001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.dao.orm.QueryUtil;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.log.Log;
020 import com.liferay.portal.kernel.log.LogFactoryUtil;
021 import com.liferay.portal.kernel.util.ArrayUtil;
022 import com.liferay.portal.kernel.util.CharPool;
023 import com.liferay.portal.kernel.util.GetterUtil;
024 import com.liferay.portal.kernel.util.ListUtil;
025 import com.liferay.portal.kernel.util.SetUtil;
026 import com.liferay.portal.kernel.util.Validator;
027 import com.liferay.portal.model.Group;
028 import com.liferay.portal.model.GroupConstants;
029 import com.liferay.portal.model.GroupedModel;
030 import com.liferay.portal.model.Layout;
031 import com.liferay.portal.model.Organization;
032 import com.liferay.portal.model.OrganizationConstants;
033 import com.liferay.portal.model.PermissionedModel;
034 import com.liferay.portal.model.PortletConstants;
035 import com.liferay.portal.model.Resource;
036 import com.liferay.portal.model.ResourceBlockConstants;
037 import com.liferay.portal.model.ResourceConstants;
038 import com.liferay.portal.model.Role;
039 import com.liferay.portal.model.RoleConstants;
040 import com.liferay.portal.model.Team;
041 import com.liferay.portal.model.User;
042 import com.liferay.portal.service.GroupLocalServiceUtil;
043 import com.liferay.portal.service.LayoutLocalServiceUtil;
044 import com.liferay.portal.service.OrganizationLocalServiceUtil;
045 import com.liferay.portal.service.ResourceBlockLocalServiceUtil;
046 import com.liferay.portal.service.ResourceLocalServiceUtil;
047 import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
048 import com.liferay.portal.service.RoleLocalServiceUtil;
049 import com.liferay.portal.service.TeamLocalServiceUtil;
050 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
051 import com.liferay.portal.service.UserLocalServiceUtil;
052 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
053 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
054 import com.liferay.portal.service.permission.PortletPermissionUtil;
055
056 import java.util.ArrayList;
057 import java.util.Arrays;
058 import java.util.Collections;
059 import java.util.LinkedHashMap;
060 import java.util.List;
061 import java.util.Set;
062
063 import org.apache.commons.lang.time.StopWatch;
064
065
072 public class AdvancedPermissionChecker extends BasePermissionChecker {
073
074 @Override
075 public AdvancedPermissionChecker clone() {
076 return new AdvancedPermissionChecker();
077 }
078
079 public ResourceBlockIdsBag getGuestResourceBlockIdsBag(
080 long companyId, long groupId, String name)
081 throws Exception {
082
083 ResourceBlockIdsBag resourceBlockIdsBag =
084 PermissionCacheUtil.getResourceBlockIdsBag(
085 companyId, groupId, defaultUserId, name);
086
087 if (resourceBlockIdsBag != null) {
088 return resourceBlockIdsBag;
089 }
090
091 try {
092 resourceBlockIdsBag =
093 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
094 getCompanyId(), groupId, name, getGuestUserRoleIds());
095
096 PermissionCacheUtil.putResourceBlockIdsBag(
097 companyId, groupId, defaultUserId, name, resourceBlockIdsBag);
098
099 return resourceBlockIdsBag;
100 }
101 catch (Exception e) {
102 PermissionCacheUtil.removeResourceBlockIdsBag(
103 getCompanyId(), groupId, defaultUserId, name);
104
105 throw e;
106 }
107 }
108
109
115 public long[] getGuestUserRoleIds() throws Exception {
116 Group guestGroup = GroupLocalServiceUtil.getGroup(
117 getCompanyId(), GroupConstants.GUEST);
118
119 long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
120 defaultUserId, guestGroup.getGroupId());
121
122 if (roleIds != null) {
123 return roleIds;
124 }
125
126 try {
127 List<Role> roles = RoleLocalServiceUtil.getUserRelatedRoles(
128 defaultUserId, Collections.singletonList(guestGroup));
129
130
131
132
133
134
135 roleIds = ListUtil.toLongArray(roles, Role.ROLE_ID_ACCESSOR);
136
137 Arrays.sort(roleIds);
138
139 PermissionCacheUtil.putUserGroupRoleIds(
140 defaultUserId, guestGroup.getGroupId(), roleIds);
141 }
142 catch (Exception e) {
143 PermissionCacheUtil.removeUserGroupRoleIds(
144 defaultUserId, guestGroup.getGroupId());
145
146 throw e;
147 }
148
149 return roleIds;
150 }
151
152 @Override
153 public List<Long> getOwnerResourceBlockIds(
154 long companyId, long groupId, String name, String actionId) {
155
156 try {
157 ResourceBlockIdsBag resourceBlockIdsBag =
158 getOwnerResourceBlockIdsBag(companyId, groupId, name);
159
160 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
