1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.RequiredUserException;
27  import com.liferay.portal.ReservedUserEmailAddressException;
28  import com.liferay.portal.SystemException;
29  import com.liferay.portal.kernel.util.ArrayUtil;
30  import com.liferay.portal.model.Address;
31  import com.liferay.portal.model.Company;
32  import com.liferay.portal.model.Contact;
33  import com.liferay.portal.model.EmailAddress;
34  import com.liferay.portal.model.Group;
35  import com.liferay.portal.model.GroupConstants;
36  import com.liferay.portal.model.Organization;
37  import com.liferay.portal.model.Phone;
38  import com.liferay.portal.model.Role;
39  import com.liferay.portal.model.User;
40  import com.liferay.portal.model.UserGroupRole;
41  import com.liferay.portal.model.Website;
42  import com.liferay.portal.security.auth.PrincipalException;
43  import com.liferay.portal.security.permission.ActionKeys;
44  import com.liferay.portal.security.permission.PermissionChecker;
45  import com.liferay.portal.service.ServiceContext;
46  import com.liferay.portal.service.base.UserServiceBaseImpl;
47  import com.liferay.portal.service.permission.GroupPermissionUtil;
48  import com.liferay.portal.service.permission.OrganizationPermissionUtil;
49  import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
50  import com.liferay.portal.service.permission.RolePermissionUtil;
51  import com.liferay.portal.service.permission.UserGroupPermissionUtil;
52  import com.liferay.portal.service.permission.UserPermissionUtil;
53  import com.liferay.portal.util.PropsValues;
54  import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
55  import com.liferay.portlet.enterpriseadmin.util.EnterpriseAdminUtil;
56  
57  import java.util.List;
58  import java.util.Locale;
59  
60  /**
61   * <a href="UserServiceImpl.java.html"><b><i>View Source</i></b></a>
62   *
63   * @author Brian Wing Shun Chan
64   * @author Brian Myunghun Kim
65   * @author Scott Lee
66   * @author Jorge Ferrer
67   * @author Julio Camarero
68   *
69   */
70  public class UserServiceImpl extends UserServiceBaseImpl {
71  
72      public void addGroupUsers(long groupId, long[] userIds)
73          throws PortalException, SystemException {
74  
75          try {
76              GroupPermissionUtil.check(
77                  getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
78          }
79          catch (PrincipalException pe) {
80  
81              // Allow any user to join open communities
82  
83              boolean hasPermission = false;
84  
85              if (userIds.length == 0) {
86                  hasPermission = true;
87              }
88              else if (userIds.length == 1) {
89                  User user = getUser();
90  
91                  if (user.getUserId() == userIds[0]) {
92                      Group group = groupPersistence.findByPrimaryKey(groupId);
93  
94                      if (user.getCompanyId() == group.getCompanyId()) {
95                          int type = group.getType();
96  
97                          if (type == GroupConstants.TYPE_COMMUNITY_OPEN) {
98                              hasPermission = true;
99                          }
100                     }
101                 }
102             }
103 
104             if (!hasPermission) {
105                 throw new PrincipalException();
106             }
107         }
108 
109         userLocalService.addGroupUsers(groupId, userIds);
110     }
111 
112     public void addOrganizationUsers(long organizationId, long[] userIds)
113         throws PortalException, SystemException {
114 
115         OrganizationPermissionUtil.check(
116             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
117 
118         validateOrganizationUsers(userIds);
119 
120         userLocalService.addOrganizationUsers(organizationId, userIds);
121     }
122 
123     public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
124         throws PortalException, SystemException {
125 
126         PasswordPolicyPermissionUtil.check(
127             getPermissionChecker(), passwordPolicyId,
128             ActionKeys.ASSIGN_MEMBERS);
129 
130         userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
131     }
132 
133     public void addRoleUsers(long roleId, long[] userIds)
134         throws PortalException, SystemException {
135 
136         RolePermissionUtil.check(
137             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
138 
139         userLocalService.addRoleUsers(roleId, userIds);
140     }
141 
142     public void addUserGroupUsers(long userGroupId, long[] userIds)
143         throws PortalException, SystemException {
144 
145         UserGroupPermissionUtil.check(
146             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
147 
148         userLocalService.addUserGroupUsers(userGroupId, userIds);
