001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.model.Group;
019    import com.liferay.portal.kernel.model.User;
020    import com.liferay.portal.kernel.security.auth.PrincipalException;
021    import com.liferay.portal.kernel.security.permission.ActionKeys;
022    import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker;
023    import com.liferay.portal.kernel.security.permission.PermissionChecker;
024    import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
025    import com.liferay.portal.kernel.service.UserLocalServiceUtil;
026    import com.liferay.portal.kernel.service.permission.GroupPermission;
027    import com.liferay.portal.kernel.service.permission.PortalPermissionUtil;
028    import com.liferay.portal.kernel.service.permission.UserPermissionUtil;
029    import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
030    import com.liferay.portal.util.PropsValues;
031    
032    /**
033     * @author Brian Wing Shun Chan
034     * @author Raymond Aug??
035     */
036    @OSGiBeanProperties(
037            property = {"model.class.name=com.liferay.portal.kernel.model.Group"}
038    )
039    public class GroupPermissionImpl
040            implements BaseModelPermissionChecker, GroupPermission {
041    
042            @Override
043            public void check(
044                            PermissionChecker permissionChecker, Group group, String actionId)
045                    throws PortalException {
046    
047                    if (!contains(permissionChecker, group, actionId)) {
048                            throw new PrincipalException.MustHavePermission(
049                                    permissionChecker, Group.class.getName(), group.getGroupId(),
050                                    actionId);
051                    }
052            }
053    
054            @Override
055            public void check(
056                            PermissionChecker permissionChecker, long groupId, String actionId)
057                    throws PortalException {
058    
059                    if (!contains(permissionChecker, groupId, actionId)) {
060                            throw new PrincipalException.MustHavePermission(
061                                    permissionChecker, Group.class.getName(), groupId, actionId);
062                    }
063            }
064    
065            @Override
066            public void check(PermissionChecker permissionChecker, String actionId)
067                    throws PortalException {
068    
069                    if (!contains(permissionChecker, actionId)) {
070                            throw new PrincipalException.MustHavePermission(
071                                    permissionChecker, Group.class.getName(), Long.valueOf(0),
072                                    actionId);
073                    }
074            }
075    
076            @Override
077            public void checkBaseModel(
078                            PermissionChecker permissionChecker, long groupId, long primaryKey,
079                            String actionId)
080                    throws PortalException {
081    
082                    check(permissionChecker, primaryKey, actionId);
083            }
084    
085            @Override
086            public boolean contains(
087                            PermissionChecker permissionChecker, Group group, String actionId)
088                    throws PortalException {
089    
090                    if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
091                             actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
092                            ((group.hasLocalOrRemoteStagingGroup() &&
093                              PropsValues.STAGING_LIVE_GROUP_LOCKING_ENABLED) ||
094                             group.isLayoutPrototype())) {
095    
096                            return false;
097                    }
098    
099                    long groupId = group.getGroupId();
100    
101                    if (group.isStagingGroup()) {
102                            group = group.getLiveGroup();
103                    }
104    
105                    if (group.isUser()) {
106    
107                            // An individual user would never reach this block because he would
108                            // be an administrator of his own layouts. However, a user who
109                            // manages a set of organizations may be modifying pages of a user
110                            // he manages.
111    
112                            User user = UserLocalServiceUtil.getUserById(group.getClassPK());
113    
114                            if ((permissionChecker.getUserId() != user.getUserId()) &&
115                                    UserPermissionUtil.contains(
116                                            permissionChecker, user.getUserId(),
117                                            user.getOrganizationIds(), ActionKeys.UPDATE)) {
118    
119                                    return true;
120                            }
121                    }
122    
123                    if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
124                            (permissionChecker.hasPermission(
125                                    groupId, Group.class.getName(), groupId,
126                                    ActionKeys.MANAGE_SUBGROUPS) ||
127                             PortalPermissionUtil.contains(
128                                     permissionChecker, ActionKeys.ADD_COMMUNITY))) {
129    
130                            return true;
131                    }
132                    else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
133                                     permissionChecker.hasPermission(
134                                             groupId, Group.class.getName(), groupId,
135                                             ActionKeys.MANAGE_LAYOUTS)) {
136    
137                            return true;
138                    }
139                    else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
140                                      actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO) ||
141                                      actionId.equals(ActionKeys.PUBLISH_PORTLET_INFO)) &&
142                                     permissionChecker.hasPermission(
143                                             groupId, Group.class.getName(), groupId,
144                                             ActionKeys.PUBLISH_STAGING)) {
145    
146                            return true;
147                    }
148                    else if (actionId.equals(ActionKeys.VIEW) &&
149                                     (permissionChecker.hasPermission(
150                                             groupId, Group.class.getName(), groupId,
151                                             ActionKeys.ASSIGN_USER_ROLES) ||
152                                      permissionChecker.hasPermission(
153                                             groupId, Group.class.getName(), groupId,
154                                             ActionKeys.MANAGE_LAYOUTS))) {
155    
156                            return true;
157                    }
158                    else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
159                                     (permissionChecker.hasPermission(
160                                             groupId, Group.class.getName(), groupId,
161                                             ActionKeys.MANAGE_LAYOUTS) ||
162                                      permissionChecker.hasPermission(
163                                             groupId, Group.class.getName(), groupId,
164                                             ActionKeys.MANAGE_STAGING) ||
165                                      permissionChecker.hasPermission(
166                                             groupId, Group.class.getName(), groupId,
167                                             ActionKeys.PUBLISH_STAGING) ||
168                                      permissionChecker.hasPermission(
169                                             groupId, Group.class.getName(), groupId,
170                                             ActionKeys.UPDATE))) {
171    
172                            return true;
173                    }
174    
175                    // Group id must be set so that users can modify their personal pages
176    
177                    if (permissionChecker.hasPermission(
178                                    groupId, Group.class.getName(), groupId, actionId)) {
179    
180                            return true;
181                    }
182    
183                    while (!group.isRoot()) {
184                            if (contains(
185                                            permissionChecker, group.getParentGroupId(),
186                                            ActionKeys.MANAGE_SUBGROUPS)) {
187    
188                                    return true;
189                            }
190    
191                            group = group.getParentGroup();
192                    }
193    
194                    return false;
195            }
196    
197            @Override
198            public boolean contains(
199                            PermissionChecker permissionChecker, long groupId, String actionId)
200                    throws PortalException {
201    
202                    if (groupId > 0) {
203                            Group group = GroupLocalServiceUtil.getGroup(groupId);
204    
205                            return contains(permissionChecker, group, actionId);
206                    }
207                    else {
208                            return false;
209                    }
210            }
211    
212            @Override
213            public boolean contains(
214                    PermissionChecker permissionChecker, String actionId) {
215    
216                    return permissionChecker.hasPermission(
217                            0, Group.class.getName(), Group.class.getName(), actionId);
218            }
219    
220    }