001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.AuditedModel;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.GroupedModel;
023 import com.liferay.portal.model.Layout;
024 import com.liferay.portal.model.PermissionedModel;
025 import com.liferay.portal.model.PortletConstants;
026 import com.liferay.portal.model.Resource;
027 import com.liferay.portal.model.ResourceConstants;
028 import com.liferay.portal.model.ResourcePermission;
029 import com.liferay.portal.model.Role;
030 import com.liferay.portal.model.Team;
031 import com.liferay.portal.model.User;
032 import com.liferay.portal.security.auth.PrincipalException;
033 import com.liferay.portal.security.permission.ActionKeys;
034 import com.liferay.portal.security.permission.PermissionChecker;
035 import com.liferay.portal.security.permission.PermissionCheckerBag;
036 import com.liferay.portal.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
038 import com.liferay.portal.service.permission.GroupPermissionUtil;
039 import com.liferay.portal.service.permission.LayoutPermissionUtil;
040 import com.liferay.portal.service.permission.PortletPermissionUtil;
041 import com.liferay.portal.service.permission.TeamPermissionUtil;
042 import com.liferay.portal.service.permission.UserPermissionUtil;
043 import com.liferay.portlet.blogs.model.BlogsEntry;
044 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
045 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
046 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
047 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
048 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
049 import com.liferay.portlet.calendar.model.CalEvent;
050 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
051 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
052 import com.liferay.portlet.documentlibrary.model.DLFolder;
053 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
054 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
055 import com.liferay.portlet.journal.model.JournalArticle;
056 import com.liferay.portlet.journal.model.JournalFeed;
057 import com.liferay.portlet.journal.model.JournalStructure;
058 import com.liferay.portlet.journal.model.JournalTemplate;
059 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
060 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
061 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
062 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
063 import com.liferay.portlet.messageboards.model.MBCategory;
064 import com.liferay.portlet.messageboards.model.MBMessage;
065 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
066 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
067 import com.liferay.portlet.polls.model.PollsQuestion;
068 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
069 import com.liferay.portlet.shopping.model.ShoppingCategory;
070 import com.liferay.portlet.shopping.model.ShoppingItem;
071 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
072 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
073 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
074 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
075 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
076 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
077 import com.liferay.portlet.wiki.model.WikiNode;
078 import com.liferay.portlet.wiki.model.WikiPage;
079 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
080 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
081
082 import java.util.List;
083 import java.util.Map;
084
085
091 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
092
093
103 public void checkPermission(long groupId, long resourceId)
104 throws PortalException, SystemException {
105
106 checkPermission(getPermissionChecker(), groupId, resourceId);
107 }
108
109
120 public void checkPermission(long groupId, String name, long primKey)
121 throws PortalException, SystemException {
122
123 checkPermission(getPermissionChecker(), groupId, name, primKey);
124 }
125
126
137 public void checkPermission(long groupId, String name, String primKey)
