001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.Layout;
023    import com.liferay.portal.model.LayoutTypePortlet;
024    import com.liferay.portal.model.Portlet;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.impl.VirtualLayout;
027    import com.liferay.portal.security.auth.PrincipalException;
028    import com.liferay.portal.security.permission.ActionKeys;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.ResourceActionsUtil;
031    import com.liferay.portal.service.GroupLocalServiceUtil;
032    import com.liferay.portal.service.LayoutLocalServiceUtil;
033    import com.liferay.portal.service.PortletLocalServiceUtil;
034    import com.liferay.portal.util.PortletCategoryKeys;
035    import com.liferay.portlet.ControlPanelEntry;
036    import com.liferay.portlet.exportimport.staging.permission.StagingPermissionUtil;
037    import com.liferay.portlet.sites.util.SitesUtil;
038    
039    import java.util.Collection;
040    import java.util.List;
041    
042    import javax.portlet.PortletMode;
043    
044    /**
045     * @author Brian Wing Shun Chan
046     * @author Raymond Aug??
047     */
048    public class PortletPermissionImpl implements PortletPermission {
049    
050            @Override
051            public void check(
052                            PermissionChecker permissionChecker, Layout layout,
053                            String portletId, String actionId)
054                    throws PortalException {
055    
056                    if (!contains(
057                                    permissionChecker, 0, layout, portletId, actionId,
058                                    _STRICT_DEFAULT)) {
059    
060                            throw new PrincipalException.MustHavePermission(
061                                    permissionChecker, Portlet.class.getName(), portletId,
062                                    actionId);
063                    }
064            }
065    
066            @Override
067            public void check(
068                            PermissionChecker permissionChecker, Layout layout,
069                            String portletId, String actionId, boolean strict)
070                    throws PortalException {
071    
072                    if (!contains(
073                                    permissionChecker, 0, layout, portletId, actionId, strict)) {
074    
075                            throw new PrincipalException.MustHavePermission(
076                                    permissionChecker, Portlet.class.getName(), portletId,
077                                    actionId);
078                    }
079            }
080    
081            @Override
082            public void check(
083                            PermissionChecker permissionChecker, long groupId, Layout layout,
084                            String portletId, String actionId)
085                    throws PortalException {
086    
087                    if (!contains(
088                                    permissionChecker, groupId, layout, portletId, actionId,
089                                    _STRICT_DEFAULT)) {
090    
091                            throw new PrincipalException.MustHavePermission(
092                                    permissionChecker, Portlet.class.getName(), portletId,
093                                    actionId);
094                    }
095            }
096    
097            @Override
098            public void check(
099                            PermissionChecker permissionChecker, long groupId, Layout layout,
100                            String portletId, String actionId, boolean strict)
101                    throws PortalException {
102    
103                    check(
104                            permissionChecker, groupId, layout, portletId, actionId, strict,
105                            _CHECK_STAGING_PERMISSION_DEFAULT);
106            }
107    
108            @Override
109            public void check(
110                            PermissionChecker permissionChecker, long groupId, Layout layout,
111                            String portletId, String actionId, boolean strict,
112                            boolean checkStagingPermission)
113                    throws PortalException {
114    
115                    if (!contains(
116                                    permissionChecker, groupId, layout, portletId, actionId, strict,
117                                    checkStagingPermission)) {
118    
119                            throw new PrincipalException.MustHavePermission(
120                                    permissionChecker, Portlet.class.getName(), portletId,
121                                    actionId);
122                    }
123            }
124    
125            @Override
126            public void check(
127                            PermissionChecker permissionChecker, long groupId, long plid,
128                            String portletId, String actionId)
129                    throws PortalException {
130    
131                    check(
132                            permissionChecker, groupId, plid, portletId, actionId,
133                            _STRICT_DEFAULT);
134            }
135    
136            @Override
137            public void check(
138                            PermissionChecker permissionChecker, long groupId, long plid,
139                            String portletId, String actionId, boolean strict)
140                    throws PortalException {
141    
142                    if (!contains(
143                                    permissionChecker, groupId, plid, portletId, actionId,
144                                    strict)) {
145    
146                            throw new PrincipalException.MustHavePermission(
147                                    permissionChecker, Portlet.class.getName(), portletId,
148                                    actionId);
149                    }
150            }
151    
152            @Override
153            public void check(
154                            PermissionChecker permissionChecker, long plid, String portletId,
155                            String actionId)
156                    throws PortalException {
157    
158                    check(permissionChecker, plid, portletId, actionId, _STRICT_DEFAULT);
159            }
160    
161            @Override
162            public void check(
163                            PermissionChecker permissionChecker, long plid, String portletId,
164                            String actionId, boolean strict)
165                    throws PortalException {
166    
167                    if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
168                            throw new PrincipalException.MustHavePermission(
169                                    permissionChecker, Portlet.class.getName(), portletId,
170                                    actionId);
171                    }
172            }
173    
174            @Override
