001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.NoSuchResourceException;
018 import com.liferay.portal.kernel.dao.orm.QueryUtil;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.kernel.log.Log;
021 import com.liferay.portal.kernel.log.LogFactoryUtil;
022 import com.liferay.portal.kernel.util.ArrayUtil;
023 import com.liferay.portal.kernel.util.CharPool;
024 import com.liferay.portal.kernel.util.GetterUtil;
025 import com.liferay.portal.kernel.util.SetUtil;
026 import com.liferay.portal.kernel.util.Validator;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.GroupedModel;
030 import com.liferay.portal.model.Layout;
031 import com.liferay.portal.model.Organization;
032 import com.liferay.portal.model.Permission;
033 import com.liferay.portal.model.PermissionedModel;
034 import com.liferay.portal.model.PortletConstants;
035 import com.liferay.portal.model.Resource;
036 import com.liferay.portal.model.ResourceBlockConstants;
037 import com.liferay.portal.model.ResourceConstants;
038 import com.liferay.portal.model.Role;
039 import com.liferay.portal.model.RoleConstants;
040 import com.liferay.portal.model.Team;
041 import com.liferay.portal.model.UserGroup;
042 import com.liferay.portal.security.permission.comparator.PermissionActionIdComparator;
043 import com.liferay.portal.service.GroupLocalServiceUtil;
044 import com.liferay.portal.service.LayoutLocalServiceUtil;
045 import com.liferay.portal.service.OrganizationLocalServiceUtil;
046 import com.liferay.portal.service.PermissionLocalServiceUtil;
047 import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
048 import com.liferay.portal.service.ResourceLocalServiceUtil;
049 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
050 import com.liferay.portal.service.RoleLocalServiceUtil;
051 import com.liferay.portal.service.TeamLocalServiceUtil;
052 import com.liferay.portal.service.UserGroupLocalServiceUtil;
053 import com.liferay.portal.service.permission.PortletPermissionUtil;
054 import com.liferay.portal.util.PropsValues;
055 import com.liferay.util.UniqueList;
056
057 import java.util.ArrayList;
058 import java.util.Collections;
059 import java.util.HashMap;
060 import java.util.LinkedHashMap;
061 import java.util.List;
062 import java.util.Map;
063 import java.util.Set;
064
065 import org.apache.commons.lang.time.StopWatch;
066
067
074 public class AdvancedPermissionChecker extends BasePermissionChecker {
075
076 @Override
077 public AdvancedPermissionChecker clone() {
078 return new AdvancedPermissionChecker();
079 }
080
081 @Override
082 public long[] getRoleIds(long userId, long groupId) {
083 PermissionCheckerBag bag = null;
084
085 try {
086 bag = getUserBag(userId, groupId);
087 }
088 catch (Exception e) {
089 }
090
091 if (bag != null) {
092 if (checkGuest) {
093 Set<Long> roleIds = SetUtil.fromArray(bag.getRoleIds());
094
095 try {
096 PermissionCheckerBag guestBag = getGuestUserBag();
097
098 if (guestBag != null) {
099 for (long roleId : guestBag.getRoleIds()) {
100 roleIds.add(roleId);
101 }
102 }
103 }
104 catch (Exception e) {
105 }
106
107 return ArrayUtil.toArray(
108 roleIds.toArray(new Long[roleIds.size()]));
109 }
110 else {
111 return bag.getRoleIds();
112 }
113 }
114
115 return PermissionChecker.DEFAULT_ROLE_IDS;
116 }
117
118 @Override
119 public List<Long> getGuestResourceBlockIds(
120 long companyId, long groupId, String name, String actionId) {
121
122 try {
123 ResourceBlockIdsBag resourceBlockIdsBag =
