1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.upgrade.v4_4_0;
16  
17  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
18  import com.liferay.portal.kernel.upgrade.UpgradeProcess;
19  import com.liferay.portal.model.Group;
20  import com.liferay.portal.model.Location;
21  import com.liferay.portal.model.Organization;
22  import com.liferay.portal.model.ResourceConstants;
23  import com.liferay.portal.model.Role;
24  import com.liferay.portal.model.UserGroup;
25  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
26  import com.liferay.portlet.documentlibrary.model.DLFolder;
27  import com.liferay.portlet.imagegallery.model.IGFolder;
28  import com.liferay.portlet.messageboards.model.MBCategory;
29  import com.liferay.portlet.shopping.model.ShoppingCategory;
30  
31  import java.sql.Connection;
32  import java.sql.PreparedStatement;
33  import java.sql.ResultSet;
34  
35  /**
36   * <a href="UpgradePermission.java.html"><b><i>View Source</i></b></a>
37   *
38   * @author     Brian Wing Shun Chan
39   * @deprecated
40   */
41  public class UpgradePermission extends UpgradeProcess {
42  
43      protected void deletePermissionByActionIdAndResourceName(
44              String actionId, String resourceName)
45          throws Exception {
46  
47          Connection con = null;
48          PreparedStatement ps = null;
49          ResultSet rs = null;
50  
51          try {
52              con = DataAccess.getConnection();
53  
54              ps = con.prepareStatement(_GET_PERMISSION_IDS_1);
55  
56              ps.setString(1, actionId);
57              ps.setString(2, resourceName);
58  
59              rs = ps.executeQuery();
60  
61              while (rs.next()) {
62                  long permissionId = rs.getLong("permissionId");
63  
64                  deletePermissionByPermissionId(permissionId);
65              }
66          }
67          finally {
68              DataAccess.cleanUp(con, ps, rs);
69          }
70      }
71  
72      protected void deletePermissionByPermissionId(long permissionId)
73          throws Exception {
74  
75          runSQL(
76              "delete from Permission_ where permissionId = " + permissionId);
77          runSQL(
78              "delete from Groups_Permissions where permissionId = " +
79                  permissionId);
80          runSQL(
81              "delete from Roles_Permissions where permissionId = " +
82                  permissionId);
83          runSQL(
84              "delete from Users_Permissions where permissionId = " +
85                  permissionId);
86      }
87  
88      protected void deletePermissionByResourceId(long resourceId)
89          throws Exception {
90  
91          Connection con = null;
92          PreparedStatement ps = null;
93          ResultSet rs = null;
94  
95          try {
96              con = DataAccess.getConnection();
97  
98              ps = con.prepareStatement(
99                  "select permissionId from Permission_ where resourceId = ?");
100 
101             ps.setLong(1, resourceId);
102 
103             rs = ps.executeQuery();
104 
105             while (rs.next()) {
106                 long permissionId = rs.getLong("permissionId");
107 
108                 deletePermissionByPermissionId(permissionId);
109             }
110         }
111         finally {
112             DataAccess.cleanUp(con, ps, rs);
113         }
114     }
115 
116     protected void deleteResource(long codeId) throws Exception {
117         Connection con = null;
118         PreparedStatement ps = null;
119         ResultSet rs = null;
120 
121         try {
122             con = DataAccess.getConnection();
123 
124             ps = con.prepareStatement(
125                 "select resourceId from Resource_ where codeId = ?");
126 
127             ps.setLong(1, codeId);
128 
129             rs = ps.executeQuery();
130 
131             while (rs.next()) {
132                 long resourceId = rs.getLong("resourceId");
133 
134                 deletePermissionByResourceId(resourceId);
135 
136                 runSQL(
137                     "delete from Resource_ where resourceId = " + resourceId);
138             }
139         }
140         finally {
141             DataAccess.cleanUp(con, ps, rs);
