001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.GroupConstants;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.OrganizationConstants;
023 import com.liferay.portal.model.Role;
024 import com.liferay.portal.model.RoleConstants;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
028 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
029 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
030
031 import java.util.Arrays;
032 import java.util.HashMap;
033 import java.util.List;
034 import java.util.Map;
035
036
039 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
040
041 public PermissionCheckerBagImpl() {
042 }
043
044 public PermissionCheckerBagImpl(
045 long userId, List<Group> userGroups, List<Organization> userOrgs,
046 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
047 List<Group> groups, List<Role> roles) {
048
049 _userId = userId;
050 _userGroups = userGroups;
051 _userOrgs = userOrgs;
052 _userOrgGroups = userOrgGroups;
053 _userUserGroupGroups = userUserGroupGroups;
054 _groups = groups;
055 _roles = roles;
056 }
057
058 @Override
059 public List<Group> getGroups() {
060 return _groups;
061 }
062
063 @Override
064 public long[] getRoleIds() {
065 if (_roleIds == null) {
066 List<Role> roles = getRoles();
067
068 long[] roleIds = new long[roles.size()];
069
070 for (int i = 0; i < roles.size(); i++) {
071 Role role = roles.get(i);
072
073 roleIds[i] = role.getRoleId();
074 }
075
076 Arrays.sort(roleIds);
077
078 _roleIds = roleIds;
079 }
080
081 return _roleIds;
082 }
083
084 @Override
085 public List<Role> getRoles() {
086 return _roles;
087 }
088
089 @Override
090 public List<Group> getUserGroups() {
091 return _userGroups;
092 }
093
094 @Override
095 public List<Group> getUserOrgGroups() {
096 return _userOrgGroups;
097 }
098
099 @Override
100 public List<Organization> getUserOrgs() {
101 return _userOrgs;
102 }
103
104 @Override
105 public List<Group> getUserUserGroupGroups() {
106 return _userUserGroupGroups;
107 }
108
109
113 @Override
114 public boolean isCommunityAdmin(
115 PermissionChecker permissionChecker, Group group)
116 throws Exception {
117
118 return isGroupAdmin(permissionChecker, group);
119 }
120
121
125 @Override
126 public boolean isCommunityOwner(
127 PermissionChecker permissionChecker, Group group)
128 throws Exception {
129
130 return isGroupOwner(permissionChecker, group);
131 }
132
133 @Override
134 public boolean isGroupAdmin(
135 PermissionChecker permissionChecker, Group group)
136 throws Exception {
137
138 Boolean value = _groupAdmins.get(group.getGroupId());
139
140 if (value == null) {
141 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
142
143 _groupAdmins.put(group.getGroupId(), value);
144 }
145
146 return value.booleanValue();
147 }
148
149 @Override
150 public boolean isGroupMember(
151 PermissionChecker permissionChecker, Group group)
152 throws Exception {
153
154 for (Role role : _roles) {
155 String roleName = role.getName();
156
157 if (roleName.equals(RoleConstants.SITE_MEMBER)) {
158 return true;
159 }
160 }
161
162 if (_userGroups.contains(group)) {
163 return true;
164 }
165
166 return false;
167 }
168
169 @Override
170 public boolean isGroupOwner(
171 PermissionChecker permissionChecker, Group group)
172 throws Exception {
173
174 Boolean value = _groupOwners.get(group.getGroupId());
175
176 if (value == null) {
177 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
178
179 _groupOwners.put(group.getGroupId(), value);
180 }
181
182 return value.booleanValue();
183 }
184
185 @Override
186 public boolean isOrganizationAdmin(
187 PermissionChecker permissionChecker, Organization organization)
188 throws Exception {
189
190 Boolean value = _organizationAdmins.get(
191 organization.getOrganizationId());
192
193 if (value == null) {
194 value = Boolean.valueOf(
195 isOrganizationAdminImpl(permissionChecker, organization));
196
197 _organizationAdmins.put(organization.getOrganizationId(), value);
198 }
199
200 return value.booleanValue();
201 }
202
203 @Override
204 public boolean isOrganizationOwner(
205 PermissionChecker permissionChecker, Organization organization)
206 throws Exception {
207
208 Boolean value = _organizationOwners.get(
209 organization.getOrganizationId());
210
211 if (value == null) {
212 value = Boolean.valueOf(
213 isOrganizationOwnerImpl(permissionChecker, organization));
214
215 _organizationOwners.put(organization.getOrganizationId(), value);
216 }
217
218 return value.booleanValue();
219 }
220
221 protected boolean isGroupAdminImpl(
222 PermissionChecker permissionChecker, Group group)
223 throws PortalException, SystemException {
224
225 if (group.isLayout()) {
226 long parentGroupId = group.getParentGroupId();
227
228 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
229 return false;
230 }
231
232 group = GroupLocalServiceUtil.getGroup(parentGroupId);
233 }
234
235 if (group.isSite()) {
236 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
