001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Group;
024    import com.liferay.portal.model.Layout;
025    import com.liferay.portal.model.LayoutTypePortlet;
026    import com.liferay.portal.model.Portlet;
027    import com.liferay.portal.model.PortletConstants;
028    import com.liferay.portal.model.impl.VirtualLayout;
029    import com.liferay.portal.security.auth.PrincipalException;
030    import com.liferay.portal.security.permission.ActionKeys;
031    import com.liferay.portal.security.permission.PermissionChecker;
032    import com.liferay.portal.security.permission.ResourceActionsUtil;
033    import com.liferay.portal.service.LayoutLocalServiceUtil;
034    import com.liferay.portal.service.PortletLocalServiceUtil;
035    import com.liferay.portal.util.PortletCategoryKeys;
036    import com.liferay.portal.util.PropsValues;
037    import com.liferay.portlet.sites.util.SitesUtil;
038    
039    import java.util.Collection;
040    import java.util.List;
041    
042    import javax.portlet.PortletMode;
043    
044    /**
045     * @author Brian Wing Shun Chan
046     * @author Raymond Aug??
047     */
048    public class PortletPermissionImpl implements PortletPermission {
049    
050            public static final boolean DEFAULT_STRICT = false;
051    
052            @Override
053            public void check(
054                            PermissionChecker permissionChecker, Layout layout,
055                            String portletId, String actionId)
056                    throws PortalException, SystemException {
057    
058                    if (!contains(
059                                    permissionChecker, 0, layout, portletId, actionId,
060                                    DEFAULT_STRICT)) {
061    
062                            throw new PrincipalException();
063                    }
064            }
065    
066            @Override
067            public void check(
068                            PermissionChecker permissionChecker, Layout layout,
069                            String portletId, String actionId, boolean strict)
070                    throws PortalException, SystemException {
071    
072                    if (!contains(
073                                    permissionChecker, 0, layout, portletId, actionId, strict)) {
074    
075                            throw new PrincipalException();
076                    }
077            }
078    
079            @Override
080            public void check(
081                            PermissionChecker permissionChecker, long groupId, Layout layout,
082                            String portletId, String actionId)
083                    throws PortalException, SystemException {
084    
085                    if (!contains(
086                                    permissionChecker, groupId, layout, portletId, actionId,
087                                    DEFAULT_STRICT)) {
088    
089                            throw new PrincipalException();
090                    }
091            }
092    
093            @Override
094            public void check(
095                            PermissionChecker permissionChecker, long groupId, Layout layout,
096                            String portletId, String actionId, boolean strict)
097                    throws PortalException, SystemException {
098    
099                    if (!contains(
100                                    permissionChecker, groupId, layout, portletId, actionId,
101                                    strict)) {
102    
103                            throw new PrincipalException();
104                    }
105            }
106    
107            @Override
108            public void check(
109                            PermissionChecker permissionChecker, long groupId, long plid,
110                            String portletId, String actionId)
111                    throws PortalException, SystemException {
112    
113                    check(
114                            permissionChecker, groupId, plid, portletId, actionId,
115                            DEFAULT_STRICT);
116            }
117    
118            @Override
119            public void check(
120                            PermissionChecker permissionChecker, long groupId, long plid,
121                            String portletId, String actionId, boolean strict)
122                    throws PortalException, SystemException {
123    
124                    if (!contains(
125                                    permissionChecker, groupId, plid, portletId, actionId,
126                                    strict)) {
127    
128                            throw new PrincipalException();
129                    }
130            }
131    
132            @Override
133            public void check(
134                            PermissionChecker permissionChecker, long plid, String portletId,
135                            String actionId)
136                    throws PortalException, SystemException {
137    
138                    check(permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
139            }
140    
141            @Override
142            public void check(
143                            PermissionChecker permissionChecker, long plid, String portletId,
144                            String actionId, boolean strict)
145                    throws PortalException, SystemException {
146    
147                    if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
148                            throw new PrincipalException();
149                    }
150            }
151    
152            @Override
153            public void check(
154                            PermissionChecker permissionChecker, String portletId,
155                            String actionId)
156                    throws PortalException, SystemException {
157    
158                    if (!contains(permissionChecker, portletId, actionId)) {
159                            throw new PrincipalException();
160                    }
161            }
162    
