1
19
20 package com.liferay.portal.service.impl;
21
22 import com.liferay.portal.NoSuchPermissionException;
23 import com.liferay.portal.PortalException;
24 import com.liferay.portal.SystemException;
25 import com.liferay.portal.kernel.log.Log;
26 import com.liferay.portal.kernel.log.LogFactoryUtil;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.kernel.util.Validator;
29 import com.liferay.portal.model.Group;
30 import com.liferay.portal.model.OrgGroupPermission;
31 import com.liferay.portal.model.Organization;
32 import com.liferay.portal.model.Permission;
33 import com.liferay.portal.model.Resource;
34 import com.liferay.portal.model.ResourceCode;
35 import com.liferay.portal.model.ResourceConstants;
36 import com.liferay.portal.model.Role;
37 import com.liferay.portal.model.User;
38 import com.liferay.portal.model.UserGroup;
39 import com.liferay.portal.security.permission.PermissionCacheUtil;
40 import com.liferay.portal.security.permission.PermissionCheckerBag;
41 import com.liferay.portal.security.permission.ResourceActionsUtil;
42 import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
43 import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
44 import com.liferay.portal.util.PropsValues;
45 import com.liferay.portal.util.comparator.PermissionComparator;
46
47 import java.util.ArrayList;
48 import java.util.Iterator;
49 import java.util.List;
50
51 import org.apache.commons.lang.time.StopWatch;
52
53
61 public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
62
63 public Permission addPermission(
64 long companyId, String actionId, long resourceId)
65 throws SystemException {
66
67 Permission permission = permissionPersistence.fetchByA_R(
68 actionId, resourceId);
69
70 if (permission == null) {
71 long permissionId = counterLocalService.increment(
72 Permission.class.getName());
73
74 permission = permissionPersistence.create(permissionId);
75
76 permission.setCompanyId(companyId);
77 permission.setActionId(actionId);
78 permission.setResourceId(resourceId);
79
80 permissionPersistence.update(permission, false);
81 }
82
83 return permission;
84 }
85
86 public List<Permission> addPermissions(
87 long companyId, String name, long resourceId,
88 boolean portletActions)
89 throws SystemException {
90
91 List<Permission> permissions = new ArrayList<Permission>();
92
93 List<String> actions = null;
94
95 if (portletActions) {
96 actions =
97 ResourceActionsUtil.getPortletResourceActions(companyId, name);
98 }
99 else {
100 actions = ResourceActionsUtil.getModelResourceActions(name);
101 }
102
103 for (int i = 0; i < actions.size(); i++) {
104 String actionId = actions.get(i);
105
106 Permission permission = addPermission(
107 companyId, actionId, resourceId);
108
109 permissions.add(permission);
110 }
111
112 return permissions;
113 }
114
115 public void addUserPermissions(
116 long userId, String[] actionIds, long resourceId)
117 throws PortalException, SystemException {
118
119 User user = userPersistence.findByPrimaryKey(userId);
120
121 List<Permission> permissions = permissionFinder.findByU_R(
122 userId, resourceId);
123
124 permissions = getPermissions(
125 user.getCompanyId(), actionIds, resourceId);
126
127 userPersistence.addPermissions(userId, permissions);
128
129 PermissionCacheUtil.clearCache();
130 }
131
132 public List<String> getActions(List<Permission> permissions) {
133 List<String> actions = new ArrayList<String>();
134
135 Iterator<Permission> itr = permissions.iterator();
136
137 while (itr.hasNext()) {
138 Permission permission = itr.next();
139
140 actions.add(permission.getActionId());
141 }
142
143 return actions;
144 }
145
146 public List<Permission> getGroupPermissions(long groupId, long resourceId)
147 throws SystemException {
148
149 return permissionFinder.findByG_R(groupId, resourceId);
150 }
151
152 public List<Permission> getGroupPermissions(
153 long groupId, long companyId, String name, int scope,
154 String primKey)
155 throws SystemException {
156
157 return permissionFinder.findByG_C_N_S_P(
158 groupId, companyId, name, scope, primKey);
159 }
160
161 public List<Permission> getOrgGroupPermissions(
162 long organizationId, long groupId, long resourceId)
163 throws SystemException {
164
165 return permissionFinder.findByO_G_R(
166 organizationId, groupId, resourceId);
167 }
168
169 public long getLatestPermissionId() throws SystemException {
170 List<Permission> permissions = permissionPersistence.findAll(
171 0, 1, new PermissionComparator());
