001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.log.Log;
020    import com.liferay.portal.kernel.log.LogFactoryUtil;
021    import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
022    import com.liferay.portal.kernel.util.StringUtil;
023    import com.liferay.portal.model.Group;
024    import com.liferay.portal.model.Layout;
025    import com.liferay.portal.model.LayoutTypePortlet;
026    import com.liferay.portal.model.Portlet;
027    import com.liferay.portal.model.PortletConstants;
028    import com.liferay.portal.model.impl.VirtualLayout;
029    import com.liferay.portal.security.auth.PrincipalException;
030    import com.liferay.portal.security.permission.ActionKeys;
031    import com.liferay.portal.security.permission.PermissionChecker;
032    import com.liferay.portal.security.permission.ResourceActionsUtil;
033    import com.liferay.portal.service.GroupLocalServiceUtil;
034    import com.liferay.portal.service.LayoutLocalServiceUtil;
035    import com.liferay.portal.service.PortletLocalServiceUtil;
036    import com.liferay.portal.util.PortletCategoryKeys;
037    import com.liferay.portal.util.PropsValues;
038    import com.liferay.portlet.ControlPanelEntry;
039    import com.liferay.portlet.sites.util.SitesUtil;
040    
041    import java.util.Collection;
042    import java.util.List;
043    
044    import javax.portlet.PortletMode;
045    
046    /**
047     * @author Brian Wing Shun Chan
048     * @author Raymond Aug??
049     */
050    public class PortletPermissionImpl implements PortletPermission {
051    
052            public static final boolean DEFAULT_STRICT = false;
053    
054            @Override
055            public void check(
056                            PermissionChecker permissionChecker, Layout layout,
057                            String portletId, String actionId)
058                    throws PortalException, SystemException {
059    
060                    if (!contains(
061                                    permissionChecker, 0, layout, portletId, actionId,
062                                    DEFAULT_STRICT)) {
063    
064                            throw new PrincipalException();
065                    }
066            }
067    
068            @Override
069            public void check(
070                            PermissionChecker permissionChecker, Layout layout,
071                            String portletId, String actionId, boolean strict)
072                    throws PortalException, SystemException {
073    
074                    if (!contains(
075                                    permissionChecker, 0, layout, portletId, actionId, strict)) {
076    
077                            throw new PrincipalException();
078                    }
079            }
080    
081            @Override
082            public void check(
083                            PermissionChecker permissionChecker, long groupId, Layout layout,
084                            String portletId, String actionId)
085                    throws PortalException, SystemException {
086    
087                    if (!contains(
088                                    permissionChecker, groupId, layout, portletId, actionId,
089                                    DEFAULT_STRICT)) {
090    
091                            throw new PrincipalException();
092                    }
093            }
094    
095            @Override
096            public void check(
097                            PermissionChecker permissionChecker, long groupId, Layout layout,
098                            String portletId, String actionId, boolean strict)
099                    throws PortalException, SystemException {
100    
101                    if (!contains(
102                                    permissionChecker, groupId, layout, portletId, actionId,
103                                    strict)) {
104    
105                            throw new PrincipalException();
106                    }
107            }
108    
109            @Override
110            public void check(
111                            PermissionChecker permissionChecker, long groupId, long plid,
112                            String portletId, String actionId)
113                    throws PortalException, SystemException {
114    
115                    check(
116                            permissionChecker, groupId, plid, portletId, actionId,
117                            DEFAULT_STRICT);
118            }
119    
120            @Override
121            public void check(
122                            PermissionChecker permissionChecker, long groupId, long plid,
123                            String portletId, String actionId, boolean strict)
124                    throws PortalException, SystemException {
125    
126                    if (!contains(
127                                    permissionChecker, groupId, plid, portletId, actionId,
128                                    strict)) {
129    
130                            throw new PrincipalException();
131                    }
132            }
133    
134            @Override
135            public void check(
136                            PermissionChecker permissionChecker, long plid, String portletId,
137                            String actionId)
138                    throws PortalException, SystemException {
139    
140                    check(permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
141            }
142    
143            @Override
144            public void check(
145                            PermissionChecker permissionChecker, long plid, String portletId,
146                            String actionId, boolean strict)
147                    throws PortalException, SystemException {
148    
149                    if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
150                            throw new PrincipalException();
151                    }
152            }
153    
154            @Override
155            public void check(
156                            PermissionChecker permissionChecker, String portletId,
157                            String actionId)
158                    throws PortalException, SystemException {
159    
160                    if (!contains(permissionChecker, portletId, actionId)) {
161                            throw new PrincipalException();
162                    }
163            }
164    
165            @Override
166            public boolean contains(
167                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
