1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.RequiredUserException;
18  import com.liferay.portal.ReservedUserEmailAddressException;
19  import com.liferay.portal.UserEmailAddressException;
20  import com.liferay.portal.UserScreenNameException;
21  import com.liferay.portal.kernel.exception.PortalException;
22  import com.liferay.portal.kernel.exception.SystemException;
23  import com.liferay.portal.kernel.util.ArrayUtil;
24  import com.liferay.portal.model.Address;
25  import com.liferay.portal.model.Company;
26  import com.liferay.portal.model.Contact;
27  import com.liferay.portal.model.EmailAddress;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.GroupConstants;
30  import com.liferay.portal.model.Organization;
31  import com.liferay.portal.model.Phone;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.model.UserGroupRole;
35  import com.liferay.portal.model.Website;
36  import com.liferay.portal.security.auth.PrincipalException;
37  import com.liferay.portal.security.permission.ActionKeys;
38  import com.liferay.portal.security.permission.PermissionChecker;
39  import com.liferay.portal.service.ServiceContext;
40  import com.liferay.portal.service.base.UserServiceBaseImpl;
41  import com.liferay.portal.service.permission.GroupPermissionUtil;
42  import com.liferay.portal.service.permission.OrganizationPermissionUtil;
43  import com.liferay.portal.service.permission.PasswordPolicyPermissionUtil;
44  import com.liferay.portal.service.permission.PortalPermissionUtil;
45  import com.liferay.portal.service.permission.RolePermissionUtil;
46  import com.liferay.portal.service.permission.TeamPermissionUtil;
47  import com.liferay.portal.service.permission.UserGroupPermissionUtil;
48  import com.liferay.portal.service.permission.UserPermissionUtil;
49  import com.liferay.portal.util.PropsValues;
50  import com.liferay.portlet.announcements.model.AnnouncementsDelivery;
51  import com.liferay.portlet.enterpriseadmin.util.EnterpriseAdminUtil;
52  
53  import java.util.List;
54  import java.util.Locale;
55  
56  /**
57   * <a href="UserServiceImpl.java.html"><b><i>View Source</i></b></a>
58   *
59   * @author Brian Wing Shun Chan
60   * @author Brian Myunghun Kim
61   * @author Scott Lee
62   * @author Jorge Ferrer
63   * @author Julio Camarero
64   */
65  public class UserServiceImpl extends UserServiceBaseImpl {
66  
67      public void addGroupUsers(long groupId, long[] userIds)
68          throws PortalException, SystemException {
69  
70          try {
71              GroupPermissionUtil.check(
72                  getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
73          }
74          catch (PrincipalException pe) {
75  
76              // Allow any user to join open communities
77  
78              boolean hasPermission = false;
79  
80              if (userIds.length == 0) {
81                  hasPermission = true;
82              }
83              else if (userIds.length == 1) {
84                  User user = getUser();
85  
86                  if (user.getUserId() == userIds[0]) {
87                      Group group = groupPersistence.findByPrimaryKey(groupId);
88  
89                      if (user.getCompanyId() == group.getCompanyId()) {
90                          int type = group.getType();
91  
92                          if (type == GroupConstants.TYPE_COMMUNITY_OPEN) {
93                              hasPermission = true;
94                          }
95                      }
96                  }
97              }
98  
99              if (!hasPermission) {
100                 throw new PrincipalException();
101             }
102         }
103 
104         userLocalService.addGroupUsers(groupId, userIds);
105     }
106 
107     public void addOrganizationUsers(long organizationId, long[] userIds)
108         throws PortalException, SystemException {
109 
110         OrganizationPermissionUtil.check(
111             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
112 
113         validateOrganizationUsers(userIds);
114 
115         userLocalService.addOrganizationUsers(organizationId, userIds);
116     }
117 
118     public void addPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
119         throws PortalException, SystemException {
120 
121         PasswordPolicyPermissionUtil.check(
122             getPermissionChecker(), passwordPolicyId,
123             ActionKeys.ASSIGN_MEMBERS);
124 
125         userLocalService.addPasswordPolicyUsers(passwordPolicyId, userIds);
126     }
127 
128     public void addRoleUsers(long roleId, long[] userIds)