124 getGuestResourceBlockIdsBag(companyId, groupId, name);
125
126 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
127 resourceBlockIdsBag, name, actionId);
128 }
129 catch (Exception e) {
130 }
131
132 return Collections.emptyList();
133 }
134
135 public ResourceBlockIdsBag getGuestResourceBlockIdsBag(
136 long companyId, long groupId, String name)
137 throws Exception {
138
139
140
141 ResourceBlockIdsBag resourceBlockIdsBag =
142 PermissionCacheUtil.getResourceBlockIdsBag(
143 companyId, groupId, defaultUserId, name, true);
144
145 if (resourceBlockIdsBag != null) {
146 return resourceBlockIdsBag;
147 }
148
149 try {
150 PermissionCheckerBag bag = getGuestUserBag();
151
152 long[] roleIds = bag.getRoleIds();
153
154 resourceBlockIdsBag =
155 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
156 getCompanyId(), groupId, name, roleIds);
157
158 PermissionCacheUtil.putResourceBlockIdsBag(
159 companyId, groupId, defaultUserId, name, true,
160 resourceBlockIdsBag);
161
162 return resourceBlockIdsBag;
163 }
164 finally {
165 if (resourceBlockIdsBag == null) {
166 resourceBlockIdsBag = new ResourceBlockIdsBag();
167 }
168
169 PermissionCacheUtil.putResourceBlockIdsBag(
170 companyId, defaultUserId, groupId, name, true,
171 resourceBlockIdsBag);
172 }
173 }
174
175
181 public PermissionCheckerBag getGuestUserBag() throws Exception {
182 Group guestGroup = GroupLocalServiceUtil.getGroup(
183 getCompanyId(), GroupConstants.GUEST);
184
185 PermissionCheckerBag bag = PermissionCacheUtil.getBag(
186 defaultUserId, guestGroup.getGroupId());
187
188 if (bag == null) {
189 try {
190 List<Group> groups = new ArrayList<Group>();
191
192 groups.add(guestGroup);
193
194 List<Role> roles = RoleLocalServiceUtil.getUserRelatedRoles(
195 defaultUserId, groups);
196
197 bag = new PermissionCheckerBagImpl(
198 defaultUserId, new ArrayList<Group>(),
199 new ArrayList<Organization>(), new ArrayList<Group>(),
200 new ArrayList<Group>(), groups, roles);
201 }
202 finally {
203 if (bag == null) {
204 bag = new PermissionCheckerBagImpl(
205 defaultUserId, new ArrayList<Group>(),
206 new ArrayList<Organization>(), new ArrayList<Group>(),
207 new ArrayList<Group>(), new ArrayList<Group>(),
208 new ArrayList<Role>());
209 }
210
211 PermissionCacheUtil.putBag(
212 defaultUserId, guestGroup.getGroupId(), bag);
213 }
214 }
215
216 return bag;
217 }
218
219 @Override
220 public List<Long> getOwnerResourceBlockIds(
221 long companyId, long groupId, String name, String actionId) {
222
223 try {
224 ResourceBlockIdsBag resourceBlockIdsBag =
225 getOwnerResourceBlockIdsBag(companyId, groupId, name);
226
227 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
228 resourceBlockIdsBag, name, actionId);
229 }
230 catch (Exception e) {
231 }
232
233 return Collections.emptyList();
234 }
235
236 public ResourceBlockIdsBag getOwnerResourceBlockIdsBag(
237 long companyId, long groupId, String name)
238 throws SystemException {
239
240
241
242 ResourceBlockIdsBag resourceBlockIdsBag =
243 PermissionCacheUtil.getResourceBlockIdsBag(
244 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
245 true);
246
247 if (resourceBlockIdsBag != null) {
248 return resourceBlockIdsBag;
249 }
250
251 try {
252 long[] roleIds = {getOwnerRoleId()};
253
254 resourceBlockIdsBag =
255 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
256 getCompanyId(), groupId, name, roleIds);
257
258 PermissionCacheUtil.putResourceBlockIdsBag(
