1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.log.Log;
29  import com.liferay.portal.kernel.log.LogFactoryUtil;
30  import com.liferay.portal.kernel.search.SearchEngineUtil;
31  import com.liferay.portal.kernel.util.GetterUtil;
32  import com.liferay.portal.kernel.util.ListUtil;
33  import com.liferay.portal.kernel.util.Validator;
34  import com.liferay.portal.model.Group;
35  import com.liferay.portal.model.OrgGroupPermission;
36  import com.liferay.portal.model.Organization;
37  import com.liferay.portal.model.Permission;
38  import com.liferay.portal.model.Resource;
39  import com.liferay.portal.model.ResourceCode;
40  import com.liferay.portal.model.ResourceConstants;
41  import com.liferay.portal.model.Role;
42  import com.liferay.portal.model.User;
43  import com.liferay.portal.model.UserGroup;
44  import com.liferay.portal.security.permission.PermissionCacheUtil;
45  import com.liferay.portal.security.permission.PermissionCheckerBag;
46  import com.liferay.portal.security.permission.ResourceActionsUtil;
47  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
48  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
49  import com.liferay.portal.util.PropsValues;
50  import com.liferay.portal.util.comparator.PermissionComparator;
51  
52  import java.util.ArrayList;
53  import java.util.HashSet;
54  import java.util.Iterator;
55  import java.util.List;
56  import java.util.Set;
57  
58  import org.apache.commons.lang.time.StopWatch;
59  
60  /**
61   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
62   *
63   * @author Charles May
64   * @author Brian Wing Shun Chan
65   * @author Raymond Augé
66   */
67  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
68  
69      public Permission addPermission(
70              long companyId, String actionId, long resourceId)
71          throws SystemException {
72  
73          Permission permission = permissionPersistence.fetchByA_R(
74              actionId, resourceId);
75  
76          if (permission == null) {
77              long permissionId = counterLocalService.increment(
78                  Permission.class.getName());
79  
80              permission = permissionPersistence.create(permissionId);
81  
82              permission.setCompanyId(companyId);
83              permission.setActionId(actionId);
84              permission.setResourceId(resourceId);
85  
86              permissionPersistence.update(permission, false);
87          }
88  
89          return permission;
90      }
91  
92      public List<Permission> addPermissions(
93              long companyId, String name, long resourceId,
94              boolean portletActions)
95          throws SystemException {
96  
97          List<String> actionIds = null;
98  
99          if (portletActions) {
100             actionIds = ResourceActionsUtil.getPortletResourceActions(name);
101         }
102         else {
103             actionIds = ResourceActionsUtil.getModelResourceActions(name);
104         }
105 
106         return addPermissions(companyId, actionIds, resourceId);
107     }
108 
109     public List<Permission> addPermissions(
110             long companyId, List<String> actionIds, long resourceId)
111         throws SystemException {
112 
113         List<Permission> permissions = permissionPersistence.findByResourceId(
114             resourceId);
115 
116         permissions = ListUtil.copy(permissions);
117 
118         Set<String> actionIdsSet = new HashSet<String>();
119 
120         for (Permission permission : permissions) {
121             actionIdsSet.add(permission.getActionId());
122         }
123 
124         for (String actionId : actionIds) {
125             if (actionIdsSet.contains(actionId)) {
126                 continue;
127             }
128 
129             long permissionId = counterLocalService.increment(
130                 Permission.class.getName());
131 
132             Permission permission = permissionPersistence.create(permissionId);
133 
134             permission.setCompanyId(companyId);
135             permission.setActionId(actionId);
136             permission.setResourceId(resourceId);
137 
138             try {
139                 permissionPersistence.update(permission, false);
140             }
141             catch (SystemException se) {
142                 if (_log.isWarnEnabled()) {
143                     _log.warn(
144                         "Add failed, fetch {actionId=" + actionId +
145                             ", resourceId=" + resourceId + "}");
146                 }
147 
148                 permission = permissionPersistence.fetchByA_R(
149                     actionId, resourceId, false);
150 
151                 if (permission == null) {