172
173 if (permissions.size() == 0) {
174 return 0;
175 }
176 else {
177 Permission permission = permissions.get(0);
178
179 return permission.getPermissionId();
180 }
181 }
182
183 public List<Permission> getPermissions(
184 long companyId, String[] actionIds, long resourceId)
185 throws SystemException {
186
187 List<Permission> permissions = new ArrayList<Permission>();
188
189 for (int i = 0; i < actionIds.length; i++) {
190 Permission permission = addPermission(
191 companyId, actionIds[i], resourceId);
192
193 permissions.add(permission);
194 }
195
196 return permissions;
197 }
198
199 public List<Permission> getRolePermissions(long roleId)
200 throws SystemException {
201
202 return rolePersistence.getPermissions(roleId);
203 }
204
205 public List<Permission> getRolePermissions(long roleId, long resourceId)
206 throws SystemException {
207
208 return permissionFinder.findByR_R(roleId, resourceId);
209 }
210
211 public List<Permission> getUserPermissions(long userId, long resourceId)
212 throws SystemException {
213
214 return permissionFinder.findByU_R(userId, resourceId);
215 }
216
217 public List<Permission> getUserPermissions(
218 long userId, long companyId, String name, int scope, String primKey)
219 throws SystemException {
220
221 return permissionFinder.findByU_C_N_S_P(
222 userId, companyId, name, scope, primKey);
223 }
224
225 public boolean hasGroupPermission(
226 long groupId, String actionId, long resourceId)
227 throws SystemException {
228
229 Permission permission = permissionPersistence.fetchByA_R(
230 actionId, resourceId);
231
232
235 if (permission == null) {
236 return false;
237 }
238
239 return groupPersistence.containsPermission(
240 groupId, permission.getPermissionId());
241 }
242
243 public boolean hasRolePermission(
244 long roleId, long companyId, String name, int scope,
245 String actionId)
246 throws SystemException {
247
248 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
249 companyId, name, scope);
250
251 List<Resource> resources = resourcePersistence.findByCodeId(
252 resourceCode.getCodeId());
253
254 for (Resource resource : resources) {
255 Permission permission = permissionPersistence.fetchByA_R(
256 actionId, resource.getResourceId());
257
258 if (permission != null) {
259 if (rolePersistence.containsPermission(
260 roleId, permission.getPermissionId())) {
261
262 return true;
263 }
264 }
265 }
266
267 return false;
268 }
269
270 public boolean hasRolePermission(
271 long roleId, long companyId, String name, int scope, String primKey,
272 String actionId)
273 throws SystemException {
274
275 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
276 companyId, name, scope);
277
278 Resource resource = resourcePersistence.fetchByC_P(
279 resourceCode.getCodeId(), primKey);
280
281 if (resource == null) {
282 return false;
283 }
284
285 Permission permission = permissionPersistence.fetchByA_R(
286 actionId, resource.getResourceId());
287
288 if (permission == null) {
289 return false;
290 }
291
292 return rolePersistence.containsPermission(
293 roleId, permission.getPermissionId());
294 }
295
296 public boolean hasUserPermission(
297 long userId, String actionId, long resourceId)
298 throws SystemException {
299
300 Permission permission = permissionPersistence.fetchByA_R(
301 actionId, resourceId);
302
303
306 if (permission == null) {
307 return false;
308 }
309
310 return userPersistence.containsPermission(
311 userId, permission.getPermissionId());
312 }
313
314 public boolean hasUserPermissions(
315 long userId, long groupId, String actionId, long[] resourceIds,
316 PermissionCheckerBag permissionCheckerBag)
317 throws SystemException {
318
319 StopWatch stopWatch = null;
320
321 if (_log.isDebugEnabled()) {
322 stopWatch = new StopWatch();
323
324 stopWatch.start();
325 }
326
327 int block = 1;
328
329
331 if ((Validator.isNull(actionId)) || (resourceIds == null) ||
332 (resourceIds.length == 0)) {
333
334 return false;
335 }
336
337 List<Permission> permissions = permissionFinder.findByA_R(
338 actionId, resourceIds);
339
340
342 if (permissions.size() == 0) {
343 return false;
344 }
345
346
348 long resourceId = resourceIds[0];
349
350 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
351
352 List<Group> groups = permissionCheckerBag.getGroups();
358 List<Role> roles = permissionCheckerBag.getRoles();
359
360 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
361
362
366
370 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