259 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
260 true, resourceBlockIdsBag);
261
262 return resourceBlockIdsBag;
263 }
264 finally {
265 if (resourceBlockIdsBag == null) {
266 resourceBlockIdsBag = new ResourceBlockIdsBag();
267 }
268
269 PermissionCacheUtil.putResourceBlockIdsBag(
270 companyId, ResourceBlockConstants.OWNER_USER_ID, groupId, name,
271 true, resourceBlockIdsBag);
272 }
273 }
274
275 @Override
276 public List<Long> getResourceBlockIds(
277 long companyId, long groupId, long userId, String name,
278 String actionId) {
279
280 try {
281 ResourceBlockIdsBag resourceBlockIdsBag =
282 getResourceBlockIdsBag(companyId, groupId, userId, name);
283
284 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
285 resourceBlockIdsBag, name, actionId);
286 }
287 catch (Exception e) {
288 }
289
290 return Collections.emptyList();
291 }
292
293 public ResourceBlockIdsBag getResourceBlockIdsBag(
294 long companyId, long groupId, long userId, String name)
295 throws Exception {
296
297 ResourceBlockIdsBag resourceBlockIdsBag =
298 PermissionCacheUtil.getResourceBlockIdsBag(
299 companyId, groupId, userId, name, checkGuest);
300
301 if (resourceBlockIdsBag != null) {
302 return resourceBlockIdsBag;
303 }
304
305 try {
306 long[] roleIds = getRoleIds(userId, groupId);
307
308 resourceBlockIdsBag =
309 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
310 getCompanyId(), groupId, name, roleIds);
311
312 PermissionCacheUtil.putResourceBlockIdsBag(
313 companyId, groupId, userId, name, checkGuest,
314 resourceBlockIdsBag);
315
316 return resourceBlockIdsBag;
317 }
318 finally {
319 if (resourceBlockIdsBag == null) {
320 resourceBlockIdsBag = new ResourceBlockIdsBag();
321 }
322
323 PermissionCacheUtil.putResourceBlockIdsBag(
324 companyId, userId, groupId, name, checkGuest,
325 resourceBlockIdsBag);
326 }
327 }
328
329
339 public PermissionCheckerBag getUserBag(long userId, long groupId)
340 throws Exception {
341
342 PermissionCheckerBag bag = PermissionCacheUtil.getBag(userId, groupId);
343
344 if (bag != null) {
345 return bag;
346 }
347
348 try {
349 Group group = null;
350
351 if (groupId > 0) {
352 group = GroupLocalServiceUtil.getGroup(groupId);
353
354 if (group.isLayout()) {
355 long parentGroupId = group.getParentGroupId();
356
357 if (parentGroupId > 0) {
358 group = GroupLocalServiceUtil.getGroup(parentGroupId);
359 }
360 }
361 }
362
363 List<Group> userGroups = GroupLocalServiceUtil.getUserGroups(
364 userId, true);
365
366 List<Organization> userOrgs = getUserOrgs(userId);
367
368 List<Group> userOrgGroups =
369 GroupLocalServiceUtil.getOrganizationsGroups(userOrgs);
370
371 List<UserGroup> userUserGroups =
372 UserGroupLocalServiceUtil.getUserUserGroups(userId);
373
374 List<Group> userUserGroupGroups =
375 GroupLocalServiceUtil.getUserGroupsGroups(userUserGroups);
376
377 List<Group> groups = new ArrayList<Group>(
378 userGroups.size() + userOrgGroups.size() +
379 userUserGroupGroups.size());
380
381 groups.addAll(userGroups);
382 groups.addAll(userOrgGroups);
383 groups.addAll(userUserGroupGroups);
384
385 List<Role> roles = new UniqueList<Role>();
386
387 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 3) ||
388 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 4) ||
389 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
390 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)) {
391
392 if (groups.size() > 0) {
393 List<Role> userRelatedRoles=
394 RoleLocalServiceUtil.getUserRelatedRoles(
