public boolean containsWithoutViewableGroup(
      PermissionChecker permissionChecker,
      Layout layout,
      String controlPanelCategory,
      boolean checkLayoutUpdateable,
      String actionId)
      throws PortalException, SystemException {

    if (checkLayoutUpdateable
        && !actionId.equals(ActionKeys.CUSTOMIZE)
        && !actionId.equals(ActionKeys.VIEW)
        && (layout instanceof VirtualLayout)) {

      return false;
    }

    if (actionId.equals(ActionKeys.CUSTOMIZE) && (layout instanceof VirtualLayout)) {

      VirtualLayout virtualLayout = (VirtualLayout) layout;

      layout = virtualLayout.getWrappedModel();
    }

    if (actionId.equals(ActionKeys.DELETE) && !SitesUtil.isLayoutDeleteable(layout)) {

      return false;
    }

    Group group = layout.getGroup();

    if (checkLayoutUpdateable
        && !group.isLayoutSetPrototype()
        && isAttemptToModifyLockedLayout(layout, actionId)) {

      return false;
    }

    User user = UserLocalServiceUtil.getUserById(permissionChecker.getUserId());

    if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)
        && !user.isDefaultUser()
        && !group.isUser()) {

      // This is new way of doing an ownership check without having to
      // have a userId field on the model. When the instance model was
      // first created, we set the user's userId as the ownerId of the
      // individual scope ResourcePermission of the Owner Role.
      // Therefore, ownership can be determined by obtaining the Owner
      // role ResourcePermission for the current instance model and
      // testing it with the hasOwnerPermission call.

      ResourcePermission resourcePermission =
          ResourcePermissionLocalServiceUtil.getResourcePermission(
              layout.getCompanyId(),
              Layout.class.getName(),
              ResourceConstants.SCOPE_INDIVIDUAL,
              String.valueOf(layout.getPlid()),
              permissionChecker.getOwnerRoleId());

      if (permissionChecker.hasOwnerPermission(
          layout.getCompanyId(),
          Layout.class.getName(),
          String.valueOf(layout.getPlid()),
          resourcePermission.getOwnerId(),
          actionId)) {

        return true;
      }
    }

    if (GroupPermissionUtil.contains(
        permissionChecker, layout.getGroupId(), ActionKeys.MANAGE_LAYOUTS)) {

      return true;
    } else if (actionId.equals(ActionKeys.ADD_LAYOUT)
        && GroupPermissionUtil.contains(
            permissionChecker, layout.getGroupId(), ActionKeys.ADD_LAYOUT)) {

      return true;
    }

    if (PropsValues.PERMISSIONS_VIEW_DYNAMIC_INHERITANCE && !actionId.equals(ActionKeys.VIEW)) {

      // Check upward recursively to see if any pages above grant the
      // action

      long parentLayoutId = layout.getParentLayoutId();

      while (parentLayoutId != LayoutConstants.DEFAULT_PARENT_LAYOUT_ID) {
        Layout parentLayout =
            LayoutLocalServiceUtil.getLayout(
                layout.getGroupId(), layout.isPrivateLayout(), parentLayoutId);

        if (contains(permissionChecker, parentLayout, controlPanelCategory, actionId)) {

          return true;
        }

        parentLayoutId = parentLayout.getParentLayoutId();
      }
    }

    try {
      if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
        if (ResourcePermissionLocalServiceUtil.getResourcePermissionsCount(
                layout.getCompanyId(),
                Layout.class.getName(),
                ResourceConstants.SCOPE_INDIVIDUAL,
                String.valueOf(layout.getPlid()))
            == 0) {

          throw new NoSuchResourceException();
        }
      } else {
        ResourceLocalServiceUtil.getResource(
            layout.getCompanyId(),
            Layout.class.getName(),
            ResourceConstants.SCOPE_INDIVIDUAL,
            String.valueOf(layout.getPlid()));
      }
    } catch (NoSuchResourceException nsre) {
      boolean addGroupPermission = true;
      boolean addGuestPermission = true;

      if (layout.isPrivateLayout()) {
        addGuestPermission = false;
      }

      ResourceLocalServiceUtil.addResources(
          layout.getCompanyId(),
          layout.getGroupId(),
          0,
          Layout.class.getName(),
          layout.getPlid(),
          false,
          addGroupPermission,
          addGuestPermission);
    }

    return permissionChecker.hasPermission(
        layout.getGroupId(), Layout.class.getName(), layout.getPlid(), actionId);
  }
Пример #2
0
  protected void fixOrganizationRolePermissions() throws Exception {
    DynamicQuery dynamicQuery = DynamicQueryFactoryUtil.forClass(ResourcePermission.class);

    dynamicQuery.add(RestrictionsFactoryUtil.eq("name", Organization.class.getName()));

    List<ResourcePermission> resourcePermissions =
        ResourcePermissionLocalServiceUtil.dynamicQuery(dynamicQuery);

    for (ResourcePermission resourcePermission : resourcePermissions) {
      ResourcePermission groupResourcePermission = null;

      try {
        groupResourcePermission =
            ResourcePermissionLocalServiceUtil.getResourcePermission(
                resourcePermission.getCompanyId(),
                Group.class.getName(),
                resourcePermission.getScope(),
                resourcePermission.getPrimKey(),
                resourcePermission.getRoleId());
      } catch (Exception e) {
        ResourcePermissionLocalServiceUtil.setResourcePermissions(
            resourcePermission.getCompanyId(),
            Group.class.getName(),
            resourcePermission.getScope(),
            resourcePermission.getPrimKey(),
            resourcePermission.getRoleId(),
            ResourcePermissionLocalServiceImpl.EMPTY_ACTION_IDS);

        groupResourcePermission =
            ResourcePermissionLocalServiceUtil.getResourcePermission(
                resourcePermission.getCompanyId(),
                Group.class.getName(),
                resourcePermission.getScope(),
                resourcePermission.getPrimKey(),
                resourcePermission.getRoleId());
      }

      long organizationActions = resourcePermission.getActionIds();
      long groupActions = groupResourcePermission.getActionIds();

      for (Object[] actionIdToMask : _ORGANIZATION_ACTION_IDS_TO_MASKS) {
        long organizationActionMask = (Long) actionIdToMask[1];
        long groupActionMask = (Long) actionIdToMask[2];

        if ((organizationActions & organizationActionMask) == organizationActionMask) {

          organizationActions = organizationActions & (~organizationActionMask);
          groupActions = groupActions | groupActionMask;
        }
      }

      try {
        resourcePermission.resetOriginalValues();

        resourcePermission.setActionIds(organizationActions);

        ResourcePermissionLocalServiceUtil.updateResourcePermission(resourcePermission);

        groupResourcePermission.resetOriginalValues();
        groupResourcePermission.setActionIds(groupActions);

        ResourcePermissionLocalServiceUtil.updateResourcePermission(groupResourcePermission);
      } catch (Exception e) {
        _log.error(e, e);
      }
    }

    PermissionCacheUtil.clearCache();
  }