1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.impl;
21  
22  import com.liferay.portal.NoSuchPermissionException;
23  import com.liferay.portal.PortalException;
24  import com.liferay.portal.SystemException;
25  import com.liferay.portal.kernel.log.Log;
26  import com.liferay.portal.kernel.log.LogFactoryUtil;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.kernel.util.Validator;
29  import com.liferay.portal.model.Group;
30  import com.liferay.portal.model.OrgGroupPermission;
31  import com.liferay.portal.model.Organization;
32  import com.liferay.portal.model.Permission;
33  import com.liferay.portal.model.Resource;
34  import com.liferay.portal.model.ResourceCode;
35  import com.liferay.portal.model.ResourceConstants;
36  import com.liferay.portal.model.Role;
37  import com.liferay.portal.model.User;
38  import com.liferay.portal.model.UserGroup;
39  import com.liferay.portal.security.permission.PermissionCacheUtil;
40  import com.liferay.portal.security.permission.PermissionCheckerBag;
41  import com.liferay.portal.security.permission.ResourceActionsUtil;
42  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
43  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
44  import com.liferay.portal.util.PropsValues;
45  import com.liferay.portal.util.comparator.PermissionComparator;
46  
47  import java.util.ArrayList;
48  import java.util.Iterator;
49  import java.util.List;
50  
51  import org.apache.commons.lang.time.StopWatch;
52  
53  /**
54   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
55   *
56   * @author Charles May
57   * @author Brian Wing Shun Chan
58   * @author Raymond Augé
59   *
60   */
61  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
62  
63      public Permission addPermission(
64              long companyId, String actionId, long resourceId)
65          throws SystemException {
66  
67          Permission permission = permissionPersistence.fetchByA_R(
68              actionId, resourceId);
69  
70          if (permission == null) {
71              long permissionId = counterLocalService.increment(
72                  Permission.class.getName());
73  
74              permission = permissionPersistence.create(permissionId);
75  
76              permission.setCompanyId(companyId);
77              permission.setActionId(actionId);
78              permission.setResourceId(resourceId);
79  
80              permissionPersistence.update(permission, false);
81          }
82  
83          return permission;
84      }
85  
86      public List<Permission> addPermissions(
87              long companyId, String name, long resourceId,
88              boolean portletActions)
89          throws SystemException {
90  
91          List<Permission> permissions = new ArrayList<Permission>();
92  
93          List<String> actions = null;
94  
95          if (portletActions) {
96              actions =
97                  ResourceActionsUtil.getPortletResourceActions(companyId, name);
98          }
99          else {
100             actions = ResourceActionsUtil.getModelResourceActions(name);
101         }
102 
103         for (int i = 0; i < actions.size(); i++) {
104             String actionId = actions.get(i);
105 
106             Permission permission = addPermission(
107                 companyId, actionId, resourceId);
108 
109             permissions.add(permission);
110         }
111 
112         return permissions;
113     }
114 
115     public void addUserPermissions(
116             long userId, String[] actionIds, long resourceId)
117         throws PortalException, SystemException {
118 
119         User user = userPersistence.findByPrimaryKey(userId);
120 
121         List<Permission> permissions = permissionFinder.findByU_R(
122             userId, resourceId);
123 
124         permissions = getPermissions(
125             user.getCompanyId(), actionIds, resourceId);
126 
127         userPersistence.addPermissions(userId, permissions);
128 
129         PermissionCacheUtil.clearCache();
130     }
131 
132     public List<String> getActions(List<Permission> permissions) {
133         List<String> actions = new ArrayList<String>();
134 
135         Iterator<Permission> itr = permissions.iterator();
136 
137         while (itr.hasNext()) {
138             Permission permission = itr.next();
139 
140             actions.add(permission.getActionId());
141         }
142 
143         return actions;
144     }
145 
146     public List<Permission> getGroupPermissions(long groupId, long resourceId)
147         throws SystemException {
148 
149         return permissionFinder.findByG_R(groupId, resourceId);
150     }
151 
152     public List<Permission> getGroupPermissions(
153             long groupId, long companyId, String name, int scope,
154             String primKey)
155         throws SystemException {
156 
157         return permissionFinder.findByG_C_N_S_P(
158             groupId, companyId, name, scope, primKey);
159     }
160 
161     public List<Permission> getOrgGroupPermissions(
