001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.OrganizationConstants;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.service.OrganizationLocalServiceUtil;
025 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
026 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
027 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
028
029 import java.util.Arrays;
030 import java.util.HashMap;
031 import java.util.List;
032 import java.util.Map;
033
034
037 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
038
039 public PermissionCheckerBagImpl() {
040 }
041
042 public PermissionCheckerBagImpl(
043 long userId, List<Group> userGroups, List<Organization> userOrgs,
044 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
045 List<Group> groups, List<Role> roles) {
046
047 _userId = userId;
048 _userGroups = userGroups;
049 _userOrgs = userOrgs;
050 _userOrgGroups = userOrgGroups;
051 _userUserGroupGroups = userUserGroupGroups;
052 _groups = groups;
053 _roles = roles;
054 }
055
056 public List<Group> getGroups() {
057 return _groups;
058 }
059
060 public long[] getRoleIds() {
061 if (_roleIds == null) {
062 List<Role> roles = getRoles();
063
064 long[] roleIds = new long[roles.size()];
065
066 for (int i = 0; i < roles.size(); i++) {
067 Role role = roles.get(i);
068
069 roleIds[i] = role.getRoleId();
070 }
071
072 Arrays.sort(roleIds);
073
074 _roleIds = roleIds;
075 }
076
077 return _roleIds;
078 }
079
080 public List<Role> getRoles() {
081 return _roles;
082 }
083
084 public List<Group> getUserGroups() {
085 return _userGroups;
086 }
087
088 public List<Group> getUserOrgGroups() {
089 return _userOrgGroups;
090 }
091
092 public List<Organization> getUserOrgs() {
093 return _userOrgs;
094 }
095
096 public List<Group> getUserUserGroupGroups() {
097 return _userUserGroupGroups;
098 }
099
100
104 public boolean isCommunityAdmin(
105 PermissionChecker permissionChecker, Group group)
106 throws Exception {
107
108 return isGroupAdmin(permissionChecker, group);
109 }
110
111
115 public boolean isCommunityOwner(
116 PermissionChecker permissionChecker, Group group)
117 throws Exception {
118
119 return isGroupOwner(permissionChecker, group);
120 }
121
122 public boolean isGroupAdmin(
123 PermissionChecker permissionChecker, Group group)
124 throws Exception {
125
126 Boolean value = _groupAdmins.get(group.getGroupId());
127
128 if (value == null) {
129 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
130
131 _groupAdmins.put(group.getGroupId(), value);
132 }
133
134 return value.booleanValue();
135 }
136
137 public boolean isGroupMember(
138 PermissionChecker permissionChecker, Group group)
139 throws Exception {
140
141 for (Role role : _roles) {
142 String name = role.getName();
143
144 if (name.equals(RoleConstants.SITE_MEMBER)) {
145 return true;
146 }
147 }
148
149 if (_userGroups.contains(group)) {
150 return true;
151 }
152
153 return false;
154 }
155
156 public boolean isGroupOwner(
157 PermissionChecker permissionChecker, Group group)
158 throws Exception {
159
160 Boolean value = _groupOwners.get(group.getGroupId());
161
162 if (value == null) {
163 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
164
165 _groupOwners.put(group.getGroupId(), value);
166 }
167
168 return value.booleanValue();
169 }
170
171 public boolean isOrganizationAdmin(
172 PermissionChecker permissionChecker, Organization organization)
173 throws Exception {
174
175 Boolean value = _organizationAdmins.get(
176 organization.getOrganizationId());
177
178 if (value == null) {
179 value = Boolean.valueOf(
180 isOrganizationAdminImpl(permissionChecker, organization));
181
182 _organizationAdmins.put(organization.getOrganizationId(), value);
183 }
184
185 return value.booleanValue();
186 }
187
188 public boolean isOrganizationOwner(
189 PermissionChecker permissionChecker, Organization organization)
190 throws Exception {
191
192 Boolean value = _organizationOwners.get(
193 organization.getOrganizationId());
194
195 if (value == null) {
196 value = Boolean.valueOf(
197 isOrganizationOwnerImpl(permissionChecker, organization));
198
199 _organizationOwners.put(organization.getOrganizationId(), value);
200 }
201
202 return value.booleanValue();
203 }
204
205 protected boolean isGroupAdminImpl(
206 PermissionChecker permissionChecker, Group group)
207 throws PortalException, SystemException {
208
209 if (group.isSite()) {
210 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
211 _userId, group.getGroupId(),
212 RoleConstants.SITE_ADMINISTRATOR, true) ||
213 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
214 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
215 true)) {
216
217 return true;
218 }
219 }
220
221 if (group.isCompany()) {
222 if (permissionChecker.isCompanyAdmin()) {
223 return true;
224 }
225 else {
