001
014
015 package com.liferay.portal.security.membershippolicy;
016
017 import com.liferay.portal.kernel.dao.orm.ActionableDynamicQuery;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.Role;
022 import com.liferay.portal.model.RoleConstants;
023 import com.liferay.portal.model.UserGroupRole;
024 import com.liferay.portal.security.permission.PermissionChecker;
025 import com.liferay.portal.service.OrganizationLocalServiceUtil;
026 import com.liferay.portal.service.RoleLocalServiceUtil;
027 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
028 import com.liferay.portal.service.persistence.UserGroupRolePK;
029
030 import java.io.Serializable;
031
032 import java.util.ArrayList;
033 import java.util.List;
034 import java.util.Map;
035
036
040 public abstract class BaseOrganizationMembershipPolicy
041 implements OrganizationMembershipPolicy {
042
043 @Override
044 @SuppressWarnings("unused")
045 public void checkRoles(
046 List<UserGroupRole> addUserGroupRoles,
047 List<UserGroupRole> removeUserGroupRoles)
048 throws PortalException {
049 }
050
051 @Override
052 @SuppressWarnings("unused")
053 public boolean isMembershipAllowed(long userId, long organizationId)
054 throws PortalException {
055
056 try {
057 checkMembership(
058 new long[] {userId}, new long[] {organizationId}, null);
059 }
060 catch (Exception e) {
061 return false;
062 }
063
064 return true;
065 }
066
067 @Override
068 public boolean isMembershipProtected(
069 PermissionChecker permissionChecker, long userId,
070 long organizationId)
071 throws PortalException {
072
073 if (permissionChecker.isOrganizationOwner(organizationId)) {
074 return false;
075 }
076
077 Organization organization =
078 OrganizationLocalServiceUtil.getOrganization(organizationId);
079
080 Group group = organization.getGroup();
081
082 Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
083 permissionChecker.getCompanyId(),
084 RoleConstants.ORGANIZATION_ADMINISTRATOR);
085
086 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
087 userId, group.getGroupId(),
088 organizationAdministratorRole.getRoleId())) {
089
090 return true;
091 }
092
093 Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
094 permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
095
096 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
097 userId, group.getGroupId(),
098 organizationOwnerRole.getRoleId())) {
099
100 return true;
101 }
102
103 return false;
104 }
105
106 @Override
107 @SuppressWarnings("unused")
108 public boolean isMembershipRequired(long userId, long organizationId)
109 throws PortalException {
110
111 try {
112 checkMembership(
113 new long[] {userId}, null, new long[] {organizationId});
114 }
115 catch (Exception e) {
116 return true;
117 }
118
119 return false;
120 }
121
122 @Override
123 public boolean isRoleAllowed(long userId, long organizationId, long roleId)
124 throws PortalException {
125
126 List<UserGroupRole> userGroupRoles = new ArrayList<>();
127
128 Organization organization =
129 OrganizationLocalServiceUtil.getOrganization(organizationId);
130
131 UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
132 userId, organization.getGroupId(), roleId);
133
134 UserGroupRole userGroupRole =
135 UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
136
137 userGroupRoles.add(userGroupRole);
138
139 try {
140 checkRoles(userGroupRoles, null);
141 }
142 catch (Exception e) {
143 return false;
144 }
145
146 return true;
147 }
148
149 @Override
150 public boolean isRoleProtected(
151 PermissionChecker permissionChecker, long userId,
152 long organizationId, long roleId)
153 throws PortalException {
154
155 if (permissionChecker.isOrganizationOwner(organizationId)) {
156 return false;
157 }
158
159 Role role = RoleLocalServiceUtil.getRole(roleId);
160
161 String roleName = role.getName();
162
163 if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
164 !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
165
166 return false;
167 }
168
169 Organization organization =
170 OrganizationLocalServiceUtil.getOrganization(organizationId);
171
172 Group group = organization.getGroup();
173
174 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
175 userId, group.getGroupId(), role.getRoleId())) {
176
177 return true;
178 }
179
180 return false;
181 }
182
183 @Override
184 public boolean isRoleRequired(long userId, long organizationId, long roleId)
185 throws PortalException {
186
187 List<UserGroupRole> userGroupRoles = new ArrayList<>();
188
189 Organization organization =
190 OrganizationLocalServiceUtil.getOrganization(organizationId);
191
192 UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
193 userId, organization.getGroupId(), roleId);
194
195 UserGroupRole userGroupRole =
196 UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
197
198 userGroupRoles.add(userGroupRole);
199
200 try {
201 checkRoles(null, userGroupRoles);
202 }
203 catch (Exception e) {
204 return true;
205 }
206
207 return false;
208 }
209
210 @Override
211 public void propagateRoles(
212 List<UserGroupRole> addUserGroupRoles,
213 List<UserGroupRole> removeUserGroupRoles) {
214 }
215
216 @Override
217 public void verifyPolicy() throws PortalException {
218 ActionableDynamicQuery organizationActionableDynamicQuery =
219 OrganizationLocalServiceUtil.getActionableDynamicQuery();
220
221 organizationActionableDynamicQuery.setPerformActionMethod(
222 new ActionableDynamicQuery.PerformActionMethod<Organization>() {
223
224 @Override
225 public void performAction(Organization organization)
226 throws PortalException {
227
228 verifyPolicy(organization);
229
230 ActionableDynamicQuery userGroupRoleActionableDynamicQuery =
231 UserGroupRoleLocalServiceUtil.
232 getActionableDynamicQuery();
233
234 userGroupRoleActionableDynamicQuery.setGroupId(
235 organization.getGroupId());
236 userGroupRoleActionableDynamicQuery.setPerformActionMethod(
237 new ActionableDynamicQuery.
238 PerformActionMethod<UserGroupRole>() {
239
240 @Override
241 public void performAction(
242 UserGroupRole userGroupRole)
243 throws PortalException {
244
245 verifyPolicy(userGroupRole.getRole());
246 }
247
248 });
249
250 userGroupRoleActionableDynamicQuery.performActions();
251 }
252
253 });
254
255 organizationActionableDynamicQuery.performActions();
256 }
257
258 @Override
259 public void verifyPolicy(Organization organization) throws PortalException {
260 verifyPolicy(organization, null, null, null, null);
261 }
262
263 @Override
264 public void verifyPolicy(Role role) {
265 }
266
267 @Override
268 public void verifyPolicy(
269 Role role, Role oldRole,
270 Map<String, Serializable> oldExpandoAttributes) {
271 }
272
273 }