1
14
15 package com.liferay.portal.upgrade.v4_4_0;
16
17 import com.liferay.portal.kernel.dao.jdbc.DataAccess;
18 import com.liferay.portal.kernel.upgrade.UpgradeProcess;
19 import com.liferay.portal.model.Group;
20 import com.liferay.portal.model.Location;
21 import com.liferay.portal.model.Organization;
22 import com.liferay.portal.model.ResourceConstants;
23 import com.liferay.portal.model.Role;
24 import com.liferay.portal.model.UserGroup;
25 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
26 import com.liferay.portlet.documentlibrary.model.DLFolder;
27 import com.liferay.portlet.imagegallery.model.IGFolder;
28 import com.liferay.portlet.messageboards.model.MBCategory;
29 import com.liferay.portlet.shopping.model.ShoppingCategory;
30
31 import java.sql.Connection;
32 import java.sql.PreparedStatement;
33 import java.sql.ResultSet;
34
35
41 public class UpgradePermission extends UpgradeProcess {
42
43 protected void deletePermissionByActionIdAndResourceName(
44 String actionId, String resourceName)
45 throws Exception {
46
47 Connection con = null;
48 PreparedStatement ps = null;
49 ResultSet rs = null;
50
51 try {
52 con = DataAccess.getConnection();
53
54 ps = con.prepareStatement(_GET_PERMISSION_IDS_1);
55
56 ps.setString(1, actionId);
57 ps.setString(2, resourceName);
58
59 rs = ps.executeQuery();
60
61 while (rs.next()) {
62 long permissionId = rs.getLong("permissionId");
63
64 deletePermissionByPermissionId(permissionId);
65 }
66 }
67 finally {
68 DataAccess.cleanUp(con, ps, rs);
69 }
70 }
71
72 protected void deletePermissionByPermissionId(long permissionId)
73 throws Exception {
74
75 runSQL(
76 "delete from Permission_ where permissionId = " + permissionId);
77 runSQL(
78 "delete from Groups_Permissions where permissionId = " +
79 permissionId);
80 runSQL(
81 "delete from Roles_Permissions where permissionId = " +
82 permissionId);
83 runSQL(
84 "delete from Users_Permissions where permissionId = " +
85 permissionId);
86 }
87
88 protected void deletePermissionByResourceId(long resourceId)
89 throws Exception {
90
91 Connection con = null;
92 PreparedStatement ps = null;
93 ResultSet rs = null;
94
95 try {
96 con = DataAccess.getConnection();
97
98 ps = con.prepareStatement(
99 "select permissionId from Permission_ where resourceId = ?");
100
101 ps.setLong(1, resourceId);
102
103 rs = ps.executeQuery();
104
105 while (rs.next()) {
106 long permissionId = rs.getLong("permissionId");
107
108 deletePermissionByPermissionId(permissionId);
109 }
110 }
111 finally {
112 DataAccess.cleanUp(con, ps, rs);
113 }
114 }
115
116 protected void deleteResource(long codeId) throws Exception {
117 Connection con = null;
118 PreparedStatement ps = null;
119 ResultSet rs = null;
120
121 try {
122 con = DataAccess.getConnection();
123
124 ps = con.prepareStatement(
125 "select resourceId from Resource_ where codeId = ?");
126
127 ps.setLong(1, codeId);
128
129 rs = ps.executeQuery();
130
131 while (rs.next()) {
132 long resourceId = rs.getLong("resourceId");
133
134 deletePermissionByResourceId(resourceId);
135
136 runSQL(
137 "delete from Resource_ where resourceId = " + resourceId);
138 }
139 }
140 finally {
141 DataAccess.cleanUp(con, ps, rs);
142 }
143 }
144
145 protected void deleteResourceCode(String resourceName)
146 throws Exception {
147
148 Connection con = null;
149 PreparedStatement ps = null;
150 ResultSet rs = null;
151
152 try {
153 con = DataAccess.getConnection();
154
155 ps = con.prepareStatement(
156 "select codeId from ResourceCode where name = ?");
157
158 ps.setString(1, resourceName);
159
160 rs = ps.executeQuery();
161
162 while (rs.next()) {
163 long codeId = rs.getLong("codeId");
164
165 deleteResource(codeId);
166
167 runSQL(
168 "delete from ResourceCode where name = '" + resourceName +
169 "'");
170 }
171 }
172 finally {
173 DataAccess.cleanUp(con, ps, rs);
174 }
175 }
176
177 protected void deleteRolesPermissions(String roleName) throws Exception {
178 Connection con = null;
179 PreparedStatement ps = null;
180 ResultSet rs = null;
181
182 try {
183 con = DataAccess.getConnection();
184
185 ps = con.prepareStatement(_GET_ROLE_IDS);
186
187 ps.setString(1, roleName);
188
189 rs = ps.executeQuery();
190
191 while (rs.next()) {
192 long roleId = rs.getLong("roleId");
193
194 runSQL(
195 "delete from Roles_Permissions where roleId = " + roleId);
196 }
197 }
198 finally {
199 DataAccess.cleanUp(con, ps, rs);
200 }
201 }
202
203 protected void deleteUsersPermissions(int scope) throws Exception {
204 Connection con = null;
205 PreparedStatement ps = null;
206 ResultSet rs = null;
207
208 try {
209 con = DataAccess.getConnection();
210
211 ps = con.prepareStatement(_GET_PERMISSION_IDS_2);
212
213 ps.setLong(1, scope);
214
215 rs = ps.executeQuery();
216
217 while (rs.next()) {
