001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.NoSuchResourceException;
018 import com.liferay.portal.kernel.dao.orm.QueryUtil;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.ArrayUtil;
023 import com.liferay.portal.kernel.util.CharPool;
024 import com.liferay.portal.kernel.util.GetterUtil;
025 import com.liferay.portal.kernel.util.SetUtil;
026 import com.liferay.portal.kernel.util.UniqueList;
027 import com.liferay.portal.kernel.util.Validator;
028 import com.liferay.portal.model.Group;
029 import com.liferay.portal.model.GroupConstants;
030 import com.liferay.portal.model.GroupedModel;
031 import com.liferay.portal.model.Layout;
032 import com.liferay.portal.model.Organization;
033 import com.liferay.portal.model.Permission;
034 import com.liferay.portal.model.PermissionedModel;
035 import com.liferay.portal.model.PortletConstants;
036 import com.liferay.portal.model.Resource;
037 import com.liferay.portal.model.ResourceBlockConstants;
038 import com.liferay.portal.model.ResourceConstants;
039 import com.liferay.portal.model.Role;
040 import com.liferay.portal.model.RoleConstants;
041 import com.liferay.portal.model.Team;
042 import com.liferay.portal.model.UserGroup;
043 import com.liferay.portal.security.permission.comparator.PermissionActionIdComparator;
044 import com.liferay.portal.service.GroupLocalServiceUtil;
045 import com.liferay.portal.service.LayoutLocalServiceUtil;
046 import com.liferay.portal.service.OrganizationLocalServiceUtil;
047 import com.liferay.portal.service.PermissionLocalServiceUtil;
048 import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
049 import com.liferay.portal.service.ResourceLocalServiceUtil;
050 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
051 import com.liferay.portal.service.RoleLocalServiceUtil;
052 import com.liferay.portal.service.TeamLocalServiceUtil;
053 import com.liferay.portal.service.UserGroupLocalServiceUtil;
054 import com.liferay.portal.service.permission.PortletPermissionUtil;
055 import com.liferay.portal.util.PropsValues;
056
057 import java.util.ArrayList;
058 import java.util.Collections;
059 import java.util.HashMap;
060 import java.util.LinkedHashMap;
061 import java.util.List;
062 import java.util.Map;
063 import java.util.Set;
064
065 import org.apache.commons.lang.time.StopWatch;
066
067
074 public class AdvancedPermissionChecker extends BasePermissionChecker {
075
076 @Override
077 public AdvancedPermissionChecker clone() {
078 return new AdvancedPermissionChecker();
079 }
080
081 @Override
082 public List<Long> getGuestResourceBlockIds(
083 long companyId, long groupId, String name, String actionId) {
084
085 try {
086 ResourceBlockIdsBag resourceBlockIdsBag =
087 getGuestResourceBlockIdsBag(companyId, groupId, name);
088
089 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
090 resourceBlockIdsBag, name, actionId);
091 }
092 catch (Exception e) {
093 }
094
095 return Collections.emptyList();
096 }
097
098 public ResourceBlockIdsBag getGuestResourceBlockIdsBag(
099 long companyId, long groupId, String name)
100 throws Exception {
101
102
103
104 ResourceBlockIdsBag resourceBlockIdsBag =
105 PermissionCacheUtil.getResourceBlockIdsBag(
106 companyId, groupId, defaultUserId, name, true);
107
108 if (resourceBlockIdsBag != null) {
109 return resourceBlockIdsBag;
110 }
111
112 try {
113 PermissionCheckerBag bag = getGuestUserBag();
114
115 long[] roleIds = bag.getRoleIds();
116
117 resourceBlockIdsBag =
118 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
119 getCompanyId(), groupId, name, roleIds);
120
