1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portlet.enterpriseadmin.action;
21  
22  import com.liferay.portal.NoSuchRoleException;
23  import com.liferay.portal.RolePermissionsException;
24  import com.liferay.portal.kernel.servlet.SessionErrors;
25  import com.liferay.portal.kernel.servlet.SessionMessages;
26  import com.liferay.portal.kernel.util.ArrayUtil;
27  import com.liferay.portal.kernel.util.Constants;
28  import com.liferay.portal.kernel.util.ListUtil;
29  import com.liferay.portal.kernel.util.ParamUtil;
30  import com.liferay.portal.kernel.util.StringUtil;
31  import com.liferay.portal.kernel.util.Validator;
32  import com.liferay.portal.model.GroupConstants;
33  import com.liferay.portal.model.ResourceConstants;
34  import com.liferay.portal.model.Role;
35  import com.liferay.portal.model.RoleConstants;
36  import com.liferay.portal.security.auth.PrincipalException;
37  import com.liferay.portal.security.permission.ResourceActionsUtil;
38  import com.liferay.portal.security.permission.comparator.ActionComparator;
39  import com.liferay.portal.service.PermissionServiceUtil;
40  import com.liferay.portal.service.RoleLocalServiceUtil;
41  import com.liferay.portal.struts.PortletAction;
42  import com.liferay.portal.theme.ThemeDisplay;
43  import com.liferay.portal.util.WebKeys;
44  
45  import java.util.HashMap;
46  import java.util.List;
47  import java.util.Map;
48  
49  import javax.portlet.ActionRequest;
50  import javax.portlet.ActionResponse;
51  import javax.portlet.PortletConfig;
52  import javax.portlet.RenderRequest;
53  import javax.portlet.RenderResponse;
54  
55  import org.apache.struts.action.ActionForm;
56  import org.apache.struts.action.ActionForward;
57  import org.apache.struts.action.ActionMapping;
58  
59  /**
60   * <a href="EditRolePermissionsAction.java.html"><b><i>View Source</i></b></a>
61   *
62   * @author Brian Wing Shun Chan
63   * @author Jorge Ferrer
64   *
65   */
66  public class EditRolePermissionsAction extends PortletAction {
67  
68      public void processAction(
69              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
70              ActionRequest actionRequest, ActionResponse actionResponse)
71          throws Exception {
72  
73          String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
74  
75          try {
76              if (cmd.equals("actions")) {
77                  updateActions(actionRequest, actionResponse);
78              }
79              else if (cmd.equals("delete_permission")) {
80                  deletePermission(actionRequest, actionResponse);
81              }
82          }
83          catch (Exception e) {
84              if (e instanceof NoSuchRoleException ||
85                  e instanceof PrincipalException ||
86                  e instanceof RolePermissionsException) {
87  
88                  SessionErrors.add(actionRequest, e.getClass().getName());
89  
90                  setForward(actionRequest, "portlet.enterprise_admin.error");
91              }
92              else {
93                  throw e;
94              }
95          }
96      }
97  
98      public ActionForward render(
99              ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
100             RenderRequest renderRequest, RenderResponse renderResponse)
101         throws Exception {
102 
103         try {
104             ActionUtil.getRole(renderRequest);
105         }
106         catch (Exception e) {
107             if (e instanceof NoSuchRoleException ||
108                 e instanceof PrincipalException) {
109 
110                 SessionErrors.add(renderRequest, e.getClass().getName());
111 
112                 return mapping.findForward("portlet.enterprise_admin.error");
113             }
114             else {
115                 throw e;
116             }
117         }
118 
119         return mapping.findForward(getForward(
120             renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
121     }
122 
123     protected void deletePermission(
124             ActionRequest actionRequest, ActionResponse actionResponse)
125         throws Exception {
126 
127         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
128             WebKeys.THEME_DISPLAY);
129 
130         long roleId = ParamUtil.getLong(actionRequest, "roleId");
131         long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
132 
133         Role role = RoleLocalServiceUtil.getRole(roleId);
134 
135         if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
136             role.getName().equals(RoleConstants.OWNER) ||
137             role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
138             role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
139             role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
140             role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
141 
142             throw new RolePermissionsException(role.getName());
143         }
144 
145         PermissionServiceUtil.unsetRolePermission(
146             roleId, themeDisplay.getScopeGroupId(), permissionId);
147 
148         // Send redirect
149 
150         SessionMessages.add(actionRequest, "permissionDeleted");
151 
152         String redirect = ParamUtil.getString(actionRequest, "redirect");
153 
154         actionResponse.sendRedirect(redirect);
155     }
156 
157     protected void updateActions(
158             ActionRequest actionRequest, ActionResponse actionResponse)
159         throws Exception {
160 
161         ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
162             WebKeys.THEME_DISPLAY);
163 
164         long roleId = ParamUtil.getLong(actionRequest, "roleId");
