001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.AuditedModel;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.GroupedModel;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.PermissionedModel;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.ResourceConstants;
027    import com.liferay.portal.model.ResourcePermission;
028    import com.liferay.portal.model.Role;
029    import com.liferay.portal.model.Team;
030    import com.liferay.portal.model.User;
031    import com.liferay.portal.security.auth.PrincipalException;
032    import com.liferay.portal.security.permission.ActionKeys;
033    import com.liferay.portal.security.permission.PermissionChecker;
034    import com.liferay.portal.security.permission.ResourceActionsUtil;
035    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
036    import com.liferay.portal.service.permission.GroupPermissionUtil;
037    import com.liferay.portal.service.permission.LayoutPermissionUtil;
038    import com.liferay.portal.service.permission.PortletPermissionUtil;
039    import com.liferay.portal.service.permission.TeamPermissionUtil;
040    import com.liferay.portal.service.permission.UserPermissionUtil;
041    import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
042    import com.liferay.portlet.asset.model.AssetRendererFactory;
043    import com.liferay.portlet.blogs.model.BlogsEntry;
044    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
045    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
046    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
047    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
048    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
049    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
050    import com.liferay.portlet.documentlibrary.model.DLFolder;
051    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
052    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
053    import com.liferay.portlet.journal.model.JournalArticle;
054    import com.liferay.portlet.journal.model.JournalFeed;
055    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
056    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
057    import com.liferay.portlet.messageboards.model.MBCategory;
058    import com.liferay.portlet.messageboards.model.MBMessage;
059    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061    import com.liferay.portlet.polls.model.PollsQuestion;
062    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063    import com.liferay.portlet.shopping.model.ShoppingCategory;
064    import com.liferay.portlet.shopping.model.ShoppingItem;
065    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071    import com.liferay.portlet.wiki.model.WikiNode;
072    import com.liferay.portlet.wiki.model.WikiPage;
073    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075    
076    import java.util.List;
077    
078    /**
079     * Provides the remote service for checking permissions.
080     *
081     * @author Brian Wing Shun Chan
082     * @author Raymond Aug??
083     */
084    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
085    
086            /**
087             * Checks to see if the group has permission to the service.
088             *
089             * @param  groupId the primary key of the group
090             * @param  name the service name
091             * @param  primKey the primary key of the service
092             * @throws PortalException if the group did not have permission to the
093             *         service, if a group with the primary key could not be found or if
094             *         the permission information was invalid
095             * @throws SystemException if a system exception occurred
096             */
097            @Override
098            public void checkPermission(long groupId, String name, long primKey)
099                    throws PortalException, SystemException {
100    
101                    checkPermission(
102                            getPermissionChecker(), groupId, name, String.valueOf(primKey));
103            }
104    
105            /**
106             * Checks to see if the group has permission to the service.
107             *
108             * @param  groupId the primary key of the group
109             * @param  name the service name
110             * @param  primKey the primary key of the service
111             * @throws PortalException if the group did not have permission to the
112             *         service, if a group with the primary key could not be found or if
113             *         the permission information was invalid
114             * @throws SystemException if a system exception occurred
115             */
116            @Override
117            public void checkPermission(long groupId, String name, String primKey)
118                    throws PortalException, SystemException {
119    
120                    checkPermission(getPermissionChecker(), groupId, name, primKey);
121            }
122    
123            protected void checkPermission(
124                            PermissionChecker permissionChecker, long groupId, String name,
125                            String primKey)
126                    throws PortalException, SystemException {
127    
128                    if (name.equals(BlogsEntry.class.getName())) {
129                            BlogsEntryPermission.check(
130                                    permissionChecker, GetterUtil.getLong(primKey),
131                                    ActionKeys.PERMISSIONS);
132                    }
133                    else if (name.equals(BookmarksEntry.class.getName())) {
134                            BookmarksEntryPermission.check(
135                                    permissionChecker, GetterUtil.getLong(primKey),
136                                    ActionKeys.PERMISSIONS);
137                    }
138                    else if (name.equals(BookmarksFolder.class.getName())) {
139                            BookmarksFolderPermission.check(
140                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
141                                    ActionKeys.PERMISSIONS);
142                    }
143                    else if (name.equals(DLFileEntry.class.getName())) {
144                            DLFileEntryPermission.check(
145                                    permissionChecker, GetterUtil.getLong(primKey),
146                                    ActionKeys.PERMISSIONS);
147                    }
148                    else if (name.equals(DLFolder.class.getName())) {
149                            DLFolderPermission.check(
150                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
151                                    ActionKeys.PERMISSIONS);
152                    }
153                    else if (name.equals(Group.class.getName())) {
154                            GroupPermissionUtil.check(
155                                    permissionChecker, GetterUtil.getLong(primKey),
156                                    ActionKeys.PERMISSIONS);
157                    }
158                    else if (name.equals(JournalArticle.class.getName())) {
159                            JournalArticlePermission.check(
160                                    permissionChecker, GetterUtil.getLong(primKey),
161                                    ActionKeys.PERMISSIONS);
162                    }
163                    else if (name.equals(JournalFeed.class.getName())) {
164                            JournalFeedPermission.check(
165                                    permissionChecker, GetterUtil.getLong(primKey),
166                                    ActionKeys.PERMISSIONS);
167                    }
168                    else if (name.equals(Layout.class.getName())) {
169                            LayoutPermissionUtil.check(
170                                    permissionChecker, GetterUtil.getLong(primKey),
171                                    ActionKeys.PERMISSIONS);
172                    }
173                    else if (name.equals(MBCategory.class.getName())) {
174                            MBCategoryPermission.check(
175                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
176                                    ActionKeys.PERMISSIONS);
177                    }
178                    else if (name.equals(MBMessage.class.getName())) {
179                            MBMessagePermission.check(
180                                    permissionChecker, GetterUtil.getLong(primKey),
