1
22
23 package com.liferay.portlet.portletconfiguration.action;
24
25 import com.liferay.portal.kernel.servlet.SessionErrors;
26 import com.liferay.portal.kernel.servlet.SessionMessages;
27 import com.liferay.portal.kernel.util.Constants;
28 import com.liferay.portal.kernel.util.ParamUtil;
29 import com.liferay.portal.kernel.util.StringUtil;
30 import com.liferay.portal.kernel.util.Validator;
31 import com.liferay.portal.model.Group;
32 import com.liferay.portal.model.Layout;
33 import com.liferay.portal.model.Organization;
34 import com.liferay.portal.model.Portlet;
35 import com.liferay.portal.model.PortletConstants;
36 import com.liferay.portal.model.Resource;
37 import com.liferay.portal.model.Role;
38 import com.liferay.portal.model.UserGroup;
39 import com.liferay.portal.security.auth.PrincipalException;
40 import com.liferay.portal.security.permission.ResourceActionsUtil;
41 import com.liferay.portal.service.PermissionServiceUtil;
42 import com.liferay.portal.service.PortletLocalServiceUtil;
43 import com.liferay.portal.service.ResourceLocalServiceUtil;
44 import com.liferay.portal.service.ResourcePermissionServiceUtil;
45 import com.liferay.portal.servlet.filters.cache.CacheUtil;
46 import com.liferay.portal.theme.ThemeDisplay;
47 import com.liferay.portal.util.PropsValues;
48 import com.liferay.portal.util.WebKeys;
49
50 import java.util.ArrayList;
51 import java.util.Enumeration;
52 import java.util.List;
53
54 import javax.portlet.ActionRequest;
55 import javax.portlet.ActionResponse;
56 import javax.portlet.PortletConfig;
57 import javax.portlet.RenderRequest;
58 import javax.portlet.RenderResponse;
59
60 import org.apache.struts.action.ActionForm;
61 import org.apache.struts.action.ActionForward;
62 import org.apache.struts.action.ActionMapping;
63
64
70 public class EditPermissionsAction extends EditConfigurationAction {
71
72 public void processAction(
73 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
74 ActionRequest actionRequest, ActionResponse actionResponse)
75 throws Exception {
76
77 String cmd = ParamUtil.getString(actionRequest, Constants.CMD);
78
79 try {
80 if (cmd.equals("group_permissions")) {
81 updateGroupPermissions(actionRequest);
82 }
83 else if (cmd.equals("guest_permissions")) {
84 updateGuestPermissions(actionRequest);
85 }
86 else if (cmd.equals("organization_permissions")) {
87 updateOrganizationPermissions(actionRequest);
88 }
89 else if (cmd.equals("role_permissions")) {
90 updateRolePermissions(actionRequest);
91 }
92 else if (cmd.equals("user_group_permissions")) {
93 updateUserGroupPermissions(actionRequest);
94 }
95 else if (cmd.equals("user_permissions")) {
96 updateUserPermissions(actionRequest);
97 }
98
99 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM < 5) {
100 String redirect = ParamUtil.getString(
101 actionRequest, "permissionsRedirect");
102
103 sendRedirect(actionRequest, actionResponse, redirect);
104 }
105 else {
106 SessionMessages.add(actionRequest, "request_processed");
107 }
108 }
109 catch (Exception e) {
110 if (e instanceof PrincipalException) {
111 SessionErrors.add(actionRequest, e.getClass().getName());
112
113 setForward(
114 actionRequest, "portlet.portlet_configuration.error");
115 }
116 else {
117 throw e;
118 }
119 }
120 }
121
122 public ActionForward render(
123 ActionMapping mapping, ActionForm form, PortletConfig portletConfig,
124 RenderRequest renderRequest, RenderResponse renderResponse)
125 throws Exception {
126
127 ThemeDisplay themeDisplay = (ThemeDisplay)renderRequest.getAttribute(
128 WebKeys.THEME_DISPLAY);
129
130 long groupId = themeDisplay.getScopeGroupId();
131
132 String portletResource = ParamUtil.getString(
133 renderRequest, "portletResource");
134 String modelResource = ParamUtil.getString(
135 renderRequest, "modelResource");
136 String resourcePrimKey = ParamUtil.getString(
137 renderRequest, "resourcePrimKey");
138
139 String selResource = portletResource;
140
141 if (Validator.isNotNull(modelResource)) {
142 selResource = modelResource;
143 }
144
145 try {
146 PermissionServiceUtil.checkPermission(
147 groupId, selResource, resourcePrimKey);
148 }
149 catch (PrincipalException pe) {
150 SessionErrors.add(
151 renderRequest, PrincipalException.class.getName());
152
153 setForward(renderRequest, "portlet.portlet_configuration.error");
154 }
155
156 Portlet portlet = PortletLocalServiceUtil.getPortletById(
157 themeDisplay.getCompanyId(), portletResource);
158
159 if (portlet != null) {
160 renderResponse.setTitle(getTitle(portlet, renderRequest));
161 }
162
163 return mapping.findForward(getForward(
164 renderRequest, "portlet.portlet_configuration.edit_permissions"));
165 }
166
167 protected String[] getActionIds(ActionRequest actionRequest, long roleId) {
168 List<String> actionIds = new ArrayList<String>();
169
170 Enumeration<String> enu = actionRequest.getParameterNames();
171
172 while (enu.hasMoreElements()) {
173 String name = enu.nextElement();
174
175 if (name.startsWith(roleId + "_ACTION_")) {
176 int pos = name.indexOf("_ACTION_");
177
178 String actionId = name.substring(pos + 8);
179
180 actionIds.add(actionId);
181 }
182 }
183
184 return actionIds.toArray(new String[actionIds.size()]);
185 }
186
187 protected void updateGroupPermissions(ActionRequest actionRequest)
188 throws Exception {
189
190 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
191
192 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
193 long groupId = ParamUtil.getLong(actionRequest, "groupId");
