001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.ResourceConstants;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026 import com.liferay.portal.util.PropsValues;
027
028
032 public class UserPermissionImpl implements UserPermission {
033
034
038 public void check(
039 PermissionChecker permissionChecker, long userId,
040 long organizationId, long locationId, String actionId)
041 throws PrincipalException {
042
043 check(
044 permissionChecker, userId, new long[] {organizationId, locationId},
045 actionId);
046 }
047
048 public void check(
049 PermissionChecker permissionChecker, long userId,
050 long[] organizationIds, String actionId)
051 throws PrincipalException {
052
053 if (!contains(
054 permissionChecker, userId, organizationIds, actionId)) {
055
056 throw new PrincipalException();
057 }
058 }
059
060 public void check(
061 PermissionChecker permissionChecker, long userId, String actionId)
062 throws PrincipalException {
063
064 if (!contains(permissionChecker, userId, actionId)) {
065 throw new PrincipalException();
066 }
067 }
068
069
073 public boolean contains(
074 PermissionChecker permissionChecker, long userId, long organizationId,
075 long locationId, String actionId) {
076
077 return contains(
078 permissionChecker, userId, new long[] {organizationId, locationId},
079 actionId);
080 }
081
082 public boolean contains(
083 PermissionChecker permissionChecker, long userId,
084 long[] organizationIds, String actionId) {
085
086 if (actionId.equals(ActionKeys.IMPERSONATE) &&
087 PortalUtil.isOmniadmin(userId) &&
088 !permissionChecker.isOmniadmin()) {
089
090 return false;
091 }
092
093 if (((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 ||
094 PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
095 (permissionChecker.hasOwnerPermission(
096 permissionChecker.getCompanyId(), User.class.getName(), userId,
097 userId, actionId))) ||
098 (permissionChecker.getUserId() == userId)) {
099
100 return true;
101 }
102 else if (permissionChecker.hasPermission(
103 0, User.class.getName(), userId, actionId)) {
104
105 return true;
106 }
107 else if (userId != ResourceConstants.PRIMKEY_DNE) {
108 try {
109 if (organizationIds == null) {
110 User user = UserLocalServiceUtil.getUserById(userId);
111
112 organizationIds = user.getOrganizationIds();
113 }
114
115 for (int i = 0; i < organizationIds.length; i++) {
116 long organizationId = organizationIds[i];
117
118 if (OrganizationPermissionUtil.contains(
119 permissionChecker, organizationId,
120 ActionKeys.MANAGE_USERS)) {
121
122 return true;
123 }
124 }
125 }
126 catch (Exception e) {
127 _log.error(e, e);
128 }
129 }
130
131 return false;
132 }
133
134 public boolean contains(
135 PermissionChecker permissionChecker, long userId, String actionId) {
136
137 return contains(permissionChecker, userId, null, actionId);
138 }
139
140 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
141
142 }