1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchResourcePermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.search.SearchEngineUtil;
29  import com.liferay.portal.model.ResourceAction;
30  import com.liferay.portal.model.ResourceConstants;
31  import com.liferay.portal.model.ResourcePermission;
32  import com.liferay.portal.model.ResourcePermissionConstants;
33  import com.liferay.portal.model.Role;
34  import com.liferay.portal.model.RoleConstants;
35  import com.liferay.portal.security.permission.PermissionCacheUtil;
36  import com.liferay.portal.security.permission.ResourceActionsUtil;
37  import com.liferay.portal.service.base.ResourcePermissionLocalServiceBaseImpl;
38  import com.liferay.portal.util.PortalUtil;
39  
40  import java.util.ArrayList;
41  import java.util.Collections;
42  import java.util.List;
43  
44  /**
45   * <a href="ResourcePermissionLocalServiceImpl.java.html"><b><i>View Source</i>
46   * </b></a>
47   *
48   * @author Brian Wing Shun Chan
49   * @author Raymond Augé
50   */
51  public class ResourcePermissionLocalServiceImpl
52      extends ResourcePermissionLocalServiceBaseImpl {
53  
54      public void addResourcePermission(
55              long companyId, String name, int scope, String primKey, long roleId,
56              String actionId)
57          throws PortalException, SystemException {
58  
59          if (scope == ResourceConstants.SCOPE_COMPANY) {
60  
61              // Remove group permission
62  
63              removeResourcePermissions(
64                  companyId, name, ResourceConstants.SCOPE_GROUP, roleId,
65                  actionId);
66          }
67          else if (scope == ResourceConstants.SCOPE_GROUP) {
68  
69              // Remove company permission
70  
71              removeResourcePermissions(
72                  companyId, name, ResourceConstants.SCOPE_COMPANY, roleId,
73                  actionId);
74          }
75          else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
76              throw new NoSuchResourcePermissionException();
77          }
78  
79          updateResourcePermission(
80              companyId, name, scope, primKey, roleId, new String[] {actionId},
81              ResourcePermissionConstants.OPERATOR_ADD);
82  
83          PermissionCacheUtil.clearCache();
84      }
85  
86      public List<String> getAvailableResourcePermissionActionIds(
87              long companyId, String name, int scope, String primKey, long roleId,
88              List<String> actionIds)
89          throws PortalException, SystemException {
90  
91          ResourcePermission resourcePermission =
92              resourcePermissionPersistence.fetchByC_N_S_P_R(
93                  companyId, name, scope, primKey, roleId);
94  
95          if (resourcePermission == null) {
96              return Collections.EMPTY_LIST;
97          }
98  
99          List<String> availableActionIds = new ArrayList<String>(
100             actionIds.size());
101 
102         for (String actionId : actionIds) {
103             ResourceAction resourceAction =
104                 resourceActionLocalService.getResourceAction(name, actionId);
105 
106             if (hasActionId(resourcePermission, resourceAction)) {
107                 availableActionIds.add(actionId);
108             }
109         }
110 
111         return availableActionIds;
112     }
113 
114     public int getResourcePermissionsCount(
115             long companyId, String name, int scope, String primKey)
116         throws SystemException {
117 
118         return resourcePermissionPersistence.countByC_N_S_P(
119             companyId, name, scope, primKey);
120     }
121 
122     public List<ResourcePermission> getRoleResourcePermissions(long roleId)
123         throws SystemException {
124 
125         return resourcePermissionPersistence.findByRoleId(roleId);
126     }
127 
128     public boolean hasActionId(
129         ResourcePermission resourcePermission, ResourceAction resourceAction) {
130 
131         long actionIds = resourcePermission.getActionIds();
132         long bitwiseValue = resourceAction.getBitwiseValue();
133 
134         if ((actionIds & bitwiseValue) == bitwiseValue) {
135             return true;
136         }
137         else {
138             return false;
139         }
140     }
141 
142     public boolean hasResourcePermission(
143             long companyId, String name, int scope, String primKey, long roleId,
144             String actionId)
145         throws PortalException, SystemException {
146 
147         ResourcePermission resourcePermission =
148             resourcePermissionPersistence.fetchByC_N_S_P_R(
149                 companyId, name, scope, primKey, roleId);
150 
151         if (resourcePermission == null) {
152             return false;
153         }
154 
155         ResourceAction resourceAction =
156             resourceActionLocalService.getResourceAction(name, actionId);
157 
158         if (hasActionId(resourcePermission, resourceAction)) {
159             return true;
160         }
161         else {
162             return false;
163         }
164     }
165 
166     public boolean hasScopeResourcePermission(
167             long companyId, String name, int scope, long roleId,
168             String actionId)
169         throws PortalException, SystemException {
170 
171         List<ResourcePermission> resourcePermissions =
172             resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
173 
174         for (ResourcePermission resourcePermission : resourcePermissions) {
175             if (hasResourcePermission(
176                     companyId, name, scope, resourcePermission.getPrimKey(),
177                     roleId, actionId)) {
178 
179                 return true;
180             }
181         }
182 
183         return false;
184     }
185 
186     public void mergePermissions(long fromRoleId, long toRoleId)
187         throws PortalException, SystemException {
188 
189         Role fromRole = rolePersistence.findByPrimaryKey(fromRoleId);
190         Role toRole = rolePersistence.findByPrimaryKey(toRoleId);
191 
192         if (fromRole.getType() != toRole.getType()) {
193             throw new PortalException("Role types are mismatched");