371
372 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
373 return hasUserPermissions_1(
374 userId, actionId, resourceId, permissions, groups, groupId,
375 stopWatch, block);
376 }
377 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
378 return hasUserPermissions_2(
379 userId, actionId, resourceId, permissions, groups, groupId,
380 stopWatch, block);
381 }
382 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
383 return hasUserPermissions_3(
384 userId, actionId, resourceId, permissions, groups, roles,
385 stopWatch, block);
386 }
387 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
388 return hasUserPermissions_4(
389 userId, actionId, resourceId, permissions, groups, roles,
390 stopWatch, block);
391 }
392 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
393 return hasUserPermissions_5(
394 userId, actionId, resourceId, permissions, roles, stopWatch,
395 block);
396 }
397
398 return false;
399 }
400
401 public void setGroupPermissions(
402 long groupId, String[] actionIds, long resourceId)
403 throws PortalException, SystemException {
404
405 Group group = groupPersistence.findByPrimaryKey(groupId);
406
407 List<Permission> permissions = permissionFinder.findByG_R(
408 groupId, resourceId);
409
410 for (Permission permission : permissions) {
411 groupPersistence.removePermission(groupId, permission);
412 }
413
414 permissions = getPermissions(
415 group.getCompanyId(), actionIds, resourceId);
416
417 groupPersistence.addPermissions(groupId, permissions);
418
419 PermissionCacheUtil.clearCache();
420 }
421
422 public void setGroupPermissions(
423 String className, String classPK, long groupId,
424 String[] actionIds, long resourceId)
425 throws PortalException, SystemException {
426
427 long associatedGroupId = 0;
428
429 if (className.equals(Organization.class.getName())) {
430 long organizationId = GetterUtil.getLong(classPK);
431
432 Organization organization =
433 organizationPersistence.findByPrimaryKey(organizationId);
434
435 orgGroupPermissionFinder.removeByO_G_R(
436 organizationId, groupId, resourceId);
437
438 associatedGroupId = organization.getGroup().getGroupId();
439 }
440 else if (className.equals(UserGroup.class.getName())) {
441 long userGroupId = GetterUtil.getLong(classPK);
442
443 UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
444 userGroupId);
445
446 associatedGroupId = userGroup.getGroup().getGroupId();
447 }
448
449 setGroupPermissions(associatedGroupId, actionIds, resourceId);
450 }
451
452 public void setOrgGroupPermissions(
453 long organizationId, long groupId, String[] actionIds,
454 long resourceId)
455 throws PortalException, SystemException {
456
457 Organization organization =
458 organizationPersistence.findByPrimaryKey(organizationId);
459
460 long orgGroupId = organization.getGroup().getGroupId();
461
462 List<Permission> permissions = permissionPersistence.findByResourceId(
463 resourceId);
464
465 for (Permission permission : permissions) {
466 groupPersistence.removePermission(orgGroupId, permission);
467 }
468
469 permissions = getPermissions(
470 organization.getCompanyId(), actionIds, resourceId);
471
472 orgGroupPermissionFinder.removeByO_G_R(
473 organizationId, groupId, resourceId);
474
475 for (Permission permission : permissions) {
476 OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
477 organizationId, groupId, permission.getPermissionId());
478
479 OrgGroupPermission orgGroupPermission =
480 orgGroupPermissionPersistence.create(pk);
481
482 orgGroupPermissionPersistence.update(orgGroupPermission, false);
483 }
484
485 PermissionCacheUtil.clearCache();
486 }
487
488 public void setRolePermission(
489 long roleId, long companyId, String name, int scope, String primKey,
490 String actionId)
491 throws PortalException, SystemException {
492
493 if (scope == ResourceConstants.SCOPE_COMPANY) {
494
495
497 unsetRolePermissions(
498 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
499 actionId);
500 }
501 else if (scope == ResourceConstants.SCOPE_GROUP) {
502
503
505 unsetRolePermissions(
506 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
507 actionId);
508 }
509 else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
510 throw new NoSuchPermissionException();
511 }
512
513 Resource resource = resourceLocalService.addResource(
514 companyId, name, scope, primKey);
515
516 Permission permission = permissionPersistence.fetchByA_R(
517 actionId, resource.getResourceId());
518
519 if (permission == null) {