181                                    ActionKeys.PERMISSIONS);
182                    }
183                    else if (name.equals(PollsQuestion.class.getName())) {
184                            PollsQuestionPermission.check(
185                                    permissionChecker, GetterUtil.getLong(primKey),
186                                    ActionKeys.PERMISSIONS);
187                    }
188                    else if (name.equals(SCFrameworkVersion.class.getName())) {
189                            SCFrameworkVersionPermission.check(
190                                    permissionChecker, GetterUtil.getLong(primKey),
191                                    ActionKeys.PERMISSIONS);
192                    }
193                    else if (name.equals(SCProductEntry.class.getName())) {
194                            SCProductEntryPermission.check(
195                                    permissionChecker, GetterUtil.getLong(primKey),
196                                    ActionKeys.PERMISSIONS);
197                    }
198                    else if (name.equals(ShoppingCategory.class.getName())) {
199                            ShoppingCategoryPermission.check(
200                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
201                                    ActionKeys.PERMISSIONS);
202                    }
203                    else if (name.equals(ShoppingItem.class.getName())) {
204                            ShoppingItemPermission.check(
205                                    permissionChecker, GetterUtil.getLong(primKey),
206                                    ActionKeys.PERMISSIONS);
207                    }
208                    else if (name.equals(Team.class.getName())) {
209                            long teamId = GetterUtil.getLong(primKey);
210    
211                            Team team = teamPersistence.findByPrimaryKey(teamId);
212    
213                            GroupPermissionUtil.check(
214                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
215                    }
216                    else if (name.equals(User.class.getName())) {
217                            long userId = GetterUtil.getLong(primKey);
218    
219                            User user = userPersistence.findByPrimaryKey(userId);
220    
221                            UserPermissionUtil.check(
222                                    permissionChecker, userId, user.getOrganizationIds(),
223                                    ActionKeys.PERMISSIONS);
224                    }
225                    else if (name.equals(WikiNode.class.getName())) {
226                            WikiNodePermission.check(
227                                    permissionChecker, GetterUtil.getLong(primKey),
228                                    ActionKeys.PERMISSIONS);
229                    }
230                    else if (name.equals(WikiPage.class.getName())) {
231                            WikiPagePermission.check(
232                                    permissionChecker, GetterUtil.getLong(primKey),
233                                    ActionKeys.PERMISSIONS);
234                    }
235                    else if ((primKey != null) &&
236                                     primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
237    
238                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
239    
240                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
241    
242                            String portletId = primKey.substring(
243                                    pos + PortletConstants.LAYOUT_SEPARATOR.length());
244    
245                            PortletPermissionUtil.check(
246                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
247                    }
248                    else if (!permissionChecker.hasPermission(
249                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
250    
251                            AssetRendererFactory assetRendererFactory =
252                                    AssetRendererFactoryRegistryUtil.
253                                            getAssetRendererFactoryByClassName(name);
254    
255                            if (assetRendererFactory != null) {
256                                    try {
257                                            if (assetRendererFactory.hasPermission(
258                                                            permissionChecker, GetterUtil.getLong(primKey),
259                                                            ActionKeys.PERMISSIONS)) {
260    
261                                                    return;
262                                            }
263                                    }
264                                    catch (Exception e) {
265                                    }
266                            }
267    
268                            long ownerId = 0;
269    
270                            if (resourceBlockLocalService.isSupported(name)) {
271                                    PermissionedModel permissionedModel =
272                                            resourceBlockLocalService.getPermissionedModel(
273                                                    name, GetterUtil.getLong(primKey));
274    
275                                    if (permissionedModel instanceof GroupedModel) {
276                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
277    
278                                            ownerId = groupedModel.getUserId();
279                                    }
280                                    else if (permissionedModel instanceof AuditedModel) {
281                                            AuditedModel auditedModel = (AuditedModel)permissionedModel;
282    
283                                            ownerId = auditedModel.getUserId();
284                                    }
285                            }
286                            else {
287                                    ResourcePermission resourcePermission =
288                                            resourcePermissionLocalService.getResourcePermission(
289                                                    permissionChecker.getCompanyId(), name,
290                                                    ResourceConstants.SCOPE_INDIVIDUAL, primKey,
291                                                    permissionChecker.getOwnerRoleId());
292    
293                                    ownerId = resourcePermission.getOwnerId();
294                            }
295    
296                            if (permissionChecker.hasOwnerPermission(
297                                            permissionChecker.getCompanyId(), name, primKey, ownerId,
298                                            ActionKeys.PERMISSIONS)) {
299    
300                                    return;
301                            }
302    
303                            Role role = null;
304    
305                            if (name.equals(Role.class.getName())) {
306                                    long roleId = GetterUtil.getLong(primKey);
307    
308                                    role = rolePersistence.findByPrimaryKey(roleId);
309                            }
310    
311                            if ((role != null) && role.isTeam()) {
312                                    Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
313    
314                                    TeamPermissionUtil.check(
315                                            permissionChecker, team.getTeamId(),
316                                            ActionKeys.PERMISSIONS);
317                            }
318                            else {
319                                    List<String> resourceActions =
320                                            ResourceActionsUtil.getResourceActions(name);
321    
322                                    if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
323                                            !permissionChecker.hasPermission(
324                                                    groupId, name, primKey,
325                                                    ActionKeys.DEFINE_PERMISSIONS)) {
326    
327                                            throw new PrincipalException();
328                                    }
329                            }
330                    }
331            }
332    
333    }