001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.model.Group;
019 import com.liferay.portal.kernel.model.User;
020 import com.liferay.portal.kernel.security.auth.PrincipalException;
021 import com.liferay.portal.kernel.security.permission.ActionKeys;
022 import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker;
023 import com.liferay.portal.kernel.security.permission.PermissionChecker;
024 import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
025 import com.liferay.portal.kernel.service.UserLocalServiceUtil;
026 import com.liferay.portal.kernel.service.permission.GroupPermission;
027 import com.liferay.portal.kernel.service.permission.PortalPermissionUtil;
028 import com.liferay.portal.kernel.service.permission.UserPermissionUtil;
029 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
030
031
035 @OSGiBeanProperties(
036 property = {"model.class.name=com.liferay.portal.kernel.model.Group"}
037 )
038 public class GroupPermissionImpl
039 implements BaseModelPermissionChecker, GroupPermission {
040
041 @Override
042 public void check(
043 PermissionChecker permissionChecker, Group group, String actionId)
044 throws PortalException {
045
046 if (!contains(permissionChecker, group, actionId)) {
047 throw new PrincipalException.MustHavePermission(
048 permissionChecker, Group.class.getName(), group.getGroupId(),
049 actionId);
050 }
051 }
052
053 @Override
054 public void check(
055 PermissionChecker permissionChecker, long groupId, String actionId)
056 throws PortalException {
057
058 if (!contains(permissionChecker, groupId, actionId)) {
059 throw new PrincipalException.MustHavePermission(
060 permissionChecker, Group.class.getName(), groupId, actionId);
061 }
062 }
063
064 @Override
065 public void check(PermissionChecker permissionChecker, String actionId)
066 throws PortalException {
067
068 if (!contains(permissionChecker, actionId)) {
069 throw new PrincipalException.MustHavePermission(
070 permissionChecker, Group.class.getName(), Long.valueOf(0),
071 actionId);
072 }
073 }
074
075 @Override
076 public void checkBaseModel(
077 PermissionChecker permissionChecker, long groupId, long primaryKey,
078 String actionId)
079 throws PortalException {
080
081 check(permissionChecker, primaryKey, actionId);
082 }
083
084 @Override
085 public boolean contains(
086 PermissionChecker permissionChecker, Group group, String actionId)
087 throws PortalException {
088
089 if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
090 actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
091 (group.hasLocalOrRemoteStagingGroup() ||
092 group.isLayoutPrototype())) {
093
094 return false;
095 }
096
097 long groupId = group.getGroupId();
098
099 if (group.isStagingGroup()) {
100 group = group.getLiveGroup();
101 }
102
103 if (group.isUser()) {
104
105
106
107
108
109
110 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
111
112 if ((permissionChecker.getUserId() != user.getUserId()) &&
113 UserPermissionUtil.contains(
114 permissionChecker, user.getUserId(),
115 user.getOrganizationIds(), ActionKeys.UPDATE)) {
116
117 return true;
118 }
119 }
120
121 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
122 (permissionChecker.hasPermission(
123 groupId, Group.class.getName(), groupId,
124 ActionKeys.MANAGE_SUBGROUPS) ||
125 PortalPermissionUtil.contains(
126 permissionChecker, ActionKeys.ADD_COMMUNITY))) {
127
128 return true;
129 }
130 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
131 permissionChecker.hasPermission(
132 groupId, Group.class.getName(), groupId,
133 ActionKeys.MANAGE_LAYOUTS)) {
134
135 return true;
136 }
137 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
138 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
139 permissionChecker.hasPermission(
140 groupId, Group.class.getName(), groupId,
141 ActionKeys.PUBLISH_STAGING)) {
142
143 return true;
144 }
145 else if (actionId.equals(ActionKeys.VIEW) &&
146 (permissionChecker.hasPermission(
147 groupId, Group.class.getName(), groupId,
148 ActionKeys.ASSIGN_USER_ROLES) ||
149 permissionChecker.hasPermission(
150 groupId, Group.class.getName(), groupId,
151 ActionKeys.MANAGE_LAYOUTS))) {
152
153 return true;
154 }
155 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
156 (permissionChecker.hasPermission(
157 groupId, Group.class.getName(), groupId,
158 ActionKeys.MANAGE_LAYOUTS) ||
159 permissionChecker.hasPermission(
160 groupId, Group.class.getName(), groupId,
161 ActionKeys.MANAGE_STAGING) ||
162 permissionChecker.hasPermission(
163 groupId, Group.class.getName(), groupId,
164 ActionKeys.PUBLISH_STAGING) ||
165 permissionChecker.hasPermission(
166 groupId, Group.class.getName(), groupId,
167 ActionKeys.UPDATE))) {
168
169 return true;
170 }
171
172
173
174 if (permissionChecker.hasPermission(
175 groupId, Group.class.getName(), groupId, actionId)) {
176
177 return true;
178 }
179
180 while (!group.isRoot()) {
181 if (contains(
182 permissionChecker, group.getParentGroupId(),
183 ActionKeys.MANAGE_SUBGROUPS)) {
184
185 return true;
186 }
187
188 group = group.getParentGroup();
189 }
190
191 return false;
192 }
193
194 @Override
195 public boolean contains(
196 PermissionChecker permissionChecker, long groupId, String actionId)
197 throws PortalException {
198
199 if (groupId > 0) {
200 Group group = GroupLocalServiceUtil.getGroup(groupId);
201
202 return contains(permissionChecker, group, actionId);
203 }
204 else {
205 return false;
206 }
207 }
208
209 @Override
210 public boolean contains(
211 PermissionChecker permissionChecker, String actionId) {
212
213 return permissionChecker.hasPermission(
214 0, Group.class.getName(), Group.class.getName(), actionId);
215 }
216
217 }