129         throws PortalException, SystemException {
130 
131         RolePermissionUtil.check(
132             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
133 
134         userLocalService.addRoleUsers(roleId, userIds);
135     }
136 
137     public void addTeamUsers(long teamId, long[] userIds)
138         throws PortalException, SystemException {
139 
140         TeamPermissionUtil.check(
141             getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
142 
143         userLocalService.addTeamUsers(teamId, userIds);
144     }
145 
146     public void addUserGroupUsers(long userGroupId, long[] userIds)
147         throws PortalException, SystemException {
148 
149         UserGroupPermissionUtil.check(
150             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
151 
152         userLocalService.addUserGroupUsers(userGroupId, userIds);
153     }
154 
155     public User addUser(
156             long companyId, boolean autoPassword, String password1,
157             String password2, boolean autoScreenName, String screenName,
158             String emailAddress, String openId, Locale locale, String firstName,
159             String middleName, String lastName, int prefixId, int suffixId,
160             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
161             String jobTitle, long[] groupIds, long[] organizationIds,
162             long[] roleIds, long[] userGroupIds, boolean sendEmail,
163             ServiceContext serviceContext)
164         throws PortalException, SystemException {
165 
166         Company company = companyPersistence.findByPrimaryKey(companyId);
167 
168         long creatorUserId = 0;
169 
170         try {
171             creatorUserId = getUserId();
172         }
173         catch (PrincipalException pe) {
174         }
175 
176         if ((creatorUserId != 0) || !company.isStrangers()) {
177             if (!PortalPermissionUtil.contains(
178                     getPermissionChecker(), ActionKeys.ADD_USER) &&
179                 !UserPermissionUtil.contains(
180                     getPermissionChecker(), 0, organizationIds,
181                     ActionKeys.ADD_USER)) {
182 
183                 throw new PrincipalException();
184             }
185         }
186 
187         if (creatorUserId == 0) {
188             if (!company.isStrangersWithMx() &&
189                 company.hasCompanyMx(emailAddress)) {
190 
191                 throw new ReservedUserEmailAddressException();
192             }
193         }
194 
195         return userLocalService.addUser(
196             creatorUserId, companyId, autoPassword, password1, password2,
197             autoScreenName, screenName, emailAddress, openId, locale, firstName,
198             middleName, lastName, prefixId, suffixId, male, birthdayMonth,
199             birthdayDay, birthdayYear, jobTitle, groupIds, organizationIds,
200             roleIds, userGroupIds, sendEmail, serviceContext);
201     }
202 
203     public User addUser(
204             long companyId, boolean autoPassword, String password1,
205             String password2, boolean autoScreenName, String screenName,
206             String emailAddress, String openId, Locale locale, String firstName,
207             String middleName, String lastName, int prefixId, int suffixId,
208             boolean male, int birthdayMonth, int birthdayDay, int birthdayYear,
209             String jobTitle, long[] groupIds, long[] organizationIds,
210             long[] roleIds, long[] userGroupIds, boolean sendEmail,
211             List<Address> addresses, List<EmailAddress> emailAddresses,
212             List<Phone> phones, List<Website> websites,
213             List<AnnouncementsDelivery> announcementsDelivers,
214             ServiceContext serviceContext)
215         throws PortalException, SystemException {
216 
217         User user = addUser(
218             companyId, autoPassword, password1, password2, autoScreenName,
219             screenName, emailAddress, openId, locale, firstName, middleName,
220             lastName, prefixId, suffixId, male, birthdayMonth, birthdayDay,
221             birthdayYear, jobTitle, groupIds, organizationIds, roleIds,
222             userGroupIds, sendEmail, serviceContext);
223 
224         EnterpriseAdminUtil.updateAddresses(
225             Contact.class.getName(), user.getContactId(), addresses);
226 
227         EnterpriseAdminUtil.updateEmailAddresses(
228             Contact.class.getName(), user.getContactId(), emailAddresses);
