1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.RequiredUserException;
18  import com.liferay.portal.ReservedUserEmailAddressException;
19  import com.liferay.portal.UserEmailAddressException;
20  import com.liferay.portal.UserScreenNameException;
21  import com.liferay.portal.kernel.exception.PortalException;
22  import com.liferay.portal.kernel.exception.SystemException;
23  import com.liferay.portal.kernel.util.ArrayUtil;
24  import com.liferay.portal.model.Address;
25  import com.liferay.portal.model.Company;
26  import com.liferay.portal.model.Contact;
27  import com.liferay.portal.model.EmailAddress;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.GroupConstants;
30  import com.liferay.portal.model.Organization;
31  import com.liferay.portal.model.Phone;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.model.UserGroupRole;
35  import com.liferay.portal.model.Website;
36  import com.liferay.portal.security.auth.PrincipalException;
37  import com.liferay.portal.security.permission.ActionKeys;
38  import com.liferay.portal.security.permission.PermissionChecker;
39  import com.liferay.portal.service.ServiceContext;
40  import com.liferay.portal.service.base.UserServiceBaseImpl;
41  import com.liferay.portal.service.permission.GroupPermissionUtil;
42  import com.liferay.portal.service.permission.OrganizationPermissionUtil;
43  import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
44  import com.liferay.portal.service.permission.PortalPermissionUtil;
45  import com.liferay.portal.service.permission.RolePermissionUtil;
46  import com.liferay.portal.service.permission.UserGroupPermissionUtil;
47  import com.liferay.portal.service.permission.UserPermissionUtil;
48  import com.liferay.portal.util.PropsValues;
49  import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
50  import com.liferay.portlet.enterpriseadmin.util.EnterpriseAdminUtil;
51  
52  import java.util.List;
53  import java.util.Locale;
54  
55  /**
56   * <a href="UserServiceImpl.java.html"><b><i>View Source</i></b></a>
57   *
58   * @author Brian Wing Shun Chan
59   * @author Brian Myunghun Kim
60   * @author Scott Lee
61   * @author Jorge Ferrer
62   * @author Julio Camarero
63   */
64  public class UserServiceImpl extends UserServiceBaseImpl {
65  
66      public void addGroupUsers(long groupId, long[] userIds)
67          throws PortalException, SystemException {
68  
69          try {
70              GroupPermissionUtil.check(
71                  getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
72          }
73          catch (PrincipalException pe) {
74  
75              // Allow any user to join open communities
76  
77              boolean hasPermission = false;
78  
79              if (userIds.length == 0) {
80                  hasPermission = true;
81              }
82              else if (userIds.length == 1) {
83                  User user = getUser();
84  
85                  if (user.getUserId() == userIds[0]) {
86                      Group group = groupPersistence.findByPrimaryKey(groupId);
87  
88                      if (user.getCompanyId() == group.getCompanyId()) {
89                          int type = group.getType();
90  
91                          if (type == GroupConstants.TYPE_COMMUNITY_OPEN) {
92                              hasPermission = true;
93                          }
94                      }
95                  }
96              }
97  
98              if (!hasPermission) {
99                  throw new PrincipalException();
100             }
101         }
102 
103         userLocalService.addGroupUsers(groupId, userIds);
104     }
105 
106     public void addOrganizationUsers(long organizationId, long[] userIds)
107         throws PortalException, SystemException {
108 
109         OrganizationPermissionUtil.check(
110             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
111 
112         validateOrganizationUsers(userIds);
113 
114         userLocalService.addOrganizationUsers(organizationId, userIds);
115     }
116 
117     public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
118         throws PortalException, SystemException {
119 
120         PasswordPolicyPermissionUtil.check(
121             getPermissionChecker(), passwordPolicyId,
122             ActionKeys.ASSIGN_MEMBERS);
123 
124         userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
125     }
126 
127     public void addRoleUsers(long roleId, long[] userIds)
128         throws PortalException, SystemException {
129 
130         RolePermissionUtil.check(
131             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
132 
133         userLocalService.addRoleUsers(roleId, userIds);
134     }
135 
136     public void addUserGroupUsers(long userGroupId, long[] userIds)
137         throws PortalException, SystemException {
138 
139         UserGroupPermissionUtil.check(
140             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
141 
142         userLocalService.addUserGroupUsers(userGroupId, userIds);
143     }
144 
145     public User addUser(
