001
014
015 package com.liferay.portal.model.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.portlet.PortletModeFactory;
019 import com.liferay.portal.kernel.util.ArrayUtil;
020 import com.liferay.portal.kernel.util.GetterUtil;
021 import com.liferay.portal.kernel.util.ParamUtil;
022 import com.liferay.portal.kernel.util.PropsKeys;
023 import com.liferay.portal.kernel.util.PropsUtil;
024 import com.liferay.portal.kernel.util.StringUtil;
025 import com.liferay.portal.kernel.util.Validator;
026 import com.liferay.portal.kernel.util.WebKeys;
027 import com.liferay.portal.model.Layout;
028 import com.liferay.portal.model.LayoutTypeAccessPolicy;
029 import com.liferay.portal.model.LayoutTypePortlet;
030 import com.liferay.portal.model.Portlet;
031 import com.liferay.portal.security.auth.AuthTokenUtil;
032 import com.liferay.portal.security.auth.PrincipalException;
033 import com.liferay.portal.security.permission.ActionKeys;
034 import com.liferay.portal.security.permission.PermissionChecker;
035 import com.liferay.portal.security.permission.PermissionThreadLocal;
036 import com.liferay.portal.service.permission.LayoutPermissionUtil;
037 import com.liferay.portal.service.permission.PortletPermissionUtil;
038 import com.liferay.portal.theme.ThemeDisplay;
039 import com.liferay.portal.util.PortalUtil;
040
041 import javax.portlet.PortletMode;
042
043 import javax.servlet.http.HttpServletRequest;
044
045
048 public class DefaultLayoutTypeAccessPolicyImpl
049 implements LayoutTypeAccessPolicy {
050
051 public static LayoutTypeAccessPolicy create() {
052 return _instance;
053 }
054
055 @Override
056 public void checkAccessAllowedToPortlet(
057 HttpServletRequest request, Layout layout, Portlet portlet)
058 throws PortalException {
059
060 if (layout.isTypeControlPanel()) {
061 isAccessAllowedToControlPanelPortlet(request, layout, portlet);
062
063 return;
064 }
065
066 if (isAccessAllowedToLayoutPortlet(request, layout, portlet)) {
067 PortalUtil.addPortletDefaultResource(request, portlet);
068
069 if (hasAccessPermission(request, layout, portlet)) {
070 return;
071 }
072 }
073
074 throw new PrincipalException(
075 "User does not have permission to access portlet " +
076 portlet.getPortletId());
077 }
078
079 @Override
080 public boolean isAddLayoutAllowed(
081 PermissionChecker permissionChecker, Layout layout)
082 throws PortalException {
083
084 if (layout.isTypeControlPanel()) {
085 return false;
086 }
087
088 return LayoutPermissionUtil.contains(
089 permissionChecker, layout, ActionKeys.ADD_LAYOUT);
090 }
091
092 @Override
093 public boolean isCustomizeLayoutAllowed(
094 PermissionChecker permissionChecker, Layout layout)
095 throws PortalException {
096
097 if (layout.isTypeControlPanel()) {
098 return false;
099 }
100
101 return LayoutPermissionUtil.contains(
102 permissionChecker, layout, ActionKeys.CUSTOMIZE);
103 }
104
105 @Override
106 public boolean isDeleteLayoutAllowed(
107 PermissionChecker permissionChecker, Layout layout)
108 throws PortalException {
109
110 if (layout.isTypeControlPanel()) {
111 return false;
112 }
113
114 return LayoutPermissionUtil.contains(
115 permissionChecker, layout, ActionKeys.DELETE);
116 }
117
118 @Override
119 public boolean isUpdateLayoutAllowed(
120 PermissionChecker permissionChecker, Layout layout)
121 throws PortalException {
122
123 if (layout.isTypeControlPanel()) {
124 return false;
125 }
126
127 return LayoutPermissionUtil.contains(
128 permissionChecker, layout, ActionKeys.UPDATE);
129 }
130
131 @Override
132 public boolean isViewLayoutAllowed(
133 PermissionChecker permissionChecker, Layout layout)
134 throws PortalException {
135
136 if (layout.isTypeControlPanel()) {
137 return false;
138 }
139
140 return LayoutPermissionUtil.contains(
141 permissionChecker, layout, ActionKeys.VIEW);
142 }
143
144 protected boolean hasAccessPermission(
145 HttpServletRequest request, Layout layout, Portlet portlet)
146 throws PortalException {
147
148 PermissionChecker permissionChecker =
149 PermissionThreadLocal.getPermissionChecker();
150
151 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
152 WebKeys.THEME_DISPLAY);
153
154 PortletMode portletMode = PortletMode.VIEW;
155
156 String portletId = portlet.getPortletId();
157 String ppid = request.getParameter("p_p_id");
158 String ppmode = request.getParameter("p_p_mode");
