001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.Contact;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.ResourceConstants;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.security.auth.PrincipalException;
026 import com.liferay.portal.security.permission.ActionKeys;
027 import com.liferay.portal.security.permission.PermissionChecker;
028 import com.liferay.portal.service.OrganizationLocalServiceUtil;
029 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030 import com.liferay.portal.service.UserLocalServiceUtil;
031 import com.liferay.portal.util.PortalUtil;
032 import com.liferay.portal.util.PropsValues;
033
034
038 public class UserPermissionImpl implements UserPermission {
039
040
044 public void check(
045 PermissionChecker permissionChecker, long userId,
046 long organizationId, long locationId, String actionId)
047 throws PrincipalException {
048
049 check(
050 permissionChecker, userId, new long[] {organizationId, locationId},
051 actionId);
052 }
053
054 public void check(
055 PermissionChecker permissionChecker, long userId,
056 long[] organizationIds, String actionId)
057 throws PrincipalException {
058
059 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
060 throw new PrincipalException();
061 }
062 }
063
064 public void check(
065 PermissionChecker permissionChecker, long userId, String actionId)
066 throws PrincipalException {
067
068 if (!contains(permissionChecker, userId, actionId)) {
069 throw new PrincipalException();
070 }
071 }
072
073
077 public boolean contains(
078 PermissionChecker permissionChecker, long userId, long organizationId,
079 long locationId, String actionId) {
080
081 return contains(
082 permissionChecker, userId, new long[] {organizationId, locationId},
083 actionId);
084 }
085
086 public boolean contains(
087 PermissionChecker permissionChecker, long userId,
088 long[] organizationIds, String actionId) {
089
090 if (actionId.equals(ActionKeys.IMPERSONATE) &&
091 PortalUtil.isOmniadmin(userId) &&
092 !permissionChecker.isOmniadmin()) {
093
094 return false;
095 }
096
097 try {
098 User user = null;
099
100 if (userId != ResourceConstants.PRIMKEY_DNE) {
101 user = UserLocalServiceUtil.getUserById(userId);
102
103 Contact contact = user.getContact();
104
105 if ((((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
106 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)) &&
107 (permissionChecker.hasOwnerPermission(
108 permissionChecker.getCompanyId(), User.class.getName(),
109 userId, contact.getUserId(), actionId))) ||
110 (permissionChecker.getUserId() == userId)) {
111
112 return true;
113 }
114 }
115
116 if (permissionChecker.hasPermission(
117 0, User.class.getName(), userId, actionId)) {
118
119 return true;
120 }
121
122 if (user == null) {
123 return false;
124 }
125
126 if (organizationIds == null) {
127 organizationIds = user.getOrganizationIds();
128 }
129
130 for (long organizationId : organizationIds) {
131 if (OrganizationPermissionUtil.contains(
132 permissionChecker, organizationId,
133 ActionKeys.MANAGE_USERS)) {
134
135 if (permissionChecker.getUserId() == user.getUserId()) {
136 return true;
137 }
138
139 Organization organization =
140 OrganizationLocalServiceUtil.getOrganization(
141 organizationId);
142
143 Group organizationGroup = organization.getGroup();
144
145
146
147
148
149 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
150 user.getUserId(), organizationGroup.getGroupId(),
151 RoleConstants.ORGANIZATION_OWNER, true)) {
152
153 continue;
154 }
155 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
156 user.getUserId(),
157 organizationGroup.getGroupId(),
158 RoleConstants.ORGANIZATION_ADMINISTRATOR,
159 true) &&
160 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
161 permissionChecker.getUserId(),
162 organizationGroup.getGroupId(),
163 RoleConstants.ORGANIZATION_OWNER, true)) {
164
165 continue;
166 }
167
168 return true;
169 }
170 }
171 }
172 catch (Exception e) {
173 _log.error(e, e);
174 }
175
176 return false;
177 }
178
179 public boolean contains(
180 PermissionChecker permissionChecker, long userId, String actionId) {
181
182 return contains(permissionChecker, userId, null, actionId);
183 }
184
185 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
186
187 }