146             long companyId, boolean autoPassword, String password1,
147             String password2, boolean autoScreenName, String screenName,
148             String emailAddress, String openId, Locale locale, String firstName,
149             String middleName, String lastName, int prefixId, int suffixId,
150             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
151             String jobTitle, long[] groupIds, long[] organizationIds,
152             long[] roleIds, long[] userGroupIds, boolean sendEmail,
153             ServiceContext serviceContext)
154         throws PortalException, SystemException {
155 
156         Company company = companyPersistence.findByPrimaryKey(companyId);
157 
158         long creatorUserId = 0;
159 
160         try {
161             creatorUserId = getUserId();
162         }
163         catch (PrincipalException pe) {
164         }
165 
166         if ((creatorUserId != 0) || !company.isStrangers()) {
167             if (!PortalPermissionUtil.contains(
168                     getPermissionChecker(), ActionKeys.ADD_USER) &&
169                 !UserPermissionUtil.contains(
170                     getPermissionChecker(), 0, organizationIds,
171                     ActionKeys.ADD_USER)) {
172 
173                 throw new PrincipalException();
174             }
175         }
176 
177         if (creatorUserId == 0) {
178             if (!company.isStrangersWithMx() &&
179                 company.hasCompanyMx(emailAddress)) {
180 
181                 throw new ReservedUserEmailAddressException();
182             }
183         }
184 
185         return userLocalService.addUser(
186             creatorUserId, companyId, autoPassword, password1, password2,
187             autoScreenName, screenName, emailAddress, openId, locale, firstName,
188             middleName, lastName, prefixId, suffixId, male, birthdayMonth,
189             birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
190             roleIds, userGroupIds, sendEmail, serviceContext);
191     }
192 
193     public User addUser(
194             long companyId, boolean autoPassword, String password1,
195             String password2, boolean autoScreenName, String screenName,
196             String emailAddress, String openId, Locale locale, String firstName,
197             String middleName, String lastName, int prefixId, int suffixId,
198             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
199             String jobTitle, long[] groupIds, long[] organizationIds,
200             long[] roleIds, long[] userGroupIds, boolean sendEmail,
201             List<Address> addresses, List<EmailAddress> emailAddresses,
202             List<Phone> phones, List<Website> websites,
203             List<AnnouncementsDelivery> announcementsDelivers,
204             ServiceContext serviceContext)
205         throws PortalException, SystemException {
206 
207         User user = addUser(
208             companyId, autoPassword, password1, password2, autoScreenName,
209             screenName, emailAddress, openId, locale, firstName, middleName,
210             lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay,
211             birthdayYear, jobTitle, groupIds, organizationIds, roleIds,
212             userGroupIds, sendEmail, serviceContext);
213 
214         EnterpriseAdminUtil.updateAddresses(
215             Contact.class.getName(), user.getContactId(), addresses);
216 
217         EnterpriseAdminUtil.updateEmailAddresses(
218             Contact.class.getName(), user.getContactId(), emailAddresses);
219 
220         EnterpriseAdminUtil.updatePhones(
221             Contact.class.getName(), user.getContactId(), phones);
222 
223         EnterpriseAdminUtil.updateWebsites(
224             Contact.class.getName(), user.getContactId(), websites);
225 
226         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
227 
228         return user;
229     }
230 
231     public void deletePortrait(long userId)
232         throws PortalException, SystemException {
233 
234         UserPermissionUtil.check(
235             getPermissionChecker(), userId, ActionKeys.UPDATE);
236 
237         userLocalService.deletePortrait(userId);
238     }
239 
240     public void deleteRoleUser(long roleId, long userId)
241         throws PortalException, SystemException {
242 
243         RolePermissionUtil.check(
244             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
245 
246         userLocalService.deleteRoleUser(roleId, userId);
247     }
248 
249     public void deleteUser(long userId)
250         throws PortalException, SystemException {
251 
252         if (getUserId() == userId) {
253             throw new RequiredUserException();
254         }
255 
256         UserPermissionUtil.check(
257             getPermissionChecker(), userId, ActionKeys.DELETE);
258 
259         userLocalService.deleteUser(userId);
260     }
261 
262     public long getDefaultUserId(long companyId)
263         throws PortalException, SystemException {
264 