138 throws PortalException, SystemException {
139
140 checkPermission(getPermissionChecker(), groupId, name, primKey);
141 }
142
143
154 public boolean hasGroupPermission(
155 long groupId, String actionId, long resourceId)
156 throws SystemException {
157
158 return permissionLocalService.hasGroupPermission(
159 groupId, actionId, resourceId);
160 }
161
162
173 public boolean hasUserPermission(
174 long userId, String actionId, long resourceId)
175 throws SystemException {
176
177 return permissionLocalService.hasUserPermission(
178 userId, actionId, resourceId);
179 }
180
181
204 public boolean hasUserPermissions(
205 long userId, long groupId, List<Resource> resources,
206 String actionId, PermissionCheckerBag permissionCheckerBag)
207 throws PortalException, SystemException {
208
209 return permissionLocalService.hasUserPermissions(
210 userId, groupId, resources, actionId, permissionCheckerBag);
211 }
212
213
224 public void setGroupPermissions(
225 long groupId, String[] actionIds, long resourceId)
226 throws PortalException, SystemException {
227
228 checkPermission(getPermissionChecker(), groupId, resourceId);
229
230 permissionLocalService.setGroupPermissions(
231 groupId, actionIds, resourceId);
232 }
233
234
251 public void setGroupPermissions(
252 String className, String classPK, long groupId, String[] actionIds,
253 long resourceId)
254 throws PortalException, SystemException {
255
256 checkPermission(getPermissionChecker(), groupId, resourceId);
257
258 permissionLocalService.setGroupPermissions(
259 className, classPK, groupId, actionIds, resourceId);
260 }
261
262
276 public void setIndividualPermissions(
277 long groupId, long companyId,
278 Map<Long, String[]> roleIdsToActionIds, long resourceId)
279 throws PortalException, SystemException {
280
281 checkPermission(getPermissionChecker(), groupId, resourceId);
282
283 permissionLocalService.setRolesPermissions(
284 companyId, roleIdsToActionIds, resourceId);
285 }
286
287
302 public void setOrgGroupPermissions(
303 long organizationId, long groupId, String[] actionIds,
304 long resourceId)
305 throws PortalException, SystemException {
306
307 checkPermission(getPermissionChecker(), groupId, resourceId);
308
309 permissionLocalService.setOrgGroupPermissions(
310 organizationId, groupId, actionIds, resourceId);
311 }
312
313
328 public void setRolePermission(
329 long roleId, long groupId, String name, int scope, String primKey,
330 String actionId)
331 throws PortalException, SystemException {
332
333 checkPermission(
334 getPermissionChecker(), groupId, Role.class.getName(), roleId);
335
336 User user = getUser();
337
338 permissionLocalService.setRolePermission(
339 roleId, user.getCompanyId(), name, scope, primKey, actionId);
340 }
341
342
354 public void setRolePermissions(
355 long roleId, long groupId, String[] actionIds, long resourceId)
356 throws PortalException, SystemException {
357
358 checkPermission(getPermissionChecker(), groupId, resourceId);
359
360 permissionLocalService.setRolePermissions(
361 roleId, actionIds, resourceId);
362 }
363
364
376 public void setUserPermissions(
377 long userId, long groupId, String[] actionIds, long resourceId)
378 throws PortalException, SystemException {
379
380 checkPermission(getPermissionChecker(), groupId, resourceId);
381
382 permissionLocalService.setUserPermissions(
383 userId, actionIds, resourceId);
384 }
385
386
395 public void unsetRolePermission(
396 long roleId, long groupId, long permissionId)
397 throws PortalException, SystemException {
398
399 checkPermission(
400 getPermissionChecker(), groupId, Role.class.getName(), roleId);
401
402 permissionLocalService.unsetRolePermission(roleId, permissionId);
403 }
404
405
418 public void unsetRolePermission(
419 long roleId, long groupId, String name, int scope, String primKey,
420 String actionId)
421 throws PortalException, SystemException {
422
423 checkPermission(
424 getPermissionChecker(), groupId, Role.class.getName(), roleId);
425
426 User user = getUser();
427
428 permissionLocalService.unsetRolePermission(
