1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.NoSuchPermissionException;
26  import com.liferay.portal.PortalException;
27  import com.liferay.portal.SystemException;
28  import com.liferay.portal.kernel.log.Log;
29  import com.liferay.portal.kernel.log.LogFactoryUtil;
30  import com.liferay.portal.kernel.search.SearchEngineUtil;
31  import com.liferay.portal.kernel.util.GetterUtil;
32  import com.liferay.portal.kernel.util.ListUtil;
33  import com.liferay.portal.kernel.util.Validator;
34  import com.liferay.portal.model.Group;
35  import com.liferay.portal.model.OrgGroupPermission;
36  import com.liferay.portal.model.Organization;
37  import com.liferay.portal.model.Permission;
38  import com.liferay.portal.model.Resource;
39  import com.liferay.portal.model.ResourceCode;
40  import com.liferay.portal.model.ResourceConstants;
41  import com.liferay.portal.model.Role;
42  import com.liferay.portal.model.User;
43  import com.liferay.portal.model.UserGroup;
44  import com.liferay.portal.security.permission.PermissionCacheUtil;
45  import com.liferay.portal.security.permission.PermissionCheckerBag;
46  import com.liferay.portal.security.permission.ResourceActionsUtil;
47  import com.liferay.portal.service.base.PermissionLocalServiceBaseImpl;
48  import com.liferay.portal.service.persistence.OrgGroupPermissionPK;
49  import com.liferay.portal.util.PropsValues;
50  import com.liferay.portal.util.comparator.PermissionComparator;
51  
52  import java.util.ArrayList;
53  import java.util.HashSet;
54  import java.util.Iterator;
55  import java.util.List;
56  import java.util.Set;
57  
58  import org.apache.commons.lang.time.StopWatch;
59  
60  /**
61   * <a href="PermissionLocalServiceImpl.java.html"><b><i>View Source</i></b></a>
62   *
63   * @author Charles May
64   * @author Brian Wing Shun Chan
65   * @author Raymond Augé
66   *
67   */
68  public class PermissionLocalServiceImpl extends PermissionLocalServiceBaseImpl {
69  
70      public Permission addPermission(
71              long companyId, String actionId, long resourceId)
72          throws SystemException {
73  
74          Permission permission = permissionPersistence.fetchByA_R(
75              actionId, resourceId);
76  
77          if (permission == null) {
78              long permissionId = counterLocalService.increment(
79                  Permission.class.getName());
80  
81              permission = permissionPersistence.create(permissionId);
82  
83              permission.setCompanyId(companyId);
84              permission.setActionId(actionId);
85              permission.setResourceId(resourceId);
86  
87              permissionPersistence.update(permission, false);
88          }
89  
90          return permission;
91      }
92  
93      public List<Permission> addPermissions(
94              long companyId, String name, long resourceId,
95              boolean portletActions)
96          throws SystemException {
97  
98          List<String> actionIds = null;
99  
100         if (portletActions) {
101             actionIds = ResourceActionsUtil.getPortletResourceActions(name);
102         }
103         else {
104             actionIds = ResourceActionsUtil.getModelResourceActions(name);
105         }
106 
107         return addPermissions(companyId, actionIds, resourceId);
108     }
109 
110     public List<Permission> addPermissions(
111             long companyId, List<String> actionIds, long resourceId)
112         throws SystemException {
113 
114         List<Permission> permissions = permissionPersistence.findByResourceId(
115             resourceId);
116 
117         permissions = ListUtil.copy(permissions);
118 
119         Set<String> actionIdsSet = new HashSet<String>();
120 
121         for (Permission permission : permissions) {
122             actionIdsSet.add(permission.getActionId());
123         }
124 
125         for (String actionId : actionIds) {
126             if (actionIdsSet.contains(actionId)) {
127                 continue;
128             }
129 
130             long permissionId = counterLocalService.increment(
131                 Permission.class.getName());
132 
133             Permission permission = permissionPersistence.create(permissionId);
134 
135             permission.setCompanyId(companyId);
136             permission.setActionId(actionId);
137             permission.setResourceId(resourceId);
138 
139             try {
140                 permissionPersistence.update(permission, false);
141             }
142             catch (SystemException se) {
143                 if (_log.isWarnEnabled()) {
144                     _log.warn(
145                         "Add failed, fetch {actionId=" + actionId +
146                             ", resourceId=" + resourceId + "}");
147                 }
148 