168                            String actionId)
169                    throws PortalException, SystemException {
170    
171                    return contains(
172                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
173            }
174    
175            @Override
176            public boolean contains(
177                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
178                            String actionId, boolean strict)
179                    throws PortalException, SystemException {
180    
181                    return contains(
182                            permissionChecker, 0, layout, portlet, actionId, strict);
183            }
184    
185            @Override
186            public boolean contains(
187                            PermissionChecker permissionChecker, Layout layout,
188                            String portletId, String actionId)
189                    throws PortalException, SystemException {
190    
191                    return contains(
192                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
193            }
194    
195            @Override
196            public boolean contains(
197                            PermissionChecker permissionChecker, Layout layout,
198                            String portletId, String actionId, boolean strict)
199                    throws PortalException, SystemException {
200    
201                    return contains(
202                            permissionChecker, 0, layout, portletId, actionId, strict);
203            }
204    
205            @Override
206            public boolean contains(
207                            PermissionChecker permissionChecker, long groupId, Layout layout,
208                            Portlet portlet, String actionId)
209                    throws PortalException, SystemException {
210    
211                    return contains(
212                            permissionChecker, groupId, layout, portlet, actionId,
213                            DEFAULT_STRICT);
214            }
215    
216            @Override
217            public boolean contains(
218                            PermissionChecker permissionChecker, long groupId, Layout layout,
219                            Portlet portlet, String actionId, boolean strict)
220                    throws PortalException, SystemException {
221    
222                    if (portlet.isUndeployedPortlet()) {
223                            return false;
224                    }
225    
226                    return contains(
227                            permissionChecker, groupId, layout, portlet.getPortletId(),
228                            actionId, strict);
229            }
230    
231            @Override
232            public boolean contains(
233                            PermissionChecker permissionChecker, long groupId, Layout layout,
234                            String portletId, String actionId)
235                    throws PortalException, SystemException {
236    
237                    return contains(
238                            permissionChecker, groupId, layout, portletId, actionId,
239                            DEFAULT_STRICT);
240            }
241    
242            @Override
243            public boolean contains(
244                            PermissionChecker permissionChecker, long groupId, Layout layout,
245                            String portletId, String actionId, boolean strict)
246                    throws PortalException, SystemException {
247    
248                    String name = null;
249                    String primKey = null;
250    
251                    if (layout == null) {
252                            name = portletId;
253                            primKey = portletId;
254    
255                            return permissionChecker.hasPermission(
256                                    groupId, name, primKey, actionId);
257                    }
258    
259                    Group group = layout.getGroup();
260    
261                    groupId = group.getGroupId();
262    
263                    name = PortletConstants.getRootPortletId(portletId);
264                    primKey = getPrimaryKey(layout.getPlid(), portletId);
265    
266                    if (!actionId.equals(ActionKeys.VIEW) &&
267                            (layout instanceof VirtualLayout)) {
268    
269                            return hasCustomizePermission(
270                                    permissionChecker, layout, portletId, actionId);
271                    }
272    
273                    if (!group.isLayoutSetPrototype() &&
274                            !SitesUtil.isLayoutUpdateable(layout) &&
275                            actionId.equals(ActionKeys.CONFIGURATION)) {
276    
277                            return false;
278                    }
279    
280                    Boolean hasPermission = StagingPermissionUtil.hasPermission(
281                            permissionChecker, groupId, name, groupId, name, actionId);
282    
283                    if (hasPermission != null) {
284                            return hasPermission.booleanValue();
285                    }
286    
287                    if (group.isControlPanel() && actionId.equals(ActionKeys.VIEW)) {
288                            return true;
289                    }
290    
291                    if (strict) {
292                            return permissionChecker.hasPermission(
293                                    groupId, name, primKey, actionId);
294                    }
295    
296                    if (hasConfigurePermission(
297                                    permissionChecker, layout, portletId, actionId) ||
298                            hasCustomizePermission(
299                                    permissionChecker, layout, portletId, actionId)) {
300    
301                            return true;
302                    }
303    
304                    return permissionChecker.hasPermission(
305                            groupId, name, primKey, actionId);
306            }
307    
308            public boolean contains(
309                            PermissionChecker permissionChecker, long groupId, long plid,
310                            Portlet portlet, String actionId)
311                    throws PortalException, SystemException {
312    
313                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
314    
315                    return contains(
