public boolean containsWithoutViewableGroup(
PermissionChecker permissionChecker,
Layout layout,
String controlPanelCategory,
boolean checkLayoutUpdateable,
String actionId)
throws PortalException, SystemException {
if (checkLayoutUpdateable
&& !actionId.equals(ActionKeys.CUSTOMIZE)
&& !actionId.equals(ActionKeys.VIEW)
&& (layout instanceof VirtualLayout)) {
return false;
}
if (actionId.equals(ActionKeys.CUSTOMIZE) && (layout instanceof VirtualLayout)) {
VirtualLayout virtualLayout = (VirtualLayout) layout;
layout = virtualLayout.getWrappedModel();
}
if (actionId.equals(ActionKeys.DELETE) && !SitesUtil.isLayoutDeleteable(layout)) {
return false;
}
Group group = layout.getGroup();
if (checkLayoutUpdateable
&& !group.isLayoutSetPrototype()
&& isAttemptToModifyLockedLayout(layout, actionId)) {
return false;
}
User user = UserLocalServiceUtil.getUserById(permissionChecker.getUserId());
if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)
&& !user.isDefaultUser()
&& !group.isUser()) {
// This is new way of doing an ownership check without having to
// have a userId field on the model. When the instance model was
// first created, we set the user's userId as the ownerId of the
// individual scope ResourcePermission of the Owner Role.
// Therefore, ownership can be determined by obtaining the Owner
// role ResourcePermission for the current instance model and
// testing it with the hasOwnerPermission call.
ResourcePermission resourcePermission =
ResourcePermissionLocalServiceUtil.getResourcePermission(
layout.getCompanyId(),
Layout.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(layout.getPlid()),
permissionChecker.getOwnerRoleId());
if (permissionChecker.hasOwnerPermission(
layout.getCompanyId(),
Layout.class.getName(),
String.valueOf(layout.getPlid()),
resourcePermission.getOwnerId(),
actionId)) {
return true;
}
}
if (GroupPermissionUtil.contains(
permissionChecker, layout.getGroupId(), ActionKeys.MANAGE_LAYOUTS)) {
return true;
} else if (actionId.equals(ActionKeys.ADD_LAYOUT)
&& GroupPermissionUtil.contains(
permissionChecker, layout.getGroupId(), ActionKeys.ADD_LAYOUT)) {
return true;
}
if (PropsValues.PERMISSIONS_VIEW_DYNAMIC_INHERITANCE && !actionId.equals(ActionKeys.VIEW)) {
// Check upward recursively to see if any pages above grant the
// action
long parentLayoutId = layout.getParentLayoutId();
while (parentLayoutId != LayoutConstants.DEFAULT_PARENT_LAYOUT_ID) {
Layout parentLayout =
LayoutLocalServiceUtil.getLayout(
layout.getGroupId(), layout.isPrivateLayout(), parentLayoutId);
if (contains(permissionChecker, parentLayout, controlPanelCategory, actionId)) {
return true;
}
parentLayoutId = parentLayout.getParentLayoutId();
}
}
try {
if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
if (ResourcePermissionLocalServiceUtil.getResourcePermissionsCount(
layout.getCompanyId(),
Layout.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(layout.getPlid()))
== 0) {
throw new NoSuchResourceException();
}
} else {
ResourceLocalServiceUtil.getResource(
layout.getCompanyId(),
Layout.class.getName(),
ResourceConstants.SCOPE_INDIVIDUAL,
String.valueOf(layout.getPlid()));
}
} catch (NoSuchResourceException nsre) {
boolean addGroupPermission = true;
boolean addGuestPermission = true;
if (layout.isPrivateLayout()) {
addGuestPermission = false;
}
ResourceLocalServiceUtil.addResources(
layout.getCompanyId(),
layout.getGroupId(),
0,
Layout.class.getName(),
layout.getPlid(),
false,
addGroupPermission,
addGuestPermission);
}
return permissionChecker.hasPermission(
layout.getGroupId(), Layout.class.getName(), layout.getPlid(), actionId);
}
protected void fixOrganizationRolePermissions() throws Exception {
DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(ResourcePermission.class);
dynamicQuery.add(RestrictionsFactoryUtil.eq("name", Organization.class.getName()));
List<ResourcePermission> resourcePermissions =
ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);
for (ResourcePermission resourcePermission : resourcePermissions) {
ResourcePermission groupResourcePermission = null;
try {
groupResourcePermission =
ResourcePermissionLocalServiceUtil.getResourcePermission(
resourcePermission.getCompanyId(),
Group.class.getName(),
resourcePermission.getScope(),
resourcePermission.getPrimKey(),
resourcePermission.getRoleId());
} catch (Exception e) {
ResourcePermissionLocalServiceUtil.setResourcePermissions(
resourcePermission.getCompanyId(),
Group.class.getName(),
resourcePermission.getScope(),
resourcePermission.getPrimKey(),
resourcePermission.getRoleId(),
ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);
groupResourcePermission =
ResourcePermissionLocalServiceUtil.getResourcePermission(
resourcePermission.getCompanyId(),
Group.class.getName(),
resourcePermission.getScope(),
resourcePermission.getPrimKey(),
resourcePermission.getRoleId());
}
long organizationActions = resourcePermission.getActionIds();
long groupActions = groupResourcePermission.getActionIds();
for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
long organizationActionMask = (Long) actionIdToMask[1];
long groupActionMask = (Long) actionIdToMask[2];
if ((organizationActions & organizationActionMask) == organizationActionMask) {
organizationActions = organizationActions & (~organizationActionMask);
groupActions = groupActions | groupActionMask;
}
}
try {
resourcePermission.resetOriginalValues();
resourcePermission.setActionIds(organizationActions);
ResourcePermissionLocalServiceUtil.updateResourcePermission(resourcePermission);
groupResourcePermission.resetOriginalValues();
groupResourcePermission.setActionIds(groupActions);
ResourcePermissionLocalServiceUtil.updateResourcePermission(groupResourcePermission);
} catch (Exception e) {
_log.error(e, e);
}
}
PermissionCacheUtil.clearCache();
}