149                 permission = permissionPersistence.fetchByA_R(
150                     actionId, resourceId, false);
151 
152                 if (permission == null) {
153                     throw se;
154                 }
155             }
156 
157             permissions.add(permission);
158         }
159 
160         return permissions;
161     }
162 
163     public void addUserPermissions(
164             long userId, String[] actionIds, long resourceId)
165         throws PortalException, SystemException {
166 
167         User user = userPersistence.findByPrimaryKey(userId);
168 
169         List<Permission> permissions = permissionFinder.findByU_R(
170             userId, resourceId);
171 
172         permissions = getPermissions(
173             user.getCompanyId(), actionIds, resourceId);
174 
175         userPersistence.addPermissions(userId, permissions);
176 
177         PermissionCacheUtil.clearCache();
178     }
179 
180     public List<String> getActions(List<Permission> permissions) {
181         List<String> actionIds = new ArrayList<String>();
182 
183         Iterator<Permission> itr = permissions.iterator();
184 
185         while (itr.hasNext()) {
186             Permission permission = itr.next();
187 
188             actionIds.add(permission.getActionId());
189         }
190 
191         return actionIds;
192     }
193 
194     public List<Permission> getGroupPermissions(long groupId, long resourceId)
195         throws SystemException {
196 
197         return permissionFinder.findByG_R(groupId, resourceId);
198     }
199 
200     public List<Permission> getGroupPermissions(
201             long groupId, long companyId, String name, int scope,
202             String primKey)
203         throws SystemException {
204 
205         return permissionFinder.findByG_C_N_S_P(
206             groupId, companyId, name, scope, primKey);
207     }
208 
209     public List<Permission> getOrgGroupPermissions(
210             long organizationId, long groupId, long resourceId)
211         throws SystemException {
212 
213         return permissionFinder.findByO_G_R(
214             organizationId, groupId, resourceId);
215     }
216 
217     public long getLatestPermissionId() throws SystemException {
218         List<Permission> permissions = permissionPersistence.findAll(
219             0, 1, new PermissionComparator());
220 
221         if (permissions.size() == 0) {
222             return 0;
223         }
224         else {
225             Permission permission = permissions.get(0);
226 
227             return permission.getPermissionId();
228         }
229     }
230 
231     public List<Permission> getPermissions(
232             long companyId, String[] actionIds, long resourceId)
233         throws SystemException {
234 
235         List<Permission> permissions = new ArrayList<Permission>();
236 
237         for (int i = 0; i < actionIds.length; i++) {
238             Permission permission = addPermission(
239                 companyId, actionIds[i], resourceId);
240 
241             permissions.add(permission);
242         }
243 
244         return permissions;
245     }
246 
247     public List<Permission> getRolePermissions(long roleId)
248         throws SystemException {
249 
250         return rolePersistence.getPermissions(roleId);
251     }
252 
253     public List<Permission> getRolePermissions(long roleId, long resourceId)
254         throws SystemException {
255 
256         return permissionFinder.findByR_R(roleId, resourceId);
257     }
258 
259     public List<Permission> getUserPermissions(long userId, long resourceId)
260         throws SystemException {
261 
262         return permissionFinder.findByU_R(userId, resourceId);
263     }
264 
265     public List<Permission> getUserPermissions(
266             long userId, long companyId, String name, int scope, String primKey)
267         throws SystemException {
268 
269         return permissionFinder.findByU_C_N_S_P(
270             userId, companyId, name, scope, primKey);
271     }
272 
273     public boolean hasGroupPermission(
274             long groupId, String actionId, long resourceId)
275         throws SystemException {
276 
277         Permission permission = permissionPersistence.fetchByA_R(
278             actionId, resourceId);
279 
280         // Return false if there is no permission based on the given action
281         // id and resource id
282 
283         if (permission == null) {
284             return false;
285         }
286 
287         return groupPersistence.containsPermission(
288             groupId, permission.getPermissionId());
289     }
290 
291     public boolean hasRolePermission(
292             long roleId, long companyId, String name, int scope,
293             String actionId)
294         throws SystemException {
