001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.GroupConstants;
021    import com.liferay.portal.model.Organization;
022    import com.liferay.portal.model.OrganizationConstants;
023    import com.liferay.portal.model.Role;
024    import com.liferay.portal.model.RoleConstants;
025    import com.liferay.portal.service.GroupLocalServiceUtil;
026    import com.liferay.portal.service.OrganizationLocalServiceUtil;
027    import com.liferay.portal.service.RoleLocalServiceUtil;
028    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
030    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
031    
032    import java.util.Arrays;
033    import java.util.HashMap;
034    import java.util.List;
035    import java.util.Map;
036    
037    /**
038     * @author Brian Wing Shun Chan
039     */
040    public class PermissionCheckerBagImpl implements PermissionCheckerBag {
041    
042            public PermissionCheckerBagImpl() {
043            }
044    
045            public PermissionCheckerBagImpl(
046                    long userId, List<Group> userGroups, List<Organization> userOrgs,
047                    List<Group> userOrgGroups, List<Group> userUserGroupGroups,
048                    List<Group> groups, List<Role> roles) {
049    
050                    _userId = userId;
051                    _userGroups = userGroups;
052                    _userOrgs = userOrgs;
053                    _userOrgGroups = userOrgGroups;
054                    _userUserGroupGroups = userUserGroupGroups;
055                    _groups = groups;
056                    _roles = roles;
057            }
058    
059            @Override
060            public List<Group> getGroups() {
061                    return _groups;
062            }
063    
064            @Override
065            public long[] getRoleIds() {
066                    if (_roleIds == null) {
067                            List<Role> roles = getRoles();
068    
069                            long[] roleIds = new long[roles.size()];
070    
071                            for (int i = 0; i < roles.size(); i++) {
072                                    Role role = roles.get(i);
073    
074                                    roleIds[i] = role.getRoleId();
075                            }
076    
077                            Arrays.sort(roleIds);
078    
079                            _roleIds = roleIds;
080                    }
081    
082                    return _roleIds;
083            }
084    
085            @Override
086            public List<Role> getRoles() {
087                    return _roles;
088            }
089    
090            @Override
091            public List<Group> getUserGroups() {
092                    return _userGroups;
093            }
094    
095            @Override
096            public List<Group> getUserOrgGroups() {
097                    return _userOrgGroups;
098            }
099    
100            @Override
101            public List<Organization> getUserOrgs() {
102                    return _userOrgs;
103            }
104    
105            @Override
106            public List<Group> getUserUserGroupGroups() {
107                    return _userUserGroupGroups;
108            }
109    
110            /**
111             * @deprecated As of 6.1.0, renamed to {@link
112             *             #isGroupAdmin(PermissionChecker, Group)}
113             */
114            @Override
115            public boolean isCommunityAdmin(
116                            PermissionChecker permissionChecker, Group group)
117                    throws Exception {
118    
119                    return isGroupAdmin(permissionChecker, group);
120            }
121    
122            /**
123             * @deprecated As of 6.1.0, renamed to {@link
124             *             #isGroupOwner(PermissionChecker, Group)}
125             */
126            @Override
127            public boolean isCommunityOwner(
128                            PermissionChecker permissionChecker, Group group)
129                    throws Exception {
130    
131                    return isGroupOwner(permissionChecker, group);
132            }
133    
134            @Override
135            public boolean isContentReviewer(
136                            PermissionChecker permissionChecker, Group group)
137                    throws Exception {
138    
139                    Boolean value = _contentReviewers.get(group.getCompanyId());
140    
141                    if (value == null) {
142                            value = Boolean.valueOf(
143                                    isContentReviewerImpl(permissionChecker, group));
144    
145                            _contentReviewers.put(group.getCompanyId(), value);
146                    }
147    
148                    return value.booleanValue();
149            }
150    
151            @Override
152            public boolean isGroupAdmin(
153                            PermissionChecker permissionChecker, Group group)
154                    throws Exception {
155    
156                    Boolean value = _groupAdmins.get(group.getGroupId());
157    
158                    if (value == null) {
159                            value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
160    
161                            _groupAdmins.put(group.getGroupId(), value);
162                    }
163    
164                    return value.booleanValue();
165            }
166    
167            @Override
168            public boolean isGroupMember(
169                            PermissionChecker permissionChecker, Group group)
170                    throws Exception {
171    
172                    for (Role role : _roles) {
173                            String roleName = role.getName();
174    
175                            if (roleName.equals(RoleConstants.SITE_MEMBER)) {
176                                    return true;
177                            }
178                    }
179    
180                    if (_userGroups.contains(group)) {
181                            return true;
182                    }
183    
184                    return false;
185            }
186    
187            @Override
188            public boolean isGroupOwner(
189                            PermissionChecker permissionChecker, Group group)
190                    throws Exception {
191    
192                    Boolean value = _groupOwners.get(group.getGroupId());
