1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.upgrade.v5_2_0;
24  
25  import com.liferay.portal.kernel.dao.jdbc.DataAccess;
26  import com.liferay.portal.kernel.dao.jdbc.SmartResultSet;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.kernel.upgrade.UpgradeProcess;
30  import com.liferay.portal.kernel.util.GetterUtil;
31  import com.liferay.portal.model.PortletConstants;
32  import com.liferay.portal.model.Resource;
33  import com.liferay.portal.model.ResourceConstants;
34  import com.liferay.portal.service.ResourceLocalServiceUtil;
35  
36  import java.sql.Connection;
37  import java.sql.PreparedStatement;
38  import java.sql.ResultSet;
39  
40  /**
41   * <a href="UpgradePortletPermissions.java.html"><b><i>View Source</i></b></a>
42   *
43   * @author Jorge Ferrer
44   */
45  public class UpgradePortletPermissions extends UpgradeProcess {
46  
47      protected void doUpgrade() throws Exception {
48          updatePortletPermissions(
49              "33", "com.liferay.portlet.blogs", new String[] {"ADD_ENTRY"});
50  
51          updatePortletPermissions(
52              "28", "com.liferay.portlet.bookmarks", new String[] {"ADD_FOLDER"});
53  
54          updatePortletPermissions(
55              "8", "com.liferay.portlet.calendar",
56              new String[] {"ADD_EVENT", "EXPORT_ALL_EVENTS"});
57  
58          updatePortletPermissions(
59              "20", "com.liferay.portlet.documentlibrary",
60              new String[] {"ADD_FOLDER"});
61  
62          updatePortletPermissions(
63              "31", "com.liferay.portlet.imagegallery",
64              new String[] {"ADD_FOLDER"});
65  
66          updatePortletPermissions(
67              "15", "com.liferay.portlet.journal",
68              new String[] {
69                  "ADD_ARTICLE", "ADD_FEED", "ADD_STRUCTURE", "ADD_TEMPLATE",
70                  "APPROVE_ARTICLE"
71              });
72  
73          updatePortletPermissions(
74              "19", "com.liferay.portlet.messageboards",
75              new String[] {"ADD_CATEGORY", "BAN_USER"});
76  
77          updatePortletPermissions(
78              "25", "com.liferay.portlet.polls", new String[] {"ADD_QUESTION"});
79  
80          updatePortletPermissions(
81              "34", "com.liferay.portlet.shopping",
82              new String[] {"ADD_CATEGORY", "MANAGE_COUPONS", "MANAGE_ORDERS"});
83  
84          updatePortletPermissions(
85              "98", "com.liferay.portlet.softwarecatalog",
86              new String[] {"ADD_FRAMEWORK_VERSION", "ADD_PRODUCT_ENTRY"});
87  
88          updatePortletPermissions(
89              "99", "com.liferay.portlet.tags",
90              new String[] {"ADD_ENTRY", "ADD_VOCABULARY"});
91  
92          updatePortletPermissions(
93              "36", "com.liferay.portlet.wiki", new String[] {"ADD_NODE"});
94      }
95  
96      protected Object[] getLayout(long plid) throws Exception {
97          Object[] layout = null;
98  
99          Connection con = null;
100         PreparedStatement ps = null;
101         ResultSet rs = null;
102 
103         try {
104             con = DataAccess.getConnection();
105 
106             ps = con.prepareStatement(_GET_LAYOUT);
107 
108             ps.setLong(1, plid);
109 
110             rs = ps.executeQuery();
111 
112             while (rs.next()) {
113                 long groupId = rs.getLong("groupId");
114                 long companyId = rs.getLong("companyId");
115 
116                 layout = new Object[] {groupId, companyId};
117             }
118         }
119         finally {
120             DataAccess.cleanUp(con, ps, rs);
121         }
122 
123         return layout;
124     }
125 
126     protected long getPortletPermissionsCount(
127             String actionId, long resourceId, String modelName)
128         throws Exception {
129 
130         Connection con = null;
131         PreparedStatement ps = null;
132         ResultSet rs = null;
133 
134         try {
135             con = DataAccess.getConnection();
136 
137             StringBuilder sb = new StringBuilder();
138 
139             sb.append("select count(*) from Permission_ ");
140             sb.append("inner join Resource_ on Resource_.resourceId = ");
141             sb.append("Permission_.resourceId inner join ResourceCode on ");
142             sb.append("ResourceCode.codeId = Resource_.codeId where ");
143             sb.append("Permission_.actionId = ? and ");
144             sb.append("Permission_.resourceId = ? and ResourceCode.name = ? ");
145             sb.append("and ResourceCode.scope = ? ");
