001
014
015 package com.liferay.portlet.workflowtasks.action;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.ArrayUtil;
022 import com.liferay.portal.kernel.util.MapUtil;
023 import com.liferay.portal.kernel.workflow.WorkflowConstants;
024 import com.liferay.portal.kernel.workflow.WorkflowHandler;
025 import com.liferay.portal.kernel.workflow.WorkflowHandlerRegistryUtil;
026 import com.liferay.portal.kernel.workflow.WorkflowTask;
027 import com.liferay.portal.kernel.workflow.WorkflowTaskAssignee;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.User;
030 import com.liferay.portal.security.permission.PermissionChecker;
031 import com.liferay.portlet.asset.model.AssetRenderer;
032
033 import java.io.Serializable;
034
035 import java.util.Map;
036
037
040 public class WorkflowTaskPermissionChecker {
041
042 public static boolean hasPermission(
043 long groupId, WorkflowTask workflowTask,
044 PermissionChecker permissionChecker) {
045
046 if (permissionChecker.isOmniadmin() ||
047 permissionChecker.isCompanyAdmin()) {
048
049 return true;
050 }
051
052 if (!hasAssetViewPermission(workflowTask, permissionChecker) &&
053 !permissionChecker.isContentReviewer(
054 permissionChecker.getCompanyId(), groupId)) {
055
056 return false;
057 }
058
059 long[] roleIds = permissionChecker.getRoleIds(
060 permissionChecker.getUserId(), groupId);
061
062 for (WorkflowTaskAssignee workflowTaskAssignee :
063 workflowTask.getWorkflowTaskAssignees()) {
064
065 if (isWorkflowTaskAssignableToRoles(
066 workflowTaskAssignee, roleIds) ||
067 isWorkflowTaskAssignableToUser(
068 workflowTaskAssignee, permissionChecker.getUserId())) {
069
070 return true;
071 }
072 }
073
074 return false;
075 }
076
077 protected static boolean hasAssetViewPermission(
078 WorkflowTask workflowTask, PermissionChecker permissionChecker) {
079
080 Map<String, Serializable> optionalAttributes =
081 workflowTask.getOptionalAttributes();
082
083 String className = MapUtil.getString(
084 optionalAttributes, WorkflowConstants.CONTEXT_ENTRY_CLASS_NAME);
085 long classPK = MapUtil.getLong(
086 optionalAttributes, WorkflowConstants.CONTEXT_ENTRY_CLASS_PK);
087
088 WorkflowHandler workflowHandler =
089 WorkflowHandlerRegistryUtil.getWorkflowHandler(className);
090
091 if (workflowHandler == null) {
092 return false;
093 }
094
095 try {
096 AssetRenderer assetRenderer = workflowHandler.getAssetRenderer(
097 classPK);
098
099 return assetRenderer.hasViewPermission(permissionChecker);
100 }
101 catch (PortalException pe) {
102 _log.error(pe, pe);
103 }
104 catch (SystemException se) {
105 _log.error(se, se);
106 }
107
108 return false;
109 }
110
111 protected static boolean isWorkflowTaskAssignableToRoles(
112 WorkflowTaskAssignee workflowTaskAssignee, long[] roleIds) {
113
114 String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
115
116 if (!assigneeClassName.equals(Role.class.getName())) {
117 return false;
118 }
119
120 if (ArrayUtil.contains(
121 roleIds, workflowTaskAssignee.getAssigneeClassPK())) {
122
123 return true;
124 }
125
126 return false;
127 }
128
129 protected static boolean isWorkflowTaskAssignableToUser(
130 WorkflowTaskAssignee workflowTaskAssignee, long userId) {
131
132 String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
133
134 if (!assigneeClassName.equals(User.class.getName())) {
135 return false;
136 }
137
138 if (workflowTaskAssignee.getAssigneeClassPK() == userId) {
139 return true;
140 }
141
142 return false;
143 }
144
145 private static Log _log = LogFactoryUtil.getLog(
146 WorkflowTaskPermissionChecker.class);
147
148 }