001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Layout;
022 import com.liferay.portal.model.LayoutConstants;
023 import com.liferay.portal.model.Organization;
024 import com.liferay.portal.model.ResourceConstants;
025 import com.liferay.portal.model.ResourcePermission;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.model.impl.VirtualLayout;
028 import com.liferay.portal.security.auth.PrincipalException;
029 import com.liferay.portal.security.permission.ActionKeys;
030 import com.liferay.portal.security.permission.PermissionChecker;
031 import com.liferay.portal.service.GroupLocalServiceUtil;
032 import com.liferay.portal.service.LayoutLocalServiceUtil;
033 import com.liferay.portal.service.OrganizationLocalServiceUtil;
034 import com.liferay.portal.service.ResourceLocalServiceUtil;
035 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
036 import com.liferay.portal.service.UserLocalServiceUtil;
037 import com.liferay.portal.util.PortalUtil;
038 import com.liferay.portal.util.PropsValues;
039 import com.liferay.portlet.sites.util.SitesUtil;
040
041 import java.util.List;
042
043
048 public class LayoutPermissionImpl implements LayoutPermission {
049
050 @Override
051 public void check(
052 PermissionChecker permissionChecker, Layout layout, String actionId)
053 throws PortalException, SystemException {
054
055 if (!contains(permissionChecker, layout, actionId)) {
056 throw new PrincipalException();
057 }
058 }
059
060 @Override
061 public void check(
062 PermissionChecker permissionChecker, long groupId,
063 boolean privateLayout, long layoutId, String actionId)
064 throws PortalException, SystemException {
065
066 if (!contains(
067 permissionChecker, groupId, privateLayout, layoutId,
068 actionId)) {
069
070 throw new PrincipalException();
071 }
072 }
073
074 @Override
075 public void check(
076 PermissionChecker permissionChecker, long plid, String actionId)
077 throws PortalException, SystemException {
078
079 if (!contains(permissionChecker, plid, actionId)) {
080 throw new PrincipalException();
081 }
082 }
083
084 @Override
085 public boolean contains(
086 PermissionChecker permissionChecker, Layout layout,
087 boolean checkViewableGroup, String actionId)
088 throws PortalException, SystemException {
089
090 if (isAttemptToModifyLockedLayout(layout, actionId)) {
091 return false;
092 }
093
094 Boolean hasPermission = StagingPermissionUtil.hasPermission(
095 permissionChecker, layout.getGroup(), Layout.class.getName(),
096 layout.getGroupId(), null, actionId);
097
098 if (hasPermission != null) {
099 return hasPermission.booleanValue();
100 }
101
102 return containsWithViewableGroup(
103 permissionChecker, layout, checkViewableGroup, actionId);
104 }
105
106 @Override
107 public boolean contains(
108 PermissionChecker permissionChecker, Layout layout, String actionId)
109 throws PortalException, SystemException {
110
111 return contains(permissionChecker, layout, false, actionId);
112 }
113
114
118 @Override
119 public boolean contains(
120 PermissionChecker permissionChecker, Layout layout,
121 String controlPanelCategory, boolean checkViewableGroup,
122 String actionId)
123 throws PortalException, SystemException {
124
125 return contains(
126 permissionChecker, layout, checkViewableGroup, actionId);
127 }
128
129
133 @Override
134 public boolean contains(
135 PermissionChecker permissionChecker, Layout layout,
136 String controlPanelCategory, String actionId)
137 throws PortalException, SystemException {
138
139 return contains(permissionChecker, layout, actionId);
140 }
141
142 @Override
143 public boolean contains(
144 PermissionChecker permissionChecker, long groupId,
145 boolean privateLayout, long layoutId, String actionId)
146 throws PortalException, SystemException {
147
148 Layout layout = LayoutLocalServiceUtil.getLayout(
149 groupId, privateLayout, layoutId);
150
151 return contains(permissionChecker, layout, actionId);
152 }
153
154
158 @Override
159 public boolean contains(
160 PermissionChecker permissionChecker, long groupId,
161 boolean privateLayout, long layoutId, String controlPanelCategory,
162 String actionId)
163 throws PortalException, SystemException {
164
165 return contains(
166 permissionChecker, groupId, privateLayout, layoutId, actionId);
167 }
168
169 @Override
170 public boolean contains(
171 PermissionChecker permissionChecker, long plid, String actionId)
172 throws PortalException, SystemException {
173