162             long organizationId, long groupId, long resourceId)
163         throws SystemException {
164 
165         return permissionFinder.findByO_G_R(
166             organizationId, groupId, resourceId);
167     }
168 
169     public long getLatestPermissionId() throws SystemException {
170         List<Permission> permissions = permissionPersistence.findAll(
171             0, 1, new PermissionComparator());
172 
173         if (permissions.size() == 0) {
174             return 0;
175         }
176         else {
177             Permission permission = permissions.get(0);
178 
179             return permission.getPermissionId();
180         }
181     }
182 
183     public List<Permission> getPermissions(
184             long companyId, String[] actionIds, long resourceId)
185         throws SystemException {
186 
187         List<Permission> permissions = new ArrayList<Permission>();
188 
189         for (int i = 0; i < actionIds.length; i++) {
190             Permission permission = addPermission(
191                 companyId, actionIds[i], resourceId);
192 
193             permissions.add(permission);
194         }
195 
196         return permissions;
197     }
198 
199     public List<Permission> getRolePermissions(long roleId)
200         throws SystemException {
201 
202         return rolePersistence.getPermissions(roleId);
203     }
204 
205     public List<Permission> getRolePermissions(long roleId, long resourceId)
206         throws SystemException {
207 
208         return permissionFinder.findByR_R(roleId, resourceId);
209     }
210 
211     public List<Permission> getUserPermissions(long userId, long resourceId)
212         throws SystemException {
213 
214         return permissionFinder.findByU_R(userId, resourceId);
215     }
216 
217     public List<Permission> getUserPermissions(
218             long userId, long companyId, String name, int scope, String primKey)
219         throws SystemException {
220 
221         return permissionFinder.findByU_C_N_S_P(
222             userId, companyId, name, scope, primKey);
223     }
224 
225     public boolean hasGroupPermission(
226             long groupId, String actionId, long resourceId)
227         throws SystemException {
228 
229         Permission permission = permissionPersistence.fetchByA_R(
230             actionId, resourceId);
231 
232         // Return false if there is no permission based on the given action
233         // id and resource id
234 
235         if (permission == null) {
236             return false;
237         }
238 
239         return groupPersistence.containsPermission(
240             groupId, permission.getPermissionId());
241     }
242 
243     public boolean hasRolePermission(
244             long roleId, long companyId, String name, int scope,
245             String actionId)
246         throws SystemException {
247 
248         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
249             companyId, name, scope);
250 
251         List<Resource> resources = resourcePersistence.findByCodeId(
252             resourceCode.getCodeId());
253 
254         for (Resource resource : resources) {
255             Permission permission = permissionPersistence.fetchByA_R(
256                 actionId, resource.getResourceId());
257 
258             if (permission != null) {
259                 if (rolePersistence.containsPermission(
260                         roleId, permission.getPermissionId())) {
261 
262                     return true;
263                 }
264             }
265         }
266 
267         return false;
268     }
269 
270     public boolean hasRolePermission(
271             long roleId, long companyId, String name, int scope, String primKey,
272             String actionId)
273         throws SystemException {
274 
275         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
276             companyId, name, scope);
277 
278         Resource resource = resourcePersistence.fetchByC_P(
279             resourceCode.getCodeId(), primKey);
280 
281         if (resource == null) {
282             return false;
283         }
284 
285         Permission permission = permissionPersistence.fetchByA_R(
286             actionId, resource.getResourceId());
287 
288         if (permission == null) {
289             return false;
290         }
291 
292         return rolePersistence.containsPermission(
293             roleId, permission.getPermissionId());
294     }
295 
296     public boolean hasUserPermission(
297             long userId, String actionId, long resourceId)
298         throws SystemException {
299 
300         Permission permission = permissionPersistence.fetchByA_R(
301             actionId, resourceId);
302 
303         // Return false if there is no permission based on the given action
304         // id and resource id
305 
306         if (permission == null) {
307             return false;
308         }
309 
310         return userPersistence.containsPermission(
311             userId, permission.getPermissionId());