395 userId, groups);
396
397 roles.addAll(userRelatedRoles);
398 }
399 else {
400 roles.addAll(RoleLocalServiceUtil.getUserRoles(userId));
401 }
402
403 List<Role> userGroupRoles =
404 RoleLocalServiceUtil.getUserGroupRoles(userId, groupId);
405
406 roles.addAll(userGroupRoles);
407
408 List<Role> userGroupGroupRoles =
409 RoleLocalServiceUtil.getUserGroupGroupRoles(
410 userId, groupId);
411
412 roles.addAll(userGroupGroupRoles);
413
414 if (group != null) {
415 if (group.isOrganization() &&
416 userOrgGroups.contains(group)) {
417
418 Role organizationUserRole =
419 RoleLocalServiceUtil.getRole(
420 group.getCompanyId(),
421 RoleConstants.ORGANIZATION_USER);
422
423 roles.add(organizationUserRole);
424 }
425
426 if (group.isSite() &&
427 (userGroups.contains(group) ||
428 userOrgGroups.contains(group))) {
429
430 Role siteMemberRole = RoleLocalServiceUtil.getRole(
431 group.getCompanyId(), RoleConstants.SITE_MEMBER);
432
433 roles.add(siteMemberRole);
434 }
435
436 if ((group.isOrganization() &&
437 userOrgGroups.contains(group)) ||
438 (group.isSite() && userGroups.contains(group))) {
439
440 addTeamRoles(userId, group, roles);
441 }
442 }
443 }
444 else {
445 roles = new ArrayList<Role>();
446 }
447
448 bag = new PermissionCheckerBagImpl(
449 userId, userGroups, userOrgs, userOrgGroups,
450 userUserGroupGroups, groups, roles);
451
452 return bag;
453 }
454 finally {
455 if (bag == null) {
456 bag = new PermissionCheckerBagImpl(
457 userId, new ArrayList<Group>(),
458 new ArrayList<Organization>(), new ArrayList<Group>(),
459 new ArrayList<Group>(), new ArrayList<Group>(),
460 new ArrayList<Role>());
461 }
462
463 PermissionCacheUtil.putBag(userId, groupId, bag);
464 }
465 }
466
467 public boolean hasOwnerPermission(
468 long companyId, String name, String primKey, long ownerId,
469 String actionId) {
470
471 if (ownerId != getUserId()) {
472 return false;
473 }
474
475 if (ownerId == defaultUserId) {
476 if (actionId.equals(ActionKeys.VIEW)) {
477 return true;
478 }
479 else {
480 return false;
481 }
482 }
483
484 try {
485 if (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) {
486 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
487 PermissionedModel permissionedModel =
488 ResourceBlockLocalServiceUtil.getPermissionedModel(
489 name, GetterUtil.getLong(primKey));
490
491 long groupId = 0;
492
493 if (permissionedModel instanceof GroupedModel) {
494 GroupedModel groupedModel =
495 (GroupedModel)permissionedModel;
496
497 groupId = groupedModel.getGroupId();
498 }
499
500 ResourceBlockIdsBag resourceBlockIdsBag =
501 getOwnerResourceBlockIdsBag(companyId, groupId, name);
502
503 return ResourceBlockLocalServiceUtil.hasPermission(
504 name, permissionedModel, actionId, resourceBlockIdsBag);
505 }
506
507 return ResourcePermissionLocalServiceUtil.hasResourcePermission(
508 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL,
509 primKey, getOwnerRoleId(), actionId);
510 }
511
512 ResourceActionsUtil.checkAction(name, actionId);
513
514 Resource resource = ResourceLocalServiceUtil.getResource(
515 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
516
517 List<Permission> permissions =
518 PermissionLocalServiceUtil.getRolePermissions(
519 getOwnerRoleId(), resource.getResourceId());
520
521 int pos = Collections.binarySearch(
522 permissions, actionId, new PermissionActionIdComparator());
523
524 if (pos >= 0) {
525 return true;
526 }
527 }
528 catch (Exception e) {
