001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.GroupConstants;
021    import com.liferay.portal.model.Organization;
022    import com.liferay.portal.model.OrganizationConstants;
023    import com.liferay.portal.model.Role;
024    import com.liferay.portal.model.RoleConstants;
025    import com.liferay.portal.service.GroupLocalServiceUtil;
026    import com.liferay.portal.service.OrganizationLocalServiceUtil;
027    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
028    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
029    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
030    
031    import java.util.Arrays;
032    import java.util.HashMap;
033    import java.util.List;
034    import java.util.Map;
035    
036    /**
037     * @author Brian Wing Shun Chan
038     */
039    public class PermissionCheckerBagImpl implements PermissionCheckerBag {
040    
041            public PermissionCheckerBagImpl() {
042            }
043    
044            public PermissionCheckerBagImpl(
045                    long userId, List<Group> userGroups, List<Organization> userOrgs,
046                    List<Group> userOrgGroups, List<Group> userUserGroupGroups,
047                    List<Group> groups, List<Role> roles) {
048    
049                    _userId = userId;
050                    _userGroups = userGroups;
051                    _userOrgs = userOrgs;
052                    _userOrgGroups = userOrgGroups;
053                    _userUserGroupGroups = userUserGroupGroups;
054                    _groups = groups;
055                    _roles = roles;
056            }
057    
058            @Override
059            public List<Group> getGroups() {
060                    return _groups;
061            }
062    
063            @Override
064            public long[] getRoleIds() {
065                    if (_roleIds == null) {
066                            List<Role> roles = getRoles();
067    
068                            long[] roleIds = new long[roles.size()];
069    
070                            for (int i = 0; i < roles.size(); i++) {
071                                    Role role = roles.get(i);
072    
073                                    roleIds[i] = role.getRoleId();
074                            }
075    
076                            Arrays.sort(roleIds);
077    
078                            _roleIds = roleIds;
079                    }
080    
081                    return _roleIds;
082            }
083    
084            @Override
085            public List<Role> getRoles() {
086                    return _roles;
087            }
088    
089            @Override
090            public List<Group> getUserGroups() {
091                    return _userGroups;
092            }
093    
094            @Override
095            public List<Group> getUserOrgGroups() {
096                    return _userOrgGroups;
097            }
098    
099            @Override
100            public List<Organization> getUserOrgs() {
101                    return _userOrgs;
102            }
103    
104            @Override
105            public List<Group> getUserUserGroupGroups() {
106                    return _userUserGroupGroups;
107            }
108    
109            /**
110             * @deprecated As of 6.1.0, renamed to {@link
111             *             #isGroupAdmin(PermissionChecker, Group)}
112             */
113            @Override
114            public boolean isCommunityAdmin(
115                            PermissionChecker permissionChecker, Group group)
116                    throws Exception {
117    
118                    return isGroupAdmin(permissionChecker, group);
119            }
120    
121            /**
122             * @deprecated As of 6.1.0, renamed to {@link
123             *             #isGroupOwner(PermissionChecker, Group)}
124             */
125            @Override
126            public boolean isCommunityOwner(
127                            PermissionChecker permissionChecker, Group group)
128                    throws Exception {
129    
130                    return isGroupOwner(permissionChecker, group);
131            }
132    
133            @Override
134            public boolean isGroupAdmin(
135                            PermissionChecker permissionChecker, Group group)
136                    throws Exception {
137    
138                    Boolean value = _groupAdmins.get(group.getGroupId());
139    
140                    if (value == null) {
141                            value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
142    
143                            _groupAdmins.put(group.getGroupId(), value);
144                    }
145    
146                    return value.booleanValue();
147            }
148    
149            @Override
150            public boolean isGroupMember(
151                            PermissionChecker permissionChecker, Group group)
152                    throws Exception {
153    
154                    for (Role role : _roles) {
155                            String roleName = role.getName();
156    
157                            if (roleName.equals(RoleConstants.SITE_MEMBER)) {
158                                    return true;
159                            }
160                    }
161    
162                    if (_userGroups.contains(group)) {
163                            return true;
164                    }
165    
166                    return false;
167            }
168    
169            @Override
170            public boolean isGroupOwner(
171                            PermissionChecker permissionChecker, Group group)
172                    throws Exception {
173    
174                    Boolean value = _groupOwners.get(group.getGroupId());
175    
176                    if (value == null) {
177                            value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
178    
179                            _groupOwners.put(group.getGroupId(), value);
180                    }
181    
182                    return value.booleanValue();
183            }
184    
185            @Override
186            public boolean isOrganizationAdmin(
187                            PermissionChecker permissionChecker, Organization organization)
188                    throws Exception {
189    
190                    Boolean value = _organizationAdmins.get(
191                            organization.getOrganizationId());
192    
193                    if (value == null) {
194                            value = Boolean.valueOf(
195                                    isOrganizationAdminImpl(permissionChecker, organization));
196    
197                            _organizationAdmins.put(organization.getOrganizationId(), value);
198                    }
199    
200                    return value.booleanValue();
201            }
202    
203            @Override
204            public boolean isOrganizationOwner(
205                            PermissionChecker permissionChecker, Organization organization)
206                    throws Exception {
207    
208                    Boolean value = _organizationOwners.get(
209                            organization.getOrganizationId());
210    
211                    if (value == null) {
212                            value = Boolean.valueOf(
213                                    isOrganizationOwnerImpl(permissionChecker, organization));
214    
215                            _organizationOwners.put(organization.getOrganizationId(), value);
216                    }
217    
218                    return value.booleanValue();
219            }
220    
221            protected boolean isGroupAdminImpl(
222                            PermissionChecker permissionChecker, Group group)
223                    throws PortalException, SystemException {
224    
225                    if (group.isLayout()) {
226                            long parentGroupId = group.getParentGroupId();
227    
228                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
229                                    return false;
230                            }
231    
232                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
233                    }
234    
235                    if (group.isSite()) {
236                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
237                                            _userId, group.getGroupId(),
238                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
239                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
240                                            _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
