001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portlet.shopping.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.spring.osgi.OSGiBeanProperties;
019    import com.liferay.portal.security.auth.PrincipalException;
020    import com.liferay.portal.security.permission.ActionKeys;
021    import com.liferay.portal.security.permission.BaseModelPermissionChecker;
022    import com.liferay.portal.security.permission.PermissionChecker;
023    import com.liferay.portal.util.PropsValues;
024    import com.liferay.portlet.shopping.model.ShoppingCategory;
025    import com.liferay.portlet.shopping.model.ShoppingCategoryConstants;
026    import com.liferay.portlet.shopping.service.ShoppingCategoryLocalServiceUtil;
027    
028    /**
029     * @author Brian Wing Shun Chan
030     */
031    @OSGiBeanProperties(
032            property = {
033                    "model.class.name=com.liferay.portlet.shopping.model.ShoppingCategory"
034            }
035    )
036    public class ShoppingCategoryPermission implements BaseModelPermissionChecker {
037    
038            public static void check(
039                            PermissionChecker permissionChecker, long groupId, long categoryId,
040                            String actionId)
041                    throws PortalException {
042    
043                    if (!contains(permissionChecker, groupId, categoryId, actionId)) {
044                            throw new PrincipalException();
045                    }
046            }
047    
048            public static void check(
049                            PermissionChecker permissionChecker, ShoppingCategory category,
050                            String actionId)
051                    throws PortalException {
052    
053                    if (!contains(permissionChecker, category, actionId)) {
054                            throw new PrincipalException();
055                    }
056            }
057    
058            public static boolean contains(
059                            PermissionChecker permissionChecker, long groupId, long categoryId,
060                            String actionId)
061                    throws PortalException {
062    
063                    if (categoryId ==
064                                    ShoppingCategoryConstants.DEFAULT_PARENT_CATEGORY_ID) {
065    
066                            return ShoppingPermission.contains(
067                                    permissionChecker, groupId, actionId);
068                    }
069                    else {
070                            ShoppingCategory category =
071                                    ShoppingCategoryLocalServiceUtil.getCategory(categoryId);
072    
073                            return contains(permissionChecker, category, actionId);
074                    }
075            }
076    
077            public static boolean contains(
078                            PermissionChecker permissionChecker, ShoppingCategory category,
079                            String actionId)
080                    throws PortalException {
081    
082                    if (actionId.equals(ActionKeys.ADD_CATEGORY)) {
083                            actionId = ActionKeys.ADD_SUBCATEGORY;
084                    }
085    
086                    if (actionId.equals(ActionKeys.VIEW) &&
087                            PropsValues.PERMISSIONS_VIEW_DYNAMIC_INHERITANCE) {
088    
089                            long categoryId = category.getCategoryId();
090    
091                            while (categoryId !=
092                                                    ShoppingCategoryConstants.DEFAULT_PARENT_CATEGORY_ID) {
093    
094                                    category = ShoppingCategoryLocalServiceUtil.getCategory(
095                                            categoryId);
096    
097                                    if (!_hasPermission(permissionChecker, category, actionId)) {
098                                            return false;
099                                    }
100    
101                                    categoryId = category.getParentCategoryId();
102                            }
103    
104                            return ShoppingPermission.contains(
105                                    permissionChecker, category.getGroupId(), actionId);
106                    }
107    
108                    return _hasPermission(permissionChecker, category, actionId);
109            }
110    
111            @Override
112            public void checkBaseModel(
113                            PermissionChecker permissionChecker, long groupId, long primaryKey,
114                            String actionId)
115                    throws PortalException {
116    
117                    check(permissionChecker, groupId, primaryKey, actionId);
118            }
119    
120            private static boolean _hasPermission(
121                    PermissionChecker permissionChecker, ShoppingCategory category,
122                    String actionId) {
123    
124                    if (permissionChecker.hasOwnerPermission(
125                                    category.getCompanyId(), ShoppingCategory.class.getName(),
126                                    category.getCategoryId(), category.getUserId(), actionId) ||
127                            permissionChecker.hasPermission(
128                                    category.getGroupId(), ShoppingCategory.class.getName(),
129                                    category.getCategoryId(), actionId)) {
130    
131                            return true;
132                    }
133    
134                    return false;
135            }
136    
137    }