316                            permissionChecker, groupId, layout, portlet, actionId,
317                            DEFAULT_STRICT);
318            }
319    
320            @Override
321            public boolean contains(
322                            PermissionChecker permissionChecker, long groupId, long plid,
323                            Portlet portlet, String actionId, boolean strict)
324                    throws PortalException, SystemException {
325    
326                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
327    
328                    return contains(
329                            permissionChecker, groupId, layout, portlet, actionId, strict);
330            }
331    
332            public boolean contains(
333                            PermissionChecker permissionChecker, long groupId, long plid,
334                            String portletId, String actionId)
335                    throws PortalException, SystemException {
336    
337                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
338    
339                    return contains(
340                            permissionChecker, groupId, layout, portletId, actionId,
341                            DEFAULT_STRICT);
342            }
343    
344            @Override
345            public boolean contains(
346                            PermissionChecker permissionChecker, long groupId, long plid,
347                            String portletId, String actionId, boolean strict)
348                    throws PortalException, SystemException {
349    
350                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
351    
352                    return contains(
353                            permissionChecker, groupId, layout, portletId, actionId, strict);
354            }
355    
356            @Override
357            public boolean contains(
358                            PermissionChecker permissionChecker, long plid, Portlet portlet,
359                            String actionId)
360                    throws PortalException, SystemException {
361    
362                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
363    
364                    return contains(
365                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
366            }
367    
368            @Override
369            public boolean contains(
370                            PermissionChecker permissionChecker, long plid, Portlet portlet,
371                            String actionId, boolean strict)
372                    throws PortalException, SystemException {
373    
374                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
375    
376                    return contains(
377                            permissionChecker, 0, layout, portlet, actionId, strict);
378            }
379    
380            @Override
381            public boolean contains(
382                            PermissionChecker permissionChecker, long plid, String portletId,
383                            String actionId)
384                    throws PortalException, SystemException {
385    
386                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
387    
388                    return contains(
389                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
390            }
391    
392            @Override
393            public boolean contains(
394                            PermissionChecker permissionChecker, long plid, String portletId,
395                            String actionId, boolean strict)
396                    throws PortalException, SystemException {
397    
398                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
399    
400                    return contains(
401                            permissionChecker, 0, layout, portletId, actionId, strict);
402            }
403    
404            @Override
405            public boolean contains(
406                            PermissionChecker permissionChecker, String portletId,
407                            String actionId)
408                    throws PortalException, SystemException {
409    
410                    return contains(permissionChecker, 0, portletId, actionId);
411            }
412    
413            @Override
414            public String getPrimaryKey(long plid, String portletId) {
415                    return String.valueOf(plid).concat(
416                            PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
417            }
418    
419            @Override
420            public boolean hasAccessPermission(
421                            PermissionChecker permissionChecker, long scopeGroupId,
422                            Layout layout, Portlet portlet, PortletMode portletMode)
423                    throws PortalException, SystemException {
424    
425                    if ((layout != null) && layout.isTypeControlPanel()) {
426                            String category = portlet.getControlPanelEntryCategory();
427    
428                            if (StringUtil.startsWith(
429                                            category, PortletCategoryKeys.SITE_ADMINISTRATION)) {
430    
431                                    layout = null;
432                            }
433                    }
434    
435                    boolean access = contains(
436                            permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
437    
438                    if (access && !PropsValues.TCK_URL &&
439                            portletMode.equals(PortletMode.EDIT)) {
440    
441                            access = contains(
442                                    permissionChecker, scopeGroupId, layout, portlet,
443                                    ActionKeys.PREFERENCES);
444                    }
445    
446                    return access;
447            }
448    
449            @Override
450            public boolean hasConfigurationPermission(
451                            PermissionChecker permissionChecker, long groupId, Layout layout,
452                            String actionId)
453                    throws PortalException, SystemException {
454    
455                    LayoutTypePortlet layoutTypePortlet =
456                            (LayoutTypePortlet)layout.getLayoutType();
457    
458                    for (Portlet portlet : layoutTypePortlet.getAllPortlets(false)) {
459                            if (contains(
