1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchResourcePermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.model.ResourceAction;
29  import com.liferay.portal.model.ResourceConstants;
30  import com.liferay.portal.model.ResourcePermission;
31  import com.liferay.portal.model.ResourcePermissionConstants;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.RoleConstants;
34  import com.liferay.portal.security.permission.PermissionCacheUtil;
35  import com.liferay.portal.security.permission.ResourceActionsUtil;
36  import com.liferay.portal.service.base.ResourcePermissionLocalServiceBaseImpl;
37  import com.liferay.portal.util.PortalUtil;
38  
39  import java.util.ArrayList;
40  import java.util.Collections;
41  import java.util.List;
42  
43  /**
44   * <a href="ResourcePermissionLocalServiceImpl.java.html"><b><i>View Source</i>
45   * </b></a>
46   *
47   * @author Brian Wing Shun Chan
48   *
49   */
50  public class ResourcePermissionLocalServiceImpl
51      extends ResourcePermissionLocalServiceBaseImpl {
52  
53      public void addResourcePermission(
54              long companyId, String name, int scope, String primKey, long roleId,
55              String actionId)
56          throws PortalException, SystemException {
57  
58          if (scope == ResourceConstants.SCOPE_COMPANY) {
59  
60              // Remove group permission
61  
62              removeResourcePermissions(
63                  companyId, name, ResourceConstants.SCOPE_GROUP, roleId,
64                  actionId);
65          }
66          else if (scope == ResourceConstants.SCOPE_GROUP) {
67  
68              // Remove company permission
69  
70              removeResourcePermissions(
71                  companyId, name, ResourceConstants.SCOPE_COMPANY, roleId,
72                  actionId);
73          }
74          else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
75              throw new NoSuchResourcePermissionException();
76          }
77  
78          updateResourcePermission(
79              companyId, name, scope, primKey, roleId, new String[] {actionId},
80              ResourcePermissionConstants.OPERATOR_ADD);
81  
82          PermissionCacheUtil.clearCache();
83      }
84  
85      public List<String> getAvailableResourcePermissionActionIds(
86              long companyId, String name, int scope, String primKey, long roleId,
87              List<String> actionIds)
88          throws PortalException, SystemException {
89  
90          ResourcePermission resourcePermission =
91              resourcePermissionPersistence.fetchByC_N_S_P_R(
92                  companyId, name, scope, primKey, roleId);
93  
94          if (resourcePermission == null) {
95              return Collections.EMPTY_LIST;
96          }
97  
98          List<String> availableActionIds = new ArrayList<String>(
99              actionIds.size());
100 
101         for (String actionId : actionIds) {
102             ResourceAction resourceAction =
103                 resourceActionLocalService.getResourceAction(name, actionId);
104 
105             if (hasActionId(resourcePermission, resourceAction)) {
106                 availableActionIds.add(actionId);
107             }
108         }
109 
110         return availableActionIds;
111     }
112 
113     public int getResourcePermissionsCount(
114             long companyId, String name, int scope, String primKey)
115         throws SystemException {
116 
117         return resourcePermissionPersistence.countByC_N_S_P(
118             companyId, name, scope, primKey);
119     }
120 
121     public List<ResourcePermission> getRoleResourcePermissions(long roleId)
122         throws SystemException {
123 
124         return resourcePermissionPersistence.findByRoleId(roleId);
125     }
126 
127     public boolean hasActionId(
128         ResourcePermission resourcePermission, ResourceAction resourceAction) {
129 
130         long actionIds = resourcePermission.getActionIds();
131         long bitwiseValue = resourceAction.getBitwiseValue();
132 
133         if ((actionIds & bitwiseValue) == bitwiseValue) {
134             return true;
135         }
136         else {
137             return false;
138         }
139     }
140 
141     public boolean hasResourcePermission(
142             long companyId, String name, int scope, String primKey, long roleId,
143             String actionId)
144         throws PortalException, SystemException {
145 
146         ResourcePermission resourcePermission =
147             resourcePermissionPersistence.fetchByC_N_S_P_R(
148                 companyId, name, scope, primKey, roleId);
149 
150         if (resourcePermission == null) {
151             return false;
152         }
153 
154         ResourceAction resourceAction =
155             resourceActionLocalService.getResourceAction(name, actionId);
156 
157         if (hasActionId(resourcePermission, resourceAction)) {
158             return true;
159         }
160         else {
161             return false;
162         }
163     }
164 
165     public boolean hasScopeResourcePermission(
166             long companyId, String name, int scope, long roleId,
167             String actionId)
168         throws PortalException, SystemException {
169 
170         List<ResourcePermission> resourcePermissions =
171             resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
172 
173         for (ResourcePermission resourcePermission : resourcePermissions) {
174             if (hasResourcePermission(
175                     companyId, name, scope, resourcePermission.getPrimKey(),
176                     roleId, actionId)) {
177 
178                 return true;
179             }
180         }
181 
182         return false;
183     }
184 
185     public void mergePermissions(long fromRoleId, long toRoleId)
186         throws PortalException, SystemException {
187 
188         Role fromRole = rolePersistence.findByPrimaryKey(fromRoleId);
189         Role toRole = rolePersistence.findByPrimaryKey(toRoleId);
190 
191         if (fromRole.getType() != toRole.getType()) {
192             throw new PortalException("Role types are mismatched");
