--- /dev/null
+/*******************************************************************************
+ * Copyright � Igor Barma, Alexandre Desoubeaux, Christian Martel, Eric Brun, Mathieu Amblard, Gwenael Gevet, Pierre Guillot, 2012
+ * Copyright Alexandre Desoubeaux, Christian Martel, Cedric Lecarpentier, Alexandre Lefevre, Marc Salvat 2014-2016
+ * Copyright Alexandre Desoubeaux, Christian Martel, Cedric Lecarpentier, Marc Salvat, Marc Suarez, Harifetra Ramamonjy 2017
+ *
+ * This file is part of the work and learning management system Pentila Nero.
+ *
+ * Pentila Nero is free software. You can redistribute it and/or modify since
+ * you respect the terms of either (at least one of the both license) :
+ * - under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ * - the CeCILL-C as published by CeCILL-C; either version 1 of the
+ * License, or any later version
+ * - the GNU Lesser General Public License as published by the
+ * Free Software Foundation, either version 3 of the license,
+ * or (at your option) any later version.
+ *
+ * There are special exceptions to the terms and conditions of the
+ * licenses as they are applied to this software. View the full text of
+ * the exception in file LICENSE-PROJECT.txt in the directory of this software
+ * distribution.
+ *
+ * Pentila Nero is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * Licenses for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * and the CeCILL-C and the GNU Lesser General Public License along with
+ * Pentila Nero. If not, see :
+ * <http://www.gnu.org/licenses/> and
+ * <http://www.cecill.info/licences.fr.html>.
+ ******************************************************************************/
+package com.pentila.entSavoie.utils;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import com.liferay.portal.kernel.dao.orm.QueryUtil;
+import com.liferay.portal.kernel.exception.PortalException;
+import com.liferay.portal.kernel.exception.SystemException;
+import com.liferay.portal.kernel.log.Log;
+import com.liferay.portal.kernel.log.LogFactoryUtil;
+import com.liferay.portal.kernel.repository.model.FileEntry;
+import com.liferay.portal.kernel.repository.model.Folder;
+import com.liferay.portal.model.Group;
+import com.liferay.portal.model.Organization;
+import com.liferay.portal.model.ResourceAction;
+import com.liferay.portal.model.ResourceConstants;
+import com.liferay.portal.model.Role;
+import com.liferay.portal.model.RoleConstants;
+import com.liferay.portal.model.User;
+import com.liferay.portal.security.permission.ActionKeys;
+import com.liferay.portal.security.permission.PermissionChecker;
+import com.liferay.portal.service.GroupLocalServiceUtil;
+import com.liferay.portal.service.OrganizationLocalServiceUtil;
+import com.liferay.portal.service.ResourceActionLocalServiceUtil;
+import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
+import com.liferay.portal.service.RoleLocalServiceUtil;
+import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
+import com.liferay.portal.service.UserLocalServiceUtil;
+import com.liferay.portlet.documentlibrary.model.DLFileEntry;
+import com.liferay.portlet.documentlibrary.model.DLFolder;
+import com.liferay.portlet.documentlibrary.service.DLAppLocalServiceUtil;
+import com.liferay.portlet.messageboards.model.MBCategory;
+import com.liferay.portlet.messageboards.model.MBMessage;
+import com.pentila.entSavoie.ENTRoleUtilFactory;
+import com.pentila.entSavoie.ENTRolesConstants;
+import com.pentila.entSavoie.ENTRolesUtil;
+import com.pentila.entSavoie.communityInfos.model.CommunityInfos;
+import com.pentila.entSavoie.communityInfos.service.CommunityInfosLocalServiceUtil;
+import com.pentila.entSavoie.utils.constants.PermissionConstants;
+
+public class PermissionsUtils {
+
+ /**
+ * Verification des permissions pour un folder
+ */
+ public static boolean checkFolderPermission(PermissionChecker permissionChecker, Folder folder, String actionId) throws PortalException, SystemException {
+ return checkFolderPermission(permissionChecker, folder, actionId, true);
+ }
+
+
+ public static boolean checkFolderPermission(PermissionChecker permissionChecker, Folder folder, String actionId, Boolean checkOwner) throws PortalException, SystemException {
+
+ // Verification des permissions pour le owner seulement si on
+ if (checkOwner && permissionChecker.getUserId() == folder.getUserId()) {
+ return true;
+ }
+
+ // Verification des permissions pour les autres roles
+ return permissionChecker.hasPermission(folder.getGroupId(), DLFolder.class.getName(), folder.getFolderId(), actionId);