175            public void check(
176                            PermissionChecker permissionChecker, String portletId,
177                            String actionId)
178                    throws PortalException {
179    
180                    if (!contains(permissionChecker, portletId, actionId)) {
181                            throw new PrincipalException.MustHavePermission(
182                                    permissionChecker, Portlet.class.getName(), portletId,
183                                    actionId);
184                    }
185            }
186    
187            @Override
188            public boolean contains(
189                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
190                            String actionId)
191                    throws PortalException {
192    
193                    return contains(
194                            permissionChecker, layout, portlet, actionId, _STRICT_DEFAULT);
195            }
196    
197            @Override
198            public boolean contains(
199                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
200                            String actionId, boolean strict)
201                    throws PortalException {
202    
203                    return contains(
204                            permissionChecker, 0, layout, portlet, actionId, strict);
205            }
206    
207            @Override
208            public boolean contains(
209                            PermissionChecker permissionChecker, Layout layout,
210                            String portletId, String actionId)
211                    throws PortalException {
212    
213                    return contains(
214                            permissionChecker, layout, portletId, actionId, _STRICT_DEFAULT);
215            }
216    
217            @Override
218            public boolean contains(
219                            PermissionChecker permissionChecker, Layout layout,
220                            String portletId, String actionId, boolean strict)
221                    throws PortalException {
222    
223                    return contains(
224                            permissionChecker, 0, layout, portletId, actionId, strict);
225            }
226    
227            @Override
228            public boolean contains(
229                            PermissionChecker permissionChecker, long groupId, Layout layout,
230                            Portlet portlet, String actionId)
231                    throws PortalException {
232    
233                    return contains(
234                            permissionChecker, groupId, layout, portlet, actionId,
235                            _STRICT_DEFAULT);
236            }
237    
238            @Override
239            public boolean contains(
240                            PermissionChecker permissionChecker, long groupId, Layout layout,
241                            Portlet portlet, String actionId, boolean strict)
242                    throws PortalException {
243    
244                    if (portlet.isUndeployedPortlet()) {
245                            return false;
246                    }
247    
248                    return contains(
249                            permissionChecker, groupId, layout, portlet.getPortletId(),
250                            actionId, strict);
251            }
252    
253            @Override
254            public boolean contains(
255                            PermissionChecker permissionChecker, long groupId, Layout layout,
256                            String portletId, String actionId)
257                    throws PortalException {
258    
259                    return contains(
260                            permissionChecker, groupId, layout, portletId, actionId,
261                            _STRICT_DEFAULT);
262            }
263    
264            @Override
265            public boolean contains(
266                            PermissionChecker permissionChecker, long groupId, Layout layout,
267                            String portletId, String actionId, boolean strict)
268                    throws PortalException {
269    
270                    return contains(
271                            permissionChecker, groupId, layout, portletId, actionId, strict,
272                            _CHECK_STAGING_PERMISSION_DEFAULT);
273            }
274    
275            @Override
276            public boolean contains(
277                            PermissionChecker permissionChecker, long groupId, Layout layout,
278                            String portletId, String actionId, boolean strict,
279                            boolean checkStagingPermission)
280                    throws PortalException {
281    
282                    String name = null;
283                    String primKey = null;
284    
285                    if (layout == null) {
286                            name = portletId;
287                            primKey = portletId;
288    
289                            return permissionChecker.hasPermission(
290                                    groupId, name, primKey, actionId);
291                    }
292    
293                    if (!actionId.equals(ActionKeys.VIEW) && !layout.isTypeControlPanel() &&
294                            (layout instanceof VirtualLayout)) {
295    
296                            return hasCustomizePermission(
297                                    permissionChecker, layout, portletId, actionId);
298                    }
299    
300                    Group group = layout.getGroup();
301    
302                    if (!group.isLayoutSetPrototype() && !layout.isTypeControlPanel() &&
303                            actionId.equals(ActionKeys.CONFIGURATION) &&
304                            !SitesUtil.isLayoutUpdateable(layout)) {
305    
306                            return false;
307                    }
308    
309                    groupId = layout.getGroupId();
310    
311                    name = PortletConstants.getRootPortletId(portletId);
312    
313                    if (checkStagingPermission) {
314                            Boolean hasPermission = StagingPermissionUtil.hasPermission(
315                                    permissionChecker, groupId, name, groupId, name, actionId);
316    
317                            if (hasPermission != null) {
318                                    return hasPermission.booleanValue();
319                            }
320                    }
321    
322                    if (group.isControlPanel() && actionId.equals(ActionKeys.VIEW)) {
323                            return true;
324                    }
325    
326                    primKey = getPrimaryKey(layout.getPlid(), portletId);
327    
328                    if (strict) {
329                            return permissionChecker.hasPermission(
330                                    groupId, name, primKey, actionId);
331                    }
332    