229 
230         EnterpriseAdminUtil.updatePhones(
231             Contact.class.getName(), user.getContactId(), phones);
232 
233         EnterpriseAdminUtil.updateWebsites(
234             Contact.class.getName(), user.getContactId(), websites);
235 
236         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
237 
238         return user;
239     }
240 
241     public void deletePortrait(long userId)
242         throws PortalException, SystemException {
243 
244         UserPermissionUtil.check(
245             getPermissionChecker(), userId, ActionKeys.UPDATE);
246 
247         userLocalService.deletePortrait(userId);
248     }
249 
250     public void deleteRoleUser(long roleId, long userId)
251         throws PortalException, SystemException {
252 
253         RolePermissionUtil.check(
254             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
255 
256         userLocalService.deleteRoleUser(roleId, userId);
257     }
258 
259     public void deleteUser(long userId)
260         throws PortalException, SystemException {
261 
262         if (getUserId() == userId) {
263             throw new RequiredUserException();
264         }
265 
266         UserPermissionUtil.check(
267             getPermissionChecker(), userId, ActionKeys.DELETE);
268 
269         userLocalService.deleteUser(userId);
270     }
271 
272     public long getDefaultUserId(long companyId)
273         throws PortalException, SystemException {
274 
275         return userLocalService.getDefaultUserId(companyId);
276     }
277 
278     public long[] getGroupUserIds(long groupId) throws SystemException {
279         return userLocalService.getGroupUserIds(groupId);
280     }
281 
282     public long[] getOrganizationUserIds(long organizationId)
283         throws SystemException {
284 
285         return userLocalService.getOrganizationUserIds(organizationId);
286     }
287 
288     public long[] getRoleUserIds(long roleId) throws SystemException {
289         return userLocalService.getRoleUserIds(roleId);
290     }
291 
292     public User getUserByEmailAddress(long companyId, String emailAddress)
293         throws PortalException, SystemException {
294 
295         User user = userLocalService.getUserByEmailAddress(
296             companyId, emailAddress);
297 
298         UserPermissionUtil.check(
299             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
300 
301         return user;
302     }
303 
304     public User getUserById(long userId)
305         throws PortalException, SystemException {
306 
307         User user = userLocalService.getUserById(userId);
308 
309         UserPermissionUtil.check(
310             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
311 
312         return user;
313     }
314 
315     public User getUserByScreenName(long companyId, String screenName)
316         throws PortalException, SystemException {
317 
318         User user = userLocalService.getUserByScreenName(
319             companyId, screenName);
320 
321         UserPermissionUtil.check(
322             getPermissionChecker(), user.getUserId(), ActionKeys.VIEW);
323 
324         return user;
325     }
326 
327     public long getUserIdByEmailAddress(long companyId, String emailAddress)
328         throws PortalException, SystemException {
329 
330         User user = getUserByEmailAddress(companyId, emailAddress);
331 
332         return user.getUserId();
333     }
334 
335     public long getUserIdByScreenName(long companyId, String screenName)
336         throws PortalException, SystemException {
337 
338         User user = getUserByScreenName(companyId, screenName);
339 
340         return user.getUserId();
341     }
342 
343     public boolean hasGroupUser(long groupId, long userId)
344         throws SystemException {
345 
346         return userLocalService.hasGroupUser(groupId, userId);
347     }
348 
349     public boolean hasRoleUser(long roleId, long userId)
350         throws SystemException {
351 
352         return userLocalService.hasRoleUser(roleId, userId);
353     }
354 
355     public boolean hasRoleUser(
356             long companyId, String name, long userId, boolean inherited)
357         throws PortalException, SystemException {
358 
359         return userLocalService.hasRoleUser(companyId, name, userId, inherited);
360     }
361 
362     public void setRoleUsers(long roleId, long[] userIds)
363         throws PortalException, SystemException {
364 
365         RolePermissionUtil.check(
366             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
