001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.documentlibrary.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.portlet.PortletProvider;
019    import com.liferay.portal.kernel.portlet.PortletProviderUtil;
020    import com.liferay.portal.kernel.repository.model.Folder;
021    import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
022    import com.liferay.portal.security.auth.PrincipalException;
023    import com.liferay.portal.security.permission.ActionKeys;
024    import com.liferay.portal.security.permission.BaseModelPermissionChecker;
025    import com.liferay.portal.security.permission.PermissionChecker;
026    import com.liferay.portal.util.PropsValues;
027    import com.liferay.portlet.documentlibrary.exception.NoSuchFolderException;
028    import com.liferay.portlet.documentlibrary.model.DLFolder;
029    import com.liferay.portlet.documentlibrary.model.DLFolderConstants;
030    import com.liferay.portlet.documentlibrary.service.DLAppLocalServiceUtil;
031    import com.liferay.portlet.documentlibrary.service.DLFolderLocalServiceUtil;
032    import com.liferay.portlet.exportimport.staging.permission.StagingPermissionUtil;
033    
034    /**
035     * @author Brian Wing Shun Chan
036     */
037    @OSGiBeanProperties(
038            property = {
039                    "model.class.name=com.liferay.portlet.documentlibrary.model.DLFolder"
040            }
041    )
042    public class DLFolderPermission implements BaseModelPermissionChecker {
043    
044            public static void check(
045                            PermissionChecker permissionChecker, DLFolder dlFolder,
046                            String actionId)
047                    throws PortalException {
048    
049                    if (!contains(permissionChecker, dlFolder, actionId)) {
050                            throw new PrincipalException.MustHavePermission(
051                                    permissionChecker, DLFolder.class.getName(),
052                                    dlFolder.getFolderId(), actionId);
053                    }
054            }
055    
056            public static void check(
057                            PermissionChecker permissionChecker, Folder folder, String actionId)
058                    throws PortalException {
059    
060                    if (!folder.containsPermission(permissionChecker, actionId)) {
061                            throw new PrincipalException.MustHavePermission(
062                                    permissionChecker, Folder.class.getName(), folder.getFolderId(),
063                                    actionId);
064                    }
065            }
066    
067            public static void check(
068                            PermissionChecker permissionChecker, long groupId, long folderId,
069                            String actionId)
070                    throws PortalException {
071    
072                    if (!contains(permissionChecker, groupId, folderId, actionId)) {
073                            throw new PrincipalException.MustHavePermission(
074                                    permissionChecker, Folder.class.getName(), folderId, actionId);
075                    }
076            }
077    
078            public static boolean contains(
079                            PermissionChecker permissionChecker, DLFolder dlFolder,
080                            String actionId)
081                    throws PortalException {
082    
083                    if (actionId.equals(ActionKeys.ADD_FOLDER)) {
084                            actionId = ActionKeys.ADD_SUBFOLDER;
085                    }
086    
087                    String portletId = PortletProviderUtil.getPortletId(
088                            Folder.class.getName(), PortletProvider.Action.EDIT);
089    
090                    Boolean hasPermission = StagingPermissionUtil.hasPermission(
091                            permissionChecker, dlFolder.getGroupId(), DLFolder.class.getName(),
092                            dlFolder.getFolderId(), portletId, actionId);
093    
094                    if (hasPermission != null) {
095                            return hasPermission.booleanValue();
096                    }
097    
098                    if (actionId.equals(ActionKeys.VIEW) &&
099                            PropsValues.PERMISSIONS_VIEW_DYNAMIC_INHERITANCE) {
100    
101                            try {
102                                    long dlFolderId = dlFolder.getFolderId();
103    
104                                    while (dlFolderId !=
105                                                            DLFolderConstants.DEFAULT_PARENT_FOLDER_ID) {
106    
107                                            dlFolder = DLFolderLocalServiceUtil.getFolder(dlFolderId);
108    
109                                            if (!_hasPermission(
110                                                            permissionChecker, dlFolder, actionId)) {
111    
112                                                    return false;
113                                            }
114    
115                                            dlFolderId = dlFolder.getParentFolderId();
116                                    }
117                            }
118                            catch (NoSuchFolderException nsfe) {
119                                    if (!dlFolder.isInTrash()) {
120                                            throw nsfe;
121                                    }
122                            }
123    
124                            return DLPermission.contains(
125                                    permissionChecker, dlFolder.getGroupId(), actionId);
126                    }
127    
128                    return _hasPermission(permissionChecker, dlFolder, actionId);
129            }
130    
131            public static boolean contains(
132                            PermissionChecker permissionChecker, Folder folder, String actionId)
133                    throws PortalException {
134    
135                    return folder.containsPermission(permissionChecker, actionId);
136            }
137    
138            public static boolean contains(
139                            PermissionChecker permissionChecker, long groupId, long folderId,
140                            String actionId)
141                    throws PortalException {
142    
143                    if (folderId == DLFolderConstants.DEFAULT_PARENT_FOLDER_ID) {
144    
145                            // Prevent the propagation of checks for actions that are not
146                            // supported at the application resource level. See LPS-24245.
147    
148                            if (actionId.equals(ActionKeys.ACCESS) ||
149                                    actionId.equals(ActionKeys.ADD_SUBFOLDER) ||
150                                    actionId.equals(ActionKeys.DELETE)) {
151    
152                                    return false;
153                            }
154    
155                            return DLPermission.contains(permissionChecker, groupId, actionId);
156                    }
157    
158                    Folder folder = DLAppLocalServiceUtil.getFolder(folderId);
159    
160                    return folder.containsPermission(permissionChecker, actionId);
161            }
162    
163            @Override
164            public void checkBaseModel(
165                            PermissionChecker permissionChecker, long groupId, long primaryKey,
166                            String actionId)
167                    throws PortalException {
168    
169                    check(permissionChecker, groupId, primaryKey, actionId);
170            }
171    
172            private static boolean _hasPermission(
173                    PermissionChecker permissionChecker, DLFolder dlFolder,
174                    String actionId) {
175    
176                    if (permissionChecker.hasOwnerPermission(
177                                    dlFolder.getCompanyId(), DLFolder.class.getName(),
178                                    dlFolder.getFolderId(), dlFolder.getUserId(), actionId) ||
179                            permissionChecker.hasPermission(
180                                    dlFolder.getGroupId(), DLFolder.class.getName(),
181                                    dlFolder.getFolderId(), actionId)) {
182    
183                            return true;
184                    }
185    
186                    return false;
187            }
188    
189    }