001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.membershippolicy;
016    
017    import com.liferay.portal.kernel.dao.orm.ActionableDynamicQuery;
018    import com.liferay.portal.kernel.dao.orm.DynamicQuery;
019    import com.liferay.portal.kernel.dao.orm.Property;
020    import com.liferay.portal.kernel.dao.orm.PropertyFactoryUtil;
021    import com.liferay.portal.kernel.exception.PortalException;
022    import com.liferay.portal.model.Group;
023    import com.liferay.portal.model.Role;
024    import com.liferay.portal.model.RoleConstants;
025    import com.liferay.portal.model.UserGroupRole;
026    import com.liferay.portal.security.permission.PermissionChecker;
027    import com.liferay.portal.service.GroupLocalServiceUtil;
028    import com.liferay.portal.service.RoleLocalServiceUtil;
029    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030    import com.liferay.portal.service.persistence.UserGroupRolePK;
031    
032    import java.io.Serializable;
033    
034    import java.util.ArrayList;
035    import java.util.List;
036    import java.util.Map;
037    
038    /**
039     * @author Roberto D??az
040     * @author Sergio Gonz??lez
041     */
042    public abstract class BaseSiteMembershipPolicy implements SiteMembershipPolicy {
043    
044            @Override
045            @SuppressWarnings("unused")
046            public void checkRoles(
047                            List<UserGroupRole> addUserGroupRoles,
048                            List<UserGroupRole> removeUserGroupRoles)
049                    throws PortalException {
050            }
051    
052            @Override
053            @SuppressWarnings("unused")
054            public boolean isMembershipAllowed(long userId, long groupId)
055                    throws PortalException {
056    
057                    try {
058                            checkMembership(new long[] {userId}, new long[] {groupId}, null);
059                    }
060                    catch (Exception e) {
061                            return false;
062                    }
063    
064                    return true;
065            }
066    
067            @Override
068            public boolean isMembershipProtected(
069                            PermissionChecker permissionChecker, long userId, long groupId)
070                    throws PortalException {
071    
072                    if (permissionChecker.isGroupOwner(groupId)) {
073                            return false;
074                    }
075    
076                    Role siteAdministratorRole = RoleLocalServiceUtil.getRole(
077                            permissionChecker.getCompanyId(), RoleConstants.SITE_ADMINISTRATOR);
078    
079                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
080                                    userId, groupId, siteAdministratorRole.getRoleId())) {
081    
082                            return true;
083                    }
084    
085                    Role siteOwnerRole = RoleLocalServiceUtil.getRole(
086                            permissionChecker.getCompanyId(), RoleConstants.SITE_OWNER);
087    
088                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
089                                    userId, groupId, siteOwnerRole.getRoleId())) {
090    
091                            return true;
092                    }
093    
094                    return false;
095            }
096    
097            @Override
098            @SuppressWarnings("unused")
099            public boolean isMembershipRequired(long userId, long groupId)
100                    throws PortalException {
101    
102                    try {
103                            checkMembership(new long[] {userId}, null, new long[] {groupId});
104                    }
105                    catch (Exception e) {
106                            return true;
107                    }
108    
109                    return false;
110            }
111    
112            @Override
113            @SuppressWarnings("unused")
114            public boolean isRoleAllowed(long userId, long groupId, long roleId)
115                    throws PortalException {
116    
117                    List<UserGroupRole> userGroupRoles = new ArrayList<>();
118    
119                    UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
120                            userId, groupId, roleId);
121    
122                    UserGroupRole userGroupRole =
123                            UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
124    
125                    userGroupRoles.add(userGroupRole);
126    
127                    try {
128                            checkRoles(userGroupRoles, null);
129                    }
130                    catch (Exception e) {
131                            return false;
132                    }
133    
134                    return true;
135            }
136    
137            @Override
138            public boolean isRoleProtected(
139                            PermissionChecker permissionChecker, long userId, long groupId,
140                            long roleId)
141                    throws PortalException {
142    
143                    if (permissionChecker.isGroupOwner(groupId)) {
144                            return false;
145                    }
146    
147                    Role role = RoleLocalServiceUtil.getRole(roleId);
148    
149                    String roleName = role.getName();
150    
151                    if (!roleName.equals(RoleConstants.SITE_ADMINISTRATOR) &&
152                            !roleName.equals(RoleConstants.SITE_OWNER)) {
153    
154                            return false;
155                    }
156    
157                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
158                                    userId, groupId, roleId)) {
159    
160                            return true;
161                    }
162    
163                    return false;
164            }
165    
166            @Override
167            public boolean isRoleRequired(long userId, long groupId, long roleId) {
168                    List<UserGroupRole> userGroupRoles = new ArrayList<>();
169    
170                    UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
171                            userId, groupId, roleId);
172    
173                    UserGroupRole userGroupRole =
174                            UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
175    
176                    userGroupRoles.add(userGroupRole);
177    
178                    try {
179                            checkRoles(null, userGroupRoles);
180                    }
181                    catch (Exception e) {
182                            return true;
183                    }
184    
185                    return false;
186            }
187    
188            @Override
189            @SuppressWarnings("unused")
190            public void propagateRoles(
191                            List<UserGroupRole> addUserGroupRoles,
192                            List<UserGroupRole> removeUserGroupRoles)
193                    throws PortalException {
194            }
195    
196            @Override
197            public void verifyPolicy() throws PortalException {
198                    ActionableDynamicQuery groupActionableDynamicQuery =
199                            GroupLocalServiceUtil.getActionableDynamicQuery();
200    
201                    groupActionableDynamicQuery.setAddCriteriaMethod(
202                            new ActionableDynamicQuery.AddCriteriaMethod() {
203    
204                                    @Override
205                                    public void addCriteria(DynamicQuery dynamicQuery) {
206                                            Property property = PropertyFactoryUtil.forName("site");
207    
208                                            dynamicQuery.add(property.eq(true));
209                                    }
210    
211                            });
212                    groupActionableDynamicQuery.setPerformActionMethod(
213                            new ActionableDynamicQuery.PerformActionMethod<Group>() {
214    
215                                    @Override
216                                    public void performAction(Group group) throws PortalException {
217                                            verifyPolicy(group);
218    
219                                            ActionableDynamicQuery userGroupRoleActionableDynamicQuery =
220                                                    UserGroupRoleLocalServiceUtil.
221                                                            getActionableDynamicQuery();
222    
223                                            userGroupRoleActionableDynamicQuery.setGroupId(
224                                                    group.getGroupId());
225                                            userGroupRoleActionableDynamicQuery.setPerformActionMethod(
226                                                    new ActionableDynamicQuery.
227                                                            PerformActionMethod<UserGroupRole>() {
228    
229                                                            @Override
230                                                            public void performAction(
231                                                                            UserGroupRole userGroupRole)
232                                                                    throws PortalException {
233    
234                                                                    verifyPolicy(userGroupRole.getRole());
235                                                            }
236    
237                                                    });
238    
239                                            userGroupRoleActionableDynamicQuery.performActions();
240                                    }
241    
242                            });
243    
244                    groupActionableDynamicQuery.performActions();
245            }
246    
247            @Override
248            public void verifyPolicy(Group group) throws PortalException {
249                    verifyPolicy(group, null, null, null, null, null);
250            }
251    
252            @Override
253            public void verifyPolicy(Role role) {
254            }
255    
256            @Override
257            public void verifyPolicy(
258                    Role role, Role oldRole,
259                    Map<String, Serializable> oldExpandoAttributes) {
260            }
261    
262    }