001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.model.Group;
019 import com.liferay.portal.model.GroupConstants;
020 import com.liferay.portal.model.Organization;
021 import com.liferay.portal.model.OrganizationConstants;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.UserConstants;
025 import com.liferay.portal.service.GroupLocalServiceUtil;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.RoleLocalServiceUtil;
028 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
030 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
031
032 import java.util.Arrays;
033 import java.util.Collections;
034 import java.util.HashMap;
035 import java.util.List;
036 import java.util.Map;
037 import java.util.Set;
038
039
042 public class PermissionCheckerBagImpl
043 extends UserPermissionCheckerBagImpl implements PermissionCheckerBag {
044
045 public PermissionCheckerBagImpl() {
046 this(UserConstants.USER_ID_DEFAULT);
047 }
048
049 public PermissionCheckerBagImpl(long userId) {
050 this(userId, Collections.<Role>emptyList());
051 }
052
053 public PermissionCheckerBagImpl(long userId, List<Role> roles) {
054 super(userId);
055
056 _roles = roles;
057 }
058
059 public PermissionCheckerBagImpl(
060 long userId, Set<Group> userGroups, List<Organization> userOrgs,
061 Set<Group> userOrgGroups, List<Group> userUserGroupGroups,
062 List<Role> roles) {
063
064 super(userId, userGroups, userOrgs, userOrgGroups, userUserGroupGroups);
065
066 _roles = roles;
067 }
068
069 public PermissionCheckerBagImpl(
070 UserPermissionCheckerBag userPermissionCheckerBag, List<Role> roles) {
071
072 super(userPermissionCheckerBag);
073
074 _roles = roles;
075 }
076
077 @Override
078 public long[] getRoleIds() {
079 if (_roleIds == null) {
080 List<Role> roles = getRoles();
081
082 long[] roleIds = new long[roles.size()];
083
084 for (int i = 0; i < roles.size(); i++) {
085 Role role = roles.get(i);
086
087 roleIds[i] = role.getRoleId();
088 }
089
090 Arrays.sort(roleIds);
091
092 _roleIds = roleIds;
093 }
094
095 return _roleIds;
096 }
097
098 @Override
099 public List<Role> getRoles() {
100 return _roles;
101 }
102
103
107 @Deprecated
108 @Override
109 public boolean isCommunityAdmin(
110 PermissionChecker permissionChecker, Group group)
111 throws Exception {
112
113 return isGroupAdmin(permissionChecker, group);
114 }
115
116
120 @Deprecated
121 @Override
122 public boolean isCommunityOwner(
123 PermissionChecker permissionChecker, Group group)
124 throws Exception {
125
126 return isGroupOwner(permissionChecker, group);
127 }
128
129 @Override
130 public boolean isContentReviewer(
131 PermissionChecker permissionChecker, Group group)
132 throws Exception {
133
134 Boolean value = _contentReviewers.get(group.getCompanyId());
135
136 if (value == null) {
137 value = Boolean.valueOf(
138 isContentReviewerImpl(permissionChecker, group));
139
140 _contentReviewers.put(group.getCompanyId(), value);
141 }
142
143 return value.booleanValue();
144 }
145
146 @Override
147 public boolean isGroupAdmin(
148 PermissionChecker permissionChecker, Group group)
149 throws Exception {
150
151 Boolean value = _groupAdmins.get(group.getGroupId());
152
153 if (value == null) {
154 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
155
156 _groupAdmins.put(group.getGroupId(), value);
157 }
158
159 return value.booleanValue();
160 }
161
162 @Override
163 public boolean isGroupMember(
164 PermissionChecker permissionChecker, Group group)
165 throws Exception {
166
167 for (Role role : _roles) {
168 String roleName = role.getName();
169
170 if (roleName.equals(RoleConstants.SITE_MEMBER)) {
171 return true;
172 }
173 }
174
175 Set<Group> userGroups = getUserGroups();
176
177 if (userGroups.contains(group)) {
178 return true;
179 }
180
181 return false;
182 }
183
184 @Override
185 public boolean isGroupOwner(
186 PermissionChecker permissionChecker, Group group)
187 throws Exception {
188
189 Boolean value = _groupOwners.get(group.getGroupId());
190
191 if (value == null) {
192 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
193
194 _groupOwners.put(group.getGroupId(), value);
195 }
196
197 return value.booleanValue();
198 }
199
200 @Override
201 public boolean isOrganizationAdmin(
202 PermissionChecker permissionChecker, Organization organization)
203 throws Exception {
204
205 Boolean value = _organizationAdmins.get(
206 organization.getOrganizationId());
207
208 if (value == null) {
209 value = Boolean.valueOf(
210 isOrganizationAdminImpl(permissionChecker, organization));
211
212 _organizationAdmins.put(organization.getOrganizationId(), value);
213 }
214
215 return value.booleanValue();
216 }
217
218 @Override
219 public boolean isOrganizationOwner(
220 PermissionChecker permissionChecker, Organization organization)
221 throws Exception {
222
223 Boolean value = _organizationOwners.get(
224 organization.getOrganizationId());
225
226 if (value == null) {
227 value = Boolean.valueOf(
228 isOrganizationOwnerImpl(permissionChecker, organization));
229
230 _organizationOwners.put(organization.getOrganizationId(), value);
231 }
232
233 return value.booleanValue();
234 }
235
236 protected boolean isContentReviewerImpl(
237 PermissionChecker permissionChecker, Group group)
238 throws PortalException {
239
240 if (permissionChecker.isCompanyAdmin() ||
241 permissionChecker.isGroupAdmin(group.getGroupId())) {
242
243 return true;
244 }
245
246 if (RoleLocalServiceUtil.hasUserRole(
247 getUserId(), group.getCompanyId(),
248 RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