312     }
313 
314     public boolean hasUserPermissions(
315             long userId, long groupId, String actionId, long[] resourceIds,
316             PermissionCheckerBag permissionCheckerBag)
317         throws SystemException {
318 
319         StopWatch stopWatch = null;
320 
321         if (_log.isDebugEnabled()) {
322             stopWatch = new StopWatch();
323 
324             stopWatch.start();
325         }
326 
327         int block = 1;
328 
329         // Return false if there are no resources
330 
331         if ((Validator.isNull(actionId)) || (resourceIds == null) ||
332             (resourceIds.length == 0)) {
333 
334             return false;
335         }
336 
337         List<Permission> permissions = permissionFinder.findByA_R(
338             actionId, resourceIds);
339 
340         // Return false if there are no permissions
341 
342         if (permissions.size() == 0) {
343             return false;
344         }
345 
346         // Record logs with the first resource id
347 
348         long resourceId = resourceIds[0];
349 
350         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
351 
352         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
353         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
354         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
355         //List<Group> userUserGroupGroups =
356         //  permissionCheckerBag.getUserUserGroupGroups();
357         List<Group> groups = permissionCheckerBag.getGroups();
358         List<Role> roles = permissionCheckerBag.getRoles();
359 
360         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
361 
362         // Check the organization and community intersection table. Break out of
363         // this method if the user has one of the permissions set at the
364         // intersection because that takes priority.
365 
366         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
367         //  return true;
368         //}
369 
370         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
371 
372         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
373             return hasUserPermissions_1(
374                 userId, actionId, resourceId, permissions, groups, groupId,
375                 stopWatch, block);
376         }
377         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
378             return hasUserPermissions_2(
379                 userId, actionId, resourceId, permissions, groups, groupId,
380                 stopWatch, block);
381         }
382         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
383             return hasUserPermissions_3(
384                 userId, actionId, resourceId, permissions, groups, roles,
385                 stopWatch, block);
386         }
387         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
388             return hasUserPermissions_4(
389                 userId, actionId, resourceId, permissions, groups, roles,
390                 stopWatch, block);
391         }
392         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
393             return hasUserPermissions_5(
394                 userId, actionId, resourceId, permissions, roles, stopWatch,
395                 block);
396         }
397 
398         return false;
399     }
400 
401     public void setGroupPermissions(
402             long groupId, String[] actionIds, long resourceId)
403         throws PortalException, SystemException {
404 
405         Group group = groupPersistence.findByPrimaryKey(groupId);
406 
407         List<Permission> permissions = permissionFinder.findByG_R(
408             groupId, resourceId);
409 
410         for (Permission permission : permissions) {
411             groupPersistence.removePermission(groupId, permission);
412         }
413 
414         permissions = getPermissions(
415             group.getCompanyId(), actionIds, resourceId);
416 
417         groupPersistence.addPermissions(groupId, permissions);
418 
419         PermissionCacheUtil.clearCache();
420     }
421 
422     public void setGroupPermissions(
423             String className, String classPK, long groupId,
424             String[] actionIds, long resourceId)
425         throws PortalException, SystemException {
426 
427         long associatedGroupId = 0;
428 
429         if (className.equals(Organization.class.getName())) {
430             long organizationId = GetterUtil.getLong(classPK);
431 
432             Organization organization =
433                 organizationPersistence.findByPrimaryKey(organizationId);
434 
435             orgGroupPermissionFinder.removeByO_G_R(
436                 organizationId, groupId, resourceId);
437 
438             associatedGroupId = organization.getGroup().getGroupId();
439         }
440         else if (className.equals(UserGroup.class.getName())) {
441             long userGroupId = GetterUtil.getLong(classPK);
442 
443             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
444                 userGroupId);
