001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.Group;
021    import com.liferay.portal.model.Layout;
022    import com.liferay.portal.model.PortletConstants;
023    import com.liferay.portal.model.Resource;
024    import com.liferay.portal.model.Role;
025    import com.liferay.portal.model.Team;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.auth.PrincipalException;
028    import com.liferay.portal.security.permission.ActionKeys;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.PermissionCheckerBag;
031    import com.liferay.portal.security.permission.ResourceActionsUtil;
032    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033    import com.liferay.portal.service.permission.GroupPermissionUtil;
034    import com.liferay.portal.service.permission.LayoutPermissionUtil;
035    import com.liferay.portal.service.permission.PortletPermissionUtil;
036    import com.liferay.portal.service.permission.UserPermissionUtil;
037    import com.liferay.portlet.blogs.model.BlogsEntry;
038    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
039    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
040    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
041    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
042    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
043    import com.liferay.portlet.calendar.model.CalEvent;
044    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
045    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
046    import com.liferay.portlet.documentlibrary.model.DLFolder;
047    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
048    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
049    import com.liferay.portlet.journal.model.JournalArticle;
050    import com.liferay.portlet.journal.model.JournalFeed;
051    import com.liferay.portlet.journal.model.JournalStructure;
052    import com.liferay.portlet.journal.model.JournalTemplate;
053    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
054    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
055    import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
056    import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
057    import com.liferay.portlet.messageboards.model.MBCategory;
058    import com.liferay.portlet.messageboards.model.MBMessage;
059    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061    import com.liferay.portlet.polls.model.PollsQuestion;
062    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063    import com.liferay.portlet.shopping.model.ShoppingCategory;
064    import com.liferay.portlet.shopping.model.ShoppingItem;
065    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071    import com.liferay.portlet.wiki.model.WikiNode;
072    import com.liferay.portlet.wiki.model.WikiPage;
073    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075    
076    import java.util.List;
077    import java.util.Map;
078    
079    /**
080     * The implementation of the permission remote service.
081     *
082     * @author Brian Wing Shun Chan
083     * @author Raymond Augé
084     */
085    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
086    
087            /**
088             * Checks to see if the group has permission to the resource.
089             *
090             * @param  groupId the primary key of the group
091             * @param  resourceId the primary key of the resource
092             * @throws PortalException if the group did not have permission to the
093             *         resource, or if a group or resource with the primary key could
094             *         not be found or was invalid
095             * @throws SystemException if a system exception occurred
096             */
097            public void checkPermission(long groupId, long resourceId)
098                    throws PortalException, SystemException {
099    
100                    checkPermission(getPermissionChecker(), groupId, resourceId);
101            }
102    
103            /**
104             * Checks to see if the group has permission to the service.
105             *
106             * @param  groupId the primary key of the group
107             * @param  name the service name
108             * @param  primKey the primary key of the service
109             * @throws PortalException if the group did not have permission to the
110             *         service, if a group with the primary key could not be found or if
111             *         the permission information was invalid
112             * @throws SystemException if a system exception occurred
113             */
114            public void checkPermission(long groupId, String name, long primKey)
115                    throws PortalException, SystemException {
116    
117                    checkPermission(getPermissionChecker(), groupId, name, primKey);
118            }
119    
120            /**
121             * Checks to see if the group has permission to the service.
122             *
123             * @param  groupId the primary key of the group
124             * @param  name the service name
125             * @param  primKey the primary key of the service
126             * @throws PortalException if the group did not have permission to the
127             *         service, if a group with the primary key could not be found or if
128             *         the permission information was invalid
129             * @throws SystemException if a system exception occurred
130             */
131            public void checkPermission(long groupId, String name, String primKey)
132                    throws PortalException, SystemException {
133    
134                    checkPermission(getPermissionChecker(), groupId, name, primKey);
135            }
136    
137            /**
138             * Returns <code>true</code> if the group has permission to perform the
139             * action on the resource.
140             *
141             * @param  groupId the primary key of the group
142             * @param  actionId the action's ID
143             * @param  resourceId the primary key of the resource
144             * @return <code>true</code> if the group has permission to perform the
145             *         action on the resource; <code>false</code> otherwise
146             * @throws SystemException if a system exception occurred
147             */
148            public boolean hasGroupPermission(
149                            long groupId, String actionId, long resourceId)
150                    throws SystemException {
151    
152                    return permissionLocalService.hasGroupPermission(
153                            groupId, actionId, resourceId);
154            }
155    
156            /**
157             * Returns <code>true</code> if the user has permission to perform the
158             * action on the resource.
