001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.security.permission; 016 017 import aQute.bnd.annotation.ProviderType; 018 019 import com.liferay.portal.model.User; 020 021 import java.util.List; 022 023 import javax.portlet.PortletRequest; 024 025 /** 026 * @author Brian Wing Shun Chan 027 */ 028 @ProviderType 029 public interface PermissionChecker extends Cloneable { 030 031 public static final long[] DEFAULT_ROLE_IDS = {}; 032 033 public PermissionChecker clone(); 034 035 /** 036 * Returns the primary key of the user's company. 037 * 038 * @return the primary key of the user's company 039 */ 040 public long getCompanyId(); 041 042 public List<Long> getOwnerResourceBlockIds( 043 long companyId, long groupId, String name, String actionId); 044 045 /** 046 * Returns the primary key of the owner role. This role is automatically 047 * given to the creator of a resource. 048 * 049 * @return the primary key of the owner role 050 */ 051 public long getOwnerRoleId(); 052 053 public List<Long> getResourceBlockIds( 054 long companyId, long groupId, long userId, String name, 055 String actionId); 056 057 /** 058 * Returns the primary keys of the roles the user has within the group. 059 * 060 * @param userId the primary key of the user 061 * @param groupId the primary key of the group 062 * @return the primary keys of the roles the user has within the group 063 */ 064 public long[] getRoleIds(long userId, long groupId); 065 066 public User getUser(); 067 068 public UserBag getUserBag() throws Exception; 069 070 /** 071 * Returns the primary key of the user. 072 * 073 * @return the primary key of the user 074 */ 075 public long getUserId(); 076 077 /** 078 * Returns <code>true</code> if the user is the owner of the resource and 079 * has permission to perform the action. 080 * 081 * @param companyId the primary key of the user's company 082 * @param name the resource's name, which can be either a class name or a 083 * portlet ID 084 * @param primKey the primary key of the resource 085 * @param ownerId the primary key of the resource's owner 086 * @param actionId the action ID 087 * @return <code>true</code> if the user is the owner of the resource and 088 * has permission to perform the action; <code>false</code> 089 * otherwise 090 */ 091 public boolean hasOwnerPermission( 092 long companyId, String name, long primKey, long ownerId, 093 String actionId); 094 095 /** 096 * Returns <code>true</code> if the user is the owner of the resource and 097 * has permission to perform the action. 098 * 099 * @param companyId the primary key of the user's company 100 * @param name the resource's name, which can be either a class name or a 101 * portlet ID 102 * @param primKey the primary key of the resource 103 * @param ownerId the primary key of the resource's owner 104 * @param actionId the action ID 105 * @return <code>true</code> if the user is the owner of the resource and 106 * has permission to perform the action; <code>false</code> 107 * otherwise 108 */ 109 public boolean hasOwnerPermission( 110 long companyId, String name, String primKey, long ownerId, 111 String actionId); 112 113 /** 114 * Returns <code>true</code> if the user has permission to perform the 115 * action on the resource. 116 * 117 * @param groupId the primary key of the group containing the resource 118 * @param name the resource's name, which can be either a class name or a 119 * portlet ID 120 * @param primKey the primary key of the resource 121 * @param actionId the action ID 122 * @return <code>true</code> if the user has permission to perform the 123 * action on the resource; <code>false</code> otherwise 124 */ 125 public boolean hasPermission( 126 long groupId, String name, long primKey, String actionId); 127 128 /** 129 * Returns <code>true</code> if the user has permission to perform the 130 * action on the resource. 131 * 132 * @param groupId the primary key of the group containing the resource 133 * @param name the resource's name, which can be either a class name or a 134 * portlet ID 135 * @param primKey the primary key of the resource 136 * @param actionId the action ID 137 * @return <code>true</code> if the user has permission to perform the 138 * action on the resource; <code>false</code> otherwise 139 */ 140 public boolean hasPermission( 141 long groupId, String name, String primKey, String actionId); 142 143 /** 144 * Returns <code>true</code> if the user has permission to perform the 145 * action on the resource without using guest permissions. 