001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.AuditedModel;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.GroupedModel;
023 import com.liferay.portal.model.Layout;
024 import com.liferay.portal.model.PermissionedModel;
025 import com.liferay.portal.model.PortletConstants;
026 import com.liferay.portal.model.ResourceConstants;
027 import com.liferay.portal.model.ResourcePermission;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.Team;
030 import com.liferay.portal.model.User;
031 import com.liferay.portal.security.auth.PrincipalException;
032 import com.liferay.portal.security.permission.ActionKeys;
033 import com.liferay.portal.security.permission.PermissionChecker;
034 import com.liferay.portal.security.permission.ResourceActionsUtil;
035 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036 import com.liferay.portal.service.permission.GroupPermissionUtil;
037 import com.liferay.portal.service.permission.LayoutPermissionUtil;
038 import com.liferay.portal.service.permission.PortletPermissionUtil;
039 import com.liferay.portal.service.permission.TeamPermissionUtil;
040 import com.liferay.portal.service.permission.UserPermissionUtil;
041 import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
042 import com.liferay.portlet.asset.model.AssetRendererFactory;
043 import com.liferay.portlet.blogs.model.BlogsEntry;
044 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
045 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
046 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
047 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
048 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
049 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
050 import com.liferay.portlet.documentlibrary.model.DLFolder;
051 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
052 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
053 import com.liferay.portlet.journal.model.JournalArticle;
054 import com.liferay.portlet.journal.model.JournalFeed;
055 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
056 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
057 import com.liferay.portlet.messageboards.model.MBCategory;
058 import com.liferay.portlet.messageboards.model.MBMessage;
059 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061 import com.liferay.portlet.polls.model.PollsQuestion;
062 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063 import com.liferay.portlet.shopping.model.ShoppingCategory;
064 import com.liferay.portlet.shopping.model.ShoppingItem;
065 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071 import com.liferay.portlet.wiki.model.WikiNode;
072 import com.liferay.portlet.wiki.model.WikiPage;
073 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075
076 import java.util.List;
077
078
084 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
085
086
097 @Override
098 public void checkPermission(long groupId, String name, long primKey)
099 throws PortalException, SystemException {
100
101 checkPermission(
102 getPermissionChecker(), groupId, name, String.valueOf(primKey));
103 }
104
105
116 @Override
117 public void checkPermission(long groupId, String name, String primKey)
118 throws PortalException, SystemException {
119
120 checkPermission(getPermissionChecker(), groupId, name, primKey);
121 }
122
123 protected void checkPermission(
124 PermissionChecker permissionChecker, long groupId, String name,
125 String primKey)
126 throws PortalException, SystemException {
127
128 if (name.equals(BlogsEntry.class.getName())) {
129 BlogsEntryPermission.check(
130 permissionChecker, GetterUtil.getLong(primKey),
131 ActionKeys.PERMISSIONS);
132 }
133 else if (name.equals(BookmarksEntry.class.getName())) {
134 BookmarksEntryPermission.check(
135 permissionChecker, GetterUtil.getLong(primKey),
136 ActionKeys.PERMISSIONS);
137 }
138 else if (name.equals(BookmarksFolder.class.getName())) {
139 BookmarksFolderPermission.check(
140 permissionChecker, groupId, GetterUtil.getLong(primKey),
141 ActionKeys.PERMISSIONS);
142 }
143 else if (name.equals(DLFileEntry.class.getName())) {
144 DLFileEntryPermission.check(
145 permissionChecker, GetterUtil.getLong(primKey),
146 ActionKeys.PERMISSIONS);
147 }
148 else if (name.equals(DLFolder.class.getName())) {
149 DLFolderPermission.check(
150 permissionChecker, groupId, GetterUtil.getLong(primKey),
151 ActionKeys.PERMISSIONS);
152 }
153 else if (name.equals(Group.class.getName())) {
154 GroupPermissionUtil.check(
155 permissionChecker, GetterUtil.getLong(primKey),
156 ActionKeys.PERMISSIONS);
157 }
158 else if (name.equals(JournalArticle.class.getName())) {
159 JournalArticlePermission.check(
160 permissionChecker, GetterUtil.getLong(primKey),
161 ActionKeys.PERMISSIONS);
162 }
163 else if (name.equals(JournalFeed.class.getName())) {
164 JournalFeedPermission.check(
165 permissionChecker, GetterUtil.getLong(primKey),
166 ActionKeys.PERMISSIONS);
167 }
168 else if (name.equals(Layout.class.getName())) {