520 long permissionId = counterLocalService.increment(
521 Permission.class.getName());
522
523 permission = permissionPersistence.create(permissionId);
524
525 permission.setCompanyId(companyId);
526 permission.setActionId(actionId);
527 permission.setResourceId(resource.getResourceId());
528
529 permissionPersistence.update(permission, false);
530 }
531
532 rolePersistence.addPermission(roleId, permission);
533
534 PermissionCacheUtil.clearCache();
535 }
536
537 public void setRolePermissions(
538 long roleId, long companyId, String name, int scope, String primKey,
539 String[] actionIds)
540 throws PortalException, SystemException {
541
542 for (int i = 0; i < actionIds.length; i++) {
543 String actionId = actionIds[i];
544
545 setRolePermission(
546 roleId, companyId, name, scope, primKey, actionId);
547 }
548 }
549
550 public void setRolePermissions(
551 long roleId, String[] actionIds, long resourceId)
552 throws PortalException, SystemException {
553
554 Role role = rolePersistence.findByPrimaryKey(roleId);
555
556 List<Permission> permissions = permissionFinder.findByR_R(
557 roleId, resourceId);
558
559 rolePersistence.removePermissions(roleId, permissions);
560
561 permissions = getPermissions(
562 role.getCompanyId(), actionIds, resourceId);
563
564 rolePersistence.addPermissions(roleId, permissions);
565
566 PermissionCacheUtil.clearCache();
567 }
568
569 public void setUserPermissions(
570 long userId, String[] actionIds, long resourceId)
571 throws PortalException, SystemException {
572
573 User user = userPersistence.findByPrimaryKey(userId);
574
575 List<Permission> permissions = permissionFinder.findByU_R(
576 userId, resourceId);
577
578 userPersistence.removePermissions(userId, permissions);
579
580 permissions = getPermissions(
581 user.getCompanyId(), actionIds, resourceId);
582
583 userPersistence.addPermissions(userId, permissions);
584
585 PermissionCacheUtil.clearCache();
586 }
587
588 public void unsetRolePermission(long roleId, long permissionId)
589 throws SystemException {
590
591 Permission permission = permissionPersistence.fetchByPrimaryKey(
592 permissionId);
593
594 if (permission != null) {
595 rolePersistence.removePermission(roleId, permission);
596 }
597
598 PermissionCacheUtil.clearCache();
599 }
600
601 public void unsetRolePermission(
602 long roleId, long companyId, String name, int scope, String primKey,
603 String actionId)
604 throws SystemException {
605
606 ResourceCode resourceCode =
607 resourceCodeLocalService.getResourceCode(
608 companyId, name, scope);
609
610 Resource resource = resourcePersistence.fetchByC_P(
611 resourceCode.getCodeId(), primKey);
612
613 if (resource != null) {
614 Permission permission = permissionPersistence.fetchByA_R(
615 actionId, resource.getResourceId());
616
617 if (permission != null) {
618 rolePersistence.removePermission(roleId, permission);
619 }
620 }
621
622 PermissionCacheUtil.clearCache();
623 }
624
625 public void unsetRolePermissions(
626 long roleId, long companyId, String name, int scope,
627 String actionId)
628 throws SystemException {
629
630 ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
631 companyId, name, scope);
632
633 List<Resource> resources = resourcePersistence.findByCodeId(
634 resourceCode.getCodeId());
635
636 for (Resource resource : resources) {
637 Permission permission = permissionPersistence.fetchByA_R(
638 actionId, resource.getResourceId());
639
640 if (permission != null) {
641 rolePersistence.removePermission(roleId, permission);
642 }
643 }
644
645 PermissionCacheUtil.clearCache();
646 }
647
648 public void unsetUserPermissions(
649 long userId, String[] actionIds, long resourceId)
650 throws SystemException {
651
652 List<Permission> permissions = permissionFinder.findByU_A_R(
653 userId, actionIds, resourceId);
654
655 userPersistence.removePermissions(userId, permissions);
656
657 PermissionCacheUtil.clearCache();
658 }
659
660 protected boolean checkOrgGroupPermission(
661 List<Organization> organizations, List<Group> groups,
662 List<Permission> permissions)
663 throws PortalException, SystemException {
664
665 for (Permission permission : permissions) {
666 if (checkOrgGroupPermission(organizations, groups, permission)) {
667 return true;
668 }
669 }
670
671 return false;
672 }
673
674 protected boolean checkOrgGroupPermission(
675 List<Organization> organizations, List<Group> groups,
676 Permission permission)
677 throws PortalException, SystemException {
678