161 resourceBlockIdsBag, name, actionId);
162 }
163 catch (Exception e) {
164 if (_log.isDebugEnabled()) {
165 _log.debug(e, e);
166 }
167 }
168
169 return Collections.emptyList();
170 }
171
172 public ResourceBlockIdsBag getOwnerResourceBlockIdsBag(
173 long companyId, long groupId, String name) {
174
175 ResourceBlockIdsBag resourceBlockIdsBag =
176 PermissionCacheUtil.getResourceBlockIdsBag(
177 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
178
179 if (resourceBlockIdsBag != null) {
180 return resourceBlockIdsBag;
181 }
182
183 try {
184 long[] roleIds = {getOwnerRoleId()};
185
186 resourceBlockIdsBag =
187 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
188 getCompanyId(), groupId, name, roleIds);
189
190 PermissionCacheUtil.putResourceBlockIdsBag(
191 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name,
192 resourceBlockIdsBag);
193
194 return resourceBlockIdsBag;
195 }
196 catch (Exception e) {
197 PermissionCacheUtil.removeResourceBlockIdsBag(
198 companyId, groupId, ResourceBlockConstants.OWNER_USER_ID, name);
199
200 throw e;
201 }
202 }
203
204 @Override
205 public List<Long> getResourceBlockIds(
206 long companyId, long groupId, long userId, String name,
207 String actionId) {
208
209 try {
210 ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
211 companyId, groupId, userId, name);
212
213 return ResourceBlockLocalServiceUtil.getResourceBlockIds(
214 resourceBlockIdsBag, name, actionId);
215 }
216 catch (Exception e) {
217 if (_log.isDebugEnabled()) {
218 _log.debug(e, e);
219 }
220 }
221
222 return Collections.emptyList();
223 }
224
225 public ResourceBlockIdsBag getResourceBlockIdsBag(
226 long companyId, long groupId, long userId, String name)
227 throws Exception {
228
229 ResourceBlockIdsBag resourceBlockIdsBag =
230 PermissionCacheUtil.getResourceBlockIdsBag(
231 companyId, groupId, userId, name);
232
233 if (resourceBlockIdsBag != null) {
234 return resourceBlockIdsBag;
235 }
236
237 try {
238 long[] roleIds = getRoleIds(userId, groupId);
239
240 resourceBlockIdsBag =
241 ResourceBlockLocalServiceUtil.getResourceBlockIdsBag(
242 getCompanyId(), groupId, name, roleIds);
243
244 PermissionCacheUtil.putResourceBlockIdsBag(
245 companyId, groupId, userId, name, resourceBlockIdsBag);
246
247 return resourceBlockIdsBag;
248 }
249 catch (Exception e) {
250 PermissionCacheUtil.removeResourceBlockIdsBag(
251 companyId, groupId, userId, name);
252
253 throw e;
254 }
255 }
256
257 @Override
258 public long[] getRoleIds(long userId, long groupId) {
259 long[] roleIds = null;
260
261 try {
262 roleIds = doGetRoleIds(userId, groupId);
263 }
264 catch (Exception e) {
265 if (_log.isDebugEnabled()) {
266 _log.debug(e, e);
267 }
268
269 return PermissionChecker.DEFAULT_ROLE_IDS;
270 }
271
272 if (!checkGuest) {
273 return roleIds;
274 }
275
276 Set<Long> roleIdsSet = SetUtil.fromArray(roleIds);
277
278 try {
279 for (long roleId : getGuestUserRoleIds()) {
280 roleIdsSet.add(roleId);
281 }
282 }
283 catch (Exception e) {
284 if (_log.isDebugEnabled()) {
285 _log.debug(e, e);
286 }
287 }
288
289 return ArrayUtil.toArray(
290 roleIdsSet.toArray(new Long[roleIdsSet.size()]));
291 }
292
293 @Override
294 public UserBag getUserBag() throws PortalException {
295 return UserBagFactoryUtil.create(getUserId());
296 }
297
298 @Override
299 public boolean hasOwnerPermission(
300 long companyId, String name, String primKey, long ownerId,
301 String actionId) {
302
303 if (ownerId != getUserId()) {
304 return false;
305 }
306
307 if (ownerId == defaultUserId) {
308 if (actionId.equals(ActionKeys.VIEW)) {
309 return true;
310 }
311 else {
312 return false;
313 }
314 }
315
316 try {
317 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
318 PermissionedModel permissionedModel =
319 ResourceBlockLocalServiceUtil.getPermissionedModel(
320 name, GetterUtil.getLong(primKey));
321
322 long groupId = 0;
323
324 if (permissionedModel instanceof GroupedModel) {
325 GroupedModel groupedModel = (GroupedModel)permissionedModel;
326
327 groupId = groupedModel.getGroupId();
328 }
329
330 ResourceBlockIdsBag resourceBlockIdsBag =
331 getOwnerResourceBlockIdsBag(companyId, groupId, name);
332
333 return ResourceBlockLocalServiceUtil.hasPermission(
334 name, permissionedModel, actionId, resourceBlockIdsBag);
335 }
336
337 return ResourcePermissionLocalServiceUtil.hasResourcePermission(
338 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
339 getOwnerRoleId(), actionId);
340 }
341 catch (Exception e) {
