001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026
027
031 public class GroupPermissionImpl implements GroupPermission {
032
033 public void check(
034 PermissionChecker permissionChecker, Group group, String actionId)
035 throws PortalException, SystemException {
036
037 if (!contains(permissionChecker, group, actionId)) {
038 throw new PrincipalException();
039 }
040 }
041
042 public void check(
043 PermissionChecker permissionChecker, long groupId, String actionId)
044 throws PortalException, SystemException {
045
046 if (!contains(permissionChecker, groupId, actionId)) {
047 throw new PrincipalException();
048 }
049 }
050
051 public boolean contains(
052 PermissionChecker permissionChecker, Group group, String actionId)
053 throws PortalException, SystemException {
054
055 long groupId = group.getGroupId();
056
057 if (group.isStagingGroup()) {
058 group = group.getLiveGroup();
059 }
060
061 if (group.isUser()) {
062
063
064
065
066
067
068 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
069
070 if ((permissionChecker.getUserId() != user.getUserId()) &&
071 UserPermissionUtil.contains(
072 permissionChecker, user.getUserId(),
073 user.getOrganizationIds(), ActionKeys.UPDATE)) {
074
075 return true;
076 }
077 }
078
079 if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
080 permissionChecker.hasPermission(
081 groupId, Group.class.getName(), groupId,
082 ActionKeys.MANAGE_LAYOUTS)) {
083
084 return true;
085 }
086 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
087 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
088 permissionChecker.hasPermission(
089 groupId, Group.class.getName(), groupId,
090 ActionKeys.PUBLISH_STAGING)) {
091
092 return true;
093 }
094 else if (actionId.equals(ActionKeys.VIEW) &&
095 permissionChecker.hasPermission(
096 groupId, Group.class.getName(), groupId,
097 ActionKeys.ASSIGN_USER_ROLES)) {
098
099 return true;
100 }
101 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
102 (permissionChecker.hasPermission(
103 groupId, Group.class.getName(), groupId,
104 ActionKeys.MANAGE_LAYOUTS) ||
105 permissionChecker.hasPermission(
106 groupId, Group.class.getName(), groupId,
107 ActionKeys.MANAGE_STAGING) ||
108 permissionChecker.hasPermission(
109 groupId, Group.class.getName(), groupId,
110 ActionKeys.PUBLISH_STAGING) ||
111 permissionChecker.hasPermission(
112 groupId, Group.class.getName(), groupId,
113 ActionKeys.UPDATE))) {
114
115 return true;
116 }
117
118
119
120 if (permissionChecker.hasPermission(
121 groupId, Group.class.getName(), groupId, actionId)) {
122
123 return true;
124 }
125
126 while (!group.isRoot()) {
127 if (contains(
128 permissionChecker, group.getParentGroupId(),
129 ActionKeys.MANAGE_SUBGROUPS)) {
130
131 return true;
132 }
133
134 group = group.getParentGroup();
135 }
136
137 return false;
138 }
139
140 public boolean contains(
141 PermissionChecker permissionChecker, long groupId, String actionId)
142 throws PortalException, SystemException {
143
144 if (groupId > 0) {
145 Group group = GroupLocalServiceUtil.getGroup(groupId);
146
147 return contains(permissionChecker, group, actionId);
148 }
149 else {
150 return false;
151 }
152 }
153
154 }