001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
022 import com.liferay.portal.kernel.util.Validator;
023 import com.liferay.portal.model.Group;
024 import com.liferay.portal.model.Layout;
025 import com.liferay.portal.model.LayoutTypePortlet;
026 import com.liferay.portal.model.Portlet;
027 import com.liferay.portal.model.PortletConstants;
028 import com.liferay.portal.model.impl.VirtualLayout;
029 import com.liferay.portal.security.auth.PrincipalException;
030 import com.liferay.portal.security.permission.ActionKeys;
031 import com.liferay.portal.security.permission.PermissionChecker;
032 import com.liferay.portal.security.permission.ResourceActionsUtil;
033 import com.liferay.portal.service.GroupLocalServiceUtil;
034 import com.liferay.portal.service.LayoutLocalServiceUtil;
035 import com.liferay.portal.service.PortletLocalServiceUtil;
036 import com.liferay.portal.util.PortletCategoryKeys;
037 import com.liferay.portal.util.PropsValues;
038 import com.liferay.portlet.ControlPanelEntry;
039 import com.liferay.portlet.sites.util.SitesUtil;
040
041 import java.util.Collection;
042 import java.util.List;
043
044 import javax.portlet.PortletMode;
045
046
050 public class PortletPermissionImpl implements PortletPermission {
051
052 public static final boolean DEFAULT_STRICT = false;
053
054 public void check(
055 PermissionChecker permissionChecker, Layout layout,
056 String portletId, String actionId)
057 throws PortalException, SystemException {
058
059 if (!contains(
060 permissionChecker, 0, layout, portletId, actionId,
061 DEFAULT_STRICT)) {
062
063 throw new PrincipalException();
064 }
065 }
066
067 public void check(
068 PermissionChecker permissionChecker, Layout layout,
069 String portletId, String actionId, boolean strict)
070 throws PortalException, SystemException {
071
072 if (!contains(
073 permissionChecker, 0, layout, portletId, actionId, strict)) {
074
075 throw new PrincipalException();
076 }
077 }
078
079 public void check(
080 PermissionChecker permissionChecker, long groupId, Layout layout,
081 String portletId, String actionId)
082 throws PortalException, SystemException {
083
084 if (!contains(
085 permissionChecker, groupId, layout, portletId, actionId,
086 DEFAULT_STRICT)) {
087
088 throw new PrincipalException();
089 }
090 }
091
092 public void check(
093 PermissionChecker permissionChecker, long groupId, Layout layout,
094 String portletId, String actionId, boolean strict)
095 throws PortalException, SystemException {
096
097 if (!contains(
098 permissionChecker, groupId, layout, portletId, actionId,
099 strict)) {
100
101 throw new PrincipalException();
102 }
103 }
104
105 public void check(
106 PermissionChecker permissionChecker, long groupId, long plid,
107 String portletId, String actionId)
108 throws PortalException, SystemException {
109
110 check(
111 permissionChecker, groupId, plid, portletId, actionId,
112 DEFAULT_STRICT);
113 }
114
115 public void check(
116 PermissionChecker permissionChecker, long groupId, long plid,
117 String portletId, String actionId, boolean strict)
118 throws PortalException, SystemException {
119
120 if (!contains(
121 permissionChecker, groupId, plid, portletId, actionId,
122 strict)) {
123
124 throw new PrincipalException();
125 }
126 }
127
128 public void check(
129 PermissionChecker permissionChecker, long plid, String portletId,
130 String actionId)
131 throws PortalException, SystemException {
132
133 check(permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
134 }
135
136 public void check(
137 PermissionChecker permissionChecker, long plid, String portletId,
138 String actionId, boolean strict)
139 throws PortalException, SystemException {
140
141 if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
142 throw new PrincipalException();
143 }
144 }
145
146 public void check(
147 PermissionChecker permissionChecker, String portletId,
148 String actionId)
149 throws PortalException, SystemException {
150
151 if (!contains(permissionChecker, portletId, actionId)) {
152 throw new PrincipalException();
153 }
154 }
155
156 public boolean contains(
157 PermissionChecker permissionChecker, Layout layout, Portlet portlet,
158 String actionId)
159 throws PortalException, SystemException {
160
161 return contains(
162 permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
163 }
164
165 public boolean contains(
166 PermissionChecker permissionChecker, Layout layout, Portlet portlet,
167 String actionId, boolean strict)
168 throws PortalException, SystemException {
169
170 return contains(
171 permissionChecker, 0, layout, portlet, actionId, strict);
172 }
173
174 public boolean contains(
175 PermissionChecker permissionChecker, Layout layout,
176 String portletId, String actionId)
177 throws PortalException, SystemException {
178
179 return contains(
180 permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
181 }
182
183 public boolean contains(
184 PermissionChecker permissionChecker, Layout layout,
185 String portletId, String actionId, boolean strict)
186 throws PortalException, SystemException {
187
188 return contains(
