001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.PermissionChecker;
024    import com.liferay.portal.service.GroupLocalServiceUtil;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     * @author Raymond Aug??
030     */
031    public class GroupPermissionImpl implements GroupPermission {
032    
033            @Override
034            public void check(
035                            PermissionChecker permissionChecker, Group group, String actionId)
036                    throws PortalException, SystemException {
037    
038                    if (!contains(permissionChecker, group, actionId)) {
039                            throw new PrincipalException();
040                    }
041            }
042    
043            @Override
044            public void check(
045                            PermissionChecker permissionChecker, long groupId, String actionId)
046                    throws PortalException, SystemException {
047    
048                    if (!contains(permissionChecker, groupId, actionId)) {
049                            throw new PrincipalException();
050                    }
051            }
052    
053            @Override
054            public void check(PermissionChecker permissionChecker, String actionId)
055                    throws PortalException {
056    
057                    if (!contains(permissionChecker, actionId)) {
058                            throw new PrincipalException();
059                    }
060            }
061    
062            @Override
063            public boolean contains(
064                            PermissionChecker permissionChecker, Group group, String actionId)
065                    throws PortalException, SystemException {
066    
067                    long groupId = group.getGroupId();
068    
069                    if (group.isStagingGroup()) {
070                            group = group.getLiveGroup();
071                    }
072    
073                    if (group.isUser()) {
074    
075                            // An individual user would never reach this block because he would
076                            // be an administrator of his own layouts. However, a user who
077                            // manages a set of organizations may be modifying pages of a user
078                            // he manages.
079    
080                            User user = UserLocalServiceUtil.getUserById(group.getClassPK());
081    
082                            if ((permissionChecker.getUserId() != user.getUserId()) &&
083                                    UserPermissionUtil.contains(
084                                            permissionChecker, user.getUserId(),
085                                            user.getOrganizationIds(), ActionKeys.UPDATE)) {
086    
087                                    return true;
088                            }
089                    }
090    
091                    if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
092                            permissionChecker.hasPermission(
093                                    groupId, Group.class.getName(), groupId,
094                                    ActionKeys.MANAGE_LAYOUTS)) {
095    
096                            return true;
097                    }
098                    else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
099                                      actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
100                                     permissionChecker.hasPermission(
101                                             groupId, Group.class.getName(), groupId,
102                                             ActionKeys.PUBLISH_STAGING)) {
103    
104                            return true;
105                    }
106                    else if (actionId.equals(ActionKeys.VIEW) &&
107                                     (permissionChecker.hasPermission(
108                                             groupId, Group.class.getName(), groupId,
109                                             ActionKeys.ASSIGN_USER_ROLES) ||
110                                      permissionChecker.hasPermission(
111                                             groupId, Group.class.getName(), groupId,
112                                             ActionKeys.MANAGE_LAYOUTS))) {
113    
114                            return true;
115                    }
116                    else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
117                                     (permissionChecker.hasPermission(
118                                             groupId, Group.class.getName(), groupId,
119                                             ActionKeys.MANAGE_LAYOUTS) ||
120                                      permissionChecker.hasPermission(
121                                             groupId, Group.class.getName(), groupId,
122                                             ActionKeys.MANAGE_STAGING) ||
123                                      permissionChecker.hasPermission(
124                                             groupId, Group.class.getName(), groupId,
125                                             ActionKeys.PUBLISH_STAGING) ||
126                                      permissionChecker.hasPermission(
127                                             groupId, Group.class.getName(), groupId,
128                                             ActionKeys.UPDATE))) {
129    
130                            return true;
131                    }
132    
133                    // Group id must be set so that users can modify their personal pages
134    
135                    return permissionChecker.hasPermission(
136                            groupId, Group.class.getName(), groupId, actionId);
137            }
138    
139            @Override
140            public boolean contains(
141                            PermissionChecker permissionChecker, long groupId, String actionId)
142                    throws PortalException, SystemException {
143    
144                    Group group = GroupLocalServiceUtil.getGroup(groupId);
145    
146                    return contains(permissionChecker, group, actionId);
147            }
148    
149            @Override
150            public boolean contains(
151                    PermissionChecker permissionChecker, String actionId) {
152    
153                    return permissionChecker.hasPermission(
154                            0, Group.class.getName(), 0, actionId);
155            }
156    
157    }