342 if (_log.isDebugEnabled()) {
343 _log.debug(e, e);
344 }
345 }
346
347 return false;
348 }
349
350 @Override
351 public boolean hasPermission(
352 long groupId, String name, String primKey, String actionId) {
353
354 StopWatch stopWatch = new StopWatch();
355
356 stopWatch.start();
357
358 Group group = null;
359
360 try {
361 if (groupId > 0) {
362 group = GroupLocalServiceUtil.getGroup(groupId);
363
364
365
366
367 if (group.isLayout() &&
368 !ResourceBlockLocalServiceUtil.isSupported(name)) {
369
370 Layout layout = LayoutLocalServiceUtil.getLayout(
371 group.getClassPK());
372
373 groupId = layout.getGroupId();
374
375 group = GroupLocalServiceUtil.getGroup(groupId);
376 }
377
378
379
380
381 if (group.isUser() && (group.getClassPK() == getUserId())) {
382 group = GroupLocalServiceUtil.getGroup(
383 getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
384
385 groupId = group.getGroupId();
386 }
387 }
388 }
389 catch (Exception e) {
390 _log.error(e, e);
391 }
392
393 Boolean value = PermissionCacheUtil.getPermission(
394 user.getUserId(), signedIn, groupId, name, primKey, actionId);
395
396 if (value != null) {
397 return value;
398 }
399
400 try {
401 value = hasPermissionImpl(groupId, name, primKey, actionId);
402
403 if (_log.isDebugEnabled()) {
404 _log.debug(
405 "Checking permission for " + groupId + " " + name +
406 " " + primKey + " " + actionId + " takes " +
407 stopWatch.getTime() + " ms");
408 }
409
410 PermissionCacheUtil.putPermission(
411 user.getUserId(), signedIn, groupId, name, primKey, actionId,
412 value);
413 }
414 catch (Exception e) {
415 PermissionCacheUtil.removePermission(
416 user.getUserId(), signedIn, groupId, name, primKey, actionId);
417
418 throw e;
419 }
420
421 return value;
422 }
423
424 @Override
425 public boolean hasUserPermission(
426 long groupId, String name, String primKey, String actionId,
427 boolean checkAdmin) {
428
429 try {
430 return hasUserPermissionImpl(
431 groupId, name, primKey, actionId, checkAdmin);
432 }
433 catch (Exception e) {
434 _log.error(e, e);
435
436 return false;
437 }
438 }
439
440 @Override
441 public boolean isCompanyAdmin() {
442 try {
443 return isCompanyAdminImpl(user.getCompanyId());
444 }
445 catch (Exception e) {
446 _log.error(e, e);
447
448 return false;
449 }
450 }
451
452 @Override
453 public boolean isCompanyAdmin(long companyId) {
454 try {
455 return isCompanyAdminImpl(companyId);
456 }
457 catch (Exception e) {
458 _log.error(e, e);
459
460 return false;
461 }
462 }
463
464 @Override
465 public boolean isContentReviewer(long companyId, long groupId) {
466 try {
467 return isContentReviewerImpl(companyId, groupId);
468 }
469 catch (Exception e) {
470 _log.error(e, e);
471 }
472
473 return false;
474 }
475
476 @Override
477 public boolean isGroupAdmin(long groupId) {
478 try {
479 return isGroupAdminImpl(groupId);
480 }
481 catch (Exception e) {
482 _log.error(e, e);
483
484 return false;
485 }
486 }
487
488 @Override
489 public boolean isGroupMember(long groupId) {
490 try {
491 return isGroupMemberImpl(groupId);
492 }
493 catch (Exception e) {
494 _log.error(e, e);
495
496 return false;
497 }
498 }
499
500 @Override
501 public boolean isGroupOwner(long groupId) {
502 try {
503 return isGroupOwnerImpl(groupId);
504 }
505 catch (Exception e) {
506 _log.error(e, e);
507
508 return false;
509 }
510 }
511
512 @Override
513 public boolean isOrganizationAdmin(long organizationId) {
514 try {
515 return isOrganizationAdminImpl(organizationId);
516 }
517 catch (Exception e) {
518 _log.error(e, e);
519
520 return false;
521 }
522 }
523
524 @Override
525 public boolean isOrganizationOwner(long organizationId) {
526 try {
527 return isOrganizationOwnerImpl(organizationId);
528 }
529 catch (Exception e) {
530 _log.error(e, e);
531
532 return false;
533 }
534 }
535
536 protected void addTeamRoles(long userId, Group group, Set<Long> roleIds)
537 throws Exception {
538
539 List<Team> userTeams = TeamLocalServiceUtil.getUserTeams(
540 userId, group.getGroupId());
541
542 for (Team team : userTeams) {
543 Role role = RoleLocalServiceUtil.getTeamRole(
544 team.getCompanyId(), team.getTeamId());
545
546 roleIds.add(role.getRoleId());
547 }
548
549 LinkedHashMap<String, Object> teamParams = new LinkedHashMap<>();
550
551 teamParams.put("usersUserGroups", userId);
552
553 List<Team> userGroupTeams = TeamLocalServiceUtil.search(
554 group.getGroupId(), null, null, teamParams, QueryUtil.ALL_POS,
555 QueryUtil.ALL_POS, null);
556
557 for (Team team : userGroupTeams) {
