protected void importResourcePermissions(
PortletDataContext portletDataContext, Role importedRole, Permission permission)
throws PortalException, SystemException {
int scope = permission.getScope();
if (scope == ResourceConstants.SCOPE_COMPANY) {
ResourcePermissionServiceUtil.addResourcePermission(
portletDataContext.getCompanyGroupId(),
portletDataContext.getCompanyId(),
permission.getName(),
scope,
String.valueOf(portletDataContext.getCompanyGroupId()),
importedRole.getRoleId(),
permission.getActionId());
} else if (scope == ResourceConstants.SCOPE_GROUP) {
long groupId = portletDataContext.getCompanyGroupId();
long sourceGroupId = GetterUtil.getLong(permission.getPrimKey());
if (sourceGroupId == portletDataContext.getSourceUserPersonalSiteGroupId()) {
groupId = portletDataContext.getUserPersonalSiteGroupId();
}
ResourcePermissionServiceUtil.addResourcePermission(
groupId,
portletDataContext.getCompanyId(),
permission.getName(),
ResourceConstants.SCOPE_GROUP,
String.valueOf(groupId),
importedRole.getRoleId(),
permission.getActionId());
} else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
ResourcePermissionServiceUtil.addResourcePermission(
GroupConstants.DEFAULT_PARENT_GROUP_ID,
portletDataContext.getCompanyId(),
permission.getName(),
ResourceConstants.SCOPE_GROUP_TEMPLATE,
String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
importedRole.getRoleId(),
permission.getActionId());
} else {
if (_log.isDebugEnabled()) {
_log.debug("Individually scoped permissions are not imported");
}
}
}
public void deletePermission(ActionRequest actionRequest, ActionResponse actionResponse)
throws Exception {
ThemeDisplay themeDisplay = (ThemeDisplay) actionRequest.getAttribute(WebKeys.THEME_DISPLAY);
long roleId = ParamUtil.getLong(actionRequest, "roleId");
String name = ParamUtil.getString(actionRequest, "name");
int scope = ParamUtil.getInteger(actionRequest, "scope");
String primKey = ParamUtil.getString(actionRequest, "primKey");
String actionId = ParamUtil.getString(actionRequest, "actionId");
Role role = RoleLocalServiceUtil.getRole(roleId);
String roleName = role.getName();
if (roleName.equals(RoleConstants.ADMINISTRATOR)
|| roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR)
|| roleName.equals(RoleConstants.ORGANIZATION_OWNER)
|| roleName.equals(RoleConstants.OWNER)
|| roleName.equals(RoleConstants.SITE_ADMINISTRATOR)
|| roleName.equals(RoleConstants.SITE_OWNER)) {
throw new RolePermissionsException(roleName);
}
if (ResourceBlockLocalServiceUtil.isSupported(name)) {
if (scope == ResourceConstants.SCOPE_GROUP) {
ResourceBlockServiceUtil.removeGroupScopePermission(
themeDisplay.getScopeGroupId(),
themeDisplay.getCompanyId(),
GetterUtil.getLong(primKey),
name,
roleId,
actionId);
} else {
ResourceBlockServiceUtil.removeCompanyScopePermission(
themeDisplay.getScopeGroupId(), themeDisplay.getCompanyId(), name, roleId, actionId);
}
} else {
ResourcePermissionServiceUtil.removeResourcePermission(
themeDisplay.getScopeGroupId(),
themeDisplay.getCompanyId(),
name,
scope,
primKey,
roleId,
actionId);
}
// Send redirect
SessionMessages.add(actionRequest, "permissionDeleted");
String redirect = PortalUtil.escapeRedirect(ParamUtil.getString(actionRequest, "redirect"));
if (Validator.isNotNull(redirect)) {
actionResponse.sendRedirect(redirect);
}
}
/**
* Updates the role's permissions at the scope, setting the actions that can be performed on
* resources of the type. Existing actions are replaced.
*
* <p>This method can be used to set permissions at any scope, but it is generally only used at
* the individual scope. For example, it could be used to set the guest permissions on a blog
* post.
*
* <p>Depending on the scope, the value of <code>primKey</code> will have different meanings. For
* more information, see {@link com.liferay.portal.model.impl.ResourcePermissionImpl}.
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a portlet ID
* @param primKey the primary key
* @param roleId the primary key of the role
* @param actionIds the action IDs of the actions
* @throws PortalException if the user did not have permission to set resource permissions, or if
* a role with the primary key or a resource action with the name and action ID could not be
* found
* @throws SystemException if a system exception occurred
*/
public static void setIndividualResourcePermissions(
long groupId,
long companyId,
java.lang.String name,
java.lang.String primKey,
long roleId,
java.lang.String[] actionIds)
throws RemoteException {
try {
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
groupId, companyId, name, primKey, roleId, actionIds);
} catch (Exception e) {
_log.error(e, e);
throw new RemoteException(e.getMessage());
}
}
/**
* Revokes all permissions at the scope from the role to perform the action on resources of the
* type. For example, this method could be used to revoke all individual scope permissions to edit
* blog posts from site members.
