001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.AuditedModel;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.GroupedModel;
023 import com.liferay.portal.model.Layout;
024 import com.liferay.portal.model.PermissionedModel;
025 import com.liferay.portal.model.PortletConstants;
026 import com.liferay.portal.model.ResourceConstants;
027 import com.liferay.portal.model.ResourcePermission;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.Team;
030 import com.liferay.portal.model.User;
031 import com.liferay.portal.security.auth.PrincipalException;
032 import com.liferay.portal.security.permission.ActionKeys;
033 import com.liferay.portal.security.permission.PermissionChecker;
034 import com.liferay.portal.security.permission.ResourceActionsUtil;
035 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036 import com.liferay.portal.service.permission.GroupPermissionUtil;
037 import com.liferay.portal.service.permission.LayoutPermissionUtil;
038 import com.liferay.portal.service.permission.PortletPermissionUtil;
039 import com.liferay.portal.service.permission.TeamPermissionUtil;
040 import com.liferay.portal.service.permission.UserPermissionUtil;
041 import com.liferay.portlet.blogs.model.BlogsEntry;
042 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
043 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
044 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
045 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
046 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
047 import com.liferay.portlet.calendar.model.CalEvent;
048 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
049 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
050 import com.liferay.portlet.documentlibrary.model.DLFolder;
051 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
052 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
053 import com.liferay.portlet.journal.model.JournalArticle;
054 import com.liferay.portlet.journal.model.JournalFeed;
055 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
056 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
057 import com.liferay.portlet.messageboards.model.MBCategory;
058 import com.liferay.portlet.messageboards.model.MBMessage;
059 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061 import com.liferay.portlet.polls.model.PollsQuestion;
062 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063 import com.liferay.portlet.shopping.model.ShoppingCategory;
064 import com.liferay.portlet.shopping.model.ShoppingItem;
065 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071 import com.liferay.portlet.wiki.model.WikiNode;
072 import com.liferay.portlet.wiki.model.WikiPage;
073 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075
076 import java.util.List;
077
078
084 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
085
086
097 public void checkPermission(long groupId, String name, long primKey)
098 throws PortalException, SystemException {
099
100 checkPermission(
101 getPermissionChecker(), groupId, name, String.valueOf(primKey));
102 }
103
104
115 public void checkPermission(long groupId, String name, String primKey)
116 throws PortalException, SystemException {
117
118 checkPermission(getPermissionChecker(), groupId, name, primKey);
119 }
120
121 protected void checkPermission(
122 PermissionChecker permissionChecker, long groupId, String name,
123 String primKey)
124 throws PortalException, SystemException {
125
126 if (name.equals(BlogsEntry.class.getName())) {
127 BlogsEntryPermission.check(
128 permissionChecker, GetterUtil.getLong(primKey),
129 ActionKeys.PERMISSIONS);
130 }
131 else if (name.equals(BookmarksEntry.class.getName())) {
132 BookmarksEntryPermission.check(
133 permissionChecker, GetterUtil.getLong(primKey),
134 ActionKeys.PERMISSIONS);
135 }
136 else if (name.equals(BookmarksFolder.class.getName())) {
137 BookmarksFolderPermission.check(
138 permissionChecker, groupId, GetterUtil.getLong(primKey),
139 ActionKeys.PERMISSIONS);
140 }
141 else if (name.equals(CalEvent.class.getName())) {
142 CalEventPermission.check(
143 permissionChecker, GetterUtil.getLong(primKey),
144 ActionKeys.PERMISSIONS);
145 }
146 else if (name.equals(DLFileEntry.class.getName())) {
147 DLFileEntryPermission.check(
148 permissionChecker, GetterUtil.getLong(primKey),
149 ActionKeys.PERMISSIONS);
150 }
151 else if (name.equals(DLFolder.class.getName())) {
152 DLFolderPermission.check(
153 permissionChecker, groupId, GetterUtil.getLong(primKey),
154 ActionKeys.PERMISSIONS);
155 }
156 else if (name.equals(Group.class.getName())) {
157 GroupPermissionUtil.check(
158 permissionChecker, GetterUtil.getLong(primKey),
159 ActionKeys.PERMISSIONS);
160 }
161 else if (name.equals(JournalArticle.class.getName())) {
162 JournalArticlePermission.check(
163 permissionChecker, GetterUtil.getLong(primKey),