121 PermissionCacheUtil.putResourceBlockIdsBag(
122 companyId, groupId, defaultUserId, name, true,
123 resourceBlockIdsBag);
124
125 return resourceBlockIdsBag;
126 }
127 finally {
128 if (resourceBlockIdsBag == null) {
129 resourceBlockIdsBag = new ResourceBlockIdsBag();
130 }
131
132 PermissionCacheUtil.putResourceBlockIdsBag(
133 companyId, defaultUserId, groupId, name, true,
134 resourceBlockIdsBag);
135 }
136 }
137
138
144 public PermissionCheckerBag getGuestUserBag() throws Exception {
145 Group guestGroup = GroupLocalServiceUtil.getGroup(
146 getCompanyId(), GroupConstants.GUEST);
147
148 PermissionCheckerBag bag = PermissionCacheUtil.getBag(
149 defaultUserId, guestGroup.getGroupId());
150
151 if (bag == null) {
152 try {
153 List<Group> groups = new ArrayList<Group>();
154
155 groups.add(guestGroup);
156
157 List<Role> roles = RoleLocalServiceUtil.getUserRelatedRoles(
158 defaultUserId, groups);
159
160 bag = new PermissionCheckerBagImpl(
161 defaultUserId, new ArrayList<Group>(),
162 new ArrayList<Organization>(), new ArrayList<Group>(),
163 new ArrayList<Group>(), groups, roles);
164 }
165 finally {
166 if (bag == null) {
167 bag = new PermissionCheckerBagImpl(
168 defaultUserId, new ArrayList<Group>(),
169 new ArrayList<Organization>(), new ArrayList<Group>(),
170 new ArrayList<Group>(), new ArrayList<Group>(),
171 new ArrayList<Role>());
172 }
173
174 PermissionCacheUtil.putBag(
175 defaultUserId, guestGroup.getGroupId(), bag);
176 }
177 }
178
179 return bag;
180 }
181
182 @Override
183 public List<Long> getOwnerResourceBlockIds(
184 long companyId, long groupId, String name, String actionId) {
185
186 try {
187 ResourceBlockIdsBag resourceBlockIdsBag =
188 getOwnerResourceBlockIdsBag(companyId, groupId, name);
189
190 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
191 resourceBlockIdsBag, name, actionId);
192 }
193 catch (Exception e) {
194 }
195
196 return Collections.emptyList();
197 }
198
199 public ResourceBlockIdsBag getOwnerResourceBlockIdsBag(
200 long companyId, long groupId, String name)
201 throws SystemException {
202
203
204
205 ResourceBlockIdsBag resourceBlockIdsBag =
206 PermissionCacheUtil.getResourceBlockIdsBag(
207 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
208 true);
209
210 if (resourceBlockIdsBag != null) {
211 return resourceBlockIdsBag;
212 }
213
214 try {
215 long[] roleIds = {getOwnerRoleId()};
216
217 resourceBlockIdsBag =
218 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
219 getCompanyId(), groupId, name, roleIds);
220
221 PermissionCacheUtil.putResourceBlockIdsBag(
222 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
223 true, resourceBlockIdsBag);
224
225 return resourceBlockIdsBag;
226 }
227 finally {
228 if (resourceBlockIdsBag == null) {
229 resourceBlockIdsBag = new ResourceBlockIdsBag();
230 }
231
232 PermissionCacheUtil.putResourceBlockIdsBag(
233 companyId, ResourceBlockConstants.OWNER_USER_ID, groupId, name,
234 true, resourceBlockIdsBag);
235 }
236 }
237
238 @Override
239 public List<Long> getResourceBlockIds(
240 long companyId, long groupId, long userId, String name,
241 String actionId) {
242
243 try {
244 ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
245 companyId, groupId, userId, name);
246
247 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
248 resourceBlockIdsBag, name, actionId);
249 }
250 catch (Exception e) {
251 }
252
253 return Collections.emptyList();
254 }
255
256 public ResourceBlockIdsBag getResourceBlockIdsBag(
257 long companyId, long groupId, long userId, String name)
258 throws Exception {
259