237 _userId, group.getGroupId(),
238 RoleConstants.SITE_ADMINISTRATOR, true) ||
239 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
240 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
241 true)) {
242
243 return true;
244 }
245 }
246
247 if (group.isCompany()) {
248 if (permissionChecker.isCompanyAdmin()) {
249 return true;
250 }
251 else {
252 return false;
253 }
254 }
255 else if (group.isLayoutPrototype()) {
256 if (LayoutPrototypePermissionUtil.contains(
257 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
258
259 return true;
260 }
261 else {
262 return false;
263 }
264 }
265 else if (group.isLayoutSetPrototype()) {
266 if (LayoutSetPrototypePermissionUtil.contains(
267 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
268
269 return true;
270 }
271 else {
272 return false;
273 }
274 }
275 else if (group.isOrganization()) {
276 long organizationId = group.getOrganizationId();
277
278 while (organizationId !=
279 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
280
281 Organization organization =
282 OrganizationLocalServiceUtil.getOrganization(
283 organizationId);
284
285 long organizationGroupId = organization.getGroupId();
286
287 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
288 _userId, organizationGroupId,
289 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
290 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
291 _userId, organizationGroupId,
292 RoleConstants.ORGANIZATION_OWNER, true)) {
293
294 return true;
295 }
296
297 organizationId = organization.getParentOrganizationId();
298 }
299 }
300
301 return false;
302 }
303
304 protected boolean isGroupOwnerImpl(
305 PermissionChecker permissionChecker, Group group)
306 throws PortalException, SystemException {
307
308 if (group.isSite()) {
309 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
310 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
311 true)) {
312
313 return true;
314 }
315 }
316
317 if (group.isLayoutPrototype()) {
318 if (LayoutPrototypePermissionUtil.contains(
319 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
320
321 return true;
322 }
323 else {
324 return false;
325 }
326 }
327 else if (group.isLayoutSetPrototype()) {
328 if (LayoutSetPrototypePermissionUtil.contains(
329 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
330
331 return true;
332 }
333 else {
334 return false;
335 }
336 }
337 else if (group.isOrganization()) {
338 long organizationId = group.getOrganizationId();
339
340 while (organizationId !=
341 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
342
343 Organization organization =
344 OrganizationLocalServiceUtil.getOrganization(
345 organizationId);
346
347 long organizationGroupId = organization.getGroupId();
348
349 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
350 _userId, organizationGroupId,
351 RoleConstants.ORGANIZATION_OWNER, true)) {
352
353 return true;
354 }
355
356 organizationId = organization.getParentOrganizationId();
357 }
358 }
359 else if (group.isUser()) {
360 long userId = group.getClassPK();
361
362 if (userId == _userId) {
363 return true;
364 }
365 }
366
367 return false;
368 }
369
370 protected boolean isOrganizationAdminImpl(
371 PermissionChecker permissionChecker, Organization organization)
372 throws PortalException, SystemException {
373
374 while (organization != null) {
375 long organizationGroupId = organization.getGroupId();
376
377 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
378 _userId, organizationGroupId,
379 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
380 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
381 _userId, organizationGroupId,
382 RoleConstants.ORGANIZATION_OWNER, true)) {
383
384 return true;
385 }
386
387 organization = organization.getParentOrganization();
388 }
389
390 return false;
391 }
392
393 protected boolean isOrganizationOwnerImpl(
394 PermissionChecker permissionChecker, Organization organization)
395 throws PortalException, SystemException {
396
397 while (organization != null) {
398 long organizationGroupId = organization.getGroupId();
399
400 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
401 _userId, organizationGroupId,
402 RoleConstants.ORGANIZATION_OWNER, true)) {
403
404 return true;
405 }
406
407 organization = organization.getParentOrganization();
408 }
409
410 return false;
411 }
412
413 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
414 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
415 private List<Group> _groups;
416 private Map<Long, Boolean> _organizationAdmins =
417 new HashMap<Long, Boolean>();
418 private Map<Long, Boolean> _organizationOwners =
419 new HashMap<Long, Boolean>();
420 private long[] _roleIds;
421 private List<Role> _roles;
422 private List<Group> _userGroups;
423 private long _userId;
424 private List<Group> _userOrgGroups;
425 private List<Organization> _userOrgs;
426 private List<Group> _userUserGroupGroups;
427
428 }