142         }
143     }
144 
145     protected void deleteResourceCode(String resourceName)
146         throws Exception {
147 
148         Connection con = null;
149         PreparedStatement ps = null;
150         ResultSet rs = null;
151 
152         try {
153             con = DataAccess.getConnection();
154 
155             ps = con.prepareStatement(
156                 "select codeId from ResourceCode where name = ?");
157 
158             ps.setString(1, resourceName);
159 
160             rs = ps.executeQuery();
161 
162             while (rs.next()) {
163                 long codeId = rs.getLong("codeId");
164 
165                 deleteResource(codeId);
166 
167                 runSQL(
168                     "delete from ResourceCode where name = '" + resourceName +
169                         "'");
170             }
171         }
172         finally {
173             DataAccess.cleanUp(con, ps, rs);
174         }
175     }
176 
177     protected void deleteRolesPermissions(String roleName) throws Exception {
178         Connection con = null;
179         PreparedStatement ps = null;
180         ResultSet rs = null;
181 
182         try {
183             con = DataAccess.getConnection();
184 
185             ps = con.prepareStatement(_GET_ROLE_IDS);
186 
187             ps.setString(1, roleName);
188 
189             rs = ps.executeQuery();
190 
191             while (rs.next()) {
192                 long roleId = rs.getLong("roleId");
193 
194                 runSQL(
195                     "delete from Roles_Permissions where roleId = " + roleId);
196             }
197         }
198         finally {
199             DataAccess.cleanUp(con, ps, rs);
200         }
201     }
202 
203     protected void deleteUsersPermissions(int scope) throws Exception {
204         Connection con = null;
205         PreparedStatement ps = null;
206         ResultSet rs = null;
207 
208         try {
209             con = DataAccess.getConnection();
210 
211             ps = con.prepareStatement(_GET_PERMISSION_IDS_2);
212 
213             ps.setLong(1, scope);
214 
215             rs = ps.executeQuery();
216 
217             while (rs.next()) {
218                 long permissionId = rs.getLong("permissionId");
219 
220                 runSQL(
221                     "delete from Users_Permissions where permissionId = " +
222                         permissionId);
223             }
224         }
225         finally {
226             DataAccess.cleanUp(con, ps, rs);
227         }
228     }
229 
230     protected void doUpgrade() throws Exception {
231         runSQL("delete from OrgGroupPermission");
232 
233         for (int i = 0; i < _DELETE_PERMISSIONS.length; i++) {
234             Object[] permission = _DELETE_PERMISSIONS[i];
235 
236             String actionId = (String)permission[0];
237             String resourceName = ((Class<?>)permission[1]).getName();
238 
239             deletePermissionByActionIdAndResourceName(actionId, resourceName);
240         }
241 
242         for (int i = 0; i < _UPDATE_PERMISSIONS.length; i++) {
243             Object[] permission = _UPDATE_PERMISSIONS[i];
244 
245             String oldActionId = (String)permission[0];
246             String newActionId = (String)permission[1];
247             String resourceName = ((Class<?>)permission[2]).getName();
248 
249             updatePermission(oldActionId, newActionId, resourceName);
250         }
251 
252         deleteResourceCode("com.liferay.portlet.blogs.model.BlogsCategory");
253 
254         deleteRolesPermissions("Community Administrator");
255         deleteRolesPermissions("Community Owner");
256         deleteRolesPermissions("Organization Administrator");
257 
258         deleteUsersPermissions(ResourceConstants.SCOPE_GROUP);
259     }
260 
261     protected void updatePermission(
262             String oldActionId, String newActionId, String resourceName)
263         throws Exception {
264 
265         Connection con = null;
266         PreparedStatement ps = null;
267         ResultSet rs = null;
268 
269         try {
270             con = DataAccess.getConnection();
271 
272             ps = con.prepareStatement(_GET_PERMISSION_IDS_1);
273 