558 Role role = RoleLocalServiceUtil.getTeamRole(
559 team.getCompanyId(), team.getTeamId());
560
561 roleIds.add(role.getRoleId());
562 }
563 }
564
565 protected boolean doCheckPermission(
566 long companyId, long groupId, String name, String primKey,
567 String actionId, StopWatch stopWatch)
568 throws Exception {
569
570 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 1);
571
572 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
573 ResourceBlockIdsBag resourceBlockIdsBag = getResourceBlockIdsBag(
574 companyId, groupId, getUserId(), name);
575
576 boolean value = ResourceBlockLocalServiceUtil.hasPermission(
577 name, GetterUtil.getLong(primKey), actionId,
578 resourceBlockIdsBag);
579
580 logHasUserPermission(
581 groupId, name, primKey, actionId, stopWatch, 2);
582
583 return value;
584 }
585
586 List<Resource> resources = getResources(
587 companyId, groupId, name, primKey, actionId);
588
589 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 3);
590
591
592
593
594
595
596 boolean value = ResourceLocalServiceUtil.hasUserPermissions(
597 user.getUserId(), groupId, resources, actionId,
598 doGetRoleIds(user.getUserId(), groupId));
599
600 logHasUserPermission(groupId, name, primKey, actionId, stopWatch, 4);
601
602 return value;
603 }
604
605 protected long[] doGetRoleIds(long userId, long groupId) throws Exception {
606 long[] roleIds = PermissionCacheUtil.getUserGroupRoleIds(
607 userId, groupId);
608
609 if (roleIds != null) {
610 return roleIds;
611 }
612
613 try {
614 Group group = null;
615
616 long parentGroupId = 0;
617
618 if (groupId > 0) {
619 group = GroupLocalServiceUtil.getGroup(groupId);
620
621 if (group.isLayout()) {
622 parentGroupId = group.getParentGroupId();
623
624 if (parentGroupId > 0) {
625 group = GroupLocalServiceUtil.getGroup(parentGroupId);
626 }
627 }
628 }
629
630 UserBag userBag = getUserBag();
631
632 Set<Long> roleIdsSet = SetUtil.fromArray(userBag.getRoleIds());
633
634 List<Role> userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
635 userId, groupId);
636
637 for (Role userGroupRole : userGroupRoles) {
638 roleIdsSet.add(userGroupRole.getRoleId());
639 }
640
641 if (parentGroupId > 0) {
642 userGroupRoles = RoleLocalServiceUtil.getUserGroupRoles(
643 userId, parentGroupId);
644
645 for (Role userGroupRole : userGroupRoles) {
646 roleIdsSet.add(userGroupRole.getRoleId());
647 }
648 }
649
650 List<Role> userGroupGroupRoles =
651 RoleLocalServiceUtil.getUserGroupGroupRoles(userId, groupId);
652
653 for (Role userGroupGroupRole : userGroupGroupRoles) {
654 roleIdsSet.add(userGroupGroupRole.getRoleId());
655 }
656
657 if (parentGroupId > 0) {
658 userGroupGroupRoles =
659 RoleLocalServiceUtil.getUserGroupGroupRoles(
660 userId, parentGroupId);
661
662 for (Role userGroupGroupRole : userGroupGroupRoles) {
663 roleIdsSet.add(userGroupGroupRole.getRoleId());
664 }
665 }
666
667 if (group != null) {
668 if (group.isOrganization() && userBag.hasUserOrgGroup(group)) {
669 Role organizationUserRole = RoleLocalServiceUtil.getRole(
670 group.getCompanyId(), RoleConstants.ORGANIZATION_USER);
671
672 roleIdsSet.add(organizationUserRole.getRoleId());
673 }
674
675 if ((group.isSite() &&
676 (userBag.hasUserGroup(group) ||
677 userBag.hasUserOrgGroup(group))) ||
678 group.isUserPersonalSite()) {
679
680 Role siteMemberRole = RoleLocalServiceUtil.getRole(
681 group.getCompanyId(), RoleConstants.SITE_MEMBER);
682
683 roleIdsSet.add(siteMemberRole.getRoleId());
684 }
685
686 if ((group.isOrganization() &&
687 userBag.hasUserOrgGroup(group)) ||
688 (group.isSite() && userBag.hasUserGroup(group))) {
689
690 addTeamRoles(userId, group, roleIdsSet);
691 }
692 }
693
694 roleIds = ArrayUtil.toLongArray(roleIdsSet);
695
696 Arrays.sort(roleIds);
697
698 PermissionCacheUtil.putUserGroupRoleIds(userId, groupId, roleIds);
699
700 return roleIds;
701 }
702 catch (Exception e) {
703 PermissionCacheUtil.removeUserGroupRoleIds(userId, groupId);
704
705 throw e;
706 }
707 }
708
709
731 protected List<Resource> getResources(
732 long companyId, long groupId, String name, String primKey,
733 String actionId)
734 throws Exception {
735
736
737
738 List<Resource> resources = new ArrayList<>(4);
739
740 Resource individualResource = ResourceLocalServiceUtil.getResource(
741 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey);
742
743 resources.add(individualResource);
744
745
746
747 if (groupId > 0) {
748 Resource groupResource = ResourceLocalServiceUtil.getResource(
749 companyId, name, ResourceConstants.SCOPE_GROUP,
