001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.AuditedModel;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.GroupedModel;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.PermissionedModel;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.ResourceConstants;
027    import com.liferay.portal.model.ResourcePermission;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.Team;
030    import com.liferay.portal.model.User;
031    import com.liferay.portal.security.auth.PrincipalException;
032    import com.liferay.portal.security.permission.ActionKeys;
033    import com.liferay.portal.security.permission.PermissionChecker;
034    import com.liferay.portal.security.permission.ResourceActionsUtil;
035    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036    import com.liferay.portal.service.permission.GroupPermissionUtil;
037    import com.liferay.portal.service.permission.LayoutPermissionUtil;
038    import com.liferay.portal.service.permission.PortletPermissionUtil;
039    import com.liferay.portal.service.permission.TeamPermissionUtil;
040    import com.liferay.portal.service.permission.UserPermissionUtil;
041    import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
042    import com.liferay.portlet.asset.model.AssetRendererFactory;
043    import com.liferay.portlet.blogs.model.BlogsEntry;
044    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
045    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
046    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
047    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
048    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
049    import com.liferay.portlet.calendar.model.CalEvent;
050    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
051    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
052    import com.liferay.portlet.documentlibrary.model.DLFolder;
053    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
054    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
055    import com.liferay.portlet.journal.model.JournalArticle;
056    import com.liferay.portlet.journal.model.JournalFeed;
057    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
058    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
059    import com.liferay.portlet.messageboards.model.MBCategory;
060    import com.liferay.portlet.messageboards.model.MBMessage;
061    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
062    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
063    import com.liferay.portlet.polls.model.PollsQuestion;
064    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
065    import com.liferay.portlet.shopping.model.ShoppingCategory;
066    import com.liferay.portlet.shopping.model.ShoppingItem;
067    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
068    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
069    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
070    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
071    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
072    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
073    import com.liferay.portlet.wiki.model.WikiNode;
074    import com.liferay.portlet.wiki.model.WikiPage;
075    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
076    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
077    
078    import java.util.List;
079    
080    /**
081     * Provides the remote service for checking permissions.
082     *
083     * @author Brian Wing Shun Chan
084     * @author Raymond Augé
085     */
086    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
087    
088            /**
089             * Checks to see if the group has permission to the service.
090             *
091             * @param  groupId the primary key of the group
092             * @param  name the service name
093             * @param  primKey the primary key of the service
094             * @throws PortalException if the group did not have permission to the
095             *         service, if a group with the primary key could not be found or if
096             *         the permission information was invalid
097             * @throws SystemException if a system exception occurred
098             */
099            public void checkPermission(long groupId, String name, long primKey)
100                    throws PortalException, SystemException {
101    
102                    checkPermission(
103                            getPermissionChecker(), groupId, name, String.valueOf(primKey));
104            }
105    
106            /**
107             * Checks to see if the group has permission to the service.
