001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.security.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.util.ListUtil;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.GroupConstants;
021    import com.liferay.portal.model.Organization;
022    import com.liferay.portal.model.OrganizationConstants;
023    import com.liferay.portal.model.Role;
024    import com.liferay.portal.model.RoleConstants;
025    import com.liferay.portal.model.UserConstants;
026    import com.liferay.portal.service.GroupLocalServiceUtil;
027    import com.liferay.portal.service.OrganizationLocalServiceUtil;
028    import com.liferay.portal.service.RoleLocalServiceUtil;
029    import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030    import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
031    import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
032    
033    import java.util.Arrays;
034    import java.util.Collections;
035    import java.util.HashMap;
036    import java.util.List;
037    import java.util.Map;
038    import java.util.Set;
039    
040    /**
041     * @author Brian Wing Shun Chan
042     */
043    public class PermissionCheckerBagImpl
044            extends UserPermissionCheckerBagImpl implements PermissionCheckerBag {
045    
046            public PermissionCheckerBagImpl() {
047                    super(
048                            UserConstants.USER_ID_DEFAULT, Collections.<Group>emptySet(),
049                            Collections.<Organization>emptyList(),
050                            Collections.<Group>emptySet(), Collections.<Group>emptyList(),
051                            Collections.<Role>emptySet());
052            }
053    
054            public PermissionCheckerBagImpl(long userId) {
055                    super(
056                            userId, Collections.<Group>emptySet(),
057                            Collections.<Organization>emptyList(),
058                            Collections.<Group>emptySet(), Collections.<Group>emptyList(),
059                            Collections.<Role>emptySet());
060            }
061    
062            public PermissionCheckerBagImpl(
063                    long userId, Set<Group> userGroups, List<Organization> userOrgs,
064                    Set<Group> userOrgGroups, List<Group> userUserGroupGroups,
065                    Set<Role> roles) {
066    
067                    super(
068                            userId, userGroups, userOrgs, userOrgGroups, userUserGroupGroups,
069                            roles);
070            }
071    
072            public PermissionCheckerBagImpl(long userId, Set<Role> roles) {
073                    super(
074                            userId, Collections.<Group>emptySet(),
075                            Collections.<Organization>emptyList(),
076                            Collections.<Group>emptySet(), Collections.<Group>emptyList(),
077                            roles);
078            }
079    
080            public PermissionCheckerBagImpl(
081                    UserPermissionCheckerBag userPermissionCheckerBag, Set<Role> roles) {
082    
083                    super(userPermissionCheckerBag, roles);
084            }
085    
086            @Override
087            public long[] getRoleIds() {
088                    if (_roleIds == null) {
089                            List<Role> roles = ListUtil.fromCollection(getRoles());
090    
091                            long[] roleIds = new long[roles.size()];
092    
093                            for (int i = 0; i < roles.size(); i++) {
094                                    Role role = roles.get(i);
095    
096                                    roleIds[i] = role.getRoleId();
097                            }
098    
099                            Arrays.sort(roleIds);
100    
101                            _roleIds = roleIds;
102                    }
103    
104                    return _roleIds;
105            }
106    
107            /**
108             * @deprecated As of 6.1.0, renamed to {@link
109             *             #isGroupAdmin(PermissionChecker, Group)}
110             */
111            @Deprecated
112            @Override
113            public boolean isCommunityAdmin(
114                            PermissionChecker permissionChecker, Group group)
115                    throws Exception {
116    
117                    return isGroupAdmin(permissionChecker, group);
118            }
119    
120            /**
121             * @deprecated As of 6.1.0, renamed to {@link
122             *             #isGroupOwner(PermissionChecker, Group)}
123             */
124            @Deprecated
125            @Override
126            public boolean isCommunityOwner(
127                            PermissionChecker permissionChecker, Group group)
128                    throws Exception {
129    
130                    return isGroupOwner(permissionChecker, group);
131            }
132    
133            @Override
134            public boolean isContentReviewer(
135                            PermissionChecker permissionChecker, Group group)
136                    throws Exception {
137    
138                    Boolean value = _contentReviewers.get(group.getCompanyId());
139    
140                    if (value == null) {
141                            value = Boolean.valueOf(
142                                    isContentReviewerImpl(permissionChecker, group));
143    
144                            _contentReviewers.put(group.getCompanyId(), value);
145                    }
146    
147                    return value.booleanValue();
148            }
149    
150            @Override
151            public boolean isGroupAdmin(
152                            PermissionChecker permissionChecker, Group group)
153                    throws Exception {
154    
155                    Boolean value = _groupAdmins.get(group.getGroupId());
156    
157                    if (value == null) {
158                            value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
159    
160                            _groupAdmins.put(group.getGroupId(), value);
161                    }
162    
163                    return value.booleanValue();
164            }
165    
166            @Override
167            public boolean isGroupMember(
168                            PermissionChecker permissionChecker, Group group)
169                    throws Exception {
170    
171                    for (Role role : getRoles()) {
172                            String roleName = role.getName();
173    
174                            if (roleName.equals(RoleConstants.SITE_MEMBER)) {
175                                    return true;