750 String.valueOf(groupId));
751
752 resources.add(groupResource);
753 }
754
755
756
757 if (signedIn && (groupId > 0)) {
758 Resource groupTemplateResource =
759 ResourceLocalServiceUtil.getResource(
760 companyId, name, ResourceConstants.SCOPE_GROUP_TEMPLATE,
761 String.valueOf(GroupConstants.DEFAULT_PARENT_GROUP_ID));
762
763 resources.add(groupTemplateResource);
764 }
765
766
767
768 Resource companyResource = ResourceLocalServiceUtil.getResource(
769 companyId, name, ResourceConstants.SCOPE_COMPANY,
770 String.valueOf(companyId));
771
772 resources.add(companyResource);
773
774 return resources;
775 }
776
777 protected boolean hasGuestPermission(
778 long groupId, String name, String primKey, String actionId)
779 throws Exception {
780
781 try {
782 ResourceActionsUtil.checkAction(name, actionId);
783 }
784 catch (Exception e) {
785 if (_log.isDebugEnabled()) {
786 _log.debug(
787 "Guest does not have permission to " + actionId + " on " +
788 name + " with primary key " + primKey);
789 }
790
791 return false;
792 }
793
794 if (name.indexOf(CharPool.PERIOD) != -1) {
795
796
797
798 List<String> actions =
799 ResourceActionsUtil.getModelResourceGuestUnsupportedActions(
800 name);
801
802 if (actions.contains(actionId)) {
803 return false;
804 }
805 }
806 else {
807
808
809
810 List<String> actions =
811 ResourceActionsUtil.getPortletResourceGuestUnsupportedActions(
812 name);
813
814 if (actions.contains(actionId)) {
815 return false;
816 }
817 }
818
819 long companyId = user.getCompanyId();
820
821 List<Resource> resources = getResources(
822 companyId, groupId, name, primKey, actionId);
823
824 try {
825 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
826 ResourceBlockIdsBag resourceBlockIdsBag =
827 getGuestResourceBlockIdsBag(companyId, groupId, name);
828
829 return ResourceBlockLocalServiceUtil.hasPermission(
830 name, GetterUtil.getLong(primKey), actionId,
831 resourceBlockIdsBag);
832 }
833
834 return ResourceLocalServiceUtil.hasUserPermissions(
835 defaultUserId, groupId, resources, actionId,
836 getGuestUserRoleIds());
837 }
838 catch (Exception e) {
839 _log.error(e, e);
840
841 return false;
842 }
843 }
844
845 protected boolean hasPermissionImpl(
846 long groupId, String name, String primKey, String actionId) {
847
848 try {
849 if (!signedIn) {
850 return hasGuestPermission(groupId, name, primKey, actionId);
851 }
852
853 if (ResourceBlockLocalServiceUtil.isSupported(name)) {
854
855
856
857
858
859 return hasUserPermission(
860 groupId, name, primKey, actionId, true);
861 }
862
863 boolean value = false;
864
865 if (checkGuest) {
866 value = hasGuestPermission(groupId, name, primKey, actionId);
867 }
868
869 if (!value) {
870 value = hasUserPermission(
871 groupId, name, primKey, actionId, true);
872 }
873
874 return value;
875 }
876 catch (Exception e) {
877 _log.error(e, e);
878
879 return false;
880 }
881 }
882
883 protected boolean hasUserPermissionImpl(
884 long groupId, String name, String primKey, String actionId,
885 boolean checkAdmin)
886 throws Exception {
887
888 StopWatch stopWatch = new StopWatch();
889
890 stopWatch.start();
891
892 long companyId = user.getCompanyId();
893
894 if (groupId > 0) {
895 Group group = GroupLocalServiceUtil.getGroup(groupId);
896
897 companyId = group.getCompanyId();
898 }
899 else if (name.equals(User.class.getName())) {
900 User user = UserLocalServiceUtil.fetchUser(
901 GetterUtil.getLong(primKey));
902
903 if (user != null) {
904 companyId = user.getCompanyId();
905 }
906 }
907
908 boolean hasLayoutManagerPermission = true;
909
910
911
912
913 if (Validator.isNotNull(name) && Validator.isNotNull(primKey) &&
914 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
915
916 hasLayoutManagerPermission =
917 PortletPermissionUtil.hasLayoutManagerPermission(
918 name, actionId);
919 }
920
921 if (checkAdmin) {
922 if (isCompanyAdminImpl(companyId)) {
923 return true;
924 }
925
926 if (name.equals(Organization.class.getName())) {
927 if (isOrganizationAdminImpl(GetterUtil.getLong(primKey))) {
928 return true;
929 }
930 }
931 else if (isGroupAdminImpl(groupId) && hasLayoutManagerPermission) {
932 return true;
933 }
934 }
935
936 return doCheckPermission(
937 companyId, groupId, name, primKey, actionId, stopWatch);
938 }
939
940 protected boolean isCompanyAdminImpl(long companyId) throws Exception {
941 if (!signedIn) {
942 return false;
943 }
944
945 if (isOmniadmin()) {
946 return true;
947 }
948
949 Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
