001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.workflowtasks.action;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.util.ArrayUtil;
022    import com.liferay.portal.kernel.util.MapUtil;
023    import com.liferay.portal.kernel.workflow.WorkflowConstants;
024    import com.liferay.portal.kernel.workflow.WorkflowHandler;
025    import com.liferay.portal.kernel.workflow.WorkflowHandlerRegistryUtil;
026    import com.liferay.portal.kernel.workflow.WorkflowTask;
027    import com.liferay.portal.kernel.workflow.WorkflowTaskAssignee;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.User;
030    import com.liferay.portal.security.permission.PermissionChecker;
031    import com.liferay.portlet.asset.model.AssetRenderer;
032    
033    import java.io.Serializable;
034    
035    import java.util.Map;
036    
037    /**
038     * @author Adam Brandizzi
039     */
040    public class WorkflowTaskPermissionChecker {
041    
042            public static boolean hasPermission(
043                    long groupId, WorkflowTask workflowTask,
044                    PermissionChecker permissionChecker) {
045    
046                    if (permissionChecker.isOmniadmin() ||
047                            permissionChecker.isCompanyAdmin()) {
048    
049                            return true;
050                    }
051    
052                    if (!hasAssetViewPermission(workflowTask, permissionChecker) &&
053                            !permissionChecker.isContentReviewer(
054                                    permissionChecker.getCompanyId(), groupId)) {
055    
056                            return false;
057                    }
058    
059                    long[] roleIds = permissionChecker.getRoleIds(
060                            permissionChecker.getUserId(), groupId);
061    
062                    for (WorkflowTaskAssignee workflowTaskAssignee :
063                                    workflowTask.getWorkflowTaskAssignees()) {
064    
065                            if (isWorkflowTaskAssignableToRoles(
066                                            workflowTaskAssignee, roleIds) ||
067                                    isWorkflowTaskAssignableToUser(
068                                            workflowTaskAssignee, permissionChecker.getUserId())) {
069    
070                                    return true;
071                            }
072                    }
073    
074                    return false;
075            }
076    
077            protected static boolean hasAssetViewPermission(
078                    WorkflowTask workflowTask, PermissionChecker permissionChecker) {
079    
080                    Map<String, Serializable> optionalAttributes =
081                            workflowTask.getOptionalAttributes();
082    
083                    String className = MapUtil.getString(
084                            optionalAttributes, WorkflowConstants.CONTEXT_ENTRY_CLASS_NAME);
085                    long classPK = MapUtil.getLong(
086                            optionalAttributes, WorkflowConstants.CONTEXT_ENTRY_CLASS_PK);
087    
088                    WorkflowHandler workflowHandler =
089                            WorkflowHandlerRegistryUtil.getWorkflowHandler(className);
090    
091                    if (workflowHandler == null) {
092                            return false;
093                    }
094    
095                    try {
096                            AssetRenderer assetRenderer = workflowHandler.getAssetRenderer(
097                                    classPK);
098    
099                            return assetRenderer.hasViewPermission(permissionChecker);
100                    }
101                    catch (PortalException pe) {
102                            _log.error(pe, pe);
103                    }
104                    catch (SystemException se) {
105                            _log.error(se, se);
106                    }
107    
108                    return false;
109            }
110    
111            protected static boolean isWorkflowTaskAssignableToRoles(
112                    WorkflowTaskAssignee workflowTaskAssignee, long[] roleIds) {
113    
114                    String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
115    
116                    if (!assigneeClassName.equals(Role.class.getName())) {
117                            return false;
118                    }
119    
120                    if (ArrayUtil.contains(
121                                    roleIds, workflowTaskAssignee.getAssigneeClassPK())) {
122    
123                            return true;
124                    }
125    
126                    return false;
127            }
128    
129            protected static boolean isWorkflowTaskAssignableToUser(
130                    WorkflowTaskAssignee workflowTaskAssignee, long userId) {
131    
132                    String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
133    
134                    if (!assigneeClassName.equals(User.class.getName())) {
135                            return false;
136                    }
137    
138                    if (workflowTaskAssignee.getAssigneeClassPK() == userId) {
139                            return true;
140                    }
141    
142                    return false;
143            }
144    
145            private static Log _log = LogFactoryUtil.getLog(
146                    WorkflowTaskPermissionChecker.class);
147    
148    }