164 ActionKeys.PERMISSIONS);
165 }
166 else if (name.equals(JournalFeed.class.getName())) {
167 JournalFeedPermission.check(
168 permissionChecker, GetterUtil.getLong(primKey),
169 ActionKeys.PERMISSIONS);
170 }
171 else if (name.equals(Layout.class.getName())) {
172 LayoutPermissionUtil.check(
173 permissionChecker, GetterUtil.getLong(primKey),
174 ActionKeys.PERMISSIONS);
175 }
176 else if (name.equals(MBCategory.class.getName())) {
177 MBCategoryPermission.check(
178 permissionChecker, groupId, GetterUtil.getLong(primKey),
179 ActionKeys.PERMISSIONS);
180 }
181 else if (name.equals(MBMessage.class.getName())) {
182 MBMessagePermission.check(
183 permissionChecker, GetterUtil.getLong(primKey),
184 ActionKeys.PERMISSIONS);
185 }
186 else if (name.equals(PollsQuestion.class.getName())) {
187 PollsQuestionPermission.check(
188 permissionChecker, GetterUtil.getLong(primKey),
189 ActionKeys.PERMISSIONS);
190 }
191 else if (name.equals(SCFrameworkVersion.class.getName())) {
192 SCFrameworkVersionPermission.check(
193 permissionChecker, GetterUtil.getLong(primKey),
194 ActionKeys.PERMISSIONS);
195 }
196 else if (name.equals(SCProductEntry.class.getName())) {
197 SCProductEntryPermission.check(
198 permissionChecker, GetterUtil.getLong(primKey),
199 ActionKeys.PERMISSIONS);
200 }
201 else if (name.equals(ShoppingCategory.class.getName())) {
202 ShoppingCategoryPermission.check(
203 permissionChecker, groupId, GetterUtil.getLong(primKey),
204 ActionKeys.PERMISSIONS);
205 }
206 else if (name.equals(ShoppingItem.class.getName())) {
207 ShoppingItemPermission.check(
208 permissionChecker, GetterUtil.getLong(primKey),
209 ActionKeys.PERMISSIONS);
210 }
211 else if (name.equals(Team.class.getName())) {
212 long teamId = GetterUtil.getLong(primKey);
213
214 Team team = teamPersistence.findByPrimaryKey(teamId);
215
216 GroupPermissionUtil.check(
217 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
218 }
219 else if (name.equals(User.class.getName())) {
220 long userId = GetterUtil.getLong(primKey);
221
222 User user = userPersistence.findByPrimaryKey(userId);
223
224 UserPermissionUtil.check(
225 permissionChecker, userId, user.getOrganizationIds(),
226 ActionKeys.PERMISSIONS);
227 }
228 else if (name.equals(WikiNode.class.getName())) {
229 WikiNodePermission.check(
230 permissionChecker, GetterUtil.getLong(primKey),
231 ActionKeys.PERMISSIONS);
232 }
233 else if (name.equals(WikiPage.class.getName())) {
234 WikiPagePermission.check(
235 permissionChecker, GetterUtil.getLong(primKey),
236 ActionKeys.PERMISSIONS);
237 }
238 else if ((primKey != null) &&
239 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
240
241 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
242
243 long plid = GetterUtil.getLong(primKey.substring(0, pos));
244
245 String portletId = primKey.substring(
246 pos + PortletConstants.LAYOUT_SEPARATOR.length());
247
248 PortletPermissionUtil.check(
249 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
250 }
251 else if (!permissionChecker.hasPermission(
252 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
253
254 long ownerId = 0;
255
256 if (resourceBlockLocalService.isSupported(name)) {
257 PermissionedModel permissionedModel =
258 resourceBlockLocalService.getPermissionedModel(
259 name, GetterUtil.getLong(primKey));
260
261 if (permissionedModel instanceof GroupedModel) {
262 GroupedModel groupedModel = (GroupedModel)permissionedModel;
263
264 ownerId = groupedModel.getUserId();
265 }
266 else if (permissionedModel instanceof AuditedModel) {
267 AuditedModel auditedModel = (AuditedModel)permissionedModel;
268
269 ownerId = auditedModel.getUserId();
270 }
271 }
272 else {
273 ResourcePermission resourcePermission =
274 resourcePermissionLocalService.getResourcePermission(
275 permissionChecker.getCompanyId(), name,
276 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
277 permissionChecker.getOwnerRoleId());
278
279 ownerId = resourcePermission.getOwnerId();
280 }
281
282 if (permissionChecker.hasOwnerPermission(
283 permissionChecker.getCompanyId(), name, primKey, ownerId,
284 ActionKeys.PERMISSIONS)) {
285
286 return;
287 }
288
289 Role role = null;
290
291 if (name.equals(Role.class.getName())) {
292 long roleId = GetterUtil.getLong(primKey);
293
294 role = rolePersistence.findByPrimaryKey(roleId);
295 }
296
297 if ((role != null) && role.isTeam()) {
298 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
299
300 TeamPermissionUtil.check(
301 permissionChecker, team.getTeamId(),
302 ActionKeys.PERMISSIONS);
303 }
304 else {
305 List<String> resourceActions =
306 ResourceActionsUtil.getResourceActions(name);
307
308 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
309 !permissionChecker.hasPermission(
310 groupId, name, primKey,
311 ActionKeys.DEFINE_PERMISSIONS)) {
312
313 throw new PrincipalException();
314 }
315 }
316 }
317 }
318
319 }