950 getUserId(), companyId, RoleConstants.ADMINISTRATOR);
951
952 try {
953 if (value == null) {
954 value = RoleLocalServiceUtil.hasUserRole(
955 user.getUserId(), companyId, RoleConstants.ADMINISTRATOR,
956 true);
957
958 PermissionCacheUtil.putUserPrimaryKeyRole(
959 getUserId(), companyId, RoleConstants.ADMINISTRATOR, value);
960 }
961 }
962 catch (Exception e) {
963 PermissionCacheUtil.removeUserPrimaryKeyRole(
964 getUserId(), companyId, RoleConstants.ADMINISTRATOR);
965
966 throw e;
967 }
968
969 return value;
970 }
971
972 protected boolean isContentReviewerImpl(long groupId)
973 throws PortalException {
974
975 if (isCompanyAdmin() || isGroupAdmin(groupId)) {
976 return true;
977 }
978
979 Group group = GroupLocalServiceUtil.getGroup(groupId);
980
981 if (RoleLocalServiceUtil.hasUserRole(
982 getUserId(), group.getCompanyId(),
983 RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
984
985 return true;
986 }
987
988 if (group.isSite()) {
989 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
990 getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
991 true)) {
992
993 return true;
994 }
995 }
996
997 return false;
998 }
999
1000 protected boolean isContentReviewerImpl(long companyId, long groupId)
1001 throws Exception {
1002
1003 if (!signedIn) {
1004 return false;
1005 }
1006
1007 if (isOmniadmin()) {
1008 return true;
1009 }
1010
1011 if (isCompanyAdmin(companyId)) {
1012 return true;
1013 }
1014
1015 if (groupId <= 0) {
1016 return false;
1017 }
1018
1019 if (isGroupAdmin(groupId)) {
1020 return true;
1021 }
1022
1023 Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1024 getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1025
1026 try {
1027 if (value == null) {
1028 value = isContentReviewerImpl(groupId);
1029
1030 PermissionCacheUtil.putUserPrimaryKeyRole(
1031 getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER,
1032 value);
1033 }
1034 }
1035 catch (Exception e) {
1036 PermissionCacheUtil.removeUserPrimaryKeyRole(
1037 getUserId(), groupId, RoleConstants.SITE_CONTENT_REVIEWER);
1038
1039 throw e;
1040 }
1041
1042 return value;
1043 }
1044
1045 protected boolean isGroupAdminImpl(Group group) throws Exception {
1046 if (group.isLayout()) {
1047 long parentGroupId = group.getParentGroupId();
1048
1049 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
1050 return false;
1051 }
1052
1053 group = GroupLocalServiceUtil.getGroup(parentGroupId);
1054 }
1055
1056 if (group.isSite()) {
1057 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1058 getUserId(), group.getGroupId(),
1059 RoleConstants.SITE_ADMINISTRATOR, true) ||
1060 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1061 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1062 true)) {
1063
1064 return true;
1065 }
1066
1067 StopWatch stopWatch = new StopWatch();
1068
1069 stopWatch.start();
1070
1071 while (!group.isRoot()) {
1072 Group parentGroup = group.getParentGroup();
1073
1074 if (doCheckPermission(
1075 parentGroup.getCompanyId(), parentGroup.getGroupId(),
1076 Group.class.getName(),
1077 String.valueOf(parentGroup.getGroupId()),
1078 ActionKeys.MANAGE_SUBGROUPS, stopWatch)) {
1079
1080 return true;
1081 }
1082
1083 group = parentGroup;
1084 }
1085 }
1086
1087 if (group.isCompany()) {
1088 if (isCompanyAdmin()) {
1089 return true;
1090 }
1091 else {
1092 return false;
1093 }
1094 }
1095 else if (group.isLayoutPrototype()) {
1096 if (LayoutPrototypePermissionUtil.contains(
1097 this, group.getClassPK(), ActionKeys.UPDATE)) {
1098
1099 return true;
1100 }
1101 else {
1102 return false;
1103 }
1104 }
1105 else if (group.isLayoutSetPrototype()) {
1106 if (LayoutSetPrototypePermissionUtil.contains(
1107 this, group.getClassPK(), ActionKeys.UPDATE)) {
1108
1109 return true;
1110 }
1111 else {
1112 return false;
1113 }
1114 }
1115 else if (group.isOrganization()) {
1116 long organizationId = group.getOrganizationId();
1117
1118 while (organizationId !=
1119 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1120
1121 Organization organization =
1122 OrganizationLocalServiceUtil.getOrganization(
1123 organizationId);
1124
1125 long organizationGroupId = organization.getGroupId();
1126
1127 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1128 getUserId(), organizationGroupId,
1129 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1130 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1131 getUserId(), organizationGroupId,
1132 RoleConstants.ORGANIZATION_OWNER, true)) {
1133
1134 return true;