265         return userLocalService.getDefaultUserId(companyId);
266     }
267 
268     public long[] getGroupUserIds(long groupId) throws SystemException {
269         return userLocalService.getGroupUserIds(groupId);
270     }
271 
272     public long[] getOrganizationUserIds(long organizationId)
273         throws SystemException {
274 
275         return userLocalService.getOrganizationUserIds(organizationId);
276     }
277 
278     public long[] getRoleUserIds(long roleId) throws SystemException {
279         return userLocalService.getRoleUserIds(roleId);
280     }
281 
282     public User getUserByEmailAddress(long companyId, String emailAddress)
283         throws PortalException, SystemException {
284 
285         User user = userLocalService.getUserByEmailAddress(
286             companyId, emailAddress);
287 
288         UserPermissionUtil.check(
289             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
290 
291         return user;
292     }
293 
294     public User getUserById(long userId)
295         throws PortalException, SystemException {
296 
297         User user = userLocalService.getUserById(userId);
298 
299         UserPermissionUtil.check(
300             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
301 
302         return user;
303     }
304 
305     public User getUserByScreenName(long companyId, String screenName)
306         throws PortalException, SystemException {
307 
308         User user = userLocalService.getUserByScreenName(
309             companyId, screenName);
310 
311         UserPermissionUtil.check(
312             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
313 
314         return user;
315     }
316 
317     public long getUserIdByEmailAddress(long companyId, String emailAddress)
318         throws PortalException, SystemException {
319 
320         User user = getUserByEmailAddress(companyId, emailAddress);
321 
322         return user.getUserId();
323     }
324 
325     public long getUserIdByScreenName(long companyId, String screenName)
326         throws PortalException, SystemException {
327 
328         User user = getUserByScreenName(companyId, screenName);
329 
330         return user.getUserId();
331     }
332 
333     public boolean hasGroupUser(long groupId, long userId)
334         throws SystemException {
335 
336         return userLocalService.hasGroupUser(groupId, userId);
337     }
338 
339     public boolean hasRoleUser(long roleId, long userId)
340         throws SystemException {
341 
342         return userLocalService.hasRoleUser(roleId, userId);
343     }
344 
345     public boolean hasRoleUser(
346             long companyId, String name, long userId, boolean inherited)
347         throws PortalException, SystemException {
348 
349         return userLocalService.hasRoleUser(companyId, name, userId, inherited);
350     }
351 
352     public void setRoleUsers(long roleId, long[] userIds)
353         throws PortalException, SystemException {
354 
355         RolePermissionUtil.check(
356             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
357 
358         userLocalService.setRoleUsers(roleId, userIds);
359     }
360 
361     public void setUserGroupUsers(long userGroupId, long[] userIds)
362         throws PortalException, SystemException {
363 
364         UserGroupPermissionUtil.check(
365             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
366 
367         userLocalService.setUserGroupUsers(userGroupId, userIds);
368     }
369 
370     public void unsetGroupUsers(long groupId, long[] userIds)
371         throws PortalException, SystemException {
372 
373         try {
374             GroupPermissionUtil.check(
375                 getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
376         }
377         catch (PrincipalException pe) {
378 
379             // Allow any user to leave open and restricted communities
380 
381             boolean hasPermission = false;
382 
383             if (userIds.length == 0) {
384                 hasPermission = true;
385             }
386             else if (userIds.length == 1) {
387                 User user = getUser();
388 
389                 if (user.getUserId() == userIds[0]) {
390                     Group group = groupPersistence.findByPrimaryKey(groupId);
391 
392                     if (user.getCompanyId() == group.getCompanyId()) {
393                         int type = group.getType();
394 
395                         if ((type == GroupConstants.TYPE_COMMUNITY_OPEN) ||
396                             (type ==
397                                 GroupConstants.TYPE_COMMUNITY_RESTRICTED)) {
398 
399                             hasPermission = true;
400                         }
401                     }
402                 }
403             }
404 
405             if (!hasPermission) {
406                 throw new PrincipalException();
407             }
408         }
409 
410         userLocalService.unsetGroupUsers(groupId, userIds);
411     }
412 
413     public void unsetOrganizationUsers(long organizationId, long[] userIds)
