001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.OrganizationConstants;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.service.OrganizationLocalServiceUtil;
025 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
026 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
027 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
028
029 import java.util.Arrays;
030 import java.util.HashMap;
031 import java.util.List;
032 import java.util.Map;
033
034
037 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
038
039 public PermissionCheckerBagImpl() {
040 }
041
042 public PermissionCheckerBagImpl(
043 long userId, List<Group> userGroups, List<Organization> userOrgs,
044 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
045 List<Group> groups, List<Role> roles) {
046
047 _userId = userId;
048 _userGroups = userGroups;
049 _userOrgs = userOrgs;
050 _userOrgGroups = userOrgGroups;
051 _userUserGroupGroups = userUserGroupGroups;
052 _groups = groups;
053 _roles = roles;
054 }
055
056 @Override
057 public List<Group> getGroups() {
058 return _groups;
059 }
060
061 @Override
062 public long[] getRoleIds() {
063 if (_roleIds == null) {
064 List<Role> roles = getRoles();
065
066 long[] roleIds = new long[roles.size()];
067
068 for (int i = 0; i < roles.size(); i++) {
069 Role role = roles.get(i);
070
071 roleIds[i] = role.getRoleId();
072 }
073
074 Arrays.sort(roleIds);
075
076 _roleIds = roleIds;
077 }
078
079 return _roleIds;
080 }
081
082 @Override
083 public List<Role> getRoles() {
084 return _roles;
085 }
086
087 @Override
088 public List<Group> getUserGroups() {
089 return _userGroups;
090 }
091
092 @Override
093 public List<Group> getUserOrgGroups() {
094 return _userOrgGroups;
095 }
096
097 @Override
098 public List<Organization> getUserOrgs() {
099 return _userOrgs;
100 }
101
102 @Override
103 public List<Group> getUserUserGroupGroups() {
104 return _userUserGroupGroups;
105 }
106
107
111 @Override
112 public boolean isCommunityAdmin(
113 PermissionChecker permissionChecker, Group group)
114 throws Exception {
115
116 return isGroupAdmin(permissionChecker, group);
117 }
118
119
123 @Override
124 public boolean isCommunityOwner(
125 PermissionChecker permissionChecker, Group group)
126 throws Exception {
127
128 return isGroupOwner(permissionChecker, group);
129 }
130
131 @Override
132 public boolean isGroupAdmin(
133 PermissionChecker permissionChecker, Group group)
134 throws Exception {
135
136 Boolean value = _groupAdmins.get(group.getGroupId());
137
138 if (value == null) {
139 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
140
141 _groupAdmins.put(group.getGroupId(), value);
142 }
143
144 return value.booleanValue();
145 }
146
147 @Override
148 public boolean isGroupMember(
149 PermissionChecker permissionChecker, Group group)
150 throws Exception {
151
152 for (Role role : _roles) {
153 String name = role.getName();
154
155 if (name.equals(RoleConstants.SITE_MEMBER)) {
156 return true;
157 }
158 }
159
160 if (_userGroups.contains(group)) {
161 return true;
162 }
163
164 return false;
165 }
166
167 @Override
168 public boolean isGroupOwner(
169 PermissionChecker permissionChecker, Group group)
170 throws Exception {
171
172 Boolean value = _groupOwners.get(group.getGroupId());
173
174 if (value == null) {
175 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
176
177 _groupOwners.put(group.getGroupId(), value);
178 }
179
180 return value.booleanValue();
181 }
182
183 @Override
184 public boolean isOrganizationAdmin(
185 PermissionChecker permissionChecker, Organization organization)
186 throws Exception {
187
188 Boolean value = _organizationAdmins.get(
189 organization.getOrganizationId());
190
191 if (value == null) {
192 value = Boolean.valueOf(
193 isOrganizationAdminImpl(permissionChecker, organization));
194
195 _organizationAdmins.put(organization.getOrganizationId(), value);
196 }
197
198 return value.booleanValue();
199 }
200
201 @Override
202 public boolean isOrganizationOwner(
203 PermissionChecker permissionChecker, Organization organization)
204 throws Exception {
205
206 Boolean value = _organizationOwners.get(
207 organization.getOrganizationId());
208
209 if (value == null) {
210 value = Boolean.valueOf(
211 isOrganizationOwnerImpl(permissionChecker, organization));
212
213 _organizationOwners.put(organization.getOrganizationId(), value);
214 }
215
216 return value.booleanValue();
217 }
218
219 protected boolean isGroupAdminImpl(
220 PermissionChecker permissionChecker, Group group)
221 throws PortalException, SystemException {
222
223 if (group.isSite()) {
224 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
225 _userId, group.getGroupId(),
226 RoleConstants.SITE_ADMINISTRATOR, true) ||
227 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
228 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
229 true)) {
230
231 return true;
232 }
233 }
234
235 if (group.isCompany()) {