159             *
160             * @param  userId the primary key of the user
161             * @param  actionId the action's ID
162             * @param  resourceId the primary key of the resource
163             * @return <code>true</code> if the user has permission to perform the
164             *         action on the resource; <code>false</code> otherwise
165             * @throws SystemException if a system exception occurred
166             */
167            public boolean hasUserPermission(
168                            long userId, String actionId, long resourceId)
169                    throws SystemException {
170    
171                    return permissionLocalService.hasUserPermission(
172                            userId, actionId, resourceId);
173            }
174    
175            /**
176             * Returns <code>true</code> if the user has permission to perform the
177             * action on the resources.
178             *
179             * <p>
180             * This method does not support resources managed by the resource block
181             * system.
182             * </p>
183             *
184             * @param  userId the primary key of the user
185             * @param  groupId the primary key of the group containing the resource
186             * @param  resources representations of the resource at each scope level
187             *         returned by {@link
188             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
189             *         long, long, String, String, String)}
190             * @param  actionId the action's ID
191             * @param  permissionCheckerBag the permission checker bag
192             * @return <code>true</code> if the user has permission to perform the
193             *         action on the resources; <code>false</code> otherwise
194             * @throws PortalException if a resource action based on any one of the
195             *         resources and the action ID could not be found
196             * @throws SystemException if a system exception occurred
197             */
198            public boolean hasUserPermissions(
199                            long userId, long groupId, List<Resource> resources,
200                            String actionId, PermissionCheckerBag permissionCheckerBag)
201                    throws PortalException, SystemException {
202    
203                    return permissionLocalService.hasUserPermissions(
204                            userId, groupId, resources, actionId, permissionCheckerBag);
205            }
206    
207            /**
208             * Sets the group's permissions to perform the actions on the resource,
209             * replacing the group's existing permissions on the resource.
210             *
211             * @param  groupId the primary key of the group
212             * @param  actionIds the primary keys of the actions
213             * @param  resourceId the primary key of the resource
214             * @throws PortalException if a group with the primary key could not be
215             *         found or if the group did not have permission to the resource
216             * @throws SystemException if a system exception occurred
217             */
218            public void setGroupPermissions(
219                            long groupId, String[] actionIds, long resourceId)
220                    throws PortalException, SystemException {
221    
222                    checkPermission(getPermissionChecker(), groupId, resourceId);
223    
224                    permissionLocalService.setGroupPermissions(
225                            groupId, actionIds, resourceId);
226            }
227    
228            /**
229             * Sets the entity's group permissions to perform the actions on the
230             * resource, replacing the entity's existing group permissions on the
231             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
232             * com.liferay.portal.model.UserGroup} class entities are supported.
233             *
234             * @param  className the class name of an organization or user group
235             * @param  classPK the primary key of the class
236             * @param  groupId the primary key of the group
237             * @param  actionIds the primary keys of the actions
238             * @param  resourceId the primary key of the resource
239             * @throws PortalException if the group did not have permission to the
240             *         resource, if an entity with the class name and primary key could
241             *         not be found, or if the entity's associated group could not be
242             *         found
243             * @throws SystemException if a system exception occurred
244             */
245            public void setGroupPermissions(
246                            String className, String classPK, long groupId,
247                            String[] actionIds, long resourceId)
248                    throws PortalException, SystemException {
249    
250                    checkPermission(getPermissionChecker(), groupId, resourceId);
251    
252                    permissionLocalService.setGroupPermissions(
253                            className, classPK, groupId, actionIds, resourceId);
254            }
255    
256            /**
257             * Sets the permissions of each role to perform respective actions on the
258             * resource, replacing the existing permissions of each role on the
259             * resource.
260             *
261             * @param  groupId the primary key of the group
262             * @param  companyId the primary key of the company
263             * @param  roleIdsToActionIds the map of roles to their new actions on the
264             *         resource
265             * @param  resourceId the primary key of the resource
266             * @throws PortalException if the group did not have permission to the
267             *         resource
268             * @throws SystemException if a system exception occurred
269             */
270            public void setIndividualPermissions(
271                            long groupId, long companyId,
272                            Map<Long, String[]> roleIdsToActionIds, long resourceId)
273                    throws PortalException, SystemException {
274    
275                    checkPermission(getPermissionChecker(), groupId, resourceId);
276    
277                    permissionLocalService.setRolesPermissions(
278                            companyId, roleIdsToActionIds, resourceId);
279            }
280    
281            /**
282             * Sets the organization permission to perform the actions on the resource
283             * for a particular group, replacing the organization's existing permissions
284             * on the resource.
