001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.AuditedModel;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.GroupedModel;
023 import com.liferay.portal.model.Layout;
024 import com.liferay.portal.model.PermissionedModel;
025 import com.liferay.portal.model.PortletConstants;
026 import com.liferay.portal.model.Resource;
027 import com.liferay.portal.model.ResourceConstants;
028 import com.liferay.portal.model.ResourcePermission;
029 import com.liferay.portal.model.Role;
030 import com.liferay.portal.model.Team;
031 import com.liferay.portal.model.User;
032 import com.liferay.portal.security.auth.PrincipalException;
033 import com.liferay.portal.security.permission.ActionKeys;
034 import com.liferay.portal.security.permission.PermissionChecker;
035 import com.liferay.portal.security.permission.PermissionCheckerBag;
036 import com.liferay.portal.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
038 import com.liferay.portal.service.permission.GroupPermissionUtil;
039 import com.liferay.portal.service.permission.LayoutPermissionUtil;
040 import com.liferay.portal.service.permission.PortletPermissionUtil;
041 import com.liferay.portal.service.permission.TeamPermissionUtil;
042 import com.liferay.portal.service.permission.UserPermissionUtil;
043 import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
044 import com.liferay.portlet.asset.model.AssetRendererFactory;
045 import com.liferay.portlet.blogs.model.BlogsEntry;
046 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
047 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
048 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
049 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
050 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
051 import com.liferay.portlet.calendar.model.CalEvent;
052 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
053 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
054 import com.liferay.portlet.documentlibrary.model.DLFolder;
055 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
056 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
057 import com.liferay.portlet.journal.model.JournalArticle;
058 import com.liferay.portlet.journal.model.JournalFeed;
059 import com.liferay.portlet.journal.model.JournalStructure;
060 import com.liferay.portlet.journal.model.JournalTemplate;
061 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
062 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
063 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
064 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
065 import com.liferay.portlet.messageboards.model.MBCategory;
066 import com.liferay.portlet.messageboards.model.MBMessage;
067 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
068 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
069 import com.liferay.portlet.polls.model.PollsQuestion;
070 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
071 import com.liferay.portlet.shopping.model.ShoppingCategory;
072 import com.liferay.portlet.shopping.model.ShoppingItem;
073 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
074 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
075 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
076 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
077 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
078 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
079 import com.liferay.portlet.wiki.model.WikiNode;
080 import com.liferay.portlet.wiki.model.WikiPage;
081 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
082 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
083
084 import java.util.List;
085 import java.util.Map;
086
087
093 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
094
095
105 @Override
106 public void checkPermission(long groupId, long resourceId)
107 throws PortalException, SystemException {
108
109 checkPermission(getPermissionChecker(), groupId, resourceId);
110 }
111
112
123 @Override
124 public void checkPermission(long groupId, String name, long primKey)
125 throws PortalException, SystemException {
126
127 checkPermission(getPermissionChecker(), groupId, name, primKey);
128 }
129
130
141 @Override
142 public void checkPermission(long groupId, String name, String primKey)
