001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.ResourceConstants;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.UserLocalServiceUtil;
025 import com.liferay.portal.util.PortalUtil;
026 import com.liferay.portal.util.PropsValues;
027
028
032 public class UserPermissionImpl implements UserPermission {
033
034
038 public void check(
039 PermissionChecker permissionChecker, long userId,
040 long organizationId, long locationId, String actionId)
041 throws PrincipalException {
042
043 check(
044 permissionChecker, userId, new long[] {organizationId, locationId},
045 actionId);
046 }
047
048 public void check(
049 PermissionChecker permissionChecker, long userId,
050 long[] organizationIds, String actionId)
051 throws PrincipalException {
052
053 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
054 throw new PrincipalException();
055 }
056 }
057
058 public void check(
059 PermissionChecker permissionChecker, long userId, String actionId)
060 throws PrincipalException {
061
062 if (!contains(permissionChecker, userId, actionId)) {
063 throw new PrincipalException();
064 }
065 }
066
067
071 public boolean contains(
072 PermissionChecker permissionChecker, long userId, long organizationId,
073 long locationId, String actionId) {
074
075 return contains(
076 permissionChecker, userId, new long[] {organizationId, locationId},
077 actionId);
078 }
079
080 public boolean contains(
081 PermissionChecker permissionChecker, long userId,
082 long[] organizationIds, String actionId) {
083
084 if (actionId.equals(ActionKeys.IMPERSONATE) &&
085 PortalUtil.isOmniadmin(userId) &&
086 !permissionChecker.isOmniadmin()) {
087
088 return false;
089 }
090
091 if (((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 ||
092 PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
093 (permissionChecker.hasOwnerPermission(
094 permissionChecker.getCompanyId(), User.class.getName(), userId,
095 userId, actionId))) ||
096 (permissionChecker.getUserId() == userId)) {
097
098 return true;
099 }
100 else if (permissionChecker.hasPermission(
101 0, User.class.getName(), userId, actionId)) {
102
103 return true;
104 }
105 else if (userId != ResourceConstants.PRIMKEY_DNE) {
106 try {
107 if (organizationIds == null) {
108 User user = UserLocalServiceUtil.getUserById(userId);
109
110 organizationIds = user.getOrganizationIds();
111 }
112
113 for (int i = 0; i < organizationIds.length; i++) {
114 long organizationId = organizationIds[i];
115
116 if (OrganizationPermissionUtil.contains(
117 permissionChecker, organizationId,
118 ActionKeys.MANAGE_USERS)) {
119
120 return true;
121 }
122 }
123 }
124 catch (Exception e) {
125 _log.error(e, e);
126 }
127 }
128
129 return false;
130 }
131
132 public boolean contains(
133 PermissionChecker permissionChecker, long userId, String actionId) {
134
135 return contains(permissionChecker, userId, null, actionId);
136 }
137
138 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
139
140 }