1 /*******************************************************************************
2 * Copyright � Igor Barma, Alexandre Desoubeaux, Christian Martel, Eric Brun, Mathieu Amblard, Gwenael Gevet, Pierre Guillot, 2012
3 * Copyright Alexandre Desoubeaux, Christian Martel, Cedric Lecarpentier, Alexandre Lefevre, Marc Salvat 2014-2016
4 * Copyright Alexandre Desoubeaux, Christian Martel, Cedric Lecarpentier, Marc Salvat, Marc Suarez, Harifetra Ramamonjy 2017
6 * This file is part of the work and learning management system Pentila Nero.
8 * Pentila Nero is free software. You can redistribute it and/or modify since
9 * you respect the terms of either (at least one of the both license) :
10 * - under the terms of the GNU Affero General Public License as
11 * published by the Free Software Foundation, either version 3 of the
12 * License, or (at your option) any later version.
13 * - the CeCILL-C as published by CeCILL-C; either version 1 of the
14 * License, or any later version
15 * - the GNU Lesser General Public License as published by the
16 * Free Software Foundation, either version 3 of the license,
17 * or (at your option) any later version.
19 * There are special exceptions to the terms and conditions of the
20 * licenses as they are applied to this software. View the full text of
21 * the exception in file LICENSE-PROJECT.txt in the directory of this software
24 * Pentila Nero is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * Licenses for more details.
29 * You should have received a copy of the GNU Affero General Public License
30 * and the CeCILL-C and the GNU Lesser General Public License along with
31 * Pentila Nero. If not, see :
32 * <http://www.gnu.org/licenses/> and
33 * <http://www.cecill.info/licences.fr.html>.
34 ******************************************************************************/
35 package com.pentila.entSavoie.utils;
37 import java.util.ArrayList;
38 import java.util.Arrays;
39 import java.util.HashMap;
40 import java.util.List;
42 import java.util.Map.Entry;
44 import com.liferay.portal.kernel.dao.orm.QueryUtil;
45 import com.liferay.portal.kernel.exception.PortalException;
46 import com.liferay.portal.kernel.exception.SystemException;
47 import com.liferay.portal.kernel.log.Log;
48 import com.liferay.portal.kernel.log.LogFactoryUtil;
49 import com.liferay.portal.kernel.repository.model.FileEntry;
50 import com.liferay.portal.kernel.repository.model.Folder;
51 import com.liferay.portal.model.Group;
52 import com.liferay.portal.model.Organization;
53 import com.liferay.portal.model.ResourceAction;
54 import com.liferay.portal.model.ResourceConstants;
55 import com.liferay.portal.model.Role;
56 import com.liferay.portal.model.RoleConstants;
57 import com.liferay.portal.model.User;
58 import com.liferay.portal.security.permission.ActionKeys;
59 import com.liferay.portal.security.permission.PermissionChecker;
60 import com.liferay.portal.service.GroupLocalServiceUtil;
61 import com.liferay.portal.service.OrganizationLocalServiceUtil;
62 import com.liferay.portal.service.ResourceActionLocalServiceUtil;
63 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
64 import com.liferay.portal.service.RoleLocalServiceUtil;
65 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
66 import com.liferay.portal.service.UserLocalServiceUtil;
67 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
68 import com.liferay.portlet.documentlibrary.model.DLFolder;
69 import com.liferay.portlet.documentlibrary.service.DLAppLocalServiceUtil;
70 import com.liferay.portlet.messageboards.model.MBCategory;
71 import com.liferay.portlet.messageboards.model.MBMessage;
72 import com.pentila.entSavoie.ENTRoleUtilFactory;
73 import com.pentila.entSavoie.ENTRolesConstants;
74 import com.pentila.entSavoie.ENTRolesUtil;
75 import com.pentila.entSavoie.communityInfos.model.CommunityInfos;
76 import com.pentila.entSavoie.communityInfos.service.CommunityInfosLocalServiceUtil;
77 import com.pentila.entSavoie.utils.constants.PermissionConstants;
79 public class PermissionsUtils {
82 * Verification des permissions pour un folder
84 public static boolean checkFolderPermission(PermissionChecker permissionChecker, Folder folder, String actionId) throws PortalException, SystemException {
85 return checkFolderPermission(permissionChecker, folder, actionId, true);
89 public static boolean checkFolderPermission(PermissionChecker permissionChecker, Folder folder, String actionId, Boolean checkOwner) throws PortalException, SystemException {