176                            }
177                    }
178    
179                    Set<Group> userGroups = getUserGroups();
180    
181                    if (userGroups.contains(group)) {
182                            return true;
183                    }
184    
185                    return false;
186            }
187    
188            @Override
189            public boolean isGroupOwner(
190                            PermissionChecker permissionChecker, Group group)
191                    throws Exception {
192    
193                    Boolean value = _groupOwners.get(group.getGroupId());
194    
195                    if (value == null) {
196                            value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
197    
198                            _groupOwners.put(group.getGroupId(), value);
199                    }
200    
201                    return value.booleanValue();
202            }
203    
204            @Override
205            public boolean isOrganizationAdmin(
206                            PermissionChecker permissionChecker, Organization organization)
207                    throws Exception {
208    
209                    Boolean value = _organizationAdmins.get(
210                            organization.getOrganizationId());
211    
212                    if (value == null) {
213                            value = Boolean.valueOf(
214                                    isOrganizationAdminImpl(permissionChecker, organization));
215    
216                            _organizationAdmins.put(organization.getOrganizationId(), value);
217                    }
218    
219                    return value.booleanValue();
220            }
221    
222            @Override
223            public boolean isOrganizationOwner(
224                            PermissionChecker permissionChecker, Organization organization)
225                    throws Exception {
226    
227                    Boolean value = _organizationOwners.get(
228                            organization.getOrganizationId());
229    
230                    if (value == null) {
231                            value = Boolean.valueOf(
232                                    isOrganizationOwnerImpl(permissionChecker, organization));
233    
234                            _organizationOwners.put(organization.getOrganizationId(), value);
235                    }
236    
237                    return value.booleanValue();
238            }
239    
240            protected boolean isContentReviewerImpl(
241                            PermissionChecker permissionChecker, Group group)
242                    throws PortalException {
243    
244                    if (permissionChecker.isCompanyAdmin() ||
245                            permissionChecker.isGroupAdmin(group.getGroupId())) {
246    
247                            return true;
248                    }
249    
250                    if (RoleLocalServiceUtil.hasUserRole(
251                                    getUserId(), group.getCompanyId(),
252                                    RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
253    
254                            return true;
255                    }
256    
257                    if (group.isSite()) {
258                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
259                                            getUserId(), group.getGroupId(),
260                                            RoleConstants.SITE_CONTENT_REVIEWER, true)) {
261    
262                                    return true;
263                            }
264                    }
265    
266                    return false;
267            }
268    
269            protected boolean isGroupAdminImpl(
270                            PermissionChecker permissionChecker, Group group)
271                    throws PortalException {
272    
273                    if (group.isLayout()) {
274                            long parentGroupId = group.getParentGroupId();
275    
276                            if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
277                                    return false;
278                            }
279    
280                            group = GroupLocalServiceUtil.getGroup(parentGroupId);
281                    }
282    
283                    if (group.isSite()) {
284                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
285                                            getUserId(), group.getGroupId(),
286                                            RoleConstants.SITE_ADMINISTRATOR, true) ||
287                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
288                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
289                                            true)) {
290    
291                                    return true;
292                            }
293                    }
294    
295                    if (group.isCompany()) {
296                            if (permissionChecker.isCompanyAdmin()) {
297                                    return true;
298                            }
299                            else {
300                                    return false;
301                            }
302                    }
303                    else if (group.isLayoutPrototype()) {
304                            if (LayoutPrototypePermissionUtil.contains(
305                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
306    
307                                    return true;
308                            }
309                            else {
310                                    return false;
311                            }
312                    }
313                    else if (group.isLayoutSetPrototype()) {
314                            if (LayoutSetPrototypePermissionUtil.contains(
315                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
316    
317                                    return true;
318                            }
319                            else {
320                                    return false;
321                            }
322                    }
323                    else if (group.isOrganization()) {
324                            long organizationId = group.getOrganizationId();
325    
326                            while (organizationId !=
327                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
328    
329                                    Organization organization =
330                                            OrganizationLocalServiceUtil.getOrganization(
331                                                    organizationId);