445 
446             associatedGroupId = userGroup.getGroup().getGroupId();
447         }
448 
449         setGroupPermissions(associatedGroupId, actionIds, resourceId);
450     }
451 
452     public void setOrgGroupPermissions(
453             long organizationId, long groupId, String[] actionIds,
454             long resourceId)
455         throws PortalException, SystemException {
456 
457         Organization organization =
458             organizationPersistence.findByPrimaryKey(organizationId);
459 
460         long orgGroupId = organization.getGroup().getGroupId();
461 
462         List<Permission> permissions = permissionPersistence.findByResourceId(
463             resourceId);
464 
465         for (Permission permission : permissions) {
466             groupPersistence.removePermission(orgGroupId, permission);
467         }
468 
469         permissions = getPermissions(
470             organization.getCompanyId(), actionIds, resourceId);
471 
472         orgGroupPermissionFinder.removeByO_G_R(
473             organizationId, groupId, resourceId);
474 
475         for (Permission permission : permissions) {
476             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
477                 organizationId, groupId, permission.getPermissionId());
478 
479             OrgGroupPermission orgGroupPermission =
480                 orgGroupPermissionPersistence.create(pk);
481 
482             orgGroupPermissionPersistence.update(orgGroupPermission, false);
483         }
484 
485         PermissionCacheUtil.clearCache();
486     }
487 
488     public void setRolePermission(
489             long roleId, long companyId, String name, int scope, String primKey,
490             String actionId)
491         throws PortalException, SystemException {
492 
493         if (scope == ResourceConstants.SCOPE_COMPANY) {
494 
495             // Remove group permission
496 
497             unsetRolePermissions(
498                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
499                 actionId);
500         }
501         else if (scope == ResourceConstants.SCOPE_GROUP) {
502 
503             // Remove company permission
504 
505             unsetRolePermissions(
506                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
507                 actionId);
508         }
509         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
510             throw new NoSuchPermissionException();
511         }
512 
513         Resource resource = resourceLocalService.addResource(
514             companyId, name, scope, primKey);
515 
516         Permission permission = permissionPersistence.fetchByA_R(
517             actionId, resource.getResourceId());
518 
519         if (permission == null) {
520             long permissionId = counterLocalService.increment(
521                 Permission.class.getName());
522 
523             permission = permissionPersistence.create(permissionId);
524 
525             permission.setCompanyId(companyId);
526             permission.setActionId(actionId);
527             permission.setResourceId(resource.getResourceId());
528 
529             permissionPersistence.update(permission, false);
530         }
531 
532         rolePersistence.addPermission(roleId, permission);
533 
534         PermissionCacheUtil.clearCache();
535     }
536 
537     public void setRolePermissions(
538             long roleId, long companyId, String name, int scope, String primKey,
539             String[] actionIds)
540         throws PortalException, SystemException {
541 
542         for (int i = 0; i < actionIds.length; i++) {
543             String actionId = actionIds[i];
544 
545             setRolePermission(
546                 roleId, companyId, name, scope, primKey, actionId);
547         }
548     }
549 
550     public void setRolePermissions(
551             long roleId, String[] actionIds, long resourceId)
552         throws PortalException, SystemException {
553 
554         Role role = rolePersistence.findByPrimaryKey(roleId);
555 
556         List<Permission> permissions = permissionFinder.findByR_R(
557             roleId, resourceId);
558 
559         rolePersistence.removePermissions(roleId, permissions);
560 
561         permissions = getPermissions(
562             role.getCompanyId(), actionIds, resourceId);
563 
564         rolePersistence.addPermissions(roleId, permissions);
565 
566         PermissionCacheUtil.clearCache();
567     }
568 
569     public void setUserPermissions(
570             long userId, String[] actionIds, long resourceId)
571         throws PortalException, SystemException {
572 
573         User user = userPersistence.findByPrimaryKey(userId);
574 
575         List<Permission> permissions = permissionFinder.findByU_R(
576             userId, resourceId);
577 
578         userPersistence.removePermissions(userId, permissions);
579 
580         permissions = getPermissions(
581             user.getCompanyId(), actionIds, resourceId);
582 