260 ResourceBlockIdsBag resourceBlockIdsBag =
261 PermissionCacheUtil.getResourceBlockIdsBag(
262 companyId, groupId, userId, name, checkGuest);
263
264 if (resourceBlockIdsBag != null) {
265 return resourceBlockIdsBag;
266 }
267
268 try {
269 long[] roleIds = getRoleIds(userId, groupId);
270
271 resourceBlockIdsBag =
272 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
273 getCompanyId(), groupId, name, roleIds);
274
275 PermissionCacheUtil.putResourceBlockIdsBag(
276 companyId, groupId, userId, name, checkGuest,
277 resourceBlockIdsBag);
278
279 return resourceBlockIdsBag;
280 }
281 finally {
282 if (resourceBlockIdsBag == null) {
283 resourceBlockIdsBag = new ResourceBlockIdsBag();
284 }
285
286 PermissionCacheUtil.putResourceBlockIdsBag(
287 companyId, userId, groupId, name, checkGuest,
288 resourceBlockIdsBag);
289 }
290 }
291
292 @Override
293 public long[] getRoleIds(long userId, long groupId) {
294 PermissionCheckerBag bag = null;
295
296 try {
297 bag = getUserBag(userId, groupId);
298 }
299 catch (Exception e) {
300 }
301
302 if (bag != null) {
303 if (checkGuest) {
304 Set<Long> roleIds = SetUtil.fromArray(bag.getRoleIds());
305
306 try {
307 PermissionCheckerBag guestBag = getGuestUserBag();
308
309 if (guestBag != null) {
310 for (long roleId : guestBag.getRoleIds()) {
311 roleIds.add(roleId);
312 }
313 }
314 }
315 catch (Exception e) {
316 }
317
318 return ArrayUtil.toArray(
319 roleIds.toArray(new Long[roleIds.size()]));
320 }
321 else {
322 return bag.getRoleIds();
323 }
324 }
325
326 return PermissionChecker.DEFAULT_ROLE_IDS;
327 }
328
329
339 public PermissionCheckerBag getUserBag(long userId, long groupId)
340 throws Exception {
341
342 PermissionCheckerBag bag = PermissionCacheUtil.getBag(userId, groupId);
343
344 if (bag != null) {
345 return bag;
346 }
347
348 try {
349 Group group = null;
350
351 if (groupId > 0) {
352 group = GroupLocalServiceUtil.getGroup(groupId);
353
354 if (group.isLayout()) {
355 long parentGroupId = group.getParentGroupId();
356
357 if (parentGroupId > 0) {
358 group = GroupLocalServiceUtil.getGroup(parentGroupId);
359 }
360 }
361 }
362
363 List<Group> userGroups = GroupLocalServiceUtil.getUserGroups(
364 userId, true);
365
366 List<Organization> userOrgs = getUserOrgs(userId);
367
368 List<Group> userOrgGroups =
369 GroupLocalServiceUtil.getOrganizationsGroups(userOrgs);
370
371 List<UserGroup> userUserGroups =
372 UserGroupLocalServiceUtil.getUserUserGroups(userId);
373
374 List<Group> userUserGroupGroups =
375 GroupLocalServiceUtil.getUserGroupsGroups(userUserGroups);
376
377 List<Group> groups = new ArrayList<Group>(
378 userGroups.size() + userOrgGroups.size() +
379 userUserGroupGroups.size());
380
381 groups.addAll(userGroups);
382 groups.addAll(userOrgGroups);
383 groups.addAll(userUserGroupGroups);
384
385 List<Role> roles = new UniqueList<Role>();
386
387 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) ||
388 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) ||
389 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
390 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)) {
391
392 if (groups.size() > 0) {
393 List<Role> userRelatedRoles=
394 RoleLocalServiceUtil.getUserRelatedRoles(
395 userId, groups);
396
397 roles.addAll(userRelatedRoles);
398 }
399 else {
400 roles.addAll(RoleLocalServiceUtil.getUserRoles(userId));
401 }
402
403 List<Role> userGroupRoles =
404 RoleLocalServiceUtil.getUserGroupRoles(userId, groupId);
405
406 roles.addAll(userGroupRoles);
407
408 List<Role> userGroupGroupRoles =
409 RoleLocalServiceUtil.getUserGroupGroupRoles(
