001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Layout;
022 import com.liferay.portal.model.PortletConstants;
023 import com.liferay.portal.model.Resource;
024 import com.liferay.portal.model.Role;
025 import com.liferay.portal.model.Team;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.PermissionChecker;
030 import com.liferay.portal.security.permission.PermissionCheckerBag;
031 import com.liferay.portal.security.permission.ResourceActionsUtil;
032 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033 import com.liferay.portal.service.permission.GroupPermissionUtil;
034 import com.liferay.portal.service.permission.LayoutPermissionUtil;
035 import com.liferay.portal.service.permission.PortletPermissionUtil;
036 import com.liferay.portal.service.permission.UserPermissionUtil;
037 import com.liferay.portlet.blogs.model.BlogsEntry;
038 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
039 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
040 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
041 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
042 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
043 import com.liferay.portlet.calendar.model.CalEvent;
044 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
045 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
046 import com.liferay.portlet.documentlibrary.model.DLFolder;
047 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
048 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
049 import com.liferay.portlet.journal.model.JournalArticle;
050 import com.liferay.portlet.journal.model.JournalFeed;
051 import com.liferay.portlet.journal.model.JournalStructure;
052 import com.liferay.portlet.journal.model.JournalTemplate;
053 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
054 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
055 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
056 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
057 import com.liferay.portlet.messageboards.model.MBCategory;
058 import com.liferay.portlet.messageboards.model.MBMessage;
059 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061 import com.liferay.portlet.polls.model.PollsQuestion;
062 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063 import com.liferay.portlet.shopping.model.ShoppingCategory;
064 import com.liferay.portlet.shopping.model.ShoppingItem;
065 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071 import com.liferay.portlet.wiki.model.WikiNode;
072 import com.liferay.portlet.wiki.model.WikiPage;
073 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075
076 import java.util.List;
077 import java.util.Map;
078
079
085 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
086
087
097 public void checkPermission(long groupId, long resourceId)
098 throws PortalException, SystemException {
099
100 checkPermission(getPermissionChecker(), groupId, resourceId);
101 }
102
103
114 public void checkPermission(long groupId, String name, long primKey)
115 throws PortalException, SystemException {
116
117 checkPermission(getPermissionChecker(), groupId, name, primKey);
118 }
119
120
131 public void checkPermission(long groupId, String name, String primKey)
132 throws PortalException, SystemException {
133
134 checkPermission(getPermissionChecker(), groupId, name, primKey);
135 }
136
137
148 public boolean hasGroupPermission(
149 long groupId, String actionId, long resourceId)
150 throws SystemException {
151
152 return permissionLocalService.hasGroupPermission(
153 groupId, actionId, resourceId);
154 }
155
156
167 public boolean hasUserPermission(
168 long userId, String actionId, long resourceId)
169 throws SystemException {
170
171 return permissionLocalService.hasUserPermission(
172 userId, actionId, resourceId);
173 }
174
175
198 public boolean hasUserPermissions(
199 long userId, long groupId, List<Resource> resources,
200 String actionId, PermissionCheckerBag permissionCheckerBag)
201 throws PortalException, SystemException {
202
203 return permissionLocalService.hasUserPermissions(
204 userId, groupId, resources, actionId, permissionCheckerBag);
205 }
206
207
218 public void setGroupPermissions(
219 long groupId, String[] actionIds, long resourceId)
220 throws PortalException, SystemException {
221
222 checkPermission(getPermissionChecker(), groupId, resourceId);
223
224 permissionLocalService.setGroupPermissions(
225 groupId, actionIds, resourceId);
226 }
227
228
245 public void setGroupPermissions(
246 String className, String classPK, long groupId,
247 String[] actionIds, long resourceId)
248 throws PortalException, SystemException {
249
250 checkPermission(getPermissionChecker(), groupId, resourceId);
