001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.OrganizationConstants;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.service.OrganizationLocalServiceUtil;
025 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
026 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
027 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
028
029 import java.util.Arrays;
030 import java.util.HashMap;
031 import java.util.List;
032 import java.util.Map;
033
034
037 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
038
039 public PermissionCheckerBagImpl() {
040 }
041
042 public PermissionCheckerBagImpl(
043 long userId, List<Group> userGroups, List<Organization> userOrgs,
044 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
045 List<Group> groups, List<Role> roles) {
046
047 _userId = userId;
048 _userGroups = userGroups;
049 _userOrgs = userOrgs;
050 _userOrgGroups = userOrgGroups;
051 _userUserGroupGroups = userUserGroupGroups;
052 _groups = groups;
053 _roles = roles;
054 }
055
056 public List<Group> getUserGroups() {
057 return _userGroups;
058 }
059
060 public List<Organization> getUserOrgs() {
061 return _userOrgs;
062 }
063
064 public List<Group> getUserOrgGroups() {
065 return _userOrgGroups;
066 }
067
068 public List<Group> getUserUserGroupGroups() {
069 return _userUserGroupGroups;
070 }
071
072 public List<Group> getGroups() {
073 return _groups;
074 }
075
076 public long[] getRoleIds() {
077 if (_roleIds == null) {
078 List<Role> roles = getRoles();
079
080 long[] roleIds = new long[roles.size()];
081
082 for (int i = 0; i < roles.size(); i++) {
083 Role role = roles.get(i);
084
085 roleIds[i] = role.getRoleId();
086 }
087
088 Arrays.sort(roleIds);
089
090 _roleIds = roleIds;
091 }
092
093 return _roleIds;
094 }
095
096 public List<Role> getRoles() {
097 return _roles;
098 }
099
100
104 public boolean isCommunityAdmin(
105 PermissionChecker permissionChecker, Group group)
106 throws Exception {
107
108 return isGroupAdmin(permissionChecker, group);
109 }
110
111
115 public boolean isCommunityOwner(
116 PermissionChecker permissionChecker, Group group)
117 throws Exception {
118
119 return isGroupOwner(permissionChecker, group);
120 }
121
122 public boolean isGroupAdmin(
123 PermissionChecker permissionChecker, Group group)
124 throws Exception {
125
126 Boolean value = _groupAdmins.get(group.getGroupId());
127
128 if (value == null) {
129 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
130
131 _groupAdmins.put(group.getGroupId(), value);
132 }
133
134 return value.booleanValue();
135 }
136
137 public boolean isGroupOwner(
138 PermissionChecker permissionChecker, Group group)
139 throws Exception {
140
141 Boolean value = _groupOwners.get(group.getGroupId());
142
143 if (value == null) {
144 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
145
146 _groupOwners.put(group.getGroupId(), value);
147 }
148
149 return value.booleanValue();
150 }
151
152 protected boolean isGroupAdminImpl(
153 PermissionChecker permissionChecker, Group group)
154 throws PortalException, SystemException {
155
156 if (group.isSite()) {
157 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
158 _userId, group.getGroupId(),
159 RoleConstants.SITE_ADMINISTRATOR, true) ||
160 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
161 _userId, group.getGroupId(),
162 RoleConstants.SITE_OWNER, true)) {
163
164 return true;
165 }
166 }
167
168 if (group.isCompany()) {
169 if (permissionChecker.isCompanyAdmin()) {
170 return true;
171 }
172 else {
173 return false;
174 }
175 }
176 else if (group.isLayoutPrototype()) {
177 if (LayoutPrototypePermissionUtil.contains(
178 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
179
180 return true;
181 }
182 else {
183 return false;
184 }
185 }
186 else if (group.isLayoutSetPrototype()) {
187 if (LayoutSetPrototypePermissionUtil.contains(
188 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
189
190 return true;
191 }
192 else {
193 return false;
194 }
195 }
196 else if (group.isOrganization()) {
197 long organizationId = group.getOrganizationId();
198
199 while (organizationId !=
200 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
201
202 Organization organization =
203 OrganizationLocalServiceUtil.getOrganization(
204 organizationId);
205
206 Group organizationGroup = organization.getGroup();
207
208 long organizationGroupId = organizationGroup.getGroupId();
209
210 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
211 _userId, organizationGroupId,
212 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
213 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
214 _userId, organizationGroupId,
215 RoleConstants.ORGANIZATION_OWNER, true)) {
216
217 return true;
218 }
219
220 organizationId = organization.getParentOrganizationId();
221 }
222 }
223
224 return false;
225 }
226
227 protected boolean isGroupOwnerImpl(
228 PermissionChecker permissionChecker, Group group)
229 throws PortalException, SystemException {
230
231 if (group.isSite()) {
232 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
233 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
234 true)) {
235
236 return true;
237 }
238 }
239
240 if (group.isLayoutPrototype()) {
241 if (LayoutPrototypePermissionUtil.contains(
242 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
243
244 return true;
245 }
246 else {
247 return false;
248 }
249 }
250 else if (group.isLayoutSetPrototype()) {
251 if (LayoutSetPrototypePermissionUtil.contains(
252 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
253
254 return true;
255 }
256 else {
257 return false;
258 }
259 }
260 else if (group.isOrganization()) {
261 long organizationId = group.getOrganizationId();
262
263 while (organizationId !=
264 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
265
266 Organization organization =
267 OrganizationLocalServiceUtil.getOrganization(
268 organizationId);
269
270 Group organizationGroup = organization.getGroup();
271
272 long organizationGroupId = organizationGroup.getGroupId();
273
274 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
275 _userId, organizationGroupId,
276 RoleConstants.ORGANIZATION_OWNER, true)) {
277
278 return true;
279 }
280
281 organizationId = organization.getParentOrganizationId();
282 }
283 }
284 else if (group.isUser()) {
285 long userId = group.getClassPK();
286
287 if (userId == _userId) {
288 return true;
289 }
290 }
291
292 return false;
293 }
294
295 private long _userId;
296 private List<Group> _userGroups;
297 private List<Organization> _userOrgs;
298 private List<Group> _userOrgGroups;
299 private List<Group> _userUserGroupGroups;
300 private List<Group> _groups;
301 private long[] _roleIds;
302 private List<Role> _roles;
303 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
304 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
305
306 }