001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.GroupConstants;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.OrganizationConstants;
023 import com.liferay.portal.model.Role;
024 import com.liferay.portal.model.RoleConstants;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
028 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
029 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
030
031 import java.util.Arrays;
032 import java.util.HashMap;
033 import java.util.List;
034 import java.util.Map;
035
036
039 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
040
041 public PermissionCheckerBagImpl() {
042 }
043
044 public PermissionCheckerBagImpl(
045 long userId, List<Group> userGroups, List<Organization> userOrgs,
046 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
047 List<Group> groups, List<Role> roles) {
048
049 _userId = userId;
050 _userGroups = userGroups;
051 _userOrgs = userOrgs;
052 _userOrgGroups = userOrgGroups;
053 _userUserGroupGroups = userUserGroupGroups;
054 _groups = groups;
055 _roles = roles;
056 }
057
058 @Override
059 public List<Group> getGroups() {
060 return _groups;
061 }
062
063 @Override
064 public long[] getRoleIds() {
065 if (_roleIds == null) {
066 List<Role> roles = getRoles();
067
068 long[] roleIds = new long[roles.size()];
069
070 for (int i = 0; i < roles.size(); i++) {
071 Role role = roles.get(i);
072
073 roleIds[i] = role.getRoleId();
074 }
075
076 Arrays.sort(roleIds);
077
078 _roleIds = roleIds;
079 }
080
081 return _roleIds;
082 }
083
084 @Override
085 public List<Role> getRoles() {
086 return _roles;
087 }
088
089 @Override
090 public List<Group> getUserGroups() {
091 return _userGroups;
092 }
093
094 @Override
095 public List<Group> getUserOrgGroups() {
096 return _userOrgGroups;
097 }
098
099 @Override
100 public List<Organization> getUserOrgs() {
101 return _userOrgs;
102 }
103
104 @Override
105 public List<Group> getUserUserGroupGroups() {
106 return _userUserGroupGroups;
107 }
108
109
113 @Override
114 public boolean isCommunityAdmin(
115 PermissionChecker permissionChecker, Group group)
116 throws Exception {
117
118 return isGroupAdmin(permissionChecker, group);
119 }
120
121
125 @Override
126 public boolean isCommunityOwner(
127 PermissionChecker permissionChecker, Group group)
128 throws Exception {
129
130 return isGroupOwner(permissionChecker, group);
131 }
132
133 @Override
134 public boolean isGroupAdmin(
135 PermissionChecker permissionChecker, Group group)
136 throws Exception {
137
138 Boolean value = _groupAdmins.get(group.getGroupId());
139
140 if (value == null) {
141 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
142
143 _groupAdmins.put(group.getGroupId(), value);
144 }
145
146 return value.booleanValue();
147 }
148
149 @Override
150 public boolean isGroupMember(
151 PermissionChecker permissionChecker, Group group)
152 throws Exception {
153
154 for (Role role : _roles) {
155 String name = role.getName();
156
157 if (name.equals(RoleConstants.SITE_MEMBER)) {
158 return true;
159 }
160 }
161
162 if (_userGroups.contains(group)) {
163 return true;
164 }
165
166 return false;
167 }
168
169 @Override
170 public boolean isGroupOwner(
171 PermissionChecker permissionChecker, Group group)
172 throws Exception {
173
174 Boolean value = _groupOwners.get(group.getGroupId());
175
176 if (value == null) {
177 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
178
179 _groupOwners.put(group.getGroupId(), value);
180 }
181
182 return value.booleanValue();
183 }
184
185 @Override
186 public boolean isOrganizationAdmin(
187 PermissionChecker permissionChecker, Organization organization)
188 throws Exception {
189
190 Boolean value = _organizationAdmins.get(
191 organization.getOrganizationId());
192
193 if (value == null) {
194 value = Boolean.valueOf(
195 isOrganizationAdminImpl(permissionChecker, organization));
196
197 _organizationAdmins.put(organization.getOrganizationId(), value);
198 }
199
200 return value.booleanValue();
201 }
202
203 @Override
204 public boolean isOrganizationOwner(
205 PermissionChecker permissionChecker, Organization organization)
206 throws Exception {
207
208 Boolean value = _organizationOwners.get(
209 organization.getOrganizationId());
210
211 if (value == null) {
212 value = Boolean.valueOf(
213 isOrganizationOwnerImpl(permissionChecker, organization));
214
215 _organizationOwners.put(organization.getOrganizationId(), value);
216 }
217
218 return value.booleanValue();
219 }
220
221 protected boolean isGroupAdminImpl(
222 PermissionChecker permissionChecker, Group group)
223 throws PortalException, SystemException {
224
225 if (group.isLayout()) {
226 long parentGroupId = group.getParentGroupId();
227
228 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
229 return false;
230 }
231
232 group = GroupLocalServiceUtil.getGroup(parentGroupId);
233 }
234
235 if (group.isSite()) {
236 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
237 _userId, group.getGroupId(),
238 RoleConstants.SITE_ADMINISTRATOR, true) ||
239 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