91 // Verification des permissions pour le owner seulement si on
92 if (checkOwner && permissionChecker.getUserId() == folder.getUserId()) {
96 // Verification des permissions pour les autres roles
97 return permissionChecker.hasPermission(folder.getGroupId(), DLFolder.class.getName(), folder.getFolderId(), actionId);
102 * Verification des permissions pour un file
104 public static boolean checkFilePermission(PermissionChecker permissionChecker, FileEntry fileEntry, String actionId) {
107 // Verification des permisssios pour le owner
108 if (permissionChecker.getUserId() == fileEntry.getUserId()) {
111 } catch(Exception exc){
112 _log.error("ERREUR dans PermissionsUtils owner check");
113 _log.error(permissionChecker);
114 _log.error(fileEntry);
115 _log.error(actionId);
118 // Verification des permissions pour les autres roles
119 return permissionChecker.hasPermission(fileEntry.getGroupId(), DLFileEntry.class.getName(), fileEntry.getFileEntryId(), actionId);
121 catch(Exception exc){
122 _log.error("ERREUR dans PermissionsUtils other roles");
123 _log.error(permissionChecker);
124 _log.error(fileEntry);
125 _log.error(actionId);
131 * This method return true if the user has the permission to do the action on the ressource in the parameter
132 * @param pRessource Ressource where the permission will be test. MUst be a Folder, aDLFolder, a FileEntry, a MBCategory or a MBMessage
133 * @param pUser the user you need to test the permission
134 * @param pPermissionChecker the permission checker for the user
135 * @param actionId the action you need the permission
136 * @return True if the user has the permission to do the action
137 * @throws PortalException
138 * @throws SystemException
140 public static boolean hasUserPermissionForRessourceInGroup(PermissionChecker pPermissionChecker, Object pRessource, String actionId) throws PortalException, SystemException {
141 User aUser = UserLocalServiceUtil.getUser(pPermissionChecker.getUserId());
142 if (pPermissionChecker.isOmniadmin() || pPermissionChecker.isCompanyAdmin(pPermissionChecker.getCompanyId())
143 || ENTRolesUtil.isLocalAdmin(aUser) ){
147 if(pRessource instanceof FileEntry){
148 return PermissionsUtils.hasUserPermissionForFileInGroup((FileEntry) pRessource, pPermissionChecker, actionId);
150 else if(pRessource instanceof Folder){
151 return PermissionsUtils.hasUserPermissionForFolderInGroup((Folder) pRessource, pPermissionChecker, actionId);
153 else if(pRessource instanceof DLFolder){
154 return PermissionsUtils.hasUserPermissionForFolderInGroup((DLFolder) pRessource, pPermissionChecker, actionId);
156 else if(pRessource instanceof MBCategory){
157 return PermissionsUtils.hasUserPermissionForFolderInGroup((MBCategory) pRessource, pPermissionChecker, actionId);
159 else if(pRessource instanceof MBMessage){
160 return PermissionsUtils.hasUserPermissionForFolderInGroup((MBMessage) pRessource, pPermissionChecker, actionId);
163 // case ressource is not a file, folder, mbcategory, mbmessage => usage error
168 * This method return true if the user has the permission to do the action on the ressource in the parameter
169 * @param pRessource Ressource where the permission will be test. MUst be a FileEntry
170 * @param pUser the user you need to test the permission
171 * @param pPermissionChecker the permission checker for the user
172 * @param actionId the action you need the permission
173 * @return True if the user has the permission to do the action
174 * @throws PortalException
175 * @throws SystemException
177 private static boolean hasUserPermissionForFileInGroup(FileEntry pRessource, PermissionChecker pPermissionChecker, String actionId)
178 throws PortalException, SystemException {
180 long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
182 return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), DLFileEntry.class.getName(),
183 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getFileEntryId()), userRoleIds , actionId);
188 * This method return true if the user has the permission to do the action on the ressource in the parameter
189 * @param pRessource Ressource where the permission will be test. MUst be a Folder
190 * @param pUser the user you need to test the permission
191 * @param pPermissionChecker the permission checker for the user
192 * @param actionId the action you need the permission
193 * @return True if the user has the permission to do the action
194 * @throws PortalException
195 * @throws SystemException