108             *
109             * @param  groupId the primary key of the group
110             * @param  name the service name
111             * @param  primKey the primary key of the service
112             * @throws PortalException if the group did not have permission to the
113             *         service, if a group with the primary key could not be found or if
114             *         the permission information was invalid
115             * @throws SystemException if a system exception occurred
116             */
117            public void checkPermission(long groupId, String name, String primKey)
118                    throws PortalException, SystemException {
119    
120                    checkPermission(getPermissionChecker(), groupId, name, primKey);
121            }
122    
123            protected void checkPermission(
124                            PermissionChecker permissionChecker, long groupId, String name,
125                            String primKey)
126                    throws PortalException, SystemException {
127    
128                    if (name.equals(BlogsEntry.class.getName())) {
129                            BlogsEntryPermission.check(
130                                    permissionChecker, GetterUtil.getLong(primKey),
131                                    ActionKeys.PERMISSIONS);
132                    }
133                    else if (name.equals(BookmarksEntry.class.getName())) {
134                            BookmarksEntryPermission.check(
135                                    permissionChecker, GetterUtil.getLong(primKey),
136                                    ActionKeys.PERMISSIONS);
137                    }
138                    else if (name.equals(BookmarksFolder.class.getName())) {
139                            BookmarksFolderPermission.check(
140                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
141                                    ActionKeys.PERMISSIONS);
142                    }
143                    else if (name.equals(CalEvent.class.getName())) {
144                            CalEventPermission.check(
145                                    permissionChecker, GetterUtil.getLong(primKey),
146                                    ActionKeys.PERMISSIONS);
147                    }
148                    else if (name.equals(DLFileEntry.class.getName())) {
149                            DLFileEntryPermission.check(
150                                    permissionChecker, GetterUtil.getLong(primKey),
151                                    ActionKeys.PERMISSIONS);
152                    }
153                    else if (name.equals(DLFolder.class.getName())) {
154                            DLFolderPermission.check(
155                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
156                                    ActionKeys.PERMISSIONS);
157                    }
158                    else if (name.equals(Group.class.getName())) {
159                            GroupPermissionUtil.check(
160                                    permissionChecker, GetterUtil.getLong(primKey),
161                                    ActionKeys.PERMISSIONS);
162                    }
163                    else if (name.equals(JournalArticle.class.getName())) {
164                            JournalArticlePermission.check(
165                                    permissionChecker, GetterUtil.getLong(primKey),
166                                    ActionKeys.PERMISSIONS);
167                    }
168                    else if (name.equals(JournalFeed.class.getName())) {
169                            JournalFeedPermission.check(
170                                    permissionChecker, GetterUtil.getLong(primKey),
171                                    ActionKeys.PERMISSIONS);
172                    }
173                    else if (name.equals(Layout.class.getName())) {
174                            LayoutPermissionUtil.check(
175                                    permissionChecker, GetterUtil.getLong(primKey),
176                                    ActionKeys.PERMISSIONS);
177                    }
178                    else if (name.equals(MBCategory.class.getName())) {
179                            MBCategoryPermission.check(
180                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
181                                    ActionKeys.PERMISSIONS);
182                    }
183                    else if (name.equals(MBMessage.class.getName())) {
184                            MBMessagePermission.check(
185                                    permissionChecker, GetterUtil.getLong(primKey),
186                                    ActionKeys.PERMISSIONS);
187                    }
188                    else if (name.equals(PollsQuestion.class.getName())) {
189                            PollsQuestionPermission.check(
190                                    permissionChecker, GetterUtil.getLong(primKey),
191                                    ActionKeys.PERMISSIONS);
192                    }
193                    else if (name.equals(SCFrameworkVersion.class.getName())) {
194                            SCFrameworkVersionPermission.check(
195                                    permissionChecker, GetterUtil.getLong(primKey),
196                                    ActionKeys.PERMISSIONS);
197                    }
198                    else if (name.equals(SCProductEntry.class.getName())) {
199                            SCProductEntryPermission.check(
200                                    permissionChecker, GetterUtil.getLong(primKey),
201                                    ActionKeys.PERMISSIONS);
202                    }
203                    else if (name.equals(ShoppingCategory.class.getName())) {
204                            ShoppingCategoryPermission.check(
205                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
206                                    ActionKeys.PERMISSIONS);
207                    }
208                    else if (name.equals(ShoppingItem.class.getName())) {
209                            ShoppingItemPermission.check(
210                                    permissionChecker, GetterUtil.getLong(primKey),
211                                    ActionKeys.PERMISSIONS);
212                    }
213                    else if (name.equals(Team.class.getName())) {
214                            long teamId = GetterUtil.getLong(primKey);
215    
216                            Team team = teamPersistence.findByPrimaryKey(teamId);
217    
