001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.StringUtil;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.Layout;
023    import com.liferay.portal.model.LayoutTypePortlet;
024    import com.liferay.portal.model.Portlet;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.impl.VirtualLayout;
027    import com.liferay.portal.security.auth.PrincipalException;
028    import com.liferay.portal.security.permission.ActionKeys;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.ResourceActionsUtil;
031    import com.liferay.portal.service.GroupLocalServiceUtil;
032    import com.liferay.portal.service.LayoutLocalServiceUtil;
033    import com.liferay.portal.service.PortletLocalServiceUtil;
034    import com.liferay.portal.util.PortletCategoryKeys;
035    import com.liferay.portlet.ControlPanelEntry;
036    import com.liferay.portlet.exportimport.staging.permission.StagingPermissionUtil;
037    import com.liferay.portlet.sites.util.SitesUtil;
038    
039    import java.util.Collection;
040    import java.util.List;
041    
042    import javax.portlet.PortletMode;
043    
044    /**
045     * @author Brian Wing Shun Chan
046     * @author Raymond Aug??
047     */
048    public class PortletPermissionImpl implements PortletPermission {
049    
050            @Override
051            public void check(
052                            PermissionChecker permissionChecker, Layout layout,
053                            String portletId, String actionId)
054                    throws PortalException {
055    
056                    if (!contains(
057                                    permissionChecker, 0, layout, portletId, actionId,
058                                    _STRICT_DEFAULT)) {
059    
060                            throw new PrincipalException();
061                    }
062            }
063    
064            @Override
065            public void check(
066                            PermissionChecker permissionChecker, Layout layout,
067                            String portletId, String actionId, boolean strict)
068                    throws PortalException {
069    
070                    if (!contains(
071                                    permissionChecker, 0, layout, portletId, actionId, strict)) {
072    
073                            throw new PrincipalException();
074                    }
075            }
076    
077            @Override
078            public void check(
079                            PermissionChecker permissionChecker, long groupId, Layout layout,
080                            String portletId, String actionId)
081                    throws PortalException {
082    
083                    if (!contains(
084                                    permissionChecker, groupId, layout, portletId, actionId,
085                                    _STRICT_DEFAULT)) {
086    
087                            throw new PrincipalException();
088                    }
089            }
090    
091            @Override
092            public void check(
093                            PermissionChecker permissionChecker, long groupId, Layout layout,
094                            String portletId, String actionId, boolean strict)
095                    throws PortalException {
096    
097                    check(
098                            permissionChecker, groupId, layout, portletId, actionId, strict,
099                            _CHECK_STAGING_PERMISSION_DEFAULT);
100            }
101    
102            @Override
103            public void check(
104                            PermissionChecker permissionChecker, long groupId, Layout layout,
105                            String portletId, String actionId, boolean strict,
106                            boolean checkStagingPermission)
107                    throws PortalException {
108    
109                    if (!contains(
110                                    permissionChecker, groupId, layout, portletId, actionId, strict,
111                                    checkStagingPermission)) {
112    
113                            throw new PrincipalException();
114                    }
115            }
116    
117            @Override
118            public void check(
119                            PermissionChecker permissionChecker, long groupId, long plid,
120                            String portletId, String actionId)
121                    throws PortalException {
122    
123                    check(
124                            permissionChecker, groupId, plid, portletId, actionId,
125                            _STRICT_DEFAULT);
126            }
127    
128            @Override
129            public void check(
130                            PermissionChecker permissionChecker, long groupId, long plid,
131                            String portletId, String actionId, boolean strict)
132                    throws PortalException {
133    
134                    if (!contains(
135                                    permissionChecker, groupId, plid, portletId, actionId,
136                                    strict)) {
137    
138                            throw new PrincipalException();
139                    }
140            }
141    
142            @Override
143            public void check(
144                            PermissionChecker permissionChecker, long plid, String portletId,
145                            String actionId)
146                    throws PortalException {
147    
148                    check(permissionChecker, plid, portletId, actionId, _STRICT_DEFAULT);
149            }
150    
151            @Override
152            public void check(
153                            PermissionChecker permissionChecker, long plid, String portletId,
154                            String actionId, boolean strict)
155                    throws PortalException {
156    
157                    if (!contains(permissionChecker, plid, portletId, actionId, strict)) {
158                            throw new PrincipalException();
159                    }
160            }
161    
162            @Override
163            public void check(
164                            PermissionChecker permissionChecker, String portletId,
165                            String actionId)
166                    throws PortalException {
167    
168                    if (!contains(permissionChecker, portletId, actionId)) {
169                            throw new PrincipalException();
170                    }
171            }
172    
173            @Override
174            public boolean contains(
175                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
176                            String actionId)
177                    throws PortalException {