197 private static boolean hasUserPermissionForFolderInGroup(Folder pRessource, PermissionChecker pPermissionChecker, String actionId)
198 throws PortalException, SystemException {
200 long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
202 return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), DLFolder.class.getName(),
203 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getFolderId()), userRoleIds , actionId);
207 * This method return true if the user has the permission to do the action on the ressource in the parameter
208 * @param pRessource Ressource where the permission will be test. MUst be a DLFolder
209 * @param pUser the user you need to test the permission
210 * @param pPermissionChecker the permission checker for the user
211 * @param actionId the action you need the permission
212 * @return True if the user has the permission to do the action
213 * @throws PortalException
214 * @throws SystemException
216 private static boolean hasUserPermissionForFolderInGroup(DLFolder pRessource, PermissionChecker pPermissionChecker, String actionId)
217 throws PortalException, SystemException {
219 long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
221 return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), DLFolder.class.getName(),
222 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getFolderId()), userRoleIds , actionId);
226 * This method return true if the user has the permission to do the action on the ressource in the parameter
227 * @param pRessource Ressource where the permission will be test. MUst be a MBCategory
228 * @param pUser the user you need to test the permission
229 * @param pPermissionChecker the permission checker for the user
230 * @param actionId the action you need the permission
231 * @return True if the user has the permission to do the action
232 * @throws PortalException
233 * @throws SystemException
235 private static boolean hasUserPermissionForFolderInGroup(MBCategory pRessource, PermissionChecker pPermissionChecker, String actionId)
236 throws PortalException, SystemException {
238 long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
240 return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), MBCategory.class.getName(),
241 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getCategoryId()), userRoleIds , actionId);
245 * This method return true if the user has the permission to do the action on the ressource in the parameter
246 * @param pRessource Ressource where the permission will be test. MUst be a MBMessage
247 * @param pUser the user you need to test the permission
248 * @param pPermissionChecker the permission checker for the user
249 * @param actionId the action you need the permission
250 * @return True if the user has the permission to do the action
251 * @throws PortalException
252 * @throws SystemException
254 private static boolean hasUserPermissionForFolderInGroup(MBMessage pRessource, PermissionChecker pPermissionChecker, String actionId)
255 throws PortalException, SystemException {
257 long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
259 return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), MBMessage.class.getName(),
260 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getMessageId()), userRoleIds , actionId);
264 * This method get the list of role id for the user.
265 * @param pGroupId the group id of the ressource
266 * @param ressourceCreatorId the user id of ressource creator
267 * @param pUser the user
268 * @param pPermissionChecker the pemrission checker
269 * @return the list of roles id for the user
270 * @throws PortalException
271 * @throws SystemException
273 private static long[] getRolesIdsToCheckForUserPermissions(
274 long pGroupId, long ressourceCreatorId,
275 PermissionChecker pPermissionChecker) throws PortalException,
278 * Define the role to check
280 User user = UserLocalServiceUtil.getUser(pPermissionChecker.getUserId());
281 Group group = GroupLocalServiceUtil.getGroup(pGroupId);
282 List<Role> roles = new ArrayList<Role>();
285 roles.addAll(user.getRoles());
287 if(ressourceCreatorId == pPermissionChecker.getUserId()){
288 roles.add(RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.OWNER));
291 Role adminGrpRole = ENTRoleUtilFactory.getInstance(user.getCompanyId()).getRole(ENTRolesConstants.GROUP_ADMIN);
292 if(RoleLocalServiceUtil.hasUserRole(user.getUserId(), adminGrpRole.getRoleId())){
293 roles.add(adminGrpRole);
296 if (group.isOrganization()) {
297 Role roleAdministrator = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.ORGANIZATION_ADMINISTRATOR);
