001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.staging.permission.StagingPermissionUtil;
021    import com.liferay.portal.kernel.util.StringUtil;
022    import com.liferay.portal.model.Group;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.LayoutTypePortlet;
025    import com.liferay.portal.model.Portlet;
026    import com.liferay.portal.model.PortletConstants;
027    import com.liferay.portal.model.impl.VirtualLayout;
028    import com.liferay.portal.security.auth.PrincipalException;
029    import com.liferay.portal.security.permission.ActionKeys;
030    import com.liferay.portal.security.permission.PermissionChecker;
031    import com.liferay.portal.security.permission.ResourceActionsUtil;
032    import com.liferay.portal.service.GroupLocalServiceUtil;
033    import com.liferay.portal.service.LayoutLocalServiceUtil;
034    import com.liferay.portal.service.PortletLocalServiceUtil;
035    import com.liferay.portal.util.PortletCategoryKeys;
036    import com.liferay.portal.util.PropsValues;
037    import com.liferay.portlet.ControlPanelEntry;
038    import com.liferay.portlet.sites.util.SitesUtil;
039    
040    import java.util.Collection;
041    import java.util.List;
042    
043    import javax.portlet.PortletMode;
044    
045    /**
046     * @author Brian Wing Shun Chan
047     * @author Raymond Aug??
048     */
049    public class PortletPermissionImpl implements PortletPermission {
050    
051            public static final boolean DEFAULT_STRICT = false;
052    
053            @Override
054            public void check(
055                            PermissionChecker permissionChecker, Layout layout,
056                            String portletId, String actionId)
057                    throws PortalException {
058    
059                    if (!contains(
060                                    permissionChecker, 0, layout, portletId, actionId,
061                                    DEFAULT_STRICT)) {
062    
063                            throw new PrincipalException();
064                    }
065            }
066    
067            @Override
068            public void check(
069                            PermissionChecker permissionChecker, Layout layout,
070                            String portletId, String actionId, boolean strict)
071                    throws PortalException {
072    
073                    if (!contains(
074                                    permissionChecker, 0, layout, portletId, actionId, strict)) {
075    
076                            throw new PrincipalException();
077                    }
078            }
079    
080            @Override
081            public void check(
082                            PermissionChecker permissionChecker, long groupId, Layout layout,
083                            String portletId, String actionId)
084                    throws PortalException {
085    
086                    if (!contains(
087                                    permissionChecker, groupId, layout, portletId, actionId,
088                                    DEFAULT_STRICT)) {
089    
090                            throw new PrincipalException();
091                    }
092            }
093    
094            @Override
095            public void check(
096                            PermissionChecker permissionChecker, long groupId, Layout layout,
097                            String portletId, String actionId, boolean strict)
098                    throws PortalException {
099    
100                    if (!contains(
101                                    permissionChecker, groupId, layout, portletId, actionId,
102                                    strict)) {
103    
104                            throw new PrincipalException();
105                    }
106            }
107    
108            @Override
109            public void check(
110                            PermissionChecker permissionChecker, long groupId, long plid,
111                            String portletId, String actionId)
112                    throws PortalException {
113    
114                    check(
115                            permissionChecker, groupId, plid, portletId, actionId,
116                            DEFAULT_STRICT);
117            }
118    
119            @Override
120            public void check(
121                            PermissionChecker permissionChecker, long groupId, long plid,
122                            String portletId, String actionId, boolean strict)
123                    throws PortalException {
124    
125                    if (!contains(
126                                    permissionChecker, groupId, plid, portletId, actionId,
127                                    strict)) {
128    
129                            throw new PrincipalException();
130                    }
131            }
132    
133            @Override
134            public void check(
135                            PermissionChecker permissionChecker, long plid, String portletId,
136                            String actionId)
137                    throws PortalException {
138    
139                    check(permissionChecker, plid, portletId, actionId, DEFAULT_STRICT);
140            }
141    
142            @Override
143            public void check(
144                            PermissionChecker permissionChecker, long plid, String portletId,
145                            String actionId, boolean strict)
146                    throws PortalException {
147    
148                    if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
149                            throw new PrincipalException();
150                    }
151            }
152    
153            @Override
154            public void check(
155                            PermissionChecker permissionChecker, String portletId,
156                            String actionId)
157                    throws PortalException {
158    
159                    if (!contains(permissionChecker, portletId, actionId)) {
160                            throw new PrincipalException();
161                    }
162            }
163    
164            @Override
165            public boolean contains(
166                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
167                            String actionId)
168                    throws PortalException {
169    
170                    return contains(
