1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.NoSuchPermissionException;
18  import com.liferay.portal.kernel.exception.PortalException;
19  import com.liferay.portal.kernel.exception.SystemException;
20  import com.liferay.portal.kernel.log.Log;
21  import com.liferay.portal.kernel.log.LogFactoryUtil;
22  import com.liferay.portal.kernel.search.SearchEngineUtil;
23  import com.liferay.portal.kernel.util.GetterUtil;
24  import com.liferay.portal.kernel.util.ListUtil;
25  import com.liferay.portal.kernel.util.Validator;
26  import com.liferay.portal.model.Group;
27  import com.liferay.portal.model.OrgGroupPermission;
28  import com.liferay.portal.model.Organization;
29  import com.liferay.portal.model.Permission;
30  import com.liferay.portal.model.Resource;
31  import com.liferay.portal.model.ResourceCode;
32  import com.liferay.portal.model.ResourceConstants;
33  import com.liferay.portal.model.Role;
34  import com.liferay.portal.model.User;
35  import com.liferay.portal.model.UserGroup;
36  import com.liferay.portal.security.permission.PermissionCacheUtil;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.security.permission.ResourceActionsUtil;
39  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
40  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
41  import com.liferay.portal.util.PropsValues;
42  import com.liferay.portal.util.comparator.PermissionComparator;
43  
44  import java.util.ArrayList;
45  import java.util.HashSet;
46  import java.util.Iterator;
47  import java.util.List;
48  import java.util.Set;
49  
50  import org.apache.commons.lang.time.StopWatch;
51  
52  /**
53   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
54   *
55   * @author Charles May
56   * @author Brian Wing Shun Chan
57   * @author Raymond Augé
58   */
59  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
60  
61      public Permission addPermission(
62              long companyId, String actionId, long resourceId)
63          throws SystemException {
64  
65          Permission permission = permissionPersistence.fetchByA_R(
66              actionId, resourceId);
67  
68          if (permission == null) {
69              long permissionId = counterLocalService.increment(
70                  Permission.class.getName());
71  
72              permission = permissionPersistence.create(permissionId);
73  
74              permission.setCompanyId(companyId);
75              permission.setActionId(actionId);
76              permission.setResourceId(resourceId);
77  
78              permissionPersistence.update(permission, false);
79          }
80  
81          return permission;
82      }
83  
84      public List<Permission> addPermissions(
85              long companyId, String name, long resourceId,
86              boolean portletActions)
87          throws SystemException {
88  
89          List<String> actionIds = null;
90  
91          if (portletActions) {
92              actionIds = ResourceActionsUtil.getPortletResourceActions(name);
93          }
94          else {
95              actionIds = ResourceActionsUtil.getModelResourceActions(name);
96          }
97  
98          return addPermissions(companyId, actionIds, resourceId);
99      }
100 
101     public List<Permission> addPermissions(
102             long companyId, List<String> actionIds, long resourceId)
103         throws SystemException {
104 
105         List<Permission> permissions = permissionPersistence.findByResourceId(
106             resourceId);
107 
108         permissions = ListUtil.copy(permissions);
109 
110         Set<String> actionIdsSet = new HashSet<String>();
111 
112         for (Permission permission : permissions) {
113             actionIdsSet.add(permission.getActionId());
114         }
115 
116         for (String actionId : actionIds) {
117             if (actionIdsSet.contains(actionId)) {
118                 continue;
119             }
120 
121             long permissionId = counterLocalService.increment(
122                 Permission.class.getName());
123 
124             Permission permission = permissionPersistence.create(permissionId);
125 
126             permission.setCompanyId(companyId);
127             permission.setActionId(actionId);
128             permission.setResourceId(resourceId);
129 
130             try {
131                 permissionPersistence.update(permission, false);
132             }
133             catch (SystemException se) {
134                 if (_log.isWarnEnabled()) {
135                     _log.warn(
136                         "Add failed, fetch {actionId=" + actionId +
137                             ", resourceId=" + resourceId + "}");
138                 }
139 
140                 permission = permissionPersistence.fetchByA_R(
