001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.BaseModelPermissionChecker;
024    import com.liferay.portal.security.permission.PermissionChecker;
025    import com.liferay.portal.service.GroupLocalServiceUtil;
026    import com.liferay.portal.service.UserLocalServiceUtil;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     * @author Raymond Aug??
031     */
032    @OSGiBeanProperties(
033            property = {"model.class.name=com.liferay.portal.model.Group"}
034    )
035    public class GroupPermissionImpl
036            implements BaseModelPermissionChecker, GroupPermission {
037    
038            @Override
039            public void check(
040                            PermissionChecker permissionChecker, Group group, String actionId)
041                    throws PortalException {
042    
043                    if (!contains(permissionChecker, group, actionId)) {
044                            throw new PrincipalException.MustHavePermission(
045                                    permissionChecker, Group.class.getName(), group.getGroupId(),
046                                    actionId);
047                    }
048            }
049    
050            @Override
051            public void check(
052                            PermissionChecker permissionChecker, long groupId, String actionId)
053                    throws PortalException {
054    
055                    if (!contains(permissionChecker, groupId, actionId)) {
056                            throw new PrincipalException.MustHavePermission(
057                                    permissionChecker, Group.class.getName(), groupId, actionId);
058                    }
059            }
060    
061            @Override
062            public void check(PermissionChecker permissionChecker, String actionId)
063                    throws PortalException {
064    
065                    if (!contains(permissionChecker, actionId)) {
066                            throw new PrincipalException.MustHavePermission(
067                                    permissionChecker, Group.class.getName(), Long.valueOf(0),
068                                    actionId);
069                    }
070            }
071    
072            @Override
073            public void checkBaseModel(
074                            PermissionChecker permissionChecker, long groupId, long primaryKey,
075                            String actionId)
076                    throws PortalException {
077    
078                    check(permissionChecker, primaryKey, actionId);
079            }
080    
081            @Override
082            public boolean contains(
083                            PermissionChecker permissionChecker, Group group, String actionId)
084                    throws PortalException {
085    
086                    if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
087                             actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
088                            (group.hasLocalOrRemoteStagingGroup() ||
089                             group.isLayoutPrototype())) {
090    
091                            return false;
092                    }
093    
094                    if (actionId.equals(ActionKeys.VIEW_SITE_ADMINISTRATION) &&
095                            group.isLayoutPrototype()) {
096    
097                            return false;
098                    }
099    
100                    long groupId = group.getGroupId();
101    
102                    if (group.isStagingGroup()) {
103                            group = group.getLiveGroup();
104                    }
105    
106                    if (group.isUser()) {
107    
108                            // An individual user would never reach this block because he would
109                            // be an administrator of his own layouts. However, a user who
110                            // manages a set of organizations may be modifying pages of a user
111                            // he manages.
112    
113                            User user = UserLocalServiceUtil.getUserById(group.getClassPK());
114    
115                            if ((permissionChecker.getUserId() != user.getUserId()) &&
116                                    UserPermissionUtil.contains(
117                                            permissionChecker, user.getUserId(),
118                                            user.getOrganizationIds(), ActionKeys.UPDATE)) {
119    
120                                    return true;
121                            }
122                    }
123    
124                    if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
125                            (permissionChecker.hasPermission(
126                                    groupId, Group.class.getName(), groupId,
127                                    ActionKeys.MANAGE_SUBGROUPS) ||
128                             PortalPermissionUtil.contains(
129                                     permissionChecker, ActionKeys.ADD_COMMUNITY))) {
130    
131                            return true;
132                    }
133                    else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
134                                     permissionChecker.hasPermission(
135                                             groupId, Group.class.getName(), groupId,
136                                             ActionKeys.MANAGE_LAYOUTS)) {
137    
138                            return true;
139                    }
140                    else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
141                                      actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
142                                     permissionChecker.hasPermission(
143                                             groupId, Group.class.getName(), groupId,
144                                             ActionKeys.PUBLISH_STAGING)) {
145    
146                            return true;
147                    }
148                    else if (actionId.equals(ActionKeys.VIEW) &&
149                                     (permissionChecker.hasPermission(
150                                             groupId, Group.class.getName(), groupId,
151                                             ActionKeys.ASSIGN_USER_ROLES) ||
152                                      permissionChecker.hasPermission(
153                                             groupId, Group.class.getName(), groupId,
154                                             ActionKeys.MANAGE_LAYOUTS))) {
155    
156                            return true;
157                    }
158                    else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
159                                     (permissionChecker.hasPermission(
160                                             groupId, Group.class.getName(), groupId,
161                                             ActionKeys.MANAGE_LAYOUTS) ||
162                                      permissionChecker.hasPermission(
163                                             groupId, Group.class.getName(), groupId,
164                                             ActionKeys.MANAGE_STAGING) ||
165                                      permissionChecker.hasPermission(
166                                             groupId, Group.class.getName(), groupId,
167                                             ActionKeys.PUBLISH_STAGING) ||
168                                      permissionChecker.hasPermission(
169                                             groupId, Group.class.getName(), groupId,
170                                             ActionKeys.UPDATE))) {
171    
172                            return true;
173                    }
174    
175                    // Group id must be set so that users can modify their personal pages
176    
177                    if (permissionChecker.hasPermission(
178                                    groupId, Group.class.getName(), groupId, actionId)) {
179    
180                            return true;
181                    }
182    
183                    while (!group.isRoot()) {
184                            if (contains(
185                                            permissionChecker, group.getParentGroupId(),
186                                            ActionKeys.MANAGE_SUBGROUPS)) {
187    
188                                    return true;
189                            }
190    
191                            group = group.getParentGroup();
192                    }
193    
194                    return false;
195            }
196    
197            @Override
198            public boolean contains(
199                            PermissionChecker permissionChecker, long groupId, String actionId)
200                    throws PortalException {
201    
202                    if (groupId > 0) {
203                            Group group = GroupLocalServiceUtil.getGroup(groupId);
204    
205                            return contains(permissionChecker, group, actionId);
206                    }
207                    else {
208                            return false;
209                    }
210            }
211    
212            @Override
213            public boolean contains(
214                    PermissionChecker permissionChecker, String actionId) {
215    
216                    return permissionChecker.hasPermission(
217                            0, Group.class.getName(), 0, actionId);
218            }
219    
220    }