1135 }
1136
1137 organizationId = organization.getParentOrganizationId();
1138 }
1139
1140 StopWatch stopWatch = new StopWatch();
1141
1142 stopWatch.start();
1143
1144 Organization organization =
1145 OrganizationLocalServiceUtil.getOrganization(
1146 group.getOrganizationId());
1147
1148 while (!organization.isRoot()) {
1149 Organization parentOrganization =
1150 organization.getParentOrganization();
1151
1152 Group parentGroup = parentOrganization.getGroup();
1153
1154 if (doCheckPermission(
1155 parentGroup.getCompanyId(), parentGroup.getGroupId(),
1156 Organization.class.getName(),
1157 String.valueOf(parentOrganization.getOrganizationId()),
1158 ActionKeys.MANAGE_SUBORGANIZATIONS, stopWatch)) {
1159
1160 return true;
1161 }
1162
1163 organization = parentOrganization;
1164 }
1165 }
1166
1167 return false;
1168 }
1169
1170 protected boolean isGroupAdminImpl(long groupId) throws Exception {
1171 if (!signedIn) {
1172 return false;
1173 }
1174
1175 if (isOmniadmin()) {
1176 return true;
1177 }
1178
1179 if (groupId <= 0) {
1180 return false;
1181 }
1182
1183 Group group = GroupLocalServiceUtil.getGroup(groupId);
1184
1185 if (isCompanyAdmin(group.getCompanyId())) {
1186 return true;
1187 }
1188
1189 Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1190 getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR);
1191
1192 try {
1193 if (value == null) {
1194 value = isGroupAdminImpl(group);
1195
1196 PermissionCacheUtil.putUserPrimaryKeyRole(
1197 getUserId(), group.getGroupId(),
1198 RoleConstants.SITE_ADMINISTRATOR, value);
1199 }
1200 }
1201 catch (Exception e) {
1202 PermissionCacheUtil.removeUserPrimaryKeyRole(
1203 getUserId(), group.getGroupId(),
1204 RoleConstants.SITE_ADMINISTRATOR);
1205
1206 throw e;
1207 }
1208
1209 return value;
1210 }
1211
1212 protected boolean isGroupMemberImpl(long groupId) throws Exception {
1213 if (!signedIn) {
1214 return false;
1215 }
1216
1217 if (groupId <= 0) {
1218 return false;
1219 }
1220
1221 long[] roleIds = doGetRoleIds(getUserId(), groupId);
1222
1223 Group group = GroupLocalServiceUtil.getGroup(groupId);
1224
1225 Role role = RoleLocalServiceUtil.getRole(
1226 group.getCompanyId(), RoleConstants.SITE_MEMBER);
1227
1228 if (Arrays.binarySearch(roleIds, role.getRoleId()) >= 0) {
1229 return true;
1230 }
1231
1232 UserBag userBag = getUserBag();
1233
1234 return userBag.hasUserGroup(group);
1235 }
1236
1237 protected boolean isGroupOwnerImpl(Group group) throws PortalException {
1238 if (group.isSite()) {
1239 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1240 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1241 true)) {
1242
1243 return true;
1244 }
1245 }
1246
1247 if (group.isLayoutPrototype()) {
1248 if (LayoutPrototypePermissionUtil.contains(
1249 this, group.getClassPK(), ActionKeys.UPDATE)) {
1250
1251 return true;
1252 }
1253 else {
1254 return false;
1255 }
1256 }
1257 else if (group.isLayoutSetPrototype()) {
1258 if (LayoutSetPrototypePermissionUtil.contains(
1259 this, group.getClassPK(), ActionKeys.UPDATE)) {
1260
1261 return true;
1262 }
1263 else {
1264 return false;
1265 }
1266 }
1267 else if (group.isOrganization()) {
1268 long organizationId = group.getOrganizationId();
1269
1270 while (organizationId !=
1271 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
1272
1273 Organization organization =
1274 OrganizationLocalServiceUtil.getOrganization(
1275 organizationId);
1276
1277 long organizationGroupId = organization.getGroupId();
1278
1279 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1280 getUserId(), organizationGroupId,
1281 RoleConstants.ORGANIZATION_OWNER, true)) {
1282
1283 return true;
1284 }
1285
1286 organizationId = organization.getParentOrganizationId();
1287 }
1288 }
1289 else if (group.isUser()) {
1290 long groupUserId = group.getClassPK();
1291
1292 if (getUserId() == groupUserId) {
1293 return true;
1294 }
1295 }
1296
1297 return false;
1298 }
1299
1300 protected boolean isGroupOwnerImpl(long groupId) throws Exception {
1301 if (!signedIn) {
1302 return false;
1303 }
1304
1305 if (isOmniadmin()) {
1306 return true;
1307 }
1308
1309 if (groupId <= 0) {
1310 return false;
1311 }
1312
1313 Group group = GroupLocalServiceUtil.getGroup(groupId);
1314
1315 if (isCompanyAdmin(group.getCompanyId())) {
1316 return true;
1317 }
1318
1319 Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1320 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1321
1322 try {
1323 if (value == null) {
1324 value = isGroupOwnerImpl(group);
1325