414         throws PortalException, SystemException {
415 
416         OrganizationPermissionUtil.check(
417             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
418 
419         userLocalService.unsetOrganizationUsers(organizationId, userIds);
420     }
421 
422     public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
423         throws PortalException, SystemException {
424 
425         PasswordPolicyPermissionUtil.check(
426             getPermissionChecker(), passwordPolicyId,
427             ActionKeys.ASSIGN_MEMBERS);
428 
429         userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
430     }
431 
432     public void unsetRoleUsers(long roleId, long[] userIds)
433         throws PortalException, SystemException {
434 
435         RolePermissionUtil.check(
436             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
437 
438         userLocalService.unsetRoleUsers(roleId, userIds);
439     }
440 
441     public void unsetUserGroupUsers(long userGroupId, long[] userIds)
442         throws PortalException, SystemException {
443 
444         UserGroupPermissionUtil.check(
445             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
446 
447         userLocalService.unsetUserGroupUsers(userGroupId, userIds);
448     }
449 
450     public User updateActive(long userId, boolean active)
451         throws PortalException, SystemException {
452 
453         if ((getUserId() == userId) && !active) {
454             throw new RequiredUserException();
455         }
456 
457         UserPermissionUtil.check(
458             getPermissionChecker(), userId, ActionKeys.DELETE);
459 
460         return userLocalService.updateActive(userId, active);
461     }
462 
463     public User updateAgreedToTermsOfUse(
464             long userId, boolean agreedToTermsOfUse)
465         throws PortalException, SystemException {
466 
467         UserPermissionUtil.check(
468             getPermissionChecker(), userId, ActionKeys.UPDATE);
469 
470         return userLocalService.updateAgreedToTermsOfUse(
471             userId, agreedToTermsOfUse);
472     }
473 
474     public void updateEmailAddress(
475             long userId, String password, String emailAddress1,
476             String emailAddress2)
477         throws PortalException, SystemException {
478 
479         UserPermissionUtil.check(
480             getPermissionChecker(), userId, ActionKeys.UPDATE);
481 
482         userLocalService.updateEmailAddress(
483             userId, password, emailAddress1, emailAddress2);
484     }
485 
486     public User updateLockout(long userId, boolean lockout)
487         throws PortalException, SystemException {
488 
489         UserPermissionUtil.check(
490             getPermissionChecker(), userId, ActionKeys.DELETE);
491 
492         return userLocalService.updateLockoutById(userId, lockout);
493     }
494 
495     public void updateOpenId(long userId, String openId)
496         throws PortalException, SystemException {
497 
498         UserPermissionUtil.check(
499             getPermissionChecker(), userId, ActionKeys.UPDATE);
500 
501         userLocalService.updateOpenId(userId, openId);
502     }
503 
504     public void updateOrganizations(long userId, long[] organizationIds)
505         throws PortalException, SystemException {
506 
507         UserPermissionUtil.check(
508             getPermissionChecker(), userId, ActionKeys.UPDATE);
509 
510         userLocalService.updateOrganizations(userId, organizationIds);
511     }
512 
513     public User updatePassword(
514             long userId, String password1, String password2,
515             boolean passwordReset)
516         throws PortalException, SystemException {
517 
518         UserPermissionUtil.check(
519             getPermissionChecker(), userId, ActionKeys.UPDATE);
520 
521         return userLocalService.updatePassword(
522             userId, password1, password2, passwordReset);
523     }
524 
525     public void updatePortrait(long userId, byte[] bytes)
526         throws PortalException, SystemException {
527 
528         UserPermissionUtil.check(
529             getPermissionChecker(), userId, ActionKeys.UPDATE);
530 
531         userLocalService.updatePortrait(userId, bytes);
532     }
533 
534     public void updateReminderQuery(
535             long userId, String question, String answer)
536         throws PortalException, SystemException {
537 
538         UserPermissionUtil.check(
539             getPermissionChecker(), userId, ActionKeys.UPDATE);
540 
541         userLocalService.updateReminderQuery(userId, question, answer);
542     }
543 
544     public void updateScreenName(long userId, String screenName)
545         throws PortalException, SystemException {
546 
547         UserPermissionUtil.check(
548             getPermissionChecker(), userId, ActionKeys.UPDATE);
549 
550         userLocalService.updateScreenName(userId, screenName);
551     }
552 
553     public User updateUser(
554             long userId, String oldPassword, String newPassword1,