152                     throw se;
153                 }
154             }
155 
156             permissions.add(permission);
157         }
158 
159         return permissions;
160     }
161 
162     public void addUserPermissions(
163             long userId, String[] actionIds, long resourceId)
164         throws PortalException, SystemException {
165 
166         User user = userPersistence.findByPrimaryKey(userId);
167 
168         List<Permission> permissions = permissionFinder.findByU_R(
169             userId, resourceId);
170 
171         permissions = getPermissions(
172             user.getCompanyId(), actionIds, resourceId);
173 
174         userPersistence.addPermissions(userId, permissions);
175 
176         PermissionCacheUtil.clearCache();
177     }
178 
179     public List<String> getActions(List<Permission> permissions) {
180         List<String> actionIds = new ArrayList<String>();
181 
182         Iterator<Permission> itr = permissions.iterator();
183 
184         while (itr.hasNext()) {
185             Permission permission = itr.next();
186 
187             actionIds.add(permission.getActionId());
188         }
189 
190         return actionIds;
191     }
192 
193     public List<Permission> getGroupPermissions(long groupId, long resourceId)
194         throws SystemException {
195 
196         return permissionFinder.findByG_R(groupId, resourceId);
197     }
198 
199     public List<Permission> getGroupPermissions(
200             long groupId, long companyId, String name, int scope,
201             String primKey)
202         throws SystemException {
203 
204         return permissionFinder.findByG_C_N_S_P(
205             groupId, companyId, name, scope, primKey);
206     }
207 
208     public List<Permission> getOrgGroupPermissions(
209             long organizationId, long groupId, long resourceId)
210         throws SystemException {
211 
212         return permissionFinder.findByO_G_R(
213             organizationId, groupId, resourceId);
214     }
215 
216     public long getLatestPermissionId() throws SystemException {
217         List<Permission> permissions = permissionPersistence.findAll(
218             0, 1, new PermissionComparator());
219 
220         if (permissions.size() == 0) {
221             return 0;
222         }
223         else {
224             Permission permission = permissions.get(0);
225 
226             return permission.getPermissionId();
227         }
228     }
229 
230     public List<Permission> getPermissions(
231             long companyId, String[] actionIds, long resourceId)
232         throws SystemException {
233 
234         List<Permission> permissions = new ArrayList<Permission>();
235 
236         for (int i = 0; i < actionIds.length; i++) {
237             Permission permission = addPermission(
238                 companyId, actionIds[i], resourceId);
239 
240             permissions.add(permission);
241         }
242 
243         return permissions;
244     }
245 
246     public List<Permission> getRolePermissions(long roleId)
247         throws SystemException {
248 
249         return rolePersistence.getPermissions(roleId);
250     }
251 
252     public List<Permission> getRolePermissions(long roleId, long resourceId)
253         throws SystemException {
254 
255         return permissionFinder.findByR_R(roleId, resourceId);
256     }
257 
258     public List<Permission> getUserPermissions(long userId, long resourceId)
259         throws SystemException {
260 
261         return permissionFinder.findByU_R(userId, resourceId);
262     }
263 
264     public List<Permission> getUserPermissions(
265             long userId, long companyId, String name, int scope, String primKey)
266         throws SystemException {
267 
268         return permissionFinder.findByU_C_N_S_P(
269             userId, companyId, name, scope, primKey);
270     }
271 
272     public boolean hasGroupPermission(
273             long groupId, String actionId, long resourceId)
274         throws SystemException {
275 
276         Permission permission = permissionPersistence.fetchByA_R(
277             actionId, resourceId);
278 
279         // Return false if there is no permission based on the given action
280         // id and resource id
281 
282         if (permission == null) {
283             return false;
284         }
285 
286         return groupPersistence.containsPermission(
287             groupId, permission.getPermissionId());
288     }
289 
290     public boolean hasRolePermission(
291             long roleId, long companyId, String name, int scope,
292             String actionId)
293         throws SystemException {
294 
295         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