529 if (_log.isDebugEnabled()) {
530 _log.debug(e, e);
531 }
532 }
533
534 return false;
535 }
536
537 public boolean hasPermission(
538 long groupId, String name, String primKey, String actionId) {
539
540 StopWatch stopWatch = null;
541
542 if (_log.isDebugEnabled()) {
543 stopWatch = new StopWatch();
544
545 stopWatch.start();
546 }
547
548 Group group = null;
549
550
551
552
553
554 try {
555 if (groupId > 0) {
556 group = GroupLocalServiceUtil.getGroup(groupId);
557
558 if (group.isUser() && (group.getClassPK() == getUserId())) {
559 group = GroupLocalServiceUtil.getGroup(
560 getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
561
562 groupId = group.getGroupId();
563 }
564
565 if (group.isLayout()) {
566 Layout layout = LayoutLocalServiceUtil.getLayout(
567 group.getClassPK());
568
569 groupId = layout.getGroupId();
570
571 group = GroupLocalServiceUtil.getGroup(groupId);
572 }
573
574 if (group.isStagingGroup()) {
575 if (primKey.equals(String.valueOf(groupId))) {
576 primKey = String.valueOf(group.getLiveGroupId());
577 }
578
579 groupId = group.getLiveGroupId();
580 group = group.getLiveGroup();
581 }
582 }
583 }
584 catch (Exception e) {
585 _log.error(e, e);
586 }
587
588 Boolean value = PermissionCacheUtil.getPermission(
589 user.getUserId(), signedIn, checkGuest, groupId, name, primKey,
590 actionId);
591
592 if (value == null) {
593 try {
594 value = Boolean.valueOf(
595 hasPermissionImpl(groupId, name, primKey, actionId));
596
597 if (_log.isDebugEnabled()) {
598 _log.debug(
599 "Checking permission for " + groupId + " " + name +
600 " " + primKey + " " + actionId + " takes " +
601 stopWatch.getTime() + " ms");
602 }
603 }
604 finally {
605 if (value == null) {
606 value = Boolean.FALSE;
607 }
608
609 PermissionCacheUtil.putPermission(
610 user.getUserId(), signedIn, checkGuest, groupId, name,
611 primKey, actionId, value);
612 }
613 }
614
615 return value.booleanValue();
616 }
617
618 public boolean hasUserPermission(
619 long groupId, String name, String primKey, String actionId,
620 boolean checkAdmin) {
621
622 try {
623 return hasUserPermissionImpl(
624 groupId, name, primKey, actionId, checkAdmin);
625 }
626 catch (Exception e) {
627 _log.error(e, e);
628
629 return false;
630 }
631 }
632
633 public boolean isCompanyAdmin() {
634 try {
635 return isCompanyAdminImpl();
636 }
637 catch (Exception e) {
638 _log.error(e, e);
639
640 return false;
641 }
642 }
643
644 public boolean isCompanyAdmin(long companyId) {
645 try {
646 return isCompanyAdminImpl(companyId);
647 }
648 catch (Exception e) {
649 _log.error(e, e);
650
651 return false;
652 }
653 }
654
655 public boolean isGroupAdmin(long groupId) {
656 try {
657 return isGroupAdminImpl(groupId);
658 }
659 catch (Exception e) {
660 _log.error(e, e);
661
662 return false;
663 }
664 }
665
666 public boolean isGroupOwner(long groupId) {
667 try {
668 return isGroupOwnerImpl(groupId);
669 }
670 catch (Exception e) {
671 _log.error(e, e);
672
673 return false;
674 }
675 }
676
677 protected void addTeamRoles(long userId, Group group, List<Role> roles)
678 throws Exception {
679
680 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5) ||
681 (PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6)) {
682
683 List<Team> userTeams = TeamLocalServiceUtil.getUserTeams(
684 userId, group.getGroupId());
685
686 for (Team team : userTeams) {
687 Role role = RoleLocalServiceUtil.getTeamRole(
688 team.getCompanyId(), team.getTeamId());
689