555             String newPassword2, boolean passwordReset,
556             String reminderQueryQuestion, String reminderQueryAnswer,
557             String screenName, String emailAddress, String openId,
558             String languageId, String timeZoneId, String greeting,
559             String comments, String firstName, String middleName,
560             String lastName, int prefixId, int suffixId, boolean male,
561             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
562             String aimSn, String facebookSn, String icqSn, String jabberSn,
563             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
564             String ymSn, String jobTitle, long[] groupIds,
565             long[] organizationIds, long[] roleIds,
566             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
567             ServiceContext serviceContext)
568         throws PortalException, SystemException {
569 
570         UserPermissionUtil.check(
571             getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
572 
573         long curUserId = getUserId();
574 
575         if (curUserId == userId) {
576             User user = userPersistence.findByPrimaryKey(userId);
577 
578             screenName = screenName.trim().toLowerCase();
579 
580             if (!screenName.equalsIgnoreCase(user.getScreenName())) {
581                 validateScreenName(user, screenName);
582             }
583 
584             emailAddress = emailAddress.trim().toLowerCase();
585 
586             if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
587                 validateEmailAddress(user, emailAddress);
588             }
589         }
590 
591         if (groupIds != null) {
592             groupIds = checkGroups(userId, groupIds);
593         }
594 
595         if (organizationIds != null) {
596             organizationIds = checkOrganizations(userId, organizationIds);
597         }
598 
599         if (roleIds != null) {
600             roleIds = checkRoles(userId, roleIds);
601         }
602 
603         if (userGroupRoles != null) {
604             userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
605         }
606 
607         return userLocalService.updateUser(
608             userId, oldPassword, newPassword1, newPassword2, passwordReset,
609             reminderQueryQuestion, reminderQueryAnswer, screenName,
610             emailAddress, openId, languageId, timeZoneId, greeting, comments,
611             firstName, middleName, lastName, prefixId, suffixId, male,
612             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
613             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
614             jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
615             userGroupIds, serviceContext);
616     }
617 
618     public User updateUser(
619             long userId, String oldPassword, String newPassword1,
620             String newPassword2, boolean passwordReset,
621             String reminderQueryQuestion, String reminderQueryAnswer,
622             String screenName, String emailAddress, String openId,
623             String languageId, String timeZoneId, String greeting,
624             String comments, String firstName, String middleName,
625             String lastName, int prefixId, int suffixId, boolean male,
626             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
627             String aimSn, String facebookSn, String icqSn, String jabberSn,
628             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
629             String ymSn, String jobTitle, long[] groupIds,
630             long[] organizationIds, long[] roleIds,
631             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
632             List<Address> addresses, List<EmailAddress> emailAddresses,
633             List<Phone> phones, List<Website> websites,
634             List<AnnouncementsDelivery> announcementsDelivers,
635             ServiceContext serviceContext)
636         throws PortalException, SystemException {
637 
638         User user = updateUser(
639             userId, oldPassword, newPassword1, newPassword2, passwordReset,
640             reminderQueryQuestion, reminderQueryAnswer, screenName,
641             emailAddress, openId, languageId, timeZoneId, greeting, comments,
642             firstName, middleName, lastName, prefixId, suffixId, male,
643             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
644             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
645             jobTitle, groupIds, organizationIds, roleIds,
646             userGroupRoles, userGroupIds, serviceContext);
647 
648         EnterpriseAdminUtil.updateAddresses(
649             Contact.class.getName(), user.getContactId(), addresses);
650 
651         EnterpriseAdminUtil.updateEmailAddresses(
652             Contact.class.getName(), user.getContactId(), emailAddresses);
653 
654         EnterpriseAdminUtil.updatePhones(
655             Contact.class.getName(), user.getContactId(), phones);