143 throws PortalException, SystemException {
144
145 checkPermission(getPermissionChecker(), groupId, name, primKey);
146 }
147
148
159 @Override
160 public boolean hasGroupPermission(
161 long groupId, String actionId, long resourceId)
162 throws SystemException {
163
164 return permissionLocalService.hasGroupPermission(
165 groupId, actionId, resourceId);
166 }
167
168
179 @Override
180 public boolean hasUserPermission(
181 long userId, String actionId, long resourceId)
182 throws SystemException {
183
184 return permissionLocalService.hasUserPermission(
185 userId, actionId, resourceId);
186 }
187
188
211 @Override
212 public boolean hasUserPermissions(
213 long userId, long groupId, List<Resource> resources,
214 String actionId, PermissionCheckerBag permissionCheckerBag)
215 throws PortalException, SystemException {
216
217 return permissionLocalService.hasUserPermissions(
218 userId, groupId, resources, actionId, permissionCheckerBag);
219 }
220
221
232 @Override
233 public void setGroupPermissions(
234 long groupId, String[] actionIds, long resourceId)
235 throws PortalException, SystemException {
236
237 checkPermission(getPermissionChecker(), groupId, resourceId);
238
239 permissionLocalService.setGroupPermissions(
240 groupId, actionIds, resourceId);
241 }
242
243
260 @Override
261 public void setGroupPermissions(
262 String className, String classPK, long groupId, String[] actionIds,
263 long resourceId)
264 throws PortalException, SystemException {
265
266 checkPermission(getPermissionChecker(), groupId, resourceId);
267
268 permissionLocalService.setGroupPermissions(
269 className, classPK, groupId, actionIds, resourceId);
270 }
271
272
286 @Override
287 public void setIndividualPermissions(
288 long groupId, long companyId,
289 Map<Long, String[]> roleIdsToActionIds, long resourceId)
290 throws PortalException, SystemException {
291
292 checkPermission(getPermissionChecker(), groupId, resourceId);
293
294 permissionLocalService.setRolesPermissions(
295 companyId, roleIdsToActionIds, resourceId);
296 }
297
298
313 @Override
314 public void setOrgGroupPermissions(
315 long organizationId, long groupId, String[] actionIds,
316 long resourceId)
317 throws PortalException, SystemException {
318
319 checkPermission(getPermissionChecker(), groupId, resourceId);
320
321 permissionLocalService.setOrgGroupPermissions(
322 organizationId, groupId, actionIds, resourceId);
323 }
324
325
340 @Override
341 public void setRolePermission(
342 long roleId, long groupId, String name, int scope, String primKey,
343 String actionId)
344 throws PortalException, SystemException {
345
346 checkPermission(
347 getPermissionChecker(), groupId, Role.class.getName(), roleId);
348
349 User user = getUser();
350
351 permissionLocalService.setRolePermission(
352 roleId, user.getCompanyId(), name, scope, primKey, actionId);
353 }
354
355
367 @Override
368 public void setRolePermissions(
369 long roleId, long groupId, String[] actionIds, long resourceId)
370 throws PortalException, SystemException {
371
372 checkPermission(getPermissionChecker(), groupId, resourceId);
373
374 permissionLocalService.setRolePermissions(
375 roleId, actionIds, resourceId);
376 }
377
378
390 @Override
391 public void setUserPermissions(
392 long userId, long groupId, String[] actionIds, long resourceId)
393 throws PortalException, SystemException {
394
395 checkPermission(getPermissionChecker(), groupId, resourceId);
396
397 permissionLocalService.setUserPermissions(
398 userId, actionIds, resourceId);
399 }
400
401
410 @Override
411 public void unsetRolePermission(
412 long roleId, long groupId, long permissionId)
413 throws PortalException, SystemException {
414
415 checkPermission(
416 getPermissionChecker(), groupId, Role.class.getName(), roleId);
417
418 permissionLocalService.unsetRolePermission(roleId, permissionId);
419 }
420
421
434 @Override
435 public void unsetRolePermission(
436 long roleId, long groupId, String name, int scope, String primKey,
437 String actionId)
438 throws PortalException, SystemException {
439
440 checkPermission(
441 getPermissionChecker(), groupId, Role.class.getName(), roleId);
442
443 User user = getUser();
444
445 permissionLocalService.unsetRolePermission(
446 roleId, user.getCompanyId(), name, scope, primKey, actionId);