194         }
195         else if (PortalUtil.isSystemRole(toRole.getName())) {
196             throw new PortalException("Cannot move permissions to system role");
197         }
198         else if (PortalUtil.isSystemRole(fromRole.getName())) {
199             throw new PortalException(
200                 "Cannot move permissions from system role");
201         }
202 
203         List<ResourcePermission> resourcePermissions =
204             getRoleResourcePermissions(fromRoleId);
205 
206         for (ResourcePermission resourcePermission : resourcePermissions) {
207             resourcePermission.setRoleId(toRoleId);
208 
209             resourcePermissionPersistence.update(resourcePermission, false);
210         }
211 
212         roleLocalService.deleteRole(fromRoleId);
213 
214         PermissionCacheUtil.clearCache();
215     }
216 
217     public void reassignPermissions(long resourcePermissionId, long toRoleId)
218         throws PortalException, SystemException {
219 
220         ResourcePermission resourcePermission = getResourcePermission(
221             resourcePermissionId);
222 
223         long companyId = resourcePermission.getCompanyId();
224         String name = resourcePermission.getName();
225         int scope = resourcePermission.getScope();
226         String primKey = resourcePermission.getPrimKey();
227         long fromRoleId = resourcePermission.getRoleId();
228 
229         Role toRole = roleLocalService.getRole(toRoleId);
230 
231         List<String> actionIds = null;
232 
233         if (toRole.getType() == RoleConstants.TYPE_REGULAR) {
234             actionIds = ResourceActionsUtil.getModelResourceActions(name);
235         }
236         else {
237             actionIds =
238                 ResourceActionsUtil.getModelResourceCommunityDefaultActions(
239                     name);
240         }
241 
242         setResourcePermissions(
243             companyId, name, scope, primKey, toRoleId,
244             actionIds.toArray(new String[actionIds.size()]));
245 
246         resourcePermissionPersistence.remove(resourcePermissionId);
247 
248         List<ResourcePermission> resourcePermissions =
249             getRoleResourcePermissions(fromRoleId);
250 
251         if (resourcePermissions.isEmpty()) {
252             roleLocalService.deleteRole(fromRoleId);
253         }
254     }
255 
256     public void removeResourcePermission(
257             long companyId, String name, int scope, String primKey, long roleId,
258             String actionId)
259         throws PortalException, SystemException {
260 
261         updateResourcePermission(
262             companyId, name, scope, primKey, roleId, new String[] {actionId},
263             ResourcePermissionConstants.OPERATOR_REMOVE);
264 
265         PermissionCacheUtil.clearCache();
266     }
267 
268     public void removeResourcePermissions(
269             long companyId, String name, int scope, long roleId,
270             String actionId)
271         throws PortalException, SystemException {
272 
273         List<ResourcePermission> resourcePermissions =
274             resourcePermissionPersistence.findByC_N_S(companyId, name, scope);
275 
276         for (ResourcePermission resourcePermission : resourcePermissions) {
277             updateResourcePermission(
278                 companyId, name, scope, resourcePermission.getPrimKey(), roleId,
279                 new String[] {actionId},
280                 ResourcePermissionConstants.OPERATOR_REMOVE);
281         }
282 
283         PermissionCacheUtil.clearCache();
284     }
285 
286     public void setResourcePermissions(
287             long companyId, String name, int scope, String primKey, long roleId,
288             String[] actionIds)
289         throws PortalException, SystemException {
290 
291         updateResourcePermission(
292             companyId, name, scope, primKey, roleId, actionIds,
293             ResourcePermissionConstants.OPERATOR_SET);
294     }
295 
296     protected void updateResourcePermission(
297             long companyId, String name, int scope, String primKey, long roleId,
298             String[] actionIds, int operator)
299         throws PortalException, SystemException {
300 
301         ResourcePermission resourcePermission =
302             resourcePermissionPersistence.fetchByC_N_S_P_R(
303                 companyId, name, scope, primKey, roleId);
304 
305         if (resourcePermission == null) {
306             if (operator == ResourcePermissionConstants.OPERATOR_REMOVE) {
307                 return;
308             }
309 
310             long resourcePermissionId = counterLocalService.increment(
311                 ResourcePermission.class.getName());
312 
313             resourcePermission = resourcePermissionPersistence.create(
314                 resourcePermissionId);
315 
316             resourcePermission.setCompanyId(companyId);
317             resourcePermission.setName(name);
318             resourcePermission.setScope(scope);
319             resourcePermission.setPrimKey(primKey);
320             resourcePermission.setRoleId(roleId);
321         }
322 
323         long actionIdsLong = resourcePermission.getActionIds();
324 
325         if (operator == ResourcePermissionConstants.OPERATOR_SET) {
326             actionIdsLong = 0;
327         }
328 
329         for (String actionId : actionIds) {
330             ResourceAction resourceAction =
331                 resourceActionLocalService.getResourceAction(name, actionId);
332 
333             if ((operator == ResourcePermissionConstants.OPERATOR_ADD) ||
334                 (operator == ResourcePermissionConstants.OPERATOR_SET)) {
335 
336                 actionIdsLong |= resourceAction.getBitwiseValue();
337             }
338             else {
339                 actionIdsLong =
340                     actionIdsLong & (~resourceAction.getBitwiseValue());
341             }
342         }
343 
344         resourcePermission.setActionIds(actionIdsLong);
345 
346         resourcePermissionPersistence.update(resourcePermission, false);
347 
348         PermissionCacheUtil.clearCache();
349 
350         SearchEngineUtil.updatePermissionFields(name, primKey);
351     }
352 
353 }