001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Organization;
021    import com.liferay.portal.model.OrganizationConstants;
022    import com.liferay.portal.model.Role;
023    import com.liferay.portal.model.RoleConstants;
024    import com.liferay.portal.service.OrganizationLocalServiceUtil;
025    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
026    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
027    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
028    
029    import java.util.Arrays;
030    import java.util.HashMap;
031    import java.util.List;
032    import java.util.Map;
033    
034    /**
035     * @author Brian Wing Shun Chan
036     */
037    public class PermissionCheckerBagImpl implements PermissionCheckerBag {
038    
039            public PermissionCheckerBagImpl() {
040            }
041    
042            public PermissionCheckerBagImpl(
043                    long userId, List<Group> userGroups, List<Organization> userOrgs,
044                    List<Group> userOrgGroups, List<Group> userUserGroupGroups,
045                    List<Group> groups, List<Role> roles) {
046    
047                    _userId = userId;
048                    _userGroups = userGroups;
049                    _userOrgs = userOrgs;
050                    _userOrgGroups = userOrgGroups;
051                    _userUserGroupGroups = userUserGroupGroups;
052                    _groups = groups;
053                    _roles = roles;
054            }
055    
056            public List<Group> getUserGroups() {
057                    return _userGroups;
058            }
059    
060            public List<Organization> getUserOrgs() {
061                    return _userOrgs;
062            }
063    
064            public List<Group> getUserOrgGroups() {
065                    return _userOrgGroups;
066            }
067    
068            public List<Group> getUserUserGroupGroups() {
069                    return _userUserGroupGroups;
070            }
071    
072            public List<Group> getGroups() {
073                    return _groups;
074            }
075    
076            public long[] getRoleIds() {
077                    if (_roleIds == null) {
078                            List<Role> roles = getRoles();
079    
080                            long[] roleIds = new long[roles.size()];
081    
082                            for (int i = 0; i < roles.size(); i++) {
083                                    Role role = roles.get(i);
084    
085                                    roleIds[i] = role.getRoleId();
086                            }
087    
088                            Arrays.sort(roleIds);
089    
090                            _roleIds = roleIds;
091                    }
092    
093                    return _roleIds;
094            }
095    
096            public List<Role> getRoles() {
097                    return _roles;
098            }
099    
100            /**
101             * @deprecated As of 6.1, renamed to {@link #isGroupAdmin(PermissionChecker,
102             *             Group)}
103             */
104            public boolean isCommunityAdmin(
105                            PermissionChecker permissionChecker, Group group)
106                    throws Exception {
107    
108                    return isGroupAdmin(permissionChecker, group);
109            }
110    
111            /**
112             * @deprecated As of 6.1, renamed to {@link #isGroupOwner(PermissionChecker,
113             *             Group)}
114             */
115            public boolean isCommunityOwner(
116                            PermissionChecker permissionChecker, Group group)
117                    throws Exception {
118    
119                    return isGroupOwner(permissionChecker, group);
120            }
121    
122            public boolean isGroupAdmin(
123                            PermissionChecker permissionChecker, Group group)
124                    throws Exception {
125    
126                    Boolean value = _groupAdmins.get(group.getGroupId());
127    
128                    if (value == null) {
129                            value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
130    
131                            _groupAdmins.put(group.getGroupId(), value);
132                    }
133    
134                    return value.booleanValue();
135            }
136    
137            public boolean isGroupOwner(
138                            PermissionChecker permissionChecker, Group group)
139                    throws Exception {
140    
141                    Boolean value = _groupOwners.get(group.getGroupId());
142    
143                    if (value == null) {
144                            value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
145    
146                            _groupOwners.put(group.getGroupId(), value);
147                    }
148    
149                    return value.booleanValue();
150            }
151    
152            protected boolean isGroupAdminImpl(
153                            PermissionChecker permissionChecker, Group group)
154                    throws PortalException, SystemException {
155    
156                    if (group.isSite()) {
157                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
158                                            _userId, group.getGroupId(),
159                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
160                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
161                                            _userId, group.getGroupId(),
162                                            RoleConstants.SITE_OWNER, true)) {
163    
164                                    return true;
165                            }
166                    }
167    
168                    if (group.isCompany()) {
169                            if (permissionChecker.isCompanyAdmin()) {
170                                    return true;
171                            }
172                            else {
173                                    return false;
174                            }
175                    }
176                    else if (group.isLayoutPrototype()) {
177                            if (LayoutPrototypePermissionUtil.contains(
178                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
179    
180                                    return true;
181                            }
182                            else {
183                                    return false;
184                            }
185                    }
186                    else if (group.isLayoutSetPrototype()) {
187                            if (LayoutSetPrototypePermissionUtil.contains(
188                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
189    
190                                    return true;
191                            }
192                            else {
193                                    return false;
194                            }
195                    }
196                    else if (group.isOrganization()) {
197                            long organizationId = group.getOrganizationId();
198    
199                            while (organizationId !=
200                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
201    
202                                    Organization organization =
203                                            OrganizationLocalServiceUtil.getOrganization(
204                                                    organizationId);
205    
206                                    Group organizationGroup = organization.getGroup();
207    
208                                    long organizationGroupId = organizationGroup.getGroupId();
209    
210                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
211                                                    _userId, organizationGroupId,
212                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
213                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
214                                                    _userId, organizationGroupId,
215                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
216    
217                                            return true;
218                                    }
219    
220                                    organizationId = organization.getParentOrganizationId();
221                            }
222                    }
223    
224                    return false;
225            }
226    
227            protected boolean isGroupOwnerImpl(
228                            PermissionChecker permissionChecker, Group group)
229                    throws PortalException, SystemException {
230    
231                    if (group.isSite()) {
232                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
233                                            _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
234                                            true)) {
235    
236                                    return true;
237                            }
238                    }
239    
240                    if (group.isLayoutPrototype()) {
241                            if (LayoutPrototypePermissionUtil.contains(
242                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
243    
244                                    return true;
245                            }
246                            else {
247                                    return false;
248                            }
249                    }
250                    else if (group.isLayoutSetPrototype()) {
251                            if (LayoutSetPrototypePermissionUtil.contains(
252                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
253    
254                                    return true;
255                            }
256                            else {
257                                    return false;
258                            }
259                    }
260                    else if (group.isOrganization()) {
261                            long organizationId = group.getOrganizationId();
262    
263                            while (organizationId !=
264                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
265    
266                                    Organization organization =
267                                            OrganizationLocalServiceUtil.getOrganization(
268                                                    organizationId);
269    
270                                    Group organizationGroup = organization.getGroup();
271    
272                                    long organizationGroupId = organizationGroup.getGroupId();
273    
274                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
275                                                    _userId, organizationGroupId,
276                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
277    
278                                            return true;
279                                    }
280    
281                                    organizationId = organization.getParentOrganizationId();
282                            }
283                    }
284                    else if (group.isUser()) {
285                            long userId = group.getClassPK();
286    
287                            if (userId == _userId) {
288                                    return true;
289                            }
290                    }
291    
292                    return false;
293            }
294    
295            private long _userId;
296            private List<Group> _userGroups;
297            private List<Organization> _userOrgs;
298            private List<Group> _userOrgGroups;
299            private List<Group> _userUserGroupGroups;
300            private List<Group> _groups;
301            private long[] _roleIds;
302            private List<Role> _roles;
303            private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
304            private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
305    
306    }