001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.AuditedModel;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.GroupedModel;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.PermissionedModel;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.Resource;
027    import com.liferay.portal.model.ResourceConstants;
028    import com.liferay.portal.model.ResourcePermission;
029    import com.liferay.portal.model.Role;
030    import com.liferay.portal.model.Team;
031    import com.liferay.portal.model.User;
032    import com.liferay.portal.security.auth.PrincipalException;
033    import com.liferay.portal.security.permission.ActionKeys;
034    import com.liferay.portal.security.permission.PermissionChecker;
035    import com.liferay.portal.security.permission.PermissionCheckerBag;
036    import com.liferay.portal.security.permission.ResourceActionsUtil;
037    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
038    import com.liferay.portal.service.permission.GroupPermissionUtil;
039    import com.liferay.portal.service.permission.LayoutPermissionUtil;
040    import com.liferay.portal.service.permission.PortletPermissionUtil;
041    import com.liferay.portal.service.permission.TeamPermissionUtil;
042    import com.liferay.portal.service.permission.UserPermissionUtil;
043    import com.liferay.portlet.blogs.model.BlogsEntry;
044    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
045    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
046    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
047    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
048    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
049    import com.liferay.portlet.calendar.model.CalEvent;
050    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
051    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
052    import com.liferay.portlet.documentlibrary.model.DLFolder;
053    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
054    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
055    import com.liferay.portlet.journal.model.JournalArticle;
056    import com.liferay.portlet.journal.model.JournalFeed;
057    import com.liferay.portlet.journal.model.JournalStructure;
058    import com.liferay.portlet.journal.model.JournalTemplate;
059    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
060    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
061    import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
062    import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
063    import com.liferay.portlet.messageboards.model.MBCategory;
064    import com.liferay.portlet.messageboards.model.MBMessage;
065    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
066    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
067    import com.liferay.portlet.polls.model.PollsQuestion;
068    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
069    import com.liferay.portlet.shopping.model.ShoppingCategory;
070    import com.liferay.portlet.shopping.model.ShoppingItem;
071    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
072    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
073    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
074    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
075    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
076    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
077    import com.liferay.portlet.wiki.model.WikiNode;
078    import com.liferay.portlet.wiki.model.WikiPage;
079    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
080    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
081    
082    import java.util.List;
083    import java.util.Map;
084    
085    /**
086     * The implementation of the permission remote service.
087     *
088     * @author Brian Wing Shun Chan
089     * @author Raymond Augé
090     */
091    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
092    
093            /**
094             * Checks to see if the group has permission to the resource.
095             *
096             * @param  groupId the primary key of the group
097             * @param  resourceId the primary key of the resource
098             * @throws PortalException if the group did not have permission to the
099             *         resource, or if a group or resource with the primary key could
100             *         not be found or was invalid
101             * @throws SystemException if a system exception occurred
102             */
103            public void checkPermission(long groupId, long resourceId)
104                    throws PortalException, SystemException {
105    
106                    checkPermission(getPermissionChecker(), groupId, resourceId);
107            }
108    
109            /**
110             * Checks to see if the group has permission to the service.
111             *
112             * @param  groupId the primary key of the group
113             * @param  name the service name
114             * @param  primKey the primary key of the service
115             * @throws PortalException if the group did not have permission to the
116             *         service, if a group with the primary key could not be found or if
117             *         the permission information was invalid
118             * @throws SystemException if a system exception occurred
119             */
120            public void checkPermission(long groupId, String name, long primKey)
121                    throws PortalException, SystemException {
122    
123                    checkPermission(getPermissionChecker(), groupId, name, primKey);
124            }
125    
126            /**
127             * Checks to see if the group has permission to the service.
128             *
129             * @param  groupId the primary key of the group
130             * @param  name the service name
131             * @param  primKey the primary key of the service
132             * @throws PortalException if the group did not have permission to the
133             *         service, if a group with the primary key could not be found or if
134             *         the permission information was invalid
135             * @throws SystemException if a system exception occurred
136             */
137            public void checkPermission(long groupId, String name, String primKey)
138                    throws PortalException, SystemException {
139    
140                    checkPermission(getPermissionChecker(), groupId, name, primKey);
141            }
142    
143            /**
144             * Returns <code>true</code> if the group has permission to perform the
145             * action on the resource.