367 
368         userLocalService.setRoleUsers(roleId, userIds);
369     }
370 
371     public void setUserGroupUsers(long userGroupId, long[] userIds)
372         throws PortalException, SystemException {
373 
374         UserGroupPermissionUtil.check(
375             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
376 
377         userLocalService.setUserGroupUsers(userGroupId, userIds);
378     }
379 
380     public void unsetGroupUsers(long groupId, long[] userIds)
381         throws PortalException, SystemException {
382 
383         try {
384             GroupPermissionUtil.check(
385                 getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
386         }
387         catch (PrincipalException pe) {
388 
389             // Allow any user to leave open and restricted communities
390 
391             boolean hasPermission = false;
392 
393             if (userIds.length == 0) {
394                 hasPermission = true;
395             }
396             else if (userIds.length == 1) {
397                 User user = getUser();
398 
399                 if (user.getUserId() == userIds[0]) {
400                     Group group = groupPersistence.findByPrimaryKey(groupId);
401 
402                     if (user.getCompanyId() == group.getCompanyId()) {
403                         int type = group.getType();
404 
405                         if ((type == GroupConstants.TYPE_COMMUNITY_OPEN) ||
406                             (type ==
407                                 GroupConstants.TYPE_COMMUNITY_RESTRICTED)) {
408 
409                             hasPermission = true;
410                         }
411                     }
412                 }
413             }
414 
415             if (!hasPermission) {
416                 throw new PrincipalException();
417             }
418         }
419 
420         userLocalService.unsetGroupUsers(groupId, userIds);
421     }
422 
423     public void unsetOrganizationUsers(long organizationId, long[] userIds)
424         throws PortalException, SystemException {
425 
426         OrganizationPermissionUtil.check(
427             getPermissionChecker(), organizationId, ActionKeys.ASSIGN_MEMBERS);
428 
429         userLocalService.unsetOrganizationUsers(organizationId, userIds);
430     }
431 
432     public void unsetPasswordPolicyUsers(long passwordPolicyId, long[] userIds)
433         throws PortalException, SystemException {
434 
435         PasswordPolicyPermissionUtil.check(
436             getPermissionChecker(), passwordPolicyId,
437             ActionKeys.ASSIGN_MEMBERS);
438 
439         userLocalService.unsetPasswordPolicyUsers(passwordPolicyId, userIds);
440     }
441 
442     public void unsetRoleUsers(long roleId, long[] userIds)
443         throws PortalException, SystemException {
444 
445         RolePermissionUtil.check(
446             getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
447 
448         userLocalService.unsetRoleUsers(roleId, userIds);
449     }
450 
451     public void unsetTeamUsers(long teamId, long[] userIds)
452         throws PortalException, SystemException {
453 
454         TeamPermissionUtil.check(
455             getPermissionChecker(), teamId, ActionKeys.ASSIGN_MEMBERS);
456 
457         userLocalService.unsetTeamUsers(teamId, userIds);
458     }
459 
460     public void unsetUserGroupUsers(long userGroupId, long[] userIds)
461         throws PortalException, SystemException {
462 
463         UserGroupPermissionUtil.check(
464             getPermissionChecker(), userGroupId, ActionKeys.ASSIGN_MEMBERS);
465 
466         userLocalService.unsetUserGroupUsers(userGroupId, userIds);
467     }
468 
469     public User updateActive(long userId, boolean active)
470         throws PortalException, SystemException {
471 
472         if ((getUserId() == userId) && !active) {
473             throw new RequiredUserException();
474         }
475 
476         UserPermissionUtil.check(
477             getPermissionChecker(), userId, ActionKeys.DELETE);
478 
479         return userLocalService.updateActive(userId, active);
480     }
481 
482     public User updateAgreedToTermsOfUse(
483             long userId, boolean agreedToTermsOfUse)
484         throws PortalException, SystemException {
485 
486         UserPermissionUtil.check(
487             getPermissionChecker(), userId, ActionKeys.UPDATE);
488 
489         return userLocalService.updateAgreedToTermsOfUse(
490             userId, agreedToTermsOfUse);
491     }
492 
493     public void updateEmailAddress(
