001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.Contact;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.ResourceConstants;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.security.auth.PrincipalException;
026 import com.liferay.portal.security.permission.ActionKeys;
027 import com.liferay.portal.security.permission.PermissionChecker;
028 import com.liferay.portal.service.OrganizationLocalServiceUtil;
029 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030 import com.liferay.portal.service.UserLocalServiceUtil;
031 import com.liferay.portal.util.PortalUtil;
032
033
037 public class UserPermissionImpl implements UserPermission {
038
039
043 @Override
044 public void check(
045 PermissionChecker permissionChecker, long userId,
046 long organizationId, long locationId, String actionId)
047 throws PrincipalException {
048
049 check(
050 permissionChecker, userId, new long[] {organizationId, locationId},
051 actionId);
052 }
053
054 @Override
055 public void check(
056 PermissionChecker permissionChecker, long userId,
057 long[] organizationIds, String actionId)
058 throws PrincipalException {
059
060 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
061 throw new PrincipalException();
062 }
063 }
064
065 @Override
066 public void check(
067 PermissionChecker permissionChecker, long userId, String actionId)
068 throws PrincipalException {
069
070 if (!contains(permissionChecker, userId, actionId)) {
071 throw new PrincipalException();
072 }
073 }
074
075
079 @Override
080 public boolean contains(
081 PermissionChecker permissionChecker, long userId, long organizationId,
082 long locationId, String actionId) {
083
084 return contains(
085 permissionChecker, userId, new long[] {organizationId, locationId},
086 actionId);
087 }
088
089 @Override
090 public boolean contains(
091 PermissionChecker permissionChecker, long userId,
092 long[] organizationIds, String actionId) {
093
094 try {
095 User user = null;
096
097 if (userId != ResourceConstants.PRIMKEY_DNE) {
098 user = UserLocalServiceUtil.getUserById(userId);
099
100 if ((actionId.equals(ActionKeys.DELETE) ||
101 actionId.equals(ActionKeys.IMPERSONATE) ||
102 actionId.equals(ActionKeys.PERMISSIONS) ||
103 actionId.equals(ActionKeys.UPDATE)) &&
104 !permissionChecker.isOmniadmin() &&
105 (PortalUtil.isOmniadmin(user) ||
106 (!permissionChecker.isCompanyAdmin() &&
107 PortalUtil.isCompanyAdmin(user)))) {
108
109 return false;
110 }
111
112 Contact contact = user.getContact();
113
114 if (permissionChecker.hasOwnerPermission(
115 permissionChecker.getCompanyId(), User.class.getName(),
116 userId, contact.getUserId(), actionId) ||
117 (permissionChecker.getUserId() == userId)) {
118
119 return true;
120 }
121 }
122
123 if (permissionChecker.hasPermission(
124 0, User.class.getName(), userId, actionId)) {
125
126 return true;
127 }
128
129 if (user == null) {
130 return false;
131 }
132
133 if (organizationIds == null) {
134 organizationIds = user.getOrganizationIds();
135 }
136
137 for (long organizationId : organizationIds) {
138 if (OrganizationPermissionUtil.contains(
139 permissionChecker, organizationId,
140 ActionKeys.MANAGE_USERS)) {
141
142 if (permissionChecker.getUserId() == user.getUserId()) {
143 return true;
144 }
145
146 Organization organization =
147 OrganizationLocalServiceUtil.getOrganization(
148 organizationId);
149
150 Group organizationGroup = organization.getGroup();
151
152
153
154
155 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
156 user.getUserId(), organizationGroup.getGroupId(),
157 RoleConstants.ORGANIZATION_OWNER, true)) {
158
159 continue;
160 }
161 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
162 user.getUserId(),
163 organizationGroup.getGroupId(),
164 RoleConstants.ORGANIZATION_ADMINISTRATOR,
165 true) &&
166 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
167 permissionChecker.getUserId(),
168 organizationGroup.getGroupId(),
169 RoleConstants.ORGANIZATION_OWNER, true)) {
170
171 continue;
172 }
173
174 return true;
175 }
176 }
177 }
178 catch (Exception e) {
179 _log.error(e, e);
180 }
181
182 return false;
183 }
184
185 @Override
186 public boolean contains(
187 PermissionChecker permissionChecker, long userId, String actionId) {
188
189 return contains(permissionChecker, userId, null, actionId);
190 }
191
192 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
193
194 }