146             *
147             * @param  groupId the primary key of the group
148             * @param  actionId the action's ID
149             * @param  resourceId the primary key of the resource
150             * @return <code>true</code> if the group has permission to perform the
151             *         action on the resource; <code>false</code> otherwise
152             * @throws SystemException if a system exception occurred
153             */
154            public boolean hasGroupPermission(
155                            long groupId, String actionId, long resourceId)
156                    throws SystemException {
157    
158                    return permissionLocalService.hasGroupPermission(
159                            groupId, actionId, resourceId);
160            }
161    
162            /**
163             * Returns <code>true</code> if the user has permission to perform the
164             * action on the resource.
165             *
166             * @param  userId the primary key of the user
167             * @param  actionId the action's ID
168             * @param  resourceId the primary key of the resource
169             * @return <code>true</code> if the user has permission to perform the
170             *         action on the resource; <code>false</code> otherwise
171             * @throws SystemException if a system exception occurred
172             */
173            public boolean hasUserPermission(
174                            long userId, String actionId, long resourceId)
175                    throws SystemException {
176    
177                    return permissionLocalService.hasUserPermission(
178                            userId, actionId, resourceId);
179            }
180    
181            /**
182             * Returns <code>true</code> if the user has permission to perform the
183             * action on the resources.
184             *
185             * <p>
186             * This method does not support resources managed by the resource block
187             * system.
188             * </p>
189             *
190             * @param  userId the primary key of the user
191             * @param  groupId the primary key of the group containing the resource
192             * @param  resources representations of the resource at each scope level
193             *         returned by {@link
194             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
195             *         long, long, String, String, String)}
196             * @param  actionId the action's ID
197             * @param  permissionCheckerBag the permission checker bag
198             * @return <code>true</code> if the user has permission to perform the
199             *         action on the resources; <code>false</code> otherwise
200             * @throws PortalException if a resource action based on any one of the
201             *         resources and the action ID could not be found
202             * @throws SystemException if a system exception occurred
203             */
204            public boolean hasUserPermissions(
205                            long userId, long groupId, List<Resource> resources,
206                            String actionId, PermissionCheckerBag permissionCheckerBag)
207                    throws PortalException, SystemException {
208    
209                    return permissionLocalService.hasUserPermissions(
210                            userId, groupId, resources, actionId, permissionCheckerBag);
211            }
212    
213            /**
214             * Sets the group's permissions to perform the actions on the resource,
215             * replacing the group's existing permissions on the resource.
216             *
217             * @param  groupId the primary key of the group
218             * @param  actionIds the primary keys of the actions
219             * @param  resourceId the primary key of the resource
220             * @throws PortalException if a group with the primary key could not be
221             *         found or if the group did not have permission to the resource
222             * @throws SystemException if a system exception occurred
223             */
224            public void setGroupPermissions(
225                            long groupId, String[] actionIds, long resourceId)
226                    throws PortalException, SystemException {
227    
228                    checkPermission(getPermissionChecker(), groupId, resourceId);
229    
230                    permissionLocalService.setGroupPermissions(
231                            groupId, actionIds, resourceId);
232            }
233    
234            /**
235             * Sets the entity's group permissions to perform the actions on the
236             * resource, replacing the entity's existing group permissions on the
237             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
238             * com.liferay.portal.model.UserGroup} class entities are supported.
239             *
240             * @param  className the class name of an organization or user group
241             * @param  classPK the primary key of the class
242             * @param  groupId the primary key of the group
243             * @param  actionIds the primary keys of the actions
244             * @param  resourceId the primary key of the resource
245             * @throws PortalException if the group did not have permission to the
246             *         resource, if an entity with the class name and primary key could
247             *         not be found, or if the entity's associated group could not be
248             *         found
249             * @throws SystemException if a system exception occurred
250             */
251            public void setGroupPermissions(
252                            String className, String classPK, long groupId, String[] actionIds,
253                            long resourceId)
254                    throws PortalException, SystemException {
255    
256                    checkPermission(getPermissionChecker(), groupId, resourceId);
257    
258                    permissionLocalService.setGroupPermissions(
259                            className, classPK, groupId, actionIds, resourceId);
260            }
261    
262            /**
263             * Sets the permissions of each role to perform respective actions on the
264             * resource, replacing the existing permissions of each role on the
265             * resource.