298 Role roleOwner = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
299 Role roleUser = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.ORGANIZATION_USER);
300 // We have no owners, considers it's the same as administrator
301 if(pPermissionChecker.isOrganizationAdmin(group.getOrganizationId())){
302 roles.add(roleAdministrator);
303 roles.add(roleOwner);
306 // get all user organization and check if the groupe is one of it
307 for(Organization orga : OrganizationLocalServiceUtil.getUserOrganizations(user.getUserId())){
308 if(orga.getOrganizationId() == group.getOrganizationId()){
315 Role roleAdministrator = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.SITE_ADMINISTRATOR);
316 Role roleOwner = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.SITE_OWNER);
317 Role roleUser = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.SITE_MEMBER);
319 if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, roleAdministrator.getRoleId())){
320 roles.add(roleAdministrator);
322 if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, roleOwner.getRoleId())){
323 roles.add(roleOwner);
326 // get user of group to verify if user is membre of it
327 for(long aUserId : UserLocalServiceUtil.getGroupUserIds(pGroupId)){
328 if(aUserId == user.getUserId()){
335 * For forum need verify if user is a forum member or admin
337 Role forumAdmin = RoleLocalServiceUtil.getRole(user.getCompanyId(), ENTRolesConstants.FORUM_ADMIN);
338 if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, forumAdmin.getRoleId())){
339 roles.add(forumAdmin);
342 Role forumMember = RoleLocalServiceUtil.getRole(user.getCompanyId(), ENTRolesConstants.FORUM_MEMBER);
343 if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, forumMember.getRoleId())){
344 roles.add(forumMember);
348 long[] roleIds = new long[roles.size()];
350 for(Role aRole : roles){
351 roleIds[iterator] = aRole.getRoleId();
361 * Ajout des permissions par defaut pour un dossier
363 public static void addDefaultPermissionsFolder(Folder folder) throws PortalException, SystemException {
364 // Groupe de la resource
365 Group group = GroupLocalServiceUtil.getGroup(folder.getGroupId());
367 // Si le groupe est de type organization, alors set des permissions des membres
368 if (group.isOrganization()) {
369 setDefaultRolePermissionsForResource(true, folder.getCompanyId(), folder.getFolderId(), true);
371 // Sinon si le groupe est de type communaute, alors set des permissions des membres
372 else if (group.isRegularSite()) {
373 setDefaultRolePermissionsForResource(false, folder.getCompanyId(), folder.getFolderId(), true);
375 setDefaultRolePermissionsForCartable(folder.getCompanyId(), folder.getFolderId(), true);
382 * Ajout des permissions par defaut pour un fichier
384 public static void addDefaultPermissionsFile(FileEntry fileEntry) throws PortalException, SystemException {
385 // Groupe de la resource
386 Group group = GroupLocalServiceUtil.getGroup(fileEntry.getGroupId());
388 // Si le groupe est de type organization, alors set des permissions des membres
389 if (group.isOrganization()) {
390 setDefaultRolePermissionsForResource(true, fileEntry.getCompanyId(), fileEntry.getFileEntryId(), false);
392 // Sinon si le groupe est de type communaute, alors set des permissions des membres
393 else if (group.isRegularSite()) {
394 setDefaultRolePermissionsForResource(false, fileEntry.getCompanyId(), fileEntry.getFileEntryId(), false);
396 setDefaultRolePermissionsForCartable(fileEntry.getCompanyId(), fileEntry.getFileEntryId(), false);
401 // Set des permissions par defaut pour un dossier
402 private static void setDefaultRolePermissionsForCartable(long companyId, long objectId, boolean isFolder) throws PortalException, SystemException {
404 int scope = ResourceConstants.SCOPE_INDIVIDUAL;
405 String name = DLFileEntry.class.getName();
407 // read and add content permisison
408 List<String> readAndAddContentPermissions = new ArrayList<String>();
409 readAndAddContentPermissions.addAll(PermissionConstants.READ_PERMISSIONS);
412 List<String> listAdvActions = new ArrayList<String>();
413 listAdvActions.add(PermissionConstants.PERMISSIONS);
415 List<String> readAddWritePermissions = new ArrayList<String>();
416 readAddWritePermissions.addAll(PermissionConstants.READ_PERMISSIONS);
417 if (!ENTMainUtilsLocalServiceUtil.isSchemaSupann(companyId)) {
418 readAddWritePermissions.addAll(PermissionConstants.EDIT_CONTENT_PERMISSIONS);
