001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.model.Group;
019    import com.liferay.portal.model.GroupConstants;
020    import com.liferay.portal.model.Organization;
021    import com.liferay.portal.model.OrganizationConstants;
022    import com.liferay.portal.model.Role;
023    import com.liferay.portal.model.RoleConstants;
024    import com.liferay.portal.model.UserConstants;
025    import com.liferay.portal.service.GroupLocalServiceUtil;
026    import com.liferay.portal.service.OrganizationLocalServiceUtil;
027    import com.liferay.portal.service.RoleLocalServiceUtil;
028    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
030    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
031    
032    import java.util.Arrays;
033    import java.util.Collections;
034    import java.util.HashMap;
035    import java.util.List;
036    import java.util.Map;
037    import java.util.Set;
038    
039    /**
040     * @author Brian Wing Shun Chan
041     */
042    public class PermissionCheckerBagImpl
043            extends UserPermissionCheckerBagImpl implements PermissionCheckerBag {
044    
045            public PermissionCheckerBagImpl() {
046                    this(UserConstants.USER_ID_DEFAULT);
047            }
048    
049            public PermissionCheckerBagImpl(long userId) {
050                    this(userId, Collections.<Role>emptyList());
051            }
052    
053            public PermissionCheckerBagImpl(long userId, List<Role> roles) {
054                    super(userId);
055    
056                    _roles = roles;
057            }
058    
059            public PermissionCheckerBagImpl(
060                    long userId, Set<Group> userGroups, List<Organization> userOrgs,
061                    Set<Group> userOrgGroups, List<Group> userUserGroupGroups,
062                    List<Role> roles) {
063    
064                    super(userId, userGroups, userOrgs, userOrgGroups, userUserGroupGroups);
065    
066                    _roles = roles;
067            }
068    
069            public PermissionCheckerBagImpl(
070                    UserPermissionCheckerBag userPermissionCheckerBag, List<Role> roles) {
071    
072                    super(userPermissionCheckerBag);
073    
074                    _roles = roles;
075            }
076    
077            @Override
078            public long[] getRoleIds() {
079                    if (_roleIds == null) {
080                            List<Role> roles = getRoles();
081    
082                            long[] roleIds = new long[roles.size()];
083    
084                            for (int i = 0; i < roles.size(); i++) {
085                                    Role role = roles.get(i);
086    
087                                    roleIds[i] = role.getRoleId();
088                            }
089    
090                            Arrays.sort(roleIds);
091    
092                            _roleIds = roleIds;
093                    }
094    
095                    return _roleIds;
096            }
097    
098            @Override
099            public List<Role> getRoles() {
100                    return _roles;
101            }
102    
103            /**
104             * @deprecated As of 6.1.0, renamed to {@link
105             *             #isGroupAdmin(PermissionChecker, Group)}
106             */
107            @Deprecated
108            @Override
109            public boolean isCommunityAdmin(
110                            PermissionChecker permissionChecker, Group group)
111                    throws Exception {
112    
113                    return isGroupAdmin(permissionChecker, group);
114            }
115    
116            /**
117             * @deprecated As of 6.1.0, renamed to {@link
118             *             #isGroupOwner(PermissionChecker, Group)}
119             */
120            @Deprecated
121            @Override
122            public boolean isCommunityOwner(
123                            PermissionChecker permissionChecker, Group group)
124                    throws Exception {
125    
126                    return isGroupOwner(permissionChecker, group);
127            }
128    
129            @Override
130            public boolean isContentReviewer(
131                            PermissionChecker permissionChecker, Group group)
132                    throws Exception {
133    
134                    Boolean value = _contentReviewers.get(group.getCompanyId());
135    
136                    if (value == null) {
137                            value = Boolean.valueOf(
138                                    isContentReviewerImpl(permissionChecker, group));
139    
140                            _contentReviewers.put(group.getCompanyId(), value);
141                    }
142    
143                    return value.booleanValue();
144            }
145    
146            @Override
147            public boolean isGroupAdmin(
148                            PermissionChecker permissionChecker, Group group)
149                    throws Exception {
150    
151                    Boolean value = _groupAdmins.get(group.getGroupId());
152    
153                    if (value == null) {
154                            value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
155    
156                            _groupAdmins.put(group.getGroupId(), value);
157                    }
158    
159                    return value.booleanValue();
160            }
161    
162            @Override
163            public boolean isGroupMember(
164                            PermissionChecker permissionChecker, Group group)
165                    throws Exception {
166    
167                    for (Role role : _roles) {
168                            String roleName = role.getName();
169    
170                            if (roleName.equals(RoleConstants.SITE_MEMBER)) {
171                                    return true;
172                            }
173                    }
174    
175                    Set<Group> userGroups = getUserGroups();
176    
177                    if (userGroups.contains(group)) {
178                            return true;
179                    }
180    
181                    return false;
182            }
183    
184            @Override
185            public boolean isGroupOwner(
186                            PermissionChecker permissionChecker, Group group)