189 permissionChecker, 0, layout, portletId, actionId, strict);
190 }
191
192 public boolean contains(
193 PermissionChecker permissionChecker, long groupId, Layout layout,
194 Portlet portlet, String actionId)
195 throws PortalException, SystemException {
196
197 return contains(
198 permissionChecker, groupId, layout, portlet, actionId,
199 DEFAULT_STRICT);
200 }
201
202 public boolean contains(
203 PermissionChecker permissionChecker, long groupId, Layout layout,
204 Portlet portlet, String actionId, boolean strict)
205 throws PortalException, SystemException {
206
207 if (portlet.isUndeployedPortlet()) {
208 return false;
209 }
210
211 if (portlet.isSystem() && actionId.equals(ActionKeys.VIEW)) {
212 return true;
213 }
214
215 return contains(
216 permissionChecker, groupId, layout, portlet.getPortletId(),
217 actionId, strict);
218 }
219
220 public boolean contains(
221 PermissionChecker permissionChecker, long groupId, Layout layout,
222 String portletId, String actionId)
223 throws PortalException, SystemException {
224
225 return contains(
226 permissionChecker, groupId, layout, portletId, actionId,
227 DEFAULT_STRICT);
228 }
229
230 public boolean contains(
231 PermissionChecker permissionChecker, long groupId, Layout layout,
232 String portletId, String actionId, boolean strict)
233 throws PortalException, SystemException {
234
235 String name = null;
236 String primKey = null;
237
238 if (layout == null) {
239 name = portletId;
240 primKey = portletId;
241
242 return permissionChecker.hasPermission(
243 groupId, name, primKey, actionId);
244 }
245
246 Group group = layout.getGroup();
247
248 groupId = group.getGroupId();
249
250 name = PortletConstants.getRootPortletId(portletId);
251 primKey = getPrimaryKey(layout.getPlid(), portletId);
252
253 if (!actionId.equals(ActionKeys.VIEW) &&
254 (layout instanceof VirtualLayout)) {
255
256 return hasCustomizePermission(
257 permissionChecker, layout, portletId, actionId);
258 }
259
260 if (!group.isLayoutSetPrototype() &&
261 !SitesUtil.isLayoutUpdateable(layout) &&
262 actionId.equals(ActionKeys.CONFIGURATION)) {
263
264 return false;
265 }
266
267 Boolean hasPermission = StagingPermissionUtil.hasPermission(
268 permissionChecker, groupId, name, groupId, name, actionId);
269
270 if (hasPermission != null) {
271 return hasPermission.booleanValue();
272 }
273
274 if (group.isControlPanel() && actionId.equals(ActionKeys.VIEW)) {
275 return true;
276 }
277
278 if (strict) {
279 return permissionChecker.hasPermission(
280 groupId, name, primKey, actionId);
281 }
282
283 if (hasConfigurePermission(
284 permissionChecker, layout, portletId, actionId) ||
285 hasCustomizePermission(
286 permissionChecker, layout, portletId, actionId)) {
287
288 return true;
289 }
290
291 return permissionChecker.hasPermission(
292 groupId, name, primKey, actionId);
293 }
294
295 public boolean contains(
296 PermissionChecker permissionChecker, long groupId, long plid,
297 Portlet portlet, String actionId)
298 throws PortalException, SystemException {
299
300 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
301
302 return contains(
303 permissionChecker, groupId, layout, portlet, actionId,
304 DEFAULT_STRICT);
305 }
306
307 public boolean contains(
308 PermissionChecker permissionChecker, long groupId, long plid,
309 Portlet portlet, String actionId, boolean strict)
310 throws PortalException, SystemException {
311
312 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
313
314 return contains(
315 permissionChecker, groupId, layout, portlet, actionId, strict);
316 }
317
318 public boolean contains(
319 PermissionChecker permissionChecker, long groupId, long plid,
320 String portletId, String actionId)
321 throws PortalException, SystemException {
322
323 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
324
325 return contains(
326 permissionChecker, groupId, layout, portletId, actionId,
327 DEFAULT_STRICT);
328 }
329
330 public boolean contains(
331 PermissionChecker permissionChecker, long groupId, long plid,
332 String portletId, String actionId, boolean strict)
333 throws PortalException, SystemException {
334
335 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
336
337 return contains(
338 permissionChecker, groupId, layout, portletId, actionId, strict);
339 }
340
341 public boolean contains(
342 PermissionChecker permissionChecker, long plid, Portlet portlet,
343 String actionId)
344 throws PortalException, SystemException {
345
346 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
347
348 return contains(
349 permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
350 }
351
352 public boolean contains(
353 PermissionChecker permissionChecker, long plid, Portlet portlet,
354 String actionId, boolean strict)
355 throws PortalException, SystemException {
356
357 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
358
359 return contains(
360 permissionChecker, 0, layout, portlet, actionId, strict);
361 }
362
363 public boolean contains(
364 PermissionChecker permissionChecker, long plid, String portletId,
365 String actionId)
366 throws PortalException, SystemException {
367