296             companyId, name, scope);
297 
298         List<Resource> resources = resourcePersistence.findByCodeId(
299             resourceCode.getCodeId());
300 
301         for (Resource resource : resources) {
302             Permission permission = permissionPersistence.fetchByA_R(
303                 actionId, resource.getResourceId());
304 
305             if (permission != null) {
306                 if (rolePersistence.containsPermission(
307                         roleId, permission.getPermissionId())) {
308 
309                     return true;
310                 }
311             }
312         }
313 
314         return false;
315     }
316 
317     public boolean hasRolePermission(
318             long roleId, long companyId, String name, int scope, String primKey,
319             String actionId)
320         throws SystemException {
321 
322         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
323             companyId, name, scope);
324 
325         Resource resource = resourcePersistence.fetchByC_P(
326             resourceCode.getCodeId(), primKey);
327 
328         if (resource == null) {
329             return false;
330         }
331 
332         Permission permission = permissionPersistence.fetchByA_R(
333             actionId, resource.getResourceId());
334 
335         if (permission == null) {
336             return false;
337         }
338 
339         return rolePersistence.containsPermission(
340             roleId, permission.getPermissionId());
341     }
342 
343     public boolean hasUserPermission(
344             long userId, String actionId, long resourceId)
345         throws SystemException {
346 
347         Permission permission = permissionPersistence.fetchByA_R(
348             actionId, resourceId);
349 
350         // Return false if there is no permission based on the given action
351         // id and resource id
352 
353         if (permission == null) {
354             return false;
355         }
356 
357         return userPersistence.containsPermission(
358             userId, permission.getPermissionId());
359     }
360 
361     public boolean hasUserPermissions(
362             long userId, long groupId, List<Resource> resources,
363             String actionId, PermissionCheckerBag permissionCheckerBag)
364         throws PortalException, SystemException {
365 
366         StopWatch stopWatch = null;
367 
368         if (_log.isDebugEnabled()) {
369             stopWatch = new StopWatch();
370 
371             stopWatch.start();
372         }
373 
374         int block = 1;
375 
376         // Return false if there are no resources
377 
378         if (Validator.isNull(actionId) || resources.isEmpty()) {
379             return false;
380         }
381 
382         long[] resourceIds = null;
383 
384         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
385             resourceIds = new long[resources.size()];
386 
387             for (int i = 0; i < resources.size(); i++) {
388                 Resource resource = resources.get(i);
389 
390                 resourceIds[i] = resource.getResourceId();
391             }
392         }
393 
394         List<Permission> permissions = null;
395 
396         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
397             permissions = permissionFinder.findByA_R(actionId, resourceIds);
398 
399             // Return false if there are no permissions
400 
401             if (permissions.size() == 0) {
402                 return false;
403             }
404         }
405 
406         // Record logs with the first resource id
407 
408         long resourceId = 0;
409 
410         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
411             resourceId = resourceIds[0];
412         }
413         else {
414             resourceId = resources.get(0).getResourceId();
415         }
416 
417         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
418 
419         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
420         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
421         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
422         //List<Group> userUserGroupGroups =
423         //  permissionCheckerBag.getUserUserGroupGroups();
424         List<Group> groups = permissionCheckerBag.getGroups();
425         List<Role> roles = permissionCheckerBag.getRoles();
426 
427         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
428 
429         // Check the organization and community intersection table. Break out of
430         // this method if the user has one of the permissions set at the
431         // intersection because that takes priority.