421 readAddWritePermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
422 readAndAddContentPermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
423 name = DLFolder.class.getName();
425 // group administror will have all permission
426 List<String> allPermissions = new ArrayList<String>();
427 allPermissions.addAll(readAddWritePermissions);
428 allPermissions.add(PermissionConstants.PERMISSIONS);
430 // add role to one of 4 rights level
431 List<Role> listAdminRole = new ArrayList<Role>();
433 //admin premission on element
434 listAdminRole.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.OWNER)); // propri�taire de l'l�lemnt
436 // set the admin permissions
437 PermissionsUtils.setPermissionsToRoles(listAdminRole,allPermissions,companyId, name, scope, String.valueOf(objectId));
442 // Set des permissions par defaut pour un dossier
443 private static void setDefaultRolePermissionsForResource(boolean org, long companyId, long objectId, boolean isFolder) throws PortalException, SystemException {
445 int scope = ResourceConstants.SCOPE_INDIVIDUAL;
446 String name = DLFileEntry.class.getName();
448 // read and add content permisison
449 List<String> readAndAddContentPermissions = new ArrayList<String>();
450 readAndAddContentPermissions.addAll(PermissionConstants.READ_PERMISSIONS);
453 List<String> listAdvActions = new ArrayList<String>();
454 listAdvActions.add(PermissionConstants.PERMISSIONS);
456 List<String> readAddWritePermissions = new ArrayList<String>();
457 readAddWritePermissions.addAll(PermissionConstants.READ_PERMISSIONS);
458 if (!ENTMainUtilsLocalServiceUtil.isSchemaSupann(companyId)) {
459 readAddWritePermissions.addAll(PermissionConstants.EDIT_CONTENT_PERMISSIONS);
462 readAddWritePermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
463 readAndAddContentPermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
464 name = DLFolder.class.getName();
466 // group administror will have all permission
467 List<String> allPermissions = new ArrayList<String>();
468 allPermissions.addAll(readAddWritePermissions);
469 allPermissions.add(PermissionConstants.PERMISSIONS);
471 // add role to one of 4 rights level
472 List<Role> listNoPermissionRole = new ArrayList<Role>();
473 List<Role> listReaderRole = new ArrayList<Role>();
474 List<Role> listAddContentRole = new ArrayList<Role>();
475 List<Role> listWriterRole = new ArrayList<Role>();
476 List<Role> listAdminRole = new ArrayList<Role>();
478 // role with no specific permission
479 listNoPermissionRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_1), // eleve
480 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_2), // parent
481 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.EXTERNAL))); // external
483 // add content permission
484 listAddContentRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_24), // domentaliste has view and add rights
485 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_3), // professor
486 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_5), // vie scolaire
487 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_6), // personnel administratif , technique , encadrement
488 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_7), // rectorat,draf , collectivit� territorial, inspection academique
489 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_20), // personnel administratif
490 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_21), // assistant d'education
491 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_22), // assistant �tranger
492 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_25), // Education
493 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_27), // personnels de laboratoires
494 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_28), // personnels m�dicaux sociaux
495 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_29))); // oriantation
498 // editor premission on element
499 listWriterRole.add(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_4)); //personnel de direction
501 //admin premission on element
502 listAdminRole.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.OWNER)); // propri�taire de l'l�lemnt
503 listAdminRole.add(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.GROUP_ADMIN));
505 // case of organisation
508 listReaderRole.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.ORGANIZATION_USER));
509 listAdminRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, RoleConstants.ORGANIZATION_ADMINISTRATOR), // organization administrator has admin permisison
