1
14
15 package com.liferay.portlet.enterpriseadmin.action;
16
17 import com.liferay.portal.NoSuchRoleException;
18 import com.liferay.portal.RolePermissionsException;
19 import com.liferay.portal.kernel.servlet.SessionErrors;
20 import com.liferay.portal.kernel.servlet.SessionMessages;
21 import com.liferay.portal.kernel.util.ArrayUtil;
22 import com.liferay.portal.kernel.util.Constants;
23 import com.liferay.portal.kernel.util.ListUtil;
24 import com.liferay.portal.kernel.util.ParamUtil;
25 import com.liferay.portal.kernel.util.StringUtil;
26 import com.liferay.portal.kernel.util.Validator;
27 import com.liferay.portal.model.GroupConstants;
28 import com.liferay.portal.model.ResourceConstants;
29 import com.liferay.portal.model.Role;
30 import com.liferay.portal.model.RoleConstants;
31 import com.liferay.portal.security.auth.PrincipalException;
32 import com.liferay.portal.security.permission.ResourceActionsUtil;
33 import com.liferay.portal.security.permission.comparator.ActionComparator;
34 import com.liferay.portal.service.PermissionServiceUtil;
35 import com.liferay.portal.service.ResourcePermissionServiceUtil;
36 import com.liferay.portal.service.RoleLocalServiceUtil;
37 import com.liferay.portal.struts.PortletAction;
38 import com.liferay.portal.theme.ThemeDisplay;
39 import com.liferay.portal.util.PropsValues;
40 import com.liferay.portal.util.WebKeys;
41
42 import java.util.HashMap;
43 import java.util.List;
44 import java.util.Map;
45
46 import javax.portlet.ActionRequest;
47 import javax.portlet.ActionResponse;
48 import javax.portlet.PortletConfig;
49 import javax.portlet.RenderRequest;
50 import javax.portlet.RenderResponse;
51
52 import org.apache.struts.action.ActionForm;
53 import org.apache.struts.action.ActionForward;
54 import org.apache.struts.action.ActionMapping;
55
56
62 public class EditRolePermissionsAction extends PortletAction {
63
64 public void processAction(
65 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
66 ActionRequest actionRequest, ActionResponse actionResponse)
67 throws Exception {
68
69 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
70
71 try {
72 if (cmd.equals("actions")) {
73 updateActions(actionRequest, actionResponse);
74 }
75 else if (cmd.equals("delete_permission")) {
76 deletePermission(actionRequest, actionResponse);
77 }
78 }
79 catch (Exception e) {
80 if (e instanceof NoSuchRoleException ||
81 e instanceof PrincipalException ||
82 e instanceof RolePermissionsException) {
83
84 SessionErrors.add(actionRequest, e.getClass().getName());
85
86 setForward(actionRequest, "portlet.enterprise_admin.error");
87 }
88 else {
89 throw e;
90 }
91 }
92 }
93
94 public ActionForward render(
95 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
96 RenderRequest renderRequest, RenderResponse renderResponse)
97 throws Exception {
98
99 try {
100 ActionUtil.getRole(renderRequest);
101 }
102 catch (Exception e) {
103 if (e instanceof NoSuchRoleException ||
104 e instanceof PrincipalException) {
105
106 SessionErrors.add(renderRequest, e.getClass().getName());
107
108 return mapping.findForward("portlet.enterprise_admin.error");
109 }
110 else {
111 throw e;
112 }
113 }
114
115 return mapping.findForward(getForward(
116 renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
117 }
118
119 protected void deletePermission(
120 ActionRequest actionRequest, ActionResponse actionResponse)
121 throws Exception {
122
123 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
124 WebKeys.THEME_DISPLAY);
125
126 long roleId = ParamUtil.getLong(actionRequest, "roleId");
127 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
128 String name = ParamUtil.getString(actionRequest, "name");
129 int scope = ParamUtil.getInteger(actionRequest, "scope");
130 String primKey = ParamUtil.getString(actionRequest, "primKey");
131 String actionId = ParamUtil.getString(actionRequest, "actionId");
132
133 Role role = RoleLocalServiceUtil.getRole(roleId);
134
135 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
136 role.getName().equals(RoleConstants.OWNER) ||
137 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
138 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
139 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
140 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
141
142 throw new RolePermissionsException(role.getName());
143 }
144
145 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
146 ResourcePermissionServiceUtil.removeResourcePermission(
147 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
148 name, scope, primKey, roleId, actionId);
149 }
150 else {
151 PermissionServiceUtil.unsetRolePermission(
152 roleId, themeDisplay.getScopeGroupId(), permissionId);
153 }
154
155
157 SessionMessages.add(actionRequest, "permissionDeleted");
158
159 String redirect = ParamUtil.getString(actionRequest, "redirect");
160
161 actionResponse.sendRedirect(redirect);
162 }
163
164 protected void updateAction_1to5(
165 Role role, long groupId, String selResource, String actionId,
166 boolean selected, int scope, String[] groupIds)
167 throws Exception {
168
169 long roleId = role.getRoleId();
170
171 if (selected) {
172 if (scope == ResourceConstants.SCOPE_COMPANY) {
173 PermissionServiceUtil.setRolePermission(
174 roleId, groupId, selResource, scope,
175 String.valueOf(role.getCompanyId()), actionId);
176 }
177 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
178 PermissionServiceUtil.setRolePermission(
179 roleId, groupId, selResource,
180 ResourceConstants.SCOPE_GROUP_TEMPLATE,
181 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
182 actionId);
183 }
184 else {
