001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.OrganizationConstants;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.service.OrganizationLocalServiceUtil;
025 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
026 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
027 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
028
029 import java.util.Arrays;
030 import java.util.HashMap;
031 import java.util.List;
032 import java.util.Map;
033
034
037 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
038
039 public PermissionCheckerBagImpl() {
040 }
041
042 public PermissionCheckerBagImpl(
043 long userId, List<Group> userGroups, List<Organization> userOrgs,
044 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
045 List<Group> groups, List<Role> roles) {
046
047 _userId = userId;
048 _userGroups = userGroups;
049 _userOrgs = userOrgs;
050 _userOrgGroups = userOrgGroups;
051 _userUserGroupGroups = userUserGroupGroups;
052 _groups = groups;
053 _roles = roles;
054 }
055
056 public List<Group> getUserGroups() {
057 return _userGroups;
058 }
059
060 public List<Organization> getUserOrgs() {
061 return _userOrgs;
062 }
063
064 public List<Group> getUserOrgGroups() {
065 return _userOrgGroups;
066 }
067
068 public List<Group> getUserUserGroupGroups() {
069 return _userUserGroupGroups;
070 }
071
072 public List<Group> getGroups() {
073 return _groups;
074 }
075
076 public long[] getRoleIds() {
077 if (_roleIds == null) {
078 List<Role> roles = getRoles();
079
080 long[] roleIds = new long[roles.size()];
081
082 for (int i = 0; i < roles.size(); i++) {
083 Role role = roles.get(i);
084
085 roleIds[i] = role.getRoleId();
086 }
087
088 Arrays.sort(roleIds);
089
090 _roleIds = roleIds;
091 }
092
093 return _roleIds;
094 }
095
096 public List<Role> getRoles() {
097 return _roles;
098 }
099
100
104 public boolean isCommunityAdmin(
105 PermissionChecker permissionChecker, Group group)
106 throws Exception {
107
108 return isGroupAdmin(permissionChecker, group);
109 }
110
111
115 public boolean isCommunityOwner(
116 PermissionChecker permissionChecker, Group group)
117 throws Exception {
118
119 return isGroupOwner(permissionChecker, group);
120 }
121
122 public boolean isGroupAdmin(
123 PermissionChecker permissionChecker, Group group)
124 throws Exception {
125
126 Boolean value = _groupAdmins.get(group.getGroupId());
127
128 if (value == null) {
129 value = Boolean.valueOf(
130 isGroupAdminImpl(permissionChecker, group));
131
132 _groupAdmins.put(group.getGroupId(), value);
133 }
134
135 return value.booleanValue();
136 }
137
138 public boolean isGroupOwner(
139 PermissionChecker permissionChecker, Group group)
140 throws Exception {
141
142 Boolean value = _groupOwners.get(group.getGroupId());
143
144 if (value == null) {
145 value = Boolean.valueOf(
146 isGroupOwnerImpl(permissionChecker, group));
147
148 _groupOwners.put(group.getGroupId(), value);
149 }
150
151 return value.booleanValue();
152 }
153
154 protected boolean isGroupAdminImpl(
155 PermissionChecker permissionChecker, Group group)
156 throws PortalException, SystemException {
157
158 if (group.isSite()) {
159 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
160 _userId, group.getGroupId(),
161 RoleConstants.SITE_ADMINISTRATOR, true) ||
162 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
163 _userId, group.getGroupId(),
164 RoleConstants.SITE_OWNER, true)) {
165
166 return true;
167 }
168 }
169
170 if (group.isCompany()) {
171 if (permissionChecker.isCompanyAdmin()) {
172 return true;
173 }
174 else {
175 return false;
176 }
177 }
178 else if (group.isLayoutPrototype()) {
179 if (LayoutPrototypePermissionUtil.contains(
180 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
181
182 return true;
183 }
184 else {
185 return false;
186 }
187 }
188 else if (group.isLayoutSetPrototype()) {
189 if (LayoutSetPrototypePermissionUtil.contains(
190 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
191
192 return true;
193 }
194 else {
195 return false;
196 }
197 }
198 else if (group.isOrganization()) {
199 long organizationId = group.getOrganizationId();
200
201 while (organizationId !=
202 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
203
204 Organization organization =
205 OrganizationLocalServiceUtil.getOrganization(
206 organizationId);
207
208 Group organizationGroup = organization.getGroup();
209
210 long organizationGroupId = organizationGroup.getGroupId();
211
212 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
213 _userId, organizationGroupId,
214 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
215 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
216 _userId, organizationGroupId,
217 RoleConstants.ORGANIZATION_OWNER, true)) {
218
219 return true;
220 }
221
222 organizationId = organization.getParentOrganizationId();
223 }
224 }
225
226 return false;
227 }
228
229 protected boolean isGroupOwnerImpl(
230 PermissionChecker permissionChecker, Group group)
231 throws PortalException, SystemException {
232
233 if (group.isSite()) {
234 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
235 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
236 true)) {
237
238 return true;
239 }
240 }
241
242 if (group.isLayoutPrototype()) {
243 if (LayoutPrototypePermissionUtil.contains(
244 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
245
246 return true;
247 }
248 else {
249 return false;
250 }
251 }
252 else if (group.isLayoutSetPrototype()) {
253 if (LayoutSetPrototypePermissionUtil.contains(
254 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
255
256 return true;
257 }
258 else {
259 return false;
260 }
261 }
262 else if (group.isOrganization()) {
263 long organizationId = group.getOrganizationId();
264
265 while (organizationId !=
266 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
267
268 Organization organization =
269 OrganizationLocalServiceUtil.getOrganization(
270 organizationId);
271
272 Group organizationGroup = organization.getGroup();
273
274 long organizationGroupId = organizationGroup.getGroupId();
275
276 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
277 _userId, organizationGroupId,
278 RoleConstants.ORGANIZATION_OWNER, true)) {
279
280 return true;
281 }
282
283 organizationId = organization.getParentOrganizationId();
284 }
285 }
286 else if (group.isUser()) {
287 long userId = group.getClassPK();
288
289 if (userId == _userId) {
290 return true;
291 }
292 }
293
294 return false;
295 }
296
297 private long _userId;
298 private List<Group> _userGroups;
299 private List<Organization> _userOrgs;
300 private List<Group> _userOrgGroups;
301 private List<Group> _userUserGroupGroups;
302 private List<Group> _groups;
303 private long[] _roleIds;
304 private List<Role> _roles;
305 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
306 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
307
308 }