240 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
241 true)) {
242
243 return true;
244 }
245 }
246
247 if (group.isCompany()) {
248 if (permissionChecker.isCompanyAdmin()) {
249 return true;
250 }
251 else {
252 return false;
253 }
254 }
255 else if (group.isLayoutPrototype()) {
256 if (LayoutPrototypePermissionUtil.contains(
257 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
258
259 return true;
260 }
261 else {
262 return false;
263 }
264 }
265 else if (group.isLayoutSetPrototype()) {
266 if (LayoutSetPrototypePermissionUtil.contains(
267 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
268
269 return true;
270 }
271 else {
272 return false;
273 }
274 }
275 else if (group.isOrganization()) {
276 long organizationId = group.getOrganizationId();
277
278 while (organizationId !=
279 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
280
281 Organization organization =
282 OrganizationLocalServiceUtil.getOrganization(
283 organizationId);
284
285 Group organizationGroup = organization.getGroup();
286
287 long organizationGroupId = organizationGroup.getGroupId();
288
289 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
290 _userId, organizationGroupId,
291 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
292 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
293 _userId, organizationGroupId,
294 RoleConstants.ORGANIZATION_OWNER, true)) {
295
296 return true;
297 }
298
299 organizationId = organization.getParentOrganizationId();
300 }
301 }
302
303 return false;
304 }
305
306 protected boolean isGroupOwnerImpl(
307 PermissionChecker permissionChecker, Group group)
308 throws PortalException, SystemException {
309
310 if (group.isSite()) {
311 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
312 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
313 true)) {
314
315 return true;
316 }
317 }
318
319 if (group.isLayoutPrototype()) {
320 if (LayoutPrototypePermissionUtil.contains(
321 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
322
323 return true;
324 }
325 else {
326 return false;
327 }
328 }
329 else if (group.isLayoutSetPrototype()) {
330 if (LayoutSetPrototypePermissionUtil.contains(
331 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
332
333 return true;
334 }
335 else {
336 return false;
337 }
338 }
339 else if (group.isOrganization()) {
340 long organizationId = group.getOrganizationId();
341
342 while (organizationId !=
343 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
344
345 Organization organization =
346 OrganizationLocalServiceUtil.getOrganization(
347 organizationId);
348
349 Group organizationGroup = organization.getGroup();
350
351 long organizationGroupId = organizationGroup.getGroupId();
352
353 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
354 _userId, organizationGroupId,
355 RoleConstants.ORGANIZATION_OWNER, true)) {
356
357 return true;
358 }
359
360 organizationId = organization.getParentOrganizationId();
361 }
362 }
363 else if (group.isUser()) {
364 long userId = group.getClassPK();
365
366 if (userId == _userId) {
367 return true;
368 }
369 }
370
371 return false;
372 }
373
374 protected boolean isOrganizationAdminImpl(
375 PermissionChecker permissionChecker, Organization organization)
376 throws PortalException, SystemException {
377
378 while (organization != null) {
379 Group organizationGroup = organization.getGroup();
380
381 long organizationGroupId = organizationGroup.getGroupId();
382
383 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
384 _userId, organizationGroupId,
385 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
386 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
387 _userId, organizationGroupId,
388 RoleConstants.ORGANIZATION_OWNER, true)) {
389
390 return true;
391 }
392
393 organization = organization.getParentOrganization();
394 }
395
396 return false;
397 }
398
399 protected boolean isOrganizationOwnerImpl(
400 PermissionChecker permissionChecker, Organization organization)
401 throws PortalException, SystemException {
402
403 while (organization != null) {
404 Group organizationGroup = organization.getGroup();
405
406 long organizationGroupId = organizationGroup.getGroupId();
407
408 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
409 _userId, organizationGroupId,
410 RoleConstants.ORGANIZATION_OWNER, true)) {
411
412 return true;
413 }
414
415 organization = organization.getParentOrganization();
416 }
417
418 return false;
419 }
420
421 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
422 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
423 private List<Group> _groups;
424 private Map<Long, Boolean> _organizationAdmins =
425 new HashMap<Long, Boolean>();
426 private Map<Long, Boolean> _organizationOwners =
427 new HashMap<Long, Boolean>();
428 private long[] _roleIds;
429 private List<Role> _roles;
430 private List<Group> _userGroups;
431 private long _userId;
432 private List<Group> _userOrgGroups;
433 private List<Organization> _userOrgs;
434 private List<Group> _userUserGroupGroups;
435
436 }