241                                            true)) {
242    
243                                    return true;
244                            }
245                    }
246    
247                    if (group.isCompany()) {
248                            if (permissionChecker.isCompanyAdmin()) {
249                                    return true;
250                            }
251                            else {
252                                    return false;
253                            }
254                    }
255                    else if (group.isLayoutPrototype()) {
256                            if (LayoutPrototypePermissionUtil.contains(
257                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
258    
259                                    return true;
260                            }
261                            else {
262                                    return false;
263                            }
264                    }
265                    else if (group.isLayoutSetPrototype()) {
266                            if (LayoutSetPrototypePermissionUtil.contains(
267                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
268    
269                                    return true;
270                            }
271                            else {
272                                    return false;
273                            }
274                    }
275                    else if (group.isOrganization()) {
276                            long organizationId = group.getOrganizationId();
277    
278                            while (organizationId !=
279                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
280    
281                                    Organization organization =
282                                            OrganizationLocalServiceUtil.getOrganization(
283                                                    organizationId);
284    
285                                    long organizationGroupId = organization.getGroupId();
286    
287                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
288                                                    _userId, organizationGroupId,
289                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
290                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
291                                                    _userId, organizationGroupId,
292                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
293    
294                                            return true;
295                                    }
296    
297                                    organizationId = organization.getParentOrganizationId();
298                            }
299                    }
300    
301                    return false;
302            }
303    
304            protected boolean isGroupOwnerImpl(
305                            PermissionChecker permissionChecker, Group group)
306                    throws PortalException, SystemException {
307    
308                    if (group.isSite()) {
309                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
310                                            _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
311                                            true)) {
312    
313                                    return true;
314                            }
315                    }
316    
317                    if (group.isLayoutPrototype()) {
318                            if (LayoutPrototypePermissionUtil.contains(
319                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
320    
321                                    return true;
322                            }
323                            else {
324                                    return false;
325                            }
326                    }
327                    else if (group.isLayoutSetPrototype()) {
328                            if (LayoutSetPrototypePermissionUtil.contains(
329                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
330    
331                                    return true;
332                            }
333                            else {
334                                    return false;
335                            }
336                    }
337                    else if (group.isOrganization()) {
338                            long organizationId = group.getOrganizationId();
339    
340                            while (organizationId !=
341                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
342    
343                                    Organization organization =
344                                            OrganizationLocalServiceUtil.getOrganization(
345                                                    organizationId);
346    
347                                    long organizationGroupId = organization.getGroupId();
348    
349                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
350                                                    _userId, organizationGroupId,
351                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
352    
353                                            return true;
354                                    }
355    
356                                    organizationId = organization.getParentOrganizationId();
357                            }
358                    }
359                    else if (group.isUser()) {
360                            long userId = group.getClassPK();
361    
362                            if (userId == _userId) {
363                                    return true;
364                            }
365                    }
366    
367                    return false;
368            }
369    
370            protected boolean isOrganizationAdminImpl(
371                            PermissionChecker permissionChecker, Organization organization)
372                    throws PortalException, SystemException {
373    
374                    while (organization != null) {
375                            long organizationGroupId = organization.getGroupId();
376    
377                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
378                                            _userId, organizationGroupId,
379                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
380                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
381                                            _userId, organizationGroupId,
382                                            RoleConstants.ORGANIZATION_OWNER, true)) {
383    
384                                    return true;
385                            }
386    
387                            organization = organization.getParentOrganization();
388                    }
389    
390                    return false;
391            }
392    
393            protected boolean isOrganizationOwnerImpl(
394                            PermissionChecker permissionChecker, Organization organization)
395                    throws PortalException, SystemException {
396    
397                    while (organization != null) {
398                            long organizationGroupId = organization.getGroupId();
399    
400                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
401                                            _userId, organizationGroupId,
402                                            RoleConstants.ORGANIZATION_OWNER, true)) {
403    
404                                    return true;
405                            }
406    
407                            organization = organization.getParentOrganization();
408                    }
409    
410                    return false;
411            }
412    
413            private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
414            private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
415            private List<Group> _groups;
416            private Map<Long, Boolean> _organizationAdmins =
417                    new HashMap<Long, Boolean>();
418            private Map<Long, Boolean> _organizationOwners =
419                    new HashMap<Long, Boolean>();
420            private long[] _roleIds;
421            private List<Role> _roles;
422            private List<Group> _userGroups;
423            private long _userId;
424            private List<Group> _userOrgGroups;
425            private List<Organization> _userOrgs;
426            private List<Group> _userUserGroupGroups;
427    
428    }