001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.Contact;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.ResourceConstants;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.security.auth.PrincipalException;
026 import com.liferay.portal.security.permission.ActionKeys;
027 import com.liferay.portal.security.permission.PermissionChecker;
028 import com.liferay.portal.service.OrganizationLocalServiceUtil;
029 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030 import com.liferay.portal.service.UserLocalServiceUtil;
031 import com.liferay.portal.util.PortalUtil;
032
033
037 public class UserPermissionImpl implements UserPermission {
038
039
043 public void check(
044 PermissionChecker permissionChecker, long userId,
045 long organizationId, long locationId, String actionId)
046 throws PrincipalException {
047
048 check(
049 permissionChecker, userId, new long[] {organizationId, locationId},
050 actionId);
051 }
052
053 public void check(
054 PermissionChecker permissionChecker, long userId,
055 long[] organizationIds, String actionId)
056 throws PrincipalException {
057
058 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
059 throw new PrincipalException();
060 }
061 }
062
063 public void check(
064 PermissionChecker permissionChecker, long userId, String actionId)
065 throws PrincipalException {
066
067 if (!contains(permissionChecker, userId, actionId)) {
068 throw new PrincipalException();
069 }
070 }
071
072
076 public boolean contains(
077 PermissionChecker permissionChecker, long userId, long organizationId,
078 long locationId, String actionId) {
079
080 return contains(
081 permissionChecker, userId, new long[] {organizationId, locationId},
082 actionId);
083 }
084
085 public boolean contains(
086 PermissionChecker permissionChecker, long userId,
087 long[] organizationIds, String actionId) {
088
089 if ((actionId.equals(ActionKeys.DELETE) ||
090 actionId.equals(ActionKeys.IMPERSONATE) ||
091 actionId.equals(ActionKeys.PERMISSIONS) ||
092 actionId.equals(ActionKeys.UPDATE)) &&
093 PortalUtil.isOmniadmin(userId) &&
094 !permissionChecker.isOmniadmin()) {
095
096 return false;
097 }
098
099 try {
100 User user = null;
101
102 if (userId != ResourceConstants.PRIMKEY_DNE) {
103 user = UserLocalServiceUtil.getUserById(userId);
104
105 Contact contact = user.getContact();
106
107 if (permissionChecker.hasOwnerPermission(
108 permissionChecker.getCompanyId(), User.class.getName(),
109 userId, contact.getUserId(), actionId) ||
110 (permissionChecker.getUserId() == userId)) {
111
112 return true;
113 }
114 }
115
116 if (permissionChecker.hasPermission(
117 0, User.class.getName(), userId, actionId)) {
118
119 return true;
120 }
121
122 if (user == null) {
123 return false;
124 }
125
126 if (organizationIds == null) {
127 organizationIds = user.getOrganizationIds();
128 }
129
130 for (long organizationId : organizationIds) {
131 if (OrganizationPermissionUtil.contains(
132 permissionChecker, organizationId,
133 ActionKeys.MANAGE_USERS)) {
134
135 if (permissionChecker.getUserId() == user.getUserId()) {
136 return true;
137 }
138
139 Organization organization =
140 OrganizationLocalServiceUtil.getOrganization(
141 organizationId);
142
143 Group organizationGroup = organization.getGroup();
144
145
146
147
148
149 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
150 user.getUserId(), organizationGroup.getGroupId(),
151 RoleConstants.ORGANIZATION_OWNER, true)) {
152
153 continue;
154 }
155 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
156 user.getUserId(),
157 organizationGroup.getGroupId(),
158 RoleConstants.ORGANIZATION_ADMINISTRATOR,
159 true) &&
160 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
161 permissionChecker.getUserId(),
162 organizationGroup.getGroupId(),
163 RoleConstants.ORGANIZATION_OWNER, true)) {
164
165 continue;
166 }
167
168 return true;
169 }
170 }
171 }
172 catch (Exception e) {
173 _log.error(e, e);
174 }
175
176 return false;
177 }
178
179 public boolean contains(
180 PermissionChecker permissionChecker, long userId, String actionId) {
181
182 return contains(permissionChecker, userId, null, actionId);
183 }
184
185 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
186
187 }