149     }
150 
151     public User addUser(
152             long companyId, boolean autoPassword, String password1,
153             String password2, boolean autoScreenName, String screenName,
154             String emailAddress, String openId, Locale locale, String firstName,
155             String middleName, String lastName, int prefixId, int suffixId,
156             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
157             String jobTitle, long[] groupIds, long[] organizationIds,
158             long[] roleIds, long[] userGroupIds, boolean sendEmail,
159             ServiceContext serviceContext)
160         throws PortalException, SystemException {
161 
162         Company company = companyPersistence.findByPrimaryKey(companyId);
163 
164         long creatorUserId = 0;
165 
166         try {
167             creatorUserId = getUserId();
168         }
169         catch (PrincipalException pe) {
170         }
171 
172         if ((creatorUserId != 0) || !company.isStrangers()) {
173             UserPermissionUtil.check(
174                 getPermissionChecker(), 0, organizationIds,
175                 ActionKeys.ADD_USER);
176         }
177 
178         if (creatorUserId == 0) {
179             if (!company.isStrangersWithMx() &&
180                 company.hasCompanyMx(emailAddress)) {
181 
182                 throw new ReservedUserEmailAddressException();
183             }
184         }
185 
186         return userLocalService.addUser(
187             creatorUserId, companyId, autoPassword, password1, password2,
188             autoScreenName, screenName, emailAddress, openId, locale, firstName,
189             middleName, lastName, prefixId, suffixId, male, birthdayMonth,
190             birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
191             roleIds, userGroupIds, sendEmail, serviceContext);
192     }
193 
194     public User addUser(
195             long companyId, boolean autoPassword, String password1,
196             String password2, boolean autoScreenName, String screenName,
197             String emailAddress, String openId, Locale locale, String firstName,
198             String middleName, String lastName, int prefixId, int suffixId,
199             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
200             String jobTitle, long[] groupIds, long[] organizationIds,
201             long[] roleIds, long[] userGroupIds, boolean sendEmail,
202             List<Address> addresses, List<EmailAddress> emailAddresses,
203             List<Phone> phones, List<Website> websites,
204             List<AnnouncementsDelivery> announcementsDelivers,
205             ServiceContext serviceContext)
206         throws PortalException, SystemException {
207 
208         User user = addUser(
209             companyId, autoPassword, password1, password2, autoScreenName,
210             screenName, emailAddress, openId, locale, firstName, middleName,
211             lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay,
212             birthdayYear, jobTitle, groupIds, organizationIds, roleIds,
213             userGroupIds, sendEmail, serviceContext);
214 
215         EnterpriseAdminUtil.updateAddresses(
216             Contact.class.getName(), user.getContactId(), addresses);
217 
218         EnterpriseAdminUtil.updateEmailAddresses(
219             Contact.class.getName(), user.getContactId(), emailAddresses);
220 
221         EnterpriseAdminUtil.updatePhones(
222             Contact.class.getName(), user.getContactId(), phones);
223 
224         EnterpriseAdminUtil.updateWebsites(
225             Contact.class.getName(), user.getContactId(), websites);
226 
227         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
228 
229         return user;
230     }
231 
232     public void deletePortrait(long userId)
233         throws PortalException, SystemException {
234 
235         UserPermissionUtil.check(
236             getPermissionChecker(), userId, ActionKeys.UPDATE);
237 
238         userLocalService.deletePortrait(userId);
239     }
240 
241     public void deleteRoleUser(long roleId, long userId)
242         throws PortalException, SystemException {
243 
244         RolePermissionUtil.check(
245             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
246 
247         userLocalService.deleteRoleUser(roleId, userId);
248     }
249 
250     public void deleteUser(long userId)
251         throws PortalException, SystemException {
252 
253         if (getUserId() == userId) {
254             throw new RequiredUserException();
255         }
256 
257         UserPermissionUtil.check(
258             getPermissionChecker(), userId, ActionKeys.DELETE);
259 
260         userLocalService.deleteUser(userId);
261     }
262 
263     public long getDefaultUserId(long companyId)
264         throws PortalException, SystemException {