174 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
175
176 return contains(permissionChecker, layout, actionId);
177 }
178
179 @Override
180 public boolean containsWithoutViewableGroup(
181 PermissionChecker permissionChecker, Layout layout,
182 boolean checkLayoutUpdateable, String actionId)
183 throws PortalException, SystemException {
184
185 if (layout.isTypeControlPanel()) {
186 return false;
187 }
188
189 if (checkLayoutUpdateable &&
190 !actionId.equals(ActionKeys.CUSTOMIZE) &&
191 !actionId.equals(ActionKeys.VIEW) &&
192 (layout instanceof VirtualLayout)) {
193
194 return false;
195 }
196
197 if (actionId.equals(ActionKeys.CUSTOMIZE) &&
198 (layout instanceof VirtualLayout)) {
199
200 VirtualLayout virtualLayout = (VirtualLayout)layout;
201
202 layout = virtualLayout.getWrappedModel();
203 }
204
205 if (actionId.equals(ActionKeys.DELETE) &&
206 !SitesUtil.isLayoutDeleteable(layout)) {
207
208 return false;
209 }
210
211 Group group = layout.getGroup();
212
213 if (checkLayoutUpdateable && !group.isLayoutSetPrototype() &&
214 isAttemptToModifyLockedLayout(layout, actionId)) {
215
216 return false;
217 }
218
219 User user = permissionChecker.getUser();
220
221 if (!user.isDefaultUser() && !group.isUser()) {
222
223
224
225
226
227
228
229
230
231 ResourcePermission resourcePermission =
232 ResourcePermissionLocalServiceUtil.getResourcePermission(
233 layout.getCompanyId(), Layout.class.getName(),
234 ResourceConstants.SCOPE_INDIVIDUAL,
235 String.valueOf(layout.getPlid()),
236 permissionChecker.getOwnerRoleId());
237
238 if (permissionChecker.hasOwnerPermission(
239 layout.getCompanyId(), Layout.class.getName(),
240 String.valueOf(layout.getPlid()),
241 resourcePermission.getOwnerId(), actionId)) {
242
243 return true;
244 }
245 }
246
247 if (actionId.equals(ActionKeys.ADD_LAYOUT)) {
248 if (!PortalUtil.isLayoutParentable(layout.getType()) ||
249 !SitesUtil.isLayoutSortable(layout)) {
250
251 return false;
252 }
253
254 if (GroupPermissionUtil.contains(
255 permissionChecker, layout.getGroupId(),
256 ActionKeys.ADD_LAYOUT)) {
257
258 return true;
259 }
260 }
261
262 if (GroupPermissionUtil.contains(
263 permissionChecker, layout.getGroupId(),
264 ActionKeys.MANAGE_LAYOUTS)) {
265
266 return true;
267 }
268
269 if (PropsValues.PERMISSIONS_VIEW_DYNAMIC_INHERITANCE &&
270 !actionId.equals(ActionKeys.VIEW)) {
271
272
273
274
275 long parentLayoutId = layout.getParentLayoutId();
276
277 while (parentLayoutId != LayoutConstants.DEFAULT_PARENT_LAYOUT_ID) {
278 Layout parentLayout = LayoutLocalServiceUtil.getLayout(
279 layout.getGroupId(), layout.isPrivateLayout(),
280 parentLayoutId);
281
282 if (contains(permissionChecker, parentLayout, actionId)) {
283 return true;
284 }
285
286 parentLayoutId = parentLayout.getParentLayoutId();
287 }
288 }
289
290 int resourcePermissionsCount =
291 ResourcePermissionLocalServiceUtil.getResourcePermissionsCount(
292 layout.getCompanyId(), Layout.class.getName(),
293 ResourceConstants.SCOPE_INDIVIDUAL,
294 String.valueOf(layout.getPlid()));
295
296 if (resourcePermissionsCount == 0) {
297 boolean addGroupPermission = true;
298 boolean addGuestPermission = true;
299
300 if (layout.isPrivateLayout()) {
301 addGuestPermission = false;
302 }
303
304 ResourceLocalServiceUtil.addResources(
305 layout.getCompanyId(), layout.getGroupId(), 0,
306 Layout.class.getName(), layout.getPlid(), false,
307 addGroupPermission, addGuestPermission);
308 }
309
310 return permissionChecker.hasPermission(
311 layout.getGroupId(), Layout.class.getName(), layout.getPlid(),
312 actionId);
313 }
314
315 @Override
316 public boolean containsWithoutViewableGroup(
317 PermissionChecker permissionChecker, Layout layout, String actionId)
318 throws PortalException, SystemException {
319
320 return containsWithoutViewableGroup(
321 permissionChecker, layout, true, actionId);
322 }
323
324
329 @Override
330 public boolean containsWithoutViewableGroup(
331 PermissionChecker permissionChecker, Layout layout,
332 String controlPanelCategory, boolean checkLayoutUpdateable,
333 String actionId)
334 throws PortalException, SystemException {
335
336 return containsWithoutViewableGroup(
337 permissionChecker, layout, checkLayoutUpdateable, actionId);
338 }
339
340
345 @Override
346 public boolean containsWithoutViewableGroup(
347 PermissionChecker permissionChecker, Layout layout,
348 String controlPanelCategory, String actionId)
349 throws PortalException, SystemException {
350
351 return containsWithoutViewableGroup(