1326 PermissionCacheUtil.putUserPrimaryKeyRole(
1327 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
1328 value);
1329 }
1330 }
1331 catch (Exception e) {
1332 PermissionCacheUtil.removeUserPrimaryKeyRole(
1333 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER);
1334
1335 throw e;
1336 }
1337
1338 return value;
1339 }
1340
1341 protected boolean isOrganizationAdminImpl(long organizationId)
1342 throws Exception {
1343
1344 if (!signedIn) {
1345 return false;
1346 }
1347
1348 if (isOmniadmin()) {
1349 return true;
1350 }
1351
1352 if (organizationId <= 0) {
1353 return false;
1354 }
1355
1356 Organization organization =
1357 OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1358
1359 if (organization == null) {
1360 return false;
1361 }
1362
1363 if (isCompanyAdmin(organization.getCompanyId())) {
1364 return true;
1365 }
1366
1367 Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1368 getUserId(), organization.getOrganizationId(),
1369 RoleConstants.ORGANIZATION_ADMINISTRATOR);
1370
1371 try {
1372 if (value == null) {
1373 value = isOrganizationAdminImpl(organization);
1374
1375 PermissionCacheUtil.putUserPrimaryKeyRole(
1376 getUserId(), organization.getOrganizationId(),
1377 RoleConstants.ORGANIZATION_ADMINISTRATOR, value);
1378 }
1379 }
1380 catch (Exception e) {
1381 PermissionCacheUtil.removeUserPrimaryKeyRole(
1382 getUserId(), organization.getOrganizationId(),
1383 RoleConstants.ORGANIZATION_ADMINISTRATOR);
1384
1385 throw e;
1386 }
1387
1388 return value;
1389 }
1390
1391 protected boolean isOrganizationAdminImpl(Organization organization)
1392 throws PortalException {
1393
1394 while (organization != null) {
1395 long organizationGroupId = organization.getGroupId();
1396
1397 long userId = getUserId();
1398
1399 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1400 userId, organizationGroupId,
1401 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
1402 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1403 userId, organizationGroupId,
1404 RoleConstants.ORGANIZATION_OWNER, true)) {
1405
1406 return true;
1407 }
1408
1409 organization = organization.getParentOrganization();
1410 }
1411
1412 return false;
1413 }
1414
1415 protected boolean isOrganizationOwnerImpl(long organizationId)
1416 throws Exception {
1417
1418 if (!signedIn) {
1419 return false;
1420 }
1421
1422 if (isOmniadmin()) {
1423 return true;
1424 }
1425
1426 if (organizationId <= 0) {
1427 return false;
1428 }
1429
1430 Organization organization =
1431 OrganizationLocalServiceUtil.fetchOrganization(organizationId);
1432
1433 if (organization == null) {
1434 return false;
1435 }
1436
1437 if (isCompanyAdmin(organization.getCompanyId())) {
1438 return true;
1439 }
1440
1441 Boolean value = PermissionCacheUtil.getUserPrimaryKeyRole(
1442 getUserId(), organization.getOrganizationId(),
1443 RoleConstants.ORGANIZATION_OWNER);
1444
1445 try {
1446 if (value == null) {
1447 value = isOrganizationOwnerImpl(organization);
1448
1449 PermissionCacheUtil.putUserPrimaryKeyRole(
1450 getUserId(), organization.getOrganizationId(),
1451 RoleConstants.ORGANIZATION_OWNER, value);
1452 }
1453 }
1454 catch (Exception e) {
1455 PermissionCacheUtil.removeUserPrimaryKeyRole(
1456 getUserId(), organization.getOrganizationId(),
1457 RoleConstants.ORGANIZATION_OWNER);
1458
1459 throw e;
1460 }
1461
1462 return value;
1463 }
1464
1465 protected boolean isOrganizationOwnerImpl(Organization organization)
1466 throws PortalException {
1467
1468 while (organization != null) {
1469 long organizationGroupId = organization.getGroupId();
1470
1471 long userId = getUserId();
1472
1473 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
1474 userId, organizationGroupId,
1475 RoleConstants.ORGANIZATION_OWNER, true)) {
1476
1477 return true;
1478 }
1479
1480 organization = organization.getParentOrganization();
1481 }
1482
1483 return false;
1484 }
1485
1486 protected void logHasUserPermission(
1487 long groupId, String name, String primKey, String actionId,
1488 StopWatch stopWatch, int block) {
1489
1490 if (!_log.isDebugEnabled()) {
1491 return;
1492 }
1493
1494 _log.debug(
1495 "Checking user permission block " + block + " for " + groupId +
1496 " " + name + " " + primKey + " " + actionId + " takes " +
1497 stopWatch.getTime() + " ms");
1498 }
1499
1500
1503 @Deprecated
1504 protected static final String RESULTS_SEPARATOR = "_RESULTS_SEPARATOR_";
1505
1506 private static final Log _log = LogFactoryUtil.getLog(
1507 AdvancedPermissionChecker.class);
1508
1509 }