265 
266         return userLocalService.getDefaultUserId(companyId);
267     }
268 
269     public long[] getGroupUserIds(long groupId) throws SystemException {
270         return userLocalService.getGroupUserIds(groupId);
271     }
272 
273     public long[] getOrganizationUserIds(long organizationId)
274         throws SystemException {
275 
276         return userLocalService.getOrganizationUserIds(organizationId);
277     }
278 
279     public long[] getRoleUserIds(long roleId) throws SystemException {
280         return userLocalService.getRoleUserIds(roleId);
281     }
282 
283     public User getUserByEmailAddress(long companyId, String emailAddress)
284         throws PortalException, SystemException {
285 
286         User user = userLocalService.getUserByEmailAddress(
287             companyId, emailAddress);
288 
289         UserPermissionUtil.check(
290             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
291 
292         return user;
293     }
294 
295     public User getUserById(long userId)
296         throws PortalException, SystemException {
297 
298         User user = userLocalService.getUserById(userId);
299 
300         UserPermissionUtil.check(
301             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
302 
303         return user;
304     }
305 
306     public User getUserByScreenName(long companyId, String screenName)
307         throws PortalException, SystemException {
308 
309         User user = userLocalService.getUserByScreenName(
310             companyId, screenName);
311 
312         UserPermissionUtil.check(
313             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
314 
315         return user;
316     }
317 
318     public long getUserIdByEmailAddress(long companyId, String emailAddress)
319         throws PortalException, SystemException {
320 
321         User user = getUserByEmailAddress(companyId, emailAddress);
322 
323         return user.getUserId();
324     }
325 
326     public long getUserIdByScreenName(long companyId, String screenName)
327         throws PortalException, SystemException {
328 
329         User user = getUserByScreenName(companyId, screenName);
330 
331         return user.getUserId();
332     }
333 
334     public boolean hasGroupUser(long groupId, long userId)
335         throws SystemException {
336 
337         return userLocalService.hasGroupUser(groupId, userId);
338     }
339 
340     public boolean hasRoleUser(long roleId, long userId)
341         throws SystemException {
342 
343         return userLocalService.hasRoleUser(roleId, userId);
344     }
345 
346     public boolean hasRoleUser(
347             long companyId, String name, long userId, boolean inherited)
348         throws PortalException, SystemException {
349 
350         return userLocalService.hasRoleUser(companyId, name, userId, inherited);
351     }
352 
353     public void setRoleUsers(long roleId, long[] userIds)
354         throws PortalException, SystemException {
355 
356         RolePermissionUtil.check(
357             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
358 
359         userLocalService.setRoleUsers(roleId, userIds);
360     }
361 
362     public void setUserGroupUsers(long userGroupId, long[] userIds)
363         throws PortalException, SystemException {
364 
365         UserGroupPermissionUtil.check(
366             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
367 
368         userLocalService.setUserGroupUsers(userGroupId, userIds);
369     }
370 
371     public void unsetGroupUsers(long groupId, long[] userIds)
372         throws PortalException, SystemException {
373 
374         try {
375             GroupPermissionUtil.check(
376                 getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
377         }
378         catch (PrincipalException pe) {
379 
380             // Allow any user to leave open and restricted communities
381 
382             boolean hasPermission = false;
383 
384             if (userIds.length == 0) {
385                 hasPermission = true;
386             }
387             else if (userIds.length == 1) {
388                 User user = getUser();
389 
390                 if (user.getUserId() == userIds[0]) {
391                     Group group = groupPersistence.findByPrimaryKey(groupId);
392 
393                     if (user.getCompanyId() == group.getCompanyId()) {
394                         int type = group.getType();
395 
396                         if ((type == GroupConstants.TYPE_COMMUNITY_OPEN) ||
397                             (type ==
398                                 GroupConstants.TYPE_COMMUNITY_RESTRICTED)) {
399 
400                             hasPermission = true;
401                         }
402                     }
403                 }
404             }
405 
406             if (!hasPermission) {