432 
433         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
434         //  return true;
435         //}
436 
437         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
438 
439         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
440             return hasUserPermissions_1(
441                 userId, resourceId, actionId, permissions, groups, groupId,
442                 stopWatch, block);
443         }
444         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
445             return hasUserPermissions_2(
446                 userId, resourceId, actionId, permissions, groups, groupId,
447                 stopWatch, block);
448         }
449         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
450             return hasUserPermissions_3(
451                 userId, resourceId, actionId, permissions, groups, roles,
452                 stopWatch, block);
453         }
454         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
455             return hasUserPermissions_4(
456                 userId, resourceId, actionId, permissions, groups, roles,
457                 stopWatch, block);
458         }
459         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
460             return hasUserPermissions_5(
461                 userId, resourceId, actionId, permissions, roles, stopWatch,
462                 block);
463         }
464         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
465             return hasUserPermissions_6(
466                 userId, resourceId, resources, actionId, roles, stopWatch,
467                 block);
468         }
469 
470         return false;
471     }
472 
473     public void setGroupPermissions(
474             long groupId, String[] actionIds, long resourceId)
475         throws PortalException, SystemException {
476 
477         Group group = groupPersistence.findByPrimaryKey(groupId);
478 
479         List<Permission> permissions = permissionFinder.findByG_R(
480             groupId, resourceId);
481 
482         for (Permission permission : permissions) {
483             groupPersistence.removePermission(groupId, permission);
484         }
485 
486         permissions = getPermissions(
487             group.getCompanyId(), actionIds, resourceId);
488 
489         groupPersistence.addPermissions(groupId, permissions);
490 
491         PermissionCacheUtil.clearCache();
492     }
493 
494     public void setGroupPermissions(
495             String className, String classPK, long groupId,
496             String[] actionIds, long resourceId)
497         throws PortalException, SystemException {
498 
499         long associatedGroupId = 0;
500 
501         if (className.equals(Organization.class.getName())) {
502             long organizationId = GetterUtil.getLong(classPK);
503 
504             Organization organization =
505                 organizationPersistence.findByPrimaryKey(organizationId);
506 
507             orgGroupPermissionFinder.removeByO_G_R(
508                 organizationId, groupId, resourceId);
509 
510             associatedGroupId = organization.getGroup().getGroupId();
511         }
512         else if (className.equals(UserGroup.class.getName())) {
513             long userGroupId = GetterUtil.getLong(classPK);
514 
515             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
516                 userGroupId);
517 
518             associatedGroupId = userGroup.getGroup().getGroupId();
519         }
520 
521         setGroupPermissions(associatedGroupId, actionIds, resourceId);
522     }
523 
524     public void setOrgGroupPermissions(
525             long organizationId, long groupId, String[] actionIds,
526             long resourceId)
527         throws PortalException, SystemException {
528 
529         Organization organization =
530             organizationPersistence.findByPrimaryKey(organizationId);
531 
532         long orgGroupId = organization.getGroup().getGroupId();
533 
534         List<Permission> permissions = permissionPersistence.findByResourceId(
535             resourceId);
536 
537         for (Permission permission : permissions) {
538             groupPersistence.removePermission(orgGroupId, permission);
539         }
540 
541         permissions = getPermissions(
542             organization.getCompanyId(), actionIds, resourceId);
543 
544         orgGroupPermissionFinder.removeByO_G_R(
545             organizationId, groupId, resourceId);
546 
547         for (Permission permission : permissions) {
548             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
549                 organizationId, groupId, permission.getPermissionId());
550 
551             OrgGroupPermission orgGroupPermission =
552                 orgGroupPermissionPersistence.create(pk);
553 
554             orgGroupPermissionPersistence.update(orgGroupPermission, false);
555         }
556 
557         PermissionCacheUtil.clearCache();
558     }
559 
560     public void setRolePermission(