295 
296         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
297             companyId, name, scope);
298 
299         List<Resource> resources = resourcePersistence.findByCodeId(
300             resourceCode.getCodeId());
301 
302         for (Resource resource : resources) {
303             Permission permission = permissionPersistence.fetchByA_R(
304                 actionId, resource.getResourceId());
305 
306             if (permission != null) {
307                 if (rolePersistence.containsPermission(
308                         roleId, permission.getPermissionId())) {
309 
310                     return true;
311                 }
312             }
313         }
314 
315         return false;
316     }
317 
318     public boolean hasRolePermission(
319             long roleId, long companyId, String name, int scope, String primKey,
320             String actionId)
321         throws SystemException {
322 
323         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
324             companyId, name, scope);
325 
326         Resource resource = resourcePersistence.fetchByC_P(
327             resourceCode.getCodeId(), primKey);
328 
329         if (resource == null) {
330             return false;
331         }
332 
333         Permission permission = permissionPersistence.fetchByA_R(
334             actionId, resource.getResourceId());
335 
336         if (permission == null) {
337             return false;
338         }
339 
340         return rolePersistence.containsPermission(
341             roleId, permission.getPermissionId());
342     }
343 
344     public boolean hasUserPermission(
345             long userId, String actionId, long resourceId)
346         throws SystemException {
347 
348         Permission permission = permissionPersistence.fetchByA_R(
349             actionId, resourceId);
350 
351         // Return false if there is no permission based on the given action
352         // id and resource id
353 
354         if (permission == null) {
355             return false;
356         }
357 
358         return userPersistence.containsPermission(
359             userId, permission.getPermissionId());
360     }
361 
362     public boolean hasUserPermissions(
363             long userId, long groupId, List<Resource> resources,
364             String actionId, PermissionCheckerBag permissionCheckerBag)
365         throws PortalException, SystemException {
366 
367         StopWatch stopWatch = null;
368 
369         if (_log.isDebugEnabled()) {
370             stopWatch = new StopWatch();
371 
372             stopWatch.start();
373         }
374 
375         int block = 1;
376 
377         // Return false if there are no resources
378 
379         if (Validator.isNull(actionId) || resources.isEmpty()) {
380             return false;
381         }
382 
383         long[] resourceIds = null;
384 
385         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
386             resourceIds = new long[resources.size()];
387 
388             for (int i = 0; i < resources.size(); i++) {
389                 Resource resource = resources.get(i);
390 
391                 resourceIds[i] = resource.getResourceId();
392             }
393         }
394 
395         List<Permission> permissions = null;
396 
397         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
398             permissions = permissionFinder.findByA_R(actionId, resourceIds);
399 
400             // Return false if there are no permissions
401 
402             if (permissions.size() == 0) {
403                 return false;
404             }
405         }
406 
407         // Record logs with the first resource id
408 
409         long resourceId = 0;
410 
411         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
412             resourceId = resourceIds[0];
413         }
414         else {
415             resourceId = resources.get(0).getResourceId();
416         }
417 
418         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
419 
420         //List<Group> userGroups = permissionCheckerBag.getUserGroups();
421         //List<Organization> userOrgs = permissionCheckerBag.getUserOrgs();
422         //List<Group> userOrgGroups = permissionCheckerBag.getUserOrgGroups();
423         //List<Group> userUserGroupGroups =
424         //  permissionCheckerBag.getUserUserGroupGroups();
425         List<Group> groups = permissionCheckerBag.getGroups();
426         List<Role> roles = permissionCheckerBag.getRoles();
427 
428         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
429 
430         // Check the organization and community intersection table. Break out of
431         // this method if the user has one of the permissions set at the
432         // intersection because that takes priority.