352 permissionChecker, layout, actionId);
353 }
354
355 protected boolean containsWithViewableGroup(
356 PermissionChecker permissionChecker, Layout layout,
357 boolean checkViewableGroup, String actionId)
358 throws PortalException, SystemException {
359
360 if (actionId.equals(ActionKeys.VIEW) && checkViewableGroup) {
361 return isViewableGroup(
362 permissionChecker, layout, checkViewableGroup);
363 }
364
365 return containsWithoutViewableGroup(
366 permissionChecker, layout, actionId);
367 }
368
369 protected boolean isAttemptToModifyLockedLayout(
370 Layout layout, String actionId) {
371
372 if (!SitesUtil.isLayoutUpdateable(layout) &&
373 (ActionKeys.CUSTOMIZE.equals(actionId) ||
374 ActionKeys.UPDATE.equals(actionId))) {
375
376 return true;
377 }
378
379 return false;
380 }
381
382 protected boolean isViewableGroup(
383 PermissionChecker permissionChecker, Layout layout,
384 boolean checkResourcePermission)
385 throws PortalException, SystemException {
386
387 Group group = GroupLocalServiceUtil.getGroup(layout.getGroupId());
388
389
390
391 if (!GroupLocalServiceUtil.isLiveGroupActive(group)) {
392 return false;
393 }
394
395
396
397
398 if (group.isUser()) {
399 long groupUserId = group.getClassPK();
400
401 if (groupUserId == permissionChecker.getUserId()) {
402 return true;
403 }
404
405 User groupUser = UserLocalServiceUtil.getUserById(groupUserId);
406
407 if (!groupUser.isActive()) {
408 return false;
409 }
410
411 if (layout.isPrivateLayout()) {
412 if (GroupPermissionUtil.contains(
413 permissionChecker, groupUser.getGroupId(),
414 ActionKeys.MANAGE_LAYOUTS) ||
415 UserPermissionUtil.contains(
416 permissionChecker, groupUserId,
417 groupUser.getOrganizationIds(), ActionKeys.UPDATE)) {
418
419 return true;
420 }
421
422 return false;
423 }
424 }
425
426
427
428
429 if (group.isStagingGroup()) {
430 if (GroupPermissionUtil.contains(
431 permissionChecker, group.getGroupId(),
432 ActionKeys.VIEW_STAGING)) {
433
434 return true;
435 }
436
437 return false;
438 }
439
440
441
442
443 if (group.isSite()) {
444 if (GroupPermissionUtil.contains(
445 permissionChecker, group.getGroupId(),
446 ActionKeys.MANAGE_LAYOUTS) ||
447 GroupPermissionUtil.contains(
448 permissionChecker, group.getGroupId(), ActionKeys.UPDATE)) {
449
450 return true;
451 }
452
453 if (layout.isPrivateLayout() &&
454 !permissionChecker.isGroupMember(group.getGroupId())) {
455
456 return false;
457 }
458 }
459
460
461
462
463 if (group.isCompany()) {
464 return false;
465 }
466 else if (group.isLayoutPrototype()) {
467 if (LayoutPrototypePermissionUtil.contains(
468 permissionChecker, group.getClassPK(), ActionKeys.VIEW)) {
469
470 return true;
471 }
472
473 return false;
474 }
475 else if (group.isLayoutSetPrototype()) {
476 if (LayoutSetPrototypePermissionUtil.contains(
477 permissionChecker, group.getClassPK(), ActionKeys.VIEW)) {
478
479 return true;
480 }
481
482 return false;
483 }
484 else if (group.isOrganization()) {
485 long organizationId = group.getOrganizationId();
486
487 if (OrganizationLocalServiceUtil.hasUserOrganization(
488 permissionChecker.getUserId(), organizationId, false,
489 false)) {
490
491 return true;
492 }
493 else if (OrganizationPermissionUtil.contains(
494 permissionChecker, organizationId, ActionKeys.UPDATE)) {
495
496 return true;
497 }
498
499 if (!PropsValues.ORGANIZATIONS_MEMBERSHIP_STRICT) {
500 List<Organization> userOrgs =
501 OrganizationLocalServiceUtil.getUserOrganizations(
502 permissionChecker.getUserId());
503
504 for (Organization organization : userOrgs) {
505 for (Organization ancestorOrganization :
506 organization.getAncestors()) {
507
508 if (organizationId ==
509 ancestorOrganization.getOrganizationId()) {
510
511 return true;
512 }
513 }
514 }
515 }
516 }
517 else if (group.isUserGroup()) {
518 if (UserGroupPermissionUtil.contains(
519 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
520
521 return true;
522 }
523 }
524
525
526
527 if (containsWithoutViewableGroup(
528 permissionChecker, layout, ActionKeys.VIEW)) {
529
530 return true;
531 }
532
533
534
535
536 List<Layout> layouts = LayoutLocalServiceUtil.getLayouts(
537 layout.getGroupId(), layout.isPrivateLayout(),
538 LayoutConstants.DEFAULT_PARENT_LAYOUT_ID);
539
540 for (Layout curLayout : layouts) {
541 if (containsWithoutViewableGroup(
542 permissionChecker, curLayout, ActionKeys.VIEW) &&
543 !curLayout.isHidden()) {
544
545 return true;
546 }
547 }
548
549 return false;
550 }
551
552 }