+
+ }
+
+ /**
+ * Verification des permissions pour un file
+ */
+ public static boolean checkFilePermission(PermissionChecker permissionChecker, FileEntry fileEntry, String actionId) {
+
+ try{
+ // Verification des permisssios pour le owner
+ if (permissionChecker.getUserId() == fileEntry.getUserId()) {
+ return true;
+ }
+ } catch(Exception exc){
+ _log.error("ERREUR dans PermissionsUtils owner check");
+ _log.error(permissionChecker);
+ _log.error(fileEntry);
+ _log.error(actionId);
+ }
+ try{
+ // Verification des permissions pour les autres roles
+ return permissionChecker.hasPermission(fileEntry.getGroupId(), DLFileEntry.class.getName(), fileEntry.getFileEntryId(), actionId);
+ }
+ catch(Exception exc){
+ _log.error("ERREUR dans PermissionsUtils other roles");
+ _log.error(permissionChecker);
+ _log.error(fileEntry);
+ _log.error(actionId);
+ return false;
+ }
+ }
+
+ /**
+ * This method return true if the user has the permission to do the action on the ressource in the parameter
+ * @param pRessource Ressource where the permission will be test. MUst be a Folder, aDLFolder, a FileEntry, a MBCategory or a MBMessage
+ * @param pUser the user you need to test the permission
+ * @param pPermissionChecker the permission checker for the user
+ * @param actionId the action you need the permission
+ * @return True if the user has the permission to do the action
+ * @throws PortalException
+ * @throws SystemException
+ */
+ public static boolean hasUserPermissionForRessourceInGroup(PermissionChecker pPermissionChecker, Object pRessource, String actionId) throws PortalException, SystemException {
+ User aUser = UserLocalServiceUtil.getUser(pPermissionChecker.getUserId());
+ if (pPermissionChecker.isOmniadmin() || pPermissionChecker.isCompanyAdmin(pPermissionChecker.getCompanyId())
+ || ENTRolesUtil.isLocalAdmin(aUser) ){
+ return true;
+ }
+
+ if(pRessource instanceof FileEntry){
+ return PermissionsUtils.hasUserPermissionForFileInGroup((FileEntry) pRessource, pPermissionChecker, actionId);
+ }
+ else if(pRessource instanceof Folder){
+ return PermissionsUtils.hasUserPermissionForFolderInGroup((Folder) pRessource, pPermissionChecker, actionId);
+ }
+ else if(pRessource instanceof DLFolder){
+ return PermissionsUtils.hasUserPermissionForFolderInGroup((DLFolder) pRessource, pPermissionChecker, actionId);
+ }
+ else if(pRessource instanceof MBCategory){
+ return PermissionsUtils.hasUserPermissionForFolderInGroup((MBCategory) pRessource, pPermissionChecker, actionId);
+ }
+ else if(pRessource instanceof MBMessage){
+ return PermissionsUtils.hasUserPermissionForFolderInGroup((MBMessage) pRessource, pPermissionChecker, actionId);
+ }
+
+ // case ressource is not a file, folder, mbcategory, mbmessage => usage error
+ return false;
+ }
+
+ /**
+ * This method return true if the user has the permission to do the action on the ressource in the parameter
+ * @param pRessource Ressource where the permission will be test. MUst be a FileEntry
+ * @param pUser the user you need to test the permission
+ * @param pPermissionChecker the permission checker for the user
+ * @param actionId the action you need the permission
+ * @return True if the user has the permission to do the action
+ * @throws PortalException
+ * @throws SystemException
+ */
+ private static boolean hasUserPermissionForFileInGroup(FileEntry pRessource, PermissionChecker pPermissionChecker, String actionId)
+ throws PortalException, SystemException {
+
+ long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
+
+ return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), DLFileEntry.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getFileEntryId()), userRoleIds , actionId);
+
+ }
+
+ /**
+ * This method return true if the user has the permission to do the action on the ressource in the parameter
+ * @param pRessource Ressource where the permission will be test. MUst be a Folder
+ * @param pUser the user you need to test the permission
+ * @param pPermissionChecker the permission checker for the user
+ * @param actionId the action you need the permission
+ * @return True if the user has the permission to do the action
+ * @throws PortalException
+ * @throws SystemException
+ */
+ private static boolean hasUserPermissionForFolderInGroup(Folder pRessource, PermissionChecker pPermissionChecker, String actionId)
+ throws PortalException, SystemException {
+
+ long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
+
