001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.OrganizationConstants;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.service.OrganizationLocalServiceUtil;
025 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
026 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
027 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
028
029 import java.util.Arrays;
030 import java.util.HashMap;
031 import java.util.List;
032 import java.util.Map;
033
034
037 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
038
039 public PermissionCheckerBagImpl() {
040 }
041
042 public PermissionCheckerBagImpl(
043 long userId, List<Group> userGroups, List<Organization> userOrgs,
044 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
045 List<Group> groups, List<Role> roles) {
046
047 _userId = userId;
048 _userGroups = userGroups;
049 _userOrgs = userOrgs;
050 _userOrgGroups = userOrgGroups;
051 _userUserGroupGroups = userUserGroupGroups;
052 _groups = groups;
053 _roles = roles;
054 }
055
056 public List<Group> getGroups() {
057 return _groups;
058 }
059
060 public long[] getRoleIds() {
061 if (_roleIds == null) {
062 List<Role> roles = getRoles();
063
064 long[] roleIds = new long[roles.size()];
065
066 for (int i = 0; i < roles.size(); i++) {
067 Role role = roles.get(i);
068
069 roleIds[i] = role.getRoleId();
070 }
071
072 Arrays.sort(roleIds);
073
074 _roleIds = roleIds;
075 }
076
077 return _roleIds;
078 }
079
080 public List<Role> getRoles() {
081 return _roles;
082 }
083
084 public List<Group> getUserGroups() {
085 return _userGroups;
086 }
087
088 public List<Group> getUserOrgGroups() {
089 return _userOrgGroups;
090 }
091
092 public List<Organization> getUserOrgs() {
093 return _userOrgs;
094 }
095
096 public List<Group> getUserUserGroupGroups() {
097 return _userUserGroupGroups;
098 }
099
100
104 public boolean isCommunityAdmin(
105 PermissionChecker permissionChecker, Group group)
106 throws Exception {
107
108 return isGroupAdmin(permissionChecker, group);
109 }
110
111
115 public boolean isCommunityOwner(
116 PermissionChecker permissionChecker, Group group)
117 throws Exception {
118
119 return isGroupOwner(permissionChecker, group);
120 }
121
122 public boolean isGroupAdmin(
123 PermissionChecker permissionChecker, Group group)
124 throws Exception {
125
126 Boolean value = _groupAdmins.get(group.getGroupId());
127
128 if (value == null) {
129 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
130
131 _groupAdmins.put(group.getGroupId(), value);
132 }
133
134 return value.booleanValue();
135 }
136
137 public boolean isGroupMember(
138 PermissionChecker permissionChecker, Group group)
139 throws Exception {
140
141 for (Role role : _roles) {
142 String name = role.getName();
143
144 if (name.equals(RoleConstants.SITE_MEMBER)) {
145 return true;
146 }
147 }
148
149 return false;
150 }
151
152 public boolean isGroupOwner(
153 PermissionChecker permissionChecker, Group group)
154 throws Exception {
155
156 Boolean value = _groupOwners.get(group.getGroupId());
157
158 if (value == null) {
159 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
160
161 _groupOwners.put(group.getGroupId(), value);
162 }
163
164 return value.booleanValue();
165 }
166
167 public boolean isOrganizationAdmin(
168 PermissionChecker permissionChecker, Organization organization)
169 throws Exception {
170
171 Boolean value = _organizationAdmins.get(
172 organization.getOrganizationId());
173
174 if (value == null) {
175 value = Boolean.valueOf(
176 isOrganizationAdminImpl(permissionChecker, organization));
177
178 _organizationAdmins.put(organization.getOrganizationId(), value);
179 }
180
181 return value.booleanValue();
182 }
183
184 protected boolean isGroupAdminImpl(
185 PermissionChecker permissionChecker, Group group)
186 throws PortalException, SystemException {
187
188 if (group.isSite()) {
189 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
190 _userId, group.getGroupId(),
191 RoleConstants.SITE_ADMINISTRATOR, true) ||
192 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
193 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
194 true)) {
195
196 return true;
197 }
198 }
199
200 if (group.isCompany()) {