656 
657         EnterpriseAdminUtil.updateWebsites(
658             Contact.class.getName(), user.getContactId(), websites);
659 
660         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
661 
662         return user;
663     }
664 
665     protected long[] checkGroups(long userId, long[] groupIds)
666         throws PortalException, SystemException {
667 
668         // Add back any groups that the administrator does not have the rights
669         // to remove and check that he has the permission to add any new group
670 
671         List<Group> oldGroups = groupLocalService.getUserGroups(userId);
672         long[] oldGroupIds = new long[oldGroups.size()];
673 
674         for (int i = 0; i < oldGroups.size(); i++) {
675             Group group = oldGroups.get(i);
676 
677             if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
678                 !GroupPermissionUtil.contains(
679                     getPermissionChecker(), group.getGroupId(),
680                     ActionKeys.ASSIGN_MEMBERS)) {
681 
682                 groupIds = ArrayUtil.append(groupIds, group.getGroupId());
683             }
684 
685             oldGroupIds[i] = group.getGroupId();
686         }
687 
688         for (long groupId : groupIds) {
689             if (!ArrayUtil.contains(oldGroupIds, groupId)) {
690                 GroupPermissionUtil.check(
691                     getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
692             }
693         }
694 
695         return groupIds;
696     }
697 
698     protected long[] checkOrganizations(long userId, long[] organizationIds)
699         throws PortalException, SystemException {
700 
701         // Add back any organizations that the administrator does not have the
702         // rights to remove and check that he has the permission to add any new
703         // organization
704 
705         List<Organization> oldOrganizations =
706             organizationLocalService.getUserOrganizations(userId);
707         long[] oldOrganizationIds = new long[oldOrganizations.size()];
708 
709         for (int i = 0; i < oldOrganizations.size(); i++) {
710             Organization organization = oldOrganizations.get(i);
711 
712             if (!ArrayUtil.contains(
713                     organizationIds, organization.getOrganizationId()) &&
714                 !OrganizationPermissionUtil.contains(
715                     getPermissionChecker(), organization.getOrganizationId(),
716                     ActionKeys.ASSIGN_MEMBERS)) {
717 
718                 organizationIds = ArrayUtil.append(
719                     organizationIds, organization.getOrganizationId());
720             }
721 
722             oldOrganizationIds[i] = organization.getOrganizationId();
723         }
724 
725         for (long organizationId : organizationIds) {
726             if (!ArrayUtil.contains(oldOrganizationIds, organizationId)) {
727                 OrganizationPermissionUtil.check(
728                     getPermissionChecker(), organizationId,
729                     ActionKeys.ASSIGN_MEMBERS);
730             }
731         }
732 
733         return organizationIds;
734     }
735 
736     protected long[] checkRoles(long userId, long[] roleIds)
737         throws PrincipalException, SystemException {
738 
739         // Add back any roles that the administrator does not have the rights to
740         // remove and check that he has the permission to add any new role
741 
742         List<Role> oldRoles = roleLocalService.getUserRoles(userId);
743         long[] oldRoleIds = new long[oldRoles.size()];
744 
745         for (int i = 0; i < oldRoles.size(); i++) {
746             Role role = oldRoles.get(i);
747 
748             if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
749                 !RolePermissionUtil.contains(
750                     getPermissionChecker(), role.getRoleId(),
751                     ActionKeys.ASSIGN_MEMBERS)) {
752 
753                 roleIds = ArrayUtil.append(roleIds, role.getRoleId());
754             }
755 
756             oldRoleIds[i] = role.getRoleId();
757         }
758 
759         for (long roleId : roleIds) {
760             if (!ArrayUtil.contains(oldRoleIds, roleId)) {
761                 RolePermissionUtil.check(
762                     getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
763             }
764         }
765 
766         return roleIds;
767     }
768 
769     protected List<UserGroupRole> checkUserGroupRoles(
770             long userId, List<UserGroupRole> userGroupRoles)
771         throws PortalException, SystemException {
772 
773         // Add back any group roles that the administrator does not have the
774         // rights to remove
775 
776         List<UserGroupRole> oldUserGroupRoles =
777             userGroupRoleLocalService.getUserGroupRoles(userId);
778 
779         for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
780             if (!userGroupRoles.contains(oldUserGroupRole) &&
781                 (!GroupPermissionUtil.contains(
