1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.RequiredUserException;
27  import com.liferay.portal.ReservedUserEmailAddressException;
28  import com.liferay.portal.SystemException;
29  import com.liferay.portal.kernel.util.ArrayUtil;
30  import com.liferay.portal.model.Address;
31  import com.liferay.portal.model.Company;
32  import com.liferay.portal.model.Contact;
33  import com.liferay.portal.model.EmailAddress;
34  import com.liferay.portal.model.Group;
35  import com.liferay.portal.model.GroupConstants;
36  import com.liferay.portal.model.Organization;
37  import com.liferay.portal.model.Phone;
38  import com.liferay.portal.model.Role;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserGroupRole;
41  import com.liferay.portal.model.Website;
42  import com.liferay.portal.security.auth.PrincipalException;
43  import com.liferay.portal.security.permission.ActionKeys;
44  import com.liferay.portal.security.permission.PermissionChecker;
45  import com.liferay.portal.service.ServiceContext;
46  import com.liferay.portal.service.base.UserServiceBaseImpl;
47  import com.liferay.portal.service.permission.GroupPermissionUtil;
48  import com.liferay.portal.service.permission.OrganizationPermissionUtil;
49  import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
50  import com.liferay.portal.service.permission.PortalPermissionUtil;
51  import com.liferay.portal.service.permission.RolePermissionUtil;
52  import com.liferay.portal.service.permission.UserGroupPermissionUtil;
53  import com.liferay.portal.service.permission.UserPermissionUtil;
54  import com.liferay.portal.util.PropsValues;
55  import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
56  import com.liferay.portlet.enterpriseadmin.util.EnterpriseAdminUtil;
57  
58  import java.util.List;
59  import java.util.Locale;
60  
61  /**
62   * <a href="UserServiceImpl.java.html"><b><i>View Source</i></b></a>
63   *
64   * @author Brian Wing Shun Chan
65   * @author Brian Myunghun Kim
66   * @author Scott Lee
67   * @author Jorge Ferrer
68   * @author Julio Camarero
69   */
70  public class UserServiceImpl extends UserServiceBaseImpl {
71  
72      public void addGroupUsers(long groupId, long[] userIds)
73          throws PortalException, SystemException {
74  
75          try {
76              GroupPermissionUtil.check(
77                  getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
78          }
79          catch (PrincipalException pe) {
80  
81              // Allow any user to join open communities
82  
83              boolean hasPermission = false;
84  
85              if (userIds.length == 0) {
86                  hasPermission = true;
87              }
88              else if (userIds.length == 1) {
89                  User user = getUser();
90  
91                  if (user.getUserId() == userIds[0]) {
92                      Group group = groupPersistence.findByPrimaryKey(groupId);
93  
94                      if (user.getCompanyId() == group.getCompanyId()) {
95                          int type = group.getType();
96  
97                          if (type == GroupConstants.TYPE_COMMUNITY_OPEN) {
98                              hasPermission = true;
99                          }
100                     }
101                 }
102             }
103 
104             if (!hasPermission) {
105                 throw new PrincipalException();
106             }
107         }
108 
109         userLocalService.addGroupUsers(groupId, userIds);
110     }
111 
112     public void addOrganizationUsers(long organizationId, long[] userIds)
113         throws PortalException, SystemException {
114 
115         OrganizationPermissionUtil.check(
116             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
117 
118         validateOrganizationUsers(userIds);
119 
120         userLocalService.addOrganizationUsers(organizationId, userIds);
121     }
122 
123     public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
124         throws PortalException, SystemException {
125 
126         PasswordPolicyPermissionUtil.check(
127             getPermissionChecker(), passwordPolicyId,
128             ActionKeys.ASSIGN_MEMBERS);
129 
130         userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
131     }
132 
133     public void addRoleUsers(long roleId, long[] userIds)
134         throws PortalException, SystemException {
135 
136         RolePermissionUtil.check(
137             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
138 
139         userLocalService.addRoleUsers(roleId, userIds);
140     }
141 
142     public void addUserGroupUsers(long userGroupId, long[] userIds)
143         throws PortalException, SystemException {
144 
145         UserGroupPermissionUtil.check(
146             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
147 
148         userLocalService.addUserGroupUsers(userGroupId, userIds);