410 userId, groupId);
411
412 roles.addAll(userGroupGroupRoles);
413
414 if (group != null) {
415 if (group.isOrganization() &&
416 userOrgGroups.contains(group)) {
417
418 Role organizationUserRole =
419 RoleLocalServiceUtil.getRole(
420 group.getCompanyId(),
421 RoleConstants.ORGANIZATION_USER);
422
423 roles.add(organizationUserRole);
424 }
425
426 if (group.isSite() &&
427 (userGroups.contains(group) ||
428 userOrgGroups.contains(group))) {
429
430 Role siteMemberRole = RoleLocalServiceUtil.getRole(
431 group.getCompanyId(), RoleConstants.SITE_MEMBER);
432
433 roles.add(siteMemberRole);
434 }
435
436 if ((group.isOrganization() &&
437 userOrgGroups.contains(group)) ||
438 (group.isSite() && userGroups.contains(group))) {
439
440 addTeamRoles(userId, group, roles);
441 }
442 }
443 }
444 else {
445 roles = new ArrayList<Role>();
446 }
447
448 bag = new PermissionCheckerBagImpl(
449 userId, userGroups, userOrgs, userOrgGroups,
450 userUserGroupGroups, groups, roles);
451
452 return bag;
453 }
454 finally {
455 if (bag == null) {
456 bag = new PermissionCheckerBagImpl(
457 userId, new ArrayList<Group>(),
458 new ArrayList<Organization>(), new ArrayList<Group>(),
459 new ArrayList<Group>(), new ArrayList<Group>(),
460 new ArrayList<Role>());
461 }
462
463 PermissionCacheUtil.putBag(userId, groupId, bag);
464 }
465 }
466
467 public boolean hasOwnerPermission(
468 long companyId, String name, String primKey, long ownerId,
469 String actionId) {
470
471 if (ownerId != getUserId()) {
472 return false;
473 }
474
475 if (ownerId == defaultUserId) {
476 if (actionId.equals(ActionKeys.VIEW)) {
477 return true;
478 }
479 else {
480 return false;
481 }
482 }
483
484 try {
485 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
486 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
487 PermissionedModel permissionedModel =
488 ResourceBlockLocalServiceUtil.getPermissionedModel(
489 name, GetterUtil.getLong(primKey));
490
491 long groupId = 0;
492
493 if (permissionedModel instanceof GroupedModel) {
494 GroupedModel groupedModel =
495 (GroupedModel)permissionedModel;
496
497 groupId = groupedModel.getGroupId();
498 }
499
500 ResourceBlockIdsBag resourceBlockIdsBag =
501 getOwnerResourceBlockIdsBag(companyId, groupId, name);
502
503 return ResourceBlockLocalServiceUtil.hasPermission(
504 name, permissionedModel, actionId, resourceBlockIdsBag);
505 }
506
507 return ResourcePermissionLocalServiceUtil.hasResourcePermission(
508 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL,
509 primKey, getOwnerRoleId(), actionId);
510 }
511
512 ResourceActionsUtil.checkAction(name, actionId);
513
514 Resource resource = ResourceLocalServiceUtil.getResource(
515 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
516
517 List<Permission> permissions =
518 PermissionLocalServiceUtil.getRolePermissions(
519 getOwnerRoleId(), resource.getResourceId());
520
521 int pos = Collections.binarySearch(
522 permissions, actionId, new PermissionActionIdComparator());
523
524 if (pos >= 0) {
525 return true;
526 }
527 }
528 catch (Exception e) {
529 if (_log.isDebugEnabled()) {
530 _log.debug(e, e);
531 }
532 }
533
534 return false;
535 }
536
537 public boolean hasPermission(
538 long groupId, String name, String primKey, String actionId) {
539
540 StopWatch stopWatch = null;
541
542 if (_log.isDebugEnabled()) {
543 stopWatch = new StopWatch();
544
545 stopWatch.start();
546 }
547
548 Group group = null;
549
550
551
552
553
554 try {
555 if (groupId > 0) {
556 group = GroupLocalServiceUtil.getGroup(groupId);
557