690 roles.add(role);
691 }
692
693 LinkedHashMap<String, Object> teamParams =
694 new LinkedHashMap<String, Object>();
695
696 teamParams.put("usersUserGroups", userId);
697
698 List<Team> userGroupTeams = TeamLocalServiceUtil.search(
699 group.getGroupId(), null, null, teamParams, QueryUtil.ALL_POS,
700 QueryUtil.ALL_POS, null);
701
702 for (Team team : userGroupTeams) {
703 Role role = RoleLocalServiceUtil.getTeamRole(
704 team.getCompanyId(), team.getTeamId());
705
706 roles.add(role);
707 }
708 }
709 }
710
711
733 protected List<Resource> getResources(
734 long companyId, long groupId, String name, String primKey,
735 String actionId)
736 throws Exception {
737
738
739
740 List<Resource> resources = new ArrayList<Resource>(4);
741
742 try {
743 Resource resource = ResourceLocalServiceUtil.getResource(
744 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
745
746 resources.add(resource);
747 }
748 catch (NoSuchResourceException nsre) {
749 if (_log.isWarnEnabled()) {
750 _log.warn(
751 "Resource " + companyId + " " + name + " " +
752 ResourceConstants.SCOPE_INDIVIDUAL + " " + primKey +
753 " does not exist");
754 }
755 }
756
757
758
759 try {
760 if (groupId > 0) {
761 Resource resource = ResourceLocalServiceUtil.getResource(
762 companyId, name, ResourceConstants.SCOPE_GROUP,
763 String.valueOf(groupId));
764
765 resources.add(resource);
766 }
767 }
768 catch (NoSuchResourceException nsre) {
769 if (_log.isWarnEnabled()) {
770 _log.warn(
771 "Resource " + companyId + " " + name + " " +
772 ResourceConstants.SCOPE_GROUP + " " + groupId +
773 " does not exist");
774 }
775 }
776
777
778
779 try {
780 if (signedIn && (groupId > 0)) {
781 Resource resource = ResourceLocalServiceUtil.getResource(
782 companyId, name, ResourceConstants.SCOPE_GROUP_TEMPLATE,
783 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID));
784
785 resources.add(resource);
786 }
787 }
788 catch (NoSuchResourceException nsre) {
789 if (_log.isWarnEnabled()) {
790 _log.warn(
791 "Resource " + companyId + " " + name + " " +
792 ResourceConstants.SCOPE_GROUP_TEMPLATE + " " +
793 GroupConstants.DEFAULT_PARENT_GROUP_ID +
794 " does not exist");
795 }
796 }
797
798
799
800 try {
801 Resource resource = ResourceLocalServiceUtil.getResource(
802 companyId, name, ResourceConstants.SCOPE_COMPANY,
803 String.valueOf(companyId));
804
805 resources.add(resource);
806 }
807 catch (NoSuchResourceException nsre) {
808 if (_log.isWarnEnabled()) {
809 _log.warn(
810 "Resource " + companyId + " " + name + " " +
811 ResourceConstants.SCOPE_COMPANY + " " + companyId +
812 " does not exist");
813 }
814 }
815
816 return resources;
817 }
818
819
828 protected List<Organization> getUserOrgs(long userId) throws Exception {
829 List<Organization> userOrgs =
830 OrganizationLocalServiceUtil.getUserOrganizations(userId, true);
831
832 if (userOrgs.size() == 0) {
833 return userOrgs;
834 }
835
836 List<Organization> organizations = new UniqueList<Organization>();
837
838 for (Organization organization : userOrgs) {
839 if (!organizations.contains(organization)) {
840 organizations.add(organization);
841
842 List<Organization> ancestorOrganizations =
843 OrganizationLocalServiceUtil.getParentOrganizations(
844 organization.getOrganizationId());
845
846 organizations.addAll(ancestorOrganizations);
847 }
848 }
849
850 return organizations;
851 }
852
853 protected boolean hasGuestPermission(
854 long groupId, String name, String primKey, String actionId)