218 long permissionId = rs.getLong("permissionId");
219
220 runSQL(
221 "delete from Users_Permissions where permissionId = " +
222 permissionId);
223 }
224 }
225 finally {
226 DataAccess.cleanUp(con, ps, rs);
227 }
228 }
229
230 protected void doUpgrade() throws Exception {
231 runSQL("delete from OrgGroupPermission");
232
233 for (int i = 0; i < _DELETE_PERMISSIONS.length; i++) {
234 Object[] permission = _DELETE_PERMISSIONS[i];
235
236 String actionId = (String)permission[0];
237 String resourceName = ((Class<?>)permission[1]).getName();
238
239 deletePermissionByActionIdAndResourceName(actionId, resourceName);
240 }
241
242 for (int i = 0; i < _UPDATE_PERMISSIONS.length; i++) {
243 Object[] permission = _UPDATE_PERMISSIONS[i];
244
245 String oldActionId = (String)permission[0];
246 String newActionId = (String)permission[1];
247 String resourceName = ((Class<?>)permission[2]).getName();
248
249 updatePermission(oldActionId, newActionId, resourceName);
250 }
251
252 deleteResourceCode("com.liferay.portlet.blogs.model.BlogsCategory");
253
254 deleteRolesPermissions("Community Administrator");
255 deleteRolesPermissions("Community Owner");
256 deleteRolesPermissions("Organization Administrator");
257
258 deleteUsersPermissions(ResourceConstants.SCOPE_GROUP);
259 }
260
261 protected void updatePermission(
262 String oldActionId, String newActionId, String resourceName)
263 throws Exception {
264
265 Connection con = null;
266 PreparedStatement ps = null;
267 ResultSet rs = null;
268
269 try {
270 con = DataAccess.getConnection();
271
272 ps = con.prepareStatement(_GET_PERMISSION_IDS_1);
273
274 ps.setString(1, oldActionId);
275 ps.setString(2, resourceName);
276
277 rs = ps.executeQuery();
278
279 while (rs.next()) {
280 long permissionId = rs.getLong("permissionId");
281
282 runSQL(
283 "update Permission_ set actionId = '" + newActionId +
284 "' where permissionId = " + permissionId);
285 }
286 }
287 finally {
288 DataAccess.cleanUp(con, ps, rs);
289 }
290 }
291
292 private static Object[][] _DELETE_PERMISSIONS = new Object[][] {
293 new Object[] {
294 "ADMINISTRATE", Group.class
295 },
296 new Object[] {
297 "ADD_USER", Location.class
298 },
299 new Object[] {
300 "ADD_USER", Organization.class
301 },
302 new Object[] {
303 "DELETE_USER", Location.class
304 },
305 new Object[] {
306 "DELETE_USER", Organization.class
307 },
308 new Object[] {
309 "PERMISSIONS_USER", Location.class
310 },
311 new Object[] {
312 "PERMISSIONS_USER", Organization.class
313 },
314 new Object[] {
315 "UPDATE_USER", Location.class
316 },
317 new Object[] {
318 "UPDATE_USER", Organization.class
319 },
320 new Object[] {
321 "VIEW_USER", Location.class
322 },
323 new Object[] {
324 "VIEW_USER", Organization.class
325 }
326 };
327
328 private static final String _GET_PERMISSION_IDS_1 =
329 "select Permission_.permissionId from Permission_ inner join " +
330 "Resource_ on Resource_.resourceId = Permission_.resourceId " +
331 "inner join ResourceCode on ResourceCode.codeId = " +
332 "Resource_.codeId where Permission_.actionId = ? and " +
333 "ResourceCode.name = ?";
334
335 private static final String _GET_PERMISSION_IDS_2 =
336 "select Users_Permissions.permissionId from Users_Permissions inner " +
337 "join Permission_ on Permission_.permissionId = " +
338 "Users_Permissions.permissionId inner join Resource_ on " +
339 "Resource_.resourceId = Permission_.resourceId inner " +
340 "join ResourceCode on ResourceCode.codeId = " +
341 "Resource_.codeId where ResourceCode.scope = ?";
342
343 private static final String _GET_ROLE_IDS =
344 "select Roles_Permissions.roleId from Roles_Permissions inner join " +
345 "Role_ on Role_.roleId = Roles_Permissions.roleId where " +
346 "Role_.name = ?";
347
348 private static Object[][] _UPDATE_PERMISSIONS = new Object[][] {
349 new Object[] {
350 "ADD_CATEGORY", "ADD_SUBCATEGORY", MBCategory.class
351 },
352 new Object[] {
353 "ADD_CATEGORY", "ADD_SUBCATEGORY", ShoppingCategory.class
354 },
355 new Object[] {
356 "ADD_FOLDER", "ADD_SUBFOLDER", DLFolder.class
357 },
358 new Object[] {
359 "ADD_FOLDER", "ADD_SUBFOLDER", IGFolder.class
360 },
361 new Object[] {
362 "ADD_FOLDER", "ADD_SUBFOLDER", BookmarksFolder.class
363 },
364 new Object[] {
365 "ADD_LOCATION", "MANAGE_SUBORGANIZATIONS", Organization.class
366 },
367 new Object[] {
368 "ADD_PERMISSIONS", "DEFINE_PERMISSIONS", Role.class
369 },
370 new Object[] {
371 "ADD_USER", "MANAGE_USERS", Location.class
372 },
373 new Object[] {
374 "ADD_USER", "MANAGE_USERS", Organization.class
375 },
376 new Object[] {
377 "ASSIGN_USERS", "ASSIGN_MEMBERS", Group.class
378 },
379 new Object[] {
380 "ASSIGN_USERS", "ASSIGN_MEMBERS", Role.class
381 },
382 new Object[] {
383 "ASSIGN_USERS", "ASSIGN_MEMBERS", UserGroup.class
384 }
385 };
386
387 }