494             long userId, String password, String emailAddress1,
495             String emailAddress2)
496         throws PortalException, SystemException {
497 
498         UserPermissionUtil.check(
499             getPermissionChecker(), userId, ActionKeys.UPDATE);
500 
501         userLocalService.updateEmailAddress(
502             userId, password, emailAddress1, emailAddress2);
503     }
504 
505     public User updateLockout(long userId, boolean lockout)
506         throws PortalException, SystemException {
507 
508         UserPermissionUtil.check(
509             getPermissionChecker(), userId, ActionKeys.DELETE);
510 
511         return userLocalService.updateLockoutById(userId, lockout);
512     }
513 
514     public void updateOpenId(long userId, String openId)
515         throws PortalException, SystemException {
516 
517         UserPermissionUtil.check(
518             getPermissionChecker(), userId, ActionKeys.UPDATE);
519 
520         userLocalService.updateOpenId(userId, openId);
521     }
522 
523     public void updateOrganizations(long userId, long[] organizationIds)
524         throws PortalException, SystemException {
525 
526         UserPermissionUtil.check(
527             getPermissionChecker(), userId, ActionKeys.UPDATE);
528 
529         userLocalService.updateOrganizations(userId, organizationIds);
530     }
531 
532     public User updatePassword(
533             long userId, String password1, String password2,
534             boolean passwordReset)
535         throws PortalException, SystemException {
536 
537         UserPermissionUtil.check(
538             getPermissionChecker(), userId, ActionKeys.UPDATE);
539 
540         return userLocalService.updatePassword(
541             userId, password1, password2, passwordReset);
542     }
543 
544     public void updatePortrait(long userId, byte[] bytes)
545         throws PortalException, SystemException {
546 
547         UserPermissionUtil.check(
548             getPermissionChecker(), userId, ActionKeys.UPDATE);
549 
550         userLocalService.updatePortrait(userId, bytes);
551     }
552 
553     public void updateReminderQuery(
554             long userId, String question, String answer)
555         throws PortalException, SystemException {
556 
557         UserPermissionUtil.check(
558             getPermissionChecker(), userId, ActionKeys.UPDATE);
559 
560         userLocalService.updateReminderQuery(userId, question, answer);
561     }
562 
563     public void updateScreenName(long userId, String screenName)
564         throws PortalException, SystemException {
565 
566         UserPermissionUtil.check(
567             getPermissionChecker(), userId, ActionKeys.UPDATE);
568 
569         userLocalService.updateScreenName(userId, screenName);
570     }
571 
572     public User updateUser(
573             long userId, String oldPassword, String newPassword1,
574             String newPassword2, boolean passwordReset,
575             String reminderQueryQuestion, String reminderQueryAnswer,
576             String screenName, String emailAddress, String openId,
577             String languageId, String timeZoneId, String greeting,
578             String comments, String firstName, String middleName,
579             String lastName, int prefixId, int suffixId, boolean male,
580             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
581             String aimSn, String facebookSn, String icqSn, String jabberSn,
582             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
583             String ymSn, String jobTitle, long[] groupIds,
584             long[] organizationIds, long[] roleIds,
585             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
586             ServiceContext serviceContext)
587         throws PortalException, SystemException {
588 
589         UserPermissionUtil.check(
590             getPermissionChecker(), userId, organizationIds, ActionKeys.UPDATE);
591 
592         long curUserId = getUserId();
593 
594         if (curUserId == userId) {
595             User user = userPersistence.findByPrimaryKey(userId);
596 
597             screenName = screenName.trim().toLowerCase();
598 
599             if (!screenName.equalsIgnoreCase(user.getScreenName())) {
600                 validateScreenName(user, screenName);
601             }
602 
603             emailAddress = emailAddress.trim().toLowerCase();
604 
605             if (!emailAddress.equalsIgnoreCase(user.getEmailAddress())) {
606                 validateEmailAddress(user, emailAddress);