187                    throws Exception {
188    
189                    Boolean value = _groupOwners.get(group.getGroupId());
190    
191                    if (value == null) {
192                            value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
193    
194                            _groupOwners.put(group.getGroupId(), value);
195                    }
196    
197                    return value.booleanValue();
198            }
199    
200            @Override
201            public boolean isOrganizationAdmin(
202                            PermissionChecker permissionChecker, Organization organization)
203                    throws Exception {
204    
205                    Boolean value = _organizationAdmins.get(
206                            organization.getOrganizationId());
207    
208                    if (value == null) {
209                            value = Boolean.valueOf(
210                                    isOrganizationAdminImpl(permissionChecker, organization));
211    
212                            _organizationAdmins.put(organization.getOrganizationId(), value);
213                    }
214    
215                    return value.booleanValue();
216            }
217    
218            @Override
219            public boolean isOrganizationOwner(
220                            PermissionChecker permissionChecker, Organization organization)
221                    throws Exception {
222    
223                    Boolean value = _organizationOwners.get(
224                            organization.getOrganizationId());
225    
226                    if (value == null) {
227                            value = Boolean.valueOf(
228                                    isOrganizationOwnerImpl(permissionChecker, organization));
229    
230                            _organizationOwners.put(organization.getOrganizationId(), value);
231                    }
232    
233                    return value.booleanValue();
234            }
235    
236            protected boolean isContentReviewerImpl(
237                            PermissionChecker permissionChecker, Group group)
238                    throws PortalException {
239    
240                    if (permissionChecker.isCompanyAdmin() ||
241                            permissionChecker.isGroupAdmin(group.getGroupId())) {
242    
243                            return true;
244                    }
245    
246                    if (RoleLocalServiceUtil.hasUserRole(
247                                    getUserId(), group.getCompanyId(),
248                                    RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
249    
250                            return true;
251                    }
252    
253                    if (group.isSite()) {
254                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
255                                            getUserId(), group.getGroupId(),
256                                            RoleConstants.SITE_CONTENT_REVIEWER, true)) {
257    
258                                    return true;
259                            }
260                    }
261    
262                    return false;
263            }
264    
265            protected boolean isGroupAdminImpl(
266                            PermissionChecker permissionChecker, Group group)
267                    throws PortalException {
268    
269                    if (group.isLayout()) {
270                            long parentGroupId = group.getParentGroupId();
271    
272                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
273                                    return false;
274                            }
275    
276                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
277                    }
278    
279                    if (group.isSite()) {
280                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
281                                            getUserId(), group.getGroupId(),
282                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
283                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
284                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
285                                            true)) {
286    
287                                    return true;
288                            }
289                    }
290    
291                    if (group.isCompany()) {
292                            if (permissionChecker.isCompanyAdmin()) {
293                                    return true;
294                            }
295                            else {
296                                    return false;
297                            }
298                    }
299                    else if (group.isLayoutPrototype()) {
300                            if (LayoutPrototypePermissionUtil.contains(
301                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
302    
303                                    return true;
304                            }
305                            else {
306                                    return false;
307                            }
308                    }
309                    else if (group.isLayoutSetPrototype()) {
310                            if (LayoutSetPrototypePermissionUtil.contains(
311                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
312    
313                                    return true;
314                            }
315                            else {
316                                    return false;
317                            }
318                    }
319                    else if (group.isOrganization()) {
320                            long organizationId = group.getOrganizationId();
321    
322                            while (organizationId !=
323                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
324    
325                                    Organization organization =
326                                            OrganizationLocalServiceUtil.getOrganization(
327                                                    organizationId);
328    
329                                    long organizationGroupId = organization.getGroupId();
330    
331                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