333                    if (hasConfigurePermission(
334                                    permissionChecker, layout, portletId, actionId) ||
335                            hasCustomizePermission(
336                                    permissionChecker, layout, portletId, actionId)) {
337    
338                            return true;
339                    }
340    
341                    return permissionChecker.hasPermission(
342                            groupId, name, primKey, actionId);
343            }
344    
345            public boolean contains(
346                            PermissionChecker permissionChecker, long groupId, long plid,
347                            Portlet portlet, String actionId)
348                    throws PortalException {
349    
350                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
351    
352                    return contains(
353                            permissionChecker, groupId, layout, portlet, actionId,
354                            _STRICT_DEFAULT);
355            }
356    
357            @Override
358            public boolean contains(
359                            PermissionChecker permissionChecker, long groupId, long plid,
360                            Portlet portlet, String actionId, boolean strict)
361                    throws PortalException {
362    
363                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
364    
365                    return contains(
366                            permissionChecker, groupId, layout, portlet, actionId, strict);
367            }
368    
369            public boolean contains(
370                            PermissionChecker permissionChecker, long groupId, long plid,
371                            String portletId, String actionId)
372                    throws PortalException {
373    
374                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
375    
376                    return contains(
377                            permissionChecker, groupId, layout, portletId, actionId,
378                            _STRICT_DEFAULT);
379            }
380    
381            @Override
382            public boolean contains(
383                            PermissionChecker permissionChecker, long groupId, long plid,
384                            String portletId, String actionId, boolean strict)
385                    throws PortalException {
386    
387                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
388    
389                    return contains(
390                            permissionChecker, groupId, layout, portletId, actionId, strict);
391            }
392    
393            @Override
394            public boolean contains(
395                            PermissionChecker permissionChecker, long plid, Portlet portlet,
396                            String actionId)
397                    throws PortalException {
398    
399                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
400    
401                    return contains(
402                            permissionChecker, layout, portlet, actionId, _STRICT_DEFAULT);
403            }
404    
405            @Override
406            public boolean contains(
407                            PermissionChecker permissionChecker, long plid, Portlet portlet,
408                            String actionId, boolean strict)
409                    throws PortalException {
410    
411                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
412    
413                    return contains(
414                            permissionChecker, 0, layout, portlet, actionId, strict);
415            }
416    
417            @Override
418            public boolean contains(
419                            PermissionChecker permissionChecker, long plid, String portletId,
420                            String actionId)
421                    throws PortalException {
422    
423                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
424    
425                    return contains(
426                            permissionChecker, layout, portletId, actionId, _STRICT_DEFAULT);
427            }
428    
429            @Override
430            public boolean contains(
431                            PermissionChecker permissionChecker, long plid, String portletId,
432                            String actionId, boolean strict)
433                    throws PortalException {
434    
435                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
436    
437                    return contains(
438                            permissionChecker, 0, layout, portletId, actionId, strict);
439            }
440    
441            @Override
442            public boolean contains(
443                            PermissionChecker permissionChecker, String portletId,
444                            String actionId)
445                    throws PortalException {
446    
447                    return contains(permissionChecker, 0, portletId, actionId);
448            }
449    
450            @Override
451            public String getPrimaryKey(long plid, String portletId) {
452                    return String.valueOf(plid).concat(
453                            PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
454            }
455    
456            @Override
457            public boolean hasAccessPermission(
458                            PermissionChecker permissionChecker, long scopeGroupId,
459                            Layout layout, Portlet portlet, PortletMode portletMode)
460                    throws PortalException {
461    
462                    if ((layout != null) && layout.isTypeControlPanel()) {
463                            String category = portlet.getControlPanelEntryCategory();
464    
465                            if (StringUtil.startsWith(
466                                            category, PortletCategoryKeys.SITE_ADMINISTRATION)) {
467    
468                                    layout = null;
469                            }
470                    }
471    
472                    boolean access = contains(
473                            permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
474    
475                    if (access && portletMode.equals(PortletMode.EDIT)) {
476                            access = contains(
477                                    permissionChecker, scopeGroupId, layout, portlet,
478                                    ActionKeys.PREFERENCES);
479                    }
480    
481                    return access;
482            }
483    
484            @Override
485            public boolean hasConfigurationPermission(
486                            PermissionChecker permissionChecker, long groupId, Layout layout,
487                            String actionId)
488                    throws PortalException {
489    
490                    LayoutTypePortlet layoutTypePortlet =
491                            (LayoutTypePortlet)layout.getLayoutType();