561             long roleId, long companyId, String name, int scope, String primKey,
562             String actionId)
563         throws PortalException, SystemException {
564 
565         if (scope == ResourceConstants.SCOPE_COMPANY) {
566 
567             // Remove group permission
568 
569             unsetRolePermissions(
570                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
571                 actionId);
572         }
573         else if (scope == ResourceConstants.SCOPE_GROUP) {
574 
575             // Remove company permission
576 
577             unsetRolePermissions(
578                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
579                 actionId);
580         }
581         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
582             throw new NoSuchPermissionException();
583         }
584 
585         Resource resource = resourceLocalService.addResource(
586             companyId, name, scope, primKey);
587 
588         long resourceId = resource.getResourceId();
589 
590         Permission permission = permissionPersistence.fetchByA_R(
591             actionId, resourceId);
592 
593         if (permission == null) {
594             long permissionId = counterLocalService.increment(
595                 Permission.class.getName());
596 
597             permission = permissionPersistence.create(permissionId);
598 
599             permission.setCompanyId(companyId);
600             permission.setActionId(actionId);
601             permission.setResourceId(resourceId);
602 
603             permissionPersistence.update(permission, false);
604         }
605 
606         rolePersistence.addPermission(roleId, permission);
607 
608         PermissionCacheUtil.clearCache();
609 
610         SearchEngineUtil.updatePermissionFields(resourceId);
611     }
612 
613     public void setRolePermissions(
614             long roleId, long companyId, String name, int scope, String primKey,
615             String[] actionIds)
616         throws PortalException, SystemException {
617 
618         for (int i = 0; i < actionIds.length; i++) {
619             String actionId = actionIds[i];
620 
621             setRolePermission(
622                 roleId, companyId, name, scope, primKey, actionId);
623         }
624     }
625 
626     public void setRolePermissions(
627             long roleId, String[] actionIds, long resourceId)
628         throws PortalException, SystemException {
629 
630         Role role = rolePersistence.findByPrimaryKey(roleId);
631 
632         List<Permission> permissions = permissionFinder.findByR_R(
633             roleId, resourceId);
634 
635         rolePersistence.removePermissions(roleId, permissions);
636 
637         permissions = getPermissions(
638             role.getCompanyId(), actionIds, resourceId);
639 
640         rolePersistence.addPermissions(roleId, permissions);
641 
642         PermissionCacheUtil.clearCache();
643 
644         SearchEngineUtil.updatePermissionFields(resourceId);
645     }
646 
647     public void setUserPermissions(
648             long userId, String[] actionIds, long resourceId)
649         throws PortalException, SystemException {
650 
651         User user = userPersistence.findByPrimaryKey(userId);
652 
653         List<Permission> permissions = permissionFinder.findByU_R(
654             userId, resourceId);
655 
656         userPersistence.removePermissions(userId, permissions);
657 
658         permissions = getPermissions(
659             user.getCompanyId(), actionIds, resourceId);
660 
661         userPersistence.addPermissions(userId, permissions);
662 
663         PermissionCacheUtil.clearCache();
664     }
665 
666     public void unsetRolePermission(long roleId, long permissionId)
667         throws SystemException {
668 
669         Permission permission = permissionPersistence.fetchByPrimaryKey(
670             permissionId);
671 
672         if (permission != null) {
673             rolePersistence.removePermission(roleId, permission);
674         }
675 
676         PermissionCacheUtil.clearCache();
677     }
678 
679     public void unsetRolePermission(
680             long roleId, long companyId, String name, int scope, String primKey,
681             String actionId)
682         throws SystemException {
683 
684         ResourceCode resourceCode =
685             resourceCodeLocalService.getResourceCode(
686                 companyId, name, scope);
687 
688         Resource resource = resourcePersistence.fetchByC_P(
689             resourceCode.getCodeId(), primKey);
690 
691         if (resource != null) {
692             Permission permission = permissionPersistence.fetchByA_R(
693                 actionId, resource.getResourceId());
694 
695             if (permission != null) {
696                 rolePersistence.removePermission(roleId, permission);
697             }
698         }
699 
700         PermissionCacheUtil.clearCache();
701     }
702 
703     public void unsetRolePermissions(