266             *
267             * @param  groupId the primary key of the group
268             * @param  companyId the primary key of the company
269             * @param  roleIdsToActionIds the map of roles to their new actions on the
270             *         resource
271             * @param  resourceId the primary key of the resource
272             * @throws PortalException if the group did not have permission to the
273             *         resource
274             * @throws SystemException if a system exception occurred
275             */
276            public void setIndividualPermissions(
277                            long groupId, long companyId,
278                            Map<Long, String[]> roleIdsToActionIds, long resourceId)
279                    throws PortalException, SystemException {
280    
281                    checkPermission(getPermissionChecker(), groupId, resourceId);
282    
283                    permissionLocalService.setRolesPermissions(
284                            companyId, roleIdsToActionIds, resourceId);
285            }
286    
287            /**
288             * Sets the organization permission to perform the actions on the resource
289             * for a particular group, replacing the organization's existing permissions
290             * on the resource.
291             *
292             * @param  organizationId the primary key of the organization
293             * @param  groupId the primary key of the group in which to scope the
294             *         permissions
295             * @param  actionIds the primary keys of the actions
296             * @param  resourceId the primary key of the resource
297             * @throws PortalException if the group did not have permission to the
298             *         resource or if an organization with the primary key could not be
299             *         found
300             * @throws SystemException if a system exception occurred
301             */
302            public void setOrgGroupPermissions(
303                            long organizationId, long groupId, String[] actionIds,
304                            long resourceId)
305                    throws PortalException, SystemException {
306    
307                    checkPermission(getPermissionChecker(), groupId, resourceId);
308    
309                    permissionLocalService.setOrgGroupPermissions(
310                            organizationId, groupId, actionIds, resourceId);
311            }
312    
313            /**
314             * Sets the role's permissions to perform the action on the named resource,
315             * replacing the role's existing permissions on the resource.
316             *
317             * @param  roleId the primary key of the role
318             * @param  groupId the primary key of the group
319             * @param  name the resource name
320             * @param  scope the resource scope
321             * @param  primKey the resource primKey
322             * @param  actionId the action's ID
323             * @throws PortalException if the group did not have permission to the role
324             *         or if the scope was {@link
325             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
326             * @throws SystemException if a system exception occurred
327             */
328            public void setRolePermission(
329                            long roleId, long groupId, String name, int scope, String primKey,
330                            String actionId)
331                    throws PortalException, SystemException {
332    
333                    checkPermission(
334                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
335    
336                    User user = getUser();
337    
338                    permissionLocalService.setRolePermission(
339                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
340            }
341    
342            /**
343             * Sets the role's permissions to perform the actions on the resource,
344             * replacing the role's existing permissions on the resource.
345             *
346             * @param  roleId the primary key of the role
347             * @param  groupId the primary key of the group
348             * @param  actionIds the primary keys of the actions
349             * @param  resourceId the primary key of the resource
350             * @throws PortalException if the group did not have permission to the
351             *         resource or if a role with the primary key could not be found
352             * @throws SystemException if a system exception occurred
353             */
354            public void setRolePermissions(
355                            long roleId, long groupId, String[] actionIds, long resourceId)
356                    throws PortalException, SystemException {
357    
358                    checkPermission(getPermissionChecker(), groupId, resourceId);
359    
360                    permissionLocalService.setRolePermissions(
361                            roleId, actionIds, resourceId);
362            }
363    
364            /**
365             * Sets the user's permissions to perform the actions on the resource,
366             * replacing the user's existing permissions on the resource.