583         userPersistence.addPermissions(userId, permissions);
584 
585         PermissionCacheUtil.clearCache();
586     }
587 
588     public void unsetRolePermission(long roleId, long permissionId)
589         throws SystemException {
590 
591         Permission permission = permissionPersistence.fetchByPrimaryKey(
592             permissionId);
593 
594         if (permission != null) {
595             rolePersistence.removePermission(roleId, permission);
596         }
597 
598         PermissionCacheUtil.clearCache();
599     }
600 
601     public void unsetRolePermission(
602             long roleId, long companyId, String name, int scope, String primKey,
603             String actionId)
604         throws SystemException {
605 
606         ResourceCode resourceCode =
607             resourceCodeLocalService.getResourceCode(
608                 companyId, name, scope);
609 
610         Resource resource = resourcePersistence.fetchByC_P(
611             resourceCode.getCodeId(), primKey);
612 
613         if (resource != null) {
614             Permission permission = permissionPersistence.fetchByA_R(
615                 actionId, resource.getResourceId());
616 
617             if (permission != null) {
618                 rolePersistence.removePermission(roleId, permission);
619             }
620         }
621 
622         PermissionCacheUtil.clearCache();
623     }
624 
625     public void unsetRolePermissions(
626             long roleId, long companyId, String name, int scope,
627             String actionId)
628         throws SystemException {
629 
630         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
631             companyId, name, scope);
632 
633         List<Resource> resources = resourcePersistence.findByCodeId(
634             resourceCode.getCodeId());
635 
636         for (Resource resource : resources) {
637             Permission permission = permissionPersistence.fetchByA_R(
638                 actionId, resource.getResourceId());
639 
640             if (permission != null) {
641                 rolePersistence.removePermission(roleId, permission);
642             }
643         }
644 
645         PermissionCacheUtil.clearCache();
646     }
647 
648     public void unsetUserPermissions(
649             long userId, String[] actionIds, long resourceId)
650         throws SystemException {
651 
652         List<Permission> permissions = permissionFinder.findByU_A_R(
653             userId, actionIds, resourceId);
654 
655         userPersistence.removePermissions(userId, permissions);
656 
657         PermissionCacheUtil.clearCache();
658     }
659 
660     protected boolean checkOrgGroupPermission(
661             List<Organization> organizations, List<Group> groups,
662             List<Permission> permissions)
663         throws PortalException, SystemException {
664 
665         for (Permission permission : permissions) {
666             if (checkOrgGroupPermission(organizations, groups, permission)) {
667                 return true;
668             }
669         }
670 
671         return false;
672     }
673 
674     protected boolean checkOrgGroupPermission(
675             List<Organization> organizations, List<Group> groups,
676             Permission permission)
677         throws PortalException, SystemException {
678 
679         // Do not check for an OrgGroupPermission intersection unless there is
680         // at least one organization and one group to check
681 
682         if ((organizations.size() == 0) || (groups.size() == 0)) {
683             return false;
684         }
685 
686         // Do not check unless the OrgGroupPermission intersection contains at
687         // least one permission
688 
689         List<OrgGroupPermission> orgGroupPermissions =
690             orgGroupPermissionPersistence.findByPermissionId(
691                 permission.getPermissionId());
692 
693         if (orgGroupPermissions.size() == 0) {
694             return false;
695         }
696 
697         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
698             if (orgGroupPermission.containsOrganization(organizations) &&
699                 orgGroupPermission.containsGroup(groups)) {
700 
701                 return true;
702             }
703         }
704 
705         // Throw an exception so that we do not continue checking permissions.
706         // The user has a specific permission given in the OrgGroupPermission
707         // intersection that prohibits him from going further.
708 
709         throw new NoSuchPermissionException(
710             "User has a permission in OrgGroupPermission that does not match");
711     }
712 
713     protected boolean hasUserPermissions_1(
714             long userId, String actionId, long resourceId,
715             List<Permission> permissions, List<Group> groups, long groupId,
716             StopWatch stopWatch, int block)
717         throws SystemException {
718 
719         // Is the user connected to one of the permissions via group or
720         // organization roles?