141                     actionId, resourceId, false);
142 
143                 if (permission == null) {
144                     throw se;
145                 }
146             }
147 
148             permissions.add(permission);
149         }
150 
151         return permissions;
152     }
153 
154     public void addUserPermissions(
155             long userId, String[] actionIds, long resourceId)
156         throws PortalException, SystemException {
157 
158         User user = userPersistence.findByPrimaryKey(userId);
159 
160         List<Permission> permissions = permissionFinder.findByU_R(
161             userId, resourceId);
162 
163         permissions = getPermissions(
164             user.getCompanyId(), actionIds, resourceId);
165 
166         userPersistence.addPermissions(userId, permissions);
167 
168         PermissionCacheUtil.clearCache();
169     }
170 
171     public List<String> getActions(List<Permission> permissions) {
172         List<String> actionIds = new ArrayList<String>();
173 
174         Iterator<Permission> itr = permissions.iterator();
175 
176         while (itr.hasNext()) {
177             Permission permission = itr.next();
178 
179             actionIds.add(permission.getActionId());
180         }
181 
182         return actionIds;
183     }
184 
185     public List<Permission> getGroupPermissions(long groupId, long resourceId)
186         throws SystemException {
187 
188         return permissionFinder.findByG_R(groupId, resourceId);
189     }
190 
191     public List<Permission> getGroupPermissions(
192             long groupId, long companyId, String name, int scope,
193             String primKey)
194         throws SystemException {
195 
196         return permissionFinder.findByG_C_N_S_P(
197             groupId, companyId, name, scope, primKey);
198     }
199 
200     public List<Permission> getOrgGroupPermissions(
201             long organizationId, long groupId, long resourceId)
202         throws SystemException {
203 
204         return permissionFinder.findByO_G_R(
205             organizationId, groupId, resourceId);
206     }
207 
208     public long getLatestPermissionId() throws SystemException {
209         List<Permission> permissions = permissionPersistence.findAll(
210             0, 1, new PermissionComparator());
211 
212         if (permissions.size() == 0) {
213             return 0;
214         }
215         else {
216             Permission permission = permissions.get(0);
217 
218             return permission.getPermissionId();
219         }
220     }
221 
222     public List<Permission> getPermissions(
223             long companyId, String[] actionIds, long resourceId)
224         throws SystemException {
225 
226         List<Permission> permissions = new ArrayList<Permission>();
227 
228         for (int i = 0; i < actionIds.length; i++) {
229             Permission permission = addPermission(
230                 companyId, actionIds[i], resourceId);
231 
232             permissions.add(permission);
233         }
234 
235         return permissions;
236     }
237 
238     public List<Permission> getRolePermissions(long roleId)
239         throws SystemException {
240 
241         return rolePersistence.getPermissions(roleId);
242     }
243 
244     public List<Permission> getRolePermissions(long roleId, long resourceId)
245         throws SystemException {
246 
247         return permissionFinder.findByR_R(roleId, resourceId);
248     }
249 
250     public List<Permission> getUserPermissions(long userId, long resourceId)
251         throws SystemException {
252 
253         return permissionFinder.findByU_R(userId, resourceId);
254     }
255 
256     public List<Permission> getUserPermissions(
257             long userId, long companyId, String name, int scope, String primKey)
258         throws SystemException {
259 
260         return permissionFinder.findByU_C_N_S_P(
261             userId, companyId, name, scope, primKey);
262     }
263 
264     public boolean hasGroupPermission(
265             long groupId, String actionId, long resourceId)
266         throws SystemException {
267 
268         Permission permission = permissionPersistence.fetchByA_R(
269             actionId, resourceId);
270 
271         // Return false if there is no permission based on the given action
272         // id and resource id
273 
274         if (permission == null) {
275             return false;
276         }
277 
278         return groupPersistence.containsPermission(
279             groupId, permission.getPermissionId());
280     }
281 
282     public boolean hasRolePermission(
283             long roleId, long companyId, String name, int scope,
284             String actionId)
285         throws SystemException {
