001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.model.Contact;
021 import com.liferay.portal.kernel.model.Group;
022 import com.liferay.portal.kernel.model.Organization;
023 import com.liferay.portal.kernel.model.ResourceConstants;
024 import com.liferay.portal.kernel.model.RoleConstants;
025 import com.liferay.portal.kernel.model.User;
026 import com.liferay.portal.kernel.security.auth.PrincipalException;
027 import com.liferay.portal.kernel.security.permission.ActionKeys;
028 import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker;
029 import com.liferay.portal.kernel.security.permission.PermissionChecker;
030 import com.liferay.portal.kernel.service.OrganizationLocalServiceUtil;
031 import com.liferay.portal.kernel.service.UserGroupRoleLocalServiceUtil;
032 import com.liferay.portal.kernel.service.UserLocalServiceUtil;
033 import com.liferay.portal.kernel.service.permission.OrganizationPermissionUtil;
034 import com.liferay.portal.kernel.service.permission.UserPermission;
035 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
036 import com.liferay.portal.kernel.util.PortalUtil;
037
038 import java.util.List;
039
040
044 @OSGiBeanProperties(
045 property = {"model.class.name=com.liferay.portal.kernel.model.User"}
046 )
047 public class UserPermissionImpl
048 implements BaseModelPermissionChecker, UserPermission {
049
050
054 @Deprecated
055 @Override
056 public void check(
057 PermissionChecker permissionChecker, long userId,
058 long organizationId, long locationId, String actionId)
059 throws PrincipalException {
060
061 check(
062 permissionChecker, userId, new long[] {organizationId, locationId},
063 actionId);
064 }
065
066 @Override
067 public void check(
068 PermissionChecker permissionChecker, long userId,
069 long[] organizationIds, String actionId)
070 throws PrincipalException {
071
072 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
073 throw new PrincipalException.MustHavePermission(
074 permissionChecker, User.class.getName(), userId, actionId);
075 }
076 }
077
078 @Override
079 public void check(
080 PermissionChecker permissionChecker, long userId, String actionId)
081 throws PrincipalException {
082
083 if (!contains(permissionChecker, userId, actionId)) {
084 throw new PrincipalException.MustHavePermission(
085 permissionChecker, User.class.getName(), userId, actionId);
086 }
087 }
088
089 @Override
090 public void checkBaseModel(
091 PermissionChecker permissionChecker, long groupId, long primaryKey,
092 String actionId)
093 throws PortalException {
094
095 List<Organization> organizations =
096 OrganizationLocalServiceUtil.getUserOrganizations(primaryKey);
097
098 long[] organizationsIds = new long[organizations.size()];
099
100 for (int i = 0; i < organizations.size(); i++) {
101 Organization organization = organizations.get(i);
102
103 organizationsIds[i] = organization.getOrganizationId();
104 }
105
106 check(permissionChecker, primaryKey, organizationsIds, actionId);
107 }
108
109
113 @Deprecated
114 @Override
115 public boolean contains(
116 PermissionChecker permissionChecker, long userId, long organizationId,
117 long locationId, String actionId) {
118
119 return contains(
120 permissionChecker, userId, new long[] {organizationId, locationId},
121 actionId);
122 }
123
124 @Override
125 public boolean contains(
126 PermissionChecker permissionChecker, long userId,
127 long[] organizationIds, String actionId) {
128
129 try {
130 User user = null;
131
132 if (userId != ResourceConstants.PRIMKEY_DNE) {
133 user = UserLocalServiceUtil.getUserById(userId);
134
135 if ((actionId.equals(ActionKeys.DELETE) ||
136 actionId.equals(ActionKeys.IMPERSONATE) ||
137 actionId.equals(ActionKeys.PERMISSIONS) ||
138 actionId.equals(ActionKeys.UPDATE) ||
139 actionId.equals(ActionKeys.VIEW)) &&
140 !permissionChecker.isOmniadmin() &&
141 (PortalUtil.isOmniadmin(user) ||
142 (!permissionChecker.isCompanyAdmin() &&
143 PortalUtil.isCompanyAdmin(user)))) {
144
145 return false;
146 }
147
148 Contact contact = user.getContact();
149
150 if (permissionChecker.hasOwnerPermission(
151 permissionChecker.getCompanyId(), User.class.getName(),
152 userId, contact.getUserId(), actionId) ||
153 (permissionChecker.getUserId() == userId)) {
154
155 return true;
156 }
157 }
158
159 if (permissionChecker.hasPermission(
160 0, User.class.getName(), userId, actionId)) {
161
162 return true;
163 }
164
165 if (user == null) {
166 return false;
167 }
168
169 if (organizationIds == null) {
170 organizationIds = user.getOrganizationIds();
171 }
172
173 for (long organizationId : organizationIds) {
174 Organization organization =
175 OrganizationLocalServiceUtil.getOrganization(
176 organizationId);
177
178 if (OrganizationPermissionUtil.contains(
179 permissionChecker, organization,
180 ActionKeys.MANAGE_USERS)) {
181
182 if (permissionChecker.getUserId() == user.getUserId()) {
183 return true;
184 }
185
186 Group organizationGroup = organization.getGroup();
187
188
189
190
191 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
192 user.getUserId(), organizationGroup.getGroupId(),
193 RoleConstants.ORGANIZATION_OWNER, true)) {
194
195 continue;
196 }
197 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
198 user.getUserId(),
199 organizationGroup.getGroupId(),
200 RoleConstants.ORGANIZATION_ADMINISTRATOR,
201 true) &&
202 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
203 permissionChecker.getUserId(),
204 organizationGroup.getGroupId(),
205 RoleConstants.ORGANIZATION_OWNER, true)) {
206
207 continue;
208 }
209
210 return true;
211 }
212 }
213 }
214 catch (Exception e) {
215 _log.error(e, e);
216 }
217
218 return false;
219 }
220
221 @Override
222 public boolean contains(
223 PermissionChecker permissionChecker, long userId, String actionId) {
224
225 return contains(permissionChecker, userId, null, actionId);
226 }
227
228 private static final Log _log = LogFactoryUtil.getLog(
229 UserPermissionImpl.class);
230
231 }