001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.log.Log;
019 import com.liferay.portal.kernel.log.LogFactoryUtil;
020 import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
021 import com.liferay.portal.model.Contact;
022 import com.liferay.portal.model.Group;
023 import com.liferay.portal.model.Organization;
024 import com.liferay.portal.model.ResourceConstants;
025 import com.liferay.portal.model.RoleConstants;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.BaseModelPermissionChecker;
030 import com.liferay.portal.security.permission.PermissionChecker;
031 import com.liferay.portal.service.OrganizationLocalServiceUtil;
032 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
033 import com.liferay.portal.service.UserLocalServiceUtil;
034 import com.liferay.portal.util.PortalUtil;
035
036 import java.util.List;
037
038
042 @OSGiBeanProperties(
043 property = {"model.class.name=com.liferay.portal.model.User"}
044 )
045 public class UserPermissionImpl
046 implements BaseModelPermissionChecker, UserPermission {
047
048
052 @Deprecated
053 @Override
054 public void check(
055 PermissionChecker permissionChecker, long userId,
056 long organizationId, long locationId, String actionId)
057 throws PrincipalException {
058
059 check(
060 permissionChecker, userId, new long[] {organizationId, locationId},
061 actionId);
062 }
063
064 @Override
065 public void check(
066 PermissionChecker permissionChecker, long userId,
067 long[] organizationIds, String actionId)
068 throws PrincipalException {
069
070 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
071 throw new PrincipalException();
072 }
073 }
074
075 @Override
076 public void check(
077 PermissionChecker permissionChecker, long userId, String actionId)
078 throws PrincipalException {
079
080 if (!contains(permissionChecker, userId, actionId)) {
081 throw new PrincipalException();
082 }
083 }
084
085 @Override
086 public void checkBaseModel(
087 PermissionChecker permissionChecker, long groupId, long primaryKey,
088 String actionId)
089 throws PortalException {
090
091 List<Organization> organizations =
092 OrganizationLocalServiceUtil.getUserOrganizations(primaryKey);
093
094 long[] organizationsIds = new long[organizations.size()];
095
096 for (int i = 0; i < organizations.size(); i++) {
097 Organization organization = organizations.get(i);
098
099 organizationsIds[i] = organization.getOrganizationId();
100 }
101
102 check(permissionChecker, primaryKey, organizationsIds, actionId);
103 }
104
105
109 @Deprecated
110 @Override
111 public boolean contains(
112 PermissionChecker permissionChecker, long userId, long organizationId,
113 long locationId, String actionId) {
114
115 return contains(
116 permissionChecker, userId, new long[] {organizationId, locationId},
117 actionId);
118 }
119
120 @Override
121 public boolean contains(
122 PermissionChecker permissionChecker, long userId,
123 long[] organizationIds, String actionId) {
124
125 try {
126 User user = null;
127
128 if (userId != ResourceConstants.PRIMKEY_DNE) {
129 user = UserLocalServiceUtil.getUserById(userId);
130
131 if ((actionId.equals(ActionKeys.DELETE) ||
132 actionId.equals(ActionKeys.IMPERSONATE) ||
133 actionId.equals(ActionKeys.PERMISSIONS) ||
134 actionId.equals(ActionKeys.UPDATE) ||
135 actionId.equals(ActionKeys.VIEW)) &&
136 !permissionChecker.isOmniadmin() &&
137 (PortalUtil.isOmniadmin(user) ||
138 (!permissionChecker.isCompanyAdmin() &&
139 PortalUtil.isCompanyAdmin(user)))) {
140
141 return false;
142 }
143
144 Contact contact = user.getContact();
145
146 if (permissionChecker.hasOwnerPermission(
147 permissionChecker.getCompanyId(), User.class.getName(),
148 userId, contact.getUserId(), actionId) ||
149 (permissionChecker.getUserId() == userId)) {
150
151 return true;
152 }
153 }
154
155 if (permissionChecker.hasPermission(
156 0, User.class.getName(), userId, actionId)) {
157
158 return true;
159 }
160
161 if (user == null) {
162 return false;
163 }
164
165 if (organizationIds == null) {
166 organizationIds = user.getOrganizationIds();
167 }
168
169 for (long organizationId : organizationIds) {
170 Organization organization =
171 OrganizationLocalServiceUtil.getOrganization(
172 organizationId);
173
174 if (OrganizationPermissionUtil.contains(
175 permissionChecker, organization,
176 ActionKeys.MANAGE_USERS)) {
177
178 if (permissionChecker.getUserId() == user.getUserId()) {
179 return true;
180 }
181
182 Group organizationGroup = organization.getGroup();
183
184
185
186
187 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
188 user.getUserId(), organizationGroup.getGroupId(),
189 RoleConstants.ORGANIZATION_OWNER, true)) {
190
191 continue;
192 }
193 else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
194 user.getUserId(),
195 organizationGroup.getGroupId(),
196 RoleConstants.ORGANIZATION_ADMINISTRATOR,
197 true) &&
198 !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
199 permissionChecker.getUserId(),
200 organizationGroup.getGroupId(),
201 RoleConstants.ORGANIZATION_OWNER, true)) {
202
203 continue;
204 }
205
206 return true;
207 }
208 }
209 }
210 catch (Exception e) {
211 _log.error(e, e);
212 }
213
214 return false;
215 }
216
217 @Override
218 public boolean contains(
219 PermissionChecker permissionChecker, long userId, String actionId) {
220
221 return contains(permissionChecker, userId, null, actionId);
222 }
223
224 private static final Log _log = LogFactoryUtil.getLog(
225 UserPermissionImpl.class);
226
227 }