285             *
286             * @param  organizationId the primary key of the organization
287             * @param  groupId the primary key of the group in which to scope the
288             *         permissions
289             * @param  actionIds the primary keys of the actions
290             * @param  resourceId the primary key of the resource
291             * @throws PortalException if the group did not have permission to the
292             *         resource or if an organization with the primary key could not be
293             *         found
294             * @throws SystemException if a system exception occurred
295             */
296            public void setOrgGroupPermissions(
297                            long organizationId, long groupId, String[] actionIds,
298                            long resourceId)
299                    throws PortalException, SystemException {
300    
301                    checkPermission(getPermissionChecker(), groupId, resourceId);
302    
303                    permissionLocalService.setOrgGroupPermissions(
304                            organizationId, groupId, actionIds, resourceId);
305            }
306    
307            /**
308             * Sets the role's permissions to perform the action on the named resource,
309             * replacing the role's existing permissions on the resource.
310             *
311             * @param  roleId the primary key of the role
312             * @param  groupId the primary key of the group
313             * @param  name the resource name
314             * @param  scope the resource scope
315             * @param  primKey the resource primKey
316             * @param  actionId the action's ID
317             * @throws PortalException if the group did not have permission to the role
318             *         or if the scope was {@link
319             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
320             * @throws SystemException if a system exception occurred
321             */
322            public void setRolePermission(
323                            long roleId, long groupId, String name, int scope, String primKey,
324                            String actionId)
325                    throws PortalException, SystemException {
326    
327                    checkPermission(
328                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
329    
330                    User user = getUser();
331    
332                    permissionLocalService.setRolePermission(
333                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
334            }
335    
336            /**
337             * Sets the role's permissions to perform the actions on the resource,
338             * replacing the role's existing permissions on the resource.
339             *
340             * @param  roleId the primary key of the role
341             * @param  groupId the primary key of the group
342             * @param  actionIds the primary keys of the actions
343             * @param  resourceId the primary key of the resource
344             * @throws PortalException if the group did not have permission to the
345             *         resource or if a role with the primary key could not be found
346             * @throws SystemException if a system exception occurred
347             */
348            public void setRolePermissions(
349                            long roleId, long groupId, String[] actionIds, long resourceId)
350                    throws PortalException, SystemException {
351    
352                    checkPermission(getPermissionChecker(), groupId, resourceId);
353    
354                    permissionLocalService.setRolePermissions(
355                            roleId, actionIds, resourceId);
356            }
357    
358            /**
359             * Sets the user's permissions to perform the actions on the resource,
360             * replacing the user's existing permissions on the resource.
361             *
362             * @param  userId the primary key of the user
363             * @param  groupId the primary key of the group
364             * @param  actionIds the primary keys of the actions
365             * @param  resourceId the primary key of the resource
366             * @throws PortalException if the group did not have permission to the
367             *         resource or if a user with the primary key could not be found
368             * @throws SystemException if a system exception occurred
369             */
370            public void setUserPermissions(
371                            long userId, long groupId, String[] actionIds, long resourceId)
372                    throws PortalException, SystemException {
373    
374                    checkPermission(getPermissionChecker(), groupId, resourceId);
375    
376                    permissionLocalService.setUserPermissions(
377                            userId, actionIds, resourceId);
378            }
379    
380            /**
381             * Removes the permission from the role.
382             *
383             * @param  roleId the primary key of the role
384             * @param  groupId the primary key of the group
385             * @param  permissionId the primary key of the permission
386             * @throws PortalException if the group did not have permission to the role
387             * @throws SystemException if a system exception occurred
388             */
389            public void unsetRolePermission(
390                            long roleId, long groupId, long permissionId)
391                    throws PortalException, SystemException {
392    
393                    checkPermission(
394                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
395    
396                    permissionLocalService.unsetRolePermission(roleId, permissionId);
397            }
398    
399            /**
400             * Removes the role's permissions to perform the action on the named
401             * resource with the scope and primKey.
