SystemException {
439 
440         long associatedGroupId = 0;
441 
442         if (className.equals(Organization.class.getName())) {
443             long organizationId = GetterUtil.getLong(classPK);
444 
445             Organization organization =
446                 organizationPersistence.findByPrimaryKey(organizationId);
447 
448             orgGroupPermissionFinder.removeByO_G_R(
449                 organizationId, groupId, resourceId);
450 
451             associatedGroupId = organization.getGroup().getGroupId();
452         }
453         else if (className.equals(UserGroup.class.getName())) {
454             long userGroupId = GetterUtil.getLong(classPK);
455 
456             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
457                 userGroupId);
458 
459             associatedGroupId = userGroup.getGroup().getGroupId();
460         }
461 
462         setGroupPermissions(associatedGroupId, actionIds, resourceId);
463     }
464 
465     public void setOrgGroupPermissions(
466             long organizationId, long groupId, String[] actionIds,
467             long resourceId)
468         throws PortalException, SystemException {
469 
470         Organization organization =
471             organizationPersistence.findByPrimaryKey(organizationId);
472 
473         long orgGroupId = organization.getGroup().getGroupId();
474 
475         List<Permission> permissions = permissionPersistence.findByResourceId(
476             resourceId);
477 
478         for (Permission permission : permissions) {
479             groupPersistence.removePermission(orgGroupId, permission);
480         }
481 
482         permissions = getPermissions(
483             organization.getCompanyId(), actionIds, resourceId);
484 
485         orgGroupPermissionFinder.removeByO_G_R(
486             organizationId, groupId, resourceId);
487 
488         for (Permission permission : permissions) {
489             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
490                 organizationId, groupId, permission.getPermissionId());
491 
492             OrgGroupPermission orgGroupPermission =
493                 orgGroupPermissionPersistence.create(pk);
494 
495             orgGroupPermissionPersistence.update(orgGroupPermission, false);
496         }
497 
498         PermissionCacheUtil.clearCache();
499     }
500 
501     public void setRolePermission(
502             long roleId, long companyId, String name, int scope, String primKey,
503             String actionId)
504         throws PortalException, SystemException {
505 
506         if (scope == ResourceConstants.SCOPE_COMPANY) {
507 
508             // Remove group permission
509 
510             unsetRolePermissions(
511                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
512                 actionId);
513         }
514         else if (scope == ResourceConstants.SCOPE_GROUP) {
515 
516             // Remove company permission
517 
518             unsetRolePermissions(
519                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
520                 actionId);
521         }
522         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
523             throw new NoSuchPermissionException();
524         }
525 
526         Resource resource = resourceLocalService.addResource(
527             companyId, name, scope, primKey);
528 
529         Permission permission = null;
530 
531         try {
532             permission = permissionPersistence.findByA_R(
533                 actionId, resource.getResourceId());
534         }
535         catch (NoSuchPermissionException nspe) {
536             long permissionId = counterLocalService.increment(
537                 Permission.class.getName());
538 
539             permission = permissionPersistence.create(permissionId);
540 
541             permission.setCompanyId(companyId);
542             permission.setActionId(actionId);
543             permission.setResourceId(resource.getResourceId());
544 
545             permissionPersistence.update(permission, false);
546         }
547 
548         rolePersistence.addPermission(roleId, permission);
549 
550         PermissionCacheUtil.clearCache();
551     }
552 
553     public void setRolePermissions(
554             long roleId, long companyId, String name, int scope, String primKey,
555             String[] actionIds)
556         throws PortalException, SystemException {
557 
558         for (int i = 0; i < actionIds.length; i++) {
559             String actionId = actionIds[i];
560 
561             setRolePermission(
562                 roleId, companyId, name, scope, primKey, actionId);
563         }
564     }
565 
566     public void setRolePermissions(
567             long roleId, String[] actionIds, long resourceId)
568         throws PortalException, SystemException {
569 
570         Role role = rolePersistence.findByPrimaryKey(roleId);
571 
572         List<Permission> permissions = permissionFinder.findByR_R(
573             roleId, resourceId);
574 
575         rolePersistence.removePermissions(roleId, permissions);
576 
577         permissions = getPermissions(
578             role.getCompanyId(), actionIds, resourceId);
579 
580         rolePersistence.addPermissions(roleId, permissions);
581 