510 RoleLocalServiceUtil.getRole(companyId, RoleConstants.ORGANIZATION_OWNER))); // group administrateur
514 listReaderRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, RoleConstants.SITE_MEMBER),
515 RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.COMMUNITY_VISITOR))); // organization administrator has admin permisison
516 listAdminRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, RoleConstants.SITE_ADMINISTRATOR), // site administrator has admin permisison
517 RoleLocalServiceUtil.getRole(companyId, RoleConstants.SITE_OWNER))); // site owner has admin permisison
520 // set no permissions
521 PermissionsUtils.setPermissionsToRoles(listNoPermissionRole,new ArrayList<String>(),companyId, name, scope, String.valueOf(objectId));
523 // set the readers permissions
524 PermissionsUtils.setPermissionsToRoles(listReaderRole,PermissionConstants.READ_PERMISSIONS,companyId, name, scope, String.valueOf(objectId));
526 // set the add content permissions
527 PermissionsUtils.setPermissionsToRoles(listAddContentRole,readAndAddContentPermissions,companyId, name, scope, String.valueOf(objectId));
529 // set the wrtier permissions
530 PermissionsUtils.setPermissionsToRoles(listWriterRole,readAddWritePermissions,companyId, name, scope, String.valueOf(objectId));
532 // set the admin permissions
533 PermissionsUtils.setPermissionsToRoles(listAdminRole,allPermissions,companyId, name, scope, String.valueOf(objectId));
537 * This method give the folder right to file
538 * @param pFile FileEntry you want to update the permissions, get PFile.getParent right
539 * @throws PortalException
540 * @throws SystemException
542 public static void setParentPermissionToFile(FileEntry pFile) throws PortalException, SystemException{
543 Map<Long,List<String>> permissionMap = PermissionsUtils.getPermissionsMapForFolder(pFile.getFolder());
544 Map<Long,String[]> permissionMapConvert = PermissionsUtils.convertPermissionFromGetterToSetter(permissionMap);
546 ResourcePermissionLocalServiceUtil.setResourcePermissions(pFile.getCompanyId(), DLFileEntry.class.getName(),
547 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pFile.getFileEntryId()),
548 permissionMapConvert);
554 * This method give the folder right to file
555 * @param pFolder Folder you want to update the permissions
556 * @param pParentFolder The parent folder which give the permission
557 * @throws PortalException
558 * @throws SystemException
560 public static void setParentPermissionToFolder(Folder pFolder) throws PortalException, SystemException{
561 Map<Long,List<String>> permissionMap = PermissionsUtils.getPermissionsMapForFolder(pFolder.getParentFolder());
562 Map<Long,String[]> permissionMapConvert = PermissionsUtils.convertPermissionFromGetterToSetter(permissionMap);
565 ResourcePermissionLocalServiceUtil.setResourcePermissions(pFolder.getCompanyId(), DLFolder.class.getName(),
566 ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pFolder.getFolderId()),
567 permissionMapConvert);
571 * This method permit to set a list of permission to a list of user role
572 * @throws SystemException
573 * @throws PortalException
574 * @param pRoles the list of role (List<Role>) you want to modify the permissions
575 * @param pPermissions the permissions (List<String>) you want to affect to role
577 public static void setPermissionsToRoles(List<Role> pRoles, List<String> pPermissions,long pCompanyId,
578 String pName, int pScope, String pPrimKey) throws PortalException, SystemException{
579 for (Role role : pRoles) {
580 ResourcePermissionLocalServiceUtil.setResourcePermissions(pCompanyId, pName, pScope, pPrimKey, role.getRoleId(),
581 pPermissions.toArray(new String[pPermissions.size()]));
586 * Parcours de tous les groupes et mise a jour de toutes les permissions
588 public static void updatePermissionAtelier(User user) throws PortalException, SystemException {
590 if (_log.isDebugEnabled()) {
591 _log.debug("DEBUT UPDATE PERMISSIONS");
595 List<Organization> allOrganization = OrganizationLocalServiceUtil.getOrganizations(QueryUtil.ALL_POS,QueryUtil.ALL_POS);
596 for (Organization o: allOrganization) {
597 if (_log.isDebugEnabled()) {
598 _log.debug("ORGANIZATION "+ o.getName());
600 Folder rootFolder = FoldersUtil.getRootFolder(user.getUserId(), o.getGroup().getGroupId(), false);
601 if (rootFolder!= null) {
602 recursiveExplorationToSetPermission(o.getGroup(), rootFolder);
607 // Liste de tous les groupes --> y compris les groupoes user, les organistations, TOUSSS --> donc attention