607             }
608         }
609 
610         if (groupIds != null) {
611             groupIds = checkGroups(userId, groupIds);
612         }
613 
614         if (organizationIds != null) {
615             organizationIds = checkOrganizations(userId, organizationIds);
616         }
617 
618         if (roleIds != null) {
619             roleIds = checkRoles(userId, roleIds);
620         }
621 
622         if (userGroupRoles != null) {
623             userGroupRoles = checkUserGroupRoles(userId, userGroupRoles);
624         }
625 
626         return userLocalService.updateUser(
627             userId, oldPassword, newPassword1, newPassword2, passwordReset,
628             reminderQueryQuestion, reminderQueryAnswer, screenName,
629             emailAddress, openId, languageId, timeZoneId, greeting, comments,
630             firstName, middleName, lastName, prefixId, suffixId, male,
631             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
632             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
633             jobTitle, groupIds, organizationIds, roleIds, userGroupRoles,
634             userGroupIds, serviceContext);
635     }
636 
637     public User updateUser(
638             long userId, String oldPassword, String newPassword1,
639             String newPassword2, boolean passwordReset,
640             String reminderQueryQuestion, String reminderQueryAnswer,
641             String screenName, String emailAddress, String openId,
642             String languageId, String timeZoneId, String greeting,
643             String comments, String firstName, String middleName,
644             String lastName, int prefixId, int suffixId, boolean male,
645             int birthdayMonth, int birthdayDay, int birthdayYear, String smsSn,
646             String aimSn, String facebookSn, String icqSn, String jabberSn,
647             String msnSn, String mySpaceSn, String skypeSn, String twitterSn,
648             String ymSn, String jobTitle, long[] groupIds,
649             long[] organizationIds, long[] roleIds,
650             List<UserGroupRole> userGroupRoles, long[] userGroupIds,
651             List<Address> addresses, List<EmailAddress> emailAddresses,
652             List<Phone> phones, List<Website> websites,
653             List<AnnouncementsDelivery> announcementsDelivers,
654             ServiceContext serviceContext)
655         throws PortalException, SystemException {
656 
657         User user = updateUser(
658             userId, oldPassword, newPassword1, newPassword2, passwordReset,
659             reminderQueryQuestion, reminderQueryAnswer, screenName,
660             emailAddress, openId, languageId, timeZoneId, greeting, comments,
661             firstName, middleName, lastName, prefixId, suffixId, male,
662             birthdayMonth, birthdayDay, birthdayYear, smsSn, aimSn, facebookSn,
663             icqSn, jabberSn, msnSn, mySpaceSn, skypeSn, twitterSn, ymSn,
664             jobTitle, groupIds, organizationIds, roleIds,
665             userGroupRoles, userGroupIds, serviceContext);
666 
667         EnterpriseAdminUtil.updateAddresses(
668             Contact.class.getName(), user.getContactId(), addresses);
669 
670         EnterpriseAdminUtil.updateEmailAddresses(
671             Contact.class.getName(), user.getContactId(), emailAddresses);
672 
673         EnterpriseAdminUtil.updatePhones(
674             Contact.class.getName(), user.getContactId(), phones);
675 
676         EnterpriseAdminUtil.updateWebsites(
677             Contact.class.getName(), user.getContactId(), websites);
678 
679         updateAnnouncementsDeliveries(user.getUserId(), announcementsDelivers);
680 
681         return user;
682     }
683 
684     protected long[] checkGroups(long userId, long[] groupIds)
685         throws PortalException, SystemException {
686 
687         // Add back any groups that the administrator does not have the rights
688         // to remove and check that he has the permission to add any new group
689 
690         List<Group> oldGroups = groupLocalService.getUserGroups(userId);
691         long[] oldGroupIds = new long[oldGroups.size()];
692 
693         for (int i = 0; i < oldGroups.size(); i++) {
694             Group group = oldGroups.get(i);
695 
696             if (!ArrayUtil.contains(groupIds, group.getGroupId()) &&
697                 !GroupPermissionUtil.contains(
698                     getPermissionChecker(), group.getGroupId(),
699                     ActionKeys.ASSIGN_MEMBERS)) {
700 