855 throws Exception {
856
857 ResourceActionsUtil.checkAction(name, actionId);
858
859 if (name.indexOf(CharPool.PERIOD) != -1) {
860
861
862
863 List<String> actions = ResourceActionsUtil.
864 getModelResourceGuestUnsupportedActions(name);
865
866 if (actions.contains(actionId)) {
867 return false;
868 }
869 }
870 else {
871
872
873
874 List<String> actions = ResourceActionsUtil.
875 getPortletResourceGuestUnsupportedActions(name);
876
877 if (actions.contains(actionId)) {
878 return false;
879 }
880 }
881
882 long companyId = user.getCompanyId();
883
884 List<Resource> resources = getResources(
885 companyId, groupId, name, primKey, actionId);
886
887 PermissionCheckerBag bag = getGuestUserBag();
888
889 try {
890 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
891 ResourceBlockLocalServiceUtil.isSupported(name)) {
892
893 ResourceBlockIdsBag resourceBlockIdsBag =
894 getGuestResourceBlockIdsBag(companyId, groupId, name);
895
896 return ResourceBlockLocalServiceUtil.hasPermission(
897 name, GetterUtil.getLong(primKey), actionId,
898 resourceBlockIdsBag);
899 }
900
901 return PermissionLocalServiceUtil.hasUserPermissions(
902 defaultUserId, groupId, resources, actionId, bag);
903 }
904 catch (Exception e) {
905 _log.error(e, e);
906
907 return false;
908 }
909 }
910
911 protected boolean hasPermissionImpl(
912 long groupId, String name, String primKey, String actionId) {
913
914 try {
915 if (!signedIn) {
916 return hasGuestPermission(groupId, name, primKey, actionId);
917 }
918
919 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
920 ResourceBlockLocalServiceUtil.isSupported(name)) {
921
922
923
924
925
926 return hasUserPermission(
927 groupId, name, primKey, actionId, true);
928 }
929
930 boolean value = false;
931
932 if (checkGuest) {
933 value = hasGuestPermission(
934 groupId, name, primKey, actionId);
935 }
936
937 if (!value) {
938 value = hasUserPermission(
939 groupId, name, primKey, actionId, true);
940 }
941
942 return value;
943 }
944 catch (Exception e) {
945 _log.error(e, e);
946
947 return false;
948 }
949 }
950
951 protected boolean hasUserPermissionImpl(
952 long groupId, String name, String primKey, String actionId,
953 boolean checkAdmin)
954 throws Exception {
955
956 StopWatch stopWatch = null;
957
958 if (_log.isDebugEnabled()) {
959 stopWatch = new StopWatch();
960
961 stopWatch.start();
962 }
963
964 long companyId = user.getCompanyId();
965
966 boolean hasLayoutManagerPermission = true;
967
968
969
970
971 if ((Validator.isNotNull(name)) && (Validator.isNotNull(primKey)) &&
972 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
973
974 hasLayoutManagerPermission =
975 PortletPermissionUtil.hasLayoutManagerPermission(
976 name, actionId);
977 }
978
979 if (checkAdmin &&
980 (isCompanyAdminImpl(companyId) ||
981 (isGroupAdminImpl(groupId) && hasLayoutManagerPermission))) {
982
983 return true;
984 }
985
986 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 1);
987
988 if ((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
989 ResourceBlockLocalServiceUtil.isSupported(name)) {
990
991 ResourceBlockIdsBag resourceBlockIdsBag =
992 getResourceBlockIdsBag(companyId, groupId, getUserId(), name);
993
994 boolean value = ResourceBlockLocalServiceUtil.hasPermission(
995 name, GetterUtil.getLong(primKey), actionId,