274             ps.setString(1, oldActionId);
275             ps.setString(2, resourceName);
276 
277             rs = ps.executeQuery();
278 
279             while (rs.next()) {
280                 long permissionId = rs.getLong("permissionId");
281 
282                 runSQL(
283                     "update Permission_ set actionId = '" + newActionId +
284                         "' where permissionId = " + permissionId);
285             }
286         }
287         finally {
288             DataAccess.cleanUp(con, ps, rs);
289         }
290     }
291 
292     private static Object[][] _DELETE_PERMISSIONS = new Object[][] {
293         new Object[] {
294             "ADMINISTRATE", Group.class
295         },
296         new Object[] {
297             "ADD_USER", Location.class
298         },
299         new Object[] {
300             "ADD_USER", Organization.class
301         },
302         new Object[] {
303             "DELETE_USER", Location.class
304         },
305         new Object[] {
306             "DELETE_USER", Organization.class
307         },
308         new Object[] {
309             "PERMISSIONS_USER", Location.class
310         },
311         new Object[] {
312             "PERMISSIONS_USER", Organization.class
313         },
314         new Object[] {
315             "UPDATE_USER", Location.class
316         },
317         new Object[] {
318             "UPDATE_USER", Organization.class
319         },
320         new Object[] {
321             "VIEW_USER", Location.class
322         },
323         new Object[] {
324             "VIEW_USER", Organization.class
325         }
326     };
327 
328     private static final String _GET_PERMISSION_IDS_1 =
329         "select Permission_.permissionId from Permission_ inner join " +
330             "Resource_ on Resource_.resourceId = Permission_.resourceId " +
331                 "inner join ResourceCode on ResourceCode.codeId = " +
332                     "Resource_.codeId where Permission_.actionId = ? and " +
333                         "ResourceCode.name = ?";
334 
335     private static final String _GET_PERMISSION_IDS_2 =
336         "select Users_Permissions.permissionId from Users_Permissions inner " +
337             "join Permission_ on Permission_.permissionId = " +
338                 "Users_Permissions.permissionId inner join Resource_ on " +
339                     "Resource_.resourceId = Permission_.resourceId inner " +
340                         "join ResourceCode on ResourceCode.codeId = " +
341                             "Resource_.codeId where ResourceCode.scope = ?";
342 
343     private static final String _GET_ROLE_IDS =
344         "select Roles_Permissions.roleId from Roles_Permissions inner join " +
345             "Role_ on Role_.roleId = Roles_Permissions.roleId where " +
346                 "Role_.name = ?";
347 
348     private static Object[][] _UPDATE_PERMISSIONS = new Object[][] {
349         new Object[] {
350             "ADD_CATEGORY", "ADD_SUBCATEGORY", MBCategory.class
351         },
352         new Object[] {
353             "ADD_CATEGORY", "ADD_SUBCATEGORY", ShoppingCategory.class
354         },
355         new Object[] {
356             "ADD_FOLDER", "ADD_SUBFOLDER", DLFolder.class
357         },
358         new Object[] {
359             "ADD_FOLDER", "ADD_SUBFOLDER", IGFolder.class
360         },
361         new Object[] {
362             "ADD_FOLDER", "ADD_SUBFOLDER", BookmarksFolder.class
363         },
364         new Object[] {
365             "ADD_LOCATION", "MANAGE_SUBORGANIZATIONS", Organization.class
366         },
367         new Object[] {
368             "ADD_PERMISSIONS", "DEFINE_PERMISSIONS", Role.class
369         },
370         new Object[] {
371             "ADD_USER", "MANAGE_USERS", Location.class
372         },
373         new Object[] {
374             "ADD_USER", "MANAGE_USERS", Organization.class
375         },
376         new Object[] {
377             "ASSIGN_USERS", "ASSIGN_MEMBERS", Group.class
378         },
379         new Object[] {
380             "ASSIGN_USERS", "ASSIGN_MEMBERS", Role.class
381         },
382         new Object[] {
383             "ASSIGN_USERS", "ASSIGN_MEMBERS", UserGroup.class
384         }
385     };
386 
387 }