001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.AuditedModel;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.GroupedModel;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.PermissionedModel;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.ResourceConstants;
027    import com.liferay.portal.model.ResourcePermission;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.Team;
030    import com.liferay.portal.model.User;
031    import com.liferay.portal.security.auth.PrincipalException;
032    import com.liferay.portal.security.permission.ActionKeys;
033    import com.liferay.portal.security.permission.PermissionChecker;
034    import com.liferay.portal.security.permission.ResourceActionsUtil;
035    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036    import com.liferay.portal.service.permission.GroupPermissionUtil;
037    import com.liferay.portal.service.permission.LayoutPermissionUtil;
038    import com.liferay.portal.service.permission.PortletPermissionUtil;
039    import com.liferay.portal.service.permission.TeamPermissionUtil;
040    import com.liferay.portal.service.permission.UserPermissionUtil;
041    import com.liferay.portlet.blogs.model.BlogsEntry;
042    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
043    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
044    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
045    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
046    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
047    import com.liferay.portlet.calendar.model.CalEvent;
048    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
049    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
050    import com.liferay.portlet.documentlibrary.model.DLFolder;
051    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
052    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
053    import com.liferay.portlet.journal.model.JournalArticle;
054    import com.liferay.portlet.journal.model.JournalFeed;
055    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
056    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
057    import com.liferay.portlet.messageboards.model.MBCategory;
058    import com.liferay.portlet.messageboards.model.MBMessage;
059    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061    import com.liferay.portlet.polls.model.PollsQuestion;
062    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063    import com.liferay.portlet.shopping.model.ShoppingCategory;
064    import com.liferay.portlet.shopping.model.ShoppingItem;
065    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071    import com.liferay.portlet.wiki.model.WikiNode;
072    import com.liferay.portlet.wiki.model.WikiPage;
073    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075    
076    import java.util.List;
077    
078    /**
079     * The implementation of the permission remote service.
080     *
081     * @author Brian Wing Shun Chan
082     * @author Raymond Augé
083     */
084    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
085    
086            /**
087             * Checks to see if the group has permission to the service.
088             *
089             * @param  groupId the primary key of the group
090             * @param  name the service name
091             * @param  primKey the primary key of the service
092             * @throws PortalException if the group did not have permission to the
093             *         service, if a group with the primary key could not be found or if
094             *         the permission information was invalid
095             * @throws SystemException if a system exception occurred
096             */
097            public void checkPermission(long groupId, String name, long primKey)
098                    throws PortalException, SystemException {
099    
100                    checkPermission(
101                            getPermissionChecker(), groupId, name, String.valueOf(primKey));
102            }
103    
104            /**
105             * Checks to see if the group has permission to the service.
106             *
107             * @param  groupId the primary key of the group
108             * @param  name the service name
109             * @param  primKey the primary key of the service
110             * @throws PortalException if the group did not have permission to the
111             *         service, if a group with the primary key could not be found or if
112             *         the permission information was invalid
113             * @throws SystemException if a system exception occurred
114             */
115            public void checkPermission(long groupId, String name, String primKey)
116                    throws PortalException, SystemException {
117    
118                    checkPermission(getPermissionChecker(), groupId, name, primKey);
119            }
120    
121            protected void checkPermission(
122                            PermissionChecker permissionChecker, long groupId, String name,
123                            String primKey)
124                    throws PortalException, SystemException {
125    
126                    if (name.equals(BlogsEntry.class.getName())) {
127                            BlogsEntryPermission.check(
128                                    permissionChecker, GetterUtil.getLong(primKey),
129                                    ActionKeys.PERMISSIONS);
130                    }
131                    else if (name.equals(BookmarksEntry.class.getName())) {
132                            BookmarksEntryPermission.check(
133                                    permissionChecker, GetterUtil.getLong(primKey),
134                                    ActionKeys.PERMISSIONS);
135                    }
136                    else if (name.equals(BookmarksFolder.class.getName())) {
137                            BookmarksFolderPermission.check(
138                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
139                                    ActionKeys.PERMISSIONS);
140                    }
141                    else if (name.equals(CalEvent.class.getName())) {
142                            CalEventPermission.check(
143                                    permissionChecker, GetterUtil.getLong(primKey),
144                                    ActionKeys.PERMISSIONS);
145                    }
146                    else if (name.equals(DLFileEntry.class.getName())) {
147                            DLFileEntryPermission.check(
148                                    permissionChecker, GetterUtil.getLong(primKey),
149                                    ActionKeys.PERMISSIONS);
150                    }
151                    else if (name.equals(DLFolder.class.getName())) {
152                            DLFolderPermission.check(
153                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
154                                    ActionKeys.PERMISSIONS);
155                    }
156                    else if (name.equals(Group.class.getName())) {
157                            GroupPermissionUtil.check(
158                                    permissionChecker, GetterUtil.getLong(primKey),
159                                    ActionKeys.PERMISSIONS);
160                    }
161                    else if (name.equals(JournalArticle.class.getName())) {
162                            JournalArticlePermission.check(
163                                    permissionChecker, GetterUtil.getLong(primKey),
164                                    ActionKeys.PERMISSIONS);
165                    }
166                    else if (name.equals(JournalFeed.class.getName())) {
167                            JournalFeedPermission.check(
168                                    permissionChecker, GetterUtil.getLong(primKey),
169                                    ActionKeys.PERMISSIONS);
170                    }
171                    else if (name.equals(Layout.class.getName())) {
172                            LayoutPermissionUtil.check(
173                                    permissionChecker, GetterUtil.getLong(primKey),
