001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.workflowtasks.action;
016    
017    import com.liferay.portal.kernel.util.ArrayUtil;
018    import com.liferay.portal.kernel.util.ParamUtil;
019    import com.liferay.portal.kernel.workflow.WorkflowTask;
020    import com.liferay.portal.kernel.workflow.WorkflowTaskAssignee;
021    import com.liferay.portal.kernel.workflow.WorkflowTaskManagerUtil;
022    import com.liferay.portal.model.Role;
023    import com.liferay.portal.model.User;
024    import com.liferay.portal.security.auth.PrincipalException;
025    import com.liferay.portal.security.permission.PermissionChecker;
026    import com.liferay.portal.theme.ThemeDisplay;
027    import com.liferay.portal.util.PortalUtil;
028    import com.liferay.portal.util.WebKeys;
029    
030    import javax.portlet.PortletRequest;
031    
032    import javax.servlet.http.HttpServletRequest;
033    
034    /**
035     * @author Marcellus Tavares
036     */
037    public class ActionUtil {
038    
039            public static void getWorkflowTask(HttpServletRequest request)
040                    throws Exception {
041    
042                    long workflowTaskId = ParamUtil.getLong(request, "workflowTaskId");
043    
044                    WorkflowTask workflowTask = null;
045    
046                    if (workflowTaskId > 0) {
047                            ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
048                                    WebKeys.THEME_DISPLAY);
049    
050                            PermissionChecker permissionChecker =
051                                    themeDisplay.getPermissionChecker();
052    
053                            workflowTask = WorkflowTaskManagerUtil.getWorkflowTask(
054                                    themeDisplay.getCompanyId(), workflowTaskId);
055    
056                            if (!hasViewPermission(
057                                            themeDisplay.getScopeGroupId(), workflowTask,
058                                            permissionChecker)) {
059    
060                                    throw new PrincipalException(
061                                            "User " + permissionChecker.getUserId() +
062                                                    " must have permission to perform action VIEW");
063                            }
064                    }
065    
066                    request.setAttribute(WebKeys.WORKFLOW_TASK, workflowTask);
067            }
068    
069            public static void getWorkflowTask(PortletRequest portletRequest)
070                    throws Exception {
071    
072                    HttpServletRequest request = PortalUtil.getHttpServletRequest(
073                            portletRequest);
074    
075                    getWorkflowTask(request);
076            }
077    
078            protected static boolean hasViewPermission(
079                    long groupId, WorkflowTask workflowTask,
080                    PermissionChecker permissionChecker) {
081    
082                    if (permissionChecker.isOmniadmin() ||
083                            permissionChecker.isCompanyAdmin()) {
084    
085                            return true;
086                    }
087    
088                    long[] roleIds = permissionChecker.getRoleIds(
089                            permissionChecker.getUserId(), groupId);
090    
091                    for (WorkflowTaskAssignee workflowTaskAssignee :
092                                    workflowTask.getWorkflowTaskAssignees()) {
093    
094                            if (isWorkflowTaskAssignableToRoles(
095                                            workflowTaskAssignee, roleIds) ||
096                                    isWorkflowTaskAssignableToUser(
097                                            workflowTaskAssignee, permissionChecker.getUserId())) {
098    
099                                    return true;
100                            }
101                    }
102    
103                    return false;
104            }
105    
106            protected static boolean isWorkflowTaskAssignableToRoles(
107                    WorkflowTaskAssignee workflowTaskAssignee, long[] roleIds) {
108    
109                    String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
110    
111                    if (!assigneeClassName.equals(Role.class.getName())) {
112                            return false;
113                    }
114    
115                    if (ArrayUtil.contains(
116                                    roleIds, workflowTaskAssignee.getAssigneeClassPK())) {
117    
118                            return true;
119                    }
120    
121                    return false;
122            }
123    
124            protected static boolean isWorkflowTaskAssignableToUser(
125                    WorkflowTaskAssignee workflowTaskAssignee, long userId) {
126    
127                    String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
128    
129                    if (!assigneeClassName.equals(User.class.getName())) {
130                            return false;
131                    }
132    
133                    if (workflowTaskAssignee.getAssigneeClassPK() == userId) {
134                            return true;
135                    }
136    
137                    return false;
138            }
139    
140    }