1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.upgrade.v5_2_0;
24  
25  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
26  import com.liferay.portal.kernel.dao.jdbc.SmartResultSet;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.util.GetterUtil;
30  import com.liferay.portal.model.Layout;
31  import com.liferay.portal.model.Permission;
32  import com.liferay.portal.model.PortletConstants;
33  import com.liferay.portal.model.Resource;
34  import com.liferay.portal.model.ResourceConstants;
35  import com.liferay.portal.service.LayoutLocalServiceUtil;
36  import com.liferay.portal.service.PermissionLocalServiceUtil;
37  import com.liferay.portal.service.ResourceLocalServiceUtil;
38  import com.liferay.portal.upgrade.UpgradeException;
39  import com.liferay.portal.upgrade.UpgradeProcess;
40  
41  import java.sql.Connection;
42  import java.sql.PreparedStatement;
43  import java.sql.ResultSet;
44  
45  /**
46   * <a href="UpgradePortletPermissions.java.html"><b><i>View Source</i></b></a>
47   *
48   * @author Jorge Ferrer
49   *
50   */
51  public class UpgradePortletPermissions extends UpgradeProcess {
52  
53      public void upgrade() throws UpgradeException {
54          _log.info("Upgrading portlet permissions");
55  
56          try {
57              updatePortletPermissions(
58                  "33", "com.liferay.portlet.blogs",
59                  new String[] {"ADD_ENTRY"});
60  
61              updatePortletPermissions(
62                  "28", "com.liferay.portlet.bookmarks",
63                  new String[] {"ADD_FOLDER"});
64  
65              updatePortletPermissions(
66                  "8", "com.liferay.portlet.calendar",
67                  new String[] {"ADD_EVENT", "EXPORT_ALL_EVENTS"});
68  
69              updatePortletPermissions(
70                  "20", "com.liferay.portlet.documentlibrary",
71                  new String[] {"ADD_FOLDER"});
72  
73              updatePortletPermissions(
74                  "31", "com.liferay.portlet.imagegallery",
75                  new String[] {"ADD_FOLDER"});
76  
77              updatePortletPermissions(
78                  "15", "com.liferay.portlet.journal",
79                  new String[] {
80                      "ADD_ARTICLE", "ADD_FEED", "ADD_STRUCTURE", "ADD_TEMPLATE",
81                      "APPROVE_ARTICLE"
82                  });
83  
84              updatePortletPermissions(
85                  "19", "com.liferay.portlet.messageboards",
86                  new String[] {"ADD_CATEGORY", "BAN_USER"});
87  
88              updatePortletPermissions(
89                  "25", "com.liferay.portlet.polls",
90                  new String[] {"ADD_QUESTION"});
91  
92              updatePortletPermissions(
93                  "34", "com.liferay.portlet.shopping",
94                  new String[] {
95                      "ADD_CATEGORY", "MANAGE_COUPONS", "MANAGE_ORDERS"
96                  });
97  
98              updatePortletPermissions(
99                  "98", "com.liferay.portlet.softwarecatalog",
100                 new String[] {"ADD_FRAMEWORK_VERSION", "ADD_PRODUCT_ENTRY"});
101 
102             updatePortletPermissions(
103                 "99", "com.liferay.portlet.tags",
104                 new String[] {"ADD_ENTRY", "ADD_VOCABULARY"});
105 
106             updatePortletPermissions(
107                 "36", "com.liferay.portlet.wiki",
108                 new String[] {"ADD_NODE"});
109         }
110         catch (Exception e) {
111             throw new UpgradeException(e);
112         }
113     }
114 
115     protected long getPortletPermissionsCount(
116             String actionId, long resourceId, String modelName)
117         throws Exception {
118 
119         Connection con = null;
120         PreparedStatement ps = null;
121         ResultSet rs = null;
122 
123         try {
124             con = DataAccess.getConnection();
125 
126             StringBuilder sb = new StringBuilder();
127 
128             sb.append("select count(*) from Permission_ ");
129             sb.append("inner join Resource_ on Resource_.resourceId = ");
130             sb.append("Permission_.resourceId inner join ResourceCode on ");
131             sb.append("ResourceCode.codeId = Resource_.codeId where ");
132             sb.append("Permission_.actionId = ? and ");
133             sb.append("Permission_.resourceId = ? and ResourceCode.name = ? ");
