001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.model.ResourceConstants;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.PermissionChecker;
024    import com.liferay.portal.service.UserLocalServiceUtil;
025    import com.liferay.portal.util.PortalUtil;
026    import com.liferay.portal.util.PropsValues;
027    
028    /**
029     * @author Charles May
030     * @author Jorge Ferrer
031     */
032    public class UserPermissionImpl implements UserPermission {
033    
034            /**
035             * @deprecated Replaced by {@link #check(PermissionChecker, long, long[],
036             *             String)}
037             */
038            public void check(
039                            PermissionChecker permissionChecker, long userId,
040                            long organizationId, long locationId, String actionId)
041                    throws PrincipalException {
042    
043                    check(
044                            permissionChecker, userId, new long[] {organizationId, locationId},
045                            actionId);
046            }
047    
048            public void check(
049                            PermissionChecker permissionChecker, long userId,
050                            long[] organizationIds, String actionId)
051                    throws PrincipalException {
052    
053                    if (!contains(
054                                    permissionChecker, userId, organizationIds, actionId)) {
055    
056                            throw new PrincipalException();
057                    }
058            }
059    
060            public void check(
061                            PermissionChecker permissionChecker, long userId, String actionId)
062                    throws PrincipalException {
063    
064                    if (!contains(permissionChecker, userId, actionId)) {
065                            throw new PrincipalException();
066                    }
067            }
068    
069            /**
070             * @deprecated Replaced by {@link #contains(PermissionChecker, long, long[],
071             *             String)}
072             */
073            public boolean contains(
074                    PermissionChecker permissionChecker, long userId, long organizationId,
075                    long locationId, String actionId) {
076    
077                    return contains(
078                            permissionChecker, userId, new long[] {organizationId, locationId},
079                            actionId);
080            }
081    
082            public boolean contains(
083                    PermissionChecker permissionChecker, long userId,
084                    long[] organizationIds, String actionId) {
085    
086                    if (actionId.equals(ActionKeys.IMPERSONATE) &&
087                            PortalUtil.isOmniadmin(userId) &&
088                            !permissionChecker.isOmniadmin()) {
089    
090                            return false;
091                    }
092    
093                    if (((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 ||
094                              PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
095                             (permissionChecker.hasOwnerPermission(
096                                    permissionChecker.getCompanyId(), User.class.getName(), userId,
097                                    userId, actionId))) ||
098                            (permissionChecker.getUserId() == userId)) {
099    
100                            return true;
101                    }
102                    else if (permissionChecker.hasPermission(
103                                            0, User.class.getName(), userId, actionId)) {
104    
105                            return true;
106                    }
107                    else if (userId != ResourceConstants.PRIMKEY_DNE) {
108                            try {
109                                    if (organizationIds == null) {
110                                            User user = UserLocalServiceUtil.getUserById(userId);
111    
112                                            organizationIds = user.getOrganizationIds();
113                                    }
114    
115                                    for (int i = 0; i < organizationIds.length; i++) {
116                                            long organizationId = organizationIds[i];
117    
118                                            if (OrganizationPermissionUtil.contains(
119                                                            permissionChecker, organizationId,
120                                                            ActionKeys.MANAGE_USERS)) {
121    
122                                                    return true;
123                                            }
124                                    }
125                            }
126                            catch (Exception e) {
127                                    _log.error(e, e);
128                            }
129                    }
130    
131                    return false;
132            }
133    
134            public boolean contains(
135                    PermissionChecker permissionChecker, long userId, String actionId) {
136    
137                    return contains(permissionChecker, userId, null, actionId);
138            }
139    
140            private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
141    
142    }