460                                            permissionChecker, groupId, layout, portlet.getPortletId(),
461                                            actionId)) {
462    
463                                    return true;
464                            }
465    
466                            if (contains(
467                                            permissionChecker, groupId, null,
468                                            portlet.getRootPortletId(), actionId)) {
469    
470                                    return true;
471                            }
472                    }
473    
474                    return false;
475            }
476    
477            @Override
478            public boolean hasControlPanelAccessPermission(
479                            PermissionChecker permissionChecker, long groupId,
480                            Collection<Portlet> portlets)
481                    throws PortalException, SystemException {
482    
483                    for (Portlet portlet : portlets) {
484                            if (hasControlPanelAccessPermission(
485                                            permissionChecker, groupId, portlet)) {
486    
487                                    return true;
488                            }
489                    }
490    
491                    return false;
492            }
493    
494            @Override
495            public boolean hasControlPanelAccessPermission(
496                            PermissionChecker permissionChecker, long scopeGroupId,
497                            Portlet portlet)
498                    throws PortalException, SystemException {
499    
500                    Group group = GroupLocalServiceUtil.getGroup(scopeGroupId);
501    
502                    ControlPanelEntry controlPanelEntry =
503                            portlet.getControlPanelEntryInstance();
504    
505                    try {
506                            return controlPanelEntry.hasAccessPermission(
507                                    permissionChecker, group, portlet);
508                    }
509                    catch (Exception e) {
510                            _log.warn("Cannot process control panel access permission", e);
511    
512                            return false;
513                    }
514            }
515    
516            @Override
517            public boolean hasControlPanelAccessPermission(
518                            PermissionChecker permissionChecker, long scopeGroupId,
519                            String portletId)
520                    throws PortalException, SystemException {
521    
522                    Portlet portlet = PortletLocalServiceUtil.getPortletById(portletId);
523    
524                    return hasControlPanelAccessPermission(
525                            permissionChecker, scopeGroupId, portlet);
526            }
527    
528            @Override
529            public boolean hasLayoutManagerPermission(
530                    String portletId, String actionId) {
531    
532                    try {
533                            portletId = PortletConstants.getRootPortletId(portletId);
534    
535                            List<String> layoutManagerActions =
536                                    ResourceActionsUtil.getPortletResourceLayoutManagerActions(
537                                            portletId);
538    
539                            return layoutManagerActions.contains(actionId);
540                    }
541                    catch (Exception e) {
542                            _log.error(e, e);
543    
544                            return false;
545                    }
546            }
547    
548            protected boolean hasConfigurePermission(
549                            PermissionChecker permissionChecker, Layout layout,
550                            String portletId, String actionId)
551                    throws PortalException, SystemException {
552    
553                    if (!actionId.equals(ActionKeys.CONFIGURATION) &&
554                            !actionId.equals(ActionKeys.PREFERENCES) &&
555                            !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
556    
557                            return false;
558                    }
559    
560                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
561                            layout.getCompanyId(), portletId);
562    
563                    if (portlet.isPreferencesUniquePerLayout()) {
564                            return LayoutPermissionUtil.contains(
565                                    permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
566                    }
567    
568                    return GroupPermissionUtil.contains(
569                            permissionChecker, layout.getGroupId(),
570                            ActionKeys.CONFIGURE_PORTLETS);
571            }
572    
573            protected boolean hasCustomizePermission(
574                            PermissionChecker permissionChecker, Layout layout,
575                            String portletId, String actionId)
576                    throws PortalException, SystemException {
577    
578                    LayoutTypePortlet layoutTypePortlet =
579                            (LayoutTypePortlet)layout.getLayoutType();
580    
581                    if (layoutTypePortlet.isCustomizedView() &&
582                            layoutTypePortlet.isPortletCustomizable(portletId) &&
583                            LayoutPermissionUtil.contains(
584                                    permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
585    
586                            if (actionId.equals(ActionKeys.VIEW)) {
587                                    return true;
588                            }
589                            else if (actionId.equals(ActionKeys.CONFIGURATION)) {
590                                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
591                                            layout.getCompanyId(), portletId);
592    
593                                    if (portlet.isPreferencesUniquePerLayout()) {
594                                            return true;
595                                    }
596                            }
597                    }
598    
599                    return false;
600            }
601    
602            private static Log _log = LogFactoryUtil.getLog(
603                    PortletPermissionImpl.class);
604    
605    }