001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.portal.model.Group;
024    import com.liferay.portal.model.Layout;
025    import com.liferay.portal.model.LayoutTypePortlet;
026    import com.liferay.portal.model.Portlet;
027    import com.liferay.portal.model.PortletConstants;
028    import com.liferay.portal.model.impl.VirtualLayout;
029    import com.liferay.portal.security.auth.PrincipalException;
030    import com.liferay.portal.security.permission.ActionKeys;
031    import com.liferay.portal.security.permission.PermissionChecker;
032    import com.liferay.portal.security.permission.ResourceActionsUtil;
033    import com.liferay.portal.service.GroupLocalServiceUtil;
034    import com.liferay.portal.service.LayoutLocalServiceUtil;
035    import com.liferay.portal.service.PortletLocalServiceUtil;
036    import com.liferay.portal.util.PortletCategoryKeys;
037    import com.liferay.portal.util.PropsValues;
038    import com.liferay.portlet.ControlPanelEntry;
039    import com.liferay.portlet.sites.util.SitesUtil;
040    
041    import java.util.Collection;
042    import java.util.List;
043    
044    import javax.portlet.PortletMode;
045    
046    /**
047     * @author Brian Wing Shun Chan
048     * @author Raymond Augé
049     */
050    public class PortletPermissionImpl implements PortletPermission {
051    
052            public static final boolean DEFAULT_STRICT = false;
053    
054            public void check(
055                            PermissionChecker permissionChecker, Layout layout,
056                            String portletId, String actionId)
057                    throws PortalException, SystemException {
058    
059                    if (!contains(
060                                    permissionChecker, 0, layout, portletId, actionId,
061                                    DEFAULT_STRICT)) {
062    
063                            throw new PrincipalException();
064                    }
065            }
066    
067            public void check(
068                            PermissionChecker permissionChecker, Layout layout,
069                            String portletId, String actionId, boolean strict)
070                    throws PortalException, SystemException {
071    
072                    if (!contains(
073                                    permissionChecker, 0, layout, portletId, actionId, strict)) {
074    
075                            throw new PrincipalException();
076                    }
077            }
078    
079            public void check(
080                            PermissionChecker permissionChecker, long groupId, Layout layout,
081                            String portletId, String actionId)
082                    throws PortalException, SystemException {
083    
084                    if (!contains(
085                                    permissionChecker, groupId, layout, portletId, actionId,
086                                    DEFAULT_STRICT)) {
087    
088                            throw new PrincipalException();
089                    }
090            }
091    
092            public void check(
093                            PermissionChecker permissionChecker, long groupId, Layout layout,
094                            String portletId, String actionId, boolean strict)
095                    throws PortalException, SystemException {
096    
097                    if (!contains(
098                                    permissionChecker, groupId, layout, portletId, actionId,
099                                    strict)) {
100    
101                            throw new PrincipalException();
102                    }
103            }
104    
105            public void check(
106                            PermissionChecker permissionChecker, long groupId, long plid,
107                            String portletId, String actionId)
108                    throws PortalException, SystemException {
109    
110                    check(
111                            permissionChecker, groupId, plid, portletId, actionId,
112                            DEFAULT_STRICT);
113            }
114    
115            public void check(
116                            PermissionChecker permissionChecker, long groupId, long plid,
117                            String portletId, String actionId, boolean strict)
118                    throws PortalException, SystemException {
119    
120                    if (!contains(
121                                    permissionChecker, groupId, plid, portletId, actionId,
122                                    strict)) {
123    
124                            throw new PrincipalException();
125                    }
126            }
127    
128            public void check(
129                            PermissionChecker permissionChecker, long plid, String portletId,
130                            String actionId)
131                    throws PortalException, SystemException {
132    
133                    check(permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
134            }
135    
136            public void check(
137                            PermissionChecker permissionChecker, long plid, String portletId,
138                            String actionId, boolean strict)
139                    throws PortalException, SystemException {
140    
141                    if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
142                            throw new PrincipalException();
143                    }
144            }
145    
146            public void check(
147                            PermissionChecker permissionChecker, String portletId,
148                            String actionId)
149                    throws PortalException, SystemException {
150    
151                    if (!contains(permissionChecker, portletId, actionId)) {
152                            throw new PrincipalException();
153                    }
154            }
155    