433 
434         //if (checkOrgGroupPermission(userOrgs, userGroups, permissions)) {
435         //  return true;
436         //}
437 
438         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
439 
440         if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 1) {
441             return hasUserPermissions_1(
442                 userId, resourceId, actionId, permissions, groups, groupId,
443                 stopWatch, block);
444         }
445         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 2) {
446             return hasUserPermissions_2(
447                 userId, resourceId, actionId, permissions, groups, groupId,
448                 stopWatch, block);
449         }
450         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) {
451             return hasUserPermissions_3(
452                 userId, resourceId, actionId, permissions, groups, roles,
453                 stopWatch, block);
454         }
455         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) {
456             return hasUserPermissions_4(
457                 userId, resourceId, actionId, permissions, groups, roles,
458                 stopWatch, block);
459         }
460         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) {
461             return hasUserPermissions_5(
462                 userId, resourceId, actionId, permissions, roles, stopWatch,
463                 block);
464         }
465         else if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
466             return hasUserPermissions_6(
467                 userId, resourceId, resources, actionId, roles, stopWatch,
468                 block);
469         }
470 
471         return false;
472     }
473 
474     public void setGroupPermissions(
475             long groupId, String[] actionIds, long resourceId)
476         throws PortalException, SystemException {
477 
478         Group group = groupPersistence.findByPrimaryKey(groupId);
479 
480         List<Permission> permissions = permissionFinder.findByG_R(
481             groupId, resourceId);
482 
483         for (Permission permission : permissions) {
484             groupPersistence.removePermission(groupId, permission);
485         }
486 
487         permissions = getPermissions(
488             group.getCompanyId(), actionIds, resourceId);
489 
490         groupPersistence.addPermissions(groupId, permissions);
491 
492         PermissionCacheUtil.clearCache();
493     }
494 
495     public void setGroupPermissions(
496             String className, String classPK, long groupId,
497             String[] actionIds, long resourceId)
498         throws PortalException, SystemException {
499 
500         long associatedGroupId = 0;
501 
502         if (className.equals(Organization.class.getName())) {
503             long organizationId = GetterUtil.getLong(classPK);
504 
505             Organization organization =
506                 organizationPersistence.findByPrimaryKey(organizationId);
507 
508             orgGroupPermissionFinder.removeByO_G_R(
509                 organizationId, groupId, resourceId);
510 
511             associatedGroupId = organization.getGroup().getGroupId();
512         }
513         else if (className.equals(UserGroup.class.getName())) {
514             long userGroupId = GetterUtil.getLong(classPK);
515 
516             UserGroup userGroup = userGroupPersistence.findByPrimaryKey(
517                 userGroupId);
518 
519             associatedGroupId = userGroup.getGroup().getGroupId();
520         }
521 
522         setGroupPermissions(associatedGroupId, actionIds, resourceId);
523     }
524 
525     public void setOrgGroupPermissions(
526             long organizationId, long groupId, String[] actionIds,
527             long resourceId)
528         throws PortalException, SystemException {
529 
530         Organization organization =
531             organizationPersistence.findByPrimaryKey(organizationId);
532 
533         long orgGroupId = organization.getGroup().getGroupId();
534 
535         List<Permission> permissions = permissionPersistence.findByResourceId(
536             resourceId);
537 
538         for (Permission permission : permissions) {
539             groupPersistence.removePermission(orgGroupId, permission);
540         }
541 
542         permissions = getPermissions(
543             organization.getCompanyId(), actionIds, resourceId);
544 
545         orgGroupPermissionFinder.removeByO_G_R(
546             organizationId, groupId, resourceId);
547 
548         for (Permission permission : permissions) {
549             OrgGroupPermissionPK pk = new OrgGroupPermissionPK(
550                 organizationId, groupId, permission.getPermissionId());
551 
552             OrgGroupPermission orgGroupPermission =
553                 orgGroupPermissionPersistence.create(pk);
554 
555             orgGroupPermissionPersistence.update(orgGroupPermission, false);
556         }
557 
558         PermissionCacheUtil.clearCache();
559     }
560 
561     public void setRolePermission(
