001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.membershippolicy;
016    
017    import com.liferay.portal.kernel.dao.orm.ActionableDynamicQuery;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.kernel.exception.SystemException;
020    import com.liferay.portal.model.Group;
021    import com.liferay.portal.model.Organization;
022    import com.liferay.portal.model.Role;
023    import com.liferay.portal.model.RoleConstants;
024    import com.liferay.portal.model.UserGroupRole;
025    import com.liferay.portal.security.permission.PermissionChecker;
026    import com.liferay.portal.service.OrganizationLocalServiceUtil;
027    import com.liferay.portal.service.RoleLocalServiceUtil;
028    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029    import com.liferay.portal.service.persistence.OrganizationActionableDynamicQuery;
030    import com.liferay.portal.service.persistence.UserGroupRoleActionableDynamicQuery;
031    import com.liferay.portal.service.persistence.UserGroupRolePK;
032    
033    import java.io.Serializable;
034    
035    import java.util.ArrayList;
036    import java.util.List;
037    import java.util.Map;
038    
039    /**
040     * @author Roberto Díaz
041     * @author Sergio González
042     */
043    public abstract class BaseOrganizationMembershipPolicy
044            implements OrganizationMembershipPolicy {
045    
046            @SuppressWarnings("unused")
047            public void checkRoles(
048                            List<UserGroupRole> addUserGroupRoles,
049                            List<UserGroupRole> removeUserGroupRoles)
050                    throws PortalException, SystemException {
051            }
052    
053            @SuppressWarnings("unused")
054            public boolean isMembershipAllowed(long userId, long organizationId)
055                    throws PortalException, SystemException {
056    
057                    try {
058                            checkMembership(
059                                    new long[] {userId}, new long[] {organizationId}, null);
060                    }
061                    catch (Exception e) {
062                            return false;
063                    }
064    
065                    return true;
066            }
067    
068            public boolean isMembershipProtected(
069                            PermissionChecker permissionChecker, long userId,
070                            long organizationId)
071                    throws PortalException, SystemException {
072    
073                    if (permissionChecker.isOrganizationOwner(organizationId)) {
074                            return false;
075                    }
076    
077                    Organization organization =
078                            OrganizationLocalServiceUtil.getOrganization(organizationId);
079    
080                    Group group = organization.getGroup();
081    
082                    Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
083                            permissionChecker.getCompanyId(),
084                            RoleConstants.ORGANIZATION_ADMINISTRATOR);
085    
086                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
087                                    userId, group.getGroupId(),
088                                    organizationAdministratorRole.getRoleId())) {
089    
090                            return true;
091                    }
092    
093                    Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
094                            permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
095    
096                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
097                                    userId, group.getGroupId(),
098                                    organizationOwnerRole.getRoleId())) {
099    
100                            return true;
101                    }
102    
103                    return false;
104            }
105    
106            @SuppressWarnings("unused")
107            public boolean isMembershipRequired(long userId, long organizationId)
108                    throws PortalException, SystemException {
109    
110                    try {
111                            checkMembership(
112                                    new long[] {userId}, null, new long[] {organizationId});
113                    }
114                    catch (Exception e) {
115                            return true;
116                    }
117    
118                    return false;
119            }
120    
121            public boolean isRoleAllowed(long userId, long organizationId, long roleId)
122                    throws PortalException, SystemException {
123    
124                    List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
125    
126                    Organization organization =
127                            OrganizationLocalServiceUtil.getOrganization(organizationId);
128    
129                    UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
130                            userId, organization.getGroupId(), roleId);
131    
132                    UserGroupRole userGroupRole =
133                            UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
134    
135                    userGroupRoles.add(userGroupRole);
136    
137                    try {
138                            checkRoles(userGroupRoles, null);
139                    }
140                    catch (Exception e) {
141                            return false;
142                    }
143    
144                    return true;
145            }
146    
147            public boolean isRoleProtected(
148                            PermissionChecker permissionChecker, long userId,
149                            long organizationId, long roleId)
150                    throws PortalException, SystemException {
151    
152                    if (permissionChecker.isOrganizationOwner(organizationId)) {
153                            return false;
154                    }
155    
156                    Role role = RoleLocalServiceUtil.getRole(roleId);
157    
158                    String roleName = role.getName();
159    
160                    if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
161                            !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
162    
163                            return false;
164                    }
165    
166                    Organization organization =
167                            OrganizationLocalServiceUtil.getOrganization(organizationId);
168    
169                    Group group = organization.getGroup();
170    
171                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
172                                    userId, group.getGroupId(), role.getRoleId())) {
173    
174                            return true;
175                    }
176    
177                    return false;
178            }
179    
180            public boolean isRoleRequired(long userId, long organizationId, long roleId)
181                    throws PortalException, SystemException {
182    
183                    List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
184    
185                    Organization organization =
186                            OrganizationLocalServiceUtil.getOrganization(organizationId);
187    
188                    UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
189                            userId, organization.getGroupId(), roleId);
190    
191                    UserGroupRole userGroupRole =
192                            UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
193    
194                    userGroupRoles.add(userGroupRole);
195    
196                    try {
197                            checkRoles(null, userGroupRoles);
198                    }
199                    catch (Exception e) {
200                            return true;
201                    }
202    
203                    return false;
204            }
205    
206            public void propagateRoles(
207                    List<UserGroupRole> addUserGroupRoles,
208                    List<UserGroupRole> removeUserGroupRoles) {
209            }
210    
211            public void verifyPolicy() throws PortalException, SystemException {
212                    ActionableDynamicQuery organizationActionableDynamicQuery =
213                            new OrganizationActionableDynamicQuery() {
214    
215                            @Override
216                            protected void performAction(Object object)
217                                    throws PortalException, SystemException {
218    
219                                    Organization organization = (Organization)object;
220    
221                                    verifyPolicy(organization);
222    
223                                    ActionableDynamicQuery userGroupRoleActionableDynamicQuery =
224                                            new UserGroupRoleActionableDynamicQuery() {
225    
226                                            @Override
227                                            protected void performAction(Object object)
228                                                    throws PortalException, SystemException {
229    
230                                                    UserGroupRole userGroupRole = (UserGroupRole)object;
231    
232                                                    verifyPolicy(userGroupRole.getRole());
233                                            }
234    
235                                    };
236    
237                                    userGroupRoleActionableDynamicQuery.setGroupId(
238                                            organization.getGroupId());
239    
240                                    userGroupRoleActionableDynamicQuery.performActions();
241                            }
242    
243                    };
244    
245                    organizationActionableDynamicQuery.performActions();
246            }
247    
248            public void verifyPolicy(Organization organization)
249                    throws PortalException, SystemException {
250    
251                    verifyPolicy(organization, null, null, null, null);
252            }
253    
254            public void verifyPolicy(Role role) {
255            }
256    
257            public void verifyPolicy(
258                    Role role, Role oldRole,
259                    Map<String, Serializable> oldExpandoAttributes) {
260            }
261    
262    }