156            public boolean contains(
157                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
158                            String actionId)
159                    throws PortalException, SystemException {
160    
161                    return contains(
162                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
163            }
164    
165            public boolean contains(
166                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
167                            String actionId, boolean strict)
168                    throws PortalException, SystemException {
169    
170                    return contains(
171                            permissionChecker, 0, layout, portlet, actionId, strict);
172            }
173    
174            public boolean contains(
175                            PermissionChecker permissionChecker, Layout layout,
176                            String portletId, String actionId)
177                    throws PortalException, SystemException {
178    
179                    return contains(
180                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
181            }
182    
183            public boolean contains(
184                            PermissionChecker permissionChecker, Layout layout,
185                            String portletId, String actionId, boolean strict)
186                    throws PortalException, SystemException {
187    
188                    return contains(
189                            permissionChecker, 0, layout, portletId, actionId, strict);
190            }
191    
192            public boolean contains(
193                            PermissionChecker permissionChecker, long groupId, Layout layout,
194                            Portlet portlet, String actionId)
195                    throws PortalException, SystemException {
196    
197                    return contains(
198                            permissionChecker, groupId, layout, portlet, actionId,
199                            DEFAULT_STRICT);
200            }
201    
202            public boolean contains(
203                            PermissionChecker permissionChecker, long groupId, Layout layout,
204                            Portlet portlet, String actionId, boolean strict)
205                    throws PortalException, SystemException {
206    
207                    if (portlet.isUndeployedPortlet()) {
208                            return false;
209                    }
210    
211                    if (portlet.isSystem() && actionId.equals(ActionKeys.VIEW)) {
212                            return true;
213                    }
214    
215                    return contains(
216                            permissionChecker, groupId, layout, portlet.getPortletId(),
217                            actionId, strict);
218            }
219    
220            public boolean contains(
221                            PermissionChecker permissionChecker, long groupId, Layout layout,
222                            String portletId, String actionId)
223                    throws PortalException, SystemException {
224    
225                    return contains(
226                            permissionChecker, groupId, layout, portletId, actionId,
227                            DEFAULT_STRICT);
228            }
229    
230            public boolean contains(
231                            PermissionChecker permissionChecker, long groupId, Layout layout,
232                            String portletId, String actionId, boolean strict)
233                    throws PortalException, SystemException {
234    
235                    String name = null;
236                    String primKey = null;
237    
238                    if (layout == null) {
239                            name = portletId;
240                            primKey = portletId;
241    
242                            return permissionChecker.hasPermission(
243                                    groupId, name, primKey, actionId);
244                    }
245    
246                    Group group = layout.getGroup();
247    
248                    groupId = group.getGroupId();
249    
250                    name = PortletConstants.getRootPortletId(portletId);
251                    primKey = getPrimaryKey(layout.getPlid(), portletId);
252    
253                    if (!actionId.equals(ActionKeys.VIEW) &&
254                            (layout instanceof VirtualLayout)) {
255    
256                            return hasCustomizePermission(
257                                    permissionChecker, layout, portletId, actionId);
258                    }
259    
260                    if (!group.isLayoutSetPrototype() &&
261                            !SitesUtil.isLayoutUpdateable(layout) &&
262                            actionId.equals(ActionKeys.CONFIGURATION)) {
263    
264                            return false;
265                    }
266    
267                    Boolean hasPermission = StagingPermissionUtil.hasPermission(
268                            permissionChecker, groupId, name, groupId, name, actionId);
269    
270                    if (hasPermission != null) {
271                            return hasPermission.booleanValue();
272                    }
273    
274                    if (group.isControlPanel() && actionId.equals(ActionKeys.VIEW)) {
275                            return true;
276                    }
277    
278                    if (strict) {
279                            return permissionChecker.hasPermission(
280                                    groupId, name, primKey, actionId);
281                    }
282    
283                    if (hasConfigurePermission(
284                                    permissionChecker, layout, portletId, actionId) ||
285                            hasCustomizePermission(
286                                    permissionChecker, layout, portletId, actionId)) {
287    
288                            return true;