193    
194                    if (value == null) {
195                            value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
196    
197                            _groupOwners.put(group.getGroupId(), value);
198                    }
199    
200                    return value.booleanValue();
201            }
202    
203            @Override
204            public boolean isOrganizationAdmin(
205                            PermissionChecker permissionChecker, Organization organization)
206                    throws Exception {
207    
208                    Boolean value = _organizationAdmins.get(
209                            organization.getOrganizationId());
210    
211                    if (value == null) {
212                            value = Boolean.valueOf(
213                                    isOrganizationAdminImpl(permissionChecker, organization));
214    
215                            _organizationAdmins.put(organization.getOrganizationId(), value);
216                    }
217    
218                    return value.booleanValue();
219            }
220    
221            @Override
222            public boolean isOrganizationOwner(
223                            PermissionChecker permissionChecker, Organization organization)
224                    throws Exception {
225    
226                    Boolean value = _organizationOwners.get(
227                            organization.getOrganizationId());
228    
229                    if (value == null) {
230                            value = Boolean.valueOf(
231                                    isOrganizationOwnerImpl(permissionChecker, organization));
232    
233                            _organizationOwners.put(organization.getOrganizationId(), value);
234                    }
235    
236                    return value.booleanValue();
237            }
238    
239            protected boolean isContentReviewerImpl(
240                            PermissionChecker permissionChecker, Group group)
241                    throws PortalException, SystemException {
242    
243                    if (permissionChecker.isCompanyAdmin() ||
244                            permissionChecker.isGroupAdmin(group.getGroupId())) {
245    
246                            return true;
247                    }
248    
249                    if (RoleLocalServiceUtil.hasUserRole(
250                                    _userId, group.getCompanyId(),
251                                    RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
252    
253                            return true;
254                    }
255    
256                    if (group.isSite()) {
257                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
258                                            _userId, group.getGroupId(),
259                                            RoleConstants.SITE_CONTENT_REVIEWER, true)) {
260    
261                                    return true;
262                            }
263                    }
264    
265                    return false;
266            }
267    
268            protected boolean isGroupAdminImpl(
269                            PermissionChecker permissionChecker, Group group)
270                    throws PortalException, SystemException {
271    
272                    if (group.isLayout()) {
273                            long parentGroupId = group.getParentGroupId();
274    
275                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
276                                    return false;
277                            }
278    
279                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
280                    }
281    
282                    if (group.isSite()) {
283                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
284                                            _userId, group.getGroupId(),
285                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
286                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
287                                            _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
288                                            true)) {
289    
290                                    return true;
291                            }
292                    }
293    
294                    if (group.isCompany()) {
295                            if (permissionChecker.isCompanyAdmin()) {
296                                    return true;
297                            }
298                            else {
299                                    return false;
300                            }
301                    }
302                    else if (group.isLayoutPrototype()) {
303                            if (LayoutPrototypePermissionUtil.contains(
304                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
305    
306                                    return true;
307                            }
308                            else {
309                                    return false;
310                            }
311                    }
312                    else if (group.isLayoutSetPrototype()) {
313                            if (LayoutSetPrototypePermissionUtil.contains(
314                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
315    
316                                    return true;
317                            }
318                            else {
319                                    return false;
320                            }
321                    }
322                    else if (group.isOrganization()) {
323                            long organizationId = group.getOrganizationId();
324    
325                            while (organizationId !=
326                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
327    
328                                    Organization organization =
329                                            OrganizationLocalServiceUtil.getOrganization(
330                                                    organizationId);
331    
332                                    long organizationGroupId = organization.getGroupId();
333    
334                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
335                                                    _userId, organizationGroupId,
336                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
