001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.security.permission;
016    
017    import aQute.bnd.annotation.ProviderType;
018    
019    import com.liferay.portal.kernel.model.User;
020    
021    import java.util.List;
022    
023    /**
024     * @author Brian Wing Shun Chan
025     */
026    @ProviderType
027    public interface PermissionChecker extends Cloneable {
028    
029            public static final long[] DEFAULT_ROLE_IDS = {};
030    
031            public PermissionChecker clone();
032    
033            /**
034             * Returns the primary key of the user's company.
035             *
036             * @return the primary key of the user's company
037             */
038            public long getCompanyId();
039    
040            public List<Long> getOwnerResourceBlockIds(
041                    long companyId, long groupId, String name, String actionId);
042    
043            /**
044             * Returns the primary key of the owner role. This role is automatically
045             * given to the creator of a resource.
046             *
047             * @return the primary key of the owner role
048             */
049            public long getOwnerRoleId();
050    
051            public List<Long> getResourceBlockIds(
052                    long companyId, long groupId, long userId, String name,
053                    String actionId);
054    
055            /**
056             * Returns the primary keys of the roles the user has within the group.
057             *
058             * @param  userId the primary key of the user
059             * @param  groupId the primary key of the group
060             * @return the primary keys of the roles the user has within the group
061             */
062            public long[] getRoleIds(long userId, long groupId);
063    
064            public User getUser();
065    
066            public UserBag getUserBag() throws Exception;
067    
068            /**
069             * Returns the primary key of the user.
070             *
071             * @return the primary key of the user
072             */
073            public long getUserId();
074    
075            /**
076             * Returns <code>true</code> if the user is the owner of the resource and
077             * has permission to perform the action.
078             *
079             * @param  companyId the primary key of the user's company
080             * @param  name the resource's name, which can be either a class name or a
081             *         portlet ID
082             * @param  primKey the primary key of the resource
083             * @param  ownerId the primary key of the resource's owner
084             * @param  actionId the action ID
085             * @return <code>true</code> if the user is the owner of the resource and
086             *         has permission to perform the action; <code>false</code>
087             *         otherwise
088             */
089            public boolean hasOwnerPermission(
090                    long companyId, String name, long primKey, long ownerId,
091                    String actionId);
092    
093            /**
094             * Returns <code>true</code> if the user is the owner of the resource and
095             * has permission to perform the action.
096             *
097             * @param  companyId the primary key of the user's company
098             * @param  name the resource's name, which can be either a class name or a
099             *         portlet ID
100             * @param  primKey the primary key of the resource
101             * @param  ownerId the primary key of the resource's owner
102             * @param  actionId the action ID
103             * @return <code>true</code> if the user is the owner of the resource and
104             *         has permission to perform the action; <code>false</code>
105             *         otherwise
106             */
107            public boolean hasOwnerPermission(
108                    long companyId, String name, String primKey, long ownerId,
109                    String actionId);
110    
111            /**
112             * Returns <code>true</code> if the user has permission to perform the
113             * action on the resource.
114             *
115             * @param  groupId the primary key of the group containing the resource
116             * @param  name the resource's name, which can be either a class name or a
117             *         portlet ID
118             * @param  primKey the primary key of the resource
119             * @param  actionId the action ID
120             * @return <code>true</code> if the user has permission to perform the
121             *         action on the resource; <code>false</code> otherwise
122             */
123            public boolean hasPermission(
124                    long groupId, String name, long primKey, String actionId);
125    
126            /**
127             * Returns <code>true</code> if the user has permission to perform the
128             * action on the resource.
129             *
130             * @param  groupId the primary key of the group containing the resource
131             * @param  name the resource's name, which can be either a class name or a
132             *         portlet ID
133             * @param  primKey the primary key of the resource
134             * @param  actionId the action ID
135             * @return <code>true</code> if the user has permission to perform the
136             *         action on the resource; <code>false</code> otherwise
137             */
138            public boolean hasPermission(
139                    long groupId, String name, String primKey, String actionId);
140    
141            /**
142             * Initializes this permission checker.
143             *
144             * @param user the current user
145             */
146            public void init(User user);
147    
148            /**
149             * Returns <code>true</code> if guest permissions will be used in permission
150             * checks.
151             *
152             * @return <code>true</code> if guest permissions will be used in permission
153             *         checks; <code>false</code> otherwise
154             */
155            public boolean isCheckGuest();
156    
157            /**
158             * Returns <code>true</code> if the user is an administrator of their
159             * company.
160             *
161             * @return <code>true</code> if the user is an administrator of their
162             *         company; <code>false</code> otherwise
163             */
164            public boolean isCompanyAdmin();
165    
166            /**
167             * Returns <code>true</code> if the user is an administrator of the company.
168             *
169             * @param  companyId the primary key of the company
170             * @return <code>true</code> if the user is an administrator of the company;
171             *         <code>false</code> otherwise
172             */
173            public boolean isCompanyAdmin(long companyId);
174    
175            /**
176             * Returns <code>true</code> if the user is a content reviewer or has
177             * sufficient permissions to review content (i.e. the user is a company or
178             * group administrator).
179             *
180             * @param  companyId the primary key of the company
181             * @param  groupId the primary key of the group
182             * @return <code>true</code> if the user is a reviewer or has sufficient
183             *         permissions to review content; <code>false</code> otherwise
184             */
185            public boolean isContentReviewer(long companyId, long groupId);
186    
187            /**
188             * Returns <code>true</code> if the user is an administrator of the group.
189             *
190             * @param  groupId the primary key of the group
191             * @return <code>true</code> if the user is an administrator of the group;
192             *         <code>false</code> otherwise
193             */
194            public boolean isGroupAdmin(long groupId);
195    
196            /**
197             * Returns <code>true</code> if the user is a member of the group.
198             *
199             * @param  groupId the primary key of the group
200             * @return <code>true</code> if the user is a member of the group;
201             *         <code>false</code> otherwise
202             */
203            public boolean isGroupMember(long groupId);
204    
205            /**
206             * Returns <code>true</code> if the user is the owner of the group.
207             *
208             * @param  groupId the primary key of the group
209             * @return <code>true</code> if the user is the owner of the group;
210             *         <code>false</code> otherwise
211             */
212            public boolean isGroupOwner(long groupId);
213    
214            /**
215             * Returns <code>true</code> if the user is a universal administrator.
216             *
217             * @return <code>true</code> if the user is a universal administrator;
218             *         <code>false</code> otherwise
219             * @see    com.liferay.portlet.admin.util.OmniadminUtil
220             */
221            public boolean isOmniadmin();
222    
223            /**
224             * Returns <code>true</code> if the user is an administrator of the
225             * organization.
226             *
227             * @param  organizationId the primary key of the organization
228             * @return <code>true</code> if the user is an administrator of the
229             *         organization; <code>false</code> otherwise
230             */
231            public boolean isOrganizationAdmin(long organizationId);
232    
233            /**
234             * Returns <code>true</code> if the user is an owner of the organization.
235             *
236             * @param  organizationId the primary key of the organization
237             * @return <code>true</code> if the user is an owner of the organization;
238             *         <code>false</code> otherwise
239             */
240            public boolean isOrganizationOwner(long organizationId);
241    
242            /**
243             * Returns <code>true</code> if the user is signed in.
244             *
245             * @return <code>true</code> if the user is signed in; <code>false</code>
246             *         otherwise
247             */
248            public boolean isSignedIn();
249    
250    }