001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026
027
031 public class GroupPermissionImpl implements GroupPermission {
032
033 public void check(
034 PermissionChecker permissionChecker, Group group, String actionId)
035 throws PortalException, SystemException {
036
037 if (!contains(permissionChecker, group, actionId)) {
038 throw new PrincipalException();
039 }
040 }
041
042 public void check(
043 PermissionChecker permissionChecker, long groupId, String actionId)
044 throws PortalException, SystemException {
045
046 if (!contains(permissionChecker, groupId, actionId)) {
047 throw new PrincipalException();
048 }
049 }
050
051 public void check(PermissionChecker permissionChecker, String actionId)
052 throws PortalException {
053
054 if (!contains(permissionChecker, actionId)) {
055 throw new PrincipalException();
056 }
057 }
058
059 public boolean contains(
060 PermissionChecker permissionChecker, Group group, String actionId)
061 throws PortalException, SystemException {
062
063 long groupId = group.getGroupId();
064
065 if (group.isStagingGroup()) {
066 group = group.getLiveGroup();
067 }
068
069 if (group.isUser()) {
070
071
072
073
074
075
076 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
077
078 if ((permissionChecker.getUserId() != user.getUserId()) &&
079 UserPermissionUtil.contains(
080 permissionChecker, user.getUserId(),
081 user.getOrganizationIds(), ActionKeys.UPDATE)) {
082
083 return true;
084 }
085 }
086
087 if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
088 permissionChecker.hasPermission(
089 groupId, Group.class.getName(), groupId,
090 ActionKeys.MANAGE_LAYOUTS)) {
091
092 return true;
093 }
094 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
095 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
096 permissionChecker.hasPermission(
097 groupId, Group.class.getName(), groupId,
098 ActionKeys.PUBLISH_STAGING)) {
099
100 return true;
101 }
102 else if (actionId.equals(ActionKeys.VIEW) &&
103 (permissionChecker.hasPermission(
104 groupId, Group.class.getName(), groupId,
105 ActionKeys.ASSIGN_USER_ROLES) ||
106 permissionChecker.hasPermission(
107 groupId, Group.class.getName(), groupId,
108 ActionKeys.MANAGE_LAYOUTS))) {
109
110 return true;
111 }
112 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
113 (permissionChecker.hasPermission(
114 groupId, Group.class.getName(), groupId,
115 ActionKeys.MANAGE_LAYOUTS) ||
116 permissionChecker.hasPermission(
117 groupId, Group.class.getName(), groupId,
118 ActionKeys.MANAGE_STAGING) ||
119 permissionChecker.hasPermission(
120 groupId, Group.class.getName(), groupId,
121 ActionKeys.PUBLISH_STAGING) ||
122 permissionChecker.hasPermission(
123 groupId, Group.class.getName(), groupId,
124 ActionKeys.UPDATE))) {
125
126 return true;
127 }
128
129
130
131 if (permissionChecker.hasPermission(
132 groupId, Group.class.getName(), groupId, actionId)) {
133
134 return true;
135 }
136
137 while (!group.isRoot()) {
138 if (contains(
139 permissionChecker, group.getParentGroupId(),
140 ActionKeys.MANAGE_SUBGROUPS)) {
141
142 return true;
143 }
144
145 group = group.getParentGroup();
146 }
147
148 return false;
149 }
150
151 public boolean contains(
152 PermissionChecker permissionChecker, long groupId, String actionId)
153 throws PortalException, SystemException {
154
155 if (groupId > 0) {
156 Group group = GroupLocalServiceUtil.getGroup(groupId);
157
158 return contains(permissionChecker, group, actionId);
159 }
160 else {
161 return false;
162 }
163 }
164
165 public boolean contains(
166 PermissionChecker permissionChecker, String actionId) {
167
168 return permissionChecker.hasPermission(
169 0, Group.class.getName(), 0, actionId);
170 }
171
172 }