1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.NoSuchPermissionException;
26 import com.liferay.portal.NoSuchResourceException;
27 import com.liferay.portal.PortalException;
28 import com.liferay.portal.SystemException;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.Validator;
31 import com.liferay.portal.model.Group;
32 import com.liferay.portal.model.OrgGroupPermission;
33 import com.liferay.portal.model.Organization;
34 import com.liferay.portal.model.Permission;
35 import com.liferay.portal.model.Resource;
36 import com.liferay.portal.model.ResourceCode;
37 import com.liferay.portal.model.ResourceConstants;
38 import com.liferay.portal.model.Role;
39 import com.liferay.portal.model.User;
40 import com.liferay.portal.model.UserGroup;
41 import com.liferay.portal.security.permission.PermissionCacheUtil;
42 import com.liferay.portal.security.permission.PermissionCheckerBag;
43 import com.liferay.portal.security.permission.ResourceActionsUtil;
44 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
45 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
46 import com.liferay.portal.util.PropsValues;
47 import com.liferay.portal.util.comparator.PermissionComparator;
48
49 import java.util.ArrayList;
50 import java.util.Iterator;
51 import java.util.List;
52
53 import org.apache.commons.lang.time.StopWatch;
54 import org.apache.commons.logging.Log;
55 import org.apache.commons.logging.LogFactory;
56
57
65 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
66
67 public Permission addPermission(
68 long companyId, String actionId, long resourceId)
69 throws SystemException {
70
71 Permission permission = permissionPersistence.fetchByA_R(
72 actionId, resourceId);
73
74 if (permission == null) {
75 long permissionId = counterLocalService.increment(
76 Permission.class.getName());
77
78 permission = permissionPersistence.create(permissionId);
79
80 permission.setCompanyId(companyId);
81 permission.setActionId(actionId);
82 permission.setResourceId(resourceId);
83
84 permissionPersistence.update(permission, false);
85 }
86
87 return permission;
88 }
89
90 public List<Permission> addPermissions(
91 long companyId, String name, long resourceId,
92 boolean portletActions)
93 throws SystemException {
94
95 List<Permission> permissions = new ArrayList<Permission>();
96
97 List<String> actions = null;
98
99 if (portletActions) {
100 actions =
101 ResourceActionsUtil.getPortletResourceActions(companyId, name);
102 }
103 else {
104 actions = ResourceActionsUtil.getModelResourceActions(name);
105 }
106
107 for (int i = 0; i < actions.size(); i++) {
108 String actionId = actions.get(i);
109
110 Permission permission = addPermission(
111 companyId, actionId, resourceId);
112
113 permissions.add(permission);
114 }
115
116 return permissions;
117 }
118
119 public void addUserPermissions(
120 long userId, String[] actionIds, long resourceId)
121 throws PortalException, SystemException {
122
123 User user = userPersistence.findByPrimaryKey(userId);
124
125 List<Permission> permissions = permissionFinder.findByU_R(
126 userId, resourceId);
127
128 permissions = getPermissions(
129 user.getCompanyId(), actionIds, resourceId);
130
131 userPersistence.addPermissions(userId, permissions);
132
133 PermissionCacheUtil.clearCache();
134 }
135
136 public List<String> getActions(List<Permission> permissions) {
137 List<String> actions = new ArrayList<String>();
138
139 Iterator<Permission> itr = permissions.iterator();
140
141 while (itr.hasNext()) {
142 Permission permission = itr.next();
143
144 actions.add(permission.getActionId());
145 }
146
147 return actions;
148 }
149
150 public List<Permission> getGroupPermissions(long groupId, long resourceId)
151 throws SystemException {
152
153 return permissionFinder.findByG_R(groupId, resourceId);
154 }
155
156 public List<Permission> getGroupPermissions(
157 long groupId, long companyId, String name, int scope,
158 String primKey)
159 throws SystemException {
160
161 return permissionFinder.findByG_C_N_S_P(
162 groupId, companyId, name, scope, primKey);
163 }
164
165 public List<Permission> getOrgGroupPermissions(
166 long organizationId, long groupId, long resourceId)
167 throws SystemException {
168
169 return permissionFinder.findByO_G_R(
170 organizationId, groupId, resourceId);
171 }
172
173 public long getLatestPermissionId() throws SystemException {
174 List<Permission> permissions = permissionPersistence.findAll(
175 0, 1, new PermissionComparator());
176
177 if (permissions.size() == 0) {
178 return 0;
179 }