704             long roleId, long companyId, String name, int scope,
705             String actionId)
706         throws SystemException {
707 
708         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
709             companyId, name, scope);
710 
711         List<Resource> resources = resourcePersistence.findByCodeId(
712             resourceCode.getCodeId());
713 
714         for (Resource resource : resources) {
715             Permission permission = permissionPersistence.fetchByA_R(
716                 actionId, resource.getResourceId());
717 
718             if (permission != null) {
719                 rolePersistence.removePermission(roleId, permission);
720             }
721         }
722 
723         PermissionCacheUtil.clearCache();
724     }
725 
726     public void unsetUserPermissions(
727             long userId, String[] actionIds, long resourceId)
728         throws SystemException {
729 
730         List<Permission> permissions = permissionFinder.findByU_A_R(
731             userId, actionIds, resourceId);
732 
733         userPersistence.removePermissions(userId, permissions);
734 
735         PermissionCacheUtil.clearCache();
736     }
737 
738     protected boolean checkOrgGroupPermission(
739             List<Organization> organizations, List<Group> groups,
740             List<Permission> permissions)
741         throws PortalException, SystemException {
742 
743         for (Permission permission : permissions) {
744             if (checkOrgGroupPermission(organizations, groups, permission)) {
745                 return true;
746             }
747         }
748 
749         return false;
750     }
751 
752     protected boolean checkOrgGroupPermission(
753             List<Organization> organizations, List<Group> groups,
754             Permission permission)
755         throws PortalException, SystemException {
756 
757         // Do not check for an OrgGroupPermission intersection unless there is
758         // at least one organization and one group to check
759 
760         if ((organizations.size() == 0) || (groups.size() == 0)) {
761             return false;
762         }
763 
764         // Do not check unless the OrgGroupPermission intersection contains at
765         // least one permission
766 
767         List<OrgGroupPermission> orgGroupPermissions =
768             orgGroupPermissionPersistence.findByPermissionId(
769                 permission.getPermissionId());
770 
771         if (orgGroupPermissions.size() == 0) {
772             return false;
773         }
774 
775         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
776             if (orgGroupPermission.containsOrganization(organizations) &&
777                 orgGroupPermission.containsGroup(groups)) {
778 
779                 return true;
780             }
781         }
782 
783         // Throw an exception so that we do not continue checking permissions.
784         // The user has a specific permission given in the OrgGroupPermission
785         // intersection that prohibits him from going further.
786 
787         throw new NoSuchPermissionException(
788             "User has a permission in OrgGroupPermission that does not match");
789     }
790 
791     protected boolean hasUserPermissions_1(
792             long userId, long resourceId, String actionId,
793             List<Permission> permissions, List<Group> groups, long groupId,
794             StopWatch stopWatch, int block)
795         throws SystemException {
796 
797         // Is the user connected to one of the permissions via group or
798         // organization roles?
799 
800         if (groups.size() > 0) {
801             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
802                 return true;
803             }
804         }
805 
806         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
807 
808         // Is the user associated with groups or organizations that are directly
809         // connected to one of the permissions?
810 
811         if (groups.size() > 0) {
812             if (permissionFinder.countByGroupsPermissions(
813                     permissions, groups) > 0) {
814 
815                 return true;
816             }
817         }
818 
819         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
820 
821         // Is the user connected to one of the permissions via user roles?
822 
823         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
824             return true;
825         }
826 
827         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
828 
829         // Is the user connected to one of the permissions via user group roles?
830 
831         if (permissionFinder.countByUserGroupRole(
832                 permissions, userId, groupId) > 0) {
833 
834             return true;
835         }
836 
837         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
838 
839         // Is the user directly connected to one of the permissions?
