1
19
20 package com.liferay.portlet.enterpriseadmin.action;
21
22 import com.liferay.portal.NoSuchRoleException;
23 import com.liferay.portal.RolePermissionsException;
24 import com.liferay.portal.kernel.servlet.SessionErrors;
25 import com.liferay.portal.kernel.servlet.SessionMessages;
26 import com.liferay.portal.kernel.util.ArrayUtil;
27 import com.liferay.portal.kernel.util.Constants;
28 import com.liferay.portal.kernel.util.ListUtil;
29 import com.liferay.portal.kernel.util.ParamUtil;
30 import com.liferay.portal.kernel.util.StringUtil;
31 import com.liferay.portal.kernel.util.Validator;
32 import com.liferay.portal.model.GroupConstants;
33 import com.liferay.portal.model.ResourceConstants;
34 import com.liferay.portal.model.Role;
35 import com.liferay.portal.model.RoleConstants;
36 import com.liferay.portal.security.auth.PrincipalException;
37 import com.liferay.portal.security.permission.ResourceActionsUtil;
38 import com.liferay.portal.security.permission.comparator.ActionComparator;
39 import com.liferay.portal.service.PermissionServiceUtil;
40 import com.liferay.portal.service.RoleLocalServiceUtil;
41 import com.liferay.portal.struts.PortletAction;
42 import com.liferay.portal.theme.ThemeDisplay;
43 import com.liferay.portal.util.WebKeys;
44
45 import java.util.HashMap;
46 import java.util.List;
47 import java.util.Map;
48
49 import javax.portlet.ActionRequest;
50 import javax.portlet.ActionResponse;
51 import javax.portlet.PortletConfig;
52 import javax.portlet.RenderRequest;
53 import javax.portlet.RenderResponse;
54
55 import org.apache.struts.action.ActionForm;
56 import org.apache.struts.action.ActionForward;
57 import org.apache.struts.action.ActionMapping;
58
59
66 public class EditRolePermissionsAction extends PortletAction {
67
68 public void processAction(
69 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
70 ActionRequest actionRequest, ActionResponse actionResponse)
71 throws Exception {
72
73 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
74
75 try {
76 if (cmd.equals("actions")) {
77 updateActions(actionRequest, actionResponse);
78 }
79 else if (cmd.equals("delete_permission")) {
80 deletePermission(actionRequest, actionResponse);
81 }
82 }
83 catch (Exception e) {
84 if (e instanceof NoSuchRoleException ||
85 e instanceof PrincipalException ||
86 e instanceof RolePermissionsException) {
87
88 SessionErrors.add(actionRequest, e.getClass().getName());
89
90 setForward(actionRequest, "portlet.enterprise_admin.error");
91 }
92 else {
93 throw e;
94 }
95 }
96 }
97
98 public ActionForward render(
99 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
100 RenderRequest renderRequest, RenderResponse renderResponse)
101 throws Exception {
102
103 try {
104 ActionUtil.getRole(renderRequest);
105 }
106 catch (Exception e) {
107 if (e instanceof NoSuchRoleException ||
108 e instanceof PrincipalException) {
109
110 SessionErrors.add(renderRequest, e.getClass().getName());
111
112 return mapping.findForward("portlet.enterprise_admin.error");
113 }
114 else {
115 throw e;
116 }
117 }
118
119 return mapping.findForward(getForward(
120 renderRequest, "portlet.enterprise_admin.edit_role_permissions"));
121 }
122
123 protected void deletePermission(
124 ActionRequest actionRequest, ActionResponse actionResponse)
125 throws Exception {
126
127 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
128 WebKeys.THEME_DISPLAY);
129
130 long roleId = ParamUtil.getLong(actionRequest, "roleId");
131 long permissionId = ParamUtil.getLong(actionRequest, "permissionId");
132
133 Role role = RoleLocalServiceUtil.getRole(roleId);
134
135 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
136 role.getName().equals(RoleConstants.OWNER) ||
137 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
138 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
139 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
140 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
141
142 throw new RolePermissionsException(role.getName());
143 }
144
145 PermissionServiceUtil.unsetRolePermission(
146 roleId, themeDisplay.getScopeGroupId(), permissionId);
147
148
150 SessionMessages.add(actionRequest, "permissionDeleted");
151