171                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
172            }
173    
174            @Override
175            public boolean contains(
176                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
177                            String actionId, boolean strict)
178                    throws PortalException {
179    
180                    return contains(
181                            permissionChecker, 0, layout, portlet, actionId, strict);
182            }
183    
184            @Override
185            public boolean contains(
186                            PermissionChecker permissionChecker, Layout layout,
187                            String portletId, String actionId)
188                    throws PortalException {
189    
190                    return contains(
191                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
192            }
193    
194            @Override
195            public boolean contains(
196                            PermissionChecker permissionChecker, Layout layout,
197                            String portletId, String actionId, boolean strict)
198                    throws PortalException {
199    
200                    return contains(
201                            permissionChecker, 0, layout, portletId, actionId, strict);
202            }
203    
204            @Override
205            public boolean contains(
206                            PermissionChecker permissionChecker, long groupId, Layout layout,
207                            Portlet portlet, String actionId)
208                    throws PortalException {
209    
210                    return contains(
211                            permissionChecker, groupId, layout, portlet, actionId,
212                            DEFAULT_STRICT);
213            }
214    
215            @Override
216            public boolean contains(
217                            PermissionChecker permissionChecker, long groupId, Layout layout,
218                            Portlet portlet, String actionId, boolean strict)
219                    throws PortalException {
220    
221                    if (portlet.isUndeployedPortlet()) {
222                            return false;
223                    }
224    
225                    return contains(
226                            permissionChecker, groupId, layout, portlet.getPortletId(),
227                            actionId, strict);
228            }
229    
230            @Override
231            public boolean contains(
232                            PermissionChecker permissionChecker, long groupId, Layout layout,
233                            String portletId, String actionId)
234                    throws PortalException {
235    
236                    return contains(
237                            permissionChecker, groupId, layout, portletId, actionId,
238                            DEFAULT_STRICT);
239            }
240    
241            @Override
242            public boolean contains(
243                            PermissionChecker permissionChecker, long groupId, Layout layout,
244                            String portletId, String actionId, boolean strict)
245                    throws PortalException {
246    
247                    String name = null;
248                    String primKey = null;
249    
250                    if (layout == null) {
251                            name = portletId;
252                            primKey = portletId;
253    
254                            return permissionChecker.hasPermission(
255                                    groupId, name, primKey, actionId);
256                    }
257    
258                    if (!actionId.equals(ActionKeys.VIEW) &&
259                            (layout instanceof VirtualLayout)) {
260    
261                            return hasCustomizePermission(
262                                    permissionChecker, layout, portletId, actionId);
263                    }
264    
265                    Group group = layout.getGroup();
266    
267                    if (!group.isLayoutSetPrototype() &&
268                            actionId.equals(ActionKeys.CONFIGURATION) &&
269                            !SitesUtil.isLayoutUpdateable(layout)) {
270    
271                            return false;
272                    }
273    
274                    groupId = layout.getGroupId();
275    
276                    name = PortletConstants.getRootPortletId(portletId);
277    
278                    Boolean hasPermission = StagingPermissionUtil.hasPermission(
279                            permissionChecker, groupId, name, groupId, name, actionId);
280    
281                    if (hasPermission != null) {
282                            return hasPermission.booleanValue();
283                    }
284    
285                    if (group.isControlPanel() && actionId.equals(ActionKeys.VIEW)) {
286                            return true;
287                    }
288    
289                    primKey = getPrimaryKey(layout.getPlid(), portletId);
290    
291                    if (strict) {
292                            return permissionChecker.hasPermission(
293                                    groupId, name, primKey, actionId);
294                    }
295    
296                    if (hasConfigurePermission(
297                                    permissionChecker, layout, portletId, actionId) ||
298                            hasCustomizePermission(
299                                    permissionChecker, layout, portletId, actionId)) {
300    
301                            return true;
302                    }
303    
304                    return permissionChecker.hasPermission(
305                            groupId, name, primKey, actionId);
306            }
307    
308            public boolean contains(
309                            PermissionChecker permissionChecker, long groupId, long plid,
310                            Portlet portlet, String actionId)
311                    throws PortalException {
312    
313                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
314    
315                    return contains(
316                            permissionChecker, groupId, layout, portlet, actionId,
317                            DEFAULT_STRICT);
318            }
319    
320            @Override