367             *
368             * @param  userId the primary key of the user
369             * @param  groupId the primary key of the group
370             * @param  actionIds the primary keys of the actions
371             * @param  resourceId the primary key of the resource
372             * @throws PortalException if the group did not have permission to the
373             *         resource or if a user with the primary key could not be found
374             * @throws SystemException if a system exception occurred
375             */
376            public void setUserPermissions(
377                            long userId, long groupId, String[] actionIds, long resourceId)
378                    throws PortalException, SystemException {
379    
380                    checkPermission(getPermissionChecker(), groupId, resourceId);
381    
382                    permissionLocalService.setUserPermissions(
383                            userId, actionIds, resourceId);
384            }
385    
386            /**
387             * Removes the permission from the role.
388             *
389             * @param  roleId the primary key of the role
390             * @param  groupId the primary key of the group
391             * @param  permissionId the primary key of the permission
392             * @throws PortalException if the group did not have permission to the role
393             * @throws SystemException if a system exception occurred
394             */
395            public void unsetRolePermission(
396                            long roleId, long groupId, long permissionId)
397                    throws PortalException, SystemException {
398    
399                    checkPermission(
400                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
401    
402                    permissionLocalService.unsetRolePermission(roleId, permissionId);
403            }
404    
405            /**
406             * Removes the role's permissions to perform the action on the named
407             * resource with the scope and primKey.
408             *
409             * @param  roleId the primary key of the role
410             * @param  groupId the primary key of the group
411             * @param  name the resource name
412             * @param  scope the resource scope
413             * @param  primKey the resource primKey
414             * @param  actionId the action's ID
415             * @throws PortalException if the group did not have permission to the role
416             * @throws SystemException if a system exception occurred
417             */
418            public void unsetRolePermission(
419                            long roleId, long groupId, String name, int scope, String primKey,
420                            String actionId)
421                    throws PortalException, SystemException {
422    
423                    checkPermission(
424                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
425    
426                    User user = getUser();
427    
428                    permissionLocalService.unsetRolePermission(
429                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
430            }
431    
432            /**
433             * Removes the role's permissions to perform the action on the named
434             * resource.
435             *
436             * @param  roleId the primary key of the role
437             * @param  groupId the primary key of the group
438             * @param  name the resource name
439             * @param  scope the resource scope
440             * @param  actionId the action's ID
441             * @throws PortalException if the group did not have permission to the role
442             * @throws SystemException if a system exception occurred
443             */
444            public void unsetRolePermissions(
445                            long roleId, long groupId, String name, int scope, String actionId)
446                    throws PortalException, SystemException {
447    
448                    checkPermission(
449                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
450    
451                    User user = getUser();
452    
453                    permissionLocalService.unsetRolePermissions(
454                            roleId, user.getCompanyId(), name, scope, actionId);
455            }
456    
457            /**
458             * Removes the user's permissions to perform the actions on the resource.
459             *
460             * @param  userId the primary key of the user
461             * @param  groupId the primary key of the group
462             * @param  actionIds the primary keys of the actions
463             * @param  resourceId the primary key of the resource
464             * @throws PortalException if the group did not have permission to the
465             *         resource
466             * @throws SystemException if a system exception occurred
467             */
468            public void unsetUserPermissions(
469                            long userId, long groupId, String[] actionIds, long resourceId)
470                    throws PortalException, SystemException {
471    
472                    checkPermission(getPermissionChecker(), groupId, resourceId);
473    
474                    permissionLocalService.unsetUserPermissions(
475                            userId, actionIds, resourceId);
476            }
477    
478            protected void checkPermission(
479                            PermissionChecker permissionChecker, long groupId, long resourceId)
480                    throws PortalException, SystemException {
481    
482                    Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
483    
484                    checkPermission(
485                            permissionChecker, groupId, resource.getName(),
486                            resource.getPrimKey().toString());
487            }
488    
489            protected void checkPermission(
490                            PermissionChecker permissionChecker, long groupId, String name,
491                            long primKey)