286 
287         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
288             companyId, name, scope);
289 
290         List<Resource> resources = resourcePersistence.findByCodeId(
291             resourceCode.getCodeId());
292 
293         for (Resource resource : resources) {
294             Permission permission = permissionPersistence.fetchByA_R(
295                 actionId, resource.getResourceId());
296 
297             if (permission != null) {
298                 if (rolePersistence.containsPermission(
299                         roleId, permission.getPermissionId())) {
300 
301                     return true;
302                 }
303             }
304         }
305 
306         return false;
307     }
308 
309     public boolean hasRolePermission(
310             long roleId, long companyId, String name, int scope, String primKey,
311             String actionId)
312         throws SystemException {
313 
314         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
315             companyId, name, scope);
316 
317         Resource resource = resourcePersistence.fetchByC_P(
318             resourceCode.getCodeId(), primKey);
319 
320         if (resource == null) {
321             return false;
322         }
323 
324         Permission permission = permissionPersistence.fetchByA_R(
325             actionId, resource.getResourceId());
326 
327         if (permission == null) {
328             return false;
329         }
330 
331         return rolePersistence.containsPermission(
332             roleId, permission.getPermissionId());
333     }
334 
335     public boolean hasUserPermission(
336             long userId, String actionId, long resourceId)
337         throws SystemException {
338 
339         Permission permission = permissionPersistence.fetchByA_R(
340             actionId, resourceId);
341 
342         // Return false if there is no permission based on the given action
343         // id and resource id
344 
345         if (permission == null) {
346             return false;
347         }
348 
349         return userPersistence.containsPermission(
350             userId, permission.getPermissionId());
351     }
352 
353     public boolean hasUserPermissions(
354             long userId, long groupId, List<Resource> resources,
355             String actionId, PermissionCheckerBag permissionCheckerBag)
356         throws PortalException, SystemException {
357 
358         StopWatch stopWatch = null;
359 
360         if (_log.isDebugEnabled()) {
361             stopWatch = new StopWatch();
362 
363             stopWatch.start();
364         }
365 
366         int block = 1;
367 
368         // Return false if there are no resources
369 
370         if (Validator.isNull(actionId) || resources.isEmpty()) {
371             return false;
372         }
373 
374         long[] resourceIds = null;
375 
376         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
377             resourceIds = new long[resources.size()];
378 
379             for (int i = 0; i < resources.size(); i++) {
380                 Resource resource = resources.get(i);
381 
382                 resourceIds[i] = resource.getResourceId();
383             }
384         }
385 
386         List<Permission> permissions = null;
387 
388         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
389             permissions = permissionFinder.findByA_R(actionId, resourceIds);
390 
391             // Return false if there are no permissions
392 
393             if (permissions.size() == 0) {
394                 return false;
395             }
396         }
397 
398         // Record logs with the first resource id
399 
400         long resourceId = 0;
401 
402         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
403             resourceId = resourceIds[0];
404         }
405         else {
406             resourceId = resources.get(0).getResourceId();
407         }
408 
409         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
410 
411         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
412         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
413         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
414         //List<Group> userUserGroupGroups =
415         //  permissionCheckerBag.getUserUserGroupGroups();
416         List<Group> groups = permissionCheckerBag.getGroups();
417         List<Role> roles = permissionCheckerBag.getRoles();
418 
419         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
420 
421         // Check the organization and community intersection table. Break out of
422         // this method if the user has one of the permissions set at the
423         // intersection because that takes priority.