332    
333                                    long organizationGroupId = organization.getGroupId();
334    
335                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
336                                                    getUserId(), organizationGroupId,
337                                                    RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
338                                            UserGroupRoleLocalServiceUtil.hasUserGroupRole(
339                                                    getUserId(), organizationGroupId,
340                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
341    
342                                            return true;
343                                    }
344    
345                                    organizationId = organization.getParentOrganizationId();
346                            }
347                    }
348    
349                    return false;
350            }
351    
352            protected boolean isGroupOwnerImpl(
353                            PermissionChecker permissionChecker, Group group)
354                    throws PortalException {
355    
356                    if (group.isSite()) {
357                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
358                                            getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
359                                            true)) {
360    
361                                    return true;
362                            }
363                    }
364    
365                    if (group.isLayoutPrototype()) {
366                            if (LayoutPrototypePermissionUtil.contains(
367                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
368    
369                                    return true;
370                            }
371                            else {
372                                    return false;
373                            }
374                    }
375                    else if (group.isLayoutSetPrototype()) {
376                            if (LayoutSetPrototypePermissionUtil.contains(
377                                            permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
378    
379                                    return true;
380                            }
381                            else {
382                                    return false;
383                            }
384                    }
385                    else if (group.isOrganization()) {
386                            long organizationId = group.getOrganizationId();
387    
388                            while (organizationId !=
389                                                    OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
390    
391                                    Organization organization =
392                                            OrganizationLocalServiceUtil.getOrganization(
393                                                    organizationId);
394    
395                                    long organizationGroupId = organization.getGroupId();
396    
397                                    if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
398                                                    getUserId(), organizationGroupId,
399                                                    RoleConstants.ORGANIZATION_OWNER, true)) {
400    
401                                            return true;
402                                    }
403    
404                                    organizationId = organization.getParentOrganizationId();
405                            }
406                    }
407                    else if (group.isUser()) {
408                            long groupUserId = group.getClassPK();
409    
410                            if (getUserId() == groupUserId) {
411                                    return true;
412                            }
413                    }
414    
415                    return false;
416            }
417    
418            protected boolean isOrganizationAdminImpl(
419                            PermissionChecker permissionChecker, Organization organization)
420                    throws PortalException {
421    
422                    while (organization != null) {
423                            long organizationGroupId = organization.getGroupId();
424    
425                            long userId = getUserId();
426    
427                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
428                                            userId, organizationGroupId,
429                                            RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
430                                    UserGroupRoleLocalServiceUtil.hasUserGroupRole(
431                                            userId, organizationGroupId,
432                                            RoleConstants.ORGANIZATION_OWNER, true)) {
433    
434                                    return true;
435                            }
436    
437                            organization = organization.getParentOrganization();
438                    }
439    
440                    return false;
441            }
442    
443            protected boolean isOrganizationOwnerImpl(
444                            PermissionChecker permissionChecker, Organization organization)
445                    throws PortalException {
446    
447                    while (organization != null) {
448                            long organizationGroupId = organization.getGroupId();
449    
450                            long userId = getUserId();
451    
452                            if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
453                                            userId, organizationGroupId,
454                                            RoleConstants.ORGANIZATION_OWNER, true)) {
455    
456                                    return true;
457                            }
458    
459                            organization = organization.getParentOrganization();
460                    }
461    
462                    return false;
463            }
464    
465            private final Map<Long, Boolean> _contentReviewers = new HashMap<>();
466            private final Map<Long, Boolean> _groupAdmins = new HashMap<>();
467            private final Map<Long, Boolean> _groupOwners = new HashMap<>();
468            private final Map<Long, Boolean> _organizationAdmins = new HashMap<>();
469            private final Map<Long, Boolean> _organizationOwners = new HashMap<>();
470            private long[] _roleIds;
471    
472    }