001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.BaseModelPermissionChecker;
024 import com.liferay.portal.security.permission.PermissionChecker;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.UserLocalServiceUtil;
027
028
032 @OSGiBeanProperties(
033 property = {"model.class.name=com.liferay.portal.model.Group"}
034 )
035 public class GroupPermissionImpl
036 implements BaseModelPermissionChecker, GroupPermission {
037
038 @Override
039 public void check(
040 PermissionChecker permissionChecker, Group group, String actionId)
041 throws PortalException {
042
043 if (!contains(permissionChecker, group, actionId)) {
044 throw new PrincipalException.MustHavePermission(
045 permissionChecker, Group.class.getName(), group.getGroupId(),
046 actionId);
047 }
048 }
049
050 @Override
051 public void check(
052 PermissionChecker permissionChecker, long groupId, String actionId)
053 throws PortalException {
054
055 if (!contains(permissionChecker, groupId, actionId)) {
056 throw new PrincipalException.MustHavePermission(
057 permissionChecker, Group.class.getName(), groupId, actionId);
058 }
059 }
060
061 @Override
062 public void check(PermissionChecker permissionChecker, String actionId)
063 throws PortalException {
064
065 if (!contains(permissionChecker, actionId)) {
066 throw new PrincipalException.MustHavePermission(
067 permissionChecker, Group.class.getName(), Long.valueOf(0),
068 actionId);
069 }
070 }
071
072 @Override
073 public void checkBaseModel(
074 PermissionChecker permissionChecker, long groupId, long primaryKey,
075 String actionId)
076 throws PortalException {
077
078 check(permissionChecker, primaryKey, actionId);
079 }
080
081 @Override
082 public boolean contains(
083 PermissionChecker permissionChecker, Group group, String actionId)
084 throws PortalException {
085
086 if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
087 actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
088 (group.hasLocalOrRemoteStagingGroup() ||
089 group.isLayoutPrototype())) {
090
091 return false;
092 }
093
094 if (actionId.equals(ActionKeys.VIEW_SITE_ADMINISTRATION) &&
095 group.isLayoutPrototype()) {
096
097 return false;
098 }
099
100 long groupId = group.getGroupId();
101
102 if (group.isStagingGroup()) {
103 group = group.getLiveGroup();
104 }
105
106 if (group.isUser()) {
107
108
109
110
111
112
113 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
114
115 if ((permissionChecker.getUserId() != user.getUserId()) &&
116 UserPermissionUtil.contains(
117 permissionChecker, user.getUserId(),
118 user.getOrganizationIds(), ActionKeys.UPDATE)) {
119
120 return true;
121 }
122 }
123
124 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
125 (permissionChecker.hasPermission(
126 groupId, Group.class.getName(), groupId,
127 ActionKeys.MANAGE_SUBGROUPS) ||
128 PortalPermissionUtil.contains(
129 permissionChecker, ActionKeys.ADD_COMMUNITY))) {
130
131 return true;
132 }
133 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
134 permissionChecker.hasPermission(
135 groupId, Group.class.getName(), groupId,
136 ActionKeys.MANAGE_LAYOUTS)) {
137
138 return true;
139 }
140 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
141 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
142 permissionChecker.hasPermission(
143 groupId, Group.class.getName(), groupId,
144 ActionKeys.PUBLISH_STAGING)) {
145
146 return true;
147 }
148 else if (actionId.equals(ActionKeys.VIEW) &&
149 (permissionChecker.hasPermission(
150 groupId, Group.class.getName(), groupId,
151 ActionKeys.ASSIGN_USER_ROLES) ||
152 permissionChecker.hasPermission(
153 groupId, Group.class.getName(), groupId,
154 ActionKeys.MANAGE_LAYOUTS))) {
155
156 return true;
157 }
158 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
159 (permissionChecker.hasPermission(
160 groupId, Group.class.getName(), groupId,
161 ActionKeys.MANAGE_LAYOUTS) ||
162 permissionChecker.hasPermission(
163 groupId, Group.class.getName(), groupId,
164 ActionKeys.MANAGE_STAGING) ||
165 permissionChecker.hasPermission(
166 groupId, Group.class.getName(), groupId,
167 ActionKeys.PUBLISH_STAGING) ||
168 permissionChecker.hasPermission(
169 groupId, Group.class.getName(), groupId,
170 ActionKeys.UPDATE))) {
171
172 return true;
173 }
174
175
176
177 if (permissionChecker.hasPermission(
178 groupId, Group.class.getName(), groupId, actionId)) {
179
180 return true;
181 }
182
183 while (!group.isRoot()) {
184 if (contains(
185 permissionChecker, group.getParentGroupId(),
186 ActionKeys.MANAGE_SUBGROUPS)) {
187
188 return true;
189 }
190
191 group = group.getParentGroup();
192 }
193
194 return false;
195 }
196
197 @Override
198 public boolean contains(
199 PermissionChecker permissionChecker, long groupId, String actionId)
200 throws PortalException {
201
202 if (groupId > 0) {
203 Group group = GroupLocalServiceUtil.getGroup(groupId);
204
205 return contains(permissionChecker, group, actionId);
206 }
207 else {
208 return false;
209 }
210 }
211
212 @Override
213 public boolean contains(
214 PermissionChecker permissionChecker, String actionId) {
215
216 return permissionChecker.hasPermission(
217 0, Group.class.getName(), 0, actionId);
218 }
219
220 }