368 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
369
370 return contains(
371 permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
372 }
373
374 public boolean contains(
375 PermissionChecker permissionChecker, long plid, String portletId,
376 String actionId, boolean strict)
377 throws PortalException, SystemException {
378
379 Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
380
381 return contains(
382 permissionChecker, 0, layout, portletId, actionId, strict);
383 }
384
385 public boolean contains(
386 PermissionChecker permissionChecker, String portletId,
387 String actionId)
388 throws PortalException, SystemException {
389
390 return contains(permissionChecker, 0, portletId, actionId);
391 }
392
393 public String getPrimaryKey(long plid, String portletId) {
394 return String.valueOf(plid).concat(
395 PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
396 }
397
398 public boolean hasAccessPermission(
399 PermissionChecker permissionChecker, long scopeGroupId,
400 Layout layout, Portlet portlet, PortletMode portletMode)
401 throws PortalException, SystemException {
402
403 if ((layout != null) && layout.isTypeControlPanel()) {
404 String category = portlet.getControlPanelEntryCategory();
405
406 if (Validator.equals(category, PortletCategoryKeys.CONTENT)) {
407 layout = null;
408 }
409 }
410
411 boolean access = contains(
412 permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
413
414 if (access && !PropsValues.TCK_URL &&
415 portletMode.equals(PortletMode.EDIT)) {
416
417 access = contains(
418 permissionChecker, scopeGroupId, layout, portlet,
419 ActionKeys.PREFERENCES);
420 }
421
422 return access;
423 }
424
425 public boolean hasControlPanelAccessPermission(
426 PermissionChecker permissionChecker, long groupId,
427 Collection<Portlet> portlets)
428 throws PortalException, SystemException {
429
430 for (Portlet portlet : portlets) {
431 if (hasControlPanelAccessPermission(
432 permissionChecker, groupId, portlet)) {
433
434 return true;
435 }
436 }
437
438 return false;
439 }
440
441 public boolean hasControlPanelAccessPermission(
442 PermissionChecker permissionChecker, long scopeGroupId,
443 Portlet portlet)
444 throws PortalException, SystemException {
445
446 Group group = GroupLocalServiceUtil.getGroup(scopeGroupId);
447
448 ControlPanelEntry controlPanelEntry =
449 portlet.getControlPanelEntryInstance();
450
451 try {
452 return controlPanelEntry.hasAccessPermission(
453 permissionChecker, group, portlet);
454 }
455 catch (Exception e) {
456 _log.warn("Cannot process control panel access permission", e);
457
458 return false;
459 }
460 }
461
462 public boolean hasControlPanelAccessPermission(
463 PermissionChecker permissionChecker, long scopeGroupId,
464 String portletId)
465 throws PortalException, SystemException {
466
467 Portlet portlet = PortletLocalServiceUtil.getPortletById(portletId);
468
469 return hasControlPanelAccessPermission(
470 permissionChecker, scopeGroupId, portlet);
471 }
472
473 public boolean hasLayoutManagerPermission(
474 String portletId, String actionId) {
475
476 try {
477 portletId = PortletConstants.getRootPortletId(portletId);
478
479 List<String> layoutManagerActions =
480 ResourceActionsUtil.getPortletResourceLayoutManagerActions(
481 portletId);
482
483 return layoutManagerActions.contains(actionId);
484 }
485 catch (Exception e) {
486 _log.error(e, e);
487
488 return false;
489 }
490 }
491
492 protected boolean hasConfigurePermission(
493 PermissionChecker permissionChecker, Layout layout,
494 String portletId, String actionId)
495 throws PortalException, SystemException {
496
497 if (!actionId.equals(ActionKeys.CONFIGURATION) &&
498 !actionId.equals(ActionKeys.PREFERENCES) &&
499 !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
500
501 return false;
502 }
503
504 Portlet portlet = PortletLocalServiceUtil.getPortletById(
505 layout.getCompanyId(), portletId);
506
507 if (portlet.isPreferencesUniquePerLayout()) {
508 return LayoutPermissionUtil.contains(
509 permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
510 }
511
512 return GroupPermissionUtil.contains(
513 permissionChecker, layout.getGroupId(),
514 ActionKeys.CONFIGURE_PORTLETS);
515 }
516
517 protected boolean hasCustomizePermission(
518 PermissionChecker permissionChecker, Layout layout,
519 String portletId, String actionId)
520 throws PortalException, SystemException {
521
522 LayoutTypePortlet layoutTypePortlet =
523 (LayoutTypePortlet)layout.getLayoutType();
524
525 if (layoutTypePortlet.isCustomizedView() &&
526 layoutTypePortlet.isPortletCustomizable(portletId) &&
527 LayoutPermissionUtil.contains(
528 permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
529
530 if (actionId.equals(ActionKeys.VIEW)) {
531 return true;
532 }
533 else if (actionId.equals(ActionKeys.CONFIGURATION)) {
534 Portlet portlet = PortletLocalServiceUtil.getPortletById(
535 layout.getCompanyId(), portletId);
536
537 if (portlet.isPreferencesUniquePerLayout()) {
538 return true;
539 }
540 }
541 }
542
543 return false;
544 }
545
546 private static Log _log = LogFactoryUtil.getLog(
547 PortletPermissionImpl.class);
548
549 }