001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.model.Group;
019 import com.liferay.portal.kernel.model.Role;
020 import com.liferay.portal.kernel.model.RoleConstants;
021 import com.liferay.portal.kernel.security.auth.PrincipalException;
022 import com.liferay.portal.kernel.security.permission.ActionKeys;
023 import com.liferay.portal.kernel.security.permission.PermissionChecker;
024 import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
025 import com.liferay.portal.kernel.service.RoleLocalServiceUtil;
026 import com.liferay.portal.kernel.service.permission.GroupPermissionUtil;
027 import com.liferay.portal.kernel.service.permission.OrganizationPermissionUtil;
028 import com.liferay.portal.kernel.service.permission.RolePermissionUtil;
029 import com.liferay.portal.kernel.service.permission.UserGroupRolePermission;
030
031
035 public class UserGroupRolePermissionImpl implements UserGroupRolePermission {
036
037 @Override
038 public void check(
039 PermissionChecker permissionChecker, Group group, Role role)
040 throws PortalException {
041
042 if (!contains(permissionChecker, group, role)) {
043 throw new PrincipalException();
044 }
045 }
046
047 @Override
048 public void check(
049 PermissionChecker permissionChecker, long groupId, long roleId)
050 throws PortalException {
051
052 if (!contains(permissionChecker, groupId, roleId)) {
053 throw new PrincipalException();
054 }
055 }
056
057 @Override
058 public boolean contains(
059 PermissionChecker permissionChecker, Group group, Role role)
060 throws PortalException {
061
062 if (role.getType() == RoleConstants.TYPE_REGULAR) {
063 return false;
064 }
065 else if ((role.getType() == RoleConstants.TYPE_ORGANIZATION) &&
066 !group.isOrganization()) {
067
068 return false;
069 }
070
071 if (!permissionChecker.isCompanyAdmin() &&
072 !permissionChecker.isGroupOwner(group.getGroupId())) {
073
074 String roleName = role.getName();
075
076 if (roleName.equals(
077 RoleConstants.ORGANIZATION_ADMINISTRATOR) ||
078 roleName.equals(RoleConstants.ORGANIZATION_OWNER) ||
079 roleName.equals(RoleConstants.SITE_ADMINISTRATOR) ||
080 roleName.equals(RoleConstants.SITE_OWNER)) {
081
082 return false;
083 }
084 }
085
086 if (permissionChecker.isGroupOwner(group.getGroupId()) ||
087 GroupPermissionUtil.contains(
088 permissionChecker, group, ActionKeys.ASSIGN_USER_ROLES) ||
089 OrganizationPermissionUtil.contains(
090 permissionChecker, group.getOrganizationId(),
091 ActionKeys.ASSIGN_USER_ROLES) ||
092 RolePermissionUtil.contains(
093 permissionChecker, group.getGroupId(), role.getRoleId(),
094 ActionKeys.ASSIGN_MEMBERS)) {
095
096 return true;
097 }
098 else {
099 return false;
100 }
101 }
102
103 @Override
104 public boolean contains(
105 PermissionChecker permissionChecker, long groupId, long roleId)
106 throws PortalException {
107
108 Group group = GroupLocalServiceUtil.getGroup(groupId);
109 Role role = RoleLocalServiceUtil.getRole(roleId);
110
111 return contains(permissionChecker, group, role);
112 }
113
114 }