201 if (permissionChecker.isCompanyAdmin()) {
202 return true;
203 }
204 else {
205 return false;
206 }
207 }
208 else if (group.isLayoutPrototype()) {
209 if (LayoutPrototypePermissionUtil.contains(
210 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
211
212 return true;
213 }
214 else {
215 return false;
216 }
217 }
218 else if (group.isLayoutSetPrototype()) {
219 if (LayoutSetPrototypePermissionUtil.contains(
220 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
221
222 return true;
223 }
224 else {
225 return false;
226 }
227 }
228 else if (group.isOrganization()) {
229 long organizationId = group.getOrganizationId();
230
231 while (organizationId !=
232 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
233
234 Organization organization =
235 OrganizationLocalServiceUtil.getOrganization(
236 organizationId);
237
238 Group organizationGroup = organization.getGroup();
239
240 long organizationGroupId = organizationGroup.getGroupId();
241
242 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
243 _userId, organizationGroupId,
244 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
245 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
246 _userId, organizationGroupId,
247 RoleConstants.ORGANIZATION_OWNER, true)) {
248
249 return true;
250 }
251
252 organizationId = organization.getParentOrganizationId();
253 }
254 }
255
256 return false;
257 }
258
259 protected boolean isGroupOwnerImpl(
260 PermissionChecker permissionChecker, Group group)
261 throws PortalException, SystemException {
262
263 if (group.isSite()) {
264 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
265 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
266 true)) {
267
268 return true;
269 }
270 }
271
272 if (group.isLayoutPrototype()) {
273 if (LayoutPrototypePermissionUtil.contains(
274 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
275
276 return true;
277 }
278 else {
279 return false;
280 }
281 }
282 else if (group.isLayoutSetPrototype()) {
283 if (LayoutSetPrototypePermissionUtil.contains(
284 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
285
286 return true;
287 }
288 else {
289 return false;
290 }
291 }
292 else if (group.isOrganization()) {
293 long organizationId = group.getOrganizationId();
294
295 while (organizationId !=
296 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
297
298 Organization organization =
299 OrganizationLocalServiceUtil.getOrganization(
300 organizationId);
301
302 Group organizationGroup = organization.getGroup();
303
304 long organizationGroupId = organizationGroup.getGroupId();
305
306 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
307 _userId, organizationGroupId,
308 RoleConstants.ORGANIZATION_OWNER, true)) {
309
310 return true;
311 }
312
313 organizationId = organization.getParentOrganizationId();
314 }
315 }
316 else if (group.isUser()) {
317 long userId = group.getClassPK();
318
319 if (userId == _userId) {
320 return true;
321 }
322 }
323
324 return false;
325 }
326
327 protected boolean isOrganizationAdminImpl(
328 PermissionChecker permissionChecker, Organization organization)
329 throws PortalException, SystemException {
330
331 while (organization != null) {
332 Group organizationGroup = organization.getGroup();
333
334 long organizationGroupId = organizationGroup.getGroupId();
335
336 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
337 _userId, organizationGroupId,
338 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
339 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
340 _userId, organizationGroupId,
341 RoleConstants.ORGANIZATION_OWNER, true)) {
342
343 return true;
344 }
345
346 organization = organization.getParentOrganization();
347 }
348
349 return false;
350 }
351
352 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
353 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
354 private List<Group> _groups;
355 private Map<Long, Boolean> _organizationAdmins =
356 new HashMap<Long, Boolean>();
357 private long[] _roleIds;
358 private List<Role> _roles;
359 private List<Group> _userGroups;
360 private long _userId;
361 private List<Group> _userOrgGroups;
362 private List<Organization> _userOrgs;
363 private List<Group> _userUserGroupGroups;
364
365 }