407                 throw new PrincipalException();
408             }
409         }
410 
411         userLocalService.unsetGroupUsers(groupId, userIds);
412     }
413 
414     public void unsetOrganizationUsers(long organizationId, long[] userIds)
415         throws PortalException, SystemException {
416 
417         OrganizationPermissionUtil.check(
418             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
419 
420         userLocalService.unsetOrganizationUsers(organizationId, userIds);
421     }
422 
423     public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
424         throws PortalException, SystemException {
425 
426         PasswordPolicyPermissionUtil.check(
427             getPermissionChecker(), passwordPolicyId,
428             ActionKeys.ASSIGN_MEMBERS);
429 
430         userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
431     }
432 
433     public void unsetRoleUsers(long roleId, long[] userIds)
434         throws PortalException, SystemException {
435 
436         RolePermissionUtil.check(
437             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
438 
439         userLocalService.unsetRoleUsers(roleId, userIds);
440     }
441 
442     public void unsetUserGroupUsers(long userGroupId, long[] userIds)
443         throws PortalException, SystemException {
444 
445         UserGroupPermissionUtil.check(
446             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
447 
448         userLocalService.unsetUserGroupUsers(userGroupId, userIds);
449     }
450 
451     public User updateActive(long userId, boolean active)
452         throws PortalException, SystemException {
453 
454         if ((getUserId() == userId) && !active) {
455             throw new RequiredUserException();
456         }
457 
458         UserPermissionUtil.check(
459             getPermissionChecker(), userId, ActionKeys.DELETE);
460 
461         return userLocalService.updateActive(userId, active);
462     }
463 
464     public User updateAgreedToTermsOfUse(
465             long userId, boolean agreedToTermsOfUse)
466         throws PortalException, SystemException {
467 
468         UserPermissionUtil.check(
469             getPermissionChecker(), userId, ActionKeys.UPDATE);
470 
471         return userLocalService.updateAgreedToTermsOfUse(
472             userId, agreedToTermsOfUse);
473     }
474 
475     public void updateEmailAddress(
476             long userId, String password, String emailAddress1,
477             String emailAddress2)
478         throws PortalException, SystemException {
479 
480         UserPermissionUtil.check(
481             getPermissionChecker(), userId, ActionKeys.UPDATE);
482 
483         userLocalService.updateEmailAddress(
484             userId, password, emailAddress1, emailAddress2);
485     }
486 
487     public User updateLockout(long userId, boolean lockout)
488         throws PortalException, SystemException {
489 
490         UserPermissionUtil.check(
491             getPermissionChecker(), userId, ActionKeys.DELETE);
492 
493         return userLocalService.updateLockoutById(userId, lockout);
494     }
495 
496     public void updateOpenId(long userId, String openId)
497         throws PortalException, SystemException {
498 
499         UserPermissionUtil.check(
500             getPermissionChecker(), userId, ActionKeys.UPDATE);
501 
502         userLocalService.updateOpenId(userId, openId);
503     }
504 
505     public void updateOrganizations(long userId, long[] organizationIds)
506         throws PortalException, SystemException {
507 
508         UserPermissionUtil.check(
509             getPermissionChecker(), userId, ActionKeys.UPDATE);
510 
511         userLocalService.updateOrganizations(userId, organizationIds);
512     }
513 
514     public User updatePassword(
515             long userId, String password1, String password2,
516             boolean passwordReset)
517         throws PortalException, SystemException {
518 
519         UserPermissionUtil.check(
520             getPermissionChecker(), userId, ActionKeys.UPDATE);
521 
522         return userLocalService.updatePassword(
523             userId, password1, password2, passwordReset);
524     }
525 
526     public void updatePortrait(long userId, byte[] bytes)
527         throws PortalException, SystemException {
528 
529         UserPermissionUtil.check(
530             getPermissionChecker(), userId, ActionKeys.UPDATE);
531 
532         userLocalService.updatePortrait(userId, bytes);
533     }
534 
535     public void updateReminderQuery(
536             long userId, String question, String answer)
537         throws PortalException, SystemException {
538 
539         UserPermissionUtil.check(
540             getPermissionChecker(), userId, ActionKeys.UPDATE);
541 
542         userLocalService.updateReminderQuery(userId, question, answer);