840 
841         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
842             return true;
843         }
844 
845         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
846 
847         return false;
848     }
849 
850     protected boolean hasUserPermissions_2(
851             long userId, long resourceId, String actionId,
852             List<Permission> permissions, List<Group> groups, long groupId,
853             StopWatch stopWatch, int block)
854         throws SystemException {
855 
856         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
857         // countByUserGroupRole, and countByUsersPermissions in one method
858 
859         if (permissionFinder.containsPermissions_2(
860                 permissions, userId, groups, groupId)) {
861 
862             return true;
863         }
864 
865         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
866 
867         return false;
868     }
869 
870     protected boolean hasUserPermissions_3(
871             long userId, long resourceId, String actionId,
872             List<Permission> permissions, List<Group> groups, List<Role> roles,
873             StopWatch stopWatch, int block)
874         throws SystemException {
875 
876         // Is the user associated with groups or organizations that are directly
877         // connected to one of the permissions?
878 
879         if (groups.size() > 0) {
880             if (permissionFinder.countByGroupsPermissions(
881                     permissions, groups) > 0) {
882 
883                 return true;
884             }
885         }
886 
887         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
888 
889         // Is the user associated with a role that is directly connected to one
890         // of the permissions?
891 
892         if (roles.size() > 0) {
893             if (permissionFinder.countByRolesPermissions(
894                     permissions, roles) > 0) {
895 
896                 return true;
897             }
898         }
899 
900         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
901 
902         // Is the user directly connected to one of the permissions?
903 
904         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
905             return true;
906         }
907 
908         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
909 
910         return false;
911     }
912 
913     protected boolean hasUserPermissions_4(
914             long userId, long resourceId, String actionId,
915             List<Permission> permissions, List<Group> groups, List<Role> roles,
916             StopWatch stopWatch, int block)
917         throws SystemException {
918 
919         // Call countByGroupsPermissions, countByRolesPermissions, and
920         // countByUsersPermissions in one method
921 
922         if (permissionFinder.containsPermissions_4(
923                 permissions, userId, groups, roles)) {
924 
925             return true;
926         }
927 
928         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
929 
930         return false;
931     }
932 
933     protected boolean hasUserPermissions_5(
934             long userId, long resourceId, String actionId,
935             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
936             int block)
937         throws SystemException {
938 
939         if (roles.size() > 0) {
940             if (permissionFinder.countByRolesPermissions(
941                     permissions, roles) > 0) {
942 
943                 return true;
944             }
945         }
946 
947         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
948 
949         return false;
950     }
951 
952     protected boolean hasUserPermissions_6(
953             long userId, long resourceId, List<Resource> resources,
954             String actionId, List<Role> roles, StopWatch stopWatch,
955             int block)
956         throws PortalException, SystemException {
957 
958         // Iterate the list of resources in reverse order to test permissions
959         // from company scope to individual scope because it is more likely that
960         // a permission is assigned at a higher scope. Optimizing this method
961         // to one SQL call may actually slow things down since most of the calls
962         // will pull from the cache after the first request.
963 
964         for (int i = resources.size() - 1; i >= 0; i--) {
965             Resource resource = resources.get(i);
966 
967             for (Role role : roles) {
968                 if (resourcePermissionLocalService.hasResourcePermission(
969                         resource.getCompanyId(), resource.getName(),
970                         resource.getScope(), resource.getPrimKey(),
971                         role.getRoleId(), actionId)) {
972 
973                     return true;
974                 }
975             }
976         }
977 
978         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
979 
980         return false;
981     }
982 
983     protected void logHasUserPermissions(
984         long userId, long resourceId, String actionId, StopWatch stopWatch,
985         int block) {
986 
987         if (!_log.isDebugEnabled()) {
988             return;
989         }
990 
991         _log.debug(
992             "Checking user permissions block " + block + " for " + userId +
993                 " " + resourceId + " " + actionId + " takes " +
994                     stopWatch.getTime() + " ms");
995     }
996 
997     private static Log _log =
998         LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
999 
1000}