402             *
403             * @param  roleId the primary key of the role
404             * @param  groupId the primary key of the group
405             * @param  name the resource name
406             * @param  scope the resource scope
407             * @param  primKey the resource primKey
408             * @param  actionId the action's ID
409             * @throws PortalException if the group did not have permission to the role
410             * @throws SystemException if a system exception occurred
411             */
412            public void unsetRolePermission(
413                            long roleId, long groupId, String name, int scope, String primKey,
414                            String actionId)
415                    throws PortalException, SystemException {
416    
417                    checkPermission(
418                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
419    
420                    User user = getUser();
421    
422                    permissionLocalService.unsetRolePermission(
423                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
424            }
425    
426            /**
427             * Removes the role's permissions to perform the action on the named
428             * resource.
429             *
430             * @param  roleId the primary key of the role
431             * @param  groupId the primary key of the group
432             * @param  name the resource name
433             * @param  scope the resource scope
434             * @param  actionId the action's ID
435             * @throws PortalException if the group did not have permission to the role
436             * @throws SystemException if a system exception occurred
437             */
438            public void unsetRolePermissions(
439                            long roleId, long groupId, String name, int scope, String actionId)
440                    throws PortalException, SystemException {
441    
442                    checkPermission(
443                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
444    
445                    User user = getUser();
446    
447                    permissionLocalService.unsetRolePermissions(
448                            roleId, user.getCompanyId(), name, scope, actionId);
449            }
450    
451            /**
452             * Removes the user's permissions to perform the actions on the resource.
453             *
454             * @param  userId the primary key of the user
455             * @param  groupId the primary key of the group
456             * @param  actionIds the primary keys of the actions
457             * @param  resourceId the primary key of the resource
458             * @throws PortalException if the group did not have permission to the
459             *         resource
460             * @throws SystemException if a system exception occurred
461             */
462            public void unsetUserPermissions(
463                            long userId, long groupId, String[] actionIds, long resourceId)
464                    throws PortalException, SystemException {
465    
466                    checkPermission(getPermissionChecker(), groupId, resourceId);
467    
468                    permissionLocalService.unsetUserPermissions(
469                            userId, actionIds, resourceId);
470            }
471    
472            protected void checkPermission(
473                            PermissionChecker permissionChecker, long groupId,
474                            long resourceId)
475                    throws PortalException, SystemException {
476    
477                    Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
478    
479                    checkPermission(
480                            permissionChecker, groupId, resource.getName(),
481                            resource.getPrimKey().toString());
482            }
483    
484            protected void checkPermission(
485                            PermissionChecker permissionChecker, long groupId, String name,
486                            long primKey)
487                    throws PortalException, SystemException {
488    
489                    checkPermission(
490                            permissionChecker, groupId, name, String.valueOf(primKey));
491            }
492    
493            protected void checkPermission(
494                            PermissionChecker permissionChecker, long groupId, String name,
495                            String primKey)
496                    throws PortalException, SystemException {
497    
498                    if (name.equals(BlogsEntry.class.getName())) {
499                            BlogsEntryPermission.check(
500                                    permissionChecker, GetterUtil.getLong(primKey),
501                                    ActionKeys.PERMISSIONS);
502                    }
503                    else if (name.equals(BookmarksEntry.class.getName())) {
504                            BookmarksEntryPermission.check(
505                                    permissionChecker, GetterUtil.getLong(primKey),
506                                    ActionKeys.PERMISSIONS);
507                    }
508                    else if (name.equals(BookmarksFolder.class.getName())) {
509                            BookmarksFolderPermission.check(
510                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
511                                    ActionKeys.PERMISSIONS);
512                    }
513                    else if (name.equals(CalEvent.class.getName())) {
514                            CalEventPermission.check(
515                                    permissionChecker, GetterUtil.getLong(primKey),
516                                    ActionKeys.PERMISSIONS);
517                    }
518                    else if (name.equals(DLFileEntry.class.getName())) {
519                            DLFileEntryPermission.check(
520                                    permissionChecker, GetterUtil.getLong(primKey),
521                                    ActionKeys.PERMISSIONS);
522                    }
523                    else if (name.equals(DLFolder.class.getName())) {
524                            DLFolderPermission.check(
525                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
526                                    ActionKeys.PERMISSIONS);
527                    }
528                    else if (name.equals(Group.class.getName())) {
529                            GroupPermissionUtil.check(
530                                    permissionChecker, GetterUtil.getLong(primKey),
531                                    ActionKeys.PERMISSIONS);
