001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.GroupConstants;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.OrganizationConstants;
023 import com.liferay.portal.model.Role;
024 import com.liferay.portal.model.RoleConstants;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.RoleLocalServiceUtil;
028 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
030 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
031
032 import java.util.Arrays;
033 import java.util.HashMap;
034 import java.util.List;
035 import java.util.Map;
036
037
040 public class PermissionCheckerBagImpl implements PermissionCheckerBag {
041
042 public PermissionCheckerBagImpl() {
043 }
044
045 public PermissionCheckerBagImpl(
046 long userId, List<Group> userGroups, List<Organization> userOrgs,
047 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
048 List<Group> groups, List<Role> roles) {
049
050 _userId = userId;
051 _userGroups = userGroups;
052 _userOrgs = userOrgs;
053 _userOrgGroups = userOrgGroups;
054 _userUserGroupGroups = userUserGroupGroups;
055 _groups = groups;
056 _roles = roles;
057 }
058
059 @Override
060 public List<Group> getGroups() {
061 return _groups;
062 }
063
064 @Override
065 public long[] getRoleIds() {
066 if (_roleIds == null) {
067 List<Role> roles = getRoles();
068
069 long[] roleIds = new long[roles.size()];
070
071 for (int i = 0; i < roles.size(); i++) {
072 Role role = roles.get(i);
073
074 roleIds[i] = role.getRoleId();
075 }
076
077 Arrays.sort(roleIds);
078
079 _roleIds = roleIds;
080 }
081
082 return _roleIds;
083 }
084
085 @Override
086 public List<Role> getRoles() {
087 return _roles;
088 }
089
090 @Override
091 public List<Group> getUserGroups() {
092 return _userGroups;
093 }
094
095 @Override
096 public List<Group> getUserOrgGroups() {
097 return _userOrgGroups;
098 }
099
100 @Override
101 public List<Organization> getUserOrgs() {
102 return _userOrgs;
103 }
104
105 @Override
106 public List<Group> getUserUserGroupGroups() {
107 return _userUserGroupGroups;
108 }
109
110
114 @Override
115 public boolean isCommunityAdmin(
116 PermissionChecker permissionChecker, Group group)
117 throws Exception {
118
119 return isGroupAdmin(permissionChecker, group);
120 }
121
122
126 @Override
127 public boolean isCommunityOwner(
128 PermissionChecker permissionChecker, Group group)
129 throws Exception {
130
131 return isGroupOwner(permissionChecker, group);
132 }
133
134 @Override
135 public boolean isContentReviewer(
136 PermissionChecker permissionChecker, Group group)
137 throws Exception {
138
139 Boolean value = _contentReviewers.get(group.getCompanyId());
140
141 if (value == null) {
142 value = Boolean.valueOf(
143 isContentReviewerImpl(permissionChecker, group));
144
145 _contentReviewers.put(group.getCompanyId(), value);
146 }
147
148 return value.booleanValue();
149 }
150
151 @Override
152 public boolean isGroupAdmin(
153 PermissionChecker permissionChecker, Group group)
154 throws Exception {
155
156 Boolean value = _groupAdmins.get(group.getGroupId());
157
158 if (value == null) {
159 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
160
161 _groupAdmins.put(group.getGroupId(), value);
162 }
163
164 return value.booleanValue();
165 }
166
167 @Override
168 public boolean isGroupMember(
169 PermissionChecker permissionChecker, Group group)
170 throws Exception {
171
172 for (Role role : _roles) {
173 String roleName = role.getName();
174
175 if (roleName.equals(RoleConstants.SITE_MEMBER)) {
176 return true;
177 }
178 }
179
180 if (_userGroups.contains(group)) {
181 return true;
182 }
183
184 return false;
185 }
186
187 @Override
188 public boolean isGroupOwner(
189 PermissionChecker permissionChecker, Group group)
190 throws Exception {
191
192 Boolean value = _groupOwners.get(group.getGroupId());
193
194 if (value == null) {
195 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
196
197 _groupOwners.put(group.getGroupId(), value);
198 }
199
200 return value.booleanValue();
201 }
202
203 @Override
204 public boolean isOrganizationAdmin(
205 PermissionChecker permissionChecker, Organization organization)
206 throws Exception {
207
208 Boolean value = _organizationAdmins.get(
209 organization.getOrganizationId());
210
211 if (value == null) {
212 value = Boolean.valueOf(
213 isOrganizationAdminImpl(permissionChecker, organization));
214
215 _organizationAdmins.put(organization.getOrganizationId(), value);
216 }
217
218 return value.booleanValue();
219 }
220
221 @Override
222 public boolean isOrganizationOwner(
223 PermissionChecker permissionChecker, Organization organization)
224 throws Exception {
225
226 Boolean value = _organizationOwners.get(
227 organization.getOrganizationId());
228
229 if (value == null) {
230 value = Boolean.valueOf(
231 isOrganizationOwnerImpl(permissionChecker, organization));
232
233 _organizationOwners.put(organization.getOrganizationId(), value);
234 }
235
236 return value.booleanValue();
237 }
238
239 protected boolean isContentReviewerImpl(
240 PermissionChecker permissionChecker, Group group)
241 throws PortalException, SystemException {
242
243 if (permissionChecker.isCompanyAdmin() ||
244 permissionChecker.isGroupAdmin(group.getGroupId())) {
245
246 return true;
247 }
248
249 if (RoleLocalServiceUtil.hasUserRole(
250 _userId, group.getCompanyId(),
251 RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
252
253 return true;
254 }
255
256 if (group.isSite()) {
257 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
258 _userId, group.getGroupId(),
259 RoleConstants.SITE_CONTENT_REVIEWER, true)) {