178    
179                    return contains(
180                            permissionChecker, layout, portlet, actionId, _STRICT_DEFAULT);
181            }
182    
183            @Override
184            public boolean contains(
185                            PermissionChecker permissionChecker, Layout layout, Portlet portlet,
186                            String actionId, boolean strict)
187                    throws PortalException {
188    
189                    return contains(
190                            permissionChecker, 0, layout, portlet, actionId, strict);
191            }
192    
193            @Override
194            public boolean contains(
195                            PermissionChecker permissionChecker, Layout layout,
196                            String portletId, String actionId)
197                    throws PortalException {
198    
199                    return contains(
200                            permissionChecker, layout, portletId, actionId, _STRICT_DEFAULT);
201            }
202    
203            @Override
204            public boolean contains(
205                            PermissionChecker permissionChecker, Layout layout,
206                            String portletId, String actionId, boolean strict)
207                    throws PortalException {
208    
209                    return contains(
210                            permissionChecker, 0, layout, portletId, actionId, strict);
211            }
212    
213            @Override
214            public boolean contains(
215                            PermissionChecker permissionChecker, long groupId, Layout layout,
216                            Portlet portlet, String actionId)
217                    throws PortalException {
218    
219                    return contains(
220                            permissionChecker, groupId, layout, portlet, actionId,
221                            _STRICT_DEFAULT);
222            }
223    
224            @Override
225            public boolean contains(
226                            PermissionChecker permissionChecker, long groupId, Layout layout,
227                            Portlet portlet, String actionId, boolean strict)
228                    throws PortalException {
229    
230                    if (portlet.isUndeployedPortlet()) {
231                            return false;
232                    }
233    
234                    return contains(
235                            permissionChecker, groupId, layout, portlet.getPortletId(),
236                            actionId, strict);
237            }
238    
239            @Override
240            public boolean contains(
241                            PermissionChecker permissionChecker, long groupId, Layout layout,
242                            String portletId, String actionId)
243                    throws PortalException {
244    
245                    return contains(
246                            permissionChecker, groupId, layout, portletId, actionId,
247                            _STRICT_DEFAULT);
248            }
249    
250            @Override
251            public boolean contains(
252                            PermissionChecker permissionChecker, long groupId, Layout layout,
253                            String portletId, String actionId, boolean strict)
254                    throws PortalException {
255    
256                    return contains(
257                            permissionChecker, groupId, layout, portletId, actionId, strict,
258                            _CHECK_STAGING_PERMISSION_DEFAULT);
259            }
260    
261            @Override
262            public boolean contains(
263                            PermissionChecker permissionChecker, long groupId, Layout layout,
264                            String portletId, String actionId, boolean strict,
265                            boolean checkStagingPermission)
266                    throws PortalException {
267    
268                    String name = null;
269                    String primKey = null;
270    
271                    if (layout == null) {
272                            name = portletId;
273                            primKey = portletId;
274    
275                            return permissionChecker.hasPermission(
276                                    groupId, name, primKey, actionId);
277                    }
278    
279                    if (!actionId.equals(ActionKeys.VIEW) &&
280                            (layout instanceof VirtualLayout)) {
281    
282                            return hasCustomizePermission(
283                                    permissionChecker, layout, portletId, actionId);
284                    }
285    
286                    Group group = layout.getGroup();
287    
288                    if (!group.isLayoutSetPrototype() &&
289                            actionId.equals(ActionKeys.CONFIGURATION) &&
290                            !SitesUtil.isLayoutUpdateable(layout)) {
291    
292                            return false;
293                    }
294    
295                    groupId = layout.getGroupId();
296    
297                    name = PortletConstants.getRootPortletId(portletId);
298    
299                    if (checkStagingPermission) {
300                            Boolean hasPermission = StagingPermissionUtil.hasPermission(
301                                    permissionChecker, groupId, name, groupId, name, actionId);
302    
303                            if (hasPermission != null) {
304                                    return hasPermission.booleanValue();
305                            }
306                    }
307    
308                    if (group.isControlPanel() && actionId.equals(ActionKeys.VIEW)) {
309                            return true;
310                    }
311    
312                    primKey = getPrimaryKey(layout.getPlid(), portletId);
313    
314                    if (strict) {
315                            return permissionChecker.hasPermission(
316                                    groupId, name, primKey, actionId);
317                    }
318    
319                    if (hasConfigurePermission(
320                                    permissionChecker, layout, portletId, actionId) ||
321                            hasCustomizePermission(
322                                    permissionChecker, layout, portletId, actionId)) {
323    
324                            return true;
325                    }
326    
327                    return permissionChecker.hasPermission(
328                            groupId, name, primKey, actionId);
329            }
330    
331            public boolean contains(