582         PermissionCacheUtil.clearCache();
583     }
584 
585     public void setUserPermissions(
586             long userId, String[] actionIds, long resourceId)
587         throws PortalException, SystemException {
588 
589         User user = userPersistence.findByPrimaryKey(userId);
590 
591         List<Permission> permissions = permissionFinder.findByU_R(
592             userId, resourceId);
593 
594         userPersistence.removePermissions(userId, permissions);
595 
596         permissions = getPermissions(
597             user.getCompanyId(), actionIds, resourceId);
598 
599         userPersistence.addPermissions(userId, permissions);
600 
601         PermissionCacheUtil.clearCache();
602     }
603 
604     public void unsetRolePermission(long roleId, long permissionId)
605         throws SystemException {
606 
607         try {
608             Permission permission = permissionPersistence.findByPrimaryKey(
609                 permissionId);
610 
611             rolePersistence.removePermission(roleId, permission);
612         }
613         catch (NoSuchPermissionException nspe) {
614         }
615 
616         PermissionCacheUtil.clearCache();
617     }
618 
619     public void unsetRolePermission(
620             long roleId, long companyId, String name, int scope, String primKey,
621             String actionId)
622         throws SystemException {
623 
624         try {
625             ResourceCode resourceCode =
626                 resourceCodeLocalService.getResourceCode(
627                     companyId, name, scope);
628 
629             Resource resource = resourcePersistence.findByC_P(
630                 resourceCode.getCodeId(), primKey);
631 
632             Permission permission = permissionPersistence.findByA_R(
633                 actionId, resource.getResourceId());
634 
635             rolePersistence.removePermission(roleId, permission);
636         }
637         catch (NoSuchPermissionException nspe) {
638         }
639         catch (NoSuchResourceException nsre) {
640         }
641 
642         PermissionCacheUtil.clearCache();
643     }
644 
645     public void unsetRolePermissions(
646             long roleId, long companyId, String name, int scope,
647             String actionId)
648         throws SystemException {
649 
650         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
651             companyId, name, scope);
652 
653         List<Resource> resources = resourcePersistence.findByCodeId(
654             resourceCode.getCodeId());
655 
656         for (Resource resource : resources) {
657             try {
658                 Permission permission = permissionPersistence.findByA_R(
659                     actionId, resource.getResourceId());
660 
661                 rolePersistence.removePermission(roleId, permission);
662             }
663             catch (NoSuchPermissionException nspe) {
664             }
665         }
666 
667         PermissionCacheUtil.clearCache();
668     }
669 
670     public void unsetUserPermissions(
671             long userId, String[] actionIds, long resourceId)
672         throws SystemException {
673 
674         List<Permission> permissions = permissionFinder.findByU_A_R(
675             userId, actionIds, resourceId);
676 
677         userPersistence.removePermissions(userId, permissions);
678 
679         PermissionCacheUtil.clearCache();
680     }
681 
682     protected boolean checkOrgGroupPermission(
683             List<Organization> organizations, List<Group> groups,
684             List<Permission> permissions)
685         throws PortalException, SystemException {
686 
687         for (Permission permission : permissions) {
688             if (checkOrgGroupPermission(organizations, groups, permission)) {
689                 return true;
690             }
691         }
692 
693         return false;
694     }
695 
696     protected boolean checkOrgGroupPermission(
697             List<Organization> organizations, List<Group> groups,
698             Permission permission)
699         throws PortalException, SystemException {
700 
701         // Do not check for an OrgGroupPermission intersection unless there is
702         // at least one organization and one group to check
703 
704         if ((organizations.size() == 0) || (groups.size() == 0)) {
705             return false;
706         }
707 
708         // Do not check unless the OrgGroupPermission intersection contains at
709         // least one permission
710 
711         List<OrgGroupPermission> orgGroupPermissions =
712             orgGroupPermissionPersistence.findByPermissionId(
713                 permission.getPermissionId());
714 
715         if (orgGroupPermissions.size() == 0) {
716             return false;
717         }
718 
719         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
720             if (orgGroupPermission.containsOrganization(organizations) &&
721                 orgGroupPermission.containsGroup(groups)) {
722 
723                 return true;
724             }
725         }
726 
727         // Throw an exception so that we do not continue checking permissions.
728         // The user has a specific permission given in the OrgGroupPermission
729         // intersection that prohibits him from going further.