169 LayoutPermissionUtil.check(
170 permissionChecker, GetterUtil.getLong(primKey),
171 ActionKeys.PERMISSIONS);
172 }
173 else if (name.equals(MBCategory.class.getName())) {
174 MBCategoryPermission.check(
175 permissionChecker, groupId, GetterUtil.getLong(primKey),
176 ActionKeys.PERMISSIONS);
177 }
178 else if (name.equals(MBMessage.class.getName())) {
179 MBMessagePermission.check(
180 permissionChecker, GetterUtil.getLong(primKey),
181 ActionKeys.PERMISSIONS);
182 }
183 else if (name.equals(PollsQuestion.class.getName())) {
184 PollsQuestionPermission.check(
185 permissionChecker, GetterUtil.getLong(primKey),
186 ActionKeys.PERMISSIONS);
187 }
188 else if (name.equals(SCFrameworkVersion.class.getName())) {
189 SCFrameworkVersionPermission.check(
190 permissionChecker, GetterUtil.getLong(primKey),
191 ActionKeys.PERMISSIONS);
192 }
193 else if (name.equals(SCProductEntry.class.getName())) {
194 SCProductEntryPermission.check(
195 permissionChecker, GetterUtil.getLong(primKey),
196 ActionKeys.PERMISSIONS);
197 }
198 else if (name.equals(ShoppingCategory.class.getName())) {
199 ShoppingCategoryPermission.check(
200 permissionChecker, groupId, GetterUtil.getLong(primKey),
201 ActionKeys.PERMISSIONS);
202 }
203 else if (name.equals(ShoppingItem.class.getName())) {
204 ShoppingItemPermission.check(
205 permissionChecker, GetterUtil.getLong(primKey),
206 ActionKeys.PERMISSIONS);
207 }
208 else if (name.equals(Team.class.getName())) {
209 long teamId = GetterUtil.getLong(primKey);
210
211 Team team = teamPersistence.findByPrimaryKey(teamId);
212
213 GroupPermissionUtil.check(
214 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
215 }
216 else if (name.equals(User.class.getName())) {
217 long userId = GetterUtil.getLong(primKey);
218
219 User user = userPersistence.findByPrimaryKey(userId);
220
221 UserPermissionUtil.check(
222 permissionChecker, userId, user.getOrganizationIds(),
223 ActionKeys.PERMISSIONS);
224 }
225 else if (name.equals(WikiNode.class.getName())) {
226 WikiNodePermission.check(
227 permissionChecker, GetterUtil.getLong(primKey),
228 ActionKeys.PERMISSIONS);
229 }
230 else if (name.equals(WikiPage.class.getName())) {
231 WikiPagePermission.check(
232 permissionChecker, GetterUtil.getLong(primKey),
233 ActionKeys.PERMISSIONS);
234 }
235 else if ((primKey != null) &&
236 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
237
238 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
239
240 long plid = GetterUtil.getLong(primKey.substring(0, pos));
241
242 String portletId = primKey.substring(
243 pos + PortletConstants.LAYOUT_SEPARATOR.length());
244
245 PortletPermissionUtil.check(
246 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
247 }
248 else if (!permissionChecker.hasPermission(
249 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
250
251 AssetRendererFactory assetRendererFactory =
252 AssetRendererFactoryRegistryUtil.
253 getAssetRendererFactoryByClassName(name);
254
255 if (assetRendererFactory != null) {
256 try {
257 if (assetRendererFactory.hasPermission(
258 permissionChecker, GetterUtil.getLong(primKey),
259 ActionKeys.PERMISSIONS)) {
260
261 return;
262 }
263 }
264 catch (Exception e) {
265 }
266 }
267
268 long ownerId = 0;
269
270 if (resourceBlockLocalService.isSupported(name)) {
271 PermissionedModel permissionedModel =
272 resourceBlockLocalService.getPermissionedModel(
273 name, GetterUtil.getLong(primKey));
274
275 if (permissionedModel instanceof GroupedModel) {
276 GroupedModel groupedModel = (GroupedModel)permissionedModel;
277
278 ownerId = groupedModel.getUserId();
279 }
280 else if (permissionedModel instanceof AuditedModel) {
281 AuditedModel auditedModel = (AuditedModel)permissionedModel;
282
283 ownerId = auditedModel.getUserId();
284 }
285 }
286 else {
287 ResourcePermission resourcePermission =
288 resourcePermissionLocalService.getResourcePermission(
289 permissionChecker.getCompanyId(), name,
290 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
291 permissionChecker.getOwnerRoleId());
292
293 ownerId = resourcePermission.getOwnerId();
294 }
295
296 if (permissionChecker.hasOwnerPermission(
297 permissionChecker.getCompanyId(), name, primKey, ownerId,
298 ActionKeys.PERMISSIONS)) {
299
300 return;
301 }
302
303 Role role = null;
304
305 if (name.equals(Role.class.getName())) {
306 long roleId = GetterUtil.getLong(primKey);
307
308 role = rolePersistence.findByPrimaryKey(roleId);
309 }
310
311 if ((role != null) && role.isTeam()) {
312 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
313
314 TeamPermissionUtil.check(
315 permissionChecker, team.getTeamId(),
316 ActionKeys.PERMISSIONS);
317 }
318 else {
319 List<String> resourceActions =
320 ResourceActionsUtil.getResourceActions(name);
321
322 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
323 !permissionChecker.hasPermission(
324 groupId, name, primKey,
325 ActionKeys.DEFINE_PERMISSIONS)) {
326
327 throw new PrincipalException();
328 }
329 }
330 }
331 }
332
333 }