001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026
027
031 public class GroupPermissionImpl implements GroupPermission {
032
033 @Override
034 public void check(
035 PermissionChecker permissionChecker, Group group, String actionId)
036 throws PortalException, SystemException {
037
038 if (!contains(permissionChecker, group, actionId)) {
039 throw new PrincipalException();
040 }
041 }
042
043 @Override
044 public void check(
045 PermissionChecker permissionChecker, long groupId, String actionId)
046 throws PortalException, SystemException {
047
048 if (!contains(permissionChecker, groupId, actionId)) {
049 throw new PrincipalException();
050 }
051 }
052
053 @Override
054 public void check(PermissionChecker permissionChecker, String actionId)
055 throws PortalException {
056
057 if (!contains(permissionChecker, actionId)) {
058 throw new PrincipalException();
059 }
060 }
061
062 @Override
063 public boolean contains(
064 PermissionChecker permissionChecker, Group group, String actionId)
065 throws PortalException, SystemException {
066
067 long groupId = group.getGroupId();
068
069 if (group.isStagingGroup()) {
070 group = group.getLiveGroup();
071 }
072
073 if (group.isUser()) {
074
075
076
077
078
079
080 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
081
082 if ((permissionChecker.getUserId() != user.getUserId()) &&
083 UserPermissionUtil.contains(
084 permissionChecker, user.getUserId(),
085 user.getOrganizationIds(), ActionKeys.UPDATE)) {
086
087 return true;
088 }
089 }
090
091 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
092 permissionChecker.hasPermission(
093 groupId, Group.class.getName(), groupId,
094 ActionKeys.MANAGE_SUBGROUPS) ||
095 PortalPermissionUtil.contains(
096 permissionChecker, ActionKeys.ADD_COMMUNITY)) {
097
098 return true;
099 }
100 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
101 !group.isLayoutPrototype() &&
102 permissionChecker.hasPermission(
103 groupId, Group.class.getName(), groupId,
104 ActionKeys.MANAGE_LAYOUTS)) {
105
106 return true;
107 }
108 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
109 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
110 permissionChecker.hasPermission(
111 groupId, Group.class.getName(), groupId,
112 ActionKeys.PUBLISH_STAGING)) {
113
114 return true;
115 }
116 else if (actionId.equals(ActionKeys.VIEW) &&
117 (permissionChecker.hasPermission(
118 groupId, Group.class.getName(), groupId,
119 ActionKeys.ASSIGN_USER_ROLES) ||
120 permissionChecker.hasPermission(
121 groupId, Group.class.getName(), groupId,
122 ActionKeys.MANAGE_LAYOUTS))) {
123
124 return true;
125 }
126 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
127 (permissionChecker.hasPermission(
128 groupId, Group.class.getName(), groupId,
129 ActionKeys.MANAGE_LAYOUTS) ||
130 permissionChecker.hasPermission(
131 groupId, Group.class.getName(), groupId,
132 ActionKeys.MANAGE_STAGING) ||
133 permissionChecker.hasPermission(
134 groupId, Group.class.getName(), groupId,
135 ActionKeys.PUBLISH_STAGING) ||
136 permissionChecker.hasPermission(
137 groupId, Group.class.getName(), groupId,
138 ActionKeys.UPDATE))) {
139
140 return true;
141 }
142
143
144
145 if (permissionChecker.hasPermission(
146 groupId, Group.class.getName(), groupId, actionId)) {
147
148 return true;
149 }
150
151 while (!group.isRoot()) {
152 if (contains(
153 permissionChecker, group.getParentGroupId(),
154 ActionKeys.MANAGE_SUBGROUPS)) {
155
156 return true;
157 }
158
159 group = group.getParentGroup();
160 }
161
162 return false;
163 }
164
165 @Override
166 public boolean contains(
167 PermissionChecker permissionChecker, long groupId, String actionId)
168 throws PortalException, SystemException {
169
170 if (groupId > 0) {
171 Group group = GroupLocalServiceUtil.getGroup(groupId);
172
173 return contains(permissionChecker, group, actionId);
174 }
175 else {
176 return false;
177 }
178 }
179
180 @Override
181 public boolean contains(
182 PermissionChecker permissionChecker, String actionId) {
183
184 return permissionChecker.hasPermission(
185 0, Group.class.getName(), 0, actionId);
186 }
187
188 }