001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.AuditedModel;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.GroupedModel;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.PermissionedModel;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.ResourceConstants;
027    import com.liferay.portal.model.ResourcePermission;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.Team;
030    import com.liferay.portal.model.User;
031    import com.liferay.portal.security.auth.PrincipalException;
032    import com.liferay.portal.security.permission.ActionKeys;
033    import com.liferay.portal.security.permission.PermissionChecker;
034    import com.liferay.portal.security.permission.ResourceActionsUtil;
035    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036    import com.liferay.portal.service.permission.GroupPermissionUtil;
037    import com.liferay.portal.service.permission.LayoutPermissionUtil;
038    import com.liferay.portal.service.permission.PortletPermissionUtil;
039    import com.liferay.portal.service.permission.TeamPermissionUtil;
040    import com.liferay.portal.service.permission.UserPermissionUtil;
041    import com.liferay.portlet.blogs.model.BlogsEntry;
042    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
043    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
044    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
045    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
046    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
047    import com.liferay.portlet.calendar.model.CalEvent;
048    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
049    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
050    import com.liferay.portlet.documentlibrary.model.DLFolder;
051    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
052    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
053    import com.liferay.portlet.journal.model.JournalArticle;
054    import com.liferay.portlet.journal.model.JournalFeed;
055    import com.liferay.portlet.journal.model.JournalStructure;
056    import com.liferay.portlet.journal.model.JournalTemplate;
057    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
058    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
059    import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
060    import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
061    import com.liferay.portlet.messageboards.model.MBCategory;
062    import com.liferay.portlet.messageboards.model.MBMessage;
063    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
064    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
065    import com.liferay.portlet.polls.model.PollsQuestion;
066    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
067    import com.liferay.portlet.shopping.model.ShoppingCategory;
068    import com.liferay.portlet.shopping.model.ShoppingItem;
069    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
070    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
071    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
072    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
073    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
074    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
075    import com.liferay.portlet.wiki.model.WikiNode;
076    import com.liferay.portlet.wiki.model.WikiPage;
077    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
078    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
079    
080    import java.util.List;
081    
082    /**
083     * The implementation of the permission remote service.
084     *
085     * @author Brian Wing Shun Chan
086     * @author Raymond Augé
087     */
088    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
089    
090            /**
091             * Checks to see if the group has permission to the service.
092             *
093             * @param  groupId the primary key of the group
094             * @param  name the service name
095             * @param  primKey the primary key of the service
096             * @throws PortalException if the group did not have permission to the
097             *         service, if a group with the primary key could not be found or if
098             *         the permission information was invalid
099             * @throws SystemException if a system exception occurred
100             */
101            public void checkPermission(long groupId, String name, long primKey)
102                    throws PortalException, SystemException {
103    
104                    checkPermission(
105                            getPermissionChecker(), groupId, name, String.valueOf(primKey));
106            }
107    
108            /**
109             * Checks to see if the group has permission to the service.
