1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portlet.portletconfiguration.action;
16  
17  import com.liferay.portal.kernel.servlet.SessionErrors;
18  import com.liferay.portal.kernel.servlet.SessionMessages;
19  import com.liferay.portal.kernel.util.Constants;
20  import com.liferay.portal.kernel.util.ParamUtil;
21  import com.liferay.portal.kernel.util.StringUtil;
22  import com.liferay.portal.kernel.util.Validator;
23  import com.liferay.portal.model.Layout;
24  import com.liferay.portal.model.Organization;
25  import com.liferay.portal.model.Portlet;
26  import com.liferay.portal.model.PortletConstants;
27  import com.liferay.portal.model.Resource;
28  import com.liferay.portal.model.UserGroup;
29  import com.liferay.portal.security.auth.PrincipalException;
30  import com.liferay.portal.service.PermissionServiceUtil;
31  import com.liferay.portal.service.PortletLocalServiceUtil;
32  import com.liferay.portal.service.ResourceLocalServiceUtil;
33  import com.liferay.portal.service.ResourcePermissionServiceUtil;
34  import com.liferay.portal.servlet.filters.cache.CacheUtil;
35  import com.liferay.portal.theme.ThemeDisplay;
36  import com.liferay.portal.util.PropsValues;
37  import com.liferay.portal.util.WebKeys;
38  
39  import java.util.ArrayList;
40  import java.util.Enumeration;
41  import java.util.List;
42  
43  import javax.portlet.ActionRequest;
44  import javax.portlet.ActionResponse;
45  import javax.portlet.PortletConfig;
46  import javax.portlet.RenderRequest;
47  import javax.portlet.RenderResponse;
48  
49  import org.apache.struts.action.ActionForm;
50  import org.apache.struts.action.ActionForward;
51  import org.apache.struts.action.ActionMapping;
52  
53  /**
54   * <a href="EditPermissionsAction.java.html"><b><i>View Source</i></b></a>
55   *
56   * @author Brian Wing Shun Chan
57   */
58  public class EditPermissionsAction extends EditConfigurationAction {
59  
60      public void processAction(
61              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
62              ActionRequest actionRequest, ActionResponse actionResponse)
63          throws Exception {
64  
65          String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
66  
67          try {
68              if (cmd.equals("group_permissions")) {
69                  updateGroupPermissions(actionRequest);
70              }
71              else if (cmd.equals("guest_permissions")) {
72                  updateGuestPermissions(actionRequest);
73              }
74              else if (cmd.equals("organization_permissions")) {
75                  updateOrganizationPermissions(actionRequest);
76              }
77              else if (cmd.equals("role_permissions")) {
78                  updateRolePermissions(actionRequest);
79              }
80              else if (cmd.equals("user_group_permissions")) {
81                  updateUserGroupPermissions(actionRequest);
82              }
83              else if (cmd.equals("user_permissions")) {
84                  updateUserPermissions(actionRequest);
85              }
86  
87              if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) {
88                  String redirect = ParamUtil.getString(
89                      actionRequest, "permissionsRedirect");
90  
91                  sendRedirect(actionRequest, actionResponse, redirect);
92              }
93              else {
94                  SessionMessages.add(actionRequest, "request_processed");
95              }
96          }
97          catch (Exception e) {
98              if (e instanceof PrincipalException) {
99                  SessionErrors.add(actionRequest, e.getClass().getName());
100 
101                 setForward(
102                     actionRequest, "portlet.portlet_configuration.error");
103             }
104             else {
105                 throw e;
106             }
107         }
108     }
109 
110     public ActionForward render(
111             ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
112             RenderRequest renderRequest, RenderResponse renderResponse)
113         throws Exception {
114 
115         ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
116             WebKeys.THEME_DISPLAY);
117 
118         long groupId = themeDisplay.getScopeGroupId();
119 
120         String portletResource = ParamUtil.getString(
121             renderRequest, "portletResource");
122         String modelResource = ParamUtil.getString(
123             renderRequest, "modelResource");
124         String resourcePrimKey = ParamUtil.getString(
125             renderRequest, "resourcePrimKey");
126 
127         String selResource = portletResource;
128 
129         if (Validator.isNotNull(modelResource)) {
130             selResource = modelResource;
131         }
132 
133         try {
134             PermissionServiceUtil.checkPermission(
135                 groupId, selResource, resourcePrimKey);
136         }
137         catch (PrincipalException pe) {
138             SessionErrors.add(
139                 renderRequest, PrincipalException.class.getName());
140 
141             setForward(renderRequest, "portlet.portlet_configuration.error");
142         }
143 
144         Portlet portlet = PortletLocalServiceUtil.getPortletById(
145             themeDisplay.getCompanyId(), portletResource);
146 
147         if (portlet != null) {
148             renderResponse.setTitle(getTitle(portlet, renderRequest));
149         }
150 
151         return mapping.findForward(getForward(
152             renderRequest, "portlet.portlet_configuration.edit_permissions"));
153     }
154 
155     protected String[] getActionIds(ActionRequest actionRequest, long roleId) {
156         List<String> actionIds = new ArrayList<String>();
157 
158         Enumeration<String> enu = actionRequest.getParameterNames();
159 
160         while (enu.hasMoreElements()) {
161             String name = enu.nextElement();
162 
163             if (name.startsWith(roleId + "_ACTION_")) {
164                 int pos = name.indexOf("_ACTION_");
165 
166                 String actionId = name.substring(pos + 8);
167 
168                 actionIds.add(actionId);
169             }
170         }
171 
172         return actionIds.toArray(new String[actionIds.size()]);
173     }
174 
175     protected void updateGroupPermissions(ActionRequest actionRequest)
176         throws Exception {
177 
178         Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
179 
180         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
181         long groupId = ParamUtil.getLong(actionRequest, "groupId");
182         String[] actionIds = StringUtil.split(
183             ParamUtil.getString(actionRequest, "groupIdActionIds"));
184 