180 else {
181 Permission permission = permissions.get(0);
182
183 return permission.getPermissionId();
184 }
185 }
186
187 public List<Permission> getPermissions(
188 long companyId, String[] actionIds, long resourceId)
189 throws SystemException {
190
191 List<Permission> permissions = new ArrayList<Permission>();
192
193 for (int i = 0; i < actionIds.length; i++) {
194 Permission permission = addPermission(
195 companyId, actionIds[i], resourceId);
196
197 permissions.add(permission);
198 }
199
200 return permissions;
201 }
202
203 public List<Permission> getRolePermissions(long roleId)
204 throws SystemException {
205
206 return rolePersistence.getPermissions(roleId);
207 }
208
209 public List<Permission> getRolePermissions(long roleId, long resourceId)
210 throws SystemException {
211
212 return permissionFinder.findByR_R(roleId, resourceId);
213 }
214
215 public List<Permission> getUserPermissions(long userId, long resourceId)
216 throws SystemException {
217
218 return permissionFinder.findByU_R(userId, resourceId);
219 }
220
221 public List<Permission> getUserPermissions(
222 long userId, long companyId, String name, int scope, String primKey)
223 throws SystemException {
224
225 return permissionFinder.findByU_C_N_S_P(
226 userId, companyId, name, scope, primKey);
227 }
228
229 public boolean hasGroupPermission(
230 long groupId, String actionId, long resourceId)
231 throws SystemException {
232
233 Permission permission = null;
234
235 try {
236 permission = permissionPersistence.findByA_R(actionId, resourceId);
237 }
238 catch (NoSuchPermissionException nspe) {
239
240
243 return false;
244 }
245
246 return groupPersistence.containsPermission(
247 groupId, permission.getPermissionId());
248 }
249
250 public boolean hasRolePermission(
251 long roleId, long companyId, String name, int scope,
252 String actionId)
253 throws SystemException {
254
255 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
256 companyId, name, scope);
257
258 List<Resource> resources = resourcePersistence.findByCodeId(
259 resourceCode.getCodeId());
260
261 for (Resource resource : resources) {
262 try {
263 Permission permission = permissionPersistence.findByA_R(
264 actionId, resource.getResourceId());
265
266 if (rolePersistence.containsPermission(
267 roleId, permission.getPermissionId())) {
268
269 return true;
270 }
271 }
272 catch (NoSuchPermissionException nspe) {
273 }
274 }
275
276 return false;
277 }
278
279 public boolean hasRolePermission(
280 long roleId, long companyId, String name, int scope, String primKey,
281 String actionId)
282 throws SystemException {
283
284 try {
285 ResourceCode resourceCode =
286 resourceCodeLocalService.getResourceCode(
287 companyId, name, scope);
288
289 Resource resource = resourcePersistence.findByC_P(
290 resourceCode.getCodeId(), primKey);
291
292 Permission permission = permissionPersistence.findByA_R(
293 actionId, resource.getResourceId());
294
295 return rolePersistence.containsPermission(
296 roleId, permission.getPermissionId());
297 }
298 catch (NoSuchPermissionException nspe) {
299 }
300 catch (NoSuchResourceException nsre) {
301 }
302
303 return false;
304 }
305
306 public boolean hasUserPermission(
307 long userId, String actionId, long resourceId)
308 throws SystemException {
309
310 Permission permission = null;
311
312 try {
313 permission = permissionPersistence.findByA_R(actionId, resourceId);
314 }
315 catch (NoSuchPermissionException nspe) {
316
317
320 return false;
321 }
322
323 return userPersistence.containsPermission(
324 userId, permission.getPermissionId());
325 }
326
327 public boolean hasUserPermissions(
328 long userId, long groupId, String actionId, long[] resourceIds,
329 PermissionCheckerBag permissionCheckerBag)
330 throws SystemException {
331
332 StopWatch stopWatch = null;
333
334 if (_log.isDebugEnabled()) {
335 stopWatch = new StopWatch();
336
337 stopWatch.start();
338 }
339
340 int block = 1;
341
342
344 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
345 (resourceIds.length == 0)) {
346
347 return false;
348 }
349
350 List<Permission> permissions = permissionFinder.findByA_R(
351 actionId, resourceIds);
352
353
355 if (permissions.size() == 0) {
356 return false;
357 }
358
359
361 long resourceId = resourceIds[0];
362
363 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
364
365 List<Group> groups = permissionCheckerBag.getGroups();
371 List<Role> roles = permissionCheckerBag.getRoles();
372
373 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
374
375
379