429 roleId, user.getCompanyId(), name, scope, primKey, actionId);
430 }
431
432
444 public void unsetRolePermissions(
445 long roleId, long groupId, String name, int scope, String actionId)
446 throws PortalException, SystemException {
447
448 checkPermission(
449 getPermissionChecker(), groupId, Role.class.getName(), roleId);
450
451 User user = getUser();
452
453 permissionLocalService.unsetRolePermissions(
454 roleId, user.getCompanyId(), name, scope, actionId);
455 }
456
457
468 public void unsetUserPermissions(
469 long userId, long groupId, String[] actionIds, long resourceId)
470 throws PortalException, SystemException {
471
472 checkPermission(getPermissionChecker(), groupId, resourceId);
473
474 permissionLocalService.unsetUserPermissions(
475 userId, actionIds, resourceId);
476 }
477
478 protected void checkPermission(
479 PermissionChecker permissionChecker, long groupId, long resourceId)
480 throws PortalException, SystemException {
481
482 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
483
484 checkPermission(
485 permissionChecker, groupId, resource.getName(),
486 resource.getPrimKey().toString());
487 }
488
489 protected void checkPermission(
490 PermissionChecker permissionChecker, long groupId, String name,
491 long primKey)
492 throws PortalException, SystemException {
493
494 checkPermission(
495 permissionChecker, groupId, name, String.valueOf(primKey));
496 }
497
498 protected void checkPermission(
499 PermissionChecker permissionChecker, long groupId, String name,
500 String primKey)
501 throws PortalException, SystemException {
502
503 if (name.equals(BlogsEntry.class.getName())) {
504 BlogsEntryPermission.check(
505 permissionChecker, GetterUtil.getLong(primKey),
506 ActionKeys.PERMISSIONS);
507 }
508 else if (name.equals(BookmarksEntry.class.getName())) {
509 BookmarksEntryPermission.check(
510 permissionChecker, GetterUtil.getLong(primKey),
511 ActionKeys.PERMISSIONS);
512 }
513 else if (name.equals(BookmarksFolder.class.getName())) {
514 BookmarksFolderPermission.check(
515 permissionChecker, groupId, GetterUtil.getLong(primKey),
516 ActionKeys.PERMISSIONS);
517 }
518 else if (name.equals(CalEvent.class.getName())) {
519 CalEventPermission.check(
520 permissionChecker, GetterUtil.getLong(primKey),
521 ActionKeys.PERMISSIONS);
522 }
523 else if (name.equals(DLFileEntry.class.getName())) {
524 DLFileEntryPermission.check(
525 permissionChecker, GetterUtil.getLong(primKey),
526 ActionKeys.PERMISSIONS);
527 }
528 else if (name.equals(DLFolder.class.getName())) {
529 DLFolderPermission.check(
530 permissionChecker, groupId, GetterUtil.getLong(primKey),
531 ActionKeys.PERMISSIONS);
532 }
533 else if (name.equals(Group.class.getName())) {
534 GroupPermissionUtil.check(
535 permissionChecker, GetterUtil.getLong(primKey),
536 ActionKeys.PERMISSIONS);
537 }
538 else if (name.equals(JournalArticle.class.getName())) {
539 JournalArticlePermission.check(
540 permissionChecker, GetterUtil.getLong(primKey),
541 ActionKeys.PERMISSIONS);
542 }
543 else if (name.equals(JournalFeed.class.getName())) {
544 JournalFeedPermission.check(
545 permissionChecker, GetterUtil.getLong(primKey),
546 ActionKeys.PERMISSIONS);
547 }
548 else if (name.equals(JournalStructure.class.getName())) {
549 JournalStructurePermission.check(
550 permissionChecker, GetterUtil.getLong(primKey),
551 ActionKeys.PERMISSIONS);
552 }
553 else if (name.equals(JournalTemplate.class.getName())) {
554 JournalTemplatePermission.check(
555 permissionChecker, GetterUtil.getLong(primKey),
556 ActionKeys.PERMISSIONS);
557 }
558 else if (name.equals(Layout.class.getName())) {
559 LayoutPermissionUtil.check(
560 permissionChecker, GetterUtil.getLong(primKey),
561 ActionKeys.PERMISSIONS);
562 }
563 else if (name.equals(MBCategory.class.getName())) {
564 MBCategoryPermission.check(
565 permissionChecker, groupId, GetterUtil.getLong(primKey),
566 ActionKeys.PERMISSIONS);
567 }
568 else if (name.equals(MBMessage.class.getName())) {
569 MBMessagePermission.check(
570 permissionChecker, GetterUtil.getLong(primKey),
571 ActionKeys.PERMISSIONS);
572 }
573 else if (name.equals(PollsQuestion.class.getName())) {
