001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
021 import com.liferay.portal.model.Contact;
022 import com.liferay.portal.model.Group;
023 import com.liferay.portal.model.Organization;
024 import com.liferay.portal.model.ResourceConstants;
025 import com.liferay.portal.model.RoleConstants;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.BaseModelPermissionChecker;
030 import com.liferay.portal.security.permission.PermissionChecker;
031 import com.liferay.portal.service.OrganizationLocalServiceUtil;
032 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
033 import com.liferay.portal.service.UserLocalServiceUtil;
034 import com.liferay.portal.util.PortalUtil;
035
036 import java.util.List;
037
038
042 @OSGiBeanProperties(
043 property = {"model.class.name=com.liferay.portal.model.User"}
044 )
045 public class UserPermissionImpl
046 implements BaseModelPermissionChecker, UserPermission {
047
048
052 @Deprecated
053 @Override
054 public void check(
055 PermissionChecker permissionChecker, long userId,
056 long organizationId, long locationId, String actionId)
057 throws PrincipalException {
058
059 check(
060 permissionChecker, userId, new long[] {organizationId, locationId},
061 actionId);
062 }
063
064 @Override
065 public void check(
066 PermissionChecker permissionChecker, long userId,
067 long[] organizationIds, String actionId)
068 throws PrincipalException {
069
070 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
071 throw new PrincipalException.MustHavePermission(
072 permissionChecker, User.class.getName(), userId, actionId);
073 }
074 }
075
076 @Override
077 public void check(
078 PermissionChecker permissionChecker, long userId, String actionId)
079 throws PrincipalException {
080
081 if (!contains(permissionChecker, userId, actionId)) {
082 throw new PrincipalException.MustHavePermission(
083 permissionChecker, User.class.getName(), userId, actionId);
084 }
085 }
086
087 @Override
088 public void checkBaseModel(
089 PermissionChecker permissionChecker, long groupId, long primaryKey,
090 String actionId)
091 throws PortalException {
092
093 List<Organization> organizations =
094 OrganizationLocalServiceUtil.getUserOrganizations(primaryKey);
095
096 long[] organizationsIds = new long[organizations.size()];
097
098 for (int i = 0; i < organizations.size(); i++) {
099 Organization organization = organizations.get(i);
100
101 organizationsIds[i] = organization.getOrganizationId();
102 }
103
104 check(permissionChecker, primaryKey, organizationsIds, actionId);
105 }
106
107
111 @Deprecated
112 @Override
113 public boolean contains(
114 PermissionChecker permissionChecker, long userId, long organizationId,
115 long locationId, String actionId) {
116
117 return contains(
118 permissionChecker, userId, new long[] {organizationId, locationId},
119 actionId);
120 }
121
122 @Override
123 public boolean contains(
124 PermissionChecker permissionChecker, long userId,
125 long[] organizationIds, String actionId) {
126
127 try {
128 User user = null;
129
130 if (userId != ResourceConstants.PRIMKEY_DNE) {
131 user = UserLocalServiceUtil.getUserById(userId);
132
133 if ((actionId.equals(ActionKeys.DELETE) ||
134 actionId.equals(ActionKeys.IMPERSONATE) ||
135 actionId.equals(ActionKeys.PERMISSIONS) ||
136 actionId.equals(ActionKeys.UPDATE) ||
137 actionId.equals(ActionKeys.VIEW)) &&
138 !permissionChecker.isOmniadmin() &&
139 (PortalUtil.isOmniadmin(user) ||
140 (!permissionChecker.isCompanyAdmin() &&
141 PortalUtil.isCompanyAdmin(user)))) {
142
143 return false;
144 }
145
146 Contact contact = user.getContact();
147
148 if (permissionChecker.hasOwnerPermission(
149 permissionChecker.getCompanyId(), User.class.getName(),
150 userId, contact.getUserId(), actionId) ||
151 (permissionChecker.getUserId() == userId)) {
152
153 return true;
154 }
155 }
156
157 if (permissionChecker.hasPermission(
158 0, User.class.getName(), userId, actionId)) {
159
160 return true;
161 }
162
163 if (user == null) {
164 return false;
165 }
166
167 if (organizationIds == null) {
168 organizationIds = user.getOrganizationIds();
169 }
170
171 for (long organizationId : organizationIds) {
172 Organization organization =
173 OrganizationLocalServiceUtil.getOrganization(
174 organizationId);
175
176 if (OrganizationPermissionUtil.contains(
177 permissionChecker, organization,
178 ActionKeys.MANAGE_USERS)) {
179
180 if (permissionChecker.getUserId() == user.getUserId()) {
181 return true;
182 }
183
184 Group organizationGroup = organization.getGroup();
185
186
187
188
189 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
190 user.getUserId(), organizationGroup.getGroupId(),
191 RoleConstants.ORGANIZATION_OWNER, true)) {
192
193 continue;
194 }
195 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
196 user.getUserId(),
197 organizationGroup.getGroupId(),
198 RoleConstants.ORGANIZATION_ADMINISTRATOR,
199 true) &&
200 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
201 permissionChecker.getUserId(),
202 organizationGroup.getGroupId(),
203 RoleConstants.ORGANIZATION_OWNER, true)) {
204
205 continue;
206 }
207
208 return true;
209 }
210 }
211 }
212 catch (Exception e) {
213 _log.error(e, e);
214 }
215
216 return false;
217 }
218
219 @Override
220 public boolean contains(
221 PermissionChecker permissionChecker, long userId, String actionId) {
222
223 return contains(permissionChecker, userId, null, actionId);
224 }
225
226 private static final Log _log = LogFactoryUtil.getLog(
227 UserPermissionImpl.class);
228
229 }