332                                                    getUserId(), organizationGroupId,
333                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
334                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
335                                                    getUserId(), organizationGroupId,
336                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
337    
338                                            return true;
339                                    }
340    
341                                    organizationId = organization.getParentOrganizationId();
342                            }
343                    }
344    
345                    return false;
346            }
347    
348            protected boolean isGroupOwnerImpl(
349                            PermissionChecker permissionChecker, Group group)
350                    throws PortalException {
351    
352                    if (group.isSite()) {
353                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
354                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
355                                            true)) {
356    
357                                    return true;
358                            }
359                    }
360    
361                    if (group.isLayoutPrototype()) {
362                            if (LayoutPrototypePermissionUtil.contains(
363                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
364    
365                                    return true;
366                            }
367                            else {
368                                    return false;
369                            }
370                    }
371                    else if (group.isLayoutSetPrototype()) {
372                            if (LayoutSetPrototypePermissionUtil.contains(
373                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
374    
375                                    return true;
376                            }
377                            else {
378                                    return false;
379                            }
380                    }
381                    else if (group.isOrganization()) {
382                            long organizationId = group.getOrganizationId();
383    
384                            while (organizationId !=
385                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
386    
387                                    Organization organization =
388                                            OrganizationLocalServiceUtil.getOrganization(
389                                                    organizationId);
390    
391                                    long organizationGroupId = organization.getGroupId();
392    
393                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
394                                                    getUserId(), organizationGroupId,
395                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
396    
397                                            return true;
398                                    }
399    
400                                    organizationId = organization.getParentOrganizationId();
401                            }
402                    }
403                    else if (group.isUser()) {
404                            long groupUserId = group.getClassPK();
405    
406                            if (getUserId() == groupUserId) {
407                                    return true;
408                            }
409                    }
410    
411                    return false;
412            }
413    
414            protected boolean isOrganizationAdminImpl(
415                            PermissionChecker permissionChecker, Organization organization)
416                    throws PortalException {
417    
418                    while (organization != null) {
419                            long organizationGroupId = organization.getGroupId();
420    
421                            long userId = getUserId();
422    
423                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
424                                            userId, organizationGroupId,
425                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
426                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
427                                            userId, organizationGroupId,
428                                            RoleConstants.ORGANIZATION_OWNER, true)) {
429    
430                                    return true;
431                            }
432    
433                            organization = organization.getParentOrganization();
434                    }
435    
436                    return false;
437            }
438    
439            protected boolean isOrganizationOwnerImpl(
440                            PermissionChecker permissionChecker, Organization organization)
441                    throws PortalException {
442    
443                    while (organization != null) {
444                            long organizationGroupId = organization.getGroupId();
445    
446                            long userId = getUserId();
447    
448                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
449                                            userId, organizationGroupId,
450                                            RoleConstants.ORGANIZATION_OWNER, true)) {
451    
452                                    return true;
453                            }
454    
455                            organization = organization.getParentOrganization();
456                    }
457    
458                    return false;
459            }
460    
461            private Map<Long, Boolean> _contentReviewers = new HashMap<Long, Boolean>();
462            private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
463            private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
464            private Map<Long, Boolean> _organizationAdmins =
465                    new HashMap<Long, Boolean>();
466            private Map<Long, Boolean> _organizationOwners =
467                    new HashMap<Long, Boolean>();
468            private long[] _roleIds;
469            private List<Role> _roles;
470    
471    }