251
252 permissionLocalService.setGroupPermissions(
253 className, classPK, groupId, actionIds, resourceId);
254 }
255
256
270 public void setIndividualPermissions(
271 long groupId, long companyId,
272 Map<Long, String[]> roleIdsToActionIds, long resourceId)
273 throws PortalException, SystemException {
274
275 checkPermission(getPermissionChecker(), groupId, resourceId);
276
277 permissionLocalService.setRolesPermissions(
278 companyId, roleIdsToActionIds, resourceId);
279 }
280
281
296 public void setOrgGroupPermissions(
297 long organizationId, long groupId, String[] actionIds,
298 long resourceId)
299 throws PortalException, SystemException {
300
301 checkPermission(getPermissionChecker(), groupId, resourceId);
302
303 permissionLocalService.setOrgGroupPermissions(
304 organizationId, groupId, actionIds, resourceId);
305 }
306
307
322 public void setRolePermission(
323 long roleId, long groupId, String name, int scope, String primKey,
324 String actionId)
325 throws PortalException, SystemException {
326
327 checkPermission(
328 getPermissionChecker(), groupId, Role.class.getName(), roleId);
329
330 User user = getUser();
331
332 permissionLocalService.setRolePermission(
333 roleId, user.getCompanyId(), name, scope, primKey, actionId);
334 }
335
336
348 public void setRolePermissions(
349 long roleId, long groupId, String[] actionIds, long resourceId)
350 throws PortalException, SystemException {
351
352 checkPermission(getPermissionChecker(), groupId, resourceId);
353
354 permissionLocalService.setRolePermissions(
355 roleId, actionIds, resourceId);
356 }
357
358
370 public void setUserPermissions(
371 long userId, long groupId, String[] actionIds, long resourceId)
372 throws PortalException, SystemException {
373
374 checkPermission(getPermissionChecker(), groupId, resourceId);
375
376 permissionLocalService.setUserPermissions(
377 userId, actionIds, resourceId);
378 }
379
380
389 public void unsetRolePermission(
390 long roleId, long groupId, long permissionId)
391 throws PortalException, SystemException {
392
393 checkPermission(
394 getPermissionChecker(), groupId, Role.class.getName(), roleId);
395
396 permissionLocalService.unsetRolePermission(roleId, permissionId);
397 }
398
399
412 public void unsetRolePermission(
413 long roleId, long groupId, String name, int scope, String primKey,
414 String actionId)
415 throws PortalException, SystemException {
416
417 checkPermission(
418 getPermissionChecker(), groupId, Role.class.getName(), roleId);
419
420 User user = getUser();
421
422 permissionLocalService.unsetRolePermission(
423 roleId, user.getCompanyId(), name, scope, primKey, actionId);
424 }
425
426
438 public void unsetRolePermissions(
439 long roleId, long groupId, String name, int scope, String actionId)
440 throws PortalException, SystemException {
441
442 checkPermission(
443 getPermissionChecker(), groupId, Role.class.getName(), roleId);
444
445 User user = getUser();
446
447 permissionLocalService.unsetRolePermissions(
448 roleId, user.getCompanyId(), name, scope, actionId);
449 }
450
451
462 public void unsetUserPermissions(
463 long userId, long groupId, String[] actionIds, long resourceId)
464 throws PortalException, SystemException {
465
466 checkPermission(getPermissionChecker(), groupId, resourceId);
467
468 permissionLocalService.unsetUserPermissions(
469 userId, actionIds, resourceId);
470 }
471
472 protected void checkPermission(
473 PermissionChecker permissionChecker, long groupId,
474 long resourceId)
475 throws PortalException, SystemException {
476
477 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
478
479 checkPermission(
480 permissionChecker, groupId, resource.getName(),
481 resource.getPrimKey().toString());
482 }
483
484 protected void checkPermission(
485 PermissionChecker permissionChecker, long groupId, String name,
486 long primKey)
487 throws PortalException, SystemException {
488
489 checkPermission(
490 permissionChecker, groupId, name, String.valueOf(primKey));
491 }
492
493 protected void checkPermission(
494 PermissionChecker permissionChecker, long groupId, String name,
495 String primKey)
496 throws PortalException, SystemException {
497
498 if (name.equals(BlogsEntry.class.getName())) {
499 BlogsEntryPermission.check(
500 permissionChecker, GetterUtil.getLong(primKey),
501 ActionKeys.PERMISSIONS);
502 }
503 else if (name.equals(BookmarksEntry.class.getName())) {
504 BookmarksEntryPermission.check(
505 permissionChecker, GetterUtil.getLong(primKey),
506 ActionKeys.PERMISSIONS);
507 }
508 else if (name.equals(BookmarksFolder.class.getName())) {
509 BookmarksFolderPermission.check(
510 permissionChecker, groupId, GetterUtil.getLong(primKey),