447 }
448
449
461 @Override
462 public void unsetRolePermissions(
463 long roleId, long groupId, String name, int scope, String actionId)
464 throws PortalException, SystemException {
465
466 checkPermission(
467 getPermissionChecker(), groupId, Role.class.getName(), roleId);
468
469 User user = getUser();
470
471 permissionLocalService.unsetRolePermissions(
472 roleId, user.getCompanyId(), name, scope, actionId);
473 }
474
475
486 @Override
487 public void unsetUserPermissions(
488 long userId, long groupId, String[] actionIds, long resourceId)
489 throws PortalException, SystemException {
490
491 checkPermission(getPermissionChecker(), groupId, resourceId);
492
493 permissionLocalService.unsetUserPermissions(
494 userId, actionIds, resourceId);
495 }
496
497 protected void checkPermission(
498 PermissionChecker permissionChecker, long groupId, long resourceId)
499 throws PortalException, SystemException {
500
501 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
502
503 checkPermission(
504 permissionChecker, groupId, resource.getName(),
505 resource.getPrimKey().toString());
506 }
507
508 protected void checkPermission(
509 PermissionChecker permissionChecker, long groupId, String name,
510 long primKey)
511 throws PortalException, SystemException {
512
513 checkPermission(
514 permissionChecker, groupId, name, String.valueOf(primKey));
515 }
516
517 protected void checkPermission(
518 PermissionChecker permissionChecker, long groupId, String name,
519 String primKey)
520 throws PortalException, SystemException {
521
522 if (name.equals(BlogsEntry.class.getName())) {
523 BlogsEntryPermission.check(
524 permissionChecker, GetterUtil.getLong(primKey),
525 ActionKeys.PERMISSIONS);
526 }
527 else if (name.equals(BookmarksEntry.class.getName())) {
528 BookmarksEntryPermission.check(
529 permissionChecker, GetterUtil.getLong(primKey),
530 ActionKeys.PERMISSIONS);
531 }
532 else if (name.equals(BookmarksFolder.class.getName())) {
533 BookmarksFolderPermission.check(
534 permissionChecker, groupId, GetterUtil.getLong(primKey),
535 ActionKeys.PERMISSIONS);
536 }
537 else if (name.equals(CalEvent.class.getName())) {
538 CalEventPermission.check(
539 permissionChecker, GetterUtil.getLong(primKey),
540 ActionKeys.PERMISSIONS);
541 }
542 else if (name.equals(DLFileEntry.class.getName())) {
543 DLFileEntryPermission.check(
544 permissionChecker, GetterUtil.getLong(primKey),
545 ActionKeys.PERMISSIONS);
546 }
547 else if (name.equals(DLFolder.class.getName())) {
548 DLFolderPermission.check(
549 permissionChecker, groupId, GetterUtil.getLong(primKey),
550 ActionKeys.PERMISSIONS);
551 }
552 else if (name.equals(Group.class.getName())) {
553 GroupPermissionUtil.check(
554 permissionChecker, GetterUtil.getLong(primKey),
555 ActionKeys.PERMISSIONS);
556 }
557 else if (name.equals(JournalArticle.class.getName())) {
558 JournalArticlePermission.check(
559 permissionChecker, GetterUtil.getLong(primKey),
560 ActionKeys.PERMISSIONS);
561 }
562 else if (name.equals(JournalFeed.class.getName())) {
563 JournalFeedPermission.check(
564 permissionChecker, GetterUtil.getLong(primKey),
565 ActionKeys.PERMISSIONS);
566 }
567 else if (name.equals(JournalStructure.class.getName())) {
568 JournalStructurePermission.check(
569 permissionChecker, GetterUtil.getLong(primKey),
570 ActionKeys.PERMISSIONS);
571 }
572 else if (name.equals(JournalTemplate.class.getName())) {
573 JournalTemplatePermission.check(
574 permissionChecker, GetterUtil.getLong(primKey),
575 ActionKeys.PERMISSIONS);
576 }
577 else if (name.equals(Layout.class.getName())) {
578 LayoutPermissionUtil.check(
579 permissionChecker, GetterUtil.getLong(primKey),
580 ActionKeys.PERMISSIONS);
581 }
582 else if (name.equals(MBCategory.class.getName())) {
583 MBCategoryPermission.check(
584 permissionChecker, groupId, GetterUtil.getLong(primKey),
585 ActionKeys.PERMISSIONS);
586 }
587 else if (name.equals(MBMessage.class.getName())) {
588 MBMessagePermission.check(
589 permissionChecker, GetterUtil.getLong(primKey),
590 ActionKeys.PERMISSIONS);
591 }
592 else if (name.equals(PollsQuestion.class.getName())) {
593 PollsQuestionPermission.check(
594 permissionChecker, GetterUtil.getLong(primKey),
595 ActionKeys.PERMISSIONS);
596 }
597 else if (name.equals(SCFrameworkVersion.class.getName())) {