218                            GroupPermissionUtil.check(
219                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
220                    }
221                    else if (name.equals(User.class.getName())) {
222                            long userId = GetterUtil.getLong(primKey);
223    
224                            User user = userPersistence.findByPrimaryKey(userId);
225    
226                            UserPermissionUtil.check(
227                                    permissionChecker, userId, user.getOrganizationIds(),
228                                    ActionKeys.PERMISSIONS);
229                    }
230                    else if (name.equals(WikiNode.class.getName())) {
231                            WikiNodePermission.check(
232                                    permissionChecker, GetterUtil.getLong(primKey),
233                                    ActionKeys.PERMISSIONS);
234                    }
235                    else if (name.equals(WikiPage.class.getName())) {
236                            WikiPagePermission.check(
237                                    permissionChecker, GetterUtil.getLong(primKey),
238                                    ActionKeys.PERMISSIONS);
239                    }
240                    else if ((primKey != null) &&
241                                     primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
242    
243                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
244    
245                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
246    
247                            String portletId = primKey.substring(
248                                    pos + PortletConstants.LAYOUT_SEPARATOR.length());
249    
250                            PortletPermissionUtil.check(
251                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
252                    }
253                    else if (!permissionChecker.hasPermission(
254                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
255    
256                            AssetRendererFactory assetRendererFactory =
257                                    AssetRendererFactoryRegistryUtil.
258                                            getAssetRendererFactoryByClassName(name);
259    
260                            if (assetRendererFactory != null) {
261                                    try {
262                                            if (assetRendererFactory.hasPermission(
263                                                            permissionChecker, GetterUtil.getLong(primKey),
264                                                            ActionKeys.PERMISSIONS)) {
265    
266                                                    return;
267                                            }
268                                    }
269                                    catch (Exception e) {
270                                    }
271                            }
272    
273                            long ownerId = 0;
274    
275                            if (resourceBlockLocalService.isSupported(name)) {
276                                    PermissionedModel permissionedModel =
277                                            resourceBlockLocalService.getPermissionedModel(
278                                                    name, GetterUtil.getLong(primKey));
279    
280                                    if (permissionedModel instanceof GroupedModel) {
281                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
282    
283                                            ownerId = groupedModel.getUserId();
284                                    }
285                                    else if (permissionedModel instanceof AuditedModel) {
286                                            AuditedModel auditedModel = (AuditedModel)permissionedModel;
287    
288                                            ownerId = auditedModel.getUserId();
289                                    }
290                            }
291                            else {
292                                    ResourcePermission resourcePermission =
293                                            resourcePermissionLocalService.getResourcePermission(
294                                                    permissionChecker.getCompanyId(), name,
295                                                    ResourceConstants.SCOPE_INDIVIDUAL, primKey,
296                                                    permissionChecker.getOwnerRoleId());
297    
298                                    ownerId = resourcePermission.getOwnerId();
299                            }
300    
301                            if (permissionChecker.hasOwnerPermission(
302                                            permissionChecker.getCompanyId(), name, primKey, ownerId,
303                                            ActionKeys.PERMISSIONS)) {
304    
305                                    return;
306                            }
307    
308                            Role role = null;
309    
310                            if (name.equals(Role.class.getName())) {
311                                    long roleId = GetterUtil.getLong(primKey);
312    
313                                    role = rolePersistence.findByPrimaryKey(roleId);
314                            }
315    
316                            if ((role != null) && role.isTeam()) {
317                                    Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
318    
319                                    TeamPermissionUtil.check(
320                                            permissionChecker, team.getTeamId(),
321                                            ActionKeys.PERMISSIONS);
322                            }
323                            else {
324                                    List<String> resourceActions =
325                                            ResourceActionsUtil.getResourceActions(name);
326    
327                                    if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
328                                            !permissionChecker.hasPermission(
329                                                    groupId, name, primKey,
330                                                    ActionKeys.DEFINE_PERMISSIONS)) {
331    
332                                            throw new PrincipalException();
333                                    }
334                            }
335                    }
336            }
337    
338    }