149     }
150 
151     public User addUser(
152             long companyId, boolean autoPassword, String password1,
153             String password2, boolean autoScreenName, String screenName,
154             String emailAddress, String openId, Locale locale, String firstName,
155             String middleName, String lastName, int prefixId, int suffixId,
156             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
157             String jobTitle, long[] groupIds, long[] organizationIds,
158             long[] roleIds, long[] userGroupIds, boolean sendEmail,
159             ServiceContext serviceContext)
160         throws PortalException, SystemException {
161 
162         Company company = companyPersistence.findByPrimaryKey(companyId);
163 
164         long creatorUserId = 0;
165 
166         try {
167             creatorUserId = getUserId();
168         }
169         catch (PrincipalException pe) {
170         }
171 
172         if ((creatorUserId != 0) || !company.isStrangers()) {
173             if (!PortalPermissionUtil.contains(
174                     getPermissionChecker(), ActionKeys.ADD_USER) &&
175                 !UserPermissionUtil.contains(
176                     getPermissionChecker(), 0, organizationIds,
177                     ActionKeys.ADD_USER)) {
178 
179                 throw new PrincipalException();
180             }
181         }
182 
183         if (creatorUserId == 0) {
184             if (!company.isStrangersWithMx() &&
185                 company.hasCompanyMx(emailAddress)) {
186 
187                 throw new ReservedUserEmailAddressException();
188             }
189         }
190 
191         return userLocalService.addUser(
192             creatorUserId, companyId, autoPassword, password1, password2,
193             autoScreenName, screenName, emailAddress, openId, locale, firstName,
194             middleName, lastName, prefixId, suffixId, male, birthdayMonth,
195             birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
196             roleIds, userGroupIds, sendEmail, serviceContext);
197     }
198 
199     public User addUser(
200             long companyId, boolean autoPassword, String password1,
201             String password2, boolean autoScreenName, String screenName,
202             String emailAddress, String openId, Locale locale, String firstName,
203             String middleName, String lastName, int prefixId, int suffixId,
204             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
205             String jobTitle, long[] groupIds, long[] organizationIds,
206             long[] roleIds, long[] userGroupIds, boolean sendEmail,
207             List<Address> addresses, List<EmailAddress> emailAddresses,
208             List<Phone> phones, List<Website> websites,
209             List<AnnouncementsDelivery> announcementsDelivers,
210             ServiceContext serviceContext)
211         throws PortalException, SystemException {
212 
213         User user = addUser(
214             companyId, autoPassword, password1, password2, autoScreenName,
215             screenName, emailAddress, openId, locale, firstName, middleName,
216             lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay,
217             birthdayYear, jobTitle, groupIds, organizationIds, roleIds,
218             userGroupIds, sendEmail, serviceContext);
219 
220         EnterpriseAdminUtil.updateAddresses(
221             Contact.class.getName(), user.getContactId(), addresses);
222 
223         EnterpriseAdminUtil.updateEmailAddresses(
224             Contact.class.getName(), user.getContactId(), emailAddresses);
225 
226         EnterpriseAdminUtil.updatePhones(
227             Contact.class.getName(), user.getContactId(), phones);
228 
229         EnterpriseAdminUtil.updateWebsites(
230             Contact.class.getName(), user.getContactId(), websites);
231 
232         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
233 
234         return user;
235     }
236 
237     public void deletePortrait(long userId)
238         throws PortalException, SystemException {
239 
240         UserPermissionUtil.check(
241             getPermissionChecker(), userId, ActionKeys.UPDATE);
242 
243         userLocalService.deletePortrait(userId);
244     }
245 
246     public void deleteRoleUser(long roleId, long userId)
247         throws PortalException, SystemException {
248 
249         RolePermissionUtil.check(
250             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
251 
252         userLocalService.deleteRoleUser(roleId, userId);
253     }
254 
255     public void deleteUser(long userId)
256         throws PortalException, SystemException {
257 
258         if (getUserId() == userId) {
259             throw new RequiredUserException();
260         }
261 
262         UserPermissionUtil.check(
263             getPermissionChecker(), userId, ActionKeys.DELETE);
