001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.BaseModelPermissionChecker;
024 import com.liferay.portal.security.permission.PermissionChecker;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.UserLocalServiceUtil;
027
028
032 @OSGiBeanProperties(
033 property = {"model.class.name=com.liferay.portal.model.Group"}
034 )
035 public class GroupPermissionImpl
036 implements BaseModelPermissionChecker, GroupPermission {
037
038 @Override
039 public void check(
040 PermissionChecker permissionChecker, Group group, String actionId)
041 throws PortalException {
042
043 if (!contains(permissionChecker, group, actionId)) {
044 throw new PrincipalException();
045 }
046 }
047
048 @Override
049 public void check(
050 PermissionChecker permissionChecker, long groupId, String actionId)
051 throws PortalException {
052
053 if (!contains(permissionChecker, groupId, actionId)) {
054 throw new PrincipalException();
055 }
056 }
057
058 @Override
059 public void check(PermissionChecker permissionChecker, String actionId)
060 throws PortalException {
061
062 if (!contains(permissionChecker, actionId)) {
063 throw new PrincipalException();
064 }
065 }
066
067 @Override
068 public void checkBaseModel(
069 PermissionChecker permissionChecker, long groupId, long primaryKey,
070 String actionId)
071 throws PortalException {
072
073 check(permissionChecker, primaryKey, actionId);
074 }
075
076 @Override
077 public boolean contains(
078 PermissionChecker permissionChecker, Group group, String actionId)
079 throws PortalException {
080
081 if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
082 actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
083 (group.hasLocalOrRemoteStagingGroup() ||
084 group.isLayoutPrototype())) {
085
086 return false;
087 }
088
089 long groupId = group.getGroupId();
090
091 if (group.isStagingGroup()) {
092 group = group.getLiveGroup();
093 }
094
095 if (group.isUser()) {
096
097
098
099
100
101
102 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
103
104 if ((permissionChecker.getUserId() != user.getUserId()) &&
105 UserPermissionUtil.contains(
106 permissionChecker, user.getUserId(),
107 user.getOrganizationIds(), ActionKeys.UPDATE)) {
108
109 return true;
110 }
111 }
112
113 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
114 (permissionChecker.hasPermission(
115 groupId, Group.class.getName(), groupId,
116 ActionKeys.MANAGE_SUBGROUPS) ||
117 PortalPermissionUtil.contains(
118 permissionChecker, ActionKeys.ADD_COMMUNITY))) {
119
120 return true;
121 }
122 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
123 permissionChecker.hasPermission(
124 groupId, Group.class.getName(), groupId,
125 ActionKeys.MANAGE_LAYOUTS)) {
126
127 return true;
128 }
129 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
130 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
131 permissionChecker.hasPermission(
132 groupId, Group.class.getName(), groupId,
133 ActionKeys.PUBLISH_STAGING)) {
134
135 return true;
136 }
137 else if (actionId.equals(ActionKeys.VIEW) &&
138 (permissionChecker.hasPermission(
139 groupId, Group.class.getName(), groupId,
140 ActionKeys.ASSIGN_USER_ROLES) ||
141 permissionChecker.hasPermission(
142 groupId, Group.class.getName(), groupId,
143 ActionKeys.MANAGE_LAYOUTS))) {
144
145 return true;
146 }
147 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
148 (permissionChecker.hasPermission(
149 groupId, Group.class.getName(), groupId,
150 ActionKeys.MANAGE_LAYOUTS) ||
151 permissionChecker.hasPermission(
152 groupId, Group.class.getName(), groupId,
153 ActionKeys.MANAGE_STAGING) ||
154 permissionChecker.hasPermission(
155 groupId, Group.class.getName(), groupId,
156 ActionKeys.PUBLISH_STAGING) ||
157 permissionChecker.hasPermission(
158 groupId, Group.class.getName(), groupId,
159 ActionKeys.UPDATE))) {
160
161 return true;
162 }
163
164
165
166 if (permissionChecker.hasPermission(
167 groupId, Group.class.getName(), groupId, actionId)) {
168
169 return true;
170 }
171
172 while (!group.isRoot()) {
173 if (contains(
174 permissionChecker, group.getParentGroupId(),
175 ActionKeys.MANAGE_SUBGROUPS)) {
176
177 return true;
178 }
179
180 group = group.getParentGroup();
181 }
182
183 return false;
184 }
185
186 @Override
187 public boolean contains(
188 PermissionChecker permissionChecker, long groupId, String actionId)
189 throws PortalException {
190
191 if (groupId > 0) {
192 Group group = GroupLocalServiceUtil.getGroup(groupId);
193
194 return contains(permissionChecker, group, actionId);
195 }
196 else {
197 return false;
198 }
199 }
200
201 @Override
202 public boolean contains(
203 PermissionChecker permissionChecker, String actionId) {
204
205 return permissionChecker.hasPermission(
206 0, Group.class.getName(), 0, actionId);
207 }
208
209 }