001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portlet.documentlibrary.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.repository.model.Folder;
020    import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.PermissionChecker;
024    import com.liferay.portal.util.PortletKeys;
025    import com.liferay.portal.util.PropsValues;
026    import com.liferay.portlet.documentlibrary.NoSuchFolderException;
027    import com.liferay.portlet.documentlibrary.model.DLFolder;
028    import com.liferay.portlet.documentlibrary.model.DLFolderConstants;
029    import com.liferay.portlet.documentlibrary.service.DLAppLocalServiceUtil;
030    import com.liferay.portlet.documentlibrary.service.DLFolderLocalServiceUtil;
031    
032    /**
033     * @author Brian Wing Shun Chan
034     */
035    public class DLFolderPermission {
036    
037            public static void check(
038                            PermissionChecker permissionChecker, DLFolder dlFolder,
039                            String actionId)
040                    throws PortalException, SystemException {
041    
042                    if (!contains(permissionChecker, dlFolder, actionId)) {
043                            throw new PrincipalException(
044                                    String.format(
045                                            "User %s must have %s permission for %s %s",
046                                            permissionChecker.getUserId(), actionId,
047                                            DLFolder.class.getName(), dlFolder.getFolderId()));
048                    }
049            }
050    
051            public static void check(
052                            PermissionChecker permissionChecker, Folder folder, String actionId)
053                    throws PortalException, SystemException {
054    
055                    if (!folder.containsPermission(permissionChecker, actionId)) {
056                            throw new PrincipalException(
057                                    String.format(
058                                            "User %s must have %s permission for %s %s",
059                                            permissionChecker.getUserId(), actionId,
060                                            Folder.class.getName(), folder.getFolderId()));
061                    }
062            }
063    
064            public static void check(
065                            PermissionChecker permissionChecker, long groupId, long folderId,
066                            String actionId)
067                    throws PortalException, SystemException {
068    
069                    if (!contains(permissionChecker, groupId, folderId, actionId)) {
070                            throw new PrincipalException(
071                                    String.format(
072                                            "User %s must have %s permission for %s %s",
073                                            permissionChecker.getUserId(), actionId,
074                                            Folder.class.getName(), folderId));
075                    }
076            }
077    
078            public static boolean contains(
079                            PermissionChecker permissionChecker, DLFolder dlFolder,
080                            String actionId)
081                    throws PortalException, SystemException {
082    
083                    if (actionId.equals(ActionKeys.ADD_FOLDER)) {
084                            actionId = ActionKeys.ADD_SUBFOLDER;
085                    }
086    
087                    Boolean hasPermission = StagingPermissionUtil.hasPermission(
088                            permissionChecker, dlFolder.getGroupId(), DLFolder.class.getName(),
089                            dlFolder.getFolderId(), PortletKeys.DOCUMENT_LIBRARY, actionId);
090    
091                    if (hasPermission != null) {
092                            return hasPermission.booleanValue();
093                    }
094    
095                    if (actionId.equals(ActionKeys.VIEW) &&
096                            PropsValues.PERMISSIONS_VIEW_DYNAMIC_INHERITANCE) {
097    
098                            try {
099                                    long dlFolderId = dlFolder.getFolderId();
100    
101                                    while (dlFolderId !=
102                                                            DLFolderConstants.DEFAULT_PARENT_FOLDER_ID) {
103    
104                                            dlFolder = DLFolderLocalServiceUtil.getFolder(dlFolderId);
105    
106                                            if (!_hasPermission(
107                                                            permissionChecker, dlFolder, actionId)) {
108    
109                                                    return false;
110                                            }
111    
112                                            dlFolderId = dlFolder.getParentFolderId();
113                                    }
114                            }
115                            catch (NoSuchFolderException nsfe) {
116                                    if (!dlFolder.isInTrash()) {
117                                            throw nsfe;
118                                    }
119                            }
120    
121                            return DLPermission.contains(
122                                    permissionChecker, dlFolder.getGroupId(), actionId);
123                    }
124    
125                    return _hasPermission(permissionChecker, dlFolder, actionId);
126            }
127    
128            public static boolean contains(
129                            PermissionChecker permissionChecker, Folder folder, String actionId)
130                    throws PortalException, SystemException {
131    
132                    return folder.containsPermission(permissionChecker, actionId);
133            }
134    
135            public static boolean contains(
136                            PermissionChecker permissionChecker, long groupId, long folderId,
137                            String actionId)
138                    throws PortalException, SystemException {
139    
140                    if (folderId == DLFolderConstants.DEFAULT_PARENT_FOLDER_ID) {
141    
142                            // Prevent the propagation of checks for actions that are not
143                            // supported at the application resource level. See LPS-24245.
144    
145                            if (actionId.equals(ActionKeys.ACCESS) ||
146                                    actionId.equals(ActionKeys.ADD_SUBFOLDER) ||
147                                    actionId.equals(ActionKeys.DELETE)) {
148    
149                                    return false;
150                            }
151    
152                            return DLPermission.contains(permissionChecker, groupId, actionId);
153                    }
154    
155                    Folder folder = DLAppLocalServiceUtil.getFolder(folderId);
156    
157                    return folder.containsPermission(permissionChecker, actionId);
158            }
159    
160            private static boolean _hasPermission(
161                    PermissionChecker permissionChecker, DLFolder dlFolder,
162                    String actionId) {
163    
164                    if (permissionChecker.hasOwnerPermission(
165                                    dlFolder.getCompanyId(), DLFolder.class.getName(),
166                                    dlFolder.getFolderId(), dlFolder.getUserId(), actionId) ||
167                            permissionChecker.hasPermission(
168                                    dlFolder.getGroupId(), DLFolder.class.getName(),
169                                    dlFolder.getFolderId(), actionId)) {
170    
171                            return true;
172                    }
173    
174                    return false;
175            }
176    
177    }