110             *
111             * @param  groupId the primary key of the group
112             * @param  name the service name
113             * @param  primKey the primary key of the service
114             * @throws PortalException if the group did not have permission to the
115             *         service, if a group with the primary key could not be found or if
116             *         the permission information was invalid
117             * @throws SystemException if a system exception occurred
118             */
119            public void checkPermission(long groupId, String name, String primKey)
120                    throws PortalException, SystemException {
121    
122                    checkPermission(getPermissionChecker(), groupId, name, primKey);
123            }
124    
125            protected void checkPermission(
126                            PermissionChecker permissionChecker, long groupId, String name,
127                            String primKey)
128                    throws PortalException, SystemException {
129    
130                    if (name.equals(BlogsEntry.class.getName())) {
131                            BlogsEntryPermission.check(
132                                    permissionChecker, GetterUtil.getLong(primKey),
133                                    ActionKeys.PERMISSIONS);
134                    }
135                    else if (name.equals(BookmarksEntry.class.getName())) {
136                            BookmarksEntryPermission.check(
137                                    permissionChecker, GetterUtil.getLong(primKey),
138                                    ActionKeys.PERMISSIONS);
139                    }
140                    else if (name.equals(BookmarksFolder.class.getName())) {
141                            BookmarksFolderPermission.check(
142                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
143                                    ActionKeys.PERMISSIONS);
144                    }
145                    else if (name.equals(CalEvent.class.getName())) {
146                            CalEventPermission.check(
147                                    permissionChecker, GetterUtil.getLong(primKey),
148                                    ActionKeys.PERMISSIONS);
149                    }
150                    else if (name.equals(DLFileEntry.class.getName())) {
151                            DLFileEntryPermission.check(
152                                    permissionChecker, GetterUtil.getLong(primKey),
153                                    ActionKeys.PERMISSIONS);
154                    }
155                    else if (name.equals(DLFolder.class.getName())) {
156                            DLFolderPermission.check(
157                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
158                                    ActionKeys.PERMISSIONS);
159                    }
160                    else if (name.equals(Group.class.getName())) {
161                            GroupPermissionUtil.check(
162                                    permissionChecker, GetterUtil.getLong(primKey),
163                                    ActionKeys.PERMISSIONS);
164                    }
165                    else if (name.equals(JournalArticle.class.getName())) {
166                            JournalArticlePermission.check(
167                                    permissionChecker, GetterUtil.getLong(primKey),
168                                    ActionKeys.PERMISSIONS);
169                    }
170                    else if (name.equals(JournalFeed.class.getName())) {
171                            JournalFeedPermission.check(
172                                    permissionChecker, GetterUtil.getLong(primKey),
173                                    ActionKeys.PERMISSIONS);
174                    }
175                    else if (name.equals(JournalStructure.class.getName())) {
176                            JournalStructurePermission.check(
177                                    permissionChecker, GetterUtil.getLong(primKey),
178                                    ActionKeys.PERMISSIONS);
179                    }
180                    else if (name.equals(JournalTemplate.class.getName())) {
181                            JournalTemplatePermission.check(
182                                    permissionChecker, GetterUtil.getLong(primKey),
183                                    ActionKeys.PERMISSIONS);
184                    }
185                    else if (name.equals(Layout.class.getName())) {
186                            LayoutPermissionUtil.check(
187                                    permissionChecker, GetterUtil.getLong(primKey),
188                                    ActionKeys.PERMISSIONS);
189                    }
190                    else if (name.equals(MBCategory.class.getName())) {
191                            MBCategoryPermission.check(
192                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
193                                    ActionKeys.PERMISSIONS);
194                    }
195                    else if (name.equals(MBMessage.class.getName())) {
196                            MBMessagePermission.check(
197                                    permissionChecker, GetterUtil.getLong(primKey),
198                                    ActionKeys.PERMISSIONS);
199                    }
200                    else if (name.equals(PollsQuestion.class.getName())) {
201                            PollsQuestionPermission.check(
202                                    permissionChecker, GetterUtil.getLong(primKey),
203                                    ActionKeys.PERMISSIONS);
204                    }
205                    else if (name.equals(SCFrameworkVersion.class.getName())) {
206                            SCFrameworkVersionPermission.check(
207                                    permissionChecker, GetterUtil.getLong(primKey),
208                                    ActionKeys.PERMISSIONS);
209                    }
210                    else if (name.equals(SCProductEntry.class.getName())) {
211                            SCProductEntryPermission.check(
212                                    permissionChecker, GetterUtil.getLong(primKey),
213                                    ActionKeys.PERMISSIONS);
214                    }
215                    else if (name.equals(ShoppingCategory.class.getName())) {