146 
147             String sql = sb.toString();
148 
149             ps = con.prepareStatement(sql);
150 
151             ps.setString(1, actionId);
152             ps.setLong(2, resourceId);
153             ps.setString(3, modelName);
154             ps.setInt(4, ResourceConstants.SCOPE_INDIVIDUAL);
155 
156             rs = ps.executeQuery();
157 
158             rs.next();
159 
160             return rs.getLong(1);
161         }
162         finally {
163             DataAccess.cleanUp(con, ps, rs);
164         }
165     }
166 
167     protected void updatePortletPermission(
168             long permissionId, String actionId, String primKey,
169             String modelName, int scope)
170         throws Exception {
171 
172         long plid = GetterUtil.getLong(
173             primKey.substring(
174                 0, primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR)));
175 
176         Object[] layout = getLayout(plid);
177 
178         if (layout == null) {
179             return;
180         }
181 
182         long groupId = (Long)layout[0];
183         long companyId = (Long)layout[1];
184 
185         Resource resource = ResourceLocalServiceUtil.addResource(
186             companyId, modelName, scope, String.valueOf(groupId));
187 
188         long portletPermissionCount = getPortletPermissionsCount(
189             actionId, resource.getResourceId(), modelName);
190 
191         if (portletPermissionCount == 0) {
192             runSQL(
193                 "update Permission_ set resourceId = " +
194                     resource.getResourceId() + " where permissionId = " +
195                         permissionId);
196         }
197         else {
198             runSQL(
199                 "delete from Permission_ where permissionId = " + permissionId);
200         }
201     }
202 
203     protected void updatePortletPermissions(
204             String portletName, String modelName, String[] actionIds)
205         throws Exception {
206 
207         Connection con = null;
208         PreparedStatement ps = null;
209         ResultSet rs = null;
210 
211         try {
212             con = DataAccess.getConnection();
213 
214             StringBuilder sb = new StringBuilder();
215 
216             sb.append("select Permission_.permissionId, ");
217             sb.append("Permission_.actionId, Resource_.primKey, ");
218             sb.append("ResourceCode.scope from Permission_ ");
219             sb.append("inner join Resource_ on Resource_.resourceId = ");
220             sb.append("Permission_.resourceId inner join ResourceCode on ");
221             sb.append("ResourceCode.codeId = Resource_.codeId where (");
222 
223             for (int i = 0; i < actionIds.length; i++) {
224                 String actionId = actionIds[i];
225 
226                 sb.append("Permission_.actionId = '");
227                 sb.append(actionId);
228                 sb.append("'");
229 
230                 if (i < (actionIds.length - 1)) {
231                     sb.append(" or ");
232                 }
233             }
234 
235             sb.append(") and ResourceCode.name = ? and ResourceCode.scope = ?");
236 
237             String sql = sb.toString();
238 
239             ps = con.prepareStatement(sql);
240 
241             ps.setString(1, portletName);
242             ps.setInt(2, ResourceConstants.SCOPE_INDIVIDUAL);
243 
244             rs = ps.executeQuery();
245 
246             SmartResultSet srs = new SmartResultSet(rs);
247 
248             while (srs.next()) {
249                 long permissionId = srs.getLong("Permission_.permissionId");
250                 String actionId = srs.getString("Permission_.actionId");
251                 String primKey = srs.getString("Resource_.primKey");
252                 int scope = srs.getInt("ResourceCode.scope");
253 
254                 try {
255                     updatePortletPermission(
256                         permissionId, actionId, primKey, modelName, scope);
257                 }
258                 catch (Exception e) {
259                     _log.error(
260                         "Unable to upgrade permission " + permissionId, e);
261                 }
262             }
263         }
264         finally {
265             DataAccess.cleanUp(con, ps, rs);
266         }
267     }
268 
269     private static final String _GET_LAYOUT =
270         "select * from Layout where plid = ?";
271 
272     private static Log _log = LogFactoryUtil.getLog(
273         UpgradePortletPermissions.class);
274 
275 }