264 
265         userLocalService.deleteUser(userId);
266     }
267 
268     public long getDefaultUserId(long companyId)
269         throws PortalException, SystemException {
270 
271         return userLocalService.getDefaultUserId(companyId);
272     }
273 
274     public long[] getGroupUserIds(long groupId) throws SystemException {
275         return userLocalService.getGroupUserIds(groupId);
276     }
277 
278     public long[] getOrganizationUserIds(long organizationId)
279         throws SystemException {
280 
281         return userLocalService.getOrganizationUserIds(organizationId);
282     }
283 
284     public long[] getRoleUserIds(long roleId) throws SystemException {
285         return userLocalService.getRoleUserIds(roleId);
286     }
287 
288     public User getUserByEmailAddress(long companyId, String emailAddress)
289         throws PortalException, SystemException {
290 
291         User user = userLocalService.getUserByEmailAddress(
292             companyId, emailAddress);
293 
294         UserPermissionUtil.check(
295             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
296 
297         return user;
298     }
299 
300     public User getUserById(long userId)
301         throws PortalException, SystemException {
302 
303         User user = userLocalService.getUserById(userId);
304 
305         UserPermissionUtil.check(
306             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
307 
308         return user;
309     }
310 
311     public User getUserByScreenName(long companyId, String screenName)
312         throws PortalException, SystemException {
313 
314         User user = userLocalService.getUserByScreenName(
315             companyId, screenName);
316 
317         UserPermissionUtil.check(
318             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
319 
320         return user;
321     }
322 
323     public long getUserIdByEmailAddress(long companyId, String emailAddress)
324         throws PortalException, SystemException {
325 
326         User user = getUserByEmailAddress(companyId, emailAddress);
327 
328         return user.getUserId();
329     }
330 
331     public long getUserIdByScreenName(long companyId, String screenName)
332         throws PortalException, SystemException {
333 
334         User user = getUserByScreenName(companyId, screenName);
335 
336         return user.getUserId();
337     }
338 
339     public boolean hasGroupUser(long groupId, long userId)
340         throws SystemException {
341 
342         return userLocalService.hasGroupUser(groupId, userId);
343     }
344 
345     public boolean hasRoleUser(long roleId, long userId)
346         throws SystemException {
347 
348         return userLocalService.hasRoleUser(roleId, userId);
349     }
350 
351     public boolean hasRoleUser(
352             long companyId, String name, long userId, boolean inherited)
353         throws PortalException, SystemException {
354 
355         return userLocalService.hasRoleUser(companyId, name, userId, inherited);
356     }
357 
358     public void setRoleUsers(long roleId, long[] userIds)
359         throws PortalException, SystemException {
360 
361         RolePermissionUtil.check(
362             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
363 
364         userLocalService.setRoleUsers(roleId, userIds);
365     }
366 
367     public void setUserGroupUsers(long userGroupId, long[] userIds)
368         throws PortalException, SystemException {
369 
370         UserGroupPermissionUtil.check(
371             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
372 
373         userLocalService.setUserGroupUsers(userGroupId, userIds);
374     }
375 
376     public void unsetGroupUsers(long groupId, long[] userIds)
377         throws PortalException, SystemException {
378 
379         try {
380             GroupPermissionUtil.check(
381                 getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
382         }
383         catch (PrincipalException pe) {
384 
385             // Allow any user to leave open and restricted communities
386 
387             boolean hasPermission = false;
388 
389             if (userIds.length == 0) {
390                 hasPermission = true;
391             }
392             else if (userIds.length == 1) {
393                 User user = getUser();
394 
395                 if (user.getUserId() == userIds[0]) {
396                     Group group = groupPersistence.findByPrimaryKey(groupId);
397 
398                     if (user.getCompanyId() == group.getCompanyId()) {
399                         int type = group.getType();
400 
401                         if ((type == GroupConstants.TYPE_COMMUNITY_OPEN) ||
402                             (type ==
403                                 GroupConstants.TYPE_COMMUNITY_RESTRICTED)) {
404 
405                             hasPermission = true;