163            @Override
164            public boolean contains(
165                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
166                            String actionId)
167                    throws PortalException, SystemException {
168    
169                    return contains(
170                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
171            }
172    
173            @Override
174            public boolean contains(
175                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
176                            String actionId, boolean strict)
177                    throws PortalException, SystemException {
178    
179                    return contains(
180                            permissionChecker, 0, layout, portlet, actionId, strict);
181            }
182    
183            @Override
184            public boolean contains(
185                            PermissionChecker permissionChecker, Layout layout,
186                            String portletId, String actionId)
187                    throws PortalException, SystemException {
188    
189                    return contains(
190                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
191            }
192    
193            @Override
194            public boolean contains(
195                            PermissionChecker permissionChecker, Layout layout,
196                            String portletId, String actionId, boolean strict)
197                    throws PortalException, SystemException {
198    
199                    return contains(
200                            permissionChecker, 0, layout, portletId, actionId, strict);
201            }
202    
203            @Override
204            public boolean contains(
205                            PermissionChecker permissionChecker, long groupId, Layout layout,
206                            Portlet portlet, String actionId)
207                    throws PortalException, SystemException {
208    
209                    return contains(
210                            permissionChecker, groupId, layout, portlet, actionId,
211                            DEFAULT_STRICT);
212            }
213    
214            @Override
215            public boolean contains(
216                            PermissionChecker permissionChecker, long groupId, Layout layout,
217                            Portlet portlet, String actionId, boolean strict)
218                    throws PortalException, SystemException {
219    
220                    if (portlet.isUndeployedPortlet()) {
221                            return false;
222                    }
223    
224                    if (portlet.isSystem() && actionId.equals(ActionKeys.VIEW)) {
225                            return true;
226                    }
227    
228                    return contains(
229                            permissionChecker, groupId, layout, portlet.getPortletId(),
230                            actionId, strict);
231            }
232    
233            @Override
234            public boolean contains(
235                            PermissionChecker permissionChecker, long groupId, Layout layout,
236                            String portletId, String actionId)
237                    throws PortalException, SystemException {
238    
239                    return contains(
240                            permissionChecker, groupId, layout, portletId, actionId,
241                            DEFAULT_STRICT);
242            }
243    
244            @Override
245            public boolean contains(
246                            PermissionChecker permissionChecker, long groupId, Layout layout,
247                            String portletId, String actionId, boolean strict)
248                    throws PortalException, SystemException {
249    
250                    String name = null;
251                    String primKey = null;
252    
253                    if (layout == null) {
254                            name = portletId;
255                            primKey = portletId;
256    
257                            return permissionChecker.hasPermission(
258                                    groupId, name, primKey, actionId);
259                    }
260    
261                    Group group = layout.getGroup();
262    
263                    groupId = group.getGroupId();
264    
265                    name = PortletConstants.getRootPortletId(portletId);
266                    primKey = getPrimaryKey(layout.getPlid(), portletId);
267    
268                    if (!actionId.equals(ActionKeys.VIEW) &&
269                            (layout instanceof VirtualLayout)) {
270    
271                            return hasCustomizePermission(
272                                    permissionChecker, layout, portletId, actionId);
273                    }
274    
275                    if (!group.isLayoutSetPrototype() &&
276                            !SitesUtil.isLayoutUpdateable(layout) &&
277                            actionId.equals(ActionKeys.CONFIGURATION)) {
278    
279                            return false;
280                    }
281    
282                    Boolean hasPermission = StagingPermissionUtil.hasPermission(
283                            permissionChecker, groupId, name, groupId, name, actionId);
284    
285                    if (hasPermission != null) {
286                            return hasPermission.booleanValue();
287                    }
288    
289                    if (actionId.equals(ActionKeys.VIEW) && group.isControlPanel()) {
290                            return true;
291                    }
292    
293                    if (strict) {
294                            return permissionChecker.hasPermission(
295                                    groupId, name, primKey, actionId);
296                    }
297    
298                    if (hasConfigurePermission(
299                                    permissionChecker, layout, portletId, actionId) ||
300                            hasCustomizePermission(