492                    throws PortalException, SystemException {
493    
494                    checkPermission(
495                            permissionChecker, groupId, name, String.valueOf(primKey));
496            }
497    
498            protected void checkPermission(
499                            PermissionChecker permissionChecker, long groupId, String name,
500                            String primKey)
501                    throws PortalException, SystemException {
502    
503                    if (name.equals(BlogsEntry.class.getName())) {
504                            BlogsEntryPermission.check(
505                                    permissionChecker, GetterUtil.getLong(primKey),
506                                    ActionKeys.PERMISSIONS);
507                    }
508                    else if (name.equals(BookmarksEntry.class.getName())) {
509                            BookmarksEntryPermission.check(
510                                    permissionChecker, GetterUtil.getLong(primKey),
511                                    ActionKeys.PERMISSIONS);
512                    }
513                    else if (name.equals(BookmarksFolder.class.getName())) {
514                            BookmarksFolderPermission.check(
515                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
516                                    ActionKeys.PERMISSIONS);
517                    }
518                    else if (name.equals(CalEvent.class.getName())) {
519                            CalEventPermission.check(
520                                    permissionChecker, GetterUtil.getLong(primKey),
521                                    ActionKeys.PERMISSIONS);
522                    }
523                    else if (name.equals(DLFileEntry.class.getName())) {
524                            DLFileEntryPermission.check(
525                                    permissionChecker, GetterUtil.getLong(primKey),
526                                    ActionKeys.PERMISSIONS);
527                    }
528                    else if (name.equals(DLFolder.class.getName())) {
529                            DLFolderPermission.check(
530                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
531                                    ActionKeys.PERMISSIONS);
532                    }
533                    else if (name.equals(Group.class.getName())) {
534                            GroupPermissionUtil.check(
535                                    permissionChecker, GetterUtil.getLong(primKey),
536                                    ActionKeys.PERMISSIONS);
537                    }
538                    else if (name.equals(JournalArticle.class.getName())) {
539                            JournalArticlePermission.check(
540                                    permissionChecker, GetterUtil.getLong(primKey),
541                                    ActionKeys.PERMISSIONS);
542                    }
543                    else if (name.equals(JournalFeed.class.getName())) {
544                            JournalFeedPermission.check(
545                                    permissionChecker, GetterUtil.getLong(primKey),
546                                    ActionKeys.PERMISSIONS);
547                    }
548                    else if (name.equals(JournalStructure.class.getName())) {
549                            JournalStructurePermission.check(
550                                    permissionChecker, GetterUtil.getLong(primKey),
551                                    ActionKeys.PERMISSIONS);
552                    }
553                    else if (name.equals(JournalTemplate.class.getName())) {
554                            JournalTemplatePermission.check(
555                                    permissionChecker, GetterUtil.getLong(primKey),
556                                    ActionKeys.PERMISSIONS);
557                    }
558                    else if (name.equals(Layout.class.getName())) {
559                            LayoutPermissionUtil.check(
560                                    permissionChecker, GetterUtil.getLong(primKey),
561                                    ActionKeys.PERMISSIONS);
562                    }
563                    else if (name.equals(MBCategory.class.getName())) {
564                            MBCategoryPermission.check(
565                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
566                                    ActionKeys.PERMISSIONS);
567                    }
568                    else if (name.equals(MBMessage.class.getName())) {
569                            MBMessagePermission.check(
570                                    permissionChecker, GetterUtil.getLong(primKey),
571                                    ActionKeys.PERMISSIONS);
572                    }
573                    else if (name.equals(PollsQuestion.class.getName())) {
574                            PollsQuestionPermission.check(
575                                    permissionChecker, GetterUtil.getLong(primKey),
576                                    ActionKeys.PERMISSIONS);
577                    }
578                    else if (name.equals(SCFrameworkVersion.class.getName())) {
579                            SCFrameworkVersionPermission.check(
580                                    permissionChecker, GetterUtil.getLong(primKey),
581                                    ActionKeys.PERMISSIONS);
582                    }
583                    else if (name.equals(SCProductEntry.class.getName())) {
584                            SCProductEntryPermission.check(
585                                    permissionChecker, GetterUtil.getLong(primKey),
586                                    ActionKeys.PERMISSIONS);
587                    }
588                    else if (name.equals(ShoppingCategory.class.getName())) {
589                            ShoppingCategoryPermission.check(
590                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
591                                    ActionKeys.PERMISSIONS);
592                    }
593                    else if (name.equals(ShoppingItem.class.getName())) {