174                                    ActionKeys.PERMISSIONS);
175                    }
176                    else if (name.equals(MBCategory.class.getName())) {
177                            MBCategoryPermission.check(
178                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
179                                    ActionKeys.PERMISSIONS);
180                    }
181                    else if (name.equals(MBMessage.class.getName())) {
182                            MBMessagePermission.check(
183                                    permissionChecker, GetterUtil.getLong(primKey),
184                                    ActionKeys.PERMISSIONS);
185                    }
186                    else if (name.equals(PollsQuestion.class.getName())) {
187                            PollsQuestionPermission.check(
188                                    permissionChecker, GetterUtil.getLong(primKey),
189                                    ActionKeys.PERMISSIONS);
190                    }
191                    else if (name.equals(SCFrameworkVersion.class.getName())) {
192                            SCFrameworkVersionPermission.check(
193                                    permissionChecker, GetterUtil.getLong(primKey),
194                                    ActionKeys.PERMISSIONS);
195                    }
196                    else if (name.equals(SCProductEntry.class.getName())) {
197                            SCProductEntryPermission.check(
198                                    permissionChecker, GetterUtil.getLong(primKey),
199                                    ActionKeys.PERMISSIONS);
200                    }
201                    else if (name.equals(ShoppingCategory.class.getName())) {
202                            ShoppingCategoryPermission.check(
203                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
204                                    ActionKeys.PERMISSIONS);
205                    }
206                    else if (name.equals(ShoppingItem.class.getName())) {
207                            ShoppingItemPermission.check(
208                                    permissionChecker, GetterUtil.getLong(primKey),
209                                    ActionKeys.PERMISSIONS);
210                    }
211                    else if (name.equals(Team.class.getName())) {
212                            long teamId = GetterUtil.getLong(primKey);
213    
214                            Team team = teamPersistence.findByPrimaryKey(teamId);
215    
216                            GroupPermissionUtil.check(
217                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
218                    }
219                    else if (name.equals(User.class.getName())) {
220                            long userId = GetterUtil.getLong(primKey);
221    
222                            User user = userPersistence.findByPrimaryKey(userId);
223    
224                            UserPermissionUtil.check(
225                                    permissionChecker, userId, user.getOrganizationIds(),
226                                    ActionKeys.PERMISSIONS);
227                    }
228                    else if (name.equals(WikiNode.class.getName())) {
229                            WikiNodePermission.check(
230                                    permissionChecker, GetterUtil.getLong(primKey),
231                                    ActionKeys.PERMISSIONS);
232                    }
233                    else if (name.equals(WikiPage.class.getName())) {
234                            WikiPagePermission.check(
235                                    permissionChecker, GetterUtil.getLong(primKey),
236                                    ActionKeys.PERMISSIONS);
237                    }
238                    else if ((primKey != null) &&
239                                     primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
240    
241                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
242    
243                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
244    
245                            String portletId = primKey.substring(
246                                    pos + PortletConstants.LAYOUT_SEPARATOR.length());
247    
248                            PortletPermissionUtil.check(
249                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
250                    }
251                    else if (!permissionChecker.hasPermission(
252                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
253    
254                            long ownerId = 0;
255    
256                            if (resourceBlockLocalService.isSupported(name)) {
257                                    PermissionedModel permissionedModel =
258                                            resourceBlockLocalService.getPermissionedModel(
259                                                    name, GetterUtil.getLong(primKey));
260    
261                                    if (permissionedModel instanceof GroupedModel) {
262                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
263    
264                                            ownerId = groupedModel.getUserId();
265                                    }
266                                    else if (permissionedModel instanceof AuditedModel) {
267                                            AuditedModel auditedModel = (AuditedModel)permissionedModel;
268    
269                                            ownerId = auditedModel.getUserId();
270                                    }
271                            }
272                            else {
273                                    ResourcePermission resourcePermission =
274                                            resourcePermissionLocalService.getResourcePermission(
275                                                    permissionChecker.getCompanyId(), name,
276                                                    ResourceConstants.SCOPE_INDIVIDUAL, primKey,
277                                                    permissionChecker.getOwnerRoleId());
278    
279                                    ownerId = resourcePermission.getOwnerId();
280                            }
281    
282                            if (permissionChecker.hasOwnerPermission(
283                                            permissionChecker.getCompanyId(), name, primKey, ownerId,
284                                            ActionKeys.PERMISSIONS)) {
285    
286                                    return;
287                            }
288    
289                            Role role = null;
290    
291                            if (name.equals(Role.class.getName())) {
292                                    long roleId = GetterUtil.getLong(primKey);
293    
294                                    role = rolePersistence.findByPrimaryKey(roleId);
295                            }
296    
297                            if ((role != null) && role.isTeam()) {
298                                    Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
299    
300                                    TeamPermissionUtil.check(
301                                            permissionChecker, team.getTeamId(),
302                                            ActionKeys.PERMISSIONS);
303                            }
304                            else {
305                                    List<String> resourceActions =
306                                            ResourceActionsUtil.getResourceActions(name);
307    
308                                    if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
309                                            !permissionChecker.hasPermission(
310                                                    groupId, name, primKey,
311                                                    ActionKeys.DEFINE_PERMISSIONS)) {
312    
313                                            throw new PrincipalException();
314                                    }
315                            }
316                    }
317            }
318    
319    }