001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.asset.kernel.AssetRendererFactoryRegistryUtil;
018 import com.liferay.asset.kernel.model.AssetRendererFactory;
019 import com.liferay.portal.kernel.exception.PortalException;
020 import com.liferay.portal.kernel.jsonwebservice.JSONWebService;
021 import com.liferay.portal.kernel.jsonwebservice.JSONWebServiceMode;
022 import com.liferay.portal.kernel.model.AuditedModel;
023 import com.liferay.portal.kernel.model.Group;
024 import com.liferay.portal.kernel.model.GroupedModel;
025 import com.liferay.portal.kernel.model.PermissionedModel;
026 import com.liferay.portal.kernel.model.PortletConstants;
027 import com.liferay.portal.kernel.model.ResourceConstants;
028 import com.liferay.portal.kernel.model.ResourcePermission;
029 import com.liferay.portal.kernel.model.Role;
030 import com.liferay.portal.kernel.model.Team;
031 import com.liferay.portal.kernel.security.auth.PrincipalException;
032 import com.liferay.portal.kernel.security.permission.ActionKeys;
033 import com.liferay.portal.kernel.security.permission.BaseModelPermissionChecker;
034 import com.liferay.portal.kernel.security.permission.PermissionChecker;
035 import com.liferay.portal.kernel.security.permission.ResourceActionsUtil;
036 import com.liferay.portal.kernel.service.permission.PortletPermissionUtil;
037 import com.liferay.portal.kernel.service.permission.TeamPermissionUtil;
038 import com.liferay.portal.kernel.util.GetterUtil;
039 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
040 import com.liferay.registry.Filter;
041 import com.liferay.registry.Registry;
042 import com.liferay.registry.RegistryUtil;
043 import com.liferay.registry.ServiceReference;
044 import com.liferay.registry.ServiceTracker;
045 import com.liferay.registry.ServiceTrackerCustomizer;
046
047 import java.util.List;
048 import java.util.Map;
049 import java.util.concurrent.ConcurrentHashMap;
050
051
057 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
058
059 @Override
060 public void afterPropertiesSet() {
061 Registry registry = RegistryUtil.getRegistry();
062
063 Filter filter = registry.getFilter(
064 "(&(model.class.name=*)(objectClass=" +
065 BaseModelPermissionChecker.class.getName() + "))");
066
067 _serviceTracker = registry.trackServices(
068 filter, new BaseModelPermissionCheckerServiceTrackerCustomizer());
069
070 _serviceTracker.open();
071 }
072
073
080 @JSONWebService(mode = JSONWebServiceMode.IGNORE)
081 @Override
082 public void checkPermission(long groupId, String name, long primKey)
083 throws PortalException {
084
085 checkPermission(
086 getPermissionChecker(), groupId, name, String.valueOf(primKey));
087 }
088
089
096 @Override
097 public void checkPermission(long groupId, String name, String primKey)
098 throws PortalException {
099
100 checkPermission(getPermissionChecker(), groupId, name, primKey);
101 }
102
103 protected boolean checkBaseModelPermission(
104 PermissionChecker permissionChecker, long groupId, String className,
105 long classPK)
106 throws PortalException {
107
108 String actionId = ActionKeys.PERMISSIONS;
109
110 if (className.equals(Team.class.getName())) {
111 className = Group.class.getName();
112
113 Team team = teamLocalService.fetchTeam(classPK);
114
115 classPK = team.getGroupId();
116
117 actionId = ActionKeys.MANAGE_TEAMS;
118 }
119
120 BaseModelPermissionChecker baseModelPermissionChecker =
121 _baseModelPermissionCheckers.get(className);
122
123 if (baseModelPermissionChecker != null) {
124 baseModelPermissionChecker.checkBaseModel(
125 permissionChecker, groupId, classPK, actionId);
126
127 return true;
128 }
129
130 return false;
131 }
132
133 protected void checkPermission(
134 PermissionChecker permissionChecker, long groupId, String name,
135 String primKey)
136 throws PortalException {
137
138 if (checkBaseModelPermission(
139 permissionChecker, groupId, name,
140 GetterUtil.getLong(primKey))) {
141
142 return;
143 }
144
145 if ((primKey != null) &&
146 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
147
148 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
149
150 long plid = GetterUtil.getLong(primKey.substring(0, pos));
151
152 String portletId = primKey.substring(
153 pos + PortletConstants.LAYOUT_SEPARATOR.length());