406                         }
407                     }
408                 }
409             }
410 
411             if (!hasPermission) {
412                 throw new PrincipalException();
413             }
414         }
415 
416         userLocalService.unsetGroupUsers(groupId, userIds);
417     }
418 
419     public void unsetOrganizationUsers(long organizationId, long[] userIds)
420         throws PortalException, SystemException {
421 
422         OrganizationPermissionUtil.check(
423             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
424 
425         userLocalService.unsetOrganizationUsers(organizationId, userIds);
426     }
427 
428     public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
429         throws PortalException, SystemException {
430 
431         PasswordPolicyPermissionUtil.check(
432             getPermissionChecker(), passwordPolicyId,
433             ActionKeys.ASSIGN_MEMBERS);
434 
435         userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
436     }
437 
438     public void unsetRoleUsers(long roleId, long[] userIds)
439         throws PortalException, SystemException {
440 
441         RolePermissionUtil.check(
442             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
443 
444         userLocalService.unsetRoleUsers(roleId, userIds);
445     }
446 
447     public void unsetUserGroupUsers(long userGroupId, long[] userIds)
448         throws PortalException, SystemException {
449 
450         UserGroupPermissionUtil.check(
451             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
452 
453         userLocalService.unsetUserGroupUsers(userGroupId, userIds);
454     }
455 
456     public User updateActive(long userId, boolean active)
457         throws PortalException, SystemException {
458 
459         if ((getUserId() == userId) && !active) {
460             throw new RequiredUserException();
461         }
462 
463         UserPermissionUtil.check(
464             getPermissionChecker(), userId, ActionKeys.DELETE);
465 
466         return userLocalService.updateActive(userId, active);
467     }
468 
469     public User updateAgreedToTermsOfUse(
470             long userId, boolean agreedToTermsOfUse)
471         throws PortalException, SystemException {
472 
473         UserPermissionUtil.check(
474             getPermissionChecker(), userId, ActionKeys.UPDATE);
475 
476         return userLocalService.updateAgreedToTermsOfUse(
477             userId, agreedToTermsOfUse);
478     }
479 
480     public void updateEmailAddress(
481             long userId, String password, String emailAddress1,
482             String emailAddress2)
483         throws PortalException, SystemException {
484 
485         UserPermissionUtil.check(
486             getPermissionChecker(), userId, ActionKeys.UPDATE);
487 
488         userLocalService.updateEmailAddress(
489             userId, password, emailAddress1, emailAddress2);
490     }
491 
492     public User updateLockout(long userId, boolean lockout)
493         throws PortalException, SystemException {
494 
495         UserPermissionUtil.check(
496             getPermissionChecker(), userId, ActionKeys.DELETE);
497 
498         return userLocalService.updateLockoutById(userId, lockout);
499     }
500 
501     public void updateOpenId(long userId, String openId)
502         throws PortalException, SystemException {
503 
504         UserPermissionUtil.check(
505             getPermissionChecker(), userId, ActionKeys.UPDATE);
506 
507         userLocalService.updateOpenId(userId, openId);
508     }
509 
510     public void updateOrganizations(long userId, long[] organizationIds)
511         throws PortalException, SystemException {
512 
513         UserPermissionUtil.check(
514             getPermissionChecker(), userId, ActionKeys.UPDATE);
515 
516         userLocalService.updateOrganizations(userId, organizationIds);
517     }
518 
519     public User updatePassword(
520             long userId, String password1, String password2,
521             boolean passwordReset)
522         throws PortalException, SystemException {
523 
524         UserPermissionUtil.check(
525             getPermissionChecker(), userId, ActionKeys.UPDATE);
526 
527         return userLocalService.updatePassword(
528             userId, password1, password2, passwordReset);
529     }
530 
531     public void updatePortrait(long userId, byte[] bytes)
532         throws PortalException, SystemException {
533 
534         UserPermissionUtil.check(
535             getPermissionChecker(), userId, ActionKeys.UPDATE);
536 
537         userLocalService.updatePortrait(userId, bytes);
538     }
539 
540     public void updateReminderQuery(
541             long userId, String question, String answer)
542         throws PortalException, SystemException {
543 
544         UserPermissionUtil.check(
545             getPermissionChecker(), userId, ActionKeys.UPDATE);
