001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Role;
021 import com.liferay.portal.model.RoleConstants;
022 import com.liferay.portal.security.auth.PrincipalException;
023 import com.liferay.portal.security.permission.ActionKeys;
024 import com.liferay.portal.security.permission.PermissionChecker;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.RoleLocalServiceUtil;
027
028
032 public class UserGroupRolePermissionImpl implements UserGroupRolePermission {
033
034 @Override
035 public void check(
036 PermissionChecker permissionChecker, long groupId, long roleId)
037 throws PortalException, SystemException {
038
039 if (!contains(permissionChecker, groupId, roleId)) {
040 throw new PrincipalException();
041 }
042 }
043
044 @Override
045 public boolean contains(
046 PermissionChecker permissionChecker, long groupId, long roleId)
047 throws PortalException, SystemException {
048
049 Group group = GroupLocalServiceUtil.getGroup(groupId);
050
051 Role role = RoleLocalServiceUtil.getRole(roleId);
052
053 if (role.getType() == RoleConstants.TYPE_REGULAR) {
054 return false;
055 }
056 else if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) &&
057 !group.isOrganization()) {
058
059 return false;
060 }
061
062 if (!permissionChecker.isCompanyAdmin() &&
063 !permissionChecker.isGroupOwner(groupId)) {
064
065 String roleName = role.getName();
066
067 if (roleName.equals(
068 RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
069 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
070 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
071 roleName.equals(RoleConstants.SITE_OWNER)) {
072
073 return false;
074 }
075 }
076
077 if (permissionChecker.isGroupOwner(groupId) ||
078 GroupPermissionUtil.contains(
079 permissionChecker, groupId, ActionKeys.ASSIGN_USER_ROLES) ||
080 OrganizationPermissionUtil.contains(
081 permissionChecker, group.getOrganizationId(),
082 ActionKeys.ASSIGN_USER_ROLES) ||
083 RolePermissionUtil.contains(
084 permissionChecker, groupId, roleId,
085 ActionKeys.ASSIGN_MEMBERS)) {
086
087 return true;
088 }
089 else {
090 return false;
091 }
092 }
093
094 }