001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.model.ResourceConstants;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.PermissionChecker;
024    import com.liferay.portal.service.UserLocalServiceUtil;
025    import com.liferay.portal.util.PortalUtil;
026    import com.liferay.portal.util.PropsValues;
027    
028    /**
029     * @author Charles May
030     * @author Jorge Ferrer
031     */
032    public class UserPermissionImpl implements UserPermission {
033    
034            /**
035             * @deprecated Replaced by {@link #check(PermissionChecker, long, long[],
036             *             String)}
037             */
038            public void check(
039                            PermissionChecker permissionChecker, long userId,
040                            long organizationId, long locationId, String actionId)
041                    throws PrincipalException {
042    
043                    check(
044                            permissionChecker, userId, new long[] {organizationId, locationId},
045                            actionId);
046            }
047    
048            public void check(
049                            PermissionChecker permissionChecker, long userId,
050                            long[] organizationIds, String actionId)
051                    throws PrincipalException {
052    
053                    if (!contains(permissionChecker, userId, organizationIds, actionId)) {
054                            throw new PrincipalException();
055                    }
056            }
057    
058            public void check(
059                            PermissionChecker permissionChecker, long userId, String actionId)
060                    throws PrincipalException {
061    
062                    if (!contains(permissionChecker, userId, actionId)) {
063                            throw new PrincipalException();
064                    }
065            }
066    
067            /**
068             * @deprecated Replaced by {@link #contains(PermissionChecker, long, long[],
069             *             String)}
070             */
071            public boolean contains(
072                    PermissionChecker permissionChecker, long userId, long organizationId,
073                    long locationId, String actionId) {
074    
075                    return contains(
076                            permissionChecker, userId, new long[] {organizationId, locationId},
077                            actionId);
078            }
079    
080            public boolean contains(
081                    PermissionChecker permissionChecker, long userId,
082                    long[] organizationIds, String actionId) {
083    
084                    if (actionId.equals(ActionKeys.IMPERSONATE) &&
085                            PortalUtil.isOmniadmin(userId) &&
086                            !permissionChecker.isOmniadmin()) {
087    
088                            return false;
089                    }
090    
091                    if (((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 ||
092                              PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
093                             (permissionChecker.hasOwnerPermission(
094                                    permissionChecker.getCompanyId(), User.class.getName(), userId,
095                                    userId, actionId))) ||
096                            (permissionChecker.getUserId() == userId)) {
097    
098                            return true;
099                    }
100                    else if (permissionChecker.hasPermission(
101                                            0, User.class.getName(), userId, actionId)) {
102    
103                            return true;
104                    }
105                    else if (userId != ResourceConstants.PRIMKEY_DNE) {
106                            try {
107                                    if (organizationIds == null) {
108                                            User user = UserLocalServiceUtil.getUserById(userId);
109    
110                                            organizationIds = user.getOrganizationIds();
111                                    }
112    
113                                    for (int i = 0; i < organizationIds.length; i++) {
114                                            long organizationId = organizationIds[i];
115    
116                                            if (OrganizationPermissionUtil.contains(
117                                                            permissionChecker, organizationId,
118                                                            ActionKeys.MANAGE_USERS)) {
119    
120                                                    return true;
121                                            }
122                                    }
123                            }
124                            catch (Exception e) {
125                                    _log.error(e, e);
126                            }
127                    }
128    
129                    return false;
130            }
131    
132            public boolean contains(
133                    PermissionChecker permissionChecker, long userId, String actionId) {
134    
135                    return contains(permissionChecker, userId, null, actionId);
136            }
137    
138            private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
139    
140    }