*
* @param groupId the primary key of the group
* @param companyId the primary key of the company
* @param name the resource's name, which can be either a class name or a portlet ID
* @param scope the scope
* @param roleId the primary key of the role
* @param actionId the action ID
* @throws PortalException if the user did not have permission to remove resource permissions, or
* if a role with the primary key or a resource action with the name and action ID could not
* be found
* @throws SystemException if a system exception occurred
*/
public static void removeResourcePermissions(
long groupId,
long companyId,
java.lang.String name,
int scope,
long roleId,
java.lang.String actionId)
throws RemoteException {
try {
ResourcePermissionServiceUtil.removeResourcePermissions(
groupId, companyId, name, scope, roleId, actionId);
} catch (Exception e) {
_log.error(e, e);
throw new RemoteException(e.getMessage());
}
}
protected void updateAction(
Role role,
long groupId,
String selResource,
String actionId,
boolean selected,
int scope,
String[] groupIds)
throws Exception {
long companyId = role.getCompanyId();
long roleId = role.getRoleId();
if (selected) {
if (scope == ResourceConstants.SCOPE_COMPANY) {
ResourcePermissionServiceUtil.addResourcePermission(
groupId,
companyId,
selResource,
scope,
String.valueOf(role.getCompanyId()),
roleId,
actionId);
} else if (scope == ResourceConstants.SCOPE_GROUP_TEMPLATE) {
ResourcePermissionServiceUtil.addResourcePermission(
groupId,
companyId,
selResource,
ResourceConstants.SCOPE_GROUP_TEMPLATE,
String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID),
roleId,
actionId);
} else if (scope == ResourceConstants.SCOPE_GROUP) {
ResourcePermissionServiceUtil.removeResourcePermissions(
groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP, roleId, actionId);
for (String curGroupId : groupIds) {
ResourcePermissionServiceUtil.addResourcePermission(
groupId,
companyId,
selResource,
ResourceConstants.SCOPE_GROUP,
curGroupId,
roleId,
actionId);
}
}
} else {
// Remove company, group template, and group permissions
ResourcePermissionServiceUtil.removeResourcePermissions(
groupId, companyId, selResource, ResourceConstants.SCOPE_COMPANY, roleId, actionId);
ResourcePermissionServiceUtil.removeResourcePermissions(
groupId,
companyId,
selResource,
ResourceConstants.SCOPE_GROUP_TEMPLATE,
roleId,
actionId);
ResourcePermissionServiceUtil.removeResourcePermissions(
groupId, companyId, selResource, ResourceConstants.SCOPE_GROUP, roleId, actionId);
}
}
protected void updateRolePermissions(ActionRequest actionRequest) throws Exception {
ThemeDisplay themeDisplay = (ThemeDisplay) actionRequest.getAttribute(WebKeys.THEME_DISPLAY);
String portletResource = ParamUtil.getString(actionRequest, "portletResource");
String modelResource = ParamUtil.getString(actionRequest, "modelResource");
long[] roleIds =
StringUtil.split(ParamUtil.getString(actionRequest, "rolesSearchContainerPrimaryKeys"), 0L);
String selResource = PortletConstants.getRootPortletId(portletResource);
if (Validator.isNotNull(modelResource)) {
selResource = modelResource;
}
long resourceGroupId =
ParamUtil.getLong(actionRequest, "resourceGroupId", themeDisplay.getScopeGroupId());
String resourcePrimKey = ParamUtil.getString(actionRequest, "resourcePrimKey");
Map<Long, String[]> roleIdsToActionIds = new HashMap<Long, String[]>();
if (ResourceBlockLocalServiceUtil.isSupported(selResource)) {
for (long roleId : roleIds) {
List<String> actionIds = getActionIdsList(actionRequest, roleId, true);
roleIdsToActionIds.put(roleId, actionIds.toArray(new String[actionIds.size()]));
}
ResourceBlockServiceUtil.setIndividualScopePermissions(
themeDisplay.getCompanyId(),
resourceGroupId,
selResource,
GetterUtil.getLong(resourcePrimKey),
roleIdsToActionIds);
} else {
for (long roleId : roleIds) {
String[] actionIds = getActionIds(actionRequest, roleId, false);
roleIdsToActionIds.put(roleId, actionIds);
}
ResourcePermissionServiceUtil.setIndividualResourcePermissions(
resourceGroupId,
themeDisplay.getCompanyId(),
selResource,
resourcePrimKey,
roleIdsToActionIds);
}
int pos = resourcePrimKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
if (pos != -1) {
long plid = GetterUtil.getLong(resourcePrimKey.substring(0, pos));
Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
if (layout != null) {
layout.setModifiedDate(new Date());
LayoutLocalServiceUtil.updateLayout(layout);
CacheUtil.clearCache(layout.getCompanyId());
}
}
if (PropsValues.PERMISSIONS_PROPAGATION_ENABLED) {
Portlet portlet =
PortletLocalServiceUtil.getPortletById(themeDisplay.getCompanyId(), portletResource);
PermissionPropagator permissionPropagator = portlet.getPermissionPropagatorInstance();
if (permissionPropagator != null) {
permissionPropagator.propagateRolePermissions(
actionRequest, modelResource, resourcePrimKey, roleIds);
}
}
}