194 String[] actionIds = StringUtil.split(
195 ParamUtil.getString(actionRequest, "groupIdActionIds"));
196
197 PermissionServiceUtil.setGroupPermissions(
198 groupId, actionIds, resourceId);
199
200 if (!layout.isPrivateLayout()) {
201 Resource resource =
202 ResourceLocalServiceUtil.getResource(resourceId);
203
204 if (resource.getPrimKey().startsWith(
205 layout.getPlid() + PortletConstants.LAYOUT_SEPARATOR)) {
206
207 CacheUtil.clearCache(layout.getCompanyId());
208 }
209 }
210 }
211
212 protected void updateGuestPermissions(ActionRequest actionRequest)
213 throws Exception {
214
215 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
216 WebKeys.THEME_DISPLAY);
217
218 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
219 String[] actionIds = StringUtil.split(
220 ParamUtil.getString(actionRequest, "guestActionIds"));
221
222 PermissionServiceUtil.setUserPermissions(
223 themeDisplay.getDefaultUserId(), themeDisplay.getScopeGroupId(),
224 actionIds, resourceId);
225 }
226
227 protected void updateOrganizationPermissions(ActionRequest actionRequest)
228 throws Exception {
229
230 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
231
232 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
233 long organizationId = ParamUtil.getLong(
234 actionRequest, "organizationIdsPosValue");
235 String[] actionIds = StringUtil.split(
236 ParamUtil.getString(actionRequest, "organizationIdActionIds"));
237
240 PermissionServiceUtil.setGroupPermissions(
242 Organization.class.getName(), String.valueOf(organizationId),
243 layout.getGroupId(), actionIds, resourceId);
244
249 }
250
251 protected void updateRolePermissions(ActionRequest actionRequest)
252 throws Exception {
253
254 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
255 updateRolePermissions_5(actionRequest);
256 }
257 else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
258 updateRolePermissions_6(actionRequest);
259 }
260 else {
261 updateRolePermissions_1to4(actionRequest);
262 }
263 }
264
265 protected void updateRolePermissions_1to4(ActionRequest actionRequest)
266 throws Exception {
267
268 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
269 WebKeys.THEME_DISPLAY);
270
271 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
272 long roleId = ParamUtil.getLong(actionRequest, "roleIdsPosValue");
273 String[] actionIds = StringUtil.split(
274 ParamUtil.getString(actionRequest, "roleIdActionIds"));
275
276 PermissionServiceUtil.setRolePermissions(
277 roleId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
278 }
279
280 protected void updateRolePermissions_5(ActionRequest actionRequest)
281 throws Exception {
282
283 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
284 WebKeys.THEME_DISPLAY);
285
286 Layout layout = themeDisplay.getLayout();
287
288 String modelResource = ParamUtil.getString(
289 actionRequest, "modelResource");
290 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
291
292 List<Role> roles = ResourceActionsUtil.getRoles(
293 layout.getGroup(), modelResource);
294
295 for (Role role : roles) {
296 String[] actionIds = getActionIds(actionRequest, role.getRoleId());
297
298 PermissionServiceUtil.setRolePermissions(
299 role.getRoleId(), themeDisplay.getScopeGroupId(), actionIds,
300 resourceId);
301 }
302 }
303
304 protected void updateRolePermissions_6(ActionRequest actionRequest)
305 throws Exception {
306
307 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
308 WebKeys.THEME_DISPLAY);
309
310 String portletResource = ParamUtil.getString(
311 actionRequest, "portletResource");
312 String modelResource = ParamUtil.getString(
313 actionRequest, "modelResource");
314
315 String selResource = portletResource;
316
317 if (Validator.isNotNull(modelResource)) {
318 selResource = modelResource;
319 }
320
321 String resourcePrimKey = ParamUtil.getString(
322 actionRequest, "resourcePrimKey");
323
324 Layout layout = themeDisplay.getLayout();
325
326 Group group = layout.getGroup();
327
328 List<Role> roles = ResourceActionsUtil.getRoles(group, modelResource);
329
330 for (Role role : roles) {
331 String[] actionIds = getActionIds(actionRequest, role.getRoleId());
332
333 ResourcePermissionServiceUtil.setIndividualResourcePermissions(
334 themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(),
335 selResource, resourcePrimKey, role.getRoleId(), actionIds);
336 }
337 }
338
339 protected void updateUserGroupPermissions(ActionRequest actionRequest)
340 throws Exception {
341
342 Layout layout = (Layout)actionRequest.getAttribute(WebKeys.LAYOUT);
343
344 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
345 long userGroupId = ParamUtil.getLong(
346 actionRequest, "userGroupIdsPosValue");
347 String[] actionIds = StringUtil.split(
348 ParamUtil.getString(actionRequest, "userGroupIdActionIds"));
349
350 PermissionServiceUtil.setGroupPermissions(
351 UserGroup.class.getName(), String.valueOf(userGroupId),
352 layout.getGroupId(), actionIds, resourceId);
353 }
354
355 protected void updateUserPermissions(ActionRequest actionRequest)
356 throws Exception {
357
358 ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
359 WebKeys.THEME_DISPLAY);
360
361 long resourceId = ParamUtil.getLong(actionRequest, "resourceId");
362 long userId = ParamUtil.getLong(actionRequest, "userIdsPosValue");
363 String[] actionIds = StringUtil.split(
364 ParamUtil.getString(actionRequest, "userIdActionIds"));
365
366 PermissionServiceUtil.setUserPermissions(
367 userId, themeDisplay.getScopeGroupId(), actionIds, resourceId);
368 }
369
370 }