1
14
15 package com.liferay.portal.security.permission;
16
17 import com.liferay.portal.kernel.util.StringBundler;
18 import com.liferay.portal.kernel.util.StringPool;
19 import com.liferay.portal.kernel.util.StringUtil;
20 import com.liferay.portal.kernel.util.Validator;
21 import com.liferay.portal.util.PropsValues;
22 import com.liferay.util.dao.orm.CustomSQLUtil;
23
24
29 public class InlineSQLHelperImpl implements InlineSQLHelper {
30
31 public static final String JOIN_RESOURCE_PERMISSION =
32 InlineSQLHelper.class.getName() + ".joinResourcePermission";
33
34 public boolean isEnabled() {
35 return isEnabled(0);
36 }
37
38 public boolean isEnabled(long groupId) {
39 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM != 6) {
40 return false;
41 }
42
43 PermissionChecker permissionChecker =
44 PermissionThreadLocal.getPermissionChecker();
45
46 if (permissionChecker == null) {
47 return false;
48 }
49
50 if (groupId > 0) {
51 if (permissionChecker.isCommunityAdmin(groupId) ||
52 permissionChecker.isCommunityOwner(groupId)) {
53
54 return false;
55 }
56 }
57 else {
58 if (permissionChecker.isCompanyAdmin()) {
59 return false;
60 }
61 }
62
63 return true;
64 }
65
66 public String replacePermissionCheck(
67 String sql, String className, String classPKField, String userIdField) {
68
69 return replacePermissionCheck(
70 sql, className, classPKField, userIdField, 0, null);
71 }
72
73 public String replacePermissionCheck(
74 String sql, String className, String classPKField, String userIdField,
75 long groupId) {
76
77 return replacePermissionCheck(
78 sql, className, classPKField, userIdField, groupId, null);
79 }
80
81 public String replacePermissionCheck(
82 String sql, String className, String classPKField, String userIdField,
83 long groupId, String bridgeJoin) {
84
85 if (!isEnabled(groupId)) {
86 return sql;
87 }
88
89 if (Validator.isNull(className)) {
90 new IllegalArgumentException("className is null");
91 }
92
93 if (Validator.isNull(classPKField)) {
94 new IllegalArgumentException("classPKField is null");
95 }
96
97 if (Validator.isNull(sql)) {
98 return sql;
99 }
100
101 PermissionChecker permissionChecker =
102 PermissionThreadLocal.getPermissionChecker();
103
104 String permissionJoin = StringPool.BLANK;
105
106 if (Validator.isNotNull(bridgeJoin)) {
107 permissionJoin = bridgeJoin;
108 }
109
110 permissionJoin += CustomSQLUtil.get(JOIN_RESOURCE_PERMISSION);
111
112 StringBundler ownerSQL = new StringBundler(5);
113
114 if (Validator.isNotNull(userIdField)) {
115 ownerSQL.append("(");
116 ownerSQL.append(userIdField);
117 ownerSQL.append(" = ");
118 ownerSQL.append(String.valueOf(getUserId()));
119 ownerSQL.append(") OR ");
120 }
121
122 permissionJoin = StringUtil.replace(
123 permissionJoin,
124 new String[] {
125 "[$CLASS_NAME$]",
126 "[$CLASS_PK_FIELD$]",
127 "[$COMPANY_ID$]",
128 "[$GROUP_ID$]",
129 "[$OWNER_CHECK$]",
130 "[$ROLE_IDS$]"
131 },
132 new String[] {
133 className,
134 classPKField,
135 String.valueOf(permissionChecker.getCompanyId()),
136 String.valueOf(groupId),
137 ownerSQL.toString(),
138 StringUtil.merge(getRoleIds(groupId))
139 });
140
141 int pos = sql.indexOf(_WHERE_CLAUSE);
142
143 if (pos != -1) {
144 return sql.substring(0, pos + 1).concat(permissionJoin).concat(
145 sql.substring(pos + 1));
146 }
147
148 pos = sql.indexOf(_ORDER_BY_CLAUSE);
149
150 if (pos != -1) {
151 return sql.substring(0, pos + 1).concat(permissionJoin).concat(
152 sql.substring(pos + 1));
153 }
154
155 return sql.concat(StringPool.SPACE).concat(permissionJoin);
156 }
157
158 public String replacePermissionCheck(
159 String sql, String className, String classPKField, String userIdField,
160 String bridgeJoin) {
161
162 return replacePermissionCheck(
163 sql, className, classPKField, userIdField, 0, bridgeJoin);
164 }
165
166 protected long[] getRoleIds(long groupId) {
167 long[] roleIds = PermissionChecker.DEFAULT_ROLE_IDS;
168
169 PermissionChecker permissionChecker =
170 PermissionThreadLocal.getPermissionChecker();
171
172 if (permissionChecker != null) {
173 roleIds = permissionChecker.getRoleIds(
174 permissionChecker.getUserId(), groupId);
175 }
176
177 return roleIds;
178 }
179
180 protected long getUserId() {
181 long userId = 0;
182
183 PermissionChecker permissionChecker =
184 PermissionThreadLocal.getPermissionChecker();
185
186 if (permissionChecker != null) {
187 userId = permissionChecker.getUserId();
188 }
189
190 return userId;
191 }
192
193 private static final String _ORDER_BY_CLAUSE = " ORDER BY ";
194
195 private static final String _WHERE_CLAUSE = " WHERE ";
196
197 }