383 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
384
385 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
386 return hasUserPermissions_1(
387 userId, actionId, resourceId, permissions, groups, groupId,
388 stopWatch, block);
389 }
390 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
391 return hasUserPermissions_2(
392 userId, actionId, resourceId, permissions, groups, groupId,
393 stopWatch, block);
394 }
395 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
396 return hasUserPermissions_3(
397 userId, actionId, resourceId, permissions, groups, roles,
398 stopWatch, block);
399 }
400 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
401 return hasUserPermissions_4(
402 userId, actionId, resourceId, permissions, groups, roles,
403 stopWatch, block);
404 }
405 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
406 return hasUserPermissions_5(
407 userId, actionId, resourceId, permissions, roles, stopWatch,
408 block);
409 }
410
411 return false;
412 }
413
414 public void setGroupPermissions(
415 long groupId, String[] actionIds, long resourceId)
416 throws PortalException, SystemException {
417
418 Group group = groupPersistence.findByPrimaryKey(groupId);
419
420 List<Permission> permissions = permissionFinder.findByG_R(
421 groupId, resourceId);
422
423 for (Permission permission : permissions) {
424 groupPersistence.removePermission(groupId, permission);
425 }
426
427 permissions = getPermissions(
428 group.getCompanyId(), actionIds, resourceId);
429
430 groupPersistence.addPermissions(groupId, permissions);
431
432 PermissionCacheUtil.clearCache();
433 }
434
435 public void setGroupPermissions(
436 String className, String classPK, long groupId,
437 String[] actionIds, long resourceId)
438 throws PortalException, SystemException {
439
440 long associatedGroupId = 0;
441
442 if (className.equals(Organization.class.getName())) {
443 long organizationId = GetterUtil.getLong(classPK);
444
445 Organization organization =
446 organizationPersistence.findByPrimaryKey(organizationId);
447
448 orgGroupPermissionFinder.removeByO_G_R(
449 organizationId, groupId, resourceId);
450
451 associatedGroupId = organization.getGroup().getGroupId();
452 }
453 else if (className.equals(UserGroup.class.getName())) {
454 long userGroupId = GetterUtil.getLong(classPK);
455
456 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
457 userGroupId);
458
459 associatedGroupId = userGroup.getGroup().getGroupId();
460 }
461
462 setGroupPermissions(associatedGroupId, actionIds, resourceId);
463 }
464
465 public void setOrgGroupPermissions(
466 long organizationId, long groupId, String[] actionIds,
467 long resourceId)
468 throws PortalException, SystemException {
469
470 Organization organization =
471 organizationPersistence.findByPrimaryKey(organizationId);
472
473 long orgGroupId = organization.getGroup().getGroupId();
474
475 List<Permission> permissions = permissionPersistence.findByResourceId(
476 resourceId);
477
478 for (Permission permission : permissions) {
479 groupPersistence.removePermission(orgGroupId, permission);
480 }
481
482 permissions = getPermissions(
483 organization.getCompanyId(), actionIds, resourceId);
484
485 orgGroupPermissionFinder.removeByO_G_R(
486 organizationId, groupId, resourceId);
487
488 for (Permission permission : permissions) {
489 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
490 organizationId, groupId, permission.getPermissionId());
491
492 OrgGroupPermission orgGroupPermission =
493 orgGroupPermissionPersistence.create(pk);
494
495 orgGroupPermissionPersistence.update(orgGroupPermission, false);
496 }
497
498 PermissionCacheUtil.clearCache();
499 }
500
501 public void setRolePermission(
502 long roleId, long companyId, String name, int scope, String primKey,
503 String actionId)
504 throws PortalException, SystemException {
505
506 if (scope == ResourceConstants.SCOPE_COMPANY) {
507
508
510 unsetRolePermissions(
511 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
512 actionId);
513 }
514 else if (scope == ResourceConstants.SCOPE_GROUP) {
515
516
518 unsetRolePermissions(
519 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
520 actionId);
521 }
522 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
523 throw new NoSuchPermissionException();
524 }
525
526 Resource resource = resourceLocalService.addResource(
527 companyId, name, scope, primKey);
528
529 Permission permission = null;
530
531 try {
532 permission = permissionPersistence.findByA_R(
533 actionId, resource.getResourceId());
534 }
