001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.kernel.util.Validator;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.LayoutSet;
023 import com.liferay.portal.model.LayoutSetPrototype;
024 import com.liferay.portal.model.Organization;
025 import com.liferay.portal.security.auth.PrincipalException;
026 import com.liferay.portal.security.permission.ActionKeys;
027 import com.liferay.portal.security.permission.PermissionChecker;
028 import com.liferay.portal.service.GroupLocalServiceUtil;
029 import com.liferay.portal.service.LayoutSetLocalServiceUtil;
030 import com.liferay.portal.service.LayoutSetPrototypeLocalServiceUtil;
031 import com.liferay.portal.service.OrganizationLocalServiceUtil;
032
033 import java.util.List;
034
035
039 public class GroupPermissionImpl implements GroupPermission {
040
041 public void check(
042 PermissionChecker permissionChecker, long groupId,
043 String actionId)
044 throws PortalException, SystemException {
045
046 if (!contains(permissionChecker, groupId, actionId)) {
047 throw new PrincipalException();
048 }
049 }
050
051 public boolean contains(
052 PermissionChecker permissionChecker, long groupId, String actionId)
053 throws PortalException, SystemException {
054
055 Group group = GroupLocalServiceUtil.getGroup(groupId);
056
057 if (group.isStagingGroup()) {
058 group = group.getLiveGroup();
059 }
060
061 if (group.isUser()) {
062
063
064
065
066
067
068 long userId = group.getClassPK();
069
070 List<Organization> organizations =
071 OrganizationLocalServiceUtil.getUserOrganizations(userId);
072
073 for (Organization organization : organizations) {
074 if (OrganizationPermissionUtil.contains(
075 permissionChecker, organization.getOrganizationId(),
076 ActionKeys.MANAGE_USERS)) {
077
078 return true;
079 }
080 }
081 }
082
083 if (actionId.equals(ActionKeys.ADD_LAYOUT)) {
084 LayoutSet layoutSet = LayoutSetLocalServiceUtil.getLayoutSet(
085 groupId, false);
086
087 if (layoutSet.isLayoutSetPrototypeLinkEnabled()) {
088 LayoutSetPrototype layoutSetPrototype =
089 LayoutSetPrototypeLocalServiceUtil.
090 getLayoutSetPrototypeByUuid(
091 layoutSet.getLayoutSetPrototypeUuid());
092
093 String allowLayoutAdditions =
094 layoutSetPrototype.getSettingsProperty(
095 "allowLayoutAdditions");
096
097 if (Validator.isNotNull(allowLayoutAdditions) &&
098 !GetterUtil.getBoolean(allowLayoutAdditions)) {
099
100 return false;
101 }
102 }
103
104 if (permissionChecker.hasPermission(
105 groupId, Group.class.getName(), groupId,
106 ActionKeys.MANAGE_LAYOUTS)) {
107
108 return true;
109 }
110 }
111 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
112 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
113 permissionChecker.hasPermission(
114 groupId, Group.class.getName(), groupId,
115 ActionKeys.PUBLISH_STAGING)) {
116
117 return true;
118 }
119 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
120 (permissionChecker.hasPermission(
121 groupId, Group.class.getName(), groupId,
122 ActionKeys.MANAGE_LAYOUTS) ||
123 permissionChecker.hasPermission(
124 groupId, Group.class.getName(), groupId,
125 ActionKeys.MANAGE_STAGING) ||
126 permissionChecker.hasPermission(
127 groupId, Group.class.getName(), groupId,
128 ActionKeys.PUBLISH_STAGING) ||
129 permissionChecker.hasPermission(
130 groupId, Group.class.getName(), groupId,
131 ActionKeys.UPDATE))) {
132
133 return true;
134 }
135
136
137
138 return permissionChecker.hasPermission(
139 groupId, Group.class.getName(), groupId, actionId);
140 }
141
142 }