001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Organization;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.PermissionChecker;
024    import com.liferay.portal.service.GroupLocalServiceUtil;
025    import com.liferay.portal.service.OrganizationLocalServiceUtil;
026    
027    import java.util.List;
028    
029    /**
030     * @author Brian Wing Shun Chan
031     * @author Raymond Augé
032     */
033    public class GroupPermissionImpl implements GroupPermission {
034    
035            public void check(
036                            PermissionChecker permissionChecker, long groupId,
037                            String actionId)
038                    throws PortalException, SystemException {
039    
040                    if (!contains(permissionChecker, groupId, actionId)) {
041                            throw new PrincipalException();
042                    }
043            }
044    
045            public boolean contains(
046                            PermissionChecker permissionChecker, long groupId, String actionId)
047                    throws PortalException, SystemException {
048    
049                    Group group = GroupLocalServiceUtil.getGroup(groupId);
050    
051                    if (group.isStagingGroup()) {
052                            group = group.getLiveGroup();
053                    }
054    
055                    if (group.isUser()) {
056    
057                            // An individual user would never reach this block because he would
058                            // be an administrator of his own layouts. However, a user who
059                            // manages a set of organizations may be modifying pages of a user
060                            // he manages.
061    
062                            long userId = group.getClassPK();
063    
064                            List<Organization> organizations =
065                                    OrganizationLocalServiceUtil.getUserOrganizations(userId);
066    
067                            for (Organization organization : organizations) {
068                                    if (OrganizationPermissionUtil.contains(
069                                                    permissionChecker, organization.getOrganizationId(),
070                                                    ActionKeys.MANAGE_USERS)) {
071    
072                                            return true;
073                                    }
074                            }
075                    }
076    
077                    if (actionId.equals(ActionKeys.ADD_LAYOUT)) {
078                            if (permissionChecker.hasPermission(
079                                            groupId, Group.class.getName(), groupId,
080                                            ActionKeys.MANAGE_LAYOUTS)) {
081    
082                                    return true;
083                            }
084                    }
085                    else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
086                                      actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
087                                     permissionChecker.hasPermission(
088                                             groupId, Group.class.getName(), groupId,
089                                             ActionKeys.PUBLISH_STAGING)) {
090    
091                            return true;
092                    }
093                    else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
094                                     (permissionChecker.hasPermission(
095                                             groupId, Group.class.getName(), groupId,
096                                             ActionKeys.MANAGE_LAYOUTS) ||
097                                      permissionChecker.hasPermission(
098                                             groupId, Group.class.getName(), groupId,
099                                             ActionKeys.MANAGE_STAGING) ||
100                                      permissionChecker.hasPermission(
101                                             groupId, Group.class.getName(), groupId,
102                                             ActionKeys.PUBLISH_STAGING) ||
103                                      permissionChecker.hasPermission(
104                                             groupId, Group.class.getName(), groupId,
105                                             ActionKeys.UPDATE))) {
106    
107                            return true;
108                    }
109    
110                    // Group id must be set so that users can modify their personal pages
111    
112                    return permissionChecker.hasPermission(
113                            groupId, Group.class.getName(), groupId, actionId);
114            }
115    
116    }