730 
731         throw new NoSuchPermissionException(
732             "User has a permission in OrgGroupPermission that does not match");
733     }
734 
735     protected boolean hasUserPermissions_1(
736             long userId, String actionId, long resourceId,
737             List<Permission> permissions, List<Group> groups, long groupId,
738             StopWatch stopWatch, int block)
739         throws SystemException {
740 
741         // Is the user connected to one of the permissions via group or
742         // organization roles?
743 
744         if (groups.size() > 0) {
745             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
746                 return true;
747             }
748         }
749 
750         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
751 
752         // Is the user associated with groups or organizations that are directly
753         // connected to one of the permissions?
754 
755         if (groups.size() > 0) {
756             if (permissionFinder.countByGroupsPermissions(
757                     permissions, groups) > 0) {
758 
759                 return true;
760             }
761         }
762 
763         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
764 
765         // Is the user connected to one of the permissions via user roles?
766 
767         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
768             return true;
769         }
770 
771         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
772 
773         // Is the user connected to one of the permissions via user group roles?
774 
775         if (permissionFinder.countByUserGroupRole(
776                 permissions, userId, groupId) > 0) {
777 
778             return true;
779         }
780 
781         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
782 
783         // Is the user directly connected to one of the permissions?
784 
785         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
786             return true;
787         }
788 
789         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
790 
791         return false;
792     }
793 
794     protected boolean hasUserPermissions_2(
795             long userId, String actionId, long resourceId,
796             List<Permission> permissions, List<Group> groups, long groupId,
797             StopWatch stopWatch, int block)
798         throws SystemException {
799 
800         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
801         // countByUserGroupRole, and countByUsersPermissions in one method
802 
803         if (permissionFinder.containsPermissions_2(
804                 permissions, userId, groups, groupId)) {
805 
806             return true;
807         }
808 
809         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
810 
811         return false;
812     }
813 
814     protected boolean hasUserPermissions_3(
815             long userId, String actionId, long resourceId,
816             List<Permission> permissions, List<Group> groups, List<Role> roles,
817             StopWatch stopWatch, int block)
818         throws SystemException {
819 
820         // Is the user associated with groups or organizations that are directly
821         // connected to one of the permissions?
822 
823         if (groups.size() > 0) {
824             if (permissionFinder.countByGroupsPermissions(
825                     permissions, groups) > 0) {
826 
827                 return true;
828             }
829         }
830 
831         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
832 
833         // Is the user associated with a role that is directly connected to one
834         // of the permissions?
835 
836         if (roles.size() > 0) {
837             if (permissionFinder.countByRolesPermissions(
838                     permissions, roles) > 0) {
839 
840                 return true;
841             }
842         }
843 
844         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
845 
846         // Is the user directly connected to one of the permissions?
847 
848         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
849             return true;
850         }
851 
852         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
853 
854         return false;
855     }
856 
857     protected boolean hasUserPermissions_4(
858             long userId, String actionId, long resourceId,
859             List<Permission> permissions, List<Group> groups, List<Role> roles,
860             StopWatch stopWatch, int block)
861         throws SystemException {
862 
863         // Call countByGroupsPermissions, countByRolesPermissions, and
864         // countByUsersPermissions in one method
865 
866         if (permissionFinder.containsPermissions_4(
867                 permissions, userId, groups, roles)) {
868 
869             return true;
870         }
871 
872         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
873 
874         return false;
875     }
876 
877     protected boolean hasUserPermissions_5(
878             long userId, String actionId, long resourceId,
879             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
880             int block)
881         throws SystemException {
882 
883         if (roles.size() > 0) {
884             if (permissionFinder.countByRolesPermissions(
885                     permissions, roles) > 0) {
886 
887                 return true;
888             }
889         }
890 
891         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
892 
893         return false;
894     }
895 
896     protected void logHasUserPermissions(
897         long userId, String actionId, long resourceId, StopWatch stopWatch,
898         int block) {
899 
900         if (!_log.isDebugEnabled()) {
901             return;
902         }
903 
904         _log.debug(
905             "Checking user permissions block " + block + " for " + userId +
906                 " " + actionId + " " + resourceId + " takes " +
907                     stopWatch.getTime() + " ms");
908     }
909 
910     private static Log _log =
911         LogFactory.getLog(PermissionLocalServiceImpl.class);
912 
913 }