301                                    permissionChecker, layout, portletId, actionId)) {
302    
303                            return true;
304                    }
305    
306                    return permissionChecker.hasPermission(
307                            groupId, name, primKey, actionId);
308            }
309    
310            @Override
311            public boolean contains(
312                    PermissionChecker permissionChecker, long groupId, long plid,
313                    Collection<Portlet> portlets, String actionId) {
314    
315                    for (Portlet portlet : portlets) {
316                            if (permissionChecker.hasPermission(
317                                            groupId, portlet.getPortletId(), portlet.getPortletId(),
318                                            ActionKeys.ACCESS_IN_CONTROL_PANEL)) {
319    
320                                    return true;
321                            }
322                    }
323    
324                    return false;
325            }
326    
327            public boolean contains(
328                            PermissionChecker permissionChecker, long groupId, long plid,
329                            Portlet portlet, String actionId)
330                    throws PortalException, SystemException {
331    
332                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
333    
334                    return contains(
335                            permissionChecker, groupId, layout, portlet, actionId,
336                            DEFAULT_STRICT);
337            }
338    
339            @Override
340            public boolean contains(
341                            PermissionChecker permissionChecker, long groupId, long plid,
342                            Portlet portlet, String actionId, boolean strict)
343                    throws PortalException, SystemException {
344    
345                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
346    
347                    return contains(
348                            permissionChecker, groupId, layout, portlet, actionId, strict);
349            }
350    
351            public boolean contains(
352                            PermissionChecker permissionChecker, long groupId, long plid,
353                            String portletId, String actionId)
354                    throws PortalException, SystemException {
355    
356                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
357    
358                    return contains(
359                            permissionChecker, groupId, layout, portletId, actionId,
360                            DEFAULT_STRICT);
361            }
362    
363            @Override
364            public boolean contains(
365                            PermissionChecker permissionChecker, long groupId, long plid,
366                            String portletId, String actionId, boolean strict)
367                    throws PortalException, SystemException {
368    
369                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
370    
371                    return contains(
372                            permissionChecker, groupId, layout, portletId, actionId, strict);
373            }
374    
375            @Override
376            public boolean contains(
377                            PermissionChecker permissionChecker, long plid, Portlet portlet,
378                            String actionId)
379                    throws PortalException, SystemException {
380    
381                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
382    
383                    return contains(
384                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
385            }
386    
387            @Override
388            public boolean contains(
389                            PermissionChecker permissionChecker, long plid, Portlet portlet,
390                            String actionId, boolean strict)
391                    throws PortalException, SystemException {
392    
393                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
394    
395                    return contains(
396                            permissionChecker, 0, layout, portlet, actionId, strict);
397            }
398    
399            @Override
400            public boolean contains(
401                            PermissionChecker permissionChecker, long plid, String portletId,
402                            String actionId)
403                    throws PortalException, SystemException {
404    
405                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
406    
407                    return contains(
408                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
409            }
410    
411            @Override
412            public boolean contains(
413                            PermissionChecker permissionChecker, long plid, String portletId,
414                            String actionId, boolean strict)
415                    throws PortalException, SystemException {
416    
417                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
418    
419                    return contains(
420                            permissionChecker, 0, layout, portletId, actionId, strict);
421            }
422    
423            @Override
424            public boolean contains(
425                            PermissionChecker permissionChecker, String portletId,
426                            String actionId)
427                    throws PortalException, SystemException {
428    
429                    return contains(permissionChecker, 0, portletId, actionId);
430            }
431    
432            @Override
433            public String getPrimaryKey(long plid, String portletId) {
434                    return String.valueOf(plid).concat(
435                            PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
436            }
437    
438            @Override
439            public boolean hasAccessPermission(