185 PermissionServiceUtil.unsetRolePermissions(
186 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
187 actionId);
188
189 for (String curGroupId : groupIds) {
190 PermissionServiceUtil.setRolePermission(
191 roleId, groupId, selResource,
192 ResourceConstants.SCOPE_GROUP, curGroupId, actionId);
193 }
194 }
195 }
196 else {
197
198
200 PermissionServiceUtil.unsetRolePermissions(
201 roleId, groupId, selResource, ResourceConstants.SCOPE_COMPANY,
202 actionId);
203
204 PermissionServiceUtil.unsetRolePermissions(
205 roleId, groupId, selResource,
206 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
207
208 PermissionServiceUtil.unsetRolePermissions(
209 roleId, groupId, selResource, ResourceConstants.SCOPE_GROUP,
210 actionId);
211 }
212 }
213
214 protected void updateAction_6(
215 Role role, long groupId, String selResource, String actionId,
216 boolean selected, int scope, String[] groupIds)
217 throws Exception {
218
219 long companyId = role.getCompanyId();
220 long roleId = role.getRoleId();
221
222 if (selected) {
223 if (scope == ResourceConstants.SCOPE_COMPANY) {
224 ResourcePermissionServiceUtil.addResourcePermission(
225 groupId, companyId, selResource, scope,
226 String.valueOf(role.getCompanyId()), roleId, actionId);
227 }
228 else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
229 ResourcePermissionServiceUtil.addResourcePermission(
230 groupId, companyId, selResource,
231 ResourceConstants.SCOPE_GROUP_TEMPLATE,
232 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
233 roleId, actionId);
234 }
235 else if (scope == ResourceConstants.SCOPE_GROUP) {
236 ResourcePermissionServiceUtil.removeResourcePermissions(
237 groupId, companyId, selResource,
238 ResourceConstants.SCOPE_GROUP, roleId, actionId);
239
240 for (String curGroupId : groupIds) {
241 ResourcePermissionServiceUtil.addResourcePermission(
242 groupId, companyId, selResource,
243 ResourceConstants.SCOPE_GROUP, curGroupId, roleId,
244 actionId);
245 }
246 }
247 }
248 else {
249
250
252 ResourcePermissionServiceUtil.removeResourcePermissions(
253 groupId, companyId, selResource,
254 ResourceConstants.SCOPE_COMPANY, roleId, actionId);
255
256 ResourcePermissionServiceUtil.removeResourcePermissions(
257 groupId, companyId, selResource,
258 ResourceConstants.SCOPE_GROUP_TEMPLATE, roleId, actionId);
259
260 ResourcePermissionServiceUtil.removeResourcePermissions(
261 groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP,
262 roleId, actionId);
263 }
264 }
265
266 protected void updateActions(
267 ActionRequest actionRequest, ActionResponse actionResponse)
268 throws Exception {
269
270 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
271 WebKeys.THEME_DISPLAY);
272
273 long roleId = ParamUtil.getLong(actionRequest, "roleId");
274
275 Role role = RoleLocalServiceUtil.getRole(roleId);
276
277 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
278 role.getName().equals(RoleConstants.OWNER) ||
279 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
280 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
281 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
282 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
283
284 throw new RolePermissionsException(role.getName());
285 }
286
287 String portletResource = ParamUtil.getString(
288 actionRequest, "portletResource");
289 String[] modelResources = StringUtil.split(
290 ParamUtil.getString(actionRequest, "modelResources"));
291 boolean showModelResources = ParamUtil.getBoolean(
292 actionRequest, "showModelResources");
293
294 Map<String, List<String>> resourceActionsMap =
295 new HashMap<String, List<String>>();
296
297 if (showModelResources) {
298 for (String modelResource : modelResources) {
299 resourceActionsMap.put(
300 modelResource,
301 ResourceActionsUtil.getResourceActions(
302 null, modelResource));
303 }
304 }
305 else if (Validator.isNotNull(portletResource)) {
306 resourceActionsMap.put(
307 portletResource,
308 ResourceActionsUtil.getResourceActions(portletResource, null));
309 }
310
311 String[] selectedTargets = StringUtil.split(
312 ParamUtil.getString(actionRequest, "selectedTargets"));
313
314 for (Map.Entry<String, List<String>> entry :
315 resourceActionsMap.entrySet()) {
316
317 String selResource = entry.getKey();
318 List<String> actions = entry.getValue();
319
320 actions = ListUtil.sort(
321 actions, new ActionComparator(themeDisplay.getLocale()));
322
323 for (String actionId : actions) {
324 String target = selResource + actionId;
325
326 boolean selected = ArrayUtil.contains(selectedTargets, target);
327
328 String[] groupIds = StringUtil.split(
329 ParamUtil.getString(actionRequest, "groupIds" + target));
330
331 groupIds = ArrayUtil.distinct(groupIds);
332
333 int scope = ResourceConstants.SCOPE_COMPANY;
334
335 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
336 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
337
338 scope = ResourceConstants.SCOPE_GROUP_TEMPLATE;
339 }
340 else {
341 if (groupIds.length > 0) {
342 scope = ResourceConstants.SCOPE_GROUP;
343 }
344 }
345
346 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
347 updateAction_6(
348 role, themeDisplay.getScopeGroupId(), selResource,
349 actionId, selected, scope, groupIds);
350 }
351 else {
352 updateAction_1to5(
353 role, themeDisplay.getScopeGroupId(), selResource,
354 actionId, selected, scope, groupIds);
355 }
356 }
357 }
358
359
361 SessionMessages.add(actionRequest, "permissionsUpdated");
362
363 String redirect =
364 ParamUtil.getString(actionRequest, "redirect") + "&" +
365 Constants.CMD + "=" + Constants.VIEW;
366
367 actionResponse.sendRedirect(redirect);
368 }
369
370 }