001
014
015 package com.liferay.portal.security.membershippolicy;
016
017 import com.liferay.portal.kernel.dao.orm.ActionableDynamicQuery;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.UserGroupRole;
025 import com.liferay.portal.security.permission.PermissionChecker;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.RoleLocalServiceUtil;
028 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029 import com.liferay.portal.service.persistence.OrganizationActionableDynamicQuery;
030 import com.liferay.portal.service.persistence.UserGroupRoleActionableDynamicQuery;
031 import com.liferay.portal.service.persistence.UserGroupRolePK;
032
033 import java.io.Serializable;
034
035 import java.util.ArrayList;
036 import java.util.List;
037 import java.util.Map;
038
039
043 public abstract class BaseOrganizationMembershipPolicy
044 implements OrganizationMembershipPolicy {
045
046 @SuppressWarnings("unused")
047 public void checkRoles(
048 List<UserGroupRole> addUserGroupRoles,
049 List<UserGroupRole> removeUserGroupRoles)
050 throws PortalException, SystemException {
051 }
052
053 @SuppressWarnings("unused")
054 public boolean isMembershipAllowed(long userId, long organizationId)
055 throws PortalException, SystemException {
056
057 try {
058 checkMembership(
059 new long[] {userId}, new long[] {organizationId}, null);
060 }
061 catch (Exception e) {
062 return false;
063 }
064
065 return true;
066 }
067
068 public boolean isMembershipProtected(
069 PermissionChecker permissionChecker, long userId,
070 long organizationId)
071 throws PortalException, SystemException {
072
073 if (permissionChecker.isOrganizationOwner(organizationId)) {
074 return false;
075 }
076
077 Organization organization =
078 OrganizationLocalServiceUtil.getOrganization(organizationId);
079
080 Group group = organization.getGroup();
081
082 Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
083 permissionChecker.getCompanyId(),
084 RoleConstants.ORGANIZATION_ADMINISTRATOR);
085
086 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
087 userId, group.getGroupId(),
088 organizationAdministratorRole.getRoleId())) {
089
090 return true;
091 }
092
093 Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
094 permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
095
096 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
097 userId, group.getGroupId(),
098 organizationOwnerRole.getRoleId())) {
099
100 return true;
101 }
102
103 return false;
104 }
105
106 @SuppressWarnings("unused")
107 public boolean isMembershipRequired(long userId, long organizationId)
108 throws PortalException, SystemException {
109
110 try {
111 checkMembership(
112 new long[] {userId}, null, new long[] {organizationId});
113 }
114 catch (Exception e) {
115 return true;
116 }
117
118 return false;
119 }
120
121 public boolean isRoleAllowed(long userId, long organizationId, long roleId)
122 throws PortalException, SystemException {
123
124 List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
125
126 Organization organization =
127 OrganizationLocalServiceUtil.getOrganization(organizationId);
128
129 UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
130 userId, organization.getGroupId(), roleId);
131
132 UserGroupRole userGroupRole =
133 UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
134
135 userGroupRoles.add(userGroupRole);
136
137 try {
138 checkRoles(userGroupRoles, null);
139 }
140 catch (Exception e) {
141 return false;
142 }
143
144 return true;
145 }
146
147 public boolean isRoleProtected(
148 PermissionChecker permissionChecker, long userId,
149 long organizationId, long roleId)
150 throws PortalException, SystemException {
151
152 if (permissionChecker.isOrganizationOwner(organizationId)) {
153 return false;
154 }
155
156 Role role = RoleLocalServiceUtil.getRole(roleId);
157
158 String roleName = role.getName();
159
160 if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
161 !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
162
163 return false;
164 }
165
166 Organization organization =
167 OrganizationLocalServiceUtil.getOrganization(organizationId);
168
169 Group group = organization.getGroup();
170
171 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
172 userId, group.getGroupId(), role.getRoleId())) {
173
174 return true;
175 }
176
177 return false;
178 }
179
180 public boolean isRoleRequired(long userId, long organizationId, long roleId)
181 throws PortalException, SystemException {
182
183 List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
184
185 Organization organization =
186 OrganizationLocalServiceUtil.getOrganization(organizationId);
187
188 UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
189 userId, organization.getGroupId(), roleId);
190
191 UserGroupRole userGroupRole =
192 UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
193
194 userGroupRoles.add(userGroupRole);
195
196 try {
197 checkRoles(null, userGroupRoles);
198 }
199 catch (Exception e) {
200 return true;
201 }
202
203 return false;
204 }
205
206 public void propagateRoles(
207 List<UserGroupRole> addUserGroupRoles,
208 List<UserGroupRole> removeUserGroupRoles) {
209 }
210
211 public void verifyPolicy() throws PortalException, SystemException {
212 ActionableDynamicQuery organizationActionableDynamicQuery =
213 new OrganizationActionableDynamicQuery() {
214
215 @Override
216 protected void performAction(Object object)
217 throws PortalException, SystemException {
218
219 Organization organization = (Organization)object;
220
221 verifyPolicy(organization);
222
223 ActionableDynamicQuery userGroupRoleActionableDynamicQuery =
224 new UserGroupRoleActionableDynamicQuery() {
225
226 @Override
227 protected void performAction(Object object)
228 throws PortalException, SystemException {
229
230 UserGroupRole userGroupRole = (UserGroupRole)object;
231
232 verifyPolicy(userGroupRole.getRole());
233 }
234
235 };
236
237 userGroupRoleActionableDynamicQuery.setGroupId(
238 organization.getGroupId());
239
240 userGroupRoleActionableDynamicQuery.performActions();
241 }
242
243 };
244
245 organizationActionableDynamicQuery.performActions();
246 }
247
248 public void verifyPolicy(Organization organization)
249 throws PortalException, SystemException {
250
251 verifyPolicy(organization, null, null, null, null);
252 }
253
254 public void verifyPolicy(Role role) {
255 }
256
257 public void verifyPolicy(
258 Role role, Role oldRole,
259 Map<String, Serializable> oldExpandoAttributes) {
260 }
261
262 }