001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.OrganizationLocalServiceUtil;
026
027 import java.util.List;
028
029
033 public class GroupPermissionImpl implements GroupPermission {
034
035 public void check(
036 PermissionChecker permissionChecker, long groupId,
037 String actionId)
038 throws PortalException, SystemException {
039
040 if (!contains(permissionChecker, groupId, actionId)) {
041 throw new PrincipalException();
042 }
043 }
044
045 public boolean contains(
046 PermissionChecker permissionChecker, long groupId, String actionId)
047 throws PortalException, SystemException {
048
049 Group group = GroupLocalServiceUtil.getGroup(groupId);
050
051 if (group.isStagingGroup()) {
052 group = group.getLiveGroup();
053 }
054
055 if (group.isUser()) {
056
057
058
059
060
061
062 long userId = group.getClassPK();
063
064 List<Organization> organizations =
065 OrganizationLocalServiceUtil.getUserOrganizations(userId);
066
067 for (Organization organization : organizations) {
068 if (OrganizationPermissionUtil.contains(
069 permissionChecker, organization.getOrganizationId(),
070 ActionKeys.MANAGE_USERS)) {
071
072 return true;
073 }
074 }
075 }
076
077 if (actionId.equals(ActionKeys.ADD_LAYOUT)) {
078 if (permissionChecker.hasPermission(
079 groupId, Group.class.getName(), groupId,
080 ActionKeys.MANAGE_LAYOUTS)) {
081
082 return true;
083 }
084 }
085 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
086 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
087 permissionChecker.hasPermission(
088 groupId, Group.class.getName(), groupId,
089 ActionKeys.PUBLISH_STAGING)) {
090
091 return true;
092 }
093 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
094 (permissionChecker.hasPermission(
095 groupId, Group.class.getName(), groupId,
096 ActionKeys.MANAGE_LAYOUTS) ||
097 permissionChecker.hasPermission(
098 groupId, Group.class.getName(), groupId,
099 ActionKeys.MANAGE_STAGING) ||
100 permissionChecker.hasPermission(
101 groupId, Group.class.getName(), groupId,
102 ActionKeys.PUBLISH_STAGING) ||
103 permissionChecker.hasPermission(
104 groupId, Group.class.getName(), groupId,
105 ActionKeys.UPDATE))) {
106
107 return true;
108 }
109
110
111
112 return permissionChecker.hasPermission(
113 groupId, Group.class.getName(), groupId, actionId);
114 }
115
116 }