001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.model.Group;
019 import com.liferay.portal.model.Role;
020 import com.liferay.portal.model.RoleConstants;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.RoleLocalServiceUtil;
026
027
031 public class UserGroupRolePermissionImpl implements UserGroupRolePermission {
032
033 @Override
034 public void check(
035 PermissionChecker permissionChecker, Group group, Role role)
036 throws PortalException {
037
038 if (!contains(permissionChecker, group, role)) {
039 throw new PrincipalException();
040 }
041 }
042
043 @Override
044 public void check(
045 PermissionChecker permissionChecker, long groupId, long roleId)
046 throws PortalException {
047
048 if (!contains(permissionChecker, groupId, roleId)) {
049 throw new PrincipalException();
050 }
051 }
052
053 @Override
054 public boolean contains(
055 PermissionChecker permissionChecker, Group group, Role role)
056 throws PortalException {
057
058 if (role.getType() == RoleConstants.TYPE_REGULAR) {
059 return false;
060 }
061 else if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) &&
062 !group.isOrganization()) {
063
064 return false;
065 }
066
067 if (!permissionChecker.isCompanyAdmin() &&
068 !permissionChecker.isGroupOwner(group.getGroupId())) {
069
070 String roleName = role.getName();
071
072 if (roleName.equals(
073 RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
074 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
075 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
076 roleName.equals(RoleConstants.SITE_OWNER)) {
077
078 return false;
079 }
080 }
081
082 if (permissionChecker.isGroupOwner(group.getGroupId()) ||
083 GroupPermissionUtil.contains(
084 permissionChecker, group, ActionKeys.ASSIGN_USER_ROLES) ||
085 OrganizationPermissionUtil.contains(
086 permissionChecker, group.getOrganizationId(),
087 ActionKeys.ASSIGN_USER_ROLES) ||
088 RolePermissionUtil.contains(
089 permissionChecker, group.getGroupId(), role.getRoleId(),
090 ActionKeys.ASSIGN_MEMBERS)) {
091
092 return true;
093 }
094 else {
095 return false;
096 }
097 }
098
099 @Override
100 public boolean contains(
101 PermissionChecker permissionChecker, long groupId, long roleId)
102 throws PortalException {
103
104 Group group = GroupLocalServiceUtil.getGroup(groupId);
105 Role role = RoleLocalServiceUtil.getRole(roleId);
106
107 return contains(permissionChecker, group, role);
108 }
109
110 }