511 ActionKeys.PERMISSIONS);
512 }
513 else if (name.equals(CalEvent.class.getName())) {
514 CalEventPermission.check(
515 permissionChecker, GetterUtil.getLong(primKey),
516 ActionKeys.PERMISSIONS);
517 }
518 else if (name.equals(DLFileEntry.class.getName())) {
519 DLFileEntryPermission.check(
520 permissionChecker, GetterUtil.getLong(primKey),
521 ActionKeys.PERMISSIONS);
522 }
523 else if (name.equals(DLFolder.class.getName())) {
524 DLFolderPermission.check(
525 permissionChecker, groupId, GetterUtil.getLong(primKey),
526 ActionKeys.PERMISSIONS);
527 }
528 else if (name.equals(Group.class.getName())) {
529 GroupPermissionUtil.check(
530 permissionChecker, GetterUtil.getLong(primKey),
531 ActionKeys.PERMISSIONS);
532 }
533 else if (name.equals(JournalArticle.class.getName())) {
534 JournalArticlePermission.check(
535 permissionChecker, GetterUtil.getLong(primKey),
536 ActionKeys.PERMISSIONS);
537 }
538 else if (name.equals(JournalFeed.class.getName())) {
539 JournalFeedPermission.check(
540 permissionChecker, GetterUtil.getLong(primKey),
541 ActionKeys.PERMISSIONS);
542 }
543 else if (name.equals(JournalStructure.class.getName())) {
544 JournalStructurePermission.check(
545 permissionChecker, GetterUtil.getLong(primKey),
546 ActionKeys.PERMISSIONS);
547 }
548 else if (name.equals(JournalTemplate.class.getName())) {
549 JournalTemplatePermission.check(
550 permissionChecker, GetterUtil.getLong(primKey),
551 ActionKeys.PERMISSIONS);
552 }
553 else if (name.equals(Layout.class.getName())) {
554 LayoutPermissionUtil.check(
555 permissionChecker, GetterUtil.getLong(primKey),
556 ActionKeys.PERMISSIONS);
557 }
558 else if (name.equals(MBCategory.class.getName())) {
559 MBCategoryPermission.check(
560 permissionChecker, groupId, GetterUtil.getLong(primKey),
561 ActionKeys.PERMISSIONS);
562 }
563 else if (name.equals(MBMessage.class.getName())) {
564 MBMessagePermission.check(
565 permissionChecker, GetterUtil.getLong(primKey),
566 ActionKeys.PERMISSIONS);
567 }
568 else if (name.equals(PollsQuestion.class.getName())) {
569 PollsQuestionPermission.check(
570 permissionChecker, GetterUtil.getLong(primKey),
571 ActionKeys.PERMISSIONS);
572 }
573 else if (name.equals(SCFrameworkVersion.class.getName())) {
574 SCFrameworkVersionPermission.check(
575 permissionChecker, GetterUtil.getLong(primKey),
576 ActionKeys.PERMISSIONS);
577 }
578 else if (name.equals(SCProductEntry.class.getName())) {
579 SCProductEntryPermission.check(
580 permissionChecker, GetterUtil.getLong(primKey),
581 ActionKeys.PERMISSIONS);
582 }
583 else if (name.equals(ShoppingCategory.class.getName())) {
584 ShoppingCategoryPermission.check(
585 permissionChecker, groupId, GetterUtil.getLong(primKey),
586 ActionKeys.PERMISSIONS);
587 }
588 else if (name.equals(ShoppingItem.class.getName())) {
589 ShoppingItemPermission.check(
590 permissionChecker, GetterUtil.getLong(primKey),
591 ActionKeys.PERMISSIONS);
592 }
593 else if (name.equals(Team.class.getName())) {
594 long teamId = GetterUtil.getLong(primKey);
595
596 Team team = teamPersistence.findByPrimaryKey(teamId);
597
598 GroupPermissionUtil.check(
599 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
600 }
601 else if (name.equals(User.class.getName())) {
602 long userId = GetterUtil.getLong(primKey);
603
604 User user = userPersistence.findByPrimaryKey(userId);
605
606 UserPermissionUtil.check(
607 permissionChecker, userId, user.getOrganizationIds(),
608 ActionKeys.PERMISSIONS);
609 }
610 else if (name.equals(WikiNode.class.getName())) {
611 WikiNodePermission.check(
612 permissionChecker, GetterUtil.getLong(primKey),
613 ActionKeys.PERMISSIONS);
614 }
615 else if (name.equals(WikiPage.class.getName())) {
616 WikiPagePermission.check(
617 permissionChecker, GetterUtil.getLong(primKey),
618 ActionKeys.PERMISSIONS);
619 }
620 else if ((primKey != null) &&
621 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
622
623 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
624
625 long plid = GetterUtil.getLong(primKey.substring(0, pos));
626
627 String portletId = primKey.substring(
628 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
629 primKey.length());
630
631 PortletPermissionUtil.check(
632 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
633 }
634 else if (!permissionChecker.hasPermission(
635 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
636
637 List<String> resourceActions =
638 ResourceActionsUtil.getResourceActions(name);
639
640 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
641 !permissionChecker.hasPermission(
642 groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
643
644 throw new PrincipalException();
645 }
646 }
647 }
648
649 }