1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.permission;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.log.Log;
28  import com.liferay.portal.kernel.log.LogFactoryUtil;
29  import com.liferay.portal.model.Group;
30  import com.liferay.portal.model.GroupConstants;
31  import com.liferay.portal.model.Layout;
32  import com.liferay.portal.model.Portlet;
33  import com.liferay.portal.model.PortletConstants;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.ResourceActionsUtil;
38  import com.liferay.portal.service.GroupLocalServiceUtil;
39  import com.liferay.portal.service.LayoutLocalServiceUtil;
40  import com.liferay.portal.util.PropsValues;
41  
42  import java.util.List;
43  
44  /**
45   * <a href="PortletPermissionImpl.java.html"><b><i>View Source</i></b></a>
46   *
47   * @author Brian Wing Shun Chan
48   */
49  public class PortletPermissionImpl implements PortletPermission {
50  
51      public static final boolean DEFAULT_STRICT = false;
52  
53      public void check(
54              PermissionChecker permissionChecker, String portletId,
55              String actionId)
56          throws PortalException, SystemException {
57  
58          if (!contains(permissionChecker, portletId, actionId)) {
59              throw new PrincipalException();
60          }
61      }
62  
63      public void check(
64              PermissionChecker permissionChecker, long plid, String portletId,
65              String actionId)
66          throws PortalException, SystemException {
67  
68          check(permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
69      }
70  
71      public void check(
72              PermissionChecker permissionChecker, long plid, String portletId,
73              String actionId, boolean strict)
74          throws PortalException, SystemException {
75  
76          if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
77              throw new PrincipalException();
78          }
79      }
80  
81      public boolean contains(
82              PermissionChecker permissionChecker, String portletId,
83              String actionId)
84          throws PortalException, SystemException {
85  
86          return contains(permissionChecker, 0, portletId, actionId);
87      }
88  
89      public boolean contains(
90              PermissionChecker permissionChecker, long plid, String portletId,
91              String actionId)
92          throws PortalException, SystemException {
93  
94          return contains(
95              permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
96      }
97  
98      public boolean contains(
99              PermissionChecker permissionChecker, long plid, String portletId,
100             String actionId, boolean strict)
101         throws PortalException, SystemException {
102 
103         long groupId = 0;
104         String name = null;
105         String primKey = null;
106 
107         if (plid > 0) {
108             Layout layout = LayoutLocalServiceUtil.getLayout(plid);
109 
110             groupId = layout.getGroupId();
111             name = PortletConstants.getRootPortletId(portletId);
112             primKey = getPrimaryKey(plid, portletId);
113 
114             if ((layout.isPrivateLayout() &&
115                  !PropsValues.LAYOUT_USER_PRIVATE_LAYOUTS_MODIFIABLE) ||
116                 (layout.isPublicLayout() &&
117                  !PropsValues.LAYOUT_USER_PUBLIC_LAYOUTS_MODIFIABLE)) {
118 
119                 if (actionId.equals(ActionKeys.CONFIGURATION)) {
120                     Group group = GroupLocalServiceUtil.getGroup(
121                         layout.getGroupId());
122 
123                     if (group.isUser()) {
124                         return false;
125                     }
126                 }
127             }
128 
129             if (actionId.equals(ActionKeys.VIEW)) {
130                 Group group = GroupLocalServiceUtil.getGroup(
131                     layout.getGroupId());
132 
133                 if (group.getName().equals(GroupConstants.CONTROL_PANEL)) {
134                     return true;
135                 }
136             }
137 
138             if (!strict) {
139                 if (LayoutPermissionUtil.contains(
140                         permissionChecker, groupId, layout.isPrivateLayout(),
141                         layout.getLayoutId(), ActionKeys.UPDATE) &&
142                     hasLayoutManagerPermission(portletId, actionId)) {
143 
144                     return true;
145                 }
146             }
147         }
148         else {
149             name = portletId;
150             primKey = portletId;
151         }
152 
153         return permissionChecker.hasPermission(
154             groupId, name, primKey, actionId);
155     }
156 
157     public boolean contains(
158             PermissionChecker permissionChecker, long plid, Portlet portlet,
159             String actionId)
160         throws PortalException, SystemException {
161 
162         return contains(
163             permissionChecker, plid, portlet, actionId, DEFAULT_STRICT);
164     }
165 
166     public boolean contains(
167             PermissionChecker permissionChecker, long plid, Portlet portlet,
168             String actionId, boolean strict)
169         throws PortalException, SystemException {
170 
171         boolean value = contains(
172             permissionChecker, plid, portlet.getPortletId(), actionId, strict);
173 
174         if (value) {
175             return true;
176         }
177         else {
178             if (portlet.isSystem() && actionId.equals(ActionKeys.VIEW)) {
179                 return true;
180             }
181             else {
182                 return false;
183             }
184         }
185     }
186 
187     public String getPrimaryKey(long plid, String portletId) {
188         StringBuilder sb = new StringBuilder();
189 
190         sb.append(plid);
191         sb.append(PortletConstants.LAYOUT_SEPARATOR);
192         sb.append(portletId);
193 
194         return sb.toString();
195     }
196 
197     public boolean hasLayoutManagerPermission(
198         String portletId, String actionId) {
199 
200         try {
201             return hasLayoutManagerPermissionImpl(portletId, actionId);
202         }
203         catch (Exception e) {
204             _log.error(e, e);
205 
206             return false;
207         }
208     }
209 
210     protected boolean hasLayoutManagerPermissionImpl(
211         String portletId, String actionId) {
212 
213         portletId = PortletConstants.getRootPortletId(portletId);
214 
215         List<String> layoutManagerActions =
216             ResourceActionsUtil.getPortletResourceLayoutManagerActions(
217                 portletId);
218 
219         return layoutManagerActions.contains(actionId);
220     }
221 
222     private static Log _log =
223         LogFactoryUtil.getLog(PortletPermissionImpl.class);
224 
225 }