193         }
194         else if (PortalUtil.isSystemRole(toRole.getName())) {
195             throw new PortalException("Cannot move permissions to system role");
196         }
197         else if (PortalUtil.isSystemRole(fromRole.getName())) {
198             throw new PortalException(
199                 "Cannot move permissions from system role");
200         }
201 
202         List<ResourcePermission> resourcePermissions =
203             getRoleResourcePermissions(fromRoleId);
204 
205         for (ResourcePermission resourcePermission : resourcePermissions) {
206             resourcePermission.setRoleId(toRoleId);
207 
208             resourcePermissionPersistence.update(resourcePermission, false);
209         }
210 
211         roleLocalService.deleteRole(fromRoleId);
212 
213         PermissionCacheUtil.clearCache();
214     }
215 
216     public void reassignPermissions(long resourcePermissionId, long toRoleId)
217         throws PortalException, SystemException {
218 
219         ResourcePermission resourcePermission = getResourcePermission(
220             resourcePermissionId);
221 
222         long companyId = resourcePermission.getCompanyId();
223         String name = resourcePermission.getName();
224         int scope = resourcePermission.getScope();
225         String primKey = resourcePermission.getPrimKey();
226         long fromRoleId = resourcePermission.getRoleId();
227 
228         Role toRole = roleLocalService.getRole(toRoleId);
229 
230         List<String> actionIds = null;
231 
232         if (toRole.getType() == RoleConstants.TYPE_REGULAR) {
233             actionIds = ResourceActionsUtil.getModelResourceActions(name);
234         }
235         else {
236             actionIds =
237                 ResourceActionsUtil.getModelResourceCommunityDefaultActions(
238                     name);
239         }
240 
241         setResourcePermissions(
242             companyId, name, scope, primKey, toRoleId,
243             actionIds.toArray(new String[actionIds.size()]));
244 
245         resourcePermissionPersistence.remove(resourcePermissionId);
246 
247         List<ResourcePermission> resourcePermissions =
248             getRoleResourcePermissions(fromRoleId);
249 
250         if (resourcePermissions.isEmpty()) {
251             roleLocalService.deleteRole(fromRoleId);
252         }
253     }
254 
255     public void removeResourcePermission(
256             long companyId, String name, int scope, String primKey, long roleId,
257             String actionId)
258         throws PortalException, SystemException {
259 
260         updateResourcePermission(
261             companyId, name, scope, primKey, roleId, new String[] {actionId},
262             ResourcePermissionConstants.OPERATOR_REMOVE);
263 
264         PermissionCacheUtil.clearCache();
265     }
266 
267     public void removeResourcePermissions(
268             long companyId, String name, int scope, long roleId,
269             String actionId)
270         throws PortalException, SystemException {
271 
272         List<ResourcePermission> resourcePermissions =
273             resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
274 
275         for (ResourcePermission resourcePermission : resourcePermissions) {
276             updateResourcePermission(
277                 companyId, name, scope, resourcePermission.getPrimKey(), roleId,
278                 new String[] {actionId},
279                 ResourcePermissionConstants.OPERATOR_REMOVE);
280         }
281 
282         PermissionCacheUtil.clearCache();
283     }
284 
285     public void setResourcePermissions(
286             long companyId, String name, int scope, String primKey, long roleId,
287             String[] actionIds)
288         throws PortalException, SystemException {
289 
290         updateResourcePermission(
291             companyId, name, scope, primKey, roleId, actionIds,
292             ResourcePermissionConstants.OPERATOR_SET);
293     }
294 
295     protected void updateResourcePermission(
296             long companyId, String name, int scope, String primKey, long roleId,
297             String[] actionIds, int operator)
298         throws PortalException, SystemException {
299 
300         ResourcePermission resourcePermission =
301             resourcePermissionPersistence.fetchByC_N_S_P_R(
302                 companyId, name, scope, primKey, roleId);
303 
304         if (resourcePermission == null) {
305             if (operator == ResourcePermissionConstants.OPERATOR_REMOVE) {
306                 return;
307             }
308 
309             long resourcePermissionId = counterLocalService.increment(
310                 ResourcePermission.class.getName());
311 
312             resourcePermission = resourcePermissionPersistence.create(
313                 resourcePermissionId);
314 
315             resourcePermission.setCompanyId(companyId);
316             resourcePermission.setName(name);
317             resourcePermission.setScope(scope);
318             resourcePermission.setPrimKey(primKey);
319             resourcePermission.setRoleId(roleId);
320         }
321 
322         long actionIdsLong = resourcePermission.getActionIds();
323 
324         if (operator == ResourcePermissionConstants.OPERATOR_SET) {
325             actionIdsLong = 0;
326         }
327 
328         for (String actionId : actionIds) {
329             ResourceAction resourceAction =
330                 resourceActionLocalService.getResourceAction(name, actionId);
331 
332             if ((operator == ResourcePermissionConstants.OPERATOR_ADD) ||
333                 (operator == ResourcePermissionConstants.OPERATOR_SET)) {
334 
335                 actionIdsLong |= resourceAction.getBitwiseValue();
336             }
337             else {
338                 actionIdsLong =
339                     actionIdsLong & (~resourceAction.getBitwiseValue());
340             }
341         }
342 
343         resourcePermission.setActionIds(actionIdsLong);
344 
345         resourcePermissionPersistence.update(resourcePermission, false);
346 
347         PermissionCacheUtil.clearCache();
348     }
349 
350 }