574 PollsQuestionPermission.check(
575 permissionChecker, GetterUtil.getLong(primKey),
576 ActionKeys.PERMISSIONS);
577 }
578 else if (name.equals(SCFrameworkVersion.class.getName())) {
579 SCFrameworkVersionPermission.check(
580 permissionChecker, GetterUtil.getLong(primKey),
581 ActionKeys.PERMISSIONS);
582 }
583 else if (name.equals(SCProductEntry.class.getName())) {
584 SCProductEntryPermission.check(
585 permissionChecker, GetterUtil.getLong(primKey),
586 ActionKeys.PERMISSIONS);
587 }
588 else if (name.equals(ShoppingCategory.class.getName())) {
589 ShoppingCategoryPermission.check(
590 permissionChecker, groupId, GetterUtil.getLong(primKey),
591 ActionKeys.PERMISSIONS);
592 }
593 else if (name.equals(ShoppingItem.class.getName())) {
594 ShoppingItemPermission.check(
595 permissionChecker, GetterUtil.getLong(primKey),
596 ActionKeys.PERMISSIONS);
597 }
598 else if (name.equals(Team.class.getName())) {
599 long teamId = GetterUtil.getLong(primKey);
600
601 Team team = teamPersistence.findByPrimaryKey(teamId);
602
603 GroupPermissionUtil.check(
604 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
605 }
606 else if (name.equals(User.class.getName())) {
607 long userId = GetterUtil.getLong(primKey);
608
609 User user = userPersistence.findByPrimaryKey(userId);
610
611 UserPermissionUtil.check(
612 permissionChecker, userId, user.getOrganizationIds(),
613 ActionKeys.PERMISSIONS);
614 }
615 else if (name.equals(WikiNode.class.getName())) {
616 WikiNodePermission.check(
617 permissionChecker, GetterUtil.getLong(primKey),
618 ActionKeys.PERMISSIONS);
619 }
620 else if (name.equals(WikiPage.class.getName())) {
621 WikiPagePermission.check(
622 permissionChecker, GetterUtil.getLong(primKey),
623 ActionKeys.PERMISSIONS);
624 }
625 else if ((primKey != null) &&
626 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
627
628 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
629
630 long plid = GetterUtil.getLong(primKey.substring(0, pos));
631
632 String portletId = primKey.substring(
633 pos + PortletConstants.LAYOUT_SEPARATOR.length());
634
635 PortletPermissionUtil.check(
636 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
637 }
638 else if (!permissionChecker.hasPermission(
639 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
640
641 long ownerId = 0;
642
643 if (resourceBlockLocalService.isSupported(name)) {
644 PermissionedModel permissionedModel =
645 resourceBlockLocalService.getPermissionedModel(
646 name, GetterUtil.getLong(primKey));
647
648 if (permissionedModel instanceof GroupedModel) {
649 GroupedModel groupedModel = (GroupedModel)permissionedModel;
650
651 ownerId = groupedModel.getUserId();
652 }
653 else if (permissionedModel instanceof AuditedModel) {
654 AuditedModel auditedModel = (AuditedModel)permissionedModel;
655
656 ownerId = auditedModel.getUserId();
657 }
658 }
659 else {
660 ResourcePermission resourcePermission =
661 resourcePermissionLocalService.getResourcePermission(
662 permissionChecker.getCompanyId(), name,
663 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
664 permissionChecker.getOwnerRoleId());
665
666 ownerId = resourcePermission.getOwnerId();
667 }
668
669 if (permissionChecker.hasOwnerPermission(
670 permissionChecker.getCompanyId(), name, primKey, ownerId,
671 ActionKeys.PERMISSIONS)) {
672
673 return;
674 }
675
676 Role role = null;
677
678 if (name.equals(Role.class.getName())) {
679 long roleId = GetterUtil.getLong(primKey);
680
681 role = rolePersistence.findByPrimaryKey(roleId);
682 }
683
684 if ((role != null) && role.isTeam()) {
685 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
686
687 TeamPermissionUtil.check(
688 permissionChecker, team.getTeamId(),
689 ActionKeys.PERMISSIONS);
690 }
691 else {
692 List<String> resourceActions =
693 ResourceActionsUtil.getResourceActions(name);
694
695 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
696 !permissionChecker.hasPermission(
697 groupId, name, primKey,
698 ActionKeys.DEFINE_PERMISSIONS)) {
699
700 throw new PrincipalException();
701 }
702 }
703 }
704 }
705
706 }