165 
166         Role role = RoleLocalServiceUtil.getRole(roleId);
167 
168         if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
169             role.getName().equals(RoleConstants.OWNER) ||
170             role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
171             role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
172             role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
173             role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
174 
175             throw new RolePermissionsException(role.getName());
176         }
177 
178         String portletResource = ParamUtil.getString(
179             actionRequest, "portletResource");
180         String[] modelResources = StringUtil.split(
181             ParamUtil.getString(actionRequest, "modelResources"));
182 
183         Map<String, List<String>> resourceActionsMap =
184             new HashMap<String, List<String>>();
185 
186         if (Validator.isNotNull(portletResource)) {
187             resourceActionsMap.put(
188                 portletResource,
189                 ResourceActionsUtil.getResourceActions(
190                     themeDisplay.getCompanyId(), portletResource, null));
191         }
192 
193         for (int i = 0; i < modelResources.length; i++) {
194             resourceActionsMap.put(
195                 modelResources[i],
196                 ResourceActionsUtil.getResourceActions(
197                     themeDisplay.getCompanyId(), null, modelResources[i]));
198         }
199 
200         for (Map.Entry<String, List<String>> entry :
201                 resourceActionsMap.entrySet()) {
202 
203             String selResource = entry.getKey();
204             List<String> actions = entry.getValue();
205 
206             actions = ListUtil.sort(
207                 actions,
208                 new ActionComparator(
209                     themeDisplay.getCompanyId(), themeDisplay.getLocale()));
210 
211             for (String actionId : actions) {
212                 int scope = ParamUtil.getInteger(
213                     actionRequest, "scope" + selResource + actionId);
214 
215                 if (scope == ResourceConstants.SCOPE_COMPANY) {
216                     PermissionServiceUtil.setRolePermission(
217                         roleId, themeDisplay.getScopeGroupId(), selResource,
218                         scope, String.valueOf(themeDisplay.getCompanyId()),
219                         actionId);
220                 }
221                 else if (scope == ResourceConstants.SCOPE_GROUP) {
222                     if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
223                         (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
224 
225                         PermissionServiceUtil.setRolePermission(
226                             roleId, themeDisplay.getScopeGroupId(), selResource,
227                             ResourceConstants.SCOPE_GROUP_TEMPLATE,
228                             String.valueOf(
229                                 GroupConstants.DEFAULT_PARENT_GROUP_ID),
230                             actionId);
231                     }
232                     else {
233                         String[] groupIds = StringUtil.split(
234                             ParamUtil.getString(
235                                 actionRequest,
236                                 "groupIds" + selResource + actionId));
237 
238                         if (groupIds.length == 0) {
239                             SessionErrors.add(
240                                 actionRequest, "missingGroupIdsForAction");
241 
242                             return;
243                         }
244 
245                         groupIds = ArrayUtil.distinct(groupIds);
246 
247                         PermissionServiceUtil.unsetRolePermissions(
248                             roleId, themeDisplay.getScopeGroupId(),
249                             selResource, ResourceConstants.SCOPE_GROUP,
250                             actionId);
251 
252                         for (int j = 0; j < groupIds.length; j++) {
253                             PermissionServiceUtil.setRolePermission(
254                                 roleId, themeDisplay.getScopeGroupId(),
255                                 selResource, ResourceConstants.SCOPE_GROUP,
256                                 groupIds[j], actionId);
257                         }
258                     }
259                 }
260                 else {
261 
262                     // Remove company, group template, and group permissions
263 
264                     PermissionServiceUtil.unsetRolePermissions(
265                         roleId, themeDisplay.getScopeGroupId(), selResource,
266                         ResourceConstants.SCOPE_COMPANY, actionId);
267 
268                     PermissionServiceUtil.unsetRolePermissions(
269                         roleId, themeDisplay.getScopeGroupId(), selResource,
270                         ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
271 
272                     PermissionServiceUtil.unsetRolePermissions(
273                         roleId, themeDisplay.getScopeGroupId(), selResource,
274                         ResourceConstants.SCOPE_GROUP, actionId);
275                 }
276             }
277         }
278 
279         // Send redirect
280 
281         SessionMessages.add(actionRequest, "permissionsUpdated");
282 
283         String redirect =
284             ParamUtil.getString(actionRequest, "redirect") + "&" +
285                 Constants.CMD + "=" + Constants.VIEW;
286 
287         actionResponse.sendRedirect(redirect);
288     }
289 
290 }