543     }
544 
545     public void updateScreenName(long userId, String screenName)
546         throws PortalException, SystemException {
547 
548         UserPermissionUtil.check(
549             getPermissionChecker(), userId, ActionKeys.UPDATE);
550 
551         userLocalService.updateScreenName(userId, screenName);
552     }
553 
554     public User updateUser(
555             long userId, String oldPassword, String newPassword1,
556             String newPassword2, boolean passwordReset,
557             String reminderQueryQuestion, String reminderQueryAnswer,
558             String screenName, String emailAddress, String openId,
559             String languageId, String timeZoneId, String greeting,
560             String comments, String firstName, String middleName,
561             String lastName, int prefixId, int suffixId, boolean male,
562             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
563             String aimSn, String facebookSn, String icqSn, String jabberSn,
564             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
565             String ymSn, String jobTitle, long[] groupIds,
566             long[] organizationIds, long[] roleIds,
567             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
568             ServiceContext serviceContext)
569         throws PortalException, SystemException {
570 
571         UserPermissionUtil.check(
572             getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
573 
574         long curUserId = getUserId();
575 
576         if (curUserId == userId) {
577             emailAddress = emailAddress.trim().toLowerCase();
578 
579             User user = userPersistence.findByPrimaryKey(userId);
580 
581             if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
582                 if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
583                     Company company = companyPersistence.findByPrimaryKey(
584                         user.getCompanyId());
585 
586                     if (!company.isStrangersWithMx()) {
587                         throw new ReservedUserEmailAddressException();
588                     }
589                 }
590             }
591         }
592 
593         if (groupIds != null) {
594             groupIds = checkGroups(userId, groupIds);
595         }
596 
597         if (organizationIds != null) {
598             organizationIds = checkOrganizations(userId, organizationIds);
599         }
600 
601         if (roleIds != null) {
602             roleIds = checkRoles(userId, roleIds);
603         }
604 
605         if (userGroupRoles != null) {
606             userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
607         }
608 
609         return userLocalService.updateUser(
610             userId, oldPassword, newPassword1, newPassword2, passwordReset,
611             reminderQueryQuestion, reminderQueryAnswer, screenName,
612             emailAddress, openId, languageId, timeZoneId, greeting, comments,
613             firstName, middleName, lastName, prefixId, suffixId, male,
614             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
615             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
616             jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
617             userGroupIds, serviceContext);
618     }
619 
620     public User updateUser(
621             long userId, String oldPassword, String newPassword1,
622             String newPassword2, boolean passwordReset,
623             String reminderQueryQuestion, String reminderQueryAnswer,
624             String screenName, String emailAddress, String openId,
625             String languageId, String timeZoneId, String greeting,
626             String comments, String firstName, String middleName,
627             String lastName, int prefixId, int suffixId, boolean male,
628             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
629             String aimSn, String facebookSn, String icqSn, String jabberSn,
630             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
631             String ymSn, String jobTitle, long[] groupIds,
632             long[] organizationIds, long[] roleIds,
633             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
634             List<Address> addresses, List<EmailAddress> emailAddresses,
635             List<Phone> phones, List<Website> websites,
636             List<AnnouncementsDelivery> announcementsDelivers,
637             ServiceContext serviceContext)
638         throws PortalException, SystemException {
639 
640         User user = updateUser(
641             userId, oldPassword, newPassword1, newPassword2, passwordReset,
642             reminderQueryQuestion, reminderQueryAnswer, screenName,
643             emailAddress, openId, languageId, timeZoneId, greeting, comments,