562             long roleId, long companyId, String name, int scope, String primKey,
563             String actionId)
564         throws PortalException, SystemException {
565 
566         if (scope == ResourceConstants.SCOPE_COMPANY) {
567 
568             // Remove group permission
569 
570             unsetRolePermissions(
571                 roleId, companyId, name, ResourceConstants.SCOPE_GROUP,
572                 actionId);
573         }
574         else if (scope == ResourceConstants.SCOPE_GROUP) {
575 
576             // Remove company permission
577 
578             unsetRolePermissions(
579                 roleId, companyId, name, ResourceConstants.SCOPE_COMPANY,
580                 actionId);
581         }
582         else if (scope == ResourceConstants.SCOPE_INDIVIDUAL) {
583             throw new NoSuchPermissionException();
584         }
585 
586         Resource resource = resourceLocalService.addResource(
587             companyId, name, scope, primKey);
588 
589         long resourceId = resource.getResourceId();
590 
591         Permission permission = permissionPersistence.fetchByA_R(
592             actionId, resourceId);
593 
594         if (permission == null) {
595             long permissionId = counterLocalService.increment(
596                 Permission.class.getName());
597 
598             permission = permissionPersistence.create(permissionId);
599 
600             permission.setCompanyId(companyId);
601             permission.setActionId(actionId);
602             permission.setResourceId(resourceId);
603 
604             permissionPersistence.update(permission, false);
605         }
606 
607         rolePersistence.addPermission(roleId, permission);
608 
609         PermissionCacheUtil.clearCache();
610 
611         SearchEngineUtil.updatePermissionFields(resourceId);
612     }
613 
614     public void setRolePermissions(
615             long roleId, long companyId, String name, int scope, String primKey,
616             String[] actionIds)
617         throws PortalException, SystemException {
618 
619         for (int i = 0; i < actionIds.length; i++) {
620             String actionId = actionIds[i];
621 
622             setRolePermission(
623                 roleId, companyId, name, scope, primKey, actionId);
624         }
625     }
626 
627     public void setRolePermissions(
628             long roleId, String[] actionIds, long resourceId)
629         throws PortalException, SystemException {
630 
631         Role role = rolePersistence.findByPrimaryKey(roleId);
632 
633         List<Permission> permissions = permissionFinder.findByR_R(
634             roleId, resourceId);
635 
636         rolePersistence.removePermissions(roleId, permissions);
637 
638         permissions = getPermissions(
639             role.getCompanyId(), actionIds, resourceId);
640 
641         rolePersistence.addPermissions(roleId, permissions);
642 
643         PermissionCacheUtil.clearCache();
644 
645         SearchEngineUtil.updatePermissionFields(resourceId);
646     }
647 
648     public void setUserPermissions(
649             long userId, String[] actionIds, long resourceId)
650         throws PortalException, SystemException {
651 
652         User user = userPersistence.findByPrimaryKey(userId);
653 
654         List<Permission> permissions = permissionFinder.findByU_R(
655             userId, resourceId);
656 
657         userPersistence.removePermissions(userId, permissions);
658 
659         permissions = getPermissions(
660             user.getCompanyId(), actionIds, resourceId);
661 
662         userPersistence.addPermissions(userId, permissions);
663 
664         PermissionCacheUtil.clearCache();
665     }
666 
667     public void unsetRolePermission(long roleId, long permissionId)
668         throws SystemException {
669 
670         Permission permission = permissionPersistence.fetchByPrimaryKey(
671             permissionId);
672 
673         if (permission != null) {
674             rolePersistence.removePermission(roleId, permission);
675         }
676 
677         PermissionCacheUtil.clearCache();
678     }
679 
680     public void unsetRolePermission(
681             long roleId, long companyId, String name, int scope, String primKey,
682             String actionId)
683         throws SystemException {
684 
685         ResourceCode resourceCode =
686             resourceCodeLocalService.getResourceCode(
687                 companyId, name, scope);
688 
689         Resource resource = resourcePersistence.fetchByC_P(
690             resourceCode.getCodeId(), primKey);
691 
692         if (resource != null) {
693             Permission permission = permissionPersistence.fetchByA_R(
694                 actionId, resource.getResourceId());
695 
696             if (permission != null) {
697                 rolePersistence.removePermission(roleId, permission);
698             }
699         }
700 
701         PermissionCacheUtil.clearCache();
702     }
703 
704     public void unsetRolePermissions(