424 
425         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
426         //  return true;
427         //}
428 
429         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
430 
431         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
432             return hasUserPermissions_1(
433                 userId, resourceId, actionId, permissions, groups, groupId,
434                 stopWatch, block);
435         }
436         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
437             return hasUserPermissions_2(
438                 userId, resourceId, actionId, permissions, groups, groupId,
439                 stopWatch, block);
440         }
441         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
442             return hasUserPermissions_3(
443                 userId, resourceId, actionId, permissions, groups, roles,
444                 stopWatch, block);
445         }
446         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
447             return hasUserPermissions_4(
448                 userId, resourceId, actionId, permissions, groups, roles,
449                 stopWatch, block);
450         }
451         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
452             return hasUserPermissions_5(
453                 userId, resourceId, actionId, permissions, roles, stopWatch,
454                 block);
455         }
456         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
457             return hasUserPermissions_6(
458                 userId, resourceId, resources, actionId, roles, stopWatch,
459                 block);
460         }
461 
462         return false;
463     }
464 
465     public void setGroupPermissions(
466             long groupId, String[] actionIds, long resourceId)
467         throws PortalException, SystemException {
468 
469         Group group = groupPersistence.findByPrimaryKey(groupId);
470 
471         List<Permission> permissions = permissionFinder.findByG_R(
472             groupId, resourceId);
473 
474         for (Permission permission : permissions) {
475             groupPersistence.removePermission(groupId, permission);
476         }
477 
478         permissions = getPermissions(
479             group.getCompanyId(), actionIds, resourceId);
480 
481         groupPersistence.addPermissions(groupId, permissions);
482 
483         PermissionCacheUtil.clearCache();
484     }
485 
486     public void setGroupPermissions(
487             String className, String classPK, long groupId,
488             String[] actionIds, long resourceId)
489         throws PortalException, SystemException {
490 
491         long associatedGroupId = 0;
492 
493         if (className.equals(Organization.class.getName())) {
494             long organizationId = GetterUtil.getLong(classPK);
495 
496             Organization organization =
497                 organizationPersistence.findByPrimaryKey(organizationId);
498 
499             orgGroupPermissionFinder.removeByO_G_R(
500                 organizationId, groupId, resourceId);
501 
502             associatedGroupId = organization.getGroup().getGroupId();
503         }
504         else if (className.equals(UserGroup.class.getName())) {
505             long userGroupId = GetterUtil.getLong(classPK);
506 
507             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
508                 userGroupId);
509 
510             associatedGroupId = userGroup.getGroup().getGroupId();
511         }
512 
513         setGroupPermissions(associatedGroupId, actionIds, resourceId);
514     }
515 
516     public void setOrgGroupPermissions(
517             long organizationId, long groupId, String[] actionIds,
518             long resourceId)
519         throws PortalException, SystemException {
520 
521         Organization organization =
522             organizationPersistence.findByPrimaryKey(organizationId);
523 
524         long orgGroupId = organization.getGroup().getGroupId();
525 
526         List<Permission> permissions = permissionPersistence.findByResourceId(
527             resourceId);
528 
529         for (Permission permission : permissions) {
530             groupPersistence.removePermission(orgGroupId, permission);
531         }
532 
533         permissions = getPermissions(
534             organization.getCompanyId(), actionIds, resourceId);
535 
536         orgGroupPermissionFinder.removeByO_G_R(
537             organizationId, groupId, resourceId);
538 
539         for (Permission permission : permissions) {
540             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
541                 organizationId, groupId, permission.getPermissionId());
542 
543             OrgGroupPermission orgGroupPermission =
544                 orgGroupPermissionPersistence.create(pk);
545 
546             orgGroupPermissionPersistence.update(orgGroupPermission, false);
547         }
548 
549         PermissionCacheUtil.clearCache();
550     }
551 
552     public void setRolePermission(