608 List<Group> listGroup = GroupLocalServiceUtil.getGroups(QueryUtil.ALL_POS,QueryUtil.ALL_POS);
609 for (Group grp: listGroup) {
610 if (grp.isRegularSite()) {
611 if (_log.isDebugEnabled()) {
612 _log.debug("COMMUNITY "+ grp.getName());
614 Folder rootFolder = FoldersUtil.getRootFolder(user.getUserId(), grp.getGroupId(), false);
615 if (rootFolder!=null) {
616 recursiveExplorationToSetPermission(grp, rootFolder);
622 // Parcours recursif d'un dossier
623 private static void recursiveExplorationToSetPermission(Group group, Folder currentFolder) throws SystemException, PortalException {
625 // mise a jour du dossiezr courant
626 PermissionsUtils.addDefaultPermissionsFolder(currentFolder);
627 // Mise a jour des fichiers du dossier
628 setPermissionsFileEntryFolder(currentFolder);
630 // Appel recurssif sur les dossiers contenus
631 List<Folder> listFolder = DLAppLocalServiceUtil.getFolders(group.getGroupId(), currentFolder.getFolderId());
632 for (Folder folder : listFolder) {
633 if (_log.isDebugEnabled()) {
634 _log.debug("FOLDER "+ folder.getName());
636 recursiveExplorationToSetPermission(group, folder);
640 // Mise a jour des permissions de tous les fichiers d'un dossier
641 private static void setPermissionsFileEntryFolder(Folder folder) throws PortalException, SystemException {
643 // Liste des fichiers contenus dans le dossier
644 List<FileEntry> listFile = DLAppLocalServiceUtil.getFileEntries(folder.getGroupId(), folder.getFolderId());
646 // Set des permissions des fichiers
647 for (FileEntry file : listFile) {
648 if (_log.isDebugEnabled()) {
649 _log.debug("FILE "+ file.getTitle());
651 PermissionsUtils.addDefaultPermissionsFile(file);
657 * @param pFolder Folder which get the permission map
658 * @return the map of permission key is the role and the value is the list of permission por this role
659 * @throws PortalException
660 * @throws SystemException
662 public static Map<Long,List<String>> getPermissionsMapForFolder(Folder pFolder) throws PortalException, SystemException {
663 // get all roles for this folder
664 List<String> listRole = PermissionsUtils.listRoleForPermissions(pFolder);
665 Map<Long,List<String>> permissionsMap = new HashMap<Long,List<String>>();
666 long companyId = pFolder.getCompanyId();
668 int scope = ResourceConstants.SCOPE_INDIVIDUAL;
669 String name = DLFolder.class.getName();
671 // get the right for roles and build map of permission
672 long[] roleIdList = new long[listRole.size()];
674 for(int i = 0; i< listRole.size() ; i++){
675 roleIdList[i] = RoleLocalServiceUtil.getRole(companyId, listRole.get(i)).getRoleId();
678 for(int j=0 ; j < roleIdList.length ; j++){
679 permissionsMap.put(roleIdList[j], ResourcePermissionLocalServiceUtil.getAvailableResourcePermissionActionIds(companyId, name, scope,
680 String.valueOf(pFolder.getPrimaryKey()),roleIdList[j], PermissionConstants.FOLDER_PERMISSION_ALLOW));
682 return permissionsMap;
686 * This method return the list of role
687 * @param pFolder the folder you need to get the list of role affected
688 * @return The List<String> return is the list of role as string which need to be affect by permission
689 * @throws PortalException
690 * @throws SystemException
692 public static List<String> listRoleForPermissions(Folder pFolder) throws PortalException, SystemException{
693 List<String> listRole = new ArrayList<String>(Arrays.asList(PermissionConstants.NATIONAL_CODE_ROLES_PERMISSIONS));
694 listRole.add(RoleConstants.OWNER);
695 listRole.add(ENTRolesConstants.GROUP_ADMIN);
696 listRole.add(ENTRolesConstants.EXTERNAL);
698 Group group = GroupLocalServiceUtil.getGroup(pFolder.getGroupId());
699 // If the group i community or organization, it select the corresponding groups
700 if (group.isOrganization()) {
701 listRole.add(RoleConstants.ORGANIZATION_ADMINISTRATOR);
702 listRole.add(RoleConstants.ORGANIZATION_OWNER);
703 listRole.add(RoleConstants.ORGANIZATION_USER);
705 else if (group.isRegularSite()) {
706 listRole.add(RoleConstants.SITE_ADMINISTRATOR);
707 listRole.add(RoleConstants.SITE_OWNER);
708 listRole.add(RoleConstants.SITE_MEMBER);
710 CommunityInfos ci = CommunityInfosLocalServiceUtil.getCommunityInfosByGroupId(group.getGroupId());
711 if (ci.getPolitic()==2){
712 listRole.add(ENTRolesConstants.COMMUNITY_VISITOR);
719 * This method convert Map<Long,Set<String>> to Map<Long,String[]>
720 * @param pGetterPermissionMap the map of permission from method ResourcePermissionLocalServiceUtil.getAvailableResourcePermissionActionIds
