001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.AuditedModel;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.GroupedModel;
023 import com.liferay.portal.model.Layout;
024 import com.liferay.portal.model.PermissionedModel;
025 import com.liferay.portal.model.PortletConstants;
026 import com.liferay.portal.model.ResourceConstants;
027 import com.liferay.portal.model.ResourcePermission;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.Team;
030 import com.liferay.portal.model.User;
031 import com.liferay.portal.security.auth.PrincipalException;
032 import com.liferay.portal.security.permission.ActionKeys;
033 import com.liferay.portal.security.permission.PermissionChecker;
034 import com.liferay.portal.security.permission.ResourceActionsUtil;
035 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036 import com.liferay.portal.service.permission.GroupPermissionUtil;
037 import com.liferay.portal.service.permission.LayoutPermissionUtil;
038 import com.liferay.portal.service.permission.PortletPermissionUtil;
039 import com.liferay.portal.service.permission.TeamPermissionUtil;
040 import com.liferay.portal.service.permission.UserPermissionUtil;
041 import com.liferay.portlet.blogs.model.BlogsEntry;
042 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
043 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
044 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
045 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
046 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
047 import com.liferay.portlet.calendar.model.CalEvent;
048 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
049 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
050 import com.liferay.portlet.documentlibrary.model.DLFolder;
051 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
052 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
053 import com.liferay.portlet.journal.model.JournalArticle;
054 import com.liferay.portlet.journal.model.JournalFeed;
055 import com.liferay.portlet.journal.model.JournalStructure;
056 import com.liferay.portlet.journal.model.JournalTemplate;
057 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
058 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
059 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
060 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
061 import com.liferay.portlet.messageboards.model.MBCategory;
062 import com.liferay.portlet.messageboards.model.MBMessage;
063 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
064 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
065 import com.liferay.portlet.polls.model.PollsQuestion;
066 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
067 import com.liferay.portlet.shopping.model.ShoppingCategory;
068 import com.liferay.portlet.shopping.model.ShoppingItem;
069 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
070 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
071 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
072 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
073 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
074 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
075 import com.liferay.portlet.wiki.model.WikiNode;
076 import com.liferay.portlet.wiki.model.WikiPage;
077 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
078 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
079
080 import java.util.List;
081
082
088 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
089
090
101 public void checkPermission(long groupId, String name, long primKey)
102 throws PortalException, SystemException {
103
104 checkPermission(
105 getPermissionChecker(), groupId, name, String.valueOf(primKey));
106 }
107
108
119 public void checkPermission(long groupId, String name, String primKey)
120 throws PortalException, SystemException {
121
122 checkPermission(getPermissionChecker(), groupId, name, primKey);
123 }
124
125 protected void checkPermission(
126 PermissionChecker permissionChecker, long groupId, String name,
127 String primKey)
128 throws PortalException, SystemException {
129
130 if (name.equals(BlogsEntry.class.getName())) {
131 BlogsEntryPermission.check(
132 permissionChecker, GetterUtil.getLong(primKey),
133 ActionKeys.PERMISSIONS);
134 }
135 else if (name.equals(BookmarksEntry.class.getName())) {
136 BookmarksEntryPermission.check(
137 permissionChecker, GetterUtil.getLong(primKey),
138 ActionKeys.PERMISSIONS);
139 }
140 else if (name.equals(BookmarksFolder.class.getName())) {
141 BookmarksFolderPermission.check(
142 permissionChecker, groupId, GetterUtil.getLong(primKey),
143 ActionKeys.PERMISSIONS);
144 }
145 else if (name.equals(CalEvent.class.getName())) {
146 CalEventPermission.check(
147 permissionChecker, GetterUtil.getLong(primKey),
148 ActionKeys.PERMISSIONS);
149 }
150 else if (name.equals(DLFileEntry.class.getName())) {
151 DLFileEntryPermission.check(
152 permissionChecker, GetterUtil.getLong(primKey),
153 ActionKeys.PERMISSIONS);
154 }
155 else if (name.equals(DLFolder.class.getName())) {
156 DLFolderPermission.check(
157 permissionChecker, groupId, GetterUtil.getLong(primKey),
158 ActionKeys.PERMISSIONS);
159 }
160 else if (name.equals(Group.class.getName())) {
161 GroupPermissionUtil.check(
162 permissionChecker, GetterUtil.getLong(primKey),
163 ActionKeys.PERMISSIONS);
164 }
