001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.kernel.security.permission; 016 017 import aQute.bnd.annotation.ProviderType; 018 019 import com.liferay.portal.kernel.model.User; 020 021 import java.util.List; 022 023 /** 024 * @author Brian Wing Shun Chan 025 */ 026 @ProviderType 027 public interface PermissionChecker extends Cloneable { 028 029 public static final long[] DEFAULT_ROLE_IDS = {}; 030 031 public PermissionChecker clone(); 032 033 /** 034 * Returns the primary key of the user's company. 035 * 036 * @return the primary key of the user's company 037 */ 038 public long getCompanyId(); 039 040 public List<Long> getOwnerResourceBlockIds( 041 long companyId, long groupId, String name, String actionId); 042 043 /** 044 * Returns the primary key of the owner role. This role is automatically 045 * given to the creator of a resource. 046 * 047 * @return the primary key of the owner role 048 */ 049 public long getOwnerRoleId(); 050 051 public List<Long> getResourceBlockIds( 052 long companyId, long groupId, long userId, String name, 053 String actionId); 054 055 /** 056 * Returns the primary keys of the roles the user has within the group. 057 * 058 * @param userId the primary key of the user 059 * @param groupId the primary key of the group 060 * @return the primary keys of the roles the user has within the group 061 */ 062 public long[] getRoleIds(long userId, long groupId); 063 064 public User getUser(); 065 066 public UserBag getUserBag() throws Exception; 067 068 /** 069 * Returns the primary key of the user. 070 * 071 * @return the primary key of the user 072 */ 073 public long getUserId(); 074 075 /** 076 * Returns <code>true</code> if the user is the owner of the resource and 077 * has permission to perform the action. 078 * 079 * @param companyId the primary key of the user's company 080 * @param name the resource's name, which can be either a class name or a 081 * portlet ID 082 * @param primKey the primary key of the resource 083 * @param ownerId the primary key of the resource's owner 084 * @param actionId the action ID 085 * @return <code>true</code> if the user is the owner of the resource and 086 * has permission to perform the action; <code>false</code> 087 * otherwise 088 */ 089 public boolean hasOwnerPermission( 090 long companyId, String name, long primKey, long ownerId, 091 String actionId); 092 093 /** 094 * Returns <code>true</code> if the user is the owner of the resource and 095 * has permission to perform the action. 096 * 097 * @param companyId the primary key of the user's company 098 * @param name the resource's name, which can be either a class name or a 099 * portlet ID 100 * @param primKey the primary key of the resource 101 * @param ownerId the primary key of the resource's owner 102 * @param actionId the action ID 103 * @return <code>true</code> if the user is the owner of the resource and 104 * has permission to perform the action; <code>false</code> 105 * otherwise 106 */ 107 public boolean hasOwnerPermission( 108 long companyId, String name, String primKey, long ownerId, 109 String actionId); 110 111 /** 112 * Returns <code>true</code> if the user has permission to perform the 113 * action on the resource. 114 * 115 * @param groupId the primary key of the group containing the resource 116 * @param name the resource's name, which can be either a class name or a 117 * portlet ID 118 * @param primKey the primary key of the resource 119 * @param actionId the action ID 120 * @return <code>true</code> if the user has permission to perform the 121 * action on the resource; <code>false</code> otherwise 122 */ 123 public boolean hasPermission( 124 long groupId, String name, long primKey, String actionId); 125 126 /** 127 * Returns <code>true</code> if the user has permission to perform the 128 * action on the resource. 129 * 130 * @param groupId the primary key of the group containing the resource 131 * @param name the resource's name, which can be either a class name or a 132 * portlet ID 133 * @param primKey the primary key of the resource 134 * @param actionId the action ID 135 * @return <code>true</code> if the user has permission to perform the 136 * action on the resource; <code>false</code> otherwise 137 */ 138 public boolean hasPermission( 139 long groupId, String name, String primKey, String actionId); 140 141 /** 142 * Initializes this permission checker. 143 * 144 * @param user the current user 145 */ 146 public void init(User user); 147 148 /** 149 * Returns <code>true</code> if guest permissions will be used in permission 150 * checks. 151 * 152 * @return <code>true</code> if guest permissions will be used in permission 153 * checks; <code>false</code> otherwise 154 */ 155 public boolean isCheckGuest(); 156 157 /** 158 * Returns <code>true</code> if the user is an administrator of their 159 * company. 160 * 161 * @return <code>true</code> if the user is an administrator of their 162 * company; <code>false</code> otherwise 163 */ 164 public boolean isCompanyAdmin(); 165 166 /** 167 * Returns <code>true</code> if the user is an administrator of the company. 168 * 169 * @param companyId the primary key of the company 170 * @return <code>true</code> if the user is an administrator of the company; 171 * <code>false</code> otherwise 172 */ 173 public boolean isCompanyAdmin(long companyId); 174 175 /** 176 * Returns <code>true</code> if the user is a content reviewer or has 177 * sufficient permissions to review content (i.e. the user is a company or 178 * group administrator). 179 * 180 * @param companyId the primary key of the company 181 * @param groupId the primary key of the group 182 * @return <code>true</code> if the user is a reviewer or has sufficient 183 * permissions to review content; <code>false</code> otherwise 184 */ 185 public boolean isContentReviewer(long companyId, long groupId); 186 187 /** 188 * Returns <code>true</code> if the user is an administrator of the group. 189 * 190 * @param groupId the primary key of the group 191 * @return <code>true</code> if the user is an administrator of the group; 192 * <code>false</code> otherwise 193 */ 194 public boolean isGroupAdmin(long groupId); 195 196 /** 197 * Returns <code>true</code> if the user is a member of the group. 198 * 199 * @param groupId the primary key of the group 200 * @return <code>true</code> if the user is a member of the group; 201 * <code>false</code> otherwise 202 */ 203 public boolean isGroupMember(long groupId); 204 205 /** 206 * Returns <code>true</code> if the user is the owner of the group. 207 * 208 * @param groupId the primary key of the group 209 * @return <code>true</code> if the user is the owner of the group; 210 * <code>false</code> otherwise 211 */ 212 public boolean isGroupOwner(long groupId); 213 214 /** 215 * Returns <code>true</code> if the user is a universal administrator. 216 * 217 * @return <code>true</code> if the user is a universal administrator; 218 * <code>false</code> otherwise 219 * @see com.liferay.portlet.admin.util.OmniadminUtil 220 */ 221 public boolean isOmniadmin(); 222 223 /** 224 * Returns <code>true</code> if the user is an administrator of the 225 * organization. 226 * 227 * @param organizationId the primary key of the organization 228 * @return <code>true</code> if the user is an administrator of the 229 * organization; <code>false</code> otherwise 230 */ 231 public boolean isOrganizationAdmin(long organizationId); 232 233 /** 234 * Returns <code>true</code> if the user is an owner of the organization. 235 * 236 * @param organizationId the primary key of the organization 237 * @return <code>true</code> if the user is an owner of the organization; 238 * <code>false</code> otherwise 239 */ 240 public boolean isOrganizationOwner(long organizationId); 241 242 /** 243 * Returns <code>true</code> if the user is signed in. 244 * 245 * @return <code>true</code> if the user is signed in; <code>false</code> 246 * otherwise 247 */ 248 public boolean isSignedIn(); 249 250 }