782                     getPermissionChecker(), oldUserGroupRole.getGroupId(),
783                     ActionKeys.ASSIGN_MEMBERS) ||
784                 !RolePermissionUtil.contains(
785                     getPermissionChecker(), oldUserGroupRole.getRoleId(),
786                     ActionKeys.ASSIGN_MEMBERS))) {
787 
788                 userGroupRoles.add(oldUserGroupRole);
789             }
790         }
791 
792         for (UserGroupRole userGroupRole : userGroupRoles) {
793             if (!oldUserGroupRoles.contains(userGroupRole)) {
794 
795                 if (!GroupPermissionUtil.contains(
796                         getPermissionChecker(), userGroupRole.getGroupId(),
797                         ActionKeys.ASSIGN_MEMBERS) ||
798                     !RolePermissionUtil.contains(
799                         getPermissionChecker(), userGroupRole.getRoleId(),
800                         ActionKeys.ASSIGN_MEMBERS)) {
801 
802                     throw new PrincipalException();
803                 }
804             }
805         }
806 
807         return userGroupRoles;
808     }
809 
810     protected void updateAnnouncementsDeliveries(
811             long userId, List<AnnouncementsDelivery> announcementsDeliveries)
812         throws PortalException, SystemException {
813 
814         for (AnnouncementsDelivery announcementsDelivery :
815                 announcementsDeliveries) {
816 
817             announcementsDeliveryService.updateDelivery(
818                 userId, announcementsDelivery.getType(),
819                 announcementsDelivery.getEmail(),
820                 announcementsDelivery.getSms(),
821                 announcementsDelivery.getWebsite());
822         }
823     }
824 
825     protected void validateEmailAddress(User user, String emailAddress)
826         throws PortalException, SystemException {
827 
828         PermissionChecker permissionChecker = getPermissionChecker();
829 
830         if (!EnterpriseAdminUtil.hasUpdateEmailAddress(
831                 permissionChecker, user)) {
832 
833             throw new UserEmailAddressException();
834         }
835 
836         if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
837             Company company = companyPersistence.findByPrimaryKey(
838                 user.getCompanyId());
839 
840             if (!company.isStrangersWithMx()) {
841                 throw new ReservedUserEmailAddressException();
842             }
843         }
844     }
845 
846     protected void validateScreenName(User user, String screenName)
847         throws PortalException {
848 
849         PermissionChecker permissionChecker = getPermissionChecker();
850 
851         if (!EnterpriseAdminUtil.hasUpdateScreenName(permissionChecker, user)) {
852             throw new UserScreenNameException();
853         }
854     }
855 
856     protected void validateOrganizationUsers(long[] userIds)
857         throws PortalException, SystemException {
858 
859         PermissionChecker permissionChecker = getPermissionChecker();
860 
861         if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
862             permissionChecker.isCompanyAdmin()) {
863 
864             return;
865         }
866 
867         List<Organization> organizations =
868             organizationLocalService.getUserOrganizations(
869                 permissionChecker.getUserId());
870 
871         for (long userId : userIds) {
872             boolean allowed = false;
873 
874             for (Organization organization : organizations) {
875                 boolean manageUsers = OrganizationPermissionUtil.contains(
876                     permissionChecker, organization, ActionKeys.MANAGE_USERS);
877                 boolean manageSuborganizations =
878                     OrganizationPermissionUtil.contains(
879                         permissionChecker, organization,
880                         ActionKeys.MANAGE_SUBORGANIZATIONS);
881 
882                 if (!manageUsers && !manageSuborganizations) {
883                     continue;
884                 }
885 
886                 boolean inherited = false;
887                 boolean includeSpecifiedOrganization = false;
888 
889                 if (manageUsers && manageSuborganizations) {
890                     inherited = true;
891                     includeSpecifiedOrganization = true;
892                 }
893                 else if (!manageUsers && manageSuborganizations) {
894                     inherited = true;
895                     includeSpecifiedOrganization = false;
896                 }
897 
898                 if (organizationLocalService.hasUserOrganization(
899                         userId, organization.getOrganizationId(), inherited,
900                         false, includeSpecifiedOrganization)) {
901 
902                     allowed = true;
903 
904                     break;
905                 }
906             }
907 
908             if (!allowed) {
909                 throw new PrincipalException();
910             }
911         }
912     }
913 
914 }