226 return false;
227 }
228 }
229 else if (group.isLayoutPrototype()) {
230 if (LayoutPrototypePermissionUtil.contains(
231 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
232
233 return true;
234 }
235 else {
236 return false;
237 }
238 }
239 else if (group.isLayoutSetPrototype()) {
240 if (LayoutSetPrototypePermissionUtil.contains(
241 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
242
243 return true;
244 }
245 else {
246 return false;
247 }
248 }
249 else if (group.isOrganization()) {
250 long organizationId = group.getOrganizationId();
251
252 while (organizationId !=
253 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
254
255 Organization organization =
256 OrganizationLocalServiceUtil.getOrganization(
257 organizationId);
258
259 Group organizationGroup = organization.getGroup();
260
261 long organizationGroupId = organizationGroup.getGroupId();
262
263 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
264 _userId, organizationGroupId,
265 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
266 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
267 _userId, organizationGroupId,
268 RoleConstants.ORGANIZATION_OWNER, true)) {
269
270 return true;
271 }
272
273 organizationId = organization.getParentOrganizationId();
274 }
275 }
276
277 return false;
278 }
279
280 protected boolean isGroupOwnerImpl(
281 PermissionChecker permissionChecker, Group group)
282 throws PortalException, SystemException {
283
284 if (group.isSite()) {
285 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
286 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
287 true)) {
288
289 return true;
290 }
291 }
292
293 if (group.isLayoutPrototype()) {
294 if (LayoutPrototypePermissionUtil.contains(
295 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
296
297 return true;
298 }
299 else {
300 return false;
301 }
302 }
303 else if (group.isLayoutSetPrototype()) {
304 if (LayoutSetPrototypePermissionUtil.contains(
305 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
306
307 return true;
308 }
309 else {
310 return false;
311 }
312 }
313 else if (group.isOrganization()) {
314 long organizationId = group.getOrganizationId();
315
316 while (organizationId !=
317 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
318
319 Organization organization =
320 OrganizationLocalServiceUtil.getOrganization(
321 organizationId);
322
323 Group organizationGroup = organization.getGroup();
324
325 long organizationGroupId = organizationGroup.getGroupId();
326
327 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
328 _userId, organizationGroupId,
329 RoleConstants.ORGANIZATION_OWNER, true)) {
330
331 return true;
332 }
333
334 organizationId = organization.getParentOrganizationId();
335 }
336 }
337 else if (group.isUser()) {
338 long userId = group.getClassPK();
339
340 if (userId == _userId) {
341 return true;
342 }
343 }
344
345 return false;
346 }
347
348 protected boolean isOrganizationAdminImpl(
349 PermissionChecker permissionChecker, Organization organization)
350 throws PortalException, SystemException {
351
352 while (organization != null) {
353 Group organizationGroup = organization.getGroup();
354
355 long organizationGroupId = organizationGroup.getGroupId();
356
357 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
358 _userId, organizationGroupId,
359 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
360 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
361 _userId, organizationGroupId,
362 RoleConstants.ORGANIZATION_OWNER, true)) {
363
364 return true;
365 }
366
367 organization = organization.getParentOrganization();
368 }
369
370 return false;
371 }
372
373 protected boolean isOrganizationOwnerImpl(
374 PermissionChecker permissionChecker, Organization organization)
375 throws PortalException, SystemException {
376
377 while (organization != null) {
378 Group organizationGroup = organization.getGroup();
379
380 long organizationGroupId = organizationGroup.getGroupId();
381
382 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
383 _userId, organizationGroupId,
384 RoleConstants.ORGANIZATION_OWNER, true)) {
385
386 return true;
387 }
388
389 organization = organization.getParentOrganization();
390 }
391
392 return false;
393 }
394
395 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
396 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
397 private List<Group> _groups;
398 private Map<Long, Boolean> _organizationAdmins =
399 new HashMap<Long, Boolean>();
400 private Map<Long, Boolean> _organizationOwners =
401 new HashMap<Long, Boolean>();
402 private long[] _roleIds;
403 private List<Role> _roles;
404 private List<Group> _userGroups;
405 private long _userId;
406 private List<Group> _userOrgGroups;
407 private List<Organization> _userOrgs;
408 private List<Group> _userUserGroupGroups;
409
410 }