321            public boolean contains(
322                            PermissionChecker permissionChecker, long groupId, long plid,
323                            Portlet portlet, String actionId, boolean strict)
324                    throws PortalException {
325    
326                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
327    
328                    return contains(
329                            permissionChecker, groupId, layout, portlet, actionId, strict);
330            }
331    
332            public boolean contains(
333                            PermissionChecker permissionChecker, long groupId, long plid,
334                            String portletId, String actionId)
335                    throws PortalException {
336    
337                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
338    
339                    return contains(
340                            permissionChecker, groupId, layout, portletId, actionId,
341                            DEFAULT_STRICT);
342            }
343    
344            @Override
345            public boolean contains(
346                            PermissionChecker permissionChecker, long groupId, long plid,
347                            String portletId, String actionId, boolean strict)
348                    throws PortalException {
349    
350                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
351    
352                    return contains(
353                            permissionChecker, groupId, layout, portletId, actionId, strict);
354            }
355    
356            @Override
357            public boolean contains(
358                            PermissionChecker permissionChecker, long plid, Portlet portlet,
359                            String actionId)
360                    throws PortalException {
361    
362                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
363    
364                    return contains(
365                            permissionChecker, layout, portlet, actionId, DEFAULT_STRICT);
366            }
367    
368            @Override
369            public boolean contains(
370                            PermissionChecker permissionChecker, long plid, Portlet portlet,
371                            String actionId, boolean strict)
372                    throws PortalException {
373    
374                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
375    
376                    return contains(
377                            permissionChecker, 0, layout, portlet, actionId, strict);
378            }
379    
380            @Override
381            public boolean contains(
382                            PermissionChecker permissionChecker, long plid, String portletId,
383                            String actionId)
384                    throws PortalException {
385    
386                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
387    
388                    return contains(
389                            permissionChecker, layout, portletId, actionId, DEFAULT_STRICT);
390            }
391    
392            @Override
393            public boolean contains(
394                            PermissionChecker permissionChecker, long plid, String portletId,
395                            String actionId, boolean strict)
396                    throws PortalException {
397    
398                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
399    
400                    return contains(
401                            permissionChecker, 0, layout, portletId, actionId, strict);
402            }
403    
404            @Override
405            public boolean contains(
406                            PermissionChecker permissionChecker, String portletId,
407                            String actionId)
408                    throws PortalException {
409    
410                    return contains(permissionChecker, 0, portletId, actionId);
411            }
412    
413            @Override
414            public String getPrimaryKey(long plid, String portletId) {
415                    return String.valueOf(plid).concat(
416                            PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
417            }
418    
419            @Override
420            public boolean hasAccessPermission(
421                            PermissionChecker permissionChecker, long scopeGroupId,
422                            Layout layout, Portlet portlet, PortletMode portletMode)
423                    throws PortalException {
424    
425                    if ((layout != null) && layout.isTypeControlPanel()) {
426                            String category = portlet.getControlPanelEntryCategory();
427    
428                            if (StringUtil.startsWith(
429                                            category, PortletCategoryKeys.SITE_ADMINISTRATION)) {
430    
431                                    layout = null;
432                            }
433                    }
434    
435                    boolean access = contains(
436                            permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
437    
438                    if (access && !PropsValues.TCK_URL &&
439                            portletMode.equals(PortletMode.EDIT)) {
440    
441                            access = contains(
442                                    permissionChecker, scopeGroupId, layout, portlet,
443                                    ActionKeys.PREFERENCES);
444                    }
445    
446                    return access;
447            }
448    
449            @Override
450            public boolean hasConfigurationPermission(
451                            PermissionChecker permissionChecker, long groupId, Layout layout,
452                            String actionId)
453                    throws PortalException {
454    
455                    LayoutTypePortlet layoutTypePortlet =
456                            (LayoutTypePortlet)layout.getLayoutType();
457    
458                    for (Portlet portlet : layoutTypePortlet.getAllPortlets(false)) {
459                            if (contains(
460                                            permissionChecker, groupId, layout, portlet.getPortletId(),
461                                            actionId)) {
462    
463                                    return true;
