001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.AuditedModel;
021 import com.liferay.portal.model.Group;
022 import com.liferay.portal.model.GroupedModel;
023 import com.liferay.portal.model.Layout;
024 import com.liferay.portal.model.PermissionedModel;
025 import com.liferay.portal.model.PortletConstants;
026 import com.liferay.portal.model.ResourceConstants;
027 import com.liferay.portal.model.ResourcePermission;
028 import com.liferay.portal.model.Role;
029 import com.liferay.portal.model.Team;
030 import com.liferay.portal.model.User;
031 import com.liferay.portal.security.auth.PrincipalException;
032 import com.liferay.portal.security.permission.ActionKeys;
033 import com.liferay.portal.security.permission.PermissionChecker;
034 import com.liferay.portal.security.permission.ResourceActionsUtil;
035 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036 import com.liferay.portal.service.permission.GroupPermissionUtil;
037 import com.liferay.portal.service.permission.LayoutPermissionUtil;
038 import com.liferay.portal.service.permission.PortletPermissionUtil;
039 import com.liferay.portal.service.permission.TeamPermissionUtil;
040 import com.liferay.portal.service.permission.UserPermissionUtil;
041 import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
042 import com.liferay.portlet.asset.model.AssetRendererFactory;
043 import com.liferay.portlet.blogs.model.BlogsEntry;
044 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
045 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
046 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
047 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
048 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
049 import com.liferay.portlet.calendar.model.CalEvent;
050 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
051 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
052 import com.liferay.portlet.documentlibrary.model.DLFolder;
053 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
054 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
055 import com.liferay.portlet.journal.model.JournalArticle;
056 import com.liferay.portlet.journal.model.JournalFeed;
057 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
058 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
059 import com.liferay.portlet.messageboards.model.MBCategory;
060 import com.liferay.portlet.messageboards.model.MBMessage;
061 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
062 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
063 import com.liferay.portlet.polls.model.PollsQuestion;
064 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
065 import com.liferay.portlet.shopping.model.ShoppingCategory;
066 import com.liferay.portlet.shopping.model.ShoppingItem;
067 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
068 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
069 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
070 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
071 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
072 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
073 import com.liferay.portlet.wiki.model.WikiNode;
074 import com.liferay.portlet.wiki.model.WikiPage;
075 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
076 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
077
078 import java.util.List;
079
080
086 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
087
088
099 public void checkPermission(long groupId, String name, long primKey)
100 throws PortalException, SystemException {
101
102 checkPermission(
103 getPermissionChecker(), groupId, name, String.valueOf(primKey));
104 }
105
106
117 public void checkPermission(long groupId, String name, String primKey)
118 throws PortalException, SystemException {
119
120 checkPermission(getPermissionChecker(), groupId, name, primKey);
121 }
122
123 protected void checkPermission(
124 PermissionChecker permissionChecker, long groupId, String name,
125 String primKey)
126 throws PortalException, SystemException {
127
128 if (name.equals(BlogsEntry.class.getName())) {
129 BlogsEntryPermission.check(
130 permissionChecker, GetterUtil.getLong(primKey),
131 ActionKeys.PERMISSIONS);
132 }
133 else if (name.equals(BookmarksEntry.class.getName())) {
134 BookmarksEntryPermission.check(
135 permissionChecker, GetterUtil.getLong(primKey),
136 ActionKeys.PERMISSIONS);
137 }
138 else if (name.equals(BookmarksFolder.class.getName())) {
139 BookmarksFolderPermission.check(
140 permissionChecker, groupId, GetterUtil.getLong(primKey),
141 ActionKeys.PERMISSIONS);
142 }
143 else if (name.equals(CalEvent.class.getName())) {
144 CalEventPermission.check(
145 permissionChecker, GetterUtil.getLong(primKey),
146 ActionKeys.PERMISSIONS);
147 }
148 else if (name.equals(DLFileEntry.class.getName())) {
149 DLFileEntryPermission.check(
150 permissionChecker, GetterUtil.getLong(primKey),
151 ActionKeys.PERMISSIONS);
152 }
153 else if (name.equals(DLFolder.class.getName())) {
154 DLFolderPermission.check(
155 permissionChecker, groupId, GetterUtil.getLong(primKey),
156 ActionKeys.PERMISSIONS);
157 }
158 else if (name.equals(Group.class.getName())) {
159 GroupPermissionUtil.check(
160 permissionChecker, GetterUtil.getLong(primKey),
161 ActionKeys.PERMISSIONS);
162 }
163 else if (name.equals(JournalArticle.class.getName())) {