594                            ShoppingItemPermission.check(
595                                    permissionChecker, GetterUtil.getLong(primKey),
596                                    ActionKeys.PERMISSIONS);
597                    }
598                    else if (name.equals(Team.class.getName())) {
599                            long teamId = GetterUtil.getLong(primKey);
600    
601                            Team team = teamPersistence.findByPrimaryKey(teamId);
602    
603                            GroupPermissionUtil.check(
604                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
605                    }
606                    else if (name.equals(User.class.getName())) {
607                            long userId = GetterUtil.getLong(primKey);
608    
609                            User user = userPersistence.findByPrimaryKey(userId);
610    
611                            UserPermissionUtil.check(
612                                    permissionChecker, userId, user.getOrganizationIds(),
613                                    ActionKeys.PERMISSIONS);
614                    }
615                    else if (name.equals(WikiNode.class.getName())) {
616                            WikiNodePermission.check(
617                                    permissionChecker, GetterUtil.getLong(primKey),
618                                    ActionKeys.PERMISSIONS);
619                    }
620                    else if (name.equals(WikiPage.class.getName())) {
621                            WikiPagePermission.check(
622                                    permissionChecker, GetterUtil.getLong(primKey),
623                                    ActionKeys.PERMISSIONS);
624                    }
625                    else if ((primKey != null) &&
626                                     (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
627    
628                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
629    
630                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
631    
632                            String portletId = primKey.substring(
633                                    pos + PortletConstants.LAYOUT_SEPARATOR.length());
634    
635                            PortletPermissionUtil.check(
636                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
637                    }
638                    else if (!permissionChecker.hasPermission(
639                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
640    
641                            long ownerId = 0;
642    
643                            if (resourceBlockLocalService.isSupported(name)) {
644                                    PermissionedModel permissionedModel =
645                                            resourceBlockLocalService.getPermissionedModel(
646                                                    name, GetterUtil.getLong(primKey));
647    
648                                    if (permissionedModel instanceof GroupedModel) {
649                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
650    
651                                            ownerId = groupedModel.getUserId();
652                                    }
653                                    else if (permissionedModel instanceof AuditedModel) {
654                                            AuditedModel auditedModel = (AuditedModel)permissionedModel;
655    
656                                            ownerId = auditedModel.getUserId();
657                                    }
658                            }
659                            else {
660                                    ResourcePermission resourcePermission =
661                                            resourcePermissionLocalService.getResourcePermission(
662                                                    permissionChecker.getCompanyId(), name,
663                                                    ResourceConstants.SCOPE_INDIVIDUAL, primKey,
664                                                    permissionChecker.getOwnerRoleId());
665    
666                                    ownerId = resourcePermission.getOwnerId();
667                            }
668    
669                            if (permissionChecker.hasOwnerPermission(
670                                            permissionChecker.getCompanyId(), name, primKey, ownerId,
671                                            ActionKeys.PERMISSIONS)) {
672    
673                                    return;
674                            }
675    
676                            Role role = null;
677    
678                            if (name.equals(Role.class.getName())) {
679                                    long roleId = GetterUtil.getLong(primKey);
680    
681                                    role = rolePersistence.findByPrimaryKey(roleId);
682                            }
683    
684                            if ((role != null) && role.isTeam()) {
685                                    Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
686    
687                                    TeamPermissionUtil.check(
688                                            permissionChecker, team.getTeamId(),
689                                            ActionKeys.PERMISSIONS);
690                            }
691                            else {
692                                    List<String> resourceActions =
693                                            ResourceActionsUtil.getResourceActions(name);
694    
695                                    if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
696                                            !permissionChecker.hasPermission(
697                                                    groupId, name, primKey,
698                                                    ActionKeys.DEFINE_PERMISSIONS)) {
699    
700                                            throw new PrincipalException();
701                                    }
702                            }
703                    }
704            }
705    
706    }