159
160 if (portletId.equals(ppid) && (ppmode != null)) {
161 portletMode = PortletModeFactory.getPortletMode(ppmode);
162 }
163
164 return PortletPermissionUtil.hasAccessPermission(
165 permissionChecker, themeDisplay.getScopeGroupId(), layout, portlet,
166 portletMode);
167 }
168
169 protected void isAccessAllowedToControlPanelPortlet(
170 HttpServletRequest request, Layout layout, Portlet portlet)
171 throws PortalException {
172
173 PermissionChecker permissionChecker =
174 PermissionThreadLocal.getPermissionChecker();
175
176 ThemeDisplay themeDisplay = (ThemeDisplay)request.getAttribute(
177 WebKeys.THEME_DISPLAY);
178
179 if (PortletPermissionUtil.hasControlPanelAccessPermission(
180 permissionChecker, themeDisplay.getScopeGroupId(), portlet)) {
181
182 return;
183 }
184
185 if (isAccessGrantedByRuntimePortlet(request)) {
186 return;
187 }
188
189 if (isAccessGrantedByPortletAuthenticationToken(
190 request, layout, portlet)) {
191
192 return;
193 }
194
195 throw new PrincipalException(
196 "User does not have permission to access Control Panel portlet " +
197 portlet.getPortletId());
198 }
199
200 protected boolean isAccessAllowedToLayoutPortlet(
201 HttpServletRequest request, Layout layout, Portlet portlet)
202 throws PortalException {
203
204 if (isAccessGrantedByRuntimePortlet(request)) {
205 return true;
206 }
207
208 if (isAccessGrantedByPortletOnPage(layout, portlet)) {
209 return true;
210 }
211
212 if (isAccessGrantedByPortletAuthenticationToken(
213 request, layout, portlet)) {
214
215 return true;
216 }
217
218 return false;
219 }
220
221 protected boolean isAccessGrantedByPortletAuthenticationToken(
222 HttpServletRequest request, Layout layout, Portlet portlet) {
223
224 String portletId = portlet.getPortletId();
225
226 if (!portlet.isAddDefaultResource()) {
227 return false;
228 }
229
230 if (!_PORTLET_ADD_DEFAULT_RESOURCE_CHECK_ENABLED) {
231 return true;
232 }
233
234 String namespace = PortalUtil.getPortletNamespace(portletId);
235
236 String strutsAction = ParamUtil.getString(
237 request, namespace + "struts_action");
238
239 if (Validator.isNull(strutsAction)) {
240 strutsAction = ParamUtil.getString(request, "struts_action");
241 }
242
243 String requestPortletAuthenticationToken = ParamUtil.getString(
244 request, "p_p_auth");
245
246 if (Validator.isNull(requestPortletAuthenticationToken)) {
247 HttpServletRequest originalRequest =
248 PortalUtil.getOriginalServletRequest(request);
249
250 requestPortletAuthenticationToken = ParamUtil.getString(
251 originalRequest, "p_p_auth");
252 }
253
254 if (AuthTokenUtil.isValidPortletInvocationToken(
255 request, layout.getPlid(), portletId, strutsAction,
256 requestPortletAuthenticationToken)) {
257
258 return true;
259 }
260
261 return false;
262 }
263
264 protected boolean isAccessGrantedByPortletOnPage(
265 Layout layout, Portlet portlet)
266 throws PortalException {
267
268 String portletId = portlet.getPortletId();
269
270 if (layout.isTypePanel() && isPanelSelectedPortlet(layout, portletId)) {
271 return true;
272 }
273
274 LayoutTypePortlet layoutTypePortlet =
275 (LayoutTypePortlet)layout.getLayoutType();
276
277 if ((layoutTypePortlet != null) &&
278 layoutTypePortlet.hasPortletId(portletId)) {
279
280 return true;
281 }
282
283 return false;
284 }
285
286 protected boolean isAccessGrantedByRuntimePortlet(
287 HttpServletRequest request) {
288
289 Boolean renderPortletResource = (Boolean)request.getAttribute(
290 WebKeys.RENDER_PORTLET_RESOURCE);
291
292 if (renderPortletResource != null) {
293 return renderPortletResource;
294 }
295
296 return false;
297 }
298
299 protected boolean isPanelSelectedPortlet(Layout layout, String portletId) {
300 String panelSelectedPortlets = layout.getTypeSettingsProperty(
301 "panelSelectedPortlets");
302
303 if (Validator.isNotNull(panelSelectedPortlets)) {
304 String[] panelSelectedPortletsArray = StringUtil.split(
305 panelSelectedPortlets);
306
307 return ArrayUtil.contains(panelSelectedPortletsArray, portletId);
308 }
309
310 return false;
311 }
312
313 private static final boolean _PORTLET_ADD_DEFAULT_RESOURCE_CHECK_ENABLED =
314 GetterUtil.getBoolean(
315 PropsUtil.get(
316 PropsKeys.PORTLET_ADD_DEFAULT_RESOURCE_CHECK_ENABLED));
317
318 private static final LayoutTypeAccessPolicy _instance =
319 new DefaultLayoutTypeAccessPolicyImpl();
320
321 }