165 else if (name.equals(JournalArticle.class.getName())) {
166 JournalArticlePermission.check(
167 permissionChecker, GetterUtil.getLong(primKey),
168 ActionKeys.PERMISSIONS);
169 }
170 else if (name.equals(JournalFeed.class.getName())) {
171 JournalFeedPermission.check(
172 permissionChecker, GetterUtil.getLong(primKey),
173 ActionKeys.PERMISSIONS);
174 }
175 else if (name.equals(JournalStructure.class.getName())) {
176 JournalStructurePermission.check(
177 permissionChecker, GetterUtil.getLong(primKey),
178 ActionKeys.PERMISSIONS);
179 }
180 else if (name.equals(JournalTemplate.class.getName())) {
181 JournalTemplatePermission.check(
182 permissionChecker, GetterUtil.getLong(primKey),
183 ActionKeys.PERMISSIONS);
184 }
185 else if (name.equals(Layout.class.getName())) {
186 LayoutPermissionUtil.check(
187 permissionChecker, GetterUtil.getLong(primKey),
188 ActionKeys.PERMISSIONS);
189 }
190 else if (name.equals(MBCategory.class.getName())) {
191 MBCategoryPermission.check(
192 permissionChecker, groupId, GetterUtil.getLong(primKey),
193 ActionKeys.PERMISSIONS);
194 }
195 else if (name.equals(MBMessage.class.getName())) {
196 MBMessagePermission.check(
197 permissionChecker, GetterUtil.getLong(primKey),
198 ActionKeys.PERMISSIONS);
199 }
200 else if (name.equals(PollsQuestion.class.getName())) {
201 PollsQuestionPermission.check(
202 permissionChecker, GetterUtil.getLong(primKey),
203 ActionKeys.PERMISSIONS);
204 }
205 else if (name.equals(SCFrameworkVersion.class.getName())) {
206 SCFrameworkVersionPermission.check(
207 permissionChecker, GetterUtil.getLong(primKey),
208 ActionKeys.PERMISSIONS);
209 }
210 else if (name.equals(SCProductEntry.class.getName())) {
211 SCProductEntryPermission.check(
212 permissionChecker, GetterUtil.getLong(primKey),
213 ActionKeys.PERMISSIONS);
214 }
215 else if (name.equals(ShoppingCategory.class.getName())) {
216 ShoppingCategoryPermission.check(
217 permissionChecker, groupId, GetterUtil.getLong(primKey),
218 ActionKeys.PERMISSIONS);
219 }
220 else if (name.equals(ShoppingItem.class.getName())) {
221 ShoppingItemPermission.check(
222 permissionChecker, GetterUtil.getLong(primKey),
223 ActionKeys.PERMISSIONS);
224 }
225 else if (name.equals(Team.class.getName())) {
226 long teamId = GetterUtil.getLong(primKey);
227
228 Team team = teamPersistence.findByPrimaryKey(teamId);
229
230 GroupPermissionUtil.check(
231 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
232 }
233 else if (name.equals(User.class.getName())) {
234 long userId = GetterUtil.getLong(primKey);
235
236 User user = userPersistence.findByPrimaryKey(userId);
237
238 UserPermissionUtil.check(
239 permissionChecker, userId, user.getOrganizationIds(),
240 ActionKeys.PERMISSIONS);
241 }
242 else if (name.equals(WikiNode.class.getName())) {
243 WikiNodePermission.check(
244 permissionChecker, GetterUtil.getLong(primKey),
245 ActionKeys.PERMISSIONS);
246 }
247 else if (name.equals(WikiPage.class.getName())) {
248 WikiPagePermission.check(
249 permissionChecker, GetterUtil.getLong(primKey),
250 ActionKeys.PERMISSIONS);
251 }
252 else if ((primKey != null) &&
253 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
254
255 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
256
257 long plid = GetterUtil.getLong(primKey.substring(0, pos));
258
259 String portletId = primKey.substring(
260 pos + PortletConstants.LAYOUT_SEPARATOR.length());
261
262 PortletPermissionUtil.check(
263 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
264 }
265 else if (!permissionChecker.hasPermission(
266 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
267
268 long ownerId = 0;
269
270 if (resourceBlockLocalService.isSupported(name)) {
271 PermissionedModel permissionedModel =
272 resourceBlockLocalService.getPermissionedModel(
273 name, GetterUtil.getLong(primKey));
274
275 if (permissionedModel instanceof GroupedModel) {
276 GroupedModel groupedModel = (GroupedModel)permissionedModel;
277
278 ownerId = groupedModel.getUserId();
279 }
280 else if (permissionedModel instanceof AuditedModel) {
281 AuditedModel auditedModel = (AuditedModel)permissionedModel;
282
283 ownerId = auditedModel.getUserId();
284 }
285 }
286 else {
287 ResourcePermission resourcePermission =
288 resourcePermissionLocalService.getResourcePermission(
289 permissionChecker.getCompanyId(), name,
290 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
291 permissionChecker.getOwnerRoleId());
292
293 ownerId = resourcePermission.getOwnerId();
294 }
295
296 if (permissionChecker.hasOwnerPermission(
297 permissionChecker.getCompanyId(), name, primKey, ownerId,
298 ActionKeys.PERMISSIONS)) {
299
300 return;
301 }
302
303 Role role = null;
304
305 if (name.equals(Role.class.getName())) {
306 long roleId = GetterUtil.getLong(primKey);
307
308 role = rolePersistence.findByPrimaryKey(roleId);
309 }
310
311 if ((role != null) && role.isTeam()) {
312 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
313
314 TeamPermissionUtil.check(
315 permissionChecker, team.getTeamId(),
316 ActionKeys.PERMISSIONS);
317 }
318 else {
319 List<String> resourceActions =
320 ResourceActionsUtil.getResourceActions(name);
321
322 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
323 !permissionChecker.hasPermission(
324 groupId, name, primKey,
325 ActionKeys.DEFINE_PERMISSIONS)) {
326
327 throw new PrincipalException();
328 }
329 }
330 }
331 }
332
333 }