001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.model.Group;
019 import com.liferay.portal.kernel.model.User;
020 import com.liferay.portal.kernel.security.auth.PrincipalException;
021 import com.liferay.portal.kernel.security.permission.ActionKeys;
022 import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker;
023 import com.liferay.portal.kernel.security.permission.PermissionChecker;
024 import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
025 import com.liferay.portal.kernel.service.UserLocalServiceUtil;
026 import com.liferay.portal.kernel.service.permission.GroupPermission;
027 import com.liferay.portal.kernel.service.permission.PortalPermissionUtil;
028 import com.liferay.portal.kernel.service.permission.UserPermissionUtil;
029 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
030 import com.liferay.portal.util.PropsValues;
031
032
036 @OSGiBeanProperties(
037 property = {"model.class.name=com.liferay.portal.kernel.model.Group"}
038 )
039 public class GroupPermissionImpl
040 implements BaseModelPermissionChecker, GroupPermission {
041
042 @Override
043 public void check(
044 PermissionChecker permissionChecker, Group group, String actionId)
045 throws PortalException {
046
047 if (!contains(permissionChecker, group, actionId)) {
048 throw new PrincipalException.MustHavePermission(
049 permissionChecker, Group.class.getName(), group.getGroupId(),
050 actionId);
051 }
052 }
053
054 @Override
055 public void check(
056 PermissionChecker permissionChecker, long groupId, String actionId)
057 throws PortalException {
058
059 if (!contains(permissionChecker, groupId, actionId)) {
060 throw new PrincipalException.MustHavePermission(
061 permissionChecker, Group.class.getName(), groupId, actionId);
062 }
063 }
064
065 @Override
066 public void check(PermissionChecker permissionChecker, String actionId)
067 throws PortalException {
068
069 if (!contains(permissionChecker, actionId)) {
070 throw new PrincipalException.MustHavePermission(
071 permissionChecker, Group.class.getName(), Long.valueOf(0),
072 actionId);
073 }
074 }
075
076 @Override
077 public void checkBaseModel(
078 PermissionChecker permissionChecker, long groupId, long primaryKey,
079 String actionId)
080 throws PortalException {
081
082 check(permissionChecker, primaryKey, actionId);
083 }
084
085 @Override
086 public boolean contains(
087 PermissionChecker permissionChecker, Group group, String actionId)
088 throws PortalException {
089
090 if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
091 actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
092 ((group.hasLocalOrRemoteStagingGroup() &&
093 PropsValues.STAGING_LIVE_GROUP_LOCKING_ENABLED) ||
094 group.isLayoutPrototype())) {
095
096 return false;
097 }
098
099 long groupId = group.getGroupId();
100
101 if (group.isStagingGroup()) {
102 group = group.getLiveGroup();
103 }
104
105 if (group.isUser()) {
106
107
108
109
110
111
112 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
113
114 if ((permissionChecker.getUserId() != user.getUserId()) &&
115 UserPermissionUtil.contains(
116 permissionChecker, user.getUserId(),
117 user.getOrganizationIds(), ActionKeys.UPDATE)) {
118
119 return true;
120 }
121 }
122
123 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
124 (permissionChecker.hasPermission(
125 groupId, Group.class.getName(), groupId,
126 ActionKeys.MANAGE_SUBGROUPS) ||
127 PortalPermissionUtil.contains(
128 permissionChecker, ActionKeys.ADD_COMMUNITY))) {
129
130 return true;
131 }
132 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
133 permissionChecker.hasPermission(
134 groupId, Group.class.getName(), groupId,
135 ActionKeys.MANAGE_LAYOUTS)) {
136
137 return true;
138 }
139 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
140 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO) ||
141 actionId.equals(ActionKeys.PUBLISH_PORTLET_INFO)) &&
142 permissionChecker.hasPermission(
143 groupId, Group.class.getName(), groupId,
144 ActionKeys.PUBLISH_STAGING)) {
145
146 return true;
147 }
148 else if (actionId.equals(ActionKeys.VIEW) &&
149 (permissionChecker.hasPermission(
150 groupId, Group.class.getName(), groupId,
151 ActionKeys.ASSIGN_USER_ROLES) ||
152 permissionChecker.hasPermission(
153 groupId, Group.class.getName(), groupId,
154 ActionKeys.MANAGE_LAYOUTS))) {
155
156 return true;
157 }
158 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
159 (permissionChecker.hasPermission(
160 groupId, Group.class.getName(), groupId,
161 ActionKeys.MANAGE_LAYOUTS) ||
162 permissionChecker.hasPermission(
163 groupId, Group.class.getName(), groupId,
164 ActionKeys.MANAGE_STAGING) ||
165 permissionChecker.hasPermission(
166 groupId, Group.class.getName(), groupId,
167 ActionKeys.PUBLISH_STAGING) ||
168 permissionChecker.hasPermission(
169 groupId, Group.class.getName(), groupId,
170 ActionKeys.UPDATE))) {
171
172 return true;
173 }
174
175
176
177 if (permissionChecker.hasPermission(
178 groupId, Group.class.getName(), groupId, actionId)) {
179
180 return true;
181 }
182
183 while (!group.isRoot()) {
184 if (contains(
185 permissionChecker, group.getParentGroupId(),
186 ActionKeys.MANAGE_SUBGROUPS)) {
187
188 return true;
189 }
190
191 group = group.getParentGroup();
192 }
193
194 return false;
195 }
196
197 @Override
198 public boolean contains(
199 PermissionChecker permissionChecker, long groupId, String actionId)
200 throws PortalException {
201
202 if (groupId > 0) {
203 Group group = GroupLocalServiceUtil.getGroup(groupId);
204
205 return contains(permissionChecker, group, actionId);
206 }
207 else {
208 return false;
209 }
210 }
211
212 @Override
213 public boolean contains(
214 PermissionChecker permissionChecker, String actionId) {
215
216 return permissionChecker.hasPermission(
217 0, Group.class.getName(), Group.class.getName(), actionId);
218 }
219
220 }