558 if (group.isUser() && (group.getClassPK() == getUserId())) {
559 group = GroupLocalServiceUtil.getGroup(
560 getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
561
562 groupId = group.getGroupId();
563 }
564
565 if (group.isLayout()) {
566 Layout layout = LayoutLocalServiceUtil.getLayout(
567 group.getClassPK());
568
569 groupId = layout.getGroupId();
570
571 group = GroupLocalServiceUtil.getGroup(groupId);
572 }
573
574 if (group.isStagingGroup()) {
575 if (primKey.equals(String.valueOf(groupId))) {
576 primKey = String.valueOf(group.getLiveGroupId());
577 }
578
579 groupId = group.getLiveGroupId();
580 group = group.getLiveGroup();
581 }
582 }
583 }
584 catch (Exception e) {
585 _log.error(e, e);
586 }
587
588 Boolean value = PermissionCacheUtil.getPermission(
589 user.getUserId(), signedIn, checkGuest, groupId, name, primKey,
590 actionId);
591
592 if (value == null) {
593 try {
594 value = Boolean.valueOf(
595 hasPermissionImpl(groupId, name, primKey, actionId));
596
597 if (_log.isDebugEnabled()) {
598 _log.debug(
599 "Checking permission for " + groupId + " " + name +
600 " " + primKey + " " + actionId + " takes " +
601 stopWatch.getTime() + " ms");
602 }
603 }
604 finally {
605 if (value == null) {
606 value = Boolean.FALSE;
607 }
608
609 PermissionCacheUtil.putPermission(
610 user.getUserId(), signedIn, checkGuest, groupId, name,
611 primKey, actionId, value);
612 }
613 }
614
615 return value.booleanValue();
616 }
617
618 public boolean hasUserPermission(
619 long groupId, String name, String primKey, String actionId,
620 boolean checkAdmin) {
621
622 try {
623 return hasUserPermissionImpl(
624 groupId, name, primKey, actionId, checkAdmin);
625 }
626 catch (Exception e) {
627 _log.error(e, e);
628
629 return false;
630 }
631 }
632
633 public boolean isCompanyAdmin() {
634 try {
635 return isCompanyAdminImpl();
636 }
637 catch (Exception e) {
638 _log.error(e, e);
639
640 return false;
641 }
642 }
643
644 public boolean isCompanyAdmin(long companyId) {
645 try {
646 return isCompanyAdminImpl(companyId);
647 }
648 catch (Exception e) {
649 _log.error(e, e);
650
651 return false;
652 }
653 }
654
655 public boolean isGroupAdmin(long groupId) {
656 try {
657 return isGroupAdminImpl(groupId);
658 }
659 catch (Exception e) {
660 _log.error(e, e);
661
662 return false;
663 }
664 }
665
666 public boolean isGroupMember(long groupId) {
667 try {
668 return isGroupMemberImpl(groupId);
669 }
670 catch (Exception e) {
671 _log.error(e, e);
672
673 return false;
674 }
675 }
676
677 public boolean isGroupOwner(long groupId) {
678 try {
679 return isGroupOwnerImpl(groupId);
680 }
681 catch (Exception e) {
682 _log.error(e, e);
683
684 return false;
685 }
686 }
687
688 public boolean isOrganizationAdmin(long organizationId) {
689 try {
690 return isOrganizationAdminImpl(organizationId);
691 }
692 catch (Exception e) {
693 _log.error(e, e);
694
695 return false;
696 }
697 }
698
699 protected void addTeamRoles(long userId, Group group, List<Role> roles)
700 throws Exception {
701
702 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
703 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)) {
704
705 List<Team> userTeams = TeamLocalServiceUtil.getUserTeams(
706 userId, group.getGroupId());
707
708 for (Team team : userTeams) {
709 Role role = RoleLocalServiceUtil.getTeamRole(
710 team.getCompanyId(), team.getTeamId());
711
712 roles.add(role);
713 }
714
715 LinkedHashMap<String, Object> teamParams =
716 new LinkedHashMap<String, Object>();
717
718 teamParams.put("usersUserGroups", userId);
719