146 * 147 * @param groupId the primary key of the group containing the resource 148 * @param name the resource's name, which can be either a class name or a 149 * portlet ID 150 * @param primKey the primary key of the resource 151 * @param actionId the action ID 152 * @param checkAdmin whether to use permissions gained from administrator 153 * roles 154 * @return <code>true</code> if the user has permission to perform the 155 * action on the resource without using guest permissions; 156 * <code>false</code> otherwise 157 */ 158 public boolean hasUserPermission( 159 long groupId, String name, String primKey, String actionId, 160 boolean checkAdmin); 161 162 /** 163 * Initializes this permission checker. 164 * 165 * @param user the current user 166 */ 167 public void init(User user); 168 169 /** 170 * Returns <code>true</code> if guest permissions will be used in permission 171 * checks. 172 * 173 * @return <code>true</code> if guest permissions will be used in permission 174 * checks; <code>false</code> otherwise 175 */ 176 public boolean isCheckGuest(); 177 178 /** 179 * @deprecated As of 6.1.0, renamed to {@link #isGroupAdmin(long)} 180 */ 181 @Deprecated 182 public boolean isCommunityAdmin(long groupId); 183 184 /** 185 * @deprecated As of 6.1.0, renamed to {@link #isGroupOwner(long)} 186 */ 187 @Deprecated 188 public boolean isCommunityOwner(long groupId); 189 190 /** 191 * Returns <code>true</code> if the user is an administrator of their 192 * company. 193 * 194 * @return <code>true</code> if the user is an administrator of their 195 * company; <code>false</code> otherwise 196 */ 197 public boolean isCompanyAdmin(); 198 199 /** 200 * Returns <code>true</code> if the user is an administrator of the company. 201 * 202 * @param companyId the primary key of the company 203 * @return <code>true</code> if the user is an administrator of the company; 204 * <code>false</code> otherwise 205 */ 206 public boolean isCompanyAdmin(long companyId); 207 208 /** 209 * Returns <code>true</code> if the user is a content reviewer or has 210 * sufficient permissions to review content (i.e. the user is a company or 211 * group administrator). 212 * 213 * @param companyId the primary key of the company 214 * @param groupId the primary key of the group 215 * @return <code>true</code> if the user is a reviewer or has sufficient 216 * permissions to review content; <code>false</code> otherwise 217 */ 218 public boolean isContentReviewer(long companyId, long groupId); 219 220 /** 221 * Returns <code>true</code> if the user is an administrator of the group. 222 * 223 * @param groupId the primary key of the group 224 * @return <code>true</code> if the user is an administrator of the group; 225 * <code>false</code> otherwise 226 */ 227 public boolean isGroupAdmin(long groupId); 228 229 /** 230 * Returns <code>true</code> if the user is a member of the group. 231 * 232 * @param groupId the primary key of the group 233 * @return <code>true</code> if the user is a member of the group; 234 * <code>false</code> otherwise 235 */ 236 public boolean isGroupMember(long groupId); 237 238 /** 239 * Returns <code>true</code> if the user is the owner of the group. 240 * 241 * @param groupId the primary key of the group 242 * @return <code>true</code> if the user is the owner of the group; 243 * <code>false</code> otherwise 244 */ 245 public boolean isGroupOwner(long groupId); 246 247 /** 248 * Returns <code>true</code> if the user is a universal administrator. 249 * 250 * @return <code>true</code> if the user is a universal administrator; 251 * <code>false</code> otherwise 252 * @see com.liferay.portlet.admin.util.OmniadminUtil 253 */ 254 public boolean isOmniadmin(); 255 256 /** 257 * Returns <code>true</code> if the user is an administrator of the 258 * organization. 259 * 260 * @param organizationId the primary key of the organization 261 * @return <code>true</code> if the user is an administrator of the 262 * organization; <code>false</code> otherwise 263 */ 264 public boolean isOrganizationAdmin(long organizationId); 265 266 /** 267 * Returns <code>true</code> if the user is an owner of the organization. 268 * 269 * @param organizationId the primary key of the organization 270 * @return <code>true</code> if the user is an owner of the organization; 271 * <code>false</code> otherwise 272 */ 273 public boolean isOrganizationOwner(long organizationId); 274 275 /** 276 * Returns <code>true</code> if the user is signed in. 277 * 278 * @return <code>true</code> if the user is signed in; <code>false</code> 279 * otherwise 280 */ 281 public boolean isSignedIn(); 282 283 /** 284 * @deprecated As of 6.2.0, does nothing 285 */ 286 @Deprecated 287 public void resetValues(); 288 289 /** 290 * @deprecated As of 6.2.0, does nothing 291 */ 292 @Deprecated 293 public void setValues(PortletRequest portletRequest); 294 295 }