546 
547         userLocalService.updateReminderQuery(userId, question, answer);
548     }
549 
550     public void updateScreenName(long userId, String screenName)
551         throws PortalException, SystemException {
552 
553         UserPermissionUtil.check(
554             getPermissionChecker(), userId, ActionKeys.UPDATE);
555 
556         userLocalService.updateScreenName(userId, screenName);
557     }
558 
559     public User updateUser(
560             long userId, String oldPassword, String newPassword1,
561             String newPassword2, boolean passwordReset,
562             String reminderQueryQuestion, String reminderQueryAnswer,
563             String screenName, String emailAddress, String openId,
564             String languageId, String timeZoneId, String greeting,
565             String comments, String firstName, String middleName,
566             String lastName, int prefixId, int suffixId, boolean male,
567             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
568             String aimSn, String facebookSn, String icqSn, String jabberSn,
569             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
570             String ymSn, String jobTitle, long[] groupIds,
571             long[] organizationIds, long[] roleIds,
572             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
573             ServiceContext serviceContext)
574         throws PortalException, SystemException {
575 
576         UserPermissionUtil.check(
577             getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
578 
579         long curUserId = getUserId();
580 
581         if (curUserId == userId) {
582             emailAddress = emailAddress.trim().toLowerCase();
583 
584             User user = userPersistence.findByPrimaryKey(userId);
585 
586             if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
587                 if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
588                     Company company = companyPersistence.findByPrimaryKey(
589                         user.getCompanyId());
590 
591                     if (!company.isStrangersWithMx()) {
592                         throw new ReservedUserEmailAddressException();
593                     }
594                 }
595             }
596         }
597 
598         if (groupIds != null) {
599             groupIds = checkGroups(userId, groupIds);
600         }
601 
602         if (organizationIds != null) {
603             organizationIds = checkOrganizations(userId, organizationIds);
604         }
605 
606         if (roleIds != null) {
607             roleIds = checkRoles(userId, roleIds);
608         }
609 
610         if (userGroupRoles != null) {
611             userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
612         }
613 
614         return userLocalService.updateUser(
615             userId, oldPassword, newPassword1, newPassword2, passwordReset,
616             reminderQueryQuestion, reminderQueryAnswer, screenName,
617             emailAddress, openId, languageId, timeZoneId, greeting, comments,
618             firstName, middleName, lastName, prefixId, suffixId, male,
619             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
620             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
621             jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
622             userGroupIds, serviceContext);
623     }
624 
625     public User updateUser(
626             long userId, String oldPassword, String newPassword1,
627             String newPassword2, boolean passwordReset,
628             String reminderQueryQuestion, String reminderQueryAnswer,
629             String screenName, String emailAddress, String openId,
630             String languageId, String timeZoneId, String greeting,
631             String comments, String firstName, String middleName,
632             String lastName, int prefixId, int suffixId, boolean male,
633             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
634             String aimSn, String facebookSn, String icqSn, String jabberSn,
635             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
636             String ymSn, String jobTitle, long[] groupIds,
637             long[] organizationIds, long[] roleIds,
638             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
639             List<Address> addresses, List<EmailAddress> emailAddresses,
640             List<Phone> phones, List<Website> websites,
641             List<AnnouncementsDelivery> announcementsDelivers,
642             ServiceContext serviceContext)
643         throws PortalException, SystemException {
644 
645         User user = updateUser(
646             userId, oldPassword, newPassword1, newPassword2, passwordReset,
647             reminderQueryQuestion, reminderQueryAnswer, screenName,