720 List<Team> userGroupTeams = TeamLocalServiceUtil.search(
721 group.getGroupId(), null, null, teamParams, QueryUtil.ALL_POS,
722 QueryUtil.ALL_POS, null);
723
724 for (Team team : userGroupTeams) {
725 Role role = RoleLocalServiceUtil.getTeamRole(
726 team.getCompanyId(), team.getTeamId());
727
728 roles.add(role);
729 }
730 }
731 }
732
733
755 protected List<Resource> getResources(
756 long companyId, long groupId, String name, String primKey,
757 String actionId)
758 throws Exception {
759
760
761
762 List<Resource> resources = new ArrayList<Resource>(4);
763
764 try {
765 Resource resource = ResourceLocalServiceUtil.getResource(
766 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
767
768 resources.add(resource);
769 }
770 catch (NoSuchResourceException nsre) {
771 if (_log.isWarnEnabled()) {
772 _log.warn(
773 "Resource " + companyId + " " + name + " " +
774 ResourceConstants.SCOPE_INDIVIDUAL + " " + primKey +
775 " does not exist");
776 }
777 }
778
779
780
781 try {
782 if (groupId > 0) {
783 Resource resource = ResourceLocalServiceUtil.getResource(
784 companyId, name, ResourceConstants.SCOPE_GROUP,
785 String.valueOf(groupId));
786
787 resources.add(resource);
788 }
789 }
790 catch (NoSuchResourceException nsre) {
791 if (_log.isWarnEnabled()) {
792 _log.warn(
793 "Resource " + companyId + " " + name + " " +
794 ResourceConstants.SCOPE_GROUP + " " + groupId +
795 " does not exist");
796 }
797 }
798
799
800
801 try {
802 if (signedIn && (groupId > 0)) {
803 Resource resource = ResourceLocalServiceUtil.getResource(
804 companyId, name, ResourceConstants.SCOPE_GROUP_TEMPLATE,
805 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID));
806
807 resources.add(resource);
808 }
809 }
810 catch (NoSuchResourceException nsre) {
811 if (_log.isWarnEnabled()) {
812 _log.warn(
813 "Resource " + companyId + " " + name + " " +
814 ResourceConstants.SCOPE_GROUP_TEMPLATE + " " +
815 GroupConstants.DEFAULT_PARENT_GROUP_ID +
816 " does not exist");
817 }
818 }
819
820
821
822 try {
823 Resource resource = ResourceLocalServiceUtil.getResource(
824 companyId, name, ResourceConstants.SCOPE_COMPANY,
825 String.valueOf(companyId));
826
827 resources.add(resource);
828 }
829 catch (NoSuchResourceException nsre) {
830 if (_log.isWarnEnabled()) {
831 _log.warn(
832 "Resource " + companyId + " " + name + " " +
833 ResourceConstants.SCOPE_COMPANY + " " + companyId +
834 " does not exist");
835 }
836 }
837
838 return resources;
839 }
840
841
850 protected List<Organization> getUserOrgs(long userId) throws Exception {
851 List<Organization> userOrgs =
852 OrganizationLocalServiceUtil.getUserOrganizations(userId);
853
854 if (userOrgs.size() == 0) {
855 return userOrgs;
856 }
857
858 List<Organization> organizations = new UniqueList<Organization>();
859
860 for (Organization organization : userOrgs) {
861 if (!organizations.contains(organization)) {
862 organizations.add(organization);
863
864 List<Organization> ancestorOrganizations =
865 OrganizationLocalServiceUtil.getParentOrganizations(
866 organization.getOrganizationId());
867
868 organizations.addAll(ancestorOrganizations);
869 }
870 }
871
872 return organizations;
873 }
874
875 protected boolean hasGuestPermission(
876 long groupId, String name, String primKey, String actionId)
877 throws Exception {
878
879 ResourceActionsUtil.checkAction(name, actionId);
880
881 if (name.indexOf(CharPool.PERIOD) != -1) {
882
883
884
885 List<String> actions = ResourceActionsUtil.
886 getModelResourceGuestUnsupportedActions(name);
887
888 if (actions.contains(actionId)) {
889 return false;