+ return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), DLFolder.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getFolderId()), userRoleIds , actionId);
+ }
+
+ /**
+ * This method return true if the user has the permission to do the action on the ressource in the parameter
+ * @param pRessource Ressource where the permission will be test. MUst be a DLFolder
+ * @param pUser the user you need to test the permission
+ * @param pPermissionChecker the permission checker for the user
+ * @param actionId the action you need the permission
+ * @return True if the user has the permission to do the action
+ * @throws PortalException
+ * @throws SystemException
+ */
+ private static boolean hasUserPermissionForFolderInGroup(DLFolder pRessource, PermissionChecker pPermissionChecker, String actionId)
+ throws PortalException, SystemException {
+
+ long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
+
+ return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), DLFolder.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getFolderId()), userRoleIds , actionId);
+ }
+
+ /**
+ * This method return true if the user has the permission to do the action on the ressource in the parameter
+ * @param pRessource Ressource where the permission will be test. MUst be a MBCategory
+ * @param pUser the user you need to test the permission
+ * @param pPermissionChecker the permission checker for the user
+ * @param actionId the action you need the permission
+ * @return True if the user has the permission to do the action
+ * @throws PortalException
+ * @throws SystemException
+ */
+ private static boolean hasUserPermissionForFolderInGroup(MBCategory pRessource, PermissionChecker pPermissionChecker, String actionId)
+ throws PortalException, SystemException {
+
+ long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
+
+ return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), MBCategory.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getCategoryId()), userRoleIds , actionId);
+ }
+
+ /**
+ * This method return true if the user has the permission to do the action on the ressource in the parameter
+ * @param pRessource Ressource where the permission will be test. MUst be a MBMessage
+ * @param pUser the user you need to test the permission
+ * @param pPermissionChecker the permission checker for the user
+ * @param actionId the action you need the permission
+ * @return True if the user has the permission to do the action
+ * @throws PortalException
+ * @throws SystemException
+ */
+ private static boolean hasUserPermissionForFolderInGroup(MBMessage pRessource, PermissionChecker pPermissionChecker, String actionId)
+ throws PortalException, SystemException {
+
+ long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(pRessource.getGroupId(),pRessource.getUserId(), pPermissionChecker);
+
+ return ResourcePermissionLocalServiceUtil.hasResourcePermission(pRessource.getCompanyId(), MBMessage.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pRessource.getMessageId()), userRoleIds , actionId);
+ }
+
+ /**
+ * This method get the list of role id for the user.
+ * @param pGroupId the group id of the ressource
+ * @param ressourceCreatorId the user id of ressource creator
+ * @param pUser the user
+ * @param pPermissionChecker the pemrission checker
+ * @return the list of roles id for the user
+ * @throws PortalException
+ * @throws SystemException
+ */
+ private static long[] getRolesIdsToCheckForUserPermissions(
+ long pGroupId, long ressourceCreatorId,
+ PermissionChecker pPermissionChecker) throws PortalException,
+ SystemException {
+ /**
+ * Define the role to check
+ */
+ User user = UserLocalServiceUtil.getUser(pPermissionChecker.getUserId());
+ Group group = GroupLocalServiceUtil.getGroup(pGroupId);
+ List<Role> roles = new ArrayList<Role>();
+
+
+ roles.addAll(user.getRoles());
+
+ if(ressourceCreatorId == pPermissionChecker.getUserId()){
+ roles.add(RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.OWNER));
+ }
+
+ Role adminGrpRole = ENTRoleUtilFactory.getInstance(user.getCompanyId()).getRole(ENTRolesConstants.GROUP_ADMIN);
+ if(RoleLocalServiceUtil.hasUserRole(user.getUserId(), adminGrpRole.getRoleId())){
+ roles.add(adminGrpRole);
+ }
+
+ if (group.isOrganization()) {
+ Role roleAdministrator = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.ORGANIZATION_ADMINISTRATOR);
+ Role roleOwner = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
+ Role roleUser = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.ORGANIZATION_USER);
+ // We have no owners, considers it's the same as administrator