492    
493                    for (Portlet portlet : layoutTypePortlet.getAllPortlets(false)) {
494                            if (contains(
495                                            permissionChecker, groupId, layout, portlet.getPortletId(),
496                                            actionId)) {
497    
498                                    return true;
499                            }
500    
501                            if (contains(
502                                            permissionChecker, groupId, null,
503                                            portlet.getRootPortletId(), actionId)) {
504    
505                                    return true;
506                            }
507                    }
508    
509                    return false;
510            }
511    
512            @Override
513            public boolean hasControlPanelAccessPermission(
514                            PermissionChecker permissionChecker, long groupId,
515                            Collection<Portlet> portlets)
516                    throws PortalException {
517    
518                    for (Portlet portlet : portlets) {
519                            if (hasControlPanelAccessPermission(
520                                            permissionChecker, groupId, portlet)) {
521    
522                                    return true;
523                            }
524                    }
525    
526                    return false;
527            }
528    
529            @Override
530            public boolean hasControlPanelAccessPermission(
531                            PermissionChecker permissionChecker, long scopeGroupId,
532                            Portlet portlet)
533                    throws PortalException {
534    
535                    Group group = GroupLocalServiceUtil.getGroup(scopeGroupId);
536    
537                    ControlPanelEntry controlPanelEntry =
538                            portlet.getControlPanelEntryInstance();
539    
540                    try {
541                            return controlPanelEntry.hasAccessPermission(
542                                    permissionChecker, group, portlet);
543                    }
544                    catch (Exception e) {
545                            if (_log.isWarnEnabled()) {
546                                    _log.warn("Cannot process control panel access permission", e);
547                            }
548    
549                            return false;
550                    }
551            }
552    
553            @Override
554            public boolean hasControlPanelAccessPermission(
555                            PermissionChecker permissionChecker, long scopeGroupId,
556                            String portletId)
557                    throws PortalException {
558    
559                    Portlet portlet = PortletLocalServiceUtil.getPortletById(portletId);
560    
561                    return hasControlPanelAccessPermission(
562                            permissionChecker, scopeGroupId, portlet);
563            }
564    
565            @Override
566            public boolean hasLayoutManagerPermission(
567                    String portletId, String actionId) {
568    
569                    try {
570                            portletId = PortletConstants.getRootPortletId(portletId);
571    
572                            List<String> layoutManagerActions =
573                                    ResourceActionsUtil.getPortletResourceLayoutManagerActions(
574                                            portletId);
575    
576                            return layoutManagerActions.contains(actionId);
577                    }
578                    catch (Exception e) {
579                            _log.error(e, e);
580    
581                            return false;
582                    }
583            }
584    
585            protected boolean hasConfigurePermission(
586                            PermissionChecker permissionChecker, Layout layout,
587                            String portletId, String actionId)
588                    throws PortalException {
589    
590                    if (!actionId.equals(ActionKeys.CONFIGURATION) &&
591                            !actionId.equals(ActionKeys.PREFERENCES) &&
592                            !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
593    
594                            return false;
595                    }
596    
597                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
598                            layout.getCompanyId(), portletId);
599    
600                    if (portlet.isPreferencesUniquePerLayout()) {
601                            return LayoutPermissionUtil.contains(
602                                    permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
603                    }
604    
605                    return GroupPermissionUtil.contains(
606                            permissionChecker, layout.getGroupId(),
607                            ActionKeys.CONFIGURE_PORTLETS);
608            }
609    
610            protected boolean hasCustomizePermission(
611                            PermissionChecker permissionChecker, Layout layout,
612                            String portletId, String actionId)
613                    throws PortalException {
614    
615                    LayoutTypePortlet layoutTypePortlet =
616                            (LayoutTypePortlet)layout.getLayoutType();
617    
618                    if (layoutTypePortlet.isCustomizedView() &&
619                            layoutTypePortlet.isPortletCustomizable(portletId) &&
620                            LayoutPermissionUtil.contains(
621                                    permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
622    
623                            if (actionId.equals(ActionKeys.VIEW)) {
624                                    return true;
625                            }
626                            else if (actionId.equals(ActionKeys.CONFIGURATION)) {
627                                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
628                                            layout.getCompanyId(), portletId);
629    
630                                    if (portlet.isInstanceable() ||
631                                            portlet.isPreferencesUniquePerLayout()) {
632    
633                                            return true;
634                                    }
635                            }
636                    }
637    
638                    return false;
639            }
640    
641            private static final boolean _CHECK_STAGING_PERMISSION_DEFAULT = true;
642    
643            private static final boolean _STRICT_DEFAULT = false;
644    
645            private static final Log _log = LogFactoryUtil.getLog(
646                    PortletPermissionImpl.class);
647    
648    }