890 }
891 }
892 else {
893
894
895
896 List<String> actions = ResourceActionsUtil.
897 getPortletResourceGuestUnsupportedActions(name);
898
899 if (actions.contains(actionId)) {
900 return false;
901 }
902 }
903
904 long companyId = user.getCompanyId();
905
906 List<Resource> resources = getResources(
907 companyId, groupId, name, primKey, actionId);
908
909 PermissionCheckerBag bag = getGuestUserBag();
910
911 try {
912 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
913 ResourceBlockLocalServiceUtil.isSupported(name)) {
914
915 ResourceBlockIdsBag resourceBlockIdsBag =
916 getGuestResourceBlockIdsBag(companyId, groupId, name);
917
918 return ResourceBlockLocalServiceUtil.hasPermission(
919 name, GetterUtil.getLong(primKey), actionId,
920 resourceBlockIdsBag);
921 }
922
923 return PermissionLocalServiceUtil.hasUserPermissions(
924 defaultUserId, groupId, resources, actionId, bag);
925 }
926 catch (Exception e) {
927 _log.error(e, e);
928
929 return false;
930 }
931 }
932
933 protected boolean hasPermissionImpl(
934 long groupId, String name, String primKey, String actionId) {
935
936 try {
937 if (!signedIn) {
938 return hasGuestPermission(groupId, name, primKey, actionId);
939 }
940
941 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
942 ResourceBlockLocalServiceUtil.isSupported(name)) {
943
944
945
946
947
948 return hasUserPermission(
949 groupId, name, primKey, actionId, true);
950 }
951
952 boolean value = false;
953
954 if (checkGuest) {
955 value = hasGuestPermission(groupId, name, primKey, actionId);
956 }
957
958 if (!value) {
959 value = hasUserPermission(
960 groupId, name, primKey, actionId, true);
961 }
962
963 return value;
964 }
965 catch (Exception e) {
966 _log.error(e, e);
967
968 return false;
969 }
970 }
971
972 protected boolean hasUserPermissionImpl(
973 long groupId, String name, String primKey, String actionId,
974 boolean checkAdmin)
975 throws Exception {
976
977 StopWatch stopWatch = null;
978
979 if (_log.isDebugEnabled()) {
980 stopWatch = new StopWatch();
981
982 stopWatch.start();
983 }
984
985 long companyId = user.getCompanyId();
986
987 boolean hasLayoutManagerPermission = true;
988
989
990
991
992 if (Validator.isNotNull(name) && Validator.isNotNull(primKey) &&
993 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
994
995 hasLayoutManagerPermission =
996 PortletPermissionUtil.hasLayoutManagerPermission(
997 name, actionId);
998 }
999
1000 if (checkAdmin) {
1001 if (isCompanyAdminImpl(companyId)) {
1002 return true;
1003 }
1004
1005 if (name.equals(Organization.class.getName())) {
1006 long organizationId = GetterUtil.getInteger(primKey);
1007
1008 if (isOrganizationAdminImpl(organizationId)) {
1009 return true;
1010 }
1011 }
1012 else if (isGroupAdminImpl(groupId) && hasLayoutManagerPermission) {
1013 return true;
1014 }
1015 }
1016
1017 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 1);
1018
1019 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
1020 ResourceBlockLocalServiceUtil.isSupported(name)) {
1021
1022 ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
1023 companyId, groupId, getUserId(), name);
1024
1025 boolean value = ResourceBlockLocalServiceUtil.hasPermission(
1026 name, GetterUtil.getLong(primKey), actionId,
1027 resourceBlockIdsBag);
1028
1029 logHasUserPermission(
1030 groupId, name, primKey, actionId, stopWatch, 2);
1031
1032 return value;
1033 }
1034
1035 List<Resource> resources = getResources(
1036 companyId, groupId, name, primKey, actionId);
1037
1038 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 3);
1039
1040
1041
1042
1043
1044
1045 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1046
1047 boolean value = PermissionLocalServiceUtil.hasUserPermissions(
1048 user.getUserId(), groupId, resources, actionId, bag);
1049
1050 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 4);
1051
1052 return value;
1053 }
1054
1055 protected boolean isCompanyAdminImpl() throws Exception {