644             firstName, middleName, lastName, prefixId, suffixId, male,
645             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
646             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
647             jobTitle, groupIds, organizationIds, roleIds,
648             userGroupRoles, userGroupIds, serviceContext);
649 
650         EnterpriseAdminUtil.updateAddresses(
651             Contact.class.getName(), user.getContactId(), addresses);
652 
653         EnterpriseAdminUtil.updateEmailAddresses(
654             Contact.class.getName(), user.getContactId(), emailAddresses);
655 
656         EnterpriseAdminUtil.updatePhones(
657             Contact.class.getName(), user.getContactId(), phones);
658 
659         EnterpriseAdminUtil.updateWebsites(
660             Contact.class.getName(), user.getContactId(), websites);
661 
662         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
663 
664         return user;
665     }
666 
667     protected long[] checkGroups(long userId, long[] groupIds)
668         throws PortalException, SystemException {
669 
670         // Add back any groups that the administrator does not have the rights
671         // to remove and check that he has the permission to add any new group
672 
673         List<Group> oldGroups = groupLocalService.getUserGroups(userId);
674         long[] oldGroupIds = new long[oldGroups.size()];
675 
676         for (int i = 0; i < oldGroups.size(); i++) {
677             Group group = oldGroups.get(i);
678 
679             if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
680                 !GroupPermissionUtil.contains(
681                     getPermissionChecker(), group.getGroupId(),
682                     ActionKeys.ASSIGN_MEMBERS)) {
683 
684                 groupIds = ArrayUtil.append(groupIds, group.getGroupId());
685             }
686 
687             oldGroupIds[i] = group.getGroupId();
688         }
689 
690         for (long groupId : groupIds) {
691             if (!ArrayUtil.contains(oldGroupIds, groupId)) {
692                 GroupPermissionUtil.check(
693                     getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
694             }
695         }
696 
697         return groupIds;
698     }
699 
700     protected long[] checkOrganizations(long userId, long[] organizationIds)
701         throws PortalException, SystemException {
702 
703         // Add back any organizations that the administrator does not have the
704         // rights to remove and check that he has the permission to add any new
705         // organization
706 
707         List<Organization> oldOrganizations =
708             organizationLocalService.getUserOrganizations(userId);
709         long[] oldOrganizationIds = new long[oldOrganizations.size()];
710 
711         for (int i = 0; i < oldOrganizations.size(); i++) {
712             Organization organization = oldOrganizations.get(i);
713 
714             if (!ArrayUtil.contains(
715                     organizationIds, organization.getOrganizationId()) &&
716                 !OrganizationPermissionUtil.contains(
717                     getPermissionChecker(), organization.getOrganizationId(),
718                     ActionKeys.ASSIGN_MEMBERS)) {
719 
720                 organizationIds = ArrayUtil.append(
721                     organizationIds, organization.getOrganizationId());
722             }
723 
724             oldOrganizationIds[i] = organization.getOrganizationId();
725         }
726 
727         for (long organizationId : organizationIds) {
728             if (!ArrayUtil.contains(oldOrganizationIds, organizationId)) {
729                 OrganizationPermissionUtil.check(
730                     getPermissionChecker(), organizationId,
731                     ActionKeys.ASSIGN_MEMBERS);
732             }
733         }
734 
735         return organizationIds;
736     }
737 
738     protected long[] checkRoles(long userId, long[] roleIds)
739         throws PrincipalException, SystemException {
740 
741         // Add back any roles that the administrator does not have the rights to
742         // remove and check that he has the permission to add any new role
743 
744         List<Role> oldRoles = roleLocalService.getUserRoles(userId);
745         long[] oldRoleIds = new long[oldRoles.size()];
746 
747         for (int i = 0; i < oldRoles.size(); i++) {
748             Role role = oldRoles.get(i);
749 
750             if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
751                 !RolePermissionUtil.contains(
752                     getPermissionChecker(), role.getRoleId(),
753                     ActionKeys.ASSIGN_MEMBERS)) {
754 
755                 roleIds = ArrayUtil.append(roleIds, role.getRoleId());
756             }
757 
758             oldRoleIds[i] = role.getRoleId();
759         }
760 