249
250 return true;
251 }
252
253 if (group.isSite()) {
254 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
255 getUserId(), group.getGroupId(),
256 RoleConstants.SITE_CONTENT_REVIEWER, true)) {
257
258 return true;
259 }
260 }
261
262 return false;
263 }
264
265 protected boolean isGroupAdminImpl(
266 PermissionChecker permissionChecker, Group group)
267 throws PortalException {
268
269 if (group.isLayout()) {
270 long parentGroupId = group.getParentGroupId();
271
272 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
273 return false;
274 }
275
276 group = GroupLocalServiceUtil.getGroup(parentGroupId);
277 }
278
279 if (group.isSite()) {
280 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
281 getUserId(), group.getGroupId(),
282 RoleConstants.SITE_ADMINISTRATOR, true) ||
283 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
284 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
285 true)) {
286
287 return true;
288 }
289 }
290
291 if (group.isCompany()) {
292 if (permissionChecker.isCompanyAdmin()) {
293 return true;
294 }
295 else {
296 return false;
297 }
298 }
299 else if (group.isLayoutPrototype()) {
300 if (LayoutPrototypePermissionUtil.contains(
301 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
302
303 return true;
304 }
305 else {
306 return false;
307 }
308 }
309 else if (group.isLayoutSetPrototype()) {
310 if (LayoutSetPrototypePermissionUtil.contains(
311 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
312
313 return true;
314 }
315 else {
316 return false;
317 }
318 }
319 else if (group.isOrganization()) {
320 long organizationId = group.getOrganizationId();
321
322 while (organizationId !=
323 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
324
325 Organization organization =
326 OrganizationLocalServiceUtil.getOrganization(
327 organizationId);
328
329 long organizationGroupId = organization.getGroupId();
330
331 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
332 getUserId(), organizationGroupId,
333 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
334 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
335 getUserId(), organizationGroupId,
336 RoleConstants.ORGANIZATION_OWNER, true)) {
337
338 return true;
339 }
340
341 organizationId = organization.getParentOrganizationId();
342 }
343 }
344
345 return false;
346 }
347
348 protected boolean isGroupOwnerImpl(
349 PermissionChecker permissionChecker, Group group)
350 throws PortalException {
351
352 if (group.isSite()) {
353 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
354 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
355 true)) {
356
357 return true;
358 }
359 }
360
361 if (group.isLayoutPrototype()) {
362 if (LayoutPrototypePermissionUtil.contains(
363 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
364
365 return true;
366 }
367 else {
368 return false;
369 }
370 }
371 else if (group.isLayoutSetPrototype()) {
372 if (LayoutSetPrototypePermissionUtil.contains(
373 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
374
375 return true;
376 }
377 else {
378 return false;
379 }
380 }
381 else if (group.isOrganization()) {
382 long organizationId = group.getOrganizationId();
383
384 while (organizationId !=
385 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
386
387 Organization organization =
388 OrganizationLocalServiceUtil.getOrganization(
389 organizationId);
390
391 long organizationGroupId = organization.getGroupId();
392
393 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
394 getUserId(), organizationGroupId,
395 RoleConstants.ORGANIZATION_OWNER, true)) {
396
397 return true;
398 }
399
400 organizationId = organization.getParentOrganizationId();
401 }
402 }
403 else if (group.isUser()) {
404 long groupUserId = group.getClassPK();
405
406 if (getUserId() == groupUserId) {
407 return true;
408 }
409 }
410
411 return false;
412 }
413
414 protected boolean isOrganizationAdminImpl(
415 PermissionChecker permissionChecker, Organization organization)
416 throws PortalException {
417
418 while (organization != null) {
419 long organizationGroupId = organization.getGroupId();
420
421 long userId = getUserId();
422
423 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
424 userId, organizationGroupId,
425 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
426 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
427 userId, organizationGroupId,
428 RoleConstants.ORGANIZATION_OWNER, true)) {
429
430 return true;
431 }
432
433 organization = organization.getParentOrganization();
434 }
435
436 return false;
437 }
438
439 protected boolean isOrganizationOwnerImpl(
440 PermissionChecker permissionChecker, Organization organization)
441 throws PortalException {
442
443 while (organization != null) {
444 long organizationGroupId = organization.getGroupId();
445
446 long userId = getUserId();
447
448 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
449 userId, organizationGroupId,
450 RoleConstants.ORGANIZATION_OWNER, true)) {
451
452 return true;
453 }
454
455 organization = organization.getParentOrganization();
456 }
457
458 return false;
459 }
460
461 private Map<Long, Boolean> _contentReviewers = new HashMap<Long, Boolean>();
462 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
463 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
464 private Map<Long, Boolean> _organizationAdmins =
465 new HashMap<Long, Boolean>();
466 private Map<Long, Boolean> _organizationOwners =
467 new HashMap<Long, Boolean>();
468 private long[] _roleIds;
469 private List<Role> _roles;
470
471 }