154
155 PortletPermissionUtil.check(
156 permissionChecker, groupId, plid, portletId,
157 ActionKeys.CONFIGURATION);
158 }
159 else if (!permissionChecker.hasPermission(
160 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
161
162 AssetRendererFactory<?> assetRendererFactory =
163 AssetRendererFactoryRegistryUtil.
164 getAssetRendererFactoryByClassName(name);
165
166 if (assetRendererFactory != null) {
167 try {
168 if (assetRendererFactory.hasPermission(
169 permissionChecker, GetterUtil.getLong(primKey),
170 ActionKeys.PERMISSIONS)) {
171
172 return;
173 }
174 }
175 catch (Exception e) {
176 }
177 }
178
179 long ownerId = 0;
180
181 if (resourceBlockLocalService.isSupported(name)) {
182 PermissionedModel permissionedModel =
183 resourceBlockLocalService.getPermissionedModel(
184 name, GetterUtil.getLong(primKey));
185
186 if (permissionedModel instanceof GroupedModel) {
187 GroupedModel groupedModel = (GroupedModel)permissionedModel;
188
189 ownerId = groupedModel.getUserId();
190 }
191 else if (permissionedModel instanceof AuditedModel) {
192 AuditedModel auditedModel = (AuditedModel)permissionedModel;
193
194 ownerId = auditedModel.getUserId();
195 }
196 }
197 else {
198 ResourcePermission resourcePermission =
199 resourcePermissionLocalService.getResourcePermission(
200 permissionChecker.getCompanyId(), name,
201 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
202 permissionChecker.getOwnerRoleId());
203
204 ownerId = resourcePermission.getOwnerId();
205 }
206
207 if (permissionChecker.hasOwnerPermission(
208 permissionChecker.getCompanyId(), name, primKey, ownerId,
209 ActionKeys.PERMISSIONS)) {
210
211 return;
212 }
213
214 Role role = null;
215
216 if (name.equals(Role.class.getName())) {
217 long roleId = GetterUtil.getLong(primKey);
218
219 role = rolePersistence.findByPrimaryKey(roleId);
220 }
221
222 if ((role != null) && role.isTeam()) {
223 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
224
225 TeamPermissionUtil.check(
226 permissionChecker, team, ActionKeys.PERMISSIONS);
227 }
228 else {
229 List<String> resourceActions =
230 ResourceActionsUtil.getResourceActions(name);
231
232 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
233 !permissionChecker.hasPermission(
234 groupId, name, primKey,
235 ActionKeys.DEFINE_PERMISSIONS)) {
236
237 throw new PrincipalException.MustHavePermission(
238 permissionChecker, name, Long.valueOf(primKey),
239 ActionKeys.DEFINE_PERMISSIONS);
240 }
241 }
242 }
243 }
244
245 private final Map<String, BaseModelPermissionChecker>
246 _baseModelPermissionCheckers = new ConcurrentHashMap<>();
247 private ServiceTracker
248 <BaseModelPermissionChecker, BaseModelPermissionChecker>
249 _serviceTracker;
250
251 private class BaseModelPermissionCheckerServiceTrackerCustomizer
252 implements
253 ServiceTrackerCustomizer
254 <BaseModelPermissionChecker, BaseModelPermissionChecker> {
255
256 @Override
257 public BaseModelPermissionChecker addingService(
258 ServiceReference<BaseModelPermissionChecker> serviceReference) {
259
260 Registry registry = RegistryUtil.getRegistry();
261
262 BaseModelPermissionChecker baseModelPermissionChecker =
263 registry.getService(serviceReference);
264
265 String modelClassName = GetterUtil.getString(
266 serviceReference.getProperty("model.class.name"));
267
268 _baseModelPermissionCheckers.put(
269 modelClassName, baseModelPermissionChecker);
270
271 return baseModelPermissionChecker;
272 }
273
274 @Override
275 public void modifiedService(
276 ServiceReference<BaseModelPermissionChecker> serviceReference,
277 BaseModelPermissionChecker baseModelPermissionChecker) {
278 }
279
280 @Override
281 public void removedService(
282 ServiceReference<BaseModelPermissionChecker> serviceReference,
283 BaseModelPermissionChecker baseModelPermissionChecker) {
284
285 Registry registry = RegistryUtil.getRegistry();
286
287 registry.ungetService(serviceReference);
288
289 String modelClassName = GetterUtil.getString(
290 serviceReference.getProperty("model.class.name"));
291
292 _baseModelPermissionCheckers.remove(modelClassName);
293 }
294
295 }
296
297 }