440                            PermissionChecker permissionChecker, long scopeGroupId,
441                            Layout layout, Portlet portlet, PortletMode portletMode)
442                    throws PortalException, SystemException {
443    
444                    if ((layout != null) && layout.isTypeControlPanel()) {
445                            String category = portlet.getControlPanelEntryCategory();
446    
447                            if (Validator.equals(category, PortletCategoryKeys.CONTENT)) {
448                                    layout = null;
449                            }
450                    }
451    
452                    boolean access = contains(
453                            permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
454    
455                    if (access && !PropsValues.TCK_URL &&
456                            portletMode.equals(PortletMode.EDIT)) {
457    
458                            access = contains(
459                                    permissionChecker, scopeGroupId, layout, portlet,
460                                    ActionKeys.PREFERENCES);
461                    }
462    
463                    return access;
464            }
465    
466            @Override
467            public boolean hasConfigurationPermission(
468                            PermissionChecker permissionChecker, long groupId, Layout layout,
469                            String actionId)
470                    throws PortalException, SystemException {
471    
472                    LayoutTypePortlet layoutTypePortlet =
473                            (LayoutTypePortlet)layout.getLayoutType();
474    
475                    for (Portlet portlet : layoutTypePortlet.getAllPortlets()) {
476                            if (contains(
477                                            permissionChecker, groupId, layout, portlet.getPortletId(),
478                                            actionId)) {
479    
480                                    return true;
481                            }
482    
483                            if (contains(
484                                            permissionChecker, groupId, null,
485                                            portlet.getRootPortletId(), actionId)) {
486    
487                                    return true;
488                            }
489                    }
490    
491                    return false;
492            }
493    
494            @Override
495            public boolean hasLayoutManagerPermission(
496                    String portletId, String actionId) {
497    
498                    try {
499                            portletId = PortletConstants.getRootPortletId(portletId);
500    
501                            List<String> layoutManagerActions =
502                                    ResourceActionsUtil.getPortletResourceLayoutManagerActions(
503                                            portletId);
504    
505                            return layoutManagerActions.contains(actionId);
506                    }
507                    catch (Exception e) {
508                            _log.error(e, e);
509    
510                            return false;
511                    }
512            }
513    
514            protected boolean hasConfigurePermission(
515                            PermissionChecker permissionChecker, Layout layout,
516                            String portletId, String actionId)
517                    throws PortalException, SystemException {
518    
519                    if (!actionId.equals(ActionKeys.CONFIGURATION) &&
520                            !actionId.equals(ActionKeys.PREFERENCES) &&
521                            !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
522    
523                            return false;
524                    }
525    
526                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
527                            layout.getCompanyId(), portletId);
528    
529                    if (portlet.isPreferencesUniquePerLayout()) {
530                            return LayoutPermissionUtil.contains(
531                                    permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
532                    }
533    
534                    return GroupPermissionUtil.contains(
535                            permissionChecker, layout.getGroupId(),
536                            ActionKeys.CONFIGURE_PORTLETS);
537            }
538    
539            protected boolean hasCustomizePermission(
540                            PermissionChecker permissionChecker, Layout layout,
541                            String portletId, String actionId)
542                    throws PortalException, SystemException {
543    
544                    LayoutTypePortlet layoutTypePortlet =
545                            (LayoutTypePortlet)layout.getLayoutType();
546    
547                    if (layoutTypePortlet.isCustomizedView() &&
548                            layoutTypePortlet.isPortletCustomizable(portletId) &&
549                            LayoutPermissionUtil.contains(
550                                    permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
551    
552                            if (actionId.equals(ActionKeys.VIEW)) {
553                                    return true;
554                            }
555                            else if (actionId.equals(ActionKeys.CONFIGURATION)) {
556                                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
557                                            layout.getCompanyId(), portletId);
558    
559                                    if (portlet.isPreferencesUniquePerLayout()) {
560                                            return true;
561                                    }
562                            }
563                    }
564    
565                    return false;
566            }
567    
568            private static Log _log = LogFactoryUtil.getLog(
569                    PortletPermissionImpl.class);
570    
571    }