+ if(pPermissionChecker.isOrganizationAdmin(group.getOrganizationId())){
+ roles.add(roleAdministrator);
+ roles.add(roleOwner);
+ }
+
+ // get all user organization and check if the groupe is one of it
+ for(Organization orga : OrganizationLocalServiceUtil.getUserOrganizations(user.getUserId())){
+ if(orga.getOrganizationId() == group.getOrganizationId()){
+ roles.add(roleUser);
+ }
+ }
+
+ }
+ else{
+ Role roleAdministrator = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.SITE_ADMINISTRATOR);
+ Role roleOwner = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.SITE_OWNER);
+ Role roleUser = RoleLocalServiceUtil.getRole(user.getCompanyId(), RoleConstants.SITE_MEMBER);
+
+ if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, roleAdministrator.getRoleId())){
+ roles.add(roleAdministrator);
+ }
+ if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, roleOwner.getRoleId())){
+ roles.add(roleOwner);
+ }
+
+ // get user of group to verify if user is membre of it
+ for(long aUserId : UserLocalServiceUtil.getGroupUserIds(pGroupId)){
+ if(aUserId == user.getUserId()){
+ roles.add(roleUser);
+ break;
+ }
+ }
+ }
+ /**
+ * For forum need verify if user is a forum member or admin
+ */
+ Role forumAdmin = RoleLocalServiceUtil.getRole(user.getCompanyId(), ENTRolesConstants.FORUM_ADMIN);
+ if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, forumAdmin.getRoleId())){
+ roles.add(forumAdmin);
+ }
+
+ Role forumMember = RoleLocalServiceUtil.getRole(user.getCompanyId(), ENTRolesConstants.FORUM_MEMBER);
+ if(UserGroupRoleLocalServiceUtil.hasUserGroupRole(user.getUserId(), pGroupId, forumMember.getRoleId())){
+ roles.add(forumMember);
+ }
+
+
+ long[] roleIds = new long[roles.size()];
+ int iterator = 0;
+ for(Role aRole : roles){
+ roleIds[iterator] = aRole.getRoleId();
+ iterator ++;
+ }
+
+ return roleIds;
+ }
+
+
+
+ /**
+ * Ajout des permissions par defaut pour un dossier
+ */
+ public static void addDefaultPermissionsFolder(Folder folder) throws PortalException, SystemException {
+ // Groupe de la resource
+ Group group = GroupLocalServiceUtil.getGroup(folder.getGroupId());
+
+ // Si le groupe est de type organization, alors set des permissions des membres
+ if (group.isOrganization()) {
+ setDefaultRolePermissionsForResource(true, folder.getCompanyId(), folder.getFolderId(), true);
+ }
+ // Sinon si le groupe est de type communaute, alors set des permissions des membres
+ else if (group.isRegularSite()) {
+ setDefaultRolePermissionsForResource(false, folder.getCompanyId(), folder.getFolderId(), true);
+ } else {
+ setDefaultRolePermissionsForCartable(folder.getCompanyId(), folder.getFolderId(), true);
+ }
+
+
+ }
+
+ /**
+ * Ajout des permissions par defaut pour un fichier
+ */
+ public static void addDefaultPermissionsFile(FileEntry fileEntry) throws PortalException, SystemException {
+ // Groupe de la resource
+ Group group = GroupLocalServiceUtil.getGroup(fileEntry.getGroupId());
+
+ // Si le groupe est de type organization, alors set des permissions des membres
+ if (group.isOrganization()) {
+ setDefaultRolePermissionsForResource(true, fileEntry.getCompanyId(), fileEntry.getFileEntryId(), false);
+ }
+ // Sinon si le groupe est de type communaute, alors set des permissions des membres
+ else if (group.isRegularSite()) {
+ setDefaultRolePermissionsForResource(false, fileEntry.getCompanyId(), fileEntry.getFileEntryId(), false);
+ } else {
+ setDefaultRolePermissionsForCartable(fileEntry.getCompanyId(), fileEntry.getFileEntryId(), false);
+ }
+ }
+
+
+ // Set des permissions par defaut pour un dossier
+ private static void setDefaultRolePermissionsForCartable(long companyId, long objectId, boolean isFolder) throws PortalException, SystemException {
+
+ int scope = ResourceConstants.SCOPE_INDIVIDUAL;
+ String name = DLFileEntry.class.getName();
+
+ // read and add content permisison
+ List<String> readAndAddContentPermissions = new ArrayList<String>();
+ readAndAddContentPermissions.addAll(PermissionConstants.READ_PERMISSIONS);
+
+ //
+ List<String> listAdvActions = new ArrayList<String>();
+ listAdvActions.add(PermissionConstants.PERMISSIONS);
+
+ List<String> readAddWritePermissions = new ArrayList<String>();
+ readAddWritePermissions.addAll(PermissionConstants.READ_PERMISSIONS);
+ if (!ENTMainUtilsLocalServiceUtil.isSchemaSupann(companyId)) {
+ readAddWritePermissions.addAll(PermissionConstants.EDIT_CONTENT_PERMISSIONS);
+ }
+ if (isFolder) {
+ readAddWritePermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
+ readAndAddContentPermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
+ name = DLFolder.class.getName();
+ }
+ // group administror will have all permission
+ List<String> allPermissions = new ArrayList<String>();
+ allPermissions.addAll(readAddWritePermissions);
+ allPermissions.add(PermissionConstants.PERMISSIONS);
+
+ // add role to one of 4 rights level
+ List<Role> listAdminRole = new ArrayList<Role>();
+
+ //admin premission on element
+ listAdminRole.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.OWNER)); // propri�taire de l'l�lemnt
+
+ // set the admin permissions
+ PermissionsUtils.setPermissionsToRoles(listAdminRole,allPermissions,companyId, name, scope, String.valueOf(objectId));
+ }
+
+
+
+ // Set des permissions par defaut pour un dossier
+ private static void setDefaultRolePermissionsForResource(boolean org, long companyId, long objectId, boolean isFolder) throws PortalException, SystemException {
+
+ int scope = ResourceConstants.SCOPE_INDIVIDUAL;
+ String name = DLFileEntry.class.getName();
+
+ // read and add content permisison
+ List<String> readAndAddContentPermissions = new ArrayList<String>();
+ readAndAddContentPermissions.addAll(PermissionConstants.READ_PERMISSIONS);
+
+ //
+ List<String> listAdvActions = new ArrayList<String>();
+ listAdvActions.add(PermissionConstants.PERMISSIONS);
+
+ List<String> readAddWritePermissions = new ArrayList<String>();
+ readAddWritePermissions.addAll(PermissionConstants.READ_PERMISSIONS);
+ if (!ENTMainUtilsLocalServiceUtil.isSchemaSupann(companyId)) {
+ readAddWritePermissions.addAll(PermissionConstants.EDIT_CONTENT_PERMISSIONS);
+ }
+ if (isFolder) {
+ readAddWritePermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
+ readAndAddContentPermissions.addAll(PermissionConstants.ADD_CONTENT_PREMISSIONS);
+ name = DLFolder.class.getName();
+ }
+ // group administror will have all permission
+ List<String> allPermissions = new ArrayList<String>();
+ allPermissions.addAll(readAddWritePermissions);
+ allPermissions.add(PermissionConstants.PERMISSIONS);
+
+ // add role to one of 4 rights level
+ List<Role> listNoPermissionRole = new ArrayList<Role>();
+ List<Role> listReaderRole = new ArrayList<Role>();
+ List<Role> listAddContentRole = new ArrayList<Role>();
+ List<Role> listWriterRole = new ArrayList<Role>();
+ List<Role> listAdminRole = new ArrayList<Role>();
+
+ // role with no specific permission
+ listNoPermissionRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_1), // eleve
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_2), // parent
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.EXTERNAL))); // external
+
+ // add content permission
+ listAddContentRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_24), // domentaliste has view and add rights
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_3), // professor
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_5), // vie scolaire
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_6), // personnel administratif , technique , encadrement
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_7), // rectorat,draf , collectivit� territorial, inspection academique
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_20), // personnel administratif
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_21), // assistant d'education
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_22), // assistant �tranger
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_25), // Education
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_27), // personnels de laboratoires
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_28), // personnels m�dicaux sociaux
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_29))); // oriantation
+
+
+ // editor premission on element
+ listWriterRole.add(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.NATIONAL_4)); //personnel de direction
+
+ //admin premission on element
+ listAdminRole.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.OWNER)); // propri�taire de l'l�lemnt
+ listAdminRole.add(RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.GROUP_ADMIN));
+
+ // case of organisation
+ if (org){
+ // add content role
+ listReaderRole.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.ORGANIZATION_USER));
+ listAdminRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, RoleConstants.ORGANIZATION_ADMINISTRATOR), // organization administrator has admin permisison
+ RoleLocalServiceUtil.getRole(companyId, RoleConstants.ORGANIZATION_OWNER))); // group administrateur
+ }