535 catch (NoSuchPermissionException nspe) {
536 long permissionId = counterLocalService.increment(
537 Permission.class.getName());
538
539 permission = permissionPersistence.create(permissionId);
540
541 permission.setCompanyId(companyId);
542 permission.setActionId(actionId);
543 permission.setResourceId(resource.getResourceId());
544
545 permissionPersistence.update(permission, false);
546 }
547
548 rolePersistence.addPermission(roleId, permission);
549
550 PermissionCacheUtil.clearCache();
551 }
552
553 public void setRolePermissions(
554 long roleId, long companyId, String name, int scope, String primKey,
555 String[] actionIds)
556 throws PortalException, SystemException {
557
558 for (int i = 0; i < actionIds.length; i++) {
559 String actionId = actionIds[i];
560
561 setRolePermission(
562 roleId, companyId, name, scope, primKey, actionId);
563 }
564 }
565
566 public void setRolePermissions(
567 long roleId, String[] actionIds, long resourceId)
568 throws PortalException, SystemException {
569
570 Role role = rolePersistence.findByPrimaryKey(roleId);
571
572 List<Permission> permissions = permissionFinder.findByR_R(
573 roleId, resourceId);
574
575 rolePersistence.removePermissions(roleId, permissions);
576
577 permissions = getPermissions(
578 role.getCompanyId(), actionIds, resourceId);
579
580 rolePersistence.addPermissions(roleId, permissions);
581
582 PermissionCacheUtil.clearCache();
583 }
584
585 public void setUserPermissions(
586 long userId, String[] actionIds, long resourceId)
587 throws PortalException, SystemException {
588
589 User user = userPersistence.findByPrimaryKey(userId);
590
591 List<Permission> permissions = permissionFinder.findByU_R(
592 userId, resourceId);
593
594 userPersistence.removePermissions(userId, permissions);
595
596 permissions = getPermissions(
597 user.getCompanyId(), actionIds, resourceId);
598
599 userPersistence.addPermissions(userId, permissions);
600
601 PermissionCacheUtil.clearCache();
602 }
603
604 public void unsetRolePermission(long roleId, long permissionId)
605 throws SystemException {
606
607 try {
608 Permission permission = permissionPersistence.findByPrimaryKey(
609 permissionId);
610
611 rolePersistence.removePermission(roleId, permission);
612 }
613 catch (NoSuchPermissionException nspe) {
614 }
615
616 PermissionCacheUtil.clearCache();
617 }
618
619 public void unsetRolePermission(
620 long roleId, long companyId, String name, int scope, String primKey,
621 String actionId)
622 throws SystemException {
623
624 try {
625 ResourceCode resourceCode =
626 resourceCodeLocalService.getResourceCode(
627 companyId, name, scope);
628
629 Resource resource = resourcePersistence.findByC_P(
630 resourceCode.getCodeId(), primKey);
631
632 Permission permission = permissionPersistence.findByA_R(
633 actionId, resource.getResourceId());
634
635 rolePersistence.removePermission(roleId, permission);
636 }
637 catch (NoSuchPermissionException nspe) {
638 }
639 catch (NoSuchResourceException nsre) {
640 }
641
642 PermissionCacheUtil.clearCache();
643 }
644
645 public void unsetRolePermissions(
646 long roleId, long companyId, String name, int scope,
647 String actionId)
648 throws SystemException {
649
650 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
651 companyId, name, scope);
652
653 List<Resource> resources = resourcePersistence.findByCodeId(
654 resourceCode.getCodeId());
655
656 for (Resource resource : resources) {
657 try {
658 Permission permission = permissionPersistence.findByA_R(
659 actionId, resource.getResourceId());
660
661 rolePersistence.removePermission(roleId, permission);
662 }
663 catch (NoSuchPermissionException nspe) {
664 }
665 }
666
667 PermissionCacheUtil.clearCache();
668 }
669
670 public void unsetUserPermissions(
671 long userId, String[] actionIds, long resourceId)
672 throws SystemException {
673
674 List<Permission> permissions = permissionFinder.findByU_A_R(
675 userId, actionIds, resourceId);
676
677 userPersistence.removePermissions(userId, permissions);
678
679 PermissionCacheUtil.clearCache();
680 }
681
682 protected boolean checkOrgGroupPermission(
683 List<Organization> organizations, List<Group> groups,
684 List<Permission> permissions)
685 throws PortalException, SystemException {
686
687 for (Permission permission : permissions) {
688 if (checkOrgGroupPermission(organizations, groups, permission)) {
689 return true;
690 }
691 }
692
693 return false;
694 }
695
696 protected boolean checkOrgGroupPermission(
697 List<Organization> organizations, List<Group> groups,