289                    }
290    
291                    return permissionChecker.hasPermission(
292                            groupId, name, primKey, actionId);
293            }
294    
295            public boolean contains(
296                            PermissionChecker permissionChecker, long groupId, long plid,
297                            Portlet portlet, String actionId)
298                    throws PortalException, SystemException {
299    
300                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
301    
302                    return contains(
303                            permissionChecker, groupId, layout, portlet, actionId,
304                            DEFAULT_STRICT);
305            }
306    
307            public boolean contains(
308                            PermissionChecker permissionChecker, long groupId, long plid,
309                            Portlet portlet, String actionId, boolean strict)
310                    throws PortalException, SystemException {
311    
312                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
313    
314                    return contains(
315                            permissionChecker, groupId, layout, portlet, actionId, strict);
316            }
317    
318            public boolean contains(
319                            PermissionChecker permissionChecker, long groupId, long plid,
320                            String portletId, String actionId)
321                    throws PortalException, SystemException {
322    
323                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
324    
325                    return contains(
326                            permissionChecker, groupId, layout, portletId, actionId,
327                            DEFAULT_STRICT);
328            }
329    
330            public boolean contains(
331                            PermissionChecker permissionChecker, long groupId, long plid,
332                            String portletId, String actionId, boolean strict)
333                    throws PortalException, SystemException {
334    
335                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
336    
337                    return contains(
338                            permissionChecker, groupId, layout, portletId, actionId, strict);
339            }
340    
341            public boolean contains(
342                            PermissionChecker permissionChecker, long plid, Portlet portlet,
343                            String actionId)
344                    throws PortalException, SystemException {
345    
346                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
347    
348                    return contains(
349                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
350            }
351    
352            public boolean contains(
353                            PermissionChecker permissionChecker, long plid, Portlet portlet,
354                            String actionId, boolean strict)
355                    throws PortalException, SystemException {
356    
357                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
358    
359                    return contains(
360                            permissionChecker, 0, layout, portlet, actionId, strict);
361            }
362    
363            public boolean contains(
364                            PermissionChecker permissionChecker, long plid, String portletId,
365                            String actionId)
366                    throws PortalException, SystemException {
367    
368                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
369    
370                    return contains(
371                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
372            }
373    
374            public boolean contains(
375                            PermissionChecker permissionChecker, long plid, String portletId,
376                            String actionId, boolean strict)
377                    throws PortalException, SystemException {
378    
379                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
380    
381                    return contains(
382                            permissionChecker, 0, layout, portletId, actionId, strict);
383            }
384    
385            public boolean contains(
386                            PermissionChecker permissionChecker, String portletId,
387                            String actionId)
388                    throws PortalException, SystemException {
389    
390                    return contains(permissionChecker, 0, portletId, actionId);
391            }
392    
393            public String getPrimaryKey(long plid, String portletId) {
394                    return String.valueOf(plid).concat(
395                            PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
396            }
397    
398            public boolean hasAccessPermission(
399                            PermissionChecker permissionChecker, long scopeGroupId,
400                            Layout layout, Portlet portlet, PortletMode portletMode)
401                    throws PortalException, SystemException {
402    
403                    if ((layout != null) && layout.isTypeControlPanel()) {
404                            String category = portlet.getControlPanelEntryCategory();
405    
406                            if (Validator.equals(category, PortletCategoryKeys.CONTENT)) {
407                                    layout = null;
408                            }
409                    }
410    
411                    boolean access = contains(
412                            permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
413    
414                    if (access && !PropsValues.TCK_URL &&
415                            portletMode.equals(PortletMode.EDIT)) {
416    
417                            access = contains(