134             sb.append("and ResourceCode.scope = ? ");
135 
136             ps = con.prepareStatement(sb.toString());
137 
138             ps.setString(1, actionId);
139             ps.setLong(2, resourceId);
140             ps.setString(3, modelName);
141             ps.setInt(4, ResourceConstants.SCOPE_INDIVIDUAL);
142 
143             rs = ps.executeQuery();
144 
145             rs.next();
146 
147             return rs.getLong(1);
148         }
149         finally {
150             DataAccess.cleanUp(con, ps, rs);
151         }
152     }
153 
154     protected void updatePortletPermission(
155             long permissionId, String actionId, String primKey,
156             String modelName, int scope)
157         throws Exception {
158 
159         long plid = GetterUtil.getLong(
160             primKey.substring(
161                 0, primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR)));
162 
163         Layout layout = LayoutLocalServiceUtil.getLayout(plid);
164 
165         Resource resource = ResourceLocalServiceUtil.addResource(
166             layout.getCompanyId(), modelName, scope,
167             String.valueOf(layout.getGroupId()));
168 
169         long portletPermissionCount = getPortletPermissionsCount(
170             actionId, resource.getResourceId(), modelName);
171 
172         if (portletPermissionCount == 0) {
173             Permission permission = PermissionLocalServiceUtil.getPermission(
174                 permissionId);
175 
176             permission.setResourceId(resource.getResourceId());
177 
178             PermissionLocalServiceUtil.updatePermission(permission);
179         }
180         else {
181             PermissionLocalServiceUtil.deletePermission(permissionId);
182         }
183     }
184 
185     protected void updatePortletPermissions(
186             String portletName, String modelName, String[] actionIds)
187         throws Exception {
188 
189         Connection con = null;
190         PreparedStatement ps = null;
191         ResultSet rs = null;
192 
193         try {
194             con = DataAccess.getConnection();
195 
196             StringBuilder sb = new StringBuilder();
197 
198             sb.append("select Permission_.permissionId, ");
199             sb.append("Permission_.actionId, Resource_.primKey, ");
200             sb.append("ResourceCode.scope from Permission_ ");
201             sb.append("inner join Resource_ on Resource_.resourceId = ");
202             sb.append("Permission_.resourceId inner join ResourceCode on ");
203             sb.append("ResourceCode.codeId = Resource_.codeId where (");
204 
205             for (int i = 0; i < actionIds.length; i++) {
206                 String actionId = actionIds[i];
207 
208                 sb.append("Permission_.actionId = '");
209                 sb.append(actionId);
210                 sb.append("'");
211 
212                 if (i < (actionIds.length - 1)) {
213                     sb.append(" or ");
214                 }
215             }
216 
217             sb.append(") and ResourceCode.name = ? and ResourceCode.scope = ?");
218 
219             ps = con.prepareStatement(sb.toString());
220 
221             ps.setString(1, portletName);
222             ps.setInt(2, ResourceConstants.SCOPE_INDIVIDUAL);
223 
224             rs = ps.executeQuery();
225 
226             SmartResultSet srs = new SmartResultSet(rs);
227 
228             while (srs.next()) {
229                 long permissionId = srs.getLong("Permission_.permissionId");
230                 String actionId = srs.getString("Permission_.actionId");
231                 String primKey = srs.getString("Resource_.primKey");
232                 int scope = srs.getInt("ResourceCode.scope");
233 
234                 try {
235                     updatePortletPermission(
236                         permissionId, actionId, primKey, modelName, scope);
237                 }
238                 catch (Exception e) {
239                     _log.error(
240                         "Unable to upgrade permission " + permissionId, e);
241                 }
242             }
243         }
244         finally {
245             DataAccess.cleanUp(con, ps, rs);
246         }
247     }
248 
249     private static Log _log = LogFactoryUtil.getLog(
250         UpgradePortletPermissions.class);
251 
252 }