679
682 if ((organizations.size() == 0) || (groups.size() == 0)) {
683 return false;
684 }
685
686
689 List<OrgGroupPermission> orgGroupPermissions =
690 orgGroupPermissionPersistence.findByPermissionId(
691 permission.getPermissionId());
692
693 if (orgGroupPermissions.size() == 0) {
694 return false;
695 }
696
697 for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
698 if (orgGroupPermission.containsOrganization(organizations) &&
699 orgGroupPermission.containsGroup(groups)) {
700
701 return true;
702 }
703 }
704
705
709 throw new NoSuchPermissionException(
710 "User has a permission in OrgGroupPermission that does not match");
711 }
712
713 protected boolean hasUserPermissions_1(
714 long userId, String actionId, long resourceId,
715 List<Permission> permissions, List<Group> groups, long groupId,
716 StopWatch stopWatch, int block)
717 throws SystemException {
718
719
722 if (groups.size() > 0) {
723 if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
724 return true;
725 }
726 }
727
728 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
729
730
733 if (groups.size() > 0) {
734 if (permissionFinder.countByGroupsPermissions(
735 permissions, groups) > 0) {
736
737 return true;
738 }
739 }
740
741 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
742
743
745 if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
746 return true;
747 }
748
749 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
750
751
753 if (permissionFinder.countByUserGroupRole(
754 permissions, userId, groupId) > 0) {
755
756 return true;
757 }
758
759 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
760
761
763 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
764 return true;
765 }
766
767 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
768
769 return false;
770 }
771
772 protected boolean hasUserPermissions_2(
773 long userId, String actionId, long resourceId,
774 List<Permission> permissions, List<Group> groups, long groupId,
775 StopWatch stopWatch, int block)
776 throws SystemException {
777
778
781 if (permissionFinder.containsPermissions_2(
782 permissions, userId, groups, groupId)) {
783
784 return true;
785 }
786
787 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
788
789 return false;
790 }
791
792 protected boolean hasUserPermissions_3(
793 long userId, String actionId, long resourceId,
794 List<Permission> permissions, List<Group> groups, List<Role> roles,
795 StopWatch stopWatch, int block)
796 throws SystemException {
797
798
801 if (groups.size() > 0) {
802 if (permissionFinder.countByGroupsPermissions(
803 permissions, groups) > 0) {
804
805 return true;
806 }
807 }
808
809 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
810
811
814 if (roles.size() > 0) {
815 if (permissionFinder.countByRolesPermissions(
816 permissions, roles) > 0) {
817
818 return true;
819 }
820 }
821
822 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
823
824
826 if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
827 return true;
828 }
829
830 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
831
832 return false;
833 }
834
835 protected boolean hasUserPermissions_4(
836 long userId, String actionId, long resourceId,
837 List<Permission> permissions, List<Group> groups, List<Role> roles,
838 StopWatch stopWatch, int block)
839 throws SystemException {
840
841
844 if (permissionFinder.containsPermissions_4(
845 permissions, userId, groups, roles)) {
846
847 return true;
848 }
849
850 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
851
852 return false;
853 }
854
855 protected boolean hasUserPermissions_5(
856 long userId, String actionId, long resourceId,
857 List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
858 int block)
859 throws SystemException {
860
861 if (roles.size() > 0) {
862 if (permissionFinder.countByRolesPermissions(
863 permissions, roles) > 0) {
864
865 return true;
866 }
867 }
868
869 logHasUserPermissions(userId, actionId, resourceId, stopWatch, block++);
870
871 return false;
872 }
873
874 protected void logHasUserPermissions(
875 long userId, String actionId, long resourceId, StopWatch stopWatch,
876 int block) {
877
878 if (!_log.isDebugEnabled()) {
879 return;
880 }
881
882 _log.debug(
883 "Checking user permissions block " + block + " for " + userId +
884 " " + actionId + " " + resourceId + " takes " +
885 stopWatch.getTime() + " ms");
886 }
887
888 private static Log _log =
889 LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
890
891 }