418                                    permissionChecker, scopeGroupId, layout, portlet,
419                                    ActionKeys.PREFERENCES);
420                    }
421    
422                    return access;
423            }
424    
425            public boolean hasControlPanelAccessPermission(
426                            PermissionChecker permissionChecker, long groupId,
427                            Collection<Portlet> portlets)
428                    throws PortalException, SystemException {
429    
430                    for (Portlet portlet : portlets) {
431                            if (hasControlPanelAccessPermission(
432                                            permissionChecker, groupId, portlet)) {
433    
434                                    return true;
435                            }
436                    }
437    
438                    return false;
439            }
440    
441            public boolean hasControlPanelAccessPermission(
442                            PermissionChecker permissionChecker, long scopeGroupId,
443                            Portlet portlet)
444                    throws PortalException, SystemException {
445    
446                    Group group = GroupLocalServiceUtil.getGroup(scopeGroupId);
447    
448                    ControlPanelEntry controlPanelEntry =
449                            portlet.getControlPanelEntryInstance();
450    
451                    try {
452                            return controlPanelEntry.hasAccessPermission(
453                                    permissionChecker, group, portlet);
454                    }
455                    catch (Exception e) {
456                            _log.warn("Cannot process control panel access permission", e);
457    
458                            return false;
459                    }
460            }
461    
462            public boolean hasControlPanelAccessPermission(
463                            PermissionChecker permissionChecker, long scopeGroupId,
464                            String portletId)
465                    throws PortalException, SystemException {
466    
467                    Portlet portlet = PortletLocalServiceUtil.getPortletById(portletId);
468    
469                    return hasControlPanelAccessPermission(
470                            permissionChecker, scopeGroupId, portlet);
471            }
472    
473            public boolean hasLayoutManagerPermission(
474                    String portletId, String actionId) {
475    
476                    try {
477                            portletId = PortletConstants.getRootPortletId(portletId);
478    
479                            List<String> layoutManagerActions =
480                                    ResourceActionsUtil.getPortletResourceLayoutManagerActions(
481                                            portletId);
482    
483                            return layoutManagerActions.contains(actionId);
484                    }
485                    catch (Exception e) {
486                            _log.error(e, e);
487    
488                            return false;
489                    }
490            }
491    
492            protected boolean hasConfigurePermission(
493                            PermissionChecker permissionChecker, Layout layout,
494                            String portletId, String actionId)
495                    throws PortalException, SystemException {
496    
497                    if (!actionId.equals(ActionKeys.CONFIGURATION) &&
498                            !actionId.equals(ActionKeys.PREFERENCES) &&
499                            !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
500    
501                            return false;
502                    }
503    
504                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
505                            layout.getCompanyId(), portletId);
506    
507                    if (portlet.isPreferencesUniquePerLayout()) {
508                            return LayoutPermissionUtil.contains(
509                                    permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
510                    }
511    
512                    return GroupPermissionUtil.contains(
513                            permissionChecker, layout.getGroupId(),
514                            ActionKeys.CONFIGURE_PORTLETS);
515            }
516    
517            protected boolean hasCustomizePermission(
518                            PermissionChecker permissionChecker, Layout layout,
519                            String portletId, String actionId)
520                    throws PortalException, SystemException {
521    
522                    LayoutTypePortlet layoutTypePortlet =
523                            (LayoutTypePortlet)layout.getLayoutType();
524    
525                    if (layoutTypePortlet.isCustomizedView() &&
526                            layoutTypePortlet.isPortletCustomizable(portletId) &&
527                            LayoutPermissionUtil.contains(
528                                    permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
529    
530                            if (actionId.equals(ActionKeys.VIEW)) {
531                                    return true;
532                            }
533                            else if (actionId.equals(ActionKeys.CONFIGURATION)) {
534                                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
535                                            layout.getCompanyId(), portletId);
536    
537                                    if (portlet.isPreferencesUniquePerLayout()) {
538                                            return true;
539                                    }
540                            }
541                    }
542    
543                    return false;
544            }
545    
546            private static Log _log = LogFactoryUtil.getLog(
547                    PortletPermissionImpl.class);
548    
549    }