701                 groupIds = ArrayUtil.append(groupIds, group.getGroupId());
702             }
703 
704             oldGroupIds[i] = group.getGroupId();
705         }
706 
707         for (long groupId : groupIds) {
708             if (!ArrayUtil.contains(oldGroupIds, groupId)) {
709                 GroupPermissionUtil.check(
710                     getPermissionChecker(), groupId, ActionKeys.ASSIGN_MEMBERS);
711             }
712         }
713 
714         return groupIds;
715     }
716 
717     protected long[] checkOrganizations(long userId, long[] organizationIds)
718         throws PortalException, SystemException {
719 
720         // Add back any organizations that the administrator does not have the
721         // rights to remove and check that he has the permission to add any new
722         // organization
723 
724         List<Organization> oldOrganizations =
725             organizationLocalService.getUserOrganizations(userId);
726         long[] oldOrganizationIds = new long[oldOrganizations.size()];
727 
728         for (int i = 0; i < oldOrganizations.size(); i++) {
729             Organization organization = oldOrganizations.get(i);
730 
731             if (!ArrayUtil.contains(
732                     organizationIds, organization.getOrganizationId()) &&
733                 !OrganizationPermissionUtil.contains(
734                     getPermissionChecker(), organization.getOrganizationId(),
735                     ActionKeys.ASSIGN_MEMBERS)) {
736 
737                 organizationIds = ArrayUtil.append(
738                     organizationIds, organization.getOrganizationId());
739             }
740 
741             oldOrganizationIds[i] = organization.getOrganizationId();
742         }
743 
744         for (long organizationId : organizationIds) {
745             if (!ArrayUtil.contains(oldOrganizationIds, organizationId)) {
746                 OrganizationPermissionUtil.check(
747                     getPermissionChecker(), organizationId,
748                     ActionKeys.ASSIGN_MEMBERS);
749             }
750         }
751 
752         return organizationIds;
753     }
754 
755     protected long[] checkRoles(long userId, long[] roleIds)
756         throws PrincipalException, SystemException {
757 
758         // Add back any roles that the administrator does not have the rights to
759         // remove and check that he has the permission to add any new role
760 
761         List<Role> oldRoles = roleLocalService.getUserRoles(userId);
762         long[] oldRoleIds = new long[oldRoles.size()];
763 
764         for (int i = 0; i < oldRoles.size(); i++) {
765             Role role = oldRoles.get(i);
766 
767             if (!ArrayUtil.contains(roleIds, role.getRoleId()) &&
768                 !RolePermissionUtil.contains(
769                     getPermissionChecker(), role.getRoleId(),
770                     ActionKeys.ASSIGN_MEMBERS)) {
771 
772                 roleIds = ArrayUtil.append(roleIds, role.getRoleId());
773             }
774 
775             oldRoleIds[i] = role.getRoleId();
776         }
777 
778         for (long roleId : roleIds) {
779             if (!ArrayUtil.contains(oldRoleIds, roleId)) {
780                 RolePermissionUtil.check(
781                     getPermissionChecker(), roleId, ActionKeys.ASSIGN_MEMBERS);
782             }
783         }
784 
785         return roleIds;
786     }
787 
788     protected List<UserGroupRole> checkUserGroupRoles(
789             long userId, List<UserGroupRole> userGroupRoles)
790         throws PortalException, SystemException {
791 
792         // Add back any group roles that the administrator does not have the
793         // rights to remove
794 
795         List<UserGroupRole> oldUserGroupRoles =
796             userGroupRoleLocalService.getUserGroupRoles(userId);
797 
798         for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) {
799             if (!userGroupRoles.contains(oldUserGroupRole) &&
800                 (!GroupPermissionUtil.contains(
801                     getPermissionChecker(), oldUserGroupRole.getGroupId(),
802                     ActionKeys.ASSIGN_MEMBERS) ||
803                 !RolePermissionUtil.contains(
804                     getPermissionChecker(), oldUserGroupRole.getRoleId(),
805                     ActionKeys.ASSIGN_MEMBERS))) {
806 
807                 userGroupRoles.add(oldUserGroupRole);
808             }
809         }
810 
811         for (UserGroupRole userGroupRole : userGroupRoles) {
812             if (!oldUserGroupRoles.contains(userGroupRole)) {