185         PermissionServiceUtil.setGroupPermissions(
186             groupId, actionIds, resourceId);
187 
188         if (!layout.isPrivateLayout()) {
189             Resource resource =
190                 ResourceLocalServiceUtil.getResource(resourceId);
191 
192             if (resource.getPrimKey().startsWith(
193                     layout.getPlid() + PortletConstants.LAYOUT_SEPARATOR)) {
194 
195                 CacheUtil.clearCache(layout.getCompanyId());
196             }
197         }
198     }
199 
200     protected void updateGuestPermissions(ActionRequest actionRequest)
201         throws Exception {
202 
203         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
204             WebKeys.THEME_DISPLAY);
205 
206         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
207         String[] actionIds = StringUtil.split(
208             ParamUtil.getString(actionRequest, "guestActionIds"));
209 
210         PermissionServiceUtil.setUserPermissions(
211             themeDisplay.getDefaultUserId(), themeDisplay.getScopeGroupId(),
212             actionIds, resourceId);
213     }
214 
215     protected void updateOrganizationPermissions(ActionRequest actionRequest)
216         throws Exception {
217 
218         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
219             WebKeys.THEME_DISPLAY);
220 
221         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
222         long organizationId = ParamUtil.getLong(
223             actionRequest, "organizationIdsPosValue");
224         String[] actionIds = StringUtil.split(
225             ParamUtil.getString(actionRequest, "organizationIdActionIds"));
226         //boolean organizationIntersection = ParamUtil.getBoolean(
227         //  actionRequest, "organizationIntersection");
228 
229         //if (!organizationIntersection) {
230             PermissionServiceUtil.setGroupPermissions(
231                 Organization.class.getName(), String.valueOf(organizationId),
232                 themeDisplay.getScopeGroupId(), actionIds, resourceId);
233         /*}
234         else {
235             PermissionServiceUtil.setOrgGroupPermissions(
236                 organizationId, layout.getGroupId(), actionIds, resourceId);
237         }*/
238     }
239 
240     protected void updateRolePermissions(ActionRequest actionRequest)
241         throws Exception {
242 
243         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
244             updateRolePermissions_5(actionRequest);
245         }
246         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
247             updateRolePermissions_6(actionRequest);
248         }
249         else {
250             updateRolePermissions_1to4(actionRequest);
251         }
252     }
253 
254     protected void updateRolePermissions_1to4(ActionRequest actionRequest)
255         throws Exception {
256 
257         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
258             WebKeys.THEME_DISPLAY);
259 
260         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
261         long roleId = ParamUtil.getLong(actionRequest, "roleIdsPosValue");
262         String[] actionIds = StringUtil.split(
263             ParamUtil.getString(actionRequest, "roleIdActionIds"));
264 
265         PermissionServiceUtil.setRolePermissions(
266             roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
267     }
268 
269     protected void updateRolePermissions_5(ActionRequest actionRequest)
270         throws Exception {
271 
272         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
273             WebKeys.THEME_DISPLAY);
274 
275         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
276         long[] roleIds = StringUtil.split(
277             ParamUtil.getString(
278                 actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
279 
280         for (long roleId : roleIds) {
281             String[] actionIds = getActionIds(actionRequest, roleId);
282 
283             PermissionServiceUtil.setRolePermissions(
284                 roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
285         }
286     }
287 
288     protected void updateRolePermissions_6(ActionRequest actionRequest)
289         throws Exception {
290 
291         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
292             WebKeys.THEME_DISPLAY);
293 
294         String portletResource = ParamUtil.getString(
295             actionRequest, "portletResource");
296         String modelResource = ParamUtil.getString(
297             actionRequest, "modelResource");
298         long[] roleIds = StringUtil.split(
299             ParamUtil.getString(
300                 actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
301 
302         String selResource = portletResource;
303 
304         if (Validator.isNotNull(modelResource)) {
305             selResource = modelResource;
306         }
307 
308         String resourcePrimKey = ParamUtil.getString(
309             actionRequest, "resourcePrimKey");
310 
311         for (long roleId : roleIds) {
312             String[] actionIds = getActionIds(actionRequest, roleId);
313 
314             ResourcePermissionServiceUtil.setIndividualResourcePermissions(
315                 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
316                 selResource, resourcePrimKey, roleId, actionIds);
317         }
318     }
319 
320     protected void updateUserGroupPermissions(ActionRequest actionRequest)
321         throws Exception {
322 
323         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
324             WebKeys.THEME_DISPLAY);
325 
326         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
327         long userGroupId = ParamUtil.getLong(
328             actionRequest, "userGroupIdsPosValue");
329         String[] actionIds = StringUtil.split(
330             ParamUtil.getString(actionRequest, "userGroupIdActionIds"));
331 
332         PermissionServiceUtil.setGroupPermissions(
333             UserGroup.class.getName(), String.valueOf(userGroupId),
334             themeDisplay.getScopeGroupId(), actionIds, resourceId);
335     }
336 
337     protected void updateUserPermissions(ActionRequest actionRequest)
338         throws Exception {
339 
340         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
341             WebKeys.THEME_DISPLAY);
342 
343         long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
344         long userId = ParamUtil.getLong(actionRequest, "userIdsPosValue");
345         String[] actionIds = StringUtil.split(
346             ParamUtil.getString(actionRequest, "userIdActionIds"));
347 
348         PermissionServiceUtil.setUserPermissions(
349             userId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
350     }
351 
352 }