553             long roleId, long companyId, String name, int scope, String primKey,
554             String actionId)
555         throws PortalException, SystemException {
556 
557         if (scope == ResourceConstants.SCOPE_COMPANY) {
558 
559             // Remove group permission
560 
561             unsetRolePermissions(
562                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
563                 actionId);
564         }
565         else if (scope == ResourceConstants.SCOPE_GROUP) {
566 
567             // Remove company permission
568 
569             unsetRolePermissions(
570                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
571                 actionId);
572         }
573         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
574             throw new NoSuchPermissionException();
575         }
576 
577         Resource resource = resourceLocalService.addResource(
578             companyId, name, scope, primKey);
579 
580         long resourceId = resource.getResourceId();
581 
582         Permission permission = permissionPersistence.fetchByA_R(
583             actionId, resourceId);
584 
585         if (permission == null) {
586             long permissionId = counterLocalService.increment(
587                 Permission.class.getName());
588 
589             permission = permissionPersistence.create(permissionId);
590 
591             permission.setCompanyId(companyId);
592             permission.setActionId(actionId);
593             permission.setResourceId(resourceId);
594 
595             permissionPersistence.update(permission, false);
596         }
597 
598         rolePersistence.addPermission(roleId, permission);
599 
600         PermissionCacheUtil.clearCache();
601 
602         SearchEngineUtil.updatePermissionFields(resourceId);
603     }
604 
605     public void setRolePermissions(
606             long roleId, long companyId, String name, int scope, String primKey,
607             String[] actionIds)
608         throws PortalException, SystemException {
609 
610         for (int i = 0; i < actionIds.length; i++) {
611             String actionId = actionIds[i];
612 
613             setRolePermission(
614                 roleId, companyId, name, scope, primKey, actionId);
615         }
616     }
617 
618     public void setRolePermissions(
619             long roleId, String[] actionIds, long resourceId)
620         throws PortalException, SystemException {
621 
622         Role role = rolePersistence.findByPrimaryKey(roleId);
623 
624         List<Permission> permissions = permissionFinder.findByR_R(
625             roleId, resourceId);
626 
627         rolePersistence.removePermissions(roleId, permissions);
628 
629         permissions = getPermissions(
630             role.getCompanyId(), actionIds, resourceId);
631 
632         rolePersistence.addPermissions(roleId, permissions);
633 
634         PermissionCacheUtil.clearCache();
635 
636         SearchEngineUtil.updatePermissionFields(resourceId);
637     }
638 
639     public void setUserPermissions(
640             long userId, String[] actionIds, long resourceId)
641         throws PortalException, SystemException {
642 
643         User user = userPersistence.findByPrimaryKey(userId);
644 
645         List<Permission> permissions = permissionFinder.findByU_R(
646             userId, resourceId);
647 
648         userPersistence.removePermissions(userId, permissions);
649 
650         permissions = getPermissions(
651             user.getCompanyId(), actionIds, resourceId);
652 
653         userPersistence.addPermissions(userId, permissions);
654 
655         PermissionCacheUtil.clearCache();
656     }
657 
658     public void unsetRolePermission(long roleId, long permissionId)
659         throws SystemException {
660 
661         Permission permission = permissionPersistence.fetchByPrimaryKey(
662             permissionId);
663 
664         if (permission != null) {
665             rolePersistence.removePermission(roleId, permission);
666         }
667 
668         PermissionCacheUtil.clearCache();
669     }
670 
671     public void unsetRolePermission(
672             long roleId, long companyId, String name, int scope, String primKey,
673             String actionId)
674         throws SystemException {
675 
676         ResourceCode resourceCode =
677             resourceCodeLocalService.getResourceCode(
678                 companyId, name, scope);
679 
680         Resource resource = resourcePersistence.fetchByC_P(
681             resourceCode.getCodeId(), primKey);
682 
683         if (resource != null) {
684             Permission permission = permissionPersistence.fetchByA_R(
685                 actionId, resource.getResourceId());
686 
687             if (permission != null) {
688                 rolePersistence.removePermission(roleId, permission);
689             }
690         }
691 
692         PermissionCacheUtil.clearCache();
693     }
694 
695     public void unsetRolePermissions(