813 
814                 if (!GroupPermissionUtil.contains(
815                         getPermissionChecker(), userGroupRole.getGroupId(),
816                         ActionKeys.ASSIGN_MEMBERS) ||
817                     !RolePermissionUtil.contains(
818                         getPermissionChecker(), userGroupRole.getRoleId(),
819                         ActionKeys.ASSIGN_MEMBERS)) {
820 
821                     throw new PrincipalException();
822                 }
823             }
824         }
825 
826         return userGroupRoles;
827     }
828 
829     protected void updateAnnouncementsDeliveries(
830             long userId, List<AnnouncementsDelivery> announcementsDeliveries)
831         throws PortalException, SystemException {
832 
833         for (AnnouncementsDelivery announcementsDelivery :
834                 announcementsDeliveries) {
835 
836             announcementsDeliveryService.updateDelivery(
837                 userId, announcementsDelivery.getType(),
838                 announcementsDelivery.getEmail(),
839                 announcementsDelivery.getSms(),
840                 announcementsDelivery.getWebsite());
841         }
842     }
843 
844     protected void validateEmailAddress(User user, String emailAddress)
845         throws PortalException, SystemException {
846 
847         PermissionChecker permissionChecker = getPermissionChecker();
848 
849         if (!EnterpriseAdminUtil.hasUpdateEmailAddress(
850                 permissionChecker, user)) {
851 
852             throw new UserEmailAddressException();
853         }
854 
855         if (!user.hasCompanyMx() && user.hasCompanyMx(emailAddress)) {
856             Company company = companyPersistence.findByPrimaryKey(
857                 user.getCompanyId());
858 
859             if (!company.isStrangersWithMx()) {
860                 throw new ReservedUserEmailAddressException();
861             }
862         }
863     }
864 
865     protected void validateScreenName(User user, String screenName)
866         throws PortalException, SystemException {
867 
868         PermissionChecker permissionChecker = getPermissionChecker();
869 
870         if (!EnterpriseAdminUtil.hasUpdateScreenName(permissionChecker, user)) {
871             throw new UserScreenNameException();
872         }
873     }
874 
875     protected void validateOrganizationUsers(long[] userIds)
876         throws PortalException, SystemException {
877 
878         PermissionChecker permissionChecker = getPermissionChecker();
879 
880         if (!PropsValues.ORGANIZATIONS_ASSIGNMENT_STRICT ||
881             permissionChecker.isCompanyAdmin()) {
882 
883             return;
884         }
885 
886         List<Organization> organizations =
887             organizationLocalService.getUserOrganizations(
888                 permissionChecker.getUserId());
889 
890         for (long userId : userIds) {
891             boolean allowed = false;
892 
893             for (Organization organization : organizations) {
894                 boolean manageUsers = OrganizationPermissionUtil.contains(
895                     permissionChecker, organization, ActionKeys.MANAGE_USERS);
896                 boolean manageSuborganizations =
897                     OrganizationPermissionUtil.contains(
898                         permissionChecker, organization,
899                         ActionKeys.MANAGE_SUBORGANIZATIONS);
900 
901                 if (!manageUsers && !manageSuborganizations) {
902                     continue;
903                 }
904 
905                 boolean inherited = false;
906                 boolean includeSpecifiedOrganization = false;
907 
908                 if (manageUsers && manageSuborganizations) {
909                     inherited = true;
910                     includeSpecifiedOrganization = true;
911                 }
912                 else if (!manageUsers && manageSuborganizations) {
913                     inherited = true;
914                     includeSpecifiedOrganization = false;
915                 }
916 
917                 if (organizationLocalService.hasUserOrganization(
918                         userId, organization.getOrganizationId(), inherited,
919                         false, includeSpecifiedOrganization)) {
920 
921                     allowed = true;
922 
923                     break;
924                 }
925             }
926 
927             if (!allowed) {
928                 throw new PrincipalException();
929             }
930         }
931     }
932 
933 }