761         for (long roleId : roleIds) {
762             if (!ArrayUtil.contains(oldRoleIds, roleId)) {
763                 RolePermissionUtil.check(
764                     getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
765             }
766         }
767 
768         return roleIds;
769     }
770 
771     protected List<UserGroupRole> checkUserGroupRoles(
772             long userId, List<UserGroupRole> userGroupRoles)
773         throws PortalException, SystemException {
774 
775         // Add back any group roles that the administrator does not have the
776         // rights to remove
777 
778         List<UserGroupRole> oldUserGroupRoles =
779             userGroupRoleLocalService.getUserGroupRoles(userId);
780 
781         for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
782             if (!userGroupRoles.contains(oldUserGroupRole) &&
783                 (!GroupPermissionUtil.contains(
784                     getPermissionChecker(), oldUserGroupRole.getGroupId(),
785                     ActionKeys.ASSIGN_MEMBERS) ||
786                 !RolePermissionUtil.contains(
787                     getPermissionChecker(), oldUserGroupRole.getRoleId(),
788                     ActionKeys.ASSIGN_MEMBERS))) {
789 
790                 userGroupRoles.add(oldUserGroupRole);
791             }
792         }
793 
794         for (UserGroupRole userGroupRole : userGroupRoles) {
795             if (!oldUserGroupRoles.contains(userGroupRole)) {
796 
797                 if (!GroupPermissionUtil.contains(
798                         getPermissionChecker(), userGroupRole.getGroupId(),
799                         ActionKeys.ASSIGN_MEMBERS) ||
800                     !RolePermissionUtil.contains(
801                         getPermissionChecker(), userGroupRole.getRoleId(),
802                         ActionKeys.ASSIGN_MEMBERS)) {
803 
804                     throw new PrincipalException();
805                 }
806             }
807         }
808 
809         return userGroupRoles;
810     }
811 
812     protected void updateAnnouncementsDeliveries(
813             long userId, List<AnnouncementsDelivery> announcementsDeliveries)
814         throws PortalException, SystemException {
815 
816         for (AnnouncementsDelivery announcementsDelivery :
817                 announcementsDeliveries) {
818 
819             announcementsDeliveryService.updateDelivery(
820                 userId, announcementsDelivery.getType(),
821                 announcementsDelivery.getEmail(),
822                 announcementsDelivery.getSms(),
823                 announcementsDelivery.getWebsite());
824         }
825     }
826 
827     protected void validateOrganizationUsers(long[] userIds)
828         throws PortalException, SystemException {
829 
830         PermissionChecker permissionChecker = getPermissionChecker();
831 
832         if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
833             permissionChecker.isCompanyAdmin()) {
834 
835             return;
836         }
837 
838         List<Organization> organizations =
839             organizationLocalService.getUserOrganizations(
840                 permissionChecker.getUserId());
841 
842         for (long userId : userIds) {
843             boolean allowed = false;
844 
845             for (Organization organization : organizations) {
846                 boolean manageUsers = OrganizationPermissionUtil.contains(
847                     permissionChecker, organization, ActionKeys.MANAGE_USERS);
848                 boolean manageSuborganizations =
849                     OrganizationPermissionUtil.contains(
850                         permissionChecker, organization,
851                         ActionKeys.MANAGE_SUBORGANIZATIONS);
852 
853                 if (!manageUsers && !manageSuborganizations) {
854                     continue;
855                 }
856 
857                 boolean inherited = false;
858                 boolean includeSpecifiedOrganization = false;
859 
860                 if (manageUsers && manageSuborganizations) {
861                     inherited = true;
862                     includeSpecifiedOrganization = true;
863                 }
864                 else if (!manageUsers && manageSuborganizations) {
865                     inherited = true;
866                     includeSpecifiedOrganization = false;
867                 }
868 
869                 if (organizationLocalService.hasUserOrganization(
870                         userId, organization.getOrganizationId(), inherited,
871                         includeSpecifiedOrganization)) {
872 
873                     allowed = true;
874 
875                     break;
876                 }
877             }
878 
879             if (!allowed) {
880                 throw new PrincipalException();
881             }
882         }
883     }
884 
885 }