696             long roleId, long companyId, String name, int scope,
697             String actionId)
698         throws SystemException {
699 
700         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
701             companyId, name, scope);
702 
703         List<Resource> resources = resourcePersistence.findByCodeId(
704             resourceCode.getCodeId());
705 
706         for (Resource resource : resources) {
707             Permission permission = permissionPersistence.fetchByA_R(
708                 actionId, resource.getResourceId());
709 
710             if (permission != null) {
711                 rolePersistence.removePermission(roleId, permission);
712             }
713         }
714 
715         PermissionCacheUtil.clearCache();
716     }
717 
718     public void unsetUserPermissions(
719             long userId, String[] actionIds, long resourceId)
720         throws SystemException {
721 
722         List<Permission> permissions = permissionFinder.findByU_A_R(
723             userId, actionIds, resourceId);
724 
725         userPersistence.removePermissions(userId, permissions);
726 
727         PermissionCacheUtil.clearCache();
728     }
729 
730     protected boolean checkOrgGroupPermission(
731             List<Organization> organizations, List<Group> groups,
732             List<Permission> permissions)
733         throws PortalException, SystemException {
734 
735         for (Permission permission : permissions) {
736             if (checkOrgGroupPermission(organizations, groups, permission)) {
737                 return true;
738             }
739         }
740 
741         return false;
742     }
743 
744     protected boolean checkOrgGroupPermission(
745             List<Organization> organizations, List<Group> groups,
746             Permission permission)
747         throws PortalException, SystemException {
748 
749         // Do not check for an OrgGroupPermission intersection unless there is
750         // at least one organization and one group to check
751 
752         if ((organizations.size() == 0) || (groups.size() == 0)) {
753             return false;
754         }
755 
756         // Do not check unless the OrgGroupPermission intersection contains at
757         // least one permission
758 
759         List<OrgGroupPermission> orgGroupPermissions =
760             orgGroupPermissionPersistence.findByPermissionId(
761                 permission.getPermissionId());
762 
763         if (orgGroupPermissions.size() == 0) {
764             return false;
765         }
766 
767         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
768             if (orgGroupPermission.containsOrganization(organizations) &&
769                 orgGroupPermission.containsGroup(groups)) {
770 
771                 return true;
772             }
773         }
774 
775         // Throw an exception so that we do not continue checking permissions.
776         // The user has a specific permission given in the OrgGroupPermission
777         // intersection that prohibits him from going further.
778 
779         throw new NoSuchPermissionException(
780             "User has a permission in OrgGroupPermission that does not match");
781     }
782 
783     protected boolean hasUserPermissions_1(
784             long userId, long resourceId, String actionId,
785             List<Permission> permissions, List<Group> groups, long groupId,
786             StopWatch stopWatch, int block)
787         throws SystemException {
788 
789         // Is the user connected to one of the permissions via group or
790         // organization roles?
791 
792         if (groups.size() > 0) {
793             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
794                 return true;
795             }
796         }
797 
798         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
799 
800         // Is the user associated with groups or organizations that are directly
801         // connected to one of the permissions?
802 
803         if (groups.size() > 0) {
804             if (permissionFinder.countByGroupsPermissions(
805                     permissions, groups) > 0) {
806 
807                 return true;
808             }
809         }
810 
811         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
812 
813         // Is the user connected to one of the permissions via user roles?
814 
815         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
816             return true;
817         }
818 
819         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
820 
821         // Is the user connected to one of the permissions via user group roles?
822 
823         if (permissionFinder.countByUserGroupRole(
824                 permissions, userId, groupId) > 0) {
825 
826             return true;
827         }
828 
829         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
830 
831         // Is the user directly connected to one of the permissions?