648             emailAddress, openId, languageId, timeZoneId, greeting, comments,
649             firstName, middleName, lastName, prefixId, suffixId, male,
650             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
651             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
652             jobTitle, groupIds, organizationIds, roleIds,
653             userGroupRoles, userGroupIds, serviceContext);
654 
655         EnterpriseAdminUtil.updateAddresses(
656             Contact.class.getName(), user.getContactId(), addresses);
657 
658         EnterpriseAdminUtil.updateEmailAddresses(
659             Contact.class.getName(), user.getContactId(), emailAddresses);
660 
661         EnterpriseAdminUtil.updatePhones(
662             Contact.class.getName(), user.getContactId(), phones);
663 
664         EnterpriseAdminUtil.updateWebsites(
665             Contact.class.getName(), user.getContactId(), websites);
666 
667         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
668 
669         return user;
670     }
671 
672     protected long[] checkGroups(long userId, long[] groupIds)
673         throws PortalException, SystemException {
674 
675         // Add back any groups that the administrator does not have the rights
676         // to remove and check that he has the permission to add any new group
677 
678         List<Group> oldGroups = groupLocalService.getUserGroups(userId);
679         long[] oldGroupIds = new long[oldGroups.size()];
680 
681         for (int i = 0; i < oldGroups.size(); i++) {
682             Group group = oldGroups.get(i);
683 
684             if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
685                 !GroupPermissionUtil.contains(
686                     getPermissionChecker(), group.getGroupId(),
687                     ActionKeys.ASSIGN_MEMBERS)) {
688 
689                 groupIds = ArrayUtil.append(groupIds, group.getGroupId());
690             }
691 
692             oldGroupIds[i] = group.getGroupId();
693         }
694 
695         for (long groupId : groupIds) {
696             if (!ArrayUtil.contains(oldGroupIds, groupId)) {
697                 GroupPermissionUtil.check(
698                     getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
699             }
700         }
701 
702         return groupIds;
703     }
704 
705     protected long[] checkOrganizations(long userId, long[] organizationIds)
706         throws PortalException, SystemException {
707 
708         // Add back any organizations that the administrator does not have the
709         // rights to remove and check that he has the permission to add any new
710         // organization
711 
712         List<Organization> oldOrganizations =
713             organizationLocalService.getUserOrganizations(userId);
714         long[] oldOrganizationIds = new long[oldOrganizations.size()];
715 
716         for (int i = 0; i < oldOrganizations.size(); i++) {
717             Organization organization = oldOrganizations.get(i);
718 
719             if (!ArrayUtil.contains(
720                     organizationIds, organization.getOrganizationId()) &&
721                 !OrganizationPermissionUtil.contains(
722                     getPermissionChecker(), organization.getOrganizationId(),
723                     ActionKeys.ASSIGN_MEMBERS)) {
724 
725                 organizationIds = ArrayUtil.append(
726                     organizationIds, organization.getOrganizationId());
727             }
728 
729             oldOrganizationIds[i] = organization.getOrganizationId();
730         }
731 
732         for (long organizationId : organizationIds) {
733             if (!ArrayUtil.contains(oldOrganizationIds, organizationId)) {
734                 OrganizationPermissionUtil.check(
735                     getPermissionChecker(), organizationId,
736                     ActionKeys.ASSIGN_MEMBERS);
737             }
738         }
739 
740         return organizationIds;
741     }
742 
743     protected long[] checkRoles(long userId, long[] roleIds)
744         throws PrincipalException, SystemException {
745 
746         // Add back any roles that the administrator does not have the rights to
747         // remove and check that he has the permission to add any new role
748 
749         List<Role> oldRoles = roleLocalService.getUserRoles(userId);
750         long[] oldRoleIds = new long[oldRoles.size()];
751 
752         for (int i = 0; i < oldRoles.size(); i++) {
753             Role role = oldRoles.get(i);
754 
755             if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
756                 !RolePermissionUtil.contains(
757                     getPermissionChecker(), role.getRoleId(),
758                     ActionKeys.ASSIGN_MEMBERS)) {
759 
760                 roleIds = ArrayUtil.append(roleIds, role.getRoleId());
761             }
762 
763             oldRoleIds[i] = role.getRoleId();