332                            PermissionChecker permissionChecker, long groupId, long plid,
333                            Portlet portlet, String actionId)
334                    throws PortalException {
335    
336                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
337    
338                    return contains(
339                            permissionChecker, groupId, layout, portlet, actionId,
340                            _STRICT_DEFAULT);
341            }
342    
343            @Override
344            public boolean contains(
345                            PermissionChecker permissionChecker, long groupId, long plid,
346                            Portlet portlet, String actionId, boolean strict)
347                    throws PortalException {
348    
349                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
350    
351                    return contains(
352                            permissionChecker, groupId, layout, portlet, actionId, strict);
353            }
354    
355            public boolean contains(
356                            PermissionChecker permissionChecker, long groupId, long plid,
357                            String portletId, String actionId)
358                    throws PortalException {
359    
360                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
361    
362                    return contains(
363                            permissionChecker, groupId, layout, portletId, actionId,
364                            _STRICT_DEFAULT);
365            }
366    
367            @Override
368            public boolean contains(
369                            PermissionChecker permissionChecker, long groupId, long plid,
370                            String portletId, String actionId, boolean strict)
371                    throws PortalException {
372    
373                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
374    
375                    return contains(
376                            permissionChecker, groupId, layout, portletId, actionId, strict);
377            }
378    
379            @Override
380            public boolean contains(
381                            PermissionChecker permissionChecker, long plid, Portlet portlet,
382                            String actionId)
383                    throws PortalException {
384    
385                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
386    
387                    return contains(
388                            permissionChecker, layout, portlet, actionId, _STRICT_DEFAULT);
389            }
390    
391            @Override
392            public boolean contains(
393                            PermissionChecker permissionChecker, long plid, Portlet portlet,
394                            String actionId, boolean strict)
395                    throws PortalException {
396    
397                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
398    
399                    return contains(
400                            permissionChecker, 0, layout, portlet, actionId, strict);
401            }
402    
403            @Override
404            public boolean contains(
405                            PermissionChecker permissionChecker, long plid, String portletId,
406                            String actionId)
407                    throws PortalException {
408    
409                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
410    
411                    return contains(
412                            permissionChecker, layout, portletId, actionId, _STRICT_DEFAULT);
413            }
414    
415            @Override
416            public boolean contains(
417                            PermissionChecker permissionChecker, long plid, String portletId,
418                            String actionId, boolean strict)
419                    throws PortalException {
420    
421                    Layout layout = LayoutLocalServiceUtil.fetchLayout(plid);
422    
423                    return contains(
424                            permissionChecker, 0, layout, portletId, actionId, strict);
425            }
426    
427            @Override
428            public boolean contains(
429                            PermissionChecker permissionChecker, String portletId,
430                            String actionId)
431                    throws PortalException {
432    
433                    return contains(permissionChecker, 0, portletId, actionId);
434            }
435    
436            @Override
437            public String getPrimaryKey(long plid, String portletId) {
438                    return String.valueOf(plid).concat(
439                            PortletConstants.LAYOUT_SEPARATOR).concat(portletId);
440            }
441    
442            @Override
443            public boolean hasAccessPermission(
444                            PermissionChecker permissionChecker, long scopeGroupId,
445                            Layout layout, Portlet portlet, PortletMode portletMode)
446                    throws PortalException {
447    
448                    if ((layout != null) && layout.isTypeControlPanel()) {
449                            String category = portlet.getControlPanelEntryCategory();
450    
451                            if (StringUtil.startsWith(
452                                            category, PortletCategoryKeys.SITE_ADMINISTRATION)) {
453    
454                                    layout = null;
455                            }
456                    }
457    
458                    boolean access = contains(
459                            permissionChecker, scopeGroupId, layout, portlet, ActionKeys.VIEW);
460    
461                    if (access && portletMode.equals(PortletMode.EDIT)) {
462                            access = contains(
463                                    permissionChecker, scopeGroupId, layout, portlet,
464                                    ActionKeys.PREFERENCES);
465                    }
466    
467                    return access;
468            }
469    
470            @Override
471            public boolean hasConfigurationPermission(
472                            PermissionChecker permissionChecker, long groupId, Layout layout,
473                            String actionId)
474                    throws PortalException {
475    
476                    LayoutTypePortlet layoutTypePortlet =
477                            (LayoutTypePortlet)layout.getLayoutType();
478    
479                    for (Portlet portlet : layoutTypePortlet.getAllPortlets(false)) {
480                            if (contains(
481                                            permissionChecker, groupId, layout, portlet.getPortletId(),