1056 return isCompanyAdminImpl(user.getCompanyId());
1057 }
1058
1059 protected boolean isCompanyAdminImpl(long companyId) throws Exception {
1060 if (!signedIn) {
1061 return false;
1062 }
1063
1064 if (isOmniadmin()) {
1065 return true;
1066 }
1067
1068 Boolean value = companyAdmins.get(companyId);
1069
1070 if (value == null) {
1071 boolean hasAdminRole = RoleLocalServiceUtil.hasUserRole(
1072 user.getUserId(), companyId, RoleConstants.ADMINISTRATOR, true);
1073
1074 value = Boolean.valueOf(hasAdminRole);
1075
1076 companyAdmins.put(companyId, value);
1077 }
1078
1079 return value.booleanValue();
1080 }
1081
1082 protected boolean isGroupAdminImpl(long groupId) throws Exception {
1083 if (!signedIn) {
1084 return false;
1085 }
1086
1087 if (isOmniadmin()) {
1088 return true;
1089 }
1090
1091 if (groupId <= 0) {
1092 return false;
1093 }
1094
1095 Group group = GroupLocalServiceUtil.getGroup(groupId);
1096
1097 if (isCompanyAdmin(group.getCompanyId())) {
1098 return true;
1099 }
1100
1101 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1102
1103 if (bag == null) {
1104 _log.error("Bag should never be null");
1105 }
1106
1107 if (bag.isGroupAdmin(this, group)) {
1108 return true;
1109 }
1110 else {
1111 return false;
1112 }
1113 }
1114
1115 protected boolean isGroupMemberImpl(long groupId) throws Exception {
1116 if (!signedIn) {
1117 return false;
1118 }
1119
1120 if (groupId <= 0) {
1121 return false;
1122 }
1123
1124 Group group = GroupLocalServiceUtil.getGroup(groupId);
1125
1126 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1127
1128 if (bag == null) {
1129 _log.error("Bag should never be null");
1130 }
1131
1132 if (bag.isGroupMember(this, group)) {
1133 return true;
1134 }
1135 else {
1136 return false;
1137 }
1138 }
1139
1140 protected boolean isGroupOwnerImpl(long groupId) throws Exception {
1141 if (!signedIn) {
1142 return false;
1143 }
1144
1145 if (isOmniadmin()) {
1146 return true;
1147 }
1148
1149 if (groupId <= 0) {
1150 return false;
1151 }
1152
1153 Group group = GroupLocalServiceUtil.getGroup(groupId);
1154
1155 if (isCompanyAdmin(group.getCompanyId())) {
1156 return true;
1157 }
1158
1159 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1160
1161 if (bag == null) {
1162 _log.error("Bag should never be null");
1163 }
1164
1165 if (bag.isGroupOwner(this, group)) {
1166 return true;
1167 }
1168 else {
1169 return false;
1170 }
1171 }
1172
1173 protected boolean isOrganizationAdminImpl(long organizationId)
1174 throws Exception {
1175
1176 if (!signedIn) {
1177 return false;
1178 }
1179
1180 if (isOmniadmin()) {
1181 return true;
1182 }
1183
1184 if (organizationId <= 0) {
1185 return false;
1186 }
1187
1188 Organization organization =
1189 OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1190
1191 if (organization == null) {
1192 return false;
1193 }
1194
1195 if (isCompanyAdmin(organization.getCompanyId())) {
1196 return true;
1197 }
1198
1199 PermissionCheckerBag bag = getUserBag(
1200 user.getUserId(), organization.getGroupId());
1201
1202 if (bag == null) {
1203 _log.error("Bag should never be null");
1204 }
1205
1206 if (bag.isOrganizationAdmin(this, organization)) {
1207 return true;
1208 }
1209 else {
1210 return false;
1211 }
1212 }
1213
1214 protected void logHasUserPermission(
1215 long groupId, String name, String primKey, String actionId,
1216 StopWatch stopWatch, int block) {
1217
1218 if (!_log.isDebugEnabled()) {
1219 return;
1220 }
1221
1222 _log.debug(
1223 "Checking user permission block " + block + " for " + groupId +
1224 " " + name + " " + primKey + " " + actionId + " takes " +
1225 stopWatch.getTime() + " ms");
1226 }
1227
1228
1231 protected static final String RESULTS_SEPARATOR = "_RESULTS_SEPARATOR_";
1232
1233 protected Map<Long, Boolean> companyAdmins = new HashMap<Long, Boolean>();
1234
1235 private static Log _log = LogFactoryUtil.getLog(
1236 AdvancedPermissionChecker.class);
1237
1238 }