832 
833         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
834             return true;
835         }
836 
837         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
838 
839         return false;
840     }
841 
842     protected boolean hasUserPermissions_2(
843             long userId, long resourceId, String actionId,
844             List<Permission> permissions, List<Group> groups, long groupId,
845             StopWatch stopWatch, int block)
846         throws SystemException {
847 
848         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
849         // countByUserGroupRole, and countByUsersPermissions in one method
850 
851         if (permissionFinder.containsPermissions_2(
852                 permissions, userId, groups, groupId)) {
853 
854             return true;
855         }
856 
857         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
858 
859         return false;
860     }
861 
862     protected boolean hasUserPermissions_3(
863             long userId, long resourceId, String actionId,
864             List<Permission> permissions, List<Group> groups, List<Role> roles,
865             StopWatch stopWatch, int block)
866         throws SystemException {
867 
868         // Is the user associated with groups or organizations that are directly
869         // connected to one of the permissions?
870 
871         if (groups.size() > 0) {
872             if (permissionFinder.countByGroupsPermissions(
873                     permissions, groups) > 0) {
874 
875                 return true;
876             }
877         }
878 
879         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
880 
881         // Is the user associated with a role that is directly connected to one
882         // of the permissions?
883 
884         if (roles.size() > 0) {
885             if (permissionFinder.countByRolesPermissions(
886                     permissions, roles) > 0) {
887 
888                 return true;
889             }
890         }
891 
892         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
893 
894         // Is the user directly connected to one of the permissions?
895 
896         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
897             return true;
898         }
899 
900         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
901 
902         return false;
903     }
904 
905     protected boolean hasUserPermissions_4(
906             long userId, long resourceId, String actionId,
907             List<Permission> permissions, List<Group> groups, List<Role> roles,
908             StopWatch stopWatch, int block)
909         throws SystemException {
910 
911         // Call countByGroupsPermissions, countByRolesPermissions, and
912         // countByUsersPermissions in one method
913 
914         if (permissionFinder.containsPermissions_4(
915                 permissions, userId, groups, roles)) {
916 
917             return true;
918         }
919 
920         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
921 
922         return false;
923     }
924 
925     protected boolean hasUserPermissions_5(
926             long userId, long resourceId, String actionId,
927             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
928             int block)
929         throws SystemException {
930 
931         if (roles.size() > 0) {
932             if (permissionFinder.countByRolesPermissions(
933                     permissions, roles) > 0) {
934 
935                 return true;
936             }
937         }
938 
939         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
940 
941         return false;
942     }
943 
944     protected boolean hasUserPermissions_6(
945             long userId, long resourceId, List<Resource> resources,
946             String actionId, List<Role> roles, StopWatch stopWatch,
947             int block)
948         throws PortalException, SystemException {
949 
950         // Iterate the list of resources in reverse order to test permissions
951         // from company scope to individual scope because it is more likely that
952         // a permission is assigned at a higher scope. Optimizing this method
953         // to one SQL call may actually slow things down since most of the calls
954         // will pull from the cache after the first request.
955 
956         for (int i = resources.size() - 1; i >= 0; i--) {
957             Resource resource = resources.get(i);
958 
959             for (Role role : roles) {
960                 if (resourcePermissionLocalService.hasResourcePermission(
961                         resource.getCompanyId(), resource.getName(),
962                         resource.getScope(), resource.getPrimKey(),
963                         role.getRoleId(), actionId)) {
964 
965                     return true;
966                 }
967             }
968         }
969 
970         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
971 
972         return false;
973     }
974 
975     protected void logHasUserPermissions(
976         long userId, long resourceId, String actionId, StopWatch stopWatch,
977         int block) {
978 
979         if (!_log.isDebugEnabled()) {
980             return;
981         }
982 
983         _log.debug(
984             "Checking user permissions block " + block + " for " + userId +
985                 " " + resourceId + " " + actionId + " takes " +
986                     stopWatch.getTime() + " ms");
987     }
988 
989     private static Log _log = LogFactoryUtil.getLog(
990         PermissionLocalServiceImpl.class);
991 
992 }