001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.BaseModelPermissionChecker;
024 import com.liferay.portal.security.permission.PermissionChecker;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.UserLocalServiceUtil;
027
028
032 @OSGiBeanProperties(
033 property = {"model.class.name=com.liferay.portal.model.Group"}
034 )
035 public class GroupPermissionImpl
036 implements BaseModelPermissionChecker, GroupPermission {
037
038 @Override
039 public void check(
040 PermissionChecker permissionChecker, Group group, String actionId)
041 throws PortalException {
042
043 if (!contains(permissionChecker, group, actionId)) {
044 throw new PrincipalException.MustHavePermission(
045 permissionChecker, Group.class.getName(), group.getGroupId(),
046 actionId);
047 }
048 }
049
050 @Override
051 public void check(
052 PermissionChecker permissionChecker, long groupId, String actionId)
053 throws PortalException {
054
055 if (!contains(permissionChecker, groupId, actionId)) {
056 throw new PrincipalException.MustHavePermission(
057 permissionChecker, Group.class.getName(), groupId, actionId);
058 }
059 }
060
061 @Override
062 public void check(PermissionChecker permissionChecker, String actionId)
063 throws PortalException {
064
065 if (!contains(permissionChecker, actionId)) {
066 throw new PrincipalException.MustHavePermission(
067 permissionChecker, Group.class.getName(), Long.valueOf(0),
068 actionId);
069 }
070 }
071
072 @Override
073 public void checkBaseModel(
074 PermissionChecker permissionChecker, long groupId, long primaryKey,
075 String actionId)
076 throws PortalException {
077
078 check(permissionChecker, primaryKey, actionId);
079 }
080
081 @Override
082 public boolean contains(
083 PermissionChecker permissionChecker, Group group, String actionId)
084 throws PortalException {
085
086 if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
087 actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
088 (group.hasLocalOrRemoteStagingGroup() ||
089 group.isLayoutPrototype())) {
090
091 return false;
092 }
093
094 long groupId = group.getGroupId();
095
096 if (group.isStagingGroup()) {
097 group = group.getLiveGroup();
098 }
099
100 if (group.isUser()) {
101
102
103
104
105
106
107 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
108
109 if ((permissionChecker.getUserId() != user.getUserId()) &&
110 UserPermissionUtil.contains(
111 permissionChecker, user.getUserId(),
112 user.getOrganizationIds(), ActionKeys.UPDATE)) {
113
114 return true;
115 }
116 }
117
118 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
119 (permissionChecker.hasPermission(
120 groupId, Group.class.getName(), groupId,
121 ActionKeys.MANAGE_SUBGROUPS) ||
122 PortalPermissionUtil.contains(
123 permissionChecker, ActionKeys.ADD_COMMUNITY))) {
124
125 return true;
126 }
127 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
128 permissionChecker.hasPermission(
129 groupId, Group.class.getName(), groupId,
130 ActionKeys.MANAGE_LAYOUTS)) {
131
132 return true;
133 }
134 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
135 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
136 permissionChecker.hasPermission(
137 groupId, Group.class.getName(), groupId,
138 ActionKeys.PUBLISH_STAGING)) {
139
140 return true;
141 }
142 else if (actionId.equals(ActionKeys.VIEW) &&
143 (permissionChecker.hasPermission(
144 groupId, Group.class.getName(), groupId,
145 ActionKeys.ASSIGN_USER_ROLES) ||
146 permissionChecker.hasPermission(
147 groupId, Group.class.getName(), groupId,
148 ActionKeys.MANAGE_LAYOUTS))) {
149
150 return true;
151 }
152 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
153 (permissionChecker.hasPermission(
154 groupId, Group.class.getName(), groupId,
155 ActionKeys.MANAGE_LAYOUTS) ||
156 permissionChecker.hasPermission(
157 groupId, Group.class.getName(), groupId,
158 ActionKeys.MANAGE_STAGING) ||
159 permissionChecker.hasPermission(
160 groupId, Group.class.getName(), groupId,
161 ActionKeys.PUBLISH_STAGING) ||
162 permissionChecker.hasPermission(
163 groupId, Group.class.getName(), groupId,
164 ActionKeys.UPDATE))) {
165
166 return true;
167 }
168
169
170
171 if (permissionChecker.hasPermission(
172 groupId, Group.class.getName(), groupId, actionId)) {
173
174 return true;
175 }
176
177 while (!group.isRoot()) {
178 if (contains(
179 permissionChecker, group.getParentGroupId(),
180 ActionKeys.MANAGE_SUBGROUPS)) {
181
182 return true;
183 }
184
185 group = group.getParentGroup();
186 }
187
188 return false;
189 }
190
191 @Override
192 public boolean contains(
193 PermissionChecker permissionChecker, long groupId, String actionId)
194 throws PortalException {
195
196 if (groupId > 0) {
197 Group group = GroupLocalServiceUtil.getGroup(groupId);
198
199 return contains(permissionChecker, group, actionId);
200 }
201 else {
202 return false;
203 }
204 }
205
206 @Override
207 public boolean contains(
208 PermissionChecker permissionChecker, String actionId) {
209
210 return permissionChecker.hasPermission(
211 0, Group.class.getName(), 0, actionId);
212 }
213
214 }