001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.auth;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Organization;
021    import com.liferay.portal.model.Role;
022    import com.liferay.portal.model.RoleConstants;
023    import com.liferay.portal.model.User;
024    import com.liferay.portal.model.UserGroup;
025    import com.liferay.portal.security.permission.PermissionChecker;
026    import com.liferay.portal.service.OrganizationLocalServiceUtil;
027    import com.liferay.portal.service.RoleLocalServiceUtil;
028    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029    
030    import java.util.Collections;
031    import java.util.Set;
032    
033    /**
034     * @author Sergio González
035     */
036    public class DefaultMembershipPolicy implements MembershipPolicy {
037    
038            public Set<Group> getForbiddenGroups(User user) {
039                    return Collections.emptySet();
040            }
041    
042            public Set<Organization> getForbiddenOrganizations(User user) {
043                    return Collections.emptySet();
044            }
045    
046            public Set<Role> getForbiddenRoles(Group group, User user) {
047                    return Collections.emptySet();
048            }
049    
050            public Set<Role> getForbiddenRoles(Organization organization, User user) {
051                    return Collections.emptySet();
052            }
053    
054            public Set<Role> getForbiddenRoles(User user) {
055                    return Collections.emptySet();
056            }
057    
058            public Set<UserGroup> getForbiddenUserGroups(User user) {
059                    return Collections.emptySet();
060            }
061    
062            public Set<Group> getMandatoryGroups(User user) {
063                    return Collections.emptySet();
064            }
065    
066            public Set<Organization> getMandatoryOrganizations(User user) {
067                    return Collections.emptySet();
068            }
069    
070            public Set<Role> getMandatoryRoles(Group group, User user) {
071                    return Collections.emptySet();
072            }
073    
074            public Set<Role> getMandatoryRoles(Organization organization, User user) {
075                    return Collections.emptySet();
076            }
077    
078            public Set<Role> getMandatoryRoles(User user) {
079                    return Collections.emptySet();
080            }
081    
082            public Set<UserGroup> getMandatoryUserGroups(User user) {
083                    return Collections.emptySet();
084            }
085    
086            public boolean isApplicableUser(User user) {
087                    return false;
088            }
089    
090            public boolean isMembershipAllowed(Group group, Role role, User user) {
091                    return true;
092            }
093    
094            public boolean isMembershipAllowed(Group group, User user) {
095                    return true;
096            }
097    
098            public boolean isMembershipAllowed(
099                    Organization organization, Role role, User user) {
100    
101                    return true;
102            }
103    
104            public boolean isMembershipAllowed(Organization organization, User user) {
105                    return true;
106            }
107    
108            public boolean isMembershipAllowed(Role role, User user) {
109                    return true;
110            }
111    
112            public boolean isMembershipAllowed(UserGroup userGroup, User user) {
113                    return true;
114            }
115    
116            public boolean isMembershipProtected(
117                            PermissionChecker permissionChecker, Group group, Role role,
118                            User user)
119                    throws PortalException, SystemException {
120    
121                    if (group.isOrganization()) {
122                            Organization organization =
123                                    OrganizationLocalServiceUtil.getOrganization(
124                                            group.getClassPK());
125    
126                            return isMembershipProtected(
127                                    permissionChecker, organization, role, user);
128                    }
129    
130                    if (permissionChecker.isGroupOwner(group.getGroupId())) {
131                            return false;
132                    }
133    
134                    String roleName = role.getName();
135    
136                    if (!roleName.equals(RoleConstants.SITE_ADMINISTRATOR) &&
137                            !roleName.equals(RoleConstants.SITE_OWNER)) {
138    
139                            return false;
140                    }
141    
142                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
143                                    user.getUserId(), group.getGroupId(), role.getRoleId())) {
144    
145                            return true;
146                    }
147    
148                    return false;
149            }
150    
151            public boolean isMembershipProtected(
152                            PermissionChecker permissionChecker, Group group, User user)
153                    throws PortalException, SystemException {
154    
155                    if (group.isOrganization()) {
156                            Organization organization =
157                                    OrganizationLocalServiceUtil.getOrganization(
158                                            group.getClassPK());
159    
160                            return isMembershipProtected(permissionChecker, organization, user);
161                    }
162    
163                    if (permissionChecker.isGroupOwner(group.getGroupId())) {
164                            return false;
165                    }
166    
167                    Role siteAdministratorRole = RoleLocalServiceUtil.getRole(
168                            permissionChecker.getCompanyId(), RoleConstants.SITE_ADMINISTRATOR);
169    
170                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
171                                    user.getUserId(), group.getGroupId(),
172                                    siteAdministratorRole.getRoleId())) {
173    
174                            return true;
175                    }
176    
177                    Role siteOwnerRole = RoleLocalServiceUtil.getRole(
178                            permissionChecker.getCompanyId(), RoleConstants.SITE_OWNER);
179    
180                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
181                                    user.getUserId(), group.getGroupId(),
182                                    siteOwnerRole.getRoleId())) {
183    
184                            return true;
185                    }
186    
187                    return false;
188            }
189    
190            public boolean isMembershipProtected(
191                            PermissionChecker permissionChecker, Organization organization,
192                            Role role, User user)
193                    throws SystemException {
194    
195                    Group group = organization.getGroup();
196    
197                    if (permissionChecker.isOrganizationOwner(group.getOrganizationId())) {
198                            return false;
199                    }
200    
201                    String roleName = role.getName();
202    
203                    if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
204                            !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
205    
206                            return false;
207                    }
208    
209                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
210                                    user.getUserId(), group.getGroupId(), role.getRoleId())) {
211    
212                            return true;
213                    }
214    
215                    return false;
216            }
217    
218            public boolean isMembershipProtected(
219                            PermissionChecker permissionChecker, Organization organization,
220                            User user)
221                    throws PortalException, SystemException {
222    
223                    Group group = organization.getGroup();
224    
225                    if (permissionChecker.isOrganizationOwner(group.getOrganizationId())) {
226                            return false;
227                    }
228    
229                    Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
230                            permissionChecker.getCompanyId(),
231                            RoleConstants.ORGANIZATION_ADMINISTRATOR);
232    
233                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
234                                    user.getUserId(), group.getGroupId(),
235                                    organizationAdministratorRole.getRoleId())) {
236    
237                            return true;
238                    }
239    
240                    Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
241                            permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
242    
243                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
244                                    user.getUserId(), group.getGroupId(),
245                                    organizationOwnerRole.getRoleId())) {
246    
247                            return true;
248                    }
249    
250                    return false;
251            }
252    
253    }