337                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
338                                                    _userId, organizationGroupId,
339                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
340    
341                                            return true;
342                                    }
343    
344                                    organizationId = organization.getParentOrganizationId();
345                            }
346                    }
347    
348                    return false;
349            }
350    
351            protected boolean isGroupOwnerImpl(
352                            PermissionChecker permissionChecker, Group group)
353                    throws PortalException, SystemException {
354    
355                    if (group.isSite()) {
356                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
357                                            _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
358                                            true)) {
359    
360                                    return true;
361                            }
362                    }
363    
364                    if (group.isLayoutPrototype()) {
365                            if (LayoutPrototypePermissionUtil.contains(
366                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
367    
368                                    return true;
369                            }
370                            else {
371                                    return false;
372                            }
373                    }
374                    else if (group.isLayoutSetPrototype()) {
375                            if (LayoutSetPrototypePermissionUtil.contains(
376                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
377    
378                                    return true;
379                            }
380                            else {
381                                    return false;
382                            }
383                    }
384                    else if (group.isOrganization()) {
385                            long organizationId = group.getOrganizationId();
386    
387                            while (organizationId !=
388                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
389    
390                                    Organization organization =
391                                            OrganizationLocalServiceUtil.getOrganization(
392                                                    organizationId);
393    
394                                    long organizationGroupId = organization.getGroupId();
395    
396                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
397                                                    _userId, organizationGroupId,
398                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
399    
400                                            return true;
401                                    }
402    
403                                    organizationId = organization.getParentOrganizationId();
404                            }
405                    }
406                    else if (group.isUser()) {
407                            long userId = group.getClassPK();
408    
409                            if (userId == _userId) {
410                                    return true;
411                            }
412                    }
413    
414                    return false;
415            }
416    
417            protected boolean isOrganizationAdminImpl(
418                            PermissionChecker permissionChecker, Organization organization)
419                    throws PortalException, SystemException {
420    
421                    while (organization != null) {
422                            long organizationGroupId = organization.getGroupId();
423    
424                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
425                                            _userId, organizationGroupId,
426                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
427                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
428                                            _userId, organizationGroupId,
429                                            RoleConstants.ORGANIZATION_OWNER, true)) {
430    
431                                    return true;
432                            }
433    
434                            organization = organization.getParentOrganization();
435                    }
436    
437                    return false;
438            }
439    
440            protected boolean isOrganizationOwnerImpl(
441                            PermissionChecker permissionChecker, Organization organization)
442                    throws PortalException, SystemException {
443    
444                    while (organization != null) {
445                            long organizationGroupId = organization.getGroupId();
446    
447                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
448                                            _userId, organizationGroupId,
449                                            RoleConstants.ORGANIZATION_OWNER, true)) {
450    
451                                    return true;
452                            }
453    
454                            organization = organization.getParentOrganization();
455                    }
456    
457                    return false;
458            }
459    
460            private Map<Long, Boolean> _contentReviewers = new HashMap<Long, Boolean>();
461            private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
462            private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
463            private List<Group> _groups;
464            private Map<Long, Boolean> _organizationAdmins =
465                    new HashMap<Long, Boolean>();
466            private Map<Long, Boolean> _organizationOwners =
467                    new HashMap<Long, Boolean>();
468            private long[] _roleIds;
469            private List<Role> _roles;
470            private List<Group> _userGroups;
471            private long _userId;
472            private List<Group> _userOrgGroups;
473            private List<Organization> _userOrgs;
474            private List<Group> _userUserGroupGroups;
475    
476    }