698 Permission permission)
699 throws PortalException, SystemException {
700
701
704 if ((organizations.size() == 0) || (groups.size() == 0)) {
705 return false;
706 }
707
708
711 List<OrgGroupPermission> orgGroupPermissions =
712 orgGroupPermissionPersistence.findByPermissionId(
713 permission.getPermissionId());
714
715 if (orgGroupPermissions.size() == 0) {
716 return false;
717 }
718
719 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
720 if (orgGroupPermission.containsOrganization(organizations) &&
721 orgGroupPermission.containsGroup(groups)) {
722
723 return true;
724 }
725 }
726
727
731 throw new NoSuchPermissionException(
732 "User has a permission in OrgGroupPermission that does not match");
733 }
734
735 protected boolean hasUserPermissions_1(
736 long userId, String actionId, long resourceId,
737 List<Permission> permissions, List<Group> groups, long groupId,
738 StopWatch stopWatch, int block)
739 throws SystemException {
740
741
744 if (groups.size() > 0) {
745 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
746 return true;
747 }
748 }
749
750 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
751
752
755 if (groups.size() > 0) {
756 if (permissionFinder.countByGroupsPermissions(
757 permissions, groups) > 0) {
758
759 return true;
760 }
761 }
762
763 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
764
765
767 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
768 return true;
769 }
770
771 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
772
773
775 if (permissionFinder.countByUserGroupRole(
776 permissions, userId, groupId) > 0) {
777
778 return true;
779 }
780
781 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
782
783
785 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
786 return true;
787 }
788
789 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
790
791 return false;
792 }
793
794 protected boolean hasUserPermissions_2(
795 long userId, String actionId, long resourceId,
796 List<Permission> permissions, List<Group> groups, long groupId,
797 StopWatch stopWatch, int block)
798 throws SystemException {
799
800
803 if (permissionFinder.containsPermissions_2(
804 permissions, userId, groups, groupId)) {
805
806 return true;
807 }
808
809 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
810
811 return false;
812 }
813
814 protected boolean hasUserPermissions_3(
815 long userId, String actionId, long resourceId,
816 List<Permission> permissions, List<Group> groups, List<Role> roles,
817 StopWatch stopWatch, int block)
818 throws SystemException {
819
820
823 if (groups.size() > 0) {
824 if (permissionFinder.countByGroupsPermissions(
825 permissions, groups) > 0) {
826
827 return true;
828 }
829 }
830
831 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
832
833
836 if (roles.size() > 0) {
837 if (permissionFinder.countByRolesPermissions(
838 permissions, roles) > 0) {
839
840 return true;
841 }
842 }
843
844 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
845
846
848 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
849 return true;
850 }
851
852 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
853
854 return false;
855 }
856
857 protected boolean hasUserPermissions_4(
858 long userId, String actionId, long resourceId,
859 List<Permission> permissions, List<Group> groups, List<Role> roles,
860 StopWatch stopWatch, int block)
861 throws SystemException {
862
863
866 if (permissionFinder.containsPermissions_4(
867 permissions, userId, groups, roles)) {
868
869 return true;
870 }
871
872 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
873
874 return false;
875 }
876
877 protected boolean hasUserPermissions_5(
878 long userId, String actionId, long resourceId,
879 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
880 int block)
881 throws SystemException {
882
883 if (roles.size() > 0) {
884 if (permissionFinder.countByRolesPermissions(
885 permissions, roles) > 0) {
886
887 return true;
888 }
889 }
890
891 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
892
893 return false;
894 }
895
896 protected void logHasUserPermissions(
897 long userId, String actionId, long resourceId, StopWatch stopWatch,
898 int block) {
899
900 if (!_log.isDebugEnabled()) {
901 return;
902 }
903
904 _log.debug(
905 "Checking user permissions block " + block + " for " + userId +
906 " " + actionId + " " + resourceId + " takes " +
907 stopWatch.getTime() + " ms");
908 }
909
910 private static Log _log =
911 LogFactory.getLog(PermissionLocalServiceImpl.class);
912
913 }