721 * @return map to set permission for method ResourcePermissionLocalServiceUtil.setResourcePermissions
723 public static Map<Long,String[]> convertPermissionFromGetterToSetter(Map<Long,List<String>> pGetterPermissionMap){
725 Map<Long,String[]> setterPermissionMap = new HashMap<Long,String[]>();
726 // Convert map Map<Long,Set<String>> to Map<Long,String[]>
727 for(Entry<Long,List<String>> permissionEntry : pGetterPermissionMap.entrySet()){
728 setterPermissionMap.put(permissionEntry.getKey(),
729 permissionEntry.getValue().toArray(new String[permissionEntry.getValue().size()]));
731 return setterPermissionMap;
735 * This method permit to set the view permission to a FileEntry or a Folder
736 * @param pRessources The ressource you will give the view permission. This parametter must be a FileEntry or a Folder
737 * @throws PortalException
738 * @throws SystemException
740 public static void setViewPermissionForRessources(Object pRessources) throws PortalException, SystemException{
741 int scope = ResourceConstants.SCOPE_INDIVIDUAL;
742 String[] actionsId = {ActionKeys.VIEW};
744 if(pRessources instanceof FileEntry){
745 String name = DLFileEntry.class.getName();
746 FileEntry file = (FileEntry) pRessources;
747 long roleId = RoleLocalServiceUtil.getRole(file.getCompanyId(), RoleConstants.USER).getRoleId();
748 ResourcePermissionLocalServiceUtil.setResourcePermissions(file.getCompanyId(), name, scope, String.valueOf(file.getPrimaryKey()),roleId, actionsId );
750 else if(pRessources instanceof Folder){
751 String name = DLFolder.class.getName();
752 Folder folder = (Folder) pRessources;
753 long roleId = RoleLocalServiceUtil.getRole(folder.getCompanyId(), RoleConstants.USER).getRoleId();
754 ResourcePermissionLocalServiceUtil.setResourcePermissions(folder.getCompanyId(), name, scope, String.valueOf(folder.getPrimaryKey()),roleId, actionsId );
757 throw new IllegalArgumentException("Ressources must be an FileEntry or a Folder object");
762 * this method permit to display the all user permission for the current object action per action
763 * @param pPermissionChecker
767 public static void displayUserPermissionForRessource(PermissionChecker pPermissionChecker, String pObjectName, Object pRessource){
769 List<ResourceAction> resourceActions = ResourceActionLocalServiceUtil.getResourceActions(pObjectName);
770 List<String> actionIds = new ArrayList<String>();
771 for(ResourceAction resourceAction: resourceActions){
772 actionIds.add(resourceAction.getActionId());
775 long ressourceId = 0;
778 String ressourceObjectName = "";
780 if(pRessource instanceof FileEntry){
781 FileEntry ressource = (FileEntry) pRessource;
782 ressourceId = ressource.getFileEntryId();
783 groupId = ressource.getGroupId();
784 creatorId = ressource.getUserId();
785 ressourceObjectName = DLFileEntry.class.getName();
787 else if(pRessource instanceof Folder){
788 Folder ressource = (Folder) pRessource;
789 ressourceId = ressource.getFolderId();
790 groupId = ressource.getGroupId();
791 creatorId = ressource.getUserId();
792 ressourceObjectName = DLFolder.class.getName();
794 else if(pRessource instanceof MBCategory){
795 MBCategory ressource = (MBCategory) pRessource;
796 ressourceId = ressource.getCategoryId();
797 groupId = ressource.getGroupId();
798 creatorId = ressource.getUserId();
799 ressourceObjectName = MBCategory.class.getName();
801 else if(pRessource instanceof MBMessage){
802 MBMessage ressource = (MBMessage) pRessource;
803 ressourceId = ressource.getMessageId();
804 groupId = ressource.getGroupId();
805 creatorId = ressource.getUserId();
806 ressourceObjectName = MBMessage.class.getName();
809 long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(groupId,creatorId, pPermissionChecker);
810 _log.warn("Display permission for user:" + UserLocalServiceUtil.getUser(pPermissionChecker.getUserId()).getScreenName()
811 + " for object type " + ressourceObjectName + " with id:" +ressourceId);
812 for(long userRoleId: userRoleIds){
813 _log.warn("For the role " + RoleLocalServiceUtil.getRole(userRoleId).getName() + " user has following permission:");
814 List<String> currentActions = ResourcePermissionLocalServiceUtil.getAvailableResourcePermissionActionIds
815 (pPermissionChecker.getCompanyId(), ressourceObjectName, ResourceConstants.SCOPE_INDIVIDUAL,
816 String.valueOf(ressourceId), userRoleId, actionIds);
817 for(String action: currentActions){
827 private static Log _log = LogFactoryUtil.getLog(PermissionsUtils.class);