152 String redirect = ParamUtil.getString(actionRequest, "redirect");
153
154 actionResponse.sendRedirect(redirect);
155 }
156
157 protected void updateActions(
158 ActionRequest actionRequest, ActionResponse actionResponse)
159 throws Exception {
160
161 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
162 WebKeys.THEME_DISPLAY);
163
164 long roleId = ParamUtil.getLong(actionRequest, "roleId");
165
166 Role role = RoleLocalServiceUtil.getRole(roleId);
167
168 if (role.getName().equals(RoleConstants.ADMINISTRATOR) ||
169 role.getName().equals(RoleConstants.OWNER) ||
170 role.getName().equals(RoleConstants.COMMUNITY_ADMINISTRATOR) ||
171 role.getName().equals(RoleConstants.COMMUNITY_OWNER) ||
172 role.getName().equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
173 role.getName().equals(RoleConstants.ORGANIZATION_OWNER)) {
174
175 throw new RolePermissionsException(role.getName());
176 }
177
178 String portletResource = ParamUtil.getString(
179 actionRequest, "portletResource");
180 String[] modelResources = StringUtil.split(
181 ParamUtil.getString(actionRequest, "modelResources"));
182
183 Map<String, List<String>> resourceActionsMap =
184 new HashMap<String, List<String>>();
185
186 if (Validator.isNotNull(portletResource)) {
187 resourceActionsMap.put(
188 portletResource,
189 ResourceActionsUtil.getResourceActions(
190 themeDisplay.getCompanyId(), portletResource, null));
191 }
192
193 for (int i = 0; i < modelResources.length; i++) {
194 resourceActionsMap.put(
195 modelResources[i],
196 ResourceActionsUtil.getResourceActions(
197 themeDisplay.getCompanyId(), null, modelResources[i]));
198 }
199
200 for (Map.Entry<String, List<String>> entry :
201 resourceActionsMap.entrySet()) {
202
203 String selResource = entry.getKey();
204 List<String> actions = entry.getValue();
205
206 actions = ListUtil.sort(
207 actions,
208 new ActionComparator(
209 themeDisplay.getCompanyId(), themeDisplay.getLocale()));
210
211 for (String actionId : actions) {
212 int scope = ParamUtil.getInteger(
213 actionRequest, "scope" + selResource + actionId);
214
215 if (scope == ResourceConstants.SCOPE_COMPANY) {
216 PermissionServiceUtil.setRolePermission(
217 roleId, themeDisplay.getScopeGroupId(), selResource,
218 scope, String.valueOf(themeDisplay.getCompanyId()),
219 actionId);
220 }
221 else if (scope == ResourceConstants.SCOPE_GROUP) {
222 if ((role.getType() == RoleConstants.TYPE_COMMUNITY) ||
223 (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
224
225 PermissionServiceUtil.setRolePermission(
226 roleId, themeDisplay.getScopeGroupId(), selResource,
227 ResourceConstants.SCOPE_GROUP_TEMPLATE,
228 String.valueOf(
229 GroupConstants.DEFAULT_PARENT_GROUP_ID),
230 actionId);
231 }
232 else {
233 String[] groupIds = StringUtil.split(
234 ParamUtil.getString(
235 actionRequest,
236 "groupIds" + selResource + actionId));
237
238 if (groupIds.length == 0) {
239 SessionErrors.add(
240 actionRequest, "missingGroupIdsForAction");
241
242 return;
243 }
244
245 groupIds = ArrayUtil.distinct(groupIds);
246
247 PermissionServiceUtil.unsetRolePermissions(
248 roleId, themeDisplay.getScopeGroupId(),
249 selResource, ResourceConstants.SCOPE_GROUP,
250 actionId);
251
252 for (int j = 0; j < groupIds.length; j++) {
253 PermissionServiceUtil.setRolePermission(
254 roleId, themeDisplay.getScopeGroupId(),
255 selResource, ResourceConstants.SCOPE_GROUP,
256 groupIds[j], actionId);
257 }
258 }
259 }
260 else {
261
262
264 PermissionServiceUtil.unsetRolePermissions(
265 roleId, themeDisplay.getScopeGroupId(), selResource,
266 ResourceConstants.SCOPE_COMPANY, actionId);
267
268 PermissionServiceUtil.unsetRolePermissions(
269 roleId, themeDisplay.getScopeGroupId(), selResource,
270 ResourceConstants.SCOPE_GROUP_TEMPLATE, actionId);
271
272 PermissionServiceUtil.unsetRolePermissions(
273 roleId, themeDisplay.getScopeGroupId(), selResource,
274 ResourceConstants.SCOPE_GROUP, actionId);
275 }
276 }
277 }
278
279
281 SessionMessages.add(actionRequest, "permissionsUpdated");
282
283 String redirect =
284 ParamUtil.getString(actionRequest, "redirect") + "&" +
285 Constants.CMD + "=" + Constants.VIEW;
286
287 actionResponse.sendRedirect(redirect);
288 }
289
290 }