001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
021 import com.liferay.portal.model.Contact;
022 import com.liferay.portal.model.Group;
023 import com.liferay.portal.model.Organization;
024 import com.liferay.portal.model.ResourceConstants;
025 import com.liferay.portal.model.RoleConstants;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.BaseModelPermissionChecker;
030 import com.liferay.portal.security.permission.PermissionChecker;
031 import com.liferay.portal.service.OrganizationLocalServiceUtil;
032 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
033 import com.liferay.portal.service.UserLocalServiceUtil;
034 import com.liferay.portal.util.PortalUtil;
035
036 import java.util.List;
037
038
042 @OSGiBeanProperties(
043 property = {"model.class.name=com.liferay.portal.model.User"}
044 )
045 public class UserPermissionImpl
046 implements BaseModelPermissionChecker, UserPermission {
047
048
052 @Deprecated
053 @Override
054 public void check(
055 PermissionChecker permissionChecker, long userId,
056 long organizationId, long locationId, String actionId)
057 throws PrincipalException {
058
059 check(
060 permissionChecker, userId, new long[] {organizationId, locationId},
061 actionId);
062 }
063
064 @Override
065 public void check(
066 PermissionChecker permissionChecker, long userId,
067 long[] organizationIds, String actionId)
068 throws PrincipalException {
069
070 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
071 throw new PrincipalException();
072 }
073 }
074
075 @Override
076 public void check(
077 PermissionChecker permissionChecker, long userId, String actionId)
078 throws PrincipalException {
079
080 if (!contains(permissionChecker, userId, actionId)) {
081 throw new PrincipalException();
082 }
083 }
084
085 @Override
086 public void checkBaseModel(
087 PermissionChecker permissionChecker, long groupId, long primaryKey,
088 String actionId)
089 throws PortalException {
090
091 List<Organization> organizations =
092 OrganizationLocalServiceUtil.getUserOrganizations(primaryKey);
093
094 long[] organizationsIds = new long[organizations.size()];
095
096 for (int i = 0; i < organizations.size(); i++) {
097 Organization organization = organizations.get(i);
098
099 organizationsIds[i] = organization.getOrganizationId();
100 }
101
102 check(permissionChecker, primaryKey, organizationsIds, actionId);
103 }
104
105
109 @Deprecated
110 @Override
111 public boolean contains(
112 PermissionChecker permissionChecker, long userId, long organizationId,
113 long locationId, String actionId) {
114
115 return contains(
116 permissionChecker, userId, new long[] {organizationId, locationId},
117 actionId);
118 }
119
120 @Override
121 public boolean contains(
122 PermissionChecker permissionChecker, long userId,
123 long[] organizationIds, String actionId) {
124
125 try {
126 User user = null;
127
128 if (userId != ResourceConstants.PRIMKEY_DNE) {
129 user = UserLocalServiceUtil.getUserById(userId);
130
131 if ((actionId.equals(ActionKeys.DELETE) ||
132 actionId.equals(ActionKeys.IMPERSONATE) ||
133 actionId.equals(ActionKeys.PERMISSIONS) ||
134 actionId.equals(ActionKeys.UPDATE)) &&
135 !permissionChecker.isOmniadmin() &&
136 (PortalUtil.isOmniadmin(user) ||
137 (!permissionChecker.isCompanyAdmin() &&
138 PortalUtil.isCompanyAdmin(user)))) {
139
140 return false;
141 }
142
143 Contact contact = user.getContact();
144
145 if (permissionChecker.hasOwnerPermission(
146 permissionChecker.getCompanyId(), User.class.getName(),
147 userId, contact.getUserId(), actionId) ||
148 (permissionChecker.getUserId() == userId)) {
149
150 return true;
151 }
152 }
153
154 if (permissionChecker.hasPermission(
155 0, User.class.getName(), userId, actionId)) {
156
157 return true;
158 }
159
160 if (user == null) {
161 return false;
162 }
163
164 if (organizationIds == null) {
165 organizationIds = user.getOrganizationIds();
166 }
167
168 for (long organizationId : organizationIds) {
169 Organization organization =
170 OrganizationLocalServiceUtil.getOrganization(
171 organizationId);
172
173 if (OrganizationPermissionUtil.contains(
174 permissionChecker, organization,
175 ActionKeys.MANAGE_USERS)) {
176
177 if (permissionChecker.getUserId() == user.getUserId()) {
178 return true;
179 }
180
181 Group organizationGroup = organization.getGroup();
182
183
184
185
186 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
187 user.getUserId(), organizationGroup.getGroupId(),
188 RoleConstants.ORGANIZATION_OWNER, true)) {
189
190 continue;
191 }
192 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
193 user.getUserId(),
194 organizationGroup.getGroupId(),
195 RoleConstants.ORGANIZATION_ADMINISTRATOR,
196 true) &&
197 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
198 permissionChecker.getUserId(),
199 organizationGroup.getGroupId(),
200 RoleConstants.ORGANIZATION_OWNER, true)) {
201
202 continue;
203 }
204
205 return true;
206 }
207 }
208 }
209 catch (Exception e) {
210 _log.error(e, e);
211 }
212
213 return false;
214 }
215
216 @Override
217 public boolean contains(
218 PermissionChecker permissionChecker, long userId, String actionId) {
219
220 return contains(permissionChecker, userId, null, actionId);
221 }
222
223 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
224
225 }