001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026
027
031 public class GroupPermissionImpl implements GroupPermission {
032
033 @Override
034 public void check(
035 PermissionChecker permissionChecker, Group group, String actionId)
036 throws PortalException, SystemException {
037
038 if (!contains(permissionChecker, group, actionId)) {
039 throw new PrincipalException();
040 }
041 }
042
043 @Override
044 public void check(
045 PermissionChecker permissionChecker, long groupId, String actionId)
046 throws PortalException, SystemException {
047
048 if (!contains(permissionChecker, groupId, actionId)) {
049 throw new PrincipalException();
050 }
051 }
052
053 @Override
054 public void check(PermissionChecker permissionChecker, String actionId)
055 throws PortalException {
056
057 if (!contains(permissionChecker, actionId)) {
058 throw new PrincipalException();
059 }
060 }
061
062 @Override
063 public boolean contains(
064 PermissionChecker permissionChecker, Group group, String actionId)
065 throws PortalException, SystemException {
066
067 long groupId = group.getGroupId();
068
069 if (group.isStagingGroup()) {
070 group = group.getLiveGroup();
071 }
072
073 if (group.isUser()) {
074
075
076
077
078
079
080 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
081
082 if ((permissionChecker.getUserId() != user.getUserId()) &&
083 UserPermissionUtil.contains(
084 permissionChecker, user.getUserId(),
085 user.getOrganizationIds(), ActionKeys.UPDATE)) {
086
087 return true;
088 }
089 }
090
091 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
092 permissionChecker.hasPermission(
093 groupId, Group.class.getName(), groupId,
094 ActionKeys.MANAGE_SUBGROUPS) ||
095 PortalPermissionUtil.contains(
096 permissionChecker, ActionKeys.ADD_COMMUNITY)) {
097
098 return true;
099 }
100 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
101 permissionChecker.hasPermission(
102 groupId, Group.class.getName(), groupId,
103 ActionKeys.MANAGE_LAYOUTS)) {
104
105 return true;
106 }
107 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
108 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
109 permissionChecker.hasPermission(
110 groupId, Group.class.getName(), groupId,
111 ActionKeys.PUBLISH_STAGING)) {
112
113 return true;
114 }
115 else if (actionId.equals(ActionKeys.VIEW) &&
116 (permissionChecker.hasPermission(
117 groupId, Group.class.getName(), groupId,
118 ActionKeys.ASSIGN_USER_ROLES) ||
119 permissionChecker.hasPermission(
120 groupId, Group.class.getName(), groupId,
121 ActionKeys.MANAGE_LAYOUTS))) {
122
123 return true;
124 }
125 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
126 (permissionChecker.hasPermission(
127 groupId, Group.class.getName(), groupId,
128 ActionKeys.MANAGE_LAYOUTS) ||
129 permissionChecker.hasPermission(
130 groupId, Group.class.getName(), groupId,
131 ActionKeys.MANAGE_STAGING) ||
132 permissionChecker.hasPermission(
133 groupId, Group.class.getName(), groupId,
134 ActionKeys.PUBLISH_STAGING) ||
135 permissionChecker.hasPermission(
136 groupId, Group.class.getName(), groupId,
137 ActionKeys.UPDATE))) {
138
139 return true;
140 }
141
142
143
144 if (permissionChecker.hasPermission(
145 groupId, Group.class.getName(), groupId, actionId)) {
146
147 return true;
148 }
149
150 while (!group.isRoot()) {
151 if (contains(
152 permissionChecker, group.getParentGroupId(),
153 ActionKeys.MANAGE_SUBGROUPS)) {
154
155 return true;
156 }
157
158 group = group.getParentGroup();
159 }
160
161 return false;
162 }
163
164 @Override
165 public boolean contains(
166 PermissionChecker permissionChecker, long groupId, String actionId)
167 throws PortalException, SystemException {
168
169 if (groupId > 0) {
170 Group group = GroupLocalServiceUtil.getGroup(groupId);
171
172 return contains(permissionChecker, group, actionId);
173 }
174 else {
175 return false;
176 }
177 }
178
179 @Override
180 public boolean contains(
181 PermissionChecker permissionChecker, String actionId) {
182
183 return permissionChecker.hasPermission(
184 0, Group.class.getName(), 0, actionId);
185 }
186
187 }