705             long roleId, long companyId, String name, int scope,
706             String actionId)
707         throws SystemException {
708 
709         ResourceCode resourceCode = resourceCodeLocalService.getResourceCode(
710             companyId, name, scope);
711 
712         List<Resource> resources = resourcePersistence.findByCodeId(
713             resourceCode.getCodeId());
714 
715         for (Resource resource : resources) {
716             Permission permission = permissionPersistence.fetchByA_R(
717                 actionId, resource.getResourceId());
718 
719             if (permission != null) {
720                 rolePersistence.removePermission(roleId, permission);
721             }
722         }
723 
724         PermissionCacheUtil.clearCache();
725     }
726 
727     public void unsetUserPermissions(
728             long userId, String[] actionIds, long resourceId)
729         throws SystemException {
730 
731         List<Permission> permissions = permissionFinder.findByU_A_R(
732             userId, actionIds, resourceId);
733 
734         userPersistence.removePermissions(userId, permissions);
735 
736         PermissionCacheUtil.clearCache();
737     }
738 
739     protected boolean checkOrgGroupPermission(
740             List<Organization> organizations, List<Group> groups,
741             List<Permission> permissions)
742         throws PortalException, SystemException {
743 
744         for (Permission permission : permissions) {
745             if (checkOrgGroupPermission(organizations, groups, permission)) {
746                 return true;
747             }
748         }
749 
750         return false;
751     }
752 
753     protected boolean checkOrgGroupPermission(
754             List<Organization> organizations, List<Group> groups,
755             Permission permission)
756         throws PortalException, SystemException {
757 
758         // Do not check for an OrgGroupPermission intersection unless there is
759         // at least one organization and one group to check
760 
761         if ((organizations.size() == 0) || (groups.size() == 0)) {
762             return false;
763         }
764 
765         // Do not check unless the OrgGroupPermission intersection contains at
766         // least one permission
767 
768         List<OrgGroupPermission> orgGroupPermissions =
769             orgGroupPermissionPersistence.findByPermissionId(
770                 permission.getPermissionId());
771 
772         if (orgGroupPermissions.size() == 0) {
773             return false;
774         }
775 
776         for (OrgGroupPermission orgGroupPermission : orgGroupPermissions) {
777             if (orgGroupPermission.containsOrganization(organizations) &&
778                 orgGroupPermission.containsGroup(groups)) {
779 
780                 return true;
781             }
782         }
783 
784         // Throw an exception so that we do not continue checking permissions.
785         // The user has a specific permission given in the OrgGroupPermission
786         // intersection that prohibits him from going further.
787 
788         throw new NoSuchPermissionException(
789             "User has a permission in OrgGroupPermission that does not match");
790     }
791 
792     protected boolean hasUserPermissions_1(
793             long userId, long resourceId, String actionId,
794             List<Permission> permissions, List<Group> groups, long groupId,
795             StopWatch stopWatch, int block)
796         throws SystemException {
797 
798         // Is the user connected to one of the permissions via group or
799         // organization roles?
800 
801         if (groups.size() > 0) {
802             if (permissionFinder.countByGroupsRoles(permissions, groups) > 0) {
803                 return true;
804             }
805         }
806 
807         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
808 
809         // Is the user associated with groups or organizations that are directly
810         // connected to one of the permissions?
811 
812         if (groups.size() > 0) {
813             if (permissionFinder.countByGroupsPermissions(
814                     permissions, groups) > 0) {
815 
816                 return true;
817             }
818         }
819 
820         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
821 
822         // Is the user connected to one of the permissions via user roles?
823 
824         if (permissionFinder.countByUsersRoles(permissions, userId) > 0) {
825             return true;
826         }
827 
828         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
829 
830         // Is the user connected to one of the permissions via user group roles?
831 
832         if (permissionFinder.countByUserGroupRole(
833                 permissions, userId, groupId) > 0) {
834 
835             return true;
836         }
837 
838         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
839 
840         // Is the user directly connected to one of the permissions?