260
261 return true;
262 }
263 }
264
265 return false;
266 }
267
268 protected boolean isGroupAdminImpl(
269 PermissionChecker permissionChecker, Group group)
270 throws PortalException, SystemException {
271
272 if (group.isLayout()) {
273 long parentGroupId = group.getParentGroupId();
274
275 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
276 return false;
277 }
278
279 group = GroupLocalServiceUtil.getGroup(parentGroupId);
280 }
281
282 if (group.isSite()) {
283 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
284 _userId, group.getGroupId(),
285 RoleConstants.SITE_ADMINISTRATOR, true) ||
286 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
287 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
288 true)) {
289
290 return true;
291 }
292 }
293
294 if (group.isCompany()) {
295 if (permissionChecker.isCompanyAdmin()) {
296 return true;
297 }
298 else {
299 return false;
300 }
301 }
302 else if (group.isLayoutPrototype()) {
303 if (LayoutPrototypePermissionUtil.contains(
304 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
305
306 return true;
307 }
308 else {
309 return false;
310 }
311 }
312 else if (group.isLayoutSetPrototype()) {
313 if (LayoutSetPrototypePermissionUtil.contains(
314 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
315
316 return true;
317 }
318 else {
319 return false;
320 }
321 }
322 else if (group.isOrganization()) {
323 long organizationId = group.getOrganizationId();
324
325 while (organizationId !=
326 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
327
328 Organization organization =
329 OrganizationLocalServiceUtil.getOrganization(
330 organizationId);
331
332 long organizationGroupId = organization.getGroupId();
333
334 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
335 _userId, organizationGroupId,
336 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
337 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
338 _userId, organizationGroupId,
339 RoleConstants.ORGANIZATION_OWNER, true)) {
340
341 return true;
342 }
343
344 organizationId = organization.getParentOrganizationId();
345 }
346 }
347
348 return false;
349 }
350
351 protected boolean isGroupOwnerImpl(
352 PermissionChecker permissionChecker, Group group)
353 throws PortalException, SystemException {
354
355 if (group.isSite()) {
356 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
357 _userId, group.getGroupId(), RoleConstants.SITE_OWNER,
358 true)) {
359
360 return true;
361 }
362 }
363
364 if (group.isLayoutPrototype()) {
365 if (LayoutPrototypePermissionUtil.contains(
366 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
367
368 return true;
369 }
370 else {
371 return false;
372 }
373 }
374 else if (group.isLayoutSetPrototype()) {
375 if (LayoutSetPrototypePermissionUtil.contains(
376 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
377
378 return true;
379 }
380 else {
381 return false;
382 }
383 }
384 else if (group.isOrganization()) {
385 long organizationId = group.getOrganizationId();
386
387 while (organizationId !=
388 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
389
390 Organization organization =
391 OrganizationLocalServiceUtil.getOrganization(
392 organizationId);
393
394 long organizationGroupId = organization.getGroupId();
395
396 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
397 _userId, organizationGroupId,
398 RoleConstants.ORGANIZATION_OWNER, true)) {
399
400 return true;
401 }
402
403 organizationId = organization.getParentOrganizationId();
404 }
405 }
406 else if (group.isUser()) {
407 long userId = group.getClassPK();
408
409 if (userId == _userId) {
410 return true;
411 }
412 }
413
414 return false;
415 }
416
417 protected boolean isOrganizationAdminImpl(
418 PermissionChecker permissionChecker, Organization organization)
419 throws PortalException, SystemException {
420
421 while (organization != null) {
422 long organizationGroupId = organization.getGroupId();
423
424 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
425 _userId, organizationGroupId,
426 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
427 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
428 _userId, organizationGroupId,
429 RoleConstants.ORGANIZATION_OWNER, true)) {
430
431 return true;
432 }
433
434 organization = organization.getParentOrganization();
435 }
436
437 return false;
438 }
439
440 protected boolean isOrganizationOwnerImpl(
441 PermissionChecker permissionChecker, Organization organization)
442 throws PortalException, SystemException {
443
444 while (organization != null) {
445 long organizationGroupId = organization.getGroupId();
446
447 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
448 _userId, organizationGroupId,
449 RoleConstants.ORGANIZATION_OWNER, true)) {
450
451 return true;
452 }
453
454 organization = organization.getParentOrganization();
455 }
456
457 return false;
458 }
459
460 private Map<Long, Boolean> _contentReviewers = new HashMap<Long, Boolean>();
461 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
462 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
463 private List<Group> _groups;
464 private Map<Long, Boolean> _organizationAdmins =
465 new HashMap<Long, Boolean>();
466 private Map<Long, Boolean> _organizationOwners =
467 new HashMap<Long, Boolean>();
468 private long[] _roleIds;
469 private List<Role> _roles;
470 private List<Group> _userGroups;
471 private long _userId;
472 private List<Group> _userOrgGroups;
473 private List<Organization> _userOrgs;
474 private List<Group> _userUserGroupGroups;
475
476 }