216                            ShoppingCategoryPermission.check(
217                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
218                                    ActionKeys.PERMISSIONS);
219                    }
220                    else if (name.equals(ShoppingItem.class.getName())) {
221                            ShoppingItemPermission.check(
222                                    permissionChecker, GetterUtil.getLong(primKey),
223                                    ActionKeys.PERMISSIONS);
224                    }
225                    else if (name.equals(Team.class.getName())) {
226                            long teamId = GetterUtil.getLong(primKey);
227    
228                            Team team = teamPersistence.findByPrimaryKey(teamId);
229    
230                            GroupPermissionUtil.check(
231                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
232                    }
233                    else if (name.equals(User.class.getName())) {
234                            long userId = GetterUtil.getLong(primKey);
235    
236                            User user = userPersistence.findByPrimaryKey(userId);
237    
238                            UserPermissionUtil.check(
239                                    permissionChecker, userId, user.getOrganizationIds(),
240                                    ActionKeys.PERMISSIONS);
241                    }
242                    else if (name.equals(WikiNode.class.getName())) {
243                            WikiNodePermission.check(
244                                    permissionChecker, GetterUtil.getLong(primKey),
245                                    ActionKeys.PERMISSIONS);
246                    }
247                    else if (name.equals(WikiPage.class.getName())) {
248                            WikiPagePermission.check(
249                                    permissionChecker, GetterUtil.getLong(primKey),
250                                    ActionKeys.PERMISSIONS);
251                    }
252                    else if ((primKey != null) &&
253                                     primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
254    
255                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
256    
257                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
258    
259                            String portletId = primKey.substring(
260                                    pos + PortletConstants.LAYOUT_SEPARATOR.length());
261    
262                            PortletPermissionUtil.check(
263                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
264                    }
265                    else if (!permissionChecker.hasPermission(
266                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
267    
268                            long ownerId = 0;
269    
270                            if (resourceBlockLocalService.isSupported(name)) {
271                                    PermissionedModel permissionedModel =
272                                            resourceBlockLocalService.getPermissionedModel(
273                                                    name, GetterUtil.getLong(primKey));
274    
275                                    if (permissionedModel instanceof GroupedModel) {
276                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
277    
278                                            ownerId = groupedModel.getUserId();
279                                    }
280                                    else if (permissionedModel instanceof AuditedModel) {
281                                            AuditedModel auditedModel = (AuditedModel)permissionedModel;
282    
283                                            ownerId = auditedModel.getUserId();
284                                    }
285                            }
286                            else {
287                                    ResourcePermission resourcePermission =
288                                            resourcePermissionLocalService.getResourcePermission(
289                                                    permissionChecker.getCompanyId(), name,
290                                                    ResourceConstants.SCOPE_INDIVIDUAL, primKey,
291                                                    permissionChecker.getOwnerRoleId());
292    
293                                    ownerId = resourcePermission.getOwnerId();
294                            }
295    
296                            if (permissionChecker.hasOwnerPermission(
297                                            permissionChecker.getCompanyId(), name, primKey, ownerId,
298                                            ActionKeys.PERMISSIONS)) {
299    
300                                    return;
301                            }
302    
303                            Role role = null;
304    
305                            if (name.equals(Role.class.getName())) {
306                                    long roleId = GetterUtil.getLong(primKey);
307    
308                                    role = rolePersistence.findByPrimaryKey(roleId);
309                            }
310    
311                            if ((role != null) && role.isTeam()) {
312                                    Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
313    
314                                    TeamPermissionUtil.check(
315                                            permissionChecker, team.getTeamId(),
316                                            ActionKeys.PERMISSIONS);
317                            }
318                            else {
319                                    List<String> resourceActions =
320                                            ResourceActionsUtil.getResourceActions(name);
321    
322                                    if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
323                                            !permissionChecker.hasPermission(
324                                                    groupId, name, primKey,
325                                                    ActionKeys.DEFINE_PERMISSIONS)) {
326    
327                                            throw new PrincipalException();
328                                    }
329                            }
330                    }
331            }
332    
333    }