001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.membershippolicy;
016    
017    import com.liferay.portal.kernel.dao.orm.ActionableDynamicQuery;
018    import com.liferay.portal.kernel.exception.PortalException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.Organization;
021    import com.liferay.portal.model.Role;
022    import com.liferay.portal.model.RoleConstants;
023    import com.liferay.portal.model.UserGroupRole;
024    import com.liferay.portal.security.permission.PermissionChecker;
025    import com.liferay.portal.service.OrganizationLocalServiceUtil;
026    import com.liferay.portal.service.RoleLocalServiceUtil;
027    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
028    import com.liferay.portal.service.persistence.UserGroupRolePK;
029    
030    import java.io.Serializable;
031    
032    import java.util.ArrayList;
033    import java.util.List;
034    import java.util.Map;
035    
036    /**
037     * @author Roberto D??az
038     * @author Sergio Gonz??lez
039     */
040    public abstract class BaseOrganizationMembershipPolicy
041            implements OrganizationMembershipPolicy {
042    
043            @Override
044            @SuppressWarnings("unused")
045            public void checkRoles(
046                            List<UserGroupRole> addUserGroupRoles,
047                            List<UserGroupRole> removeUserGroupRoles)
048                    throws PortalException {
049            }
050    
051            @Override
052            @SuppressWarnings("unused")
053            public boolean isMembershipAllowed(long userId, long organizationId)
054                    throws PortalException {
055    
056                    try {
057                            checkMembership(
058                                    new long[] {userId}, new long[] {organizationId}, null);
059                    }
060                    catch (Exception e) {
061                            return false;
062                    }
063    
064                    return true;
065            }
066    
067            @Override
068            public boolean isMembershipProtected(
069                            PermissionChecker permissionChecker, long userId,
070                            long organizationId)
071                    throws PortalException {
072    
073                    if (permissionChecker.isOrganizationOwner(organizationId)) {
074                            return false;
075                    }
076    
077                    Organization organization =
078                            OrganizationLocalServiceUtil.getOrganization(organizationId);
079    
080                    Group group = organization.getGroup();
081    
082                    Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
083                            permissionChecker.getCompanyId(),
084                            RoleConstants.ORGANIZATION_ADMINISTRATOR);
085    
086                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
087                                    userId, group.getGroupId(),
088                                    organizationAdministratorRole.getRoleId())) {
089    
090                            return true;
091                    }
092    
093                    Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
094                            permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
095    
096                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
097                                    userId, group.getGroupId(),
098                                    organizationOwnerRole.getRoleId())) {
099    
100                            return true;
101                    }
102    
103                    return false;
104            }
105    
106            @Override
107            @SuppressWarnings("unused")
108            public boolean isMembershipRequired(long userId, long organizationId)
109                    throws PortalException {
110    
111                    try {
112                            checkMembership(
113                                    new long[] {userId}, null, new long[] {organizationId});
114                    }
115                    catch (Exception e) {
116                            return true;
117                    }
118    
119                    return false;
120            }
121    
122            @Override
123            public boolean isRoleAllowed(long userId, long organizationId, long roleId)
124                    throws PortalException {
125    
126                    List<UserGroupRole> userGroupRoles = new ArrayList<>();
127    
128                    Organization organization =
129                            OrganizationLocalServiceUtil.getOrganization(organizationId);
130    
131                    UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
132                            userId, organization.getGroupId(), roleId);
133    
134                    UserGroupRole userGroupRole =
135                            UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
136    
137                    userGroupRoles.add(userGroupRole);
138    
139                    try {
140                            checkRoles(userGroupRoles, null);
141                    }
142                    catch (Exception e) {
143                            return false;
144                    }
145    
146                    return true;
147            }
148    
149            @Override
150            public boolean isRoleProtected(
151                            PermissionChecker permissionChecker, long userId,
152                            long organizationId, long roleId)
153                    throws PortalException {
154    
155                    if (permissionChecker.isOrganizationOwner(organizationId)) {
156                            return false;
157                    }
158    
159                    Role role = RoleLocalServiceUtil.getRole(roleId);
160    
161                    String roleName = role.getName();
162    
163                    if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
164                            !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
165    
166                            return false;
167                    }
168    
169                    Organization organization =
170                            OrganizationLocalServiceUtil.getOrganization(organizationId);
171    
172                    Group group = organization.getGroup();
173    
174                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
175                                    userId, group.getGroupId(), role.getRoleId())) {
176    
177                            return true;
178                    }
179    
180                    return false;
181            }
182    
183            @Override
184            public boolean isRoleRequired(long userId, long organizationId, long roleId)
185                    throws PortalException {
186    
187                    List<UserGroupRole> userGroupRoles = new ArrayList<>();
188    
189                    Organization organization =
190                            OrganizationLocalServiceUtil.getOrganization(organizationId);
191    
192                    UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
193                            userId, organization.getGroupId(), roleId);
194    
195                    UserGroupRole userGroupRole =
196                            UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
197    
198                    userGroupRoles.add(userGroupRole);
199    
200                    try {
201                            checkRoles(null, userGroupRoles);
202                    }
203                    catch (Exception e) {
204                            return true;
205                    }
206    
207                    return false;
208            }
209    
210            @Override
211            public void propagateRoles(
212                    List<UserGroupRole> addUserGroupRoles,
213                    List<UserGroupRole> removeUserGroupRoles) {
214            }
215    
216            @Override
217            public void verifyPolicy() throws PortalException {
218                    ActionableDynamicQuery organizationActionableDynamicQuery =
219                            OrganizationLocalServiceUtil.getActionableDynamicQuery();
220    
221                    organizationActionableDynamicQuery.setPerformActionMethod(
222                            new ActionableDynamicQuery.PerformActionMethod<Organization>() {
223    
224                                    @Override
225                                    public void performAction(Organization organization)
226                                            throws PortalException {
227    
228                                            verifyPolicy(organization);
229    
230                                            ActionableDynamicQuery userGroupRoleActionableDynamicQuery =
231                                                    UserGroupRoleLocalServiceUtil.
232                                                            getActionableDynamicQuery();
233    
234                                            userGroupRoleActionableDynamicQuery.setGroupId(
235                                                    organization.getGroupId());
236                                            userGroupRoleActionableDynamicQuery.setPerformActionMethod(
237                                                    new ActionableDynamicQuery.
238                                                            PerformActionMethod<UserGroupRole>() {
239    
240                                                            @Override
241                                                            public void performAction(
242                                                                            UserGroupRole userGroupRole)
243                                                                    throws PortalException {
244    
245                                                                    verifyPolicy(userGroupRole.getRole());
246                                                            }
247    
248                                                    });
249    
250                                            userGroupRoleActionableDynamicQuery.performActions();
251                                    }
252    
253                            });
254    
255                    organizationActionableDynamicQuery.performActions();
256            }
257    
258            @Override
259            public void verifyPolicy(Organization organization) throws PortalException {
260                    verifyPolicy(organization, null, null, null, null);
261            }
262    
263            @Override
264            public void verifyPolicy(Role role) {
265            }
266    
267            @Override
268            public void verifyPolicy(
269                    Role role, Role oldRole,
270                    Map<String, Serializable> oldExpandoAttributes) {
271            }
272    
273    }