001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026
027
031 public class GroupPermissionImpl implements GroupPermission {
032
033 public void check(
034 PermissionChecker permissionChecker, Group group, String actionId)
035 throws PortalException, SystemException {
036
037 if (!contains(permissionChecker, group, actionId)) {
038 throw new PrincipalException();
039 }
040 }
041
042 public void check(
043 PermissionChecker permissionChecker, long groupId, String actionId)
044 throws PortalException, SystemException {
045
046 if (!contains(permissionChecker, groupId, actionId)) {
047 throw new PrincipalException();
048 }
049 }
050
051 public void check(PermissionChecker permissionChecker, String actionId)
052 throws PortalException {
053
054 if (!contains(permissionChecker, actionId)) {
055 throw new PrincipalException();
056 }
057 }
058
059 public boolean contains(
060 PermissionChecker permissionChecker, Group group, String actionId)
061 throws PortalException, SystemException {
062
063 long groupId = group.getGroupId();
064
065 if (group.isStagingGroup()) {
066 group = group.getLiveGroup();
067 }
068
069 if (group.isUser()) {
070
071
072
073
074
075
076 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
077
078 if ((permissionChecker.getUserId() != user.getUserId()) &&
079 UserPermissionUtil.contains(
080 permissionChecker, user.getUserId(),
081 user.getOrganizationIds(), ActionKeys.UPDATE)) {
082
083 return true;
084 }
085 }
086
087 if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
088 permissionChecker.hasPermission(
089 groupId, Group.class.getName(), groupId,
090 ActionKeys.MANAGE_LAYOUTS)) {
091
092 return true;
093 }
094 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
095 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
096 permissionChecker.hasPermission(
097 groupId, Group.class.getName(), groupId,
098 ActionKeys.PUBLISH_STAGING)) {
099
100 return true;
101 }
102 else if (actionId.equals(ActionKeys.VIEW) &&
103 permissionChecker.hasPermission(
104 groupId, Group.class.getName(), groupId,
105 ActionKeys.ASSIGN_USER_ROLES)) {
106
107 return true;
108 }
109 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
110 (permissionChecker.hasPermission(
111 groupId, Group.class.getName(), groupId,
112 ActionKeys.MANAGE_LAYOUTS) ||
113 permissionChecker.hasPermission(
114 groupId, Group.class.getName(), groupId,
115 ActionKeys.MANAGE_STAGING) ||
116 permissionChecker.hasPermission(
117 groupId, Group.class.getName(), groupId,
118 ActionKeys.PUBLISH_STAGING) ||
119 permissionChecker.hasPermission(
120 groupId, Group.class.getName(), groupId,
121 ActionKeys.UPDATE))) {
122
123 return true;
124 }
125
126
127
128 if (permissionChecker.hasPermission(
129 groupId, Group.class.getName(), groupId, actionId)) {
130
131 return true;
132 }
133
134 while (!group.isRoot()) {
135 if (contains(
136 permissionChecker, group.getParentGroupId(),
137 ActionKeys.MANAGE_SUBGROUPS)) {
138
139 return true;
140 }
141
142 group = group.getParentGroup();
143 }
144
145 return false;
146 }
147
148 public boolean contains(
149 PermissionChecker permissionChecker, long groupId, String actionId)
150 throws PortalException, SystemException {
151
152 if (groupId > 0) {
153 Group group = GroupLocalServiceUtil.getGroup(groupId);
154
155 return contains(permissionChecker, group, actionId);
156 }
157 else {
158 return false;
159 }
160 }
161
162 public boolean contains(
163 PermissionChecker permissionChecker, String actionId) {
164
165 return permissionChecker.hasPermission(
166 0, Group.class.getName(), 0, actionId);
167 }
168
169 }