164 JournalArticlePermission.check(
165 permissionChecker, GetterUtil.getLong(primKey),
166 ActionKeys.PERMISSIONS);
167 }
168 else if (name.equals(JournalFeed.class.getName())) {
169 JournalFeedPermission.check(
170 permissionChecker, GetterUtil.getLong(primKey),
171 ActionKeys.PERMISSIONS);
172 }
173 else if (name.equals(Layout.class.getName())) {
174 LayoutPermissionUtil.check(
175 permissionChecker, GetterUtil.getLong(primKey),
176 ActionKeys.PERMISSIONS);
177 }
178 else if (name.equals(MBCategory.class.getName())) {
179 MBCategoryPermission.check(
180 permissionChecker, groupId, GetterUtil.getLong(primKey),
181 ActionKeys.PERMISSIONS);
182 }
183 else if (name.equals(MBMessage.class.getName())) {
184 MBMessagePermission.check(
185 permissionChecker, GetterUtil.getLong(primKey),
186 ActionKeys.PERMISSIONS);
187 }
188 else if (name.equals(PollsQuestion.class.getName())) {
189 PollsQuestionPermission.check(
190 permissionChecker, GetterUtil.getLong(primKey),
191 ActionKeys.PERMISSIONS);
192 }
193 else if (name.equals(SCFrameworkVersion.class.getName())) {
194 SCFrameworkVersionPermission.check(
195 permissionChecker, GetterUtil.getLong(primKey),
196 ActionKeys.PERMISSIONS);
197 }
198 else if (name.equals(SCProductEntry.class.getName())) {
199 SCProductEntryPermission.check(
200 permissionChecker, GetterUtil.getLong(primKey),
201 ActionKeys.PERMISSIONS);
202 }
203 else if (name.equals(ShoppingCategory.class.getName())) {
204 ShoppingCategoryPermission.check(
205 permissionChecker, groupId, GetterUtil.getLong(primKey),
206 ActionKeys.PERMISSIONS);
207 }
208 else if (name.equals(ShoppingItem.class.getName())) {
209 ShoppingItemPermission.check(
210 permissionChecker, GetterUtil.getLong(primKey),
211 ActionKeys.PERMISSIONS);
212 }
213 else if (name.equals(Team.class.getName())) {
214 long teamId = GetterUtil.getLong(primKey);
215
216 Team team = teamPersistence.findByPrimaryKey(teamId);
217
218 GroupPermissionUtil.check(
219 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
220 }
221 else if (name.equals(User.class.getName())) {
222 long userId = GetterUtil.getLong(primKey);
223
224 User user = userPersistence.findByPrimaryKey(userId);
225
226 UserPermissionUtil.check(
227 permissionChecker, userId, user.getOrganizationIds(),
228 ActionKeys.PERMISSIONS);
229 }
230 else if (name.equals(WikiNode.class.getName())) {
231 WikiNodePermission.check(
232 permissionChecker, GetterUtil.getLong(primKey),
233 ActionKeys.PERMISSIONS);
234 }
235 else if (name.equals(WikiPage.class.getName())) {
236 WikiPagePermission.check(
237 permissionChecker, GetterUtil.getLong(primKey),
238 ActionKeys.PERMISSIONS);
239 }
240 else if ((primKey != null) &&
241 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
242
243 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
244
245 long plid = GetterUtil.getLong(primKey.substring(0, pos));
246
247 String portletId = primKey.substring(
248 pos + PortletConstants.LAYOUT_SEPARATOR.length());
249
250 PortletPermissionUtil.check(
251 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
252 }
253 else if (!permissionChecker.hasPermission(
254 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
255
256 AssetRendererFactory assetRendererFactory =
257 AssetRendererFactoryRegistryUtil.
258 getAssetRendererFactoryByClassName(name);
259
260 if (assetRendererFactory != null) {
261 try {
262 if (assetRendererFactory.hasPermission(
263 permissionChecker, GetterUtil.getLong(primKey),
264 ActionKeys.PERMISSIONS)) {
265
266 return;
267 }
268 }
269 catch (Exception e) {
270 }
271 }
272
273 long ownerId = 0;
274
275 if (resourceBlockLocalService.isSupported(name)) {
276 PermissionedModel permissionedModel =
277 resourceBlockLocalService.getPermissionedModel(
278 name, GetterUtil.getLong(primKey));
279
280 if (permissionedModel instanceof GroupedModel) {
281 GroupedModel groupedModel = (GroupedModel)permissionedModel;
282
283 ownerId = groupedModel.getUserId();
284 }
285 else if (permissionedModel instanceof AuditedModel) {
286 AuditedModel auditedModel = (AuditedModel)permissionedModel;
287
288 ownerId = auditedModel.getUserId();
289 }
290 }
291 else {
292 ResourcePermission resourcePermission =
293 resourcePermissionLocalService.getResourcePermission(
294 permissionChecker.getCompanyId(), name,
295 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
296 permissionChecker.getOwnerRoleId());
297
298 ownerId = resourcePermission.getOwnerId();
299 }
300
301 if (permissionChecker.hasOwnerPermission(
302 permissionChecker.getCompanyId(), name, primKey, ownerId,
303 ActionKeys.PERMISSIONS)) {
304
305 return;
306 }
307
308 Role role = null;
309
310 if (name.equals(Role.class.getName())) {
311 long roleId = GetterUtil.getLong(primKey);
312
313 role = rolePersistence.findByPrimaryKey(roleId);
314 }
315
316 if ((role != null) && role.isTeam()) {
317 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
318
319 TeamPermissionUtil.check(
320 permissionChecker, team.getTeamId(),
321 ActionKeys.PERMISSIONS);
322 }
323 else {
324 List<String> resourceActions =
325 ResourceActionsUtil.getResourceActions(name);
326
327 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
328 !permissionChecker.hasPermission(
329 groupId, name, primKey,
330 ActionKeys.DEFINE_PERMISSIONS)) {
331
332 throw new PrincipalException();
333 }
334 }
335 }
336 }
337
338 }