532                    }
533                    else if (name.equals(JournalArticle.class.getName())) {
534                            JournalArticlePermission.check(
535                                    permissionChecker, GetterUtil.getLong(primKey),
536                                    ActionKeys.PERMISSIONS);
537                    }
538                    else if (name.equals(JournalFeed.class.getName())) {
539                            JournalFeedPermission.check(
540                                    permissionChecker, GetterUtil.getLong(primKey),
541                                    ActionKeys.PERMISSIONS);
542                    }
543                    else if (name.equals(JournalStructure.class.getName())) {
544                            JournalStructurePermission.check(
545                                    permissionChecker, GetterUtil.getLong(primKey),
546                                    ActionKeys.PERMISSIONS);
547                    }
548                    else if (name.equals(JournalTemplate.class.getName())) {
549                            JournalTemplatePermission.check(
550                                    permissionChecker, GetterUtil.getLong(primKey),
551                                    ActionKeys.PERMISSIONS);
552                    }
553                    else if (name.equals(Layout.class.getName())) {
554                            LayoutPermissionUtil.check(
555                                    permissionChecker, GetterUtil.getLong(primKey),
556                                    ActionKeys.PERMISSIONS);
557                    }
558                    else if (name.equals(MBCategory.class.getName())) {
559                            MBCategoryPermission.check(
560                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
561                                    ActionKeys.PERMISSIONS);
562                    }
563                    else if (name.equals(MBMessage.class.getName())) {
564                            MBMessagePermission.check(
565                                    permissionChecker, GetterUtil.getLong(primKey),
566                                    ActionKeys.PERMISSIONS);
567                    }
568                    else if (name.equals(PollsQuestion.class.getName())) {
569                            PollsQuestionPermission.check(
570                                    permissionChecker, GetterUtil.getLong(primKey),
571                                    ActionKeys.PERMISSIONS);
572                    }
573                    else if (name.equals(SCFrameworkVersion.class.getName())) {
574                            SCFrameworkVersionPermission.check(
575                                    permissionChecker, GetterUtil.getLong(primKey),
576                                    ActionKeys.PERMISSIONS);
577                    }
578                    else if (name.equals(SCProductEntry.class.getName())) {
579                            SCProductEntryPermission.check(
580                                    permissionChecker, GetterUtil.getLong(primKey),
581                                    ActionKeys.PERMISSIONS);
582                    }
583                    else if (name.equals(ShoppingCategory.class.getName())) {
584                            ShoppingCategoryPermission.check(
585                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
586                                    ActionKeys.PERMISSIONS);
587                    }
588                    else if (name.equals(ShoppingItem.class.getName())) {
589                            ShoppingItemPermission.check(
590                                    permissionChecker, GetterUtil.getLong(primKey),
591                                    ActionKeys.PERMISSIONS);
592                    }
593                    else if (name.equals(Team.class.getName())) {
594                            long teamId = GetterUtil.getLong(primKey);
595    
596                            Team team = teamPersistence.findByPrimaryKey(teamId);
597    
598                            GroupPermissionUtil.check(
599                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
600                    }
601                    else if (name.equals(User.class.getName())) {
602                            long userId = GetterUtil.getLong(primKey);
603    
604                            User user = userPersistence.findByPrimaryKey(userId);
605    
606                            UserPermissionUtil.check(
607                                    permissionChecker, userId, user.getOrganizationIds(),
608                                    ActionKeys.PERMISSIONS);
609                    }
610                    else if (name.equals(WikiNode.class.getName())) {
611                            WikiNodePermission.check(
612                                    permissionChecker, GetterUtil.getLong(primKey),
613                                    ActionKeys.PERMISSIONS);
614                    }
615                    else if (name.equals(WikiPage.class.getName())) {
616                            WikiPagePermission.check(
617                                    permissionChecker, GetterUtil.getLong(primKey),
618                                    ActionKeys.PERMISSIONS);
619                    }
620                    else if ((primKey != null) &&
621                                     (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
622    
623                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
624    
625                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
626    
627                            String portletId = primKey.substring(
628                                    pos + PortletConstants.LAYOUT_SEPARATOR.length(),
629                                    primKey.length());
630    
631                            PortletPermissionUtil.check(
632                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
633                    }
634                    else if (!permissionChecker.hasPermission(
635                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
636    
637                            List<String> resourceActions =
638                                    ResourceActionsUtil.getResourceActions(name);
639    
640                            if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
641                                    !permissionChecker.hasPermission(
642                                            groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
643    
644                                    throw new PrincipalException();
645                            }
646                    }
647            }
648    
649    }