598 SCFrameworkVersionPermission.check(
599 permissionChecker, GetterUtil.getLong(primKey),
600 ActionKeys.PERMISSIONS);
601 }
602 else if (name.equals(SCProductEntry.class.getName())) {
603 SCProductEntryPermission.check(
604 permissionChecker, GetterUtil.getLong(primKey),
605 ActionKeys.PERMISSIONS);
606 }
607 else if (name.equals(ShoppingCategory.class.getName())) {
608 ShoppingCategoryPermission.check(
609 permissionChecker, groupId, GetterUtil.getLong(primKey),
610 ActionKeys.PERMISSIONS);
611 }
612 else if (name.equals(ShoppingItem.class.getName())) {
613 ShoppingItemPermission.check(
614 permissionChecker, GetterUtil.getLong(primKey),
615 ActionKeys.PERMISSIONS);
616 }
617 else if (name.equals(Team.class.getName())) {
618 long teamId = GetterUtil.getLong(primKey);
619
620 Team team = teamPersistence.findByPrimaryKey(teamId);
621
622 GroupPermissionUtil.check(
623 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
624 }
625 else if (name.equals(User.class.getName())) {
626 long userId = GetterUtil.getLong(primKey);
627
628 User user = userPersistence.findByPrimaryKey(userId);
629
630 UserPermissionUtil.check(
631 permissionChecker, userId, user.getOrganizationIds(),
632 ActionKeys.PERMISSIONS);
633 }
634 else if (name.equals(WikiNode.class.getName())) {
635 WikiNodePermission.check(
636 permissionChecker, GetterUtil.getLong(primKey),
637 ActionKeys.PERMISSIONS);
638 }
639 else if (name.equals(WikiPage.class.getName())) {
640 WikiPagePermission.check(
641 permissionChecker, GetterUtil.getLong(primKey),
642 ActionKeys.PERMISSIONS);
643 }
644 else if ((primKey != null) &&
645 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
646
647 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
648
649 long plid = GetterUtil.getLong(primKey.substring(0, pos));
650
651 String portletId = primKey.substring(
652 pos + PortletConstants.LAYOUT_SEPARATOR.length());
653
654 PortletPermissionUtil.check(
655 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
656 }
657 else if (!permissionChecker.hasPermission(
658 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
659
660 AssetRendererFactory assetRendererFactory =
661 AssetRendererFactoryRegistryUtil.
662 getAssetRendererFactoryByClassName(name);
663
664 if (assetRendererFactory != null) {
665 try {
666 if (assetRendererFactory.hasPermission(
667 permissionChecker, GetterUtil.getLong(primKey),
668 ActionKeys.PERMISSIONS)) {
669
670 return;
671 }
672 }
673 catch (Exception e) {
674 }
675 }
676
677 long ownerId = 0;
678
679 if (resourceBlockLocalService.isSupported(name)) {
680 PermissionedModel permissionedModel =
681 resourceBlockLocalService.getPermissionedModel(
682 name, GetterUtil.getLong(primKey));
683
684 if (permissionedModel instanceof GroupedModel) {
685 GroupedModel groupedModel = (GroupedModel)permissionedModel;
686
687 ownerId = groupedModel.getUserId();
688 }
689 else if (permissionedModel instanceof AuditedModel) {
690 AuditedModel auditedModel = (AuditedModel)permissionedModel;
691
692 ownerId = auditedModel.getUserId();
693 }
694 }
695 else {
696 ResourcePermission resourcePermission =
697 resourcePermissionLocalService.getResourcePermission(
698 permissionChecker.getCompanyId(), name,
699 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
700 permissionChecker.getOwnerRoleId());
701
702 ownerId = resourcePermission.getOwnerId();
703 }
704
705 if (permissionChecker.hasOwnerPermission(
706 permissionChecker.getCompanyId(), name, primKey, ownerId,
707 ActionKeys.PERMISSIONS)) {
708
709 return;
710 }
711
712 Role role = null;
713
714 if (name.equals(Role.class.getName())) {
715 long roleId = GetterUtil.getLong(primKey);
716
717 role = rolePersistence.findByPrimaryKey(roleId);
718 }
719
720 if ((role != null) && role.isTeam()) {
721 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
722
723 TeamPermissionUtil.check(
724 permissionChecker, team.getTeamId(),
725 ActionKeys.PERMISSIONS);
726 }
727 else {
728 List<String> resourceActions =
729 ResourceActionsUtil.getResourceActions(name);
730
731 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
732 !permissionChecker.hasPermission(
733 groupId, name, primKey,
734 ActionKeys.DEFINE_PERMISSIONS)) {
735
736 throw new PrincipalException();
737 }
738 }
739 }
740 }
741
742 }