236 if (permissionChecker.isCompanyAdmin()) {
237 return true;
238 }
239 else {
240 return false;
241 }
242 }
243 else if (group.isLayoutPrototype()) {
244 if (LayoutPrototypePermissionUtil.contains(
245 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
246
247 return true;
248 }
249 else {
250 return false;
251 }
252 }
253 else if (group.isLayoutSetPrototype()) {
254 if (LayoutSetPrototypePermissionUtil.contains(
255 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
256
257 return true;
258 }
259 else {
260 return false;
261 }
262 }
263 else if (group.isOrganization()) {
264 long organizationId = group.getOrganizationId();
265
266 while (organizationId !=
267 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
268
269 Organization organization =
270 OrganizationLocalServiceUtil.getOrganization(
271 organizationId);
272
273 Group organizationGroup = organization.getGroup();
274
275 long organizationGroupId = organizationGroup.getGroupId();
276
277 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
278 _userId, organizationGroupId,
279 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
280 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
281 _userId, organizationGroupId,
282 RoleConstants.ORGANIZATION_OWNER, true)) {
283
284 return true;
285 }
286
287 organizationId = organization.getParentOrganizationId();
288 }
289 }
290
291 return false;
292 }
293
294 protected boolean isGroupOwnerImpl(
295 PermissionChecker permissionChecker, Group group)
296 throws PortalException, SystemException {
297
298 if (group.isSite()) {
299 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
300 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
301 true)) {
302
303 return true;
304 }
305 }
306
307 if (group.isLayoutPrototype()) {
308 if (LayoutPrototypePermissionUtil.contains(
309 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
310
311 return true;
312 }
313 else {
314 return false;
315 }
316 }
317 else if (group.isLayoutSetPrototype()) {
318 if (LayoutSetPrototypePermissionUtil.contains(
319 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
320
321 return true;
322 }
323 else {
324 return false;
325 }
326 }
327 else if (group.isOrganization()) {
328 long organizationId = group.getOrganizationId();
329
330 while (organizationId !=
331 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
332
333 Organization organization =
334 OrganizationLocalServiceUtil.getOrganization(
335 organizationId);
336
337 Group organizationGroup = organization.getGroup();
338
339 long organizationGroupId = organizationGroup.getGroupId();
340
341 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
342 _userId, organizationGroupId,
343 RoleConstants.ORGANIZATION_OWNER, true)) {
344
345 return true;
346 }
347
348 organizationId = organization.getParentOrganizationId();
349 }
350 }
351 else if (group.isUser()) {
352 long userId = group.getClassPK();
353
354 if (userId == _userId) {
355 return true;
356 }
357 }
358
359 return false;
360 }
361
362 protected boolean isOrganizationAdminImpl(
363 PermissionChecker permissionChecker, Organization organization)
364 throws PortalException, SystemException {
365
366 while (organization != null) {
367 Group organizationGroup = organization.getGroup();
368
369 long organizationGroupId = organizationGroup.getGroupId();
370
371 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
372 _userId, organizationGroupId,
373 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
374 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
375 _userId, organizationGroupId,
376 RoleConstants.ORGANIZATION_OWNER, true)) {
377
378 return true;
379 }
380
381 organization = organization.getParentOrganization();
382 }
383
384 return false;
385 }
386
387 protected boolean isOrganizationOwnerImpl(
388 PermissionChecker permissionChecker, Organization organization)
389 throws PortalException, SystemException {
390
391 while (organization != null) {
392 Group organizationGroup = organization.getGroup();
393
394 long organizationGroupId = organizationGroup.getGroupId();
395
396 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
397 _userId, organizationGroupId,
398 RoleConstants.ORGANIZATION_OWNER, true)) {
399
400 return true;
401 }
402
403 organization = organization.getParentOrganization();
404 }
405
406 return false;
407 }
408
409 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
410 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
411 private List<Group> _groups;
412 private Map<Long, Boolean> _organizationAdmins =
413 new HashMap<Long, Boolean>();
414 private Map<Long, Boolean> _organizationOwners =
415 new HashMap<Long, Boolean>();
416 private long[] _roleIds;
417 private List<Role> _roles;
418 private List<Group> _userGroups;
419 private long _userId;
420 private List<Group> _userOrgGroups;
421 private List<Organization> _userOrgs;
422 private List<Group> _userUserGroupGroups;
423
424 }