001
014
015 package com.liferay.portal.security.auth;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.Role;
022 import com.liferay.portal.model.RoleConstants;
023 import com.liferay.portal.model.User;
024 import com.liferay.portal.model.UserGroup;
025 import com.liferay.portal.security.permission.PermissionChecker;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.RoleLocalServiceUtil;
028 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029
030 import java.util.Collections;
031 import java.util.Set;
032
033
036 public class DefaultMembershipPolicy implements MembershipPolicy {
037
038 public Set<Group> getForbiddenGroups(User user) {
039 return Collections.emptySet();
040 }
041
042 public Set<Organization> getForbiddenOrganizations(User user) {
043 return Collections.emptySet();
044 }
045
046 public Set<Role> getForbiddenRoles(Group group, User user) {
047 return Collections.emptySet();
048 }
049
050 public Set<Role> getForbiddenRoles(Organization organization, User user) {
051 return Collections.emptySet();
052 }
053
054 public Set<Role> getForbiddenRoles(User user) {
055 return Collections.emptySet();
056 }
057
058 public Set<UserGroup> getForbiddenUserGroups(User user) {
059 return Collections.emptySet();
060 }
061
062 public Set<Group> getMandatoryGroups(User user) {
063 return Collections.emptySet();
064 }
065
066 public Set<Organization> getMandatoryOrganizations(User user) {
067 return Collections.emptySet();
068 }
069
070 public Set<Role> getMandatoryRoles(Group group, User user) {
071 return Collections.emptySet();
072 }
073
074 public Set<Role> getMandatoryRoles(Organization organization, User user) {
075 return Collections.emptySet();
076 }
077
078 public Set<Role> getMandatoryRoles(User user) {
079 return Collections.emptySet();
080 }
081
082 public Set<UserGroup> getMandatoryUserGroups(User user) {
083 return Collections.emptySet();
084 }
085
086 public boolean isApplicableUser(User user) {
087 return false;
088 }
089
090 public boolean isMembershipAllowed(Group group, Role role, User user) {
091 return true;
092 }
093
094 public boolean isMembershipAllowed(Group group, User user) {
095 return true;
096 }
097
098 public boolean isMembershipAllowed(
099 Organization organization, Role role, User user) {
100
101 return true;
102 }
103
104 public boolean isMembershipAllowed(Organization organization, User user) {
105 return true;
106 }
107
108 public boolean isMembershipAllowed(Role role, User user) {
109 return true;
110 }
111
112 public boolean isMembershipAllowed(UserGroup userGroup, User user) {
113 return true;
114 }
115
116 public boolean isMembershipProtected(
117 PermissionChecker permissionChecker, Group group, Role role,
118 User user)
119 throws PortalException, SystemException {
120
121 if (group.isOrganization()) {
122 Organization organization =
123 OrganizationLocalServiceUtil.getOrganization(
124 group.getClassPK());
125
126 return isMembershipProtected(
127 permissionChecker, organization, role, user);
128 }
129
130 if (permissionChecker.isGroupOwner(group.getGroupId())) {
131 return false;
132 }
133
134 String roleName = role.getName();
135
136 if (!roleName.equals(RoleConstants.SITE_ADMINISTRATOR) &&
137 !roleName.equals(RoleConstants.SITE_OWNER)) {
138
139 return false;
140 }
141
142 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
143 user.getUserId(), group.getGroupId(), role.getRoleId())) {
144
145 return true;
146 }
147
148 return false;
149 }
150
151 public boolean isMembershipProtected(
152 PermissionChecker permissionChecker, Group group, User user)
153 throws PortalException, SystemException {
154
155 if (group.isOrganization()) {
156 Organization organization =
157 OrganizationLocalServiceUtil.getOrganization(
158 group.getClassPK());
159
160 return isMembershipProtected(permissionChecker, organization, user);
161 }
162
163 if (permissionChecker.isGroupOwner(group.getGroupId())) {
164 return false;
165 }
166
167 Role siteAdministratorRole = RoleLocalServiceUtil.getRole(
168 permissionChecker.getCompanyId(), RoleConstants.SITE_ADMINISTRATOR);
169
170 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
171 user.getUserId(), group.getGroupId(),
172 siteAdministratorRole.getRoleId())) {
173
174 return true;
175 }
176
177 Role siteOwnerRole = RoleLocalServiceUtil.getRole(
178 permissionChecker.getCompanyId(), RoleConstants.SITE_OWNER);
179
180 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
181 user.getUserId(), group.getGroupId(),
182 siteOwnerRole.getRoleId())) {
183
184 return true;
185 }
186
187 return false;
188 }
189
190 public boolean isMembershipProtected(
191 PermissionChecker permissionChecker, Organization organization,
192 Role role, User user)
193 throws SystemException {
194
195 Group group = organization.getGroup();
196
197 if (permissionChecker.isOrganizationOwner(group.getOrganizationId())) {
198 return false;
199 }
200
201 String roleName = role.getName();
202
203 if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
204 !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
205
206 return false;
207 }
208
209 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
210 user.getUserId(), group.getGroupId(), role.getRoleId())) {
211
212 return true;
213 }
214
215 return false;
216 }
217
218 public boolean isMembershipProtected(
219 PermissionChecker permissionChecker, Organization organization,
220 User user)
221 throws PortalException, SystemException {
222
223 Group group = organization.getGroup();
224
225 if (permissionChecker.isOrganizationOwner(group.getOrganizationId())) {
226 return false;
227 }
228
229 Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
230 permissionChecker.getCompanyId(),
231 RoleConstants.ORGANIZATION_ADMINISTRATOR);
232
233 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
234 user.getUserId(), group.getGroupId(),
235 organizationAdministratorRole.getRoleId())) {
236
237 return true;
238 }
239
240 Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
241 permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
242
243 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
244 user.getUserId(), group.getGroupId(),
245 organizationOwnerRole.getRoleId())) {
246
247 return true;
248 }
249
250 return false;
251 }
252
253 }