+ //case of community
+ else{
+ listReaderRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, RoleConstants.SITE_MEMBER),
+ RoleLocalServiceUtil.getRole(companyId, ENTRolesConstants.COMMUNITY_VISITOR))); // organization administrator has admin permisison
+ listAdminRole.addAll(Arrays.asList(RoleLocalServiceUtil.getRole(companyId, RoleConstants.SITE_ADMINISTRATOR), // site administrator has admin permisison
+ RoleLocalServiceUtil.getRole(companyId, RoleConstants.SITE_OWNER))); // site owner has admin permisison
+ }
+
+ // set no permissions
+ PermissionsUtils.setPermissionsToRoles(listNoPermissionRole,new ArrayList<String>(),companyId, name, scope, String.valueOf(objectId));
+
+ // set the readers permissions
+ PermissionsUtils.setPermissionsToRoles(listReaderRole,PermissionConstants.READ_PERMISSIONS,companyId, name, scope, String.valueOf(objectId));
+
+ // set the add content permissions
+ PermissionsUtils.setPermissionsToRoles(listAddContentRole,readAndAddContentPermissions,companyId, name, scope, String.valueOf(objectId));
+
+ // set the wrtier permissions
+ PermissionsUtils.setPermissionsToRoles(listWriterRole,readAddWritePermissions,companyId, name, scope, String.valueOf(objectId));
+
+ // set the admin permissions
+ PermissionsUtils.setPermissionsToRoles(listAdminRole,allPermissions,companyId, name, scope, String.valueOf(objectId));
+ }
+
+ /**
+ * This method give the folder right to file
+ * @param pFile FileEntry you want to update the permissions, get PFile.getParent right
+ * @throws PortalException
+ * @throws SystemException
+ */
+ public static void setParentPermissionToFile(FileEntry pFile) throws PortalException, SystemException{
+ Map<Long,List<String>> permissionMap = PermissionsUtils.getPermissionsMapForFolder(pFile.getFolder());
+ Map<Long,String[]> permissionMapConvert = PermissionsUtils.convertPermissionFromGetterToSetter(permissionMap);
+
+ ResourcePermissionLocalServiceUtil.setResourcePermissions(pFile.getCompanyId(), DLFileEntry.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pFile.getFileEntryId()),
+ permissionMapConvert);
+
+ }
+
+
+ /**
+ * This method give the folder right to file
+ * @param pFolder Folder you want to update the permissions
+ * @param pParentFolder The parent folder which give the permission
+ * @throws PortalException
+ * @throws SystemException
+ */
+ public static void setParentPermissionToFolder(Folder pFolder) throws PortalException, SystemException{
+ Map<Long,List<String>> permissionMap = PermissionsUtils.getPermissionsMapForFolder(pFolder.getParentFolder());
+ Map<Long,String[]> permissionMapConvert = PermissionsUtils.convertPermissionFromGetterToSetter(permissionMap);
+
+
+ ResourcePermissionLocalServiceUtil.setResourcePermissions(pFolder.getCompanyId(), DLFolder.class.getName(),
+ ResourceConstants.SCOPE_INDIVIDUAL, String.valueOf(pFolder.getFolderId()),
+ permissionMapConvert);
+ }
+
+ /**
+ * This method permit to set a list of permission to a list of user role
+ * @throws SystemException
+ * @throws PortalException
+ * @param pRoles the list of role (List<Role>) you want to modify the permissions
+ * @param pPermissions the permissions (List<String>) you want to affect to role
+ */
+ public static void setPermissionsToRoles(List<Role> pRoles, List<String> pPermissions,long pCompanyId,
+ String pName, int pScope, String pPrimKey) throws PortalException, SystemException{
+ for (Role role : pRoles) {
+ ResourcePermissionLocalServiceUtil.setResourcePermissions(pCompanyId, pName, pScope, pPrimKey, role.getRoleId(),
+ pPermissions.toArray(new String[pPermissions.size()]));
+ }
+ }
+
+ /**
+ * Parcours de tous les groupes et mise a jour de toutes les permissions
+ */
+ public static void updatePermissionAtelier(User user) throws PortalException, SystemException {
+
+ if (_log.isDebugEnabled()) {
+ _log.debug("DEBUT UPDATE PERMISSIONS");
+ }
+
+ // LES ORGANISATIONS
+ List<Organization> allOrganization = OrganizationLocalServiceUtil.getOrganizations(QueryUtil.ALL_POS,QueryUtil.ALL_POS);
+ for (Organization o: allOrganization) {
+ if (_log.isDebugEnabled()) {
+ _log.debug("ORGANIZATION "+ o.getName());
+ }
+ Folder rootFolder = FoldersUtil.getRootFolder(user.getUserId(), o.getGroup().getGroupId(), false);
+ if (rootFolder!= null) {
+ recursiveExplorationToSetPermission(o.getGroup(), rootFolder);
+ }
+ }
+
+ // LES COMMUNAUTEES
+ // Liste de tous les groupes --> y compris les groupoes user, les organistations, TOUSSS --> donc attention
+ List<Group> listGroup = GroupLocalServiceUtil.getGroups(QueryUtil.ALL_POS,QueryUtil.ALL_POS);