996 resourceBlockIdsBag);
997
998 logHasUserPermission(
999 groupId, name, primKey, actionId, stopWatch, 2);
1000
1001 return value;
1002 }
1003
1004 List<Resource> resources = getResources(
1005 companyId, groupId, name, primKey, actionId);
1006
1007 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 3);
1008
1009
1010
1011
1012
1013
1014 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1015
1016 boolean value = PermissionLocalServiceUtil.hasUserPermissions(
1017 user.getUserId(), groupId, resources, actionId, bag);
1018
1019 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 4);
1020
1021 return value;
1022 }
1023
1024 protected boolean isCompanyAdminImpl() throws Exception {
1025 return isCompanyAdminImpl(user.getCompanyId());
1026 }
1027
1028 protected boolean isCompanyAdminImpl(long companyId) throws Exception {
1029 if (!signedIn) {
1030 return false;
1031 }
1032
1033 if (isOmniadmin()) {
1034 return true;
1035 }
1036
1037 Boolean value = companyAdmins.get(companyId);
1038
1039 if (value == null) {
1040 boolean hasAdminRole = RoleLocalServiceUtil.hasUserRole(
1041 user.getUserId(), companyId, RoleConstants.ADMINISTRATOR, true);
1042
1043 value = Boolean.valueOf(hasAdminRole);
1044
1045 companyAdmins.put(companyId, value);
1046 }
1047
1048 return value.booleanValue();
1049 }
1050
1051 protected boolean isGroupAdminImpl(long groupId) throws Exception {
1052 if (!signedIn) {
1053 return false;
1054 }
1055
1056 if (isOmniadmin()) {
1057 return true;
1058 }
1059
1060 if (groupId <= 0) {
1061 return false;
1062 }
1063
1064 Group group = GroupLocalServiceUtil.getGroup(groupId);
1065
1066 if (isCompanyAdmin(group.getCompanyId())) {
1067 return true;
1068 }
1069
1070 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1071
1072 if (bag == null) {
1073 _log.error("Bag should never be null");
1074 }
1075
1076 if (bag.isGroupAdmin(this, group)) {
1077 return true;
1078 }
1079 else {
1080 return false;
1081 }
1082 }
1083
1084 protected boolean isGroupOwnerImpl(long groupId) throws Exception {
1085 if (!signedIn) {
1086 return false;
1087 }
1088
1089 if (isOmniadmin()) {
1090 return true;
1091 }
1092
1093 if (groupId <= 0) {
1094 return false;
1095 }
1096
1097 Group group = GroupLocalServiceUtil.getGroup(groupId);
1098
1099 if (isCompanyAdmin(group.getCompanyId())) {
1100 return true;
1101 }
1102
1103 PermissionCheckerBag bag = getUserBag(user.getUserId(), groupId);
1104
1105 if (bag == null) {
1106 _log.error("Bag should never be null");
1107 }
1108
1109 if (bag.isGroupOwner(this, group)) {
1110 return true;
1111 }
1112 else {
1113 return false;
1114 }
1115 }
1116
1117 protected void logHasUserPermission(
1118 long groupId, String name, String primKey, String actionId,
1119 StopWatch stopWatch, int block) {
1120
1121 if (!_log.isDebugEnabled()) {
1122 return;
1123 }
1124
1125 _log.debug(
1126 "Checking user permission block " + block + " for " + groupId +
1127 " " + name + " " + primKey + " " + actionId + " takes " +
1128 stopWatch.getTime() + " ms");
1129 }
1130
1131
1134 protected static final String RESULTS_SEPARATOR = "_RESULTS_SEPARATOR_";
1135
1136 protected Map<Long, Boolean> companyAdmins = new HashMap<Long, Boolean>();
1137
1138 private static Log _log = LogFactoryUtil.getLog(
1139 AdvancedPermissionChecker.class);
1140
1141 }