721 
722         if (groups.size() > 0) {
723             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
724                 return true;
725             }
726         }
727 
728         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
729 
730         // Is the user associated with groups or organizations that are directly
731         // connected to one of the permissions?
732 
733         if (groups.size() > 0) {
734             if (permissionFinder.countByGroupsPermissions(
735                     permissions, groups) > 0) {
736 
737                 return true;
738             }
739         }
740 
741         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
742 
743         // Is the user connected to one of the permissions via user roles?
744 
745         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
746             return true;
747         }
748 
749         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
750 
751         // Is the user connected to one of the permissions via user group roles?
752 
753         if (permissionFinder.countByUserGroupRole(
754                 permissions, userId, groupId) > 0) {
755 
756             return true;
757         }
758 
759         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
760 
761         // Is the user directly connected to one of the permissions?
762 
763         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
764             return true;
765         }
766 
767         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
768 
769         return false;
770     }
771 
772     protected boolean hasUserPermissions_2(
773             long userId, String actionId, long resourceId,
774             List<Permission> permissions, List<Group> groups, long groupId,
775             StopWatch stopWatch, int block)
776         throws SystemException {
777 
778         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
779         // countByUserGroupRole, and countByUsersPermissions in one method
780 
781         if (permissionFinder.containsPermissions_2(
782                 permissions, userId, groups, groupId)) {
783 
784             return true;
785         }
786 
787         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
788 
789         return false;
790     }
791 
792     protected boolean hasUserPermissions_3(
793             long userId, String actionId, long resourceId,
794             List<Permission> permissions, List<Group> groups, List<Role> roles,
795             StopWatch stopWatch, int block)
796         throws SystemException {
797 
798         // Is the user associated with groups or organizations that are directly
799         // connected to one of the permissions?
800 
801         if (groups.size() > 0) {
802             if (permissionFinder.countByGroupsPermissions(
803                     permissions, groups) > 0) {
804 
805                 return true;
806             }
807         }
808 
809         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
810 
811         // Is the user associated with a role that is directly connected to one
812         // of the permissions?
813 
814         if (roles.size() > 0) {
815             if (permissionFinder.countByRolesPermissions(
816                     permissions, roles) > 0) {
817 
818                 return true;
819             }
820         }
821 
822         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
823 
824         // Is the user directly connected to one of the permissions?
825 
826         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
827             return true;
828         }
829 
830         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
831 
832         return false;
833     }
834 
835     protected boolean hasUserPermissions_4(
836             long userId, String actionId, long resourceId,
837             List<Permission> permissions, List<Group> groups, List<Role> roles,
838             StopWatch stopWatch, int block)
839         throws SystemException {
840 
841         // Call countByGroupsPermissions, countByRolesPermissions, and
842         // countByUsersPermissions in one method
843 
844         if (permissionFinder.containsPermissions_4(
845                 permissions, userId, groups, roles)) {
846 
847             return true;
848         }
849 
850         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
851 
852         return false;
853     }
854 
855     protected boolean hasUserPermissions_5(
856             long userId, String actionId, long resourceId,
857             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
858             int block)
859         throws SystemException {
860 
861         if (roles.size() > 0) {
862             if (permissionFinder.countByRolesPermissions(
863                     permissions, roles) > 0) {
864 
865                 return true;
866             }
867         }
868 
869         logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
870 
871         return false;
872     }
873 
874     protected void logHasUserPermissions(
875         long userId, String actionId, long resourceId, StopWatch stopWatch,
876         int block) {
877 
878         if (!_log.isDebugEnabled()) {
879             return;
880         }
881 
882         _log.debug(
883             "Checking user permissions block " + block + " for " + userId +
884                 " " + actionId + " " + resourceId + " takes " +
885                     stopWatch.getTime() + " ms");
886     }
887 
888     private static Log _log =
889         LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
890 
891 }