+ for (Group grp: listGroup) {
+ if (grp.isRegularSite()) {
+ if (_log.isDebugEnabled()) {
+ _log.debug("COMMUNITY "+ grp.getName());
+ }
+ Folder rootFolder = FoldersUtil.getRootFolder(user.getUserId(), grp.getGroupId(), false);
+ if (rootFolder!=null) {
+ recursiveExplorationToSetPermission(grp, rootFolder);
+ }
+ }
+ }
+ }
+
+ // Parcours recursif d'un dossier
+ private static void recursiveExplorationToSetPermission(Group group, Folder currentFolder) throws SystemException, PortalException {
+
+ // mise a jour du dossiezr courant
+ PermissionsUtils.addDefaultPermissionsFolder(currentFolder);
+ // Mise a jour des fichiers du dossier
+ setPermissionsFileEntryFolder(currentFolder);
+
+ // Appel recurssif sur les dossiers contenus
+ List<Folder> listFolder = DLAppLocalServiceUtil.getFolders(group.getGroupId(), currentFolder.getFolderId());
+ for (Folder folder : listFolder) {
+ if (_log.isDebugEnabled()) {
+ _log.debug("FOLDER "+ folder.getName());
+ }
+ recursiveExplorationToSetPermission(group, folder);
+ }
+ }
+
+ // Mise a jour des permissions de tous les fichiers d'un dossier
+ private static void setPermissionsFileEntryFolder(Folder folder) throws PortalException, SystemException {
+
+ // Liste des fichiers contenus dans le dossier
+ List<FileEntry> listFile = DLAppLocalServiceUtil.getFileEntries(folder.getGroupId(), folder.getFolderId());
+
+ // Set des permissions des fichiers
+ for (FileEntry file : listFile) {
+ if (_log.isDebugEnabled()) {
+ _log.debug("FILE "+ file.getTitle());
+ }
+ PermissionsUtils.addDefaultPermissionsFile(file);
+ }
+ }
+
+ /**
+ * This
+ * @param pFolder Folder which get the permission map
+ * @return the map of permission key is the role and the value is the list of permission por this role
+ * @throws PortalException
+ * @throws SystemException
+ */
+ public static Map<Long,List<String>> getPermissionsMapForFolder(Folder pFolder) throws PortalException, SystemException {
+ // get all roles for this folder
+ List<String> listRole = PermissionsUtils.listRoleForPermissions(pFolder);
+ Map<Long,List<String>> permissionsMap = new HashMap<Long,List<String>>();
+ long companyId = pFolder.getCompanyId();
+
+ int scope = ResourceConstants.SCOPE_INDIVIDUAL;
+ String name = DLFolder.class.getName();
+
+ // get the right for roles and build map of permission
+ long[] roleIdList = new long[listRole.size()];
+
+ for(int i = 0; i< listRole.size() ; i++){
+ roleIdList[i] = RoleLocalServiceUtil.getRole(companyId, listRole.get(i)).getRoleId();
+ }
+
+ for(int j=0 ; j < roleIdList.length ; j++){
+ permissionsMap.put(roleIdList[j], ResourcePermissionLocalServiceUtil.getAvailableResourcePermissionActionIds(companyId, name, scope,
+ String.valueOf(pFolder.getPrimaryKey()),roleIdList[j], PermissionConstants.FOLDER_PERMISSION_ALLOW));
+ }
+ return permissionsMap;
+ }
+
+ /**
+ * This method return the list of role
+ * @param pFolder the folder you need to get the list of role affected
+ * @return The List<String> return is the list of role as string which need to be affect by permission
+ * @throws PortalException
+ * @throws SystemException
+ */
+ public static List<String> listRoleForPermissions(Folder pFolder) throws PortalException, SystemException{
+ List<String> listRole = new ArrayList<String>(Arrays.asList(PermissionConstants.NATIONAL_CODE_ROLES_PERMISSIONS));
+ listRole.add(RoleConstants.OWNER);
+ listRole.add(ENTRolesConstants.GROUP_ADMIN);
+ listRole.add(ENTRolesConstants.EXTERNAL);
+
+ Group group = GroupLocalServiceUtil.getGroup(pFolder.getGroupId());
+ // If the group i community or organization, it select the corresponding groups
+ if (group.isOrganization()) {
+ listRole.add(RoleConstants.ORGANIZATION_ADMINISTRATOR);
+ listRole.add(RoleConstants.ORGANIZATION_OWNER);
+ listRole.add(RoleConstants.ORGANIZATION_USER);
+ }
+ else if (group.isRegularSite()) {
+ listRole.add(RoleConstants.SITE_ADMINISTRATOR);
+ listRole.add(RoleConstants.SITE_OWNER);
+ listRole.add(RoleConstants.SITE_MEMBER);
+
+ CommunityInfos ci = CommunityInfosLocalServiceUtil.getCommunityInfosByGroupId(group.getGroupId());
+ if (ci.getPolitic()==2){
+ listRole.add(ENTRolesConstants.COMMUNITY_VISITOR);
+ }
+ }
+ return listRole;
+ }
+
+ /**
+ * This method convert Map<Long,Set<String>> to Map<Long,String[]>
+ * @param pGetterPermissionMap the map of permission from method ResourcePermissionLocalServiceUtil.getAvailableResourcePermissionActionIds
+ * @return map to set permission for method ResourcePermissionLocalServiceUtil.setResourcePermissions