464                            }
465    
466                            if (contains(
467                                            permissionChecker, groupId, null,
468                                            portlet.getRootPortletId(), actionId)) {
469    
470                                    return true;
471                            }
472                    }
473    
474                    return false;
475            }
476    
477            @Override
478            public boolean hasControlPanelAccessPermission(
479                            PermissionChecker permissionChecker, long groupId,
480                            Collection<Portlet> portlets)
481                    throws PortalException {
482    
483                    for (Portlet portlet : portlets) {
484                            if (hasControlPanelAccessPermission(
485                                            permissionChecker, groupId, portlet)) {
486    
487                                    return true;
488                            }
489                    }
490    
491                    return false;
492            }
493    
494            @Override
495            public boolean hasControlPanelAccessPermission(
496                            PermissionChecker permissionChecker, long scopeGroupId,
497                            Portlet portlet)
498                    throws PortalException {
499    
500                    Group group = GroupLocalServiceUtil.getGroup(scopeGroupId);
501    
502                    ControlPanelEntry controlPanelEntry =
503                            portlet.getControlPanelEntryInstance();
504    
505                    try {
506                            return controlPanelEntry.hasAccessPermission(
507                                    permissionChecker, group, portlet);
508                    }
509                    catch (Exception e) {
510                            if (_log.isWarnEnabled()) {
511                                    _log.warn("Cannot process control panel access permission", e);
512                            }
513    
514                            return false;
515                    }
516            }
517    
518            @Override
519            public boolean hasControlPanelAccessPermission(
520                            PermissionChecker permissionChecker, long scopeGroupId,
521                            String portletId)
522                    throws PortalException {
523    
524                    Portlet portlet = PortletLocalServiceUtil.getPortletById(portletId);
525    
526                    return hasControlPanelAccessPermission(
527                            permissionChecker, scopeGroupId, portlet);
528            }
529    
530            @Override
531            public boolean hasLayoutManagerPermission(
532                    String portletId, String actionId) {
533    
534                    try {
535                            portletId = PortletConstants.getRootPortletId(portletId);
536    
537                            List<String> layoutManagerActions =
538                                    ResourceActionsUtil.getPortletResourceLayoutManagerActions(
539                                            portletId);
540    
541                            return layoutManagerActions.contains(actionId);
542                    }
543                    catch (Exception e) {
544                            _log.error(e, e);
545    
546                            return false;
547                    }
548            }
549    
550            protected boolean hasConfigurePermission(
551                            PermissionChecker permissionChecker, Layout layout,
552                            String portletId, String actionId)
553                    throws PortalException {
554    
555                    if (!actionId.equals(ActionKeys.CONFIGURATION) &&
556                            !actionId.equals(ActionKeys.PREFERENCES) &&
557                            !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
558    
559                            return false;
560                    }
561    
562                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
563                            layout.getCompanyId(), portletId);
564    
565                    if (portlet.isPreferencesUniquePerLayout()) {
566                            return LayoutPermissionUtil.contains(
567                                    permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
568                    }
569    
570                    return GroupPermissionUtil.contains(
571                            permissionChecker, layout.getGroupId(),
572                            ActionKeys.CONFIGURE_PORTLETS);
573            }
574    
575            protected boolean hasCustomizePermission(
576                            PermissionChecker permissionChecker, Layout layout,
577                            String portletId, String actionId)
578                    throws PortalException {
579    
580                    LayoutTypePortlet layoutTypePortlet =
581                            (LayoutTypePortlet)layout.getLayoutType();
582    
583                    if (layoutTypePortlet.isCustomizedView() &&
584                            layoutTypePortlet.isPortletCustomizable(portletId) &&
585                            LayoutPermissionUtil.contains(
586                                    permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
587    
588                            if (actionId.equals(ActionKeys.VIEW)) {
589                                    return true;
590                            }
591                            else if (actionId.equals(ActionKeys.CONFIGURATION)) {
592                                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
593                                            layout.getCompanyId(), portletId);
594    
595                                    if (portlet.isInstanceable() ||
596                                            portlet.isPreferencesUniquePerLayout()) {
597    
598                                            return true;
599                                    }
600                            }
601                    }
602    
603                    return false;
604            }
605    
606            private static final Log _log = LogFactoryUtil.getLog(
607                    PortletPermissionImpl.class);
608    
609    }