841 
842         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
843             return true;
844         }
845 
846         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
847 
848         return false;
849     }
850 
851     protected boolean hasUserPermissions_2(
852             long userId, long resourceId, String actionId,
853             List<Permission> permissions, List<Group> groups, long groupId,
854             StopWatch stopWatch, int block)
855         throws SystemException {
856 
857         // Call countByGroupsRoles, countByGroupsPermissions, countByUsersRoles,
858         // countByUserGroupRole, and countByUsersPermissions in one method
859 
860         if (permissionFinder.containsPermissions_2(
861                 permissions, userId, groups, groupId)) {
862 
863             return true;
864         }
865 
866         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
867 
868         return false;
869     }
870 
871     protected boolean hasUserPermissions_3(
872             long userId, long resourceId, String actionId,
873             List<Permission> permissions, List<Group> groups, List<Role> roles,
874             StopWatch stopWatch, int block)
875         throws SystemException {
876 
877         // Is the user associated with groups or organizations that are directly
878         // connected to one of the permissions?
879 
880         if (groups.size() > 0) {
881             if (permissionFinder.countByGroupsPermissions(
882                     permissions, groups) > 0) {
883 
884                 return true;
885             }
886         }
887 
888         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
889 
890         // Is the user associated with a role that is directly connected to one
891         // of the permissions?
892 
893         if (roles.size() > 0) {
894             if (permissionFinder.countByRolesPermissions(
895                     permissions, roles) > 0) {
896 
897                 return true;
898             }
899         }
900 
901         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
902 
903         // Is the user directly connected to one of the permissions?
904 
905         if (permissionFinder.countByUsersPermissions(permissions, userId) > 0) {
906             return true;
907         }
908 
909         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
910 
911         return false;
912     }
913 
914     protected boolean hasUserPermissions_4(
915             long userId, long resourceId, String actionId,
916             List<Permission> permissions, List<Group> groups, List<Role> roles,
917             StopWatch stopWatch, int block)
918         throws SystemException {
919 
920         // Call countByGroupsPermissions, countByRolesPermissions, and
921         // countByUsersPermissions in one method
922 
923         if (permissionFinder.containsPermissions_4(
924                 permissions, userId, groups, roles)) {
925 
926             return true;
927         }
928 
929         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
930 
931         return false;
932     }
933 
934     protected boolean hasUserPermissions_5(
935             long userId, long resourceId, String actionId,
936             List<Permission> permissions, List<Role> roles, StopWatch stopWatch,
937             int block)
938         throws SystemException {
939 
940         if (roles.size() > 0) {
941             if (permissionFinder.countByRolesPermissions(
942                     permissions, roles) > 0) {
943 
944                 return true;
945             }
946         }
947 
948         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
949 
950         return false;
951     }
952 
953     protected boolean hasUserPermissions_6(
954             long userId, long resourceId, List<Resource> resources,
955             String actionId, List<Role> roles, StopWatch stopWatch,
956             int block)
957         throws PortalException, SystemException {
958 
959         // Iterate the list of resources in reverse order to test permissions
960         // from company scope to individual scope because it is more likely that
961         // a permission is assigned at a higher scope. Optimizing this method
962         // to one SQL call may actually slow things down since most of the calls
963         // will pull from the cache after the first request.
964 
965         for (int i = resources.size() - 1; i >= 0; i--) {
966             Resource resource = resources.get(i);
967 
968             for (Role role : roles) {
969                 if (resourcePermissionLocalService.hasResourcePermission(
970                         resource.getCompanyId(), resource.getName(),
971                         resource.getScope(), resource.getPrimKey(),
972                         role.getRoleId(), actionId)) {
973 
974                     return true;
975                 }
976             }
977         }
978 
979         logHasUserPermissions(userId, resourceId, actionId, stopWatch, block++);
980 
981         return false;
982     }
983 
984     protected void logHasUserPermissions(
985         long userId, long resourceId, String actionId, StopWatch stopWatch,
986         int block) {
987 
988         if (!_log.isDebugEnabled()) {
989             return;
990         }
991 
992         _log.debug(
993             "Checking user permissions block " + block + " for " + userId +
994                 " " + resourceId + " " + actionId + " takes " +
995                     stopWatch.getTime() + " ms");
996     }
997 
998     private static Log _log =
999         LogFactoryUtil.getLog(PermissionLocalServiceImpl.class);
1000
1001}