+ */
+ public static Map<Long,String[]> convertPermissionFromGetterToSetter(Map<Long,List<String>> pGetterPermissionMap){
+
+ Map<Long,String[]> setterPermissionMap = new HashMap<Long,String[]>();
+ // Convert map Map<Long,Set<String>> to Map<Long,String[]>
+ for(Entry<Long,List<String>> permissionEntry : pGetterPermissionMap.entrySet()){
+ setterPermissionMap.put(permissionEntry.getKey(),
+ permissionEntry.getValue().toArray(new String[permissionEntry.getValue().size()]));
+ }
+ return setterPermissionMap;
+ }
+
+ /**
+ * This method permit to set the view permission to a FileEntry or a Folder
+ * @param pRessources The ressource you will give the view permission. This parametter must be a FileEntry or a Folder
+ * @throws PortalException
+ * @throws SystemException
+ */
+ public static void setViewPermissionForRessources(Object pRessources) throws PortalException, SystemException{
+ int scope = ResourceConstants.SCOPE_INDIVIDUAL;
+ String[] actionsId = {ActionKeys.VIEW};
+
+ if(pRessources instanceof FileEntry){
+ String name = DLFileEntry.class.getName();
+ FileEntry file = (FileEntry) pRessources;
+ long roleId = RoleLocalServiceUtil.getRole(file.getCompanyId(), RoleConstants.USER).getRoleId();
+ ResourcePermissionLocalServiceUtil.setResourcePermissions(file.getCompanyId(), name, scope, String.valueOf(file.getPrimaryKey()),roleId, actionsId );
+ }
+ else if(pRessources instanceof Folder){
+ String name = DLFolder.class.getName();
+ Folder folder = (Folder) pRessources;
+ long roleId = RoleLocalServiceUtil.getRole(folder.getCompanyId(), RoleConstants.USER).getRoleId();
+ ResourcePermissionLocalServiceUtil.setResourcePermissions(folder.getCompanyId(), name, scope, String.valueOf(folder.getPrimaryKey()),roleId, actionsId );
+ }
+ else{
+ throw new IllegalArgumentException("Ressources must be an FileEntry or a Folder object");
+ }
+ }
+
+ /**
+ * this method permit to display the all user permission for the current object action per action
+ * @param pPermissionChecker
+ * @param pObjectName
+ * @param pRessource
+ */
+ public static void displayUserPermissionForRessource(PermissionChecker pPermissionChecker, String pObjectName, Object pRessource){
+ try{
+ List<ResourceAction> resourceActions = ResourceActionLocalServiceUtil.getResourceActions(pObjectName);
+ List<String> actionIds = new ArrayList<String>();
+ for(ResourceAction resourceAction: resourceActions){
+ actionIds.add(resourceAction.getActionId());
+ }
+
+ long ressourceId = 0;
+ long groupId = 0;
+ long creatorId = 0;
+ String ressourceObjectName = "";
+
+ if(pRessource instanceof FileEntry){
+ FileEntry ressource = (FileEntry) pRessource;
+ ressourceId = ressource.getFileEntryId();
+ groupId = ressource.getGroupId();
+ creatorId = ressource.getUserId();
+ ressourceObjectName = DLFileEntry.class.getName();
+ }
+ else if(pRessource instanceof Folder){
+ Folder ressource = (Folder) pRessource;
+ ressourceId = ressource.getFolderId();
+ groupId = ressource.getGroupId();
+ creatorId = ressource.getUserId();
+ ressourceObjectName = DLFolder.class.getName();
+ }
+ else if(pRessource instanceof MBCategory){
+ MBCategory ressource = (MBCategory) pRessource;
+ ressourceId = ressource.getCategoryId();
+ groupId = ressource.getGroupId();
+ creatorId = ressource.getUserId();
+ ressourceObjectName = MBCategory.class.getName();
+ }
+ else if(pRessource instanceof MBMessage){
+ MBMessage ressource = (MBMessage) pRessource;
+ ressourceId = ressource.getMessageId();
+ groupId = ressource.getGroupId();
+ creatorId = ressource.getUserId();
+ ressourceObjectName = MBMessage.class.getName();
+ }
+
+ long[] userRoleIds = PermissionsUtils.getRolesIdsToCheckForUserPermissions(groupId,creatorId, pPermissionChecker);
+ _log.warn("Display permission for user:" + UserLocalServiceUtil.getUser(pPermissionChecker.getUserId()).getScreenName()
+ + " for object type " + ressourceObjectName + " with id:" +ressourceId);
+ for(long userRoleId: userRoleIds){
+ _log.warn("For the role " + RoleLocalServiceUtil.getRole(userRoleId).getName() + " user has following permission:");
+ List<String> currentActions = ResourcePermissionLocalServiceUtil.getAvailableResourcePermissionActionIds
+ (pPermissionChecker.getCompanyId(), ressourceObjectName, ResourceConstants.SCOPE_INDIVIDUAL,
+ String.valueOf(ressourceId), userRoleId, actionIds);
+ for(String action: currentActions){
+ _log.warn(action);
+ }
+ }
+ }
+ catch(Exception e){
+ _log.debug(e);
+ }
+ }
+
+ private static Log _log = LogFactoryUtil.getLog(PermissionsUtils.class);
+
+}