001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.Contact;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.ResourceConstants;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.User;
025 import com.liferay.portal.security.auth.PrincipalException;
026 import com.liferay.portal.security.permission.ActionKeys;
027 import com.liferay.portal.security.permission.PermissionChecker;
028 import com.liferay.portal.service.OrganizationLocalServiceUtil;
029 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030 import com.liferay.portal.service.UserLocalServiceUtil;
031 import com.liferay.portal.util.PortalUtil;
032
033
037 public class UserPermissionImpl implements UserPermission {
038
039
043 @Override
044 public void check(
045 PermissionChecker permissionChecker, long userId,
046 long organizationId, long locationId, String actionId)
047 throws PrincipalException {
048
049 check(
050 permissionChecker, userId, new long[] {organizationId, locationId},
051 actionId);
052 }
053
054 @Override
055 public void check(
056 PermissionChecker permissionChecker, long userId,
057 long[] organizationIds, String actionId)
058 throws PrincipalException {
059
060 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
061 throw new PrincipalException();
062 }
063 }
064
065 @Override
066 public void check(
067 PermissionChecker permissionChecker, long userId, String actionId)
068 throws PrincipalException {
069
070 if (!contains(permissionChecker, userId, actionId)) {
071 throw new PrincipalException();
072 }
073 }
074
075
079 @Override
080 public boolean contains(
081 PermissionChecker permissionChecker, long userId, long organizationId,
082 long locationId, String actionId) {
083
084 return contains(
085 permissionChecker, userId, new long[] {organizationId, locationId},
086 actionId);
087 }
088
089 @Override
090 public boolean contains(
091 PermissionChecker permissionChecker, long userId,
092 long[] organizationIds, String actionId) {
093
094 if ((actionId.equals(ActionKeys.DELETE) ||
095 actionId.equals(ActionKeys.IMPERSONATE) ||
096 actionId.equals(ActionKeys.PERMISSIONS) ||
097 actionId.equals(ActionKeys.UPDATE)) &&
098 PortalUtil.isOmniadmin(userId) &&
099 !permissionChecker.isOmniadmin()) {
100
101 return false;
102 }
103
104 try {
105 User user = null;
106
107 if (userId != ResourceConstants.PRIMKEY_DNE) {
108 user = UserLocalServiceUtil.getUserById(userId);
109
110 Contact contact = user.getContact();
111
112 if (permissionChecker.hasOwnerPermission(
113 permissionChecker.getCompanyId(), User.class.getName(),
114 userId, contact.getUserId(), actionId) ||
115 (permissionChecker.getUserId() == userId)) {
116
117 return true;
118 }
119 }
120
121 if (permissionChecker.hasPermission(
122 0, User.class.getName(), userId, actionId)) {
123
124 return true;
125 }
126
127 if (user == null) {
128 return false;
129 }
130
131 if (organizationIds == null) {
132 organizationIds = user.getOrganizationIds();
133 }
134
135 for (long organizationId : organizationIds) {
136 if (OrganizationPermissionUtil.contains(
137 permissionChecker, organizationId,
138 ActionKeys.MANAGE_USERS)) {
139
140 if (permissionChecker.getUserId() == user.getUserId()) {
141 return true;
142 }
143
144 Organization organization =
145 OrganizationLocalServiceUtil.getOrganization(
146 organizationId);
147
148 Group organizationGroup = organization.getGroup();
149
150
151
152
153 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
154 user.getUserId(), organizationGroup.getGroupId(),
155 RoleConstants.ORGANIZATION_OWNER, true)) {
156
157 continue;
158 }
159 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
160 user.getUserId(),
161 organizationGroup.getGroupId(),
162 RoleConstants.ORGANIZATION_ADMINISTRATOR,
163 true) &&
164 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
165 permissionChecker.getUserId(),
166 organizationGroup.getGroupId(),
167 RoleConstants.ORGANIZATION_OWNER, true)) {
168
169 continue;
170 }
171
172 return true;
173 }
174 }
175 }
176 catch (Exception e) {
177 _log.error(e, e);
178 }
179
180 return false;
181 }
182
183 @Override
184 public boolean contains(
185 PermissionChecker permissionChecker, long userId, String actionId) {
186
187 return contains(permissionChecker, userId, null, actionId);
188 }
189
190 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
191
192 }