764         }
765 
766         for (long roleId : roleIds) {
767             if (!ArrayUtil.contains(oldRoleIds, roleId)) {
768                 RolePermissionUtil.check(
769                     getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
770             }
771         }
772 
773         return roleIds;
774     }
775 
776     protected List<UserGroupRole> checkUserGroupRoles(
777             long userId, List<UserGroupRole> userGroupRoles)
778         throws PortalException, SystemException {
779 
780         // Add back any group roles that the administrator does not have the
781         // rights to remove
782 
783         List<UserGroupRole> oldUserGroupRoles =
784             userGroupRoleLocalService.getUserGroupRoles(userId);
785 
786         for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
787             if (!userGroupRoles.contains(oldUserGroupRole) &&
788                 (!GroupPermissionUtil.contains(
789                     getPermissionChecker(), oldUserGroupRole.getGroupId(),
790                     ActionKeys.ASSIGN_MEMBERS) ||
791                 !RolePermissionUtil.contains(
792                     getPermissionChecker(), oldUserGroupRole.getRoleId(),
793                     ActionKeys.ASSIGN_MEMBERS))) {
794 
795                 userGroupRoles.add(oldUserGroupRole);
796             }
797         }
798 
799         for (UserGroupRole userGroupRole : userGroupRoles) {
800             if (!oldUserGroupRoles.contains(userGroupRole)) {
801 
802                 if (!GroupPermissionUtil.contains(
803                         getPermissionChecker(), userGroupRole.getGroupId(),
804                         ActionKeys.ASSIGN_MEMBERS) ||
805                     !RolePermissionUtil.contains(
806                         getPermissionChecker(), userGroupRole.getRoleId(),
807                         ActionKeys.ASSIGN_MEMBERS)) {
808 
809                     throw new PrincipalException();
810                 }
811             }
812         }
813 
814         return userGroupRoles;
815     }
816 
817     protected void updateAnnouncementsDeliveries(
818             long userId, List<AnnouncementsDelivery> announcementsDeliveries)
819         throws PortalException, SystemException {
820 
821         for (AnnouncementsDelivery announcementsDelivery :
822                 announcementsDeliveries) {
823 
824             announcementsDeliveryService.updateDelivery(
825                 userId, announcementsDelivery.getType(),
826                 announcementsDelivery.getEmail(),
827                 announcementsDelivery.getSms(),
828                 announcementsDelivery.getWebsite());
829         }
830     }
831 
832     protected void validateOrganizationUsers(long[] userIds)
833         throws PortalException, SystemException {
834 
835         PermissionChecker permissionChecker = getPermissionChecker();
836 
837         if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
838             permissionChecker.isCompanyAdmin()) {
839 
840             return;
841         }
842 
843         List<Organization> organizations =
844             organizationLocalService.getUserOrganizations(
845                 permissionChecker.getUserId());
846 
847         for (long userId : userIds) {
848             boolean allowed = false;
849 
850             for (Organization organization : organizations) {
851                 boolean manageUsers = OrganizationPermissionUtil.contains(
852                     permissionChecker, organization, ActionKeys.MANAGE_USERS);
853                 boolean manageSuborganizations =
854                     OrganizationPermissionUtil.contains(
855                         permissionChecker, organization,
856                         ActionKeys.MANAGE_SUBORGANIZATIONS);
857 
858                 if (!manageUsers && !manageSuborganizations) {
859                     continue;
860                 }
861 
862                 boolean inherited = false;
863                 boolean includeSpecifiedOrganization = false;
864 
865                 if (manageUsers && manageSuborganizations) {
866                     inherited = true;
867                     includeSpecifiedOrganization = true;
868                 }
869                 else if (!manageUsers && manageSuborganizations) {
870                     inherited = true;
871                     includeSpecifiedOrganization = false;
872                 }
873 
874                 if (organizationLocalService.hasUserOrganization(
875                         userId, organization.getOrganizationId(), inherited,
876                         false, includeSpecifiedOrganization)) {
877 
878                     allowed = true;
879 
880                     break;
881                 }
882             }
883 
884             if (!allowed) {
885                 throw new PrincipalException();
886             }
887         }
888     }
889 
890 }