482                                            actionId)) {
483    
484                                    return true;
485                            }
486    
487                            if (contains(
488                                            permissionChecker, groupId, null,
489                                            portlet.getRootPortletId(), actionId)) {
490    
491                                    return true;
492                            }
493                    }
494    
495                    return false;
496            }
497    
498            @Override
499            public boolean hasControlPanelAccessPermission(
500                            PermissionChecker permissionChecker, long groupId,
501                            Collection<Portlet> portlets)
502                    throws PortalException {
503    
504                    for (Portlet portlet : portlets) {
505                            if (hasControlPanelAccessPermission(
506                                            permissionChecker, groupId, portlet)) {
507    
508                                    return true;
509                            }
510                    }
511    
512                    return false;
513            }
514    
515            @Override
516            public boolean hasControlPanelAccessPermission(
517                            PermissionChecker permissionChecker, long scopeGroupId,
518                            Portlet portlet)
519                    throws PortalException {
520    
521                    Group group = GroupLocalServiceUtil.getGroup(scopeGroupId);
522    
523                    ControlPanelEntry controlPanelEntry =
524                            portlet.getControlPanelEntryInstance();
525    
526                    try {
527                            return controlPanelEntry.hasAccessPermission(
528                                    permissionChecker, group, portlet);
529                    }
530                    catch (Exception e) {
531                            if (_log.isWarnEnabled()) {
532                                    _log.warn("Cannot process control panel access permission", e);
533                            }
534    
535                            return false;
536                    }
537            }
538    
539            @Override
540            public boolean hasControlPanelAccessPermission(
541                            PermissionChecker permissionChecker, long scopeGroupId,
542                            String portletId)
543                    throws PortalException {
544    
545                    Portlet portlet = PortletLocalServiceUtil.getPortletById(portletId);
546    
547                    return hasControlPanelAccessPermission(
548                            permissionChecker, scopeGroupId, portlet);
549            }
550    
551            @Override
552            public boolean hasLayoutManagerPermission(
553                    String portletId, String actionId) {
554    
555                    try {
556                            portletId = PortletConstants.getRootPortletId(portletId);
557    
558                            List<String> layoutManagerActions =
559                                    ResourceActionsUtil.getPortletResourceLayoutManagerActions(
560                                            portletId);
561    
562                            return layoutManagerActions.contains(actionId);
563                    }
564                    catch (Exception e) {
565                            _log.error(e, e);
566    
567                            return false;
568                    }
569            }
570    
571            protected boolean hasConfigurePermission(
572                            PermissionChecker permissionChecker, Layout layout,
573                            String portletId, String actionId)
574                    throws PortalException {
575    
576                    if (!actionId.equals(ActionKeys.CONFIGURATION) &&
577                            !actionId.equals(ActionKeys.PREFERENCES) &&
578                            !actionId.equals(ActionKeys.GUEST_PREFERENCES)) {
579    
580                            return false;
581                    }
582    
583                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
584                            layout.getCompanyId(), portletId);
585    
586                    if (portlet.isPreferencesUniquePerLayout()) {
587                            return LayoutPermissionUtil.contains(
588                                    permissionChecker, layout, ActionKeys.CONFIGURE_PORTLETS);
589                    }
590    
591                    return GroupPermissionUtil.contains(
592                            permissionChecker, layout.getGroupId(),
593                            ActionKeys.CONFIGURE_PORTLETS);
594            }
595    
596            protected boolean hasCustomizePermission(
597                            PermissionChecker permissionChecker, Layout layout,
598                            String portletId, String actionId)
599                    throws PortalException {
600    
601                    LayoutTypePortlet layoutTypePortlet =
602                            (LayoutTypePortlet)layout.getLayoutType();
603    
604                    if (layoutTypePortlet.isCustomizedView() &&
605                            layoutTypePortlet.isPortletCustomizable(portletId) &&
606                            LayoutPermissionUtil.contains(
607                                    permissionChecker, layout, ActionKeys.CUSTOMIZE)) {
608    
609                            if (actionId.equals(ActionKeys.VIEW)) {
610                                    return true;
611                            }
612                            else if (actionId.equals(ActionKeys.CONFIGURATION)) {
613                                    Portlet portlet = PortletLocalServiceUtil.getPortletById(
614                                            layout.getCompanyId(), portletId);
615    
616                                    if (portlet.isInstanceable() ||
617                                            portlet.isPreferencesUniquePerLayout()) {
618    
619                                            return true;
620                                    }
621                            }
622                    }
623    
624                    return false;
625            }
626    
627            private static final boolean _CHECK_STAGING_PERMISSION_DEFAULT = true;
628    
629            private static final boolean _STRICT_DEFAULT = false;
630    
631            private static final Log _log = LogFactoryUtil.getLog(
632                    PortletPermissionImpl.class);
633    
634    }