001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.util.ListUtil;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.GroupConstants;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.OrganizationConstants;
023 import com.liferay.portal.model.Role;
024 import com.liferay.portal.model.RoleConstants;
025 import com.liferay.portal.model.UserConstants;
026 import com.liferay.portal.service.GroupLocalServiceUtil;
027 import com.liferay.portal.service.OrganizationLocalServiceUtil;
028 import com.liferay.portal.service.RoleLocalServiceUtil;
029 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
031 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
032
033 import java.util.Arrays;
034 import java.util.Collections;
035 import java.util.HashMap;
036 import java.util.List;
037 import java.util.Map;
038 import java.util.Set;
039
040
043 public class PermissionCheckerBagImpl
044 extends UserPermissionCheckerBagImpl implements PermissionCheckerBag {
045
046 public PermissionCheckerBagImpl() {
047 super(
048 UserConstants.USER_ID_DEFAULT, Collections.<Group>emptySet(),
049 Collections.<Organization>emptyList(),
050 Collections.<Group>emptySet(), Collections.<Group>emptyList(),
051 Collections.<Role>emptySet());
052 }
053
054 public PermissionCheckerBagImpl(long userId) {
055 super(
056 userId, Collections.<Group>emptySet(),
057 Collections.<Organization>emptyList(),
058 Collections.<Group>emptySet(), Collections.<Group>emptyList(),
059 Collections.<Role>emptySet());
060 }
061
062 public PermissionCheckerBagImpl(
063 long userId, Set<Group> userGroups, List<Organization> userOrgs,
064 Set<Group> userOrgGroups, List<Group> userUserGroupGroups,
065 Set<Role> roles) {
066
067 super(
068 userId, userGroups, userOrgs, userOrgGroups, userUserGroupGroups,
069 roles);
070 }
071
072 public PermissionCheckerBagImpl(long userId, Set<Role> roles) {
073 super(
074 userId, Collections.<Group>emptySet(),
075 Collections.<Organization>emptyList(),
076 Collections.<Group>emptySet(), Collections.<Group>emptyList(),
077 roles);
078 }
079
080 public PermissionCheckerBagImpl(
081 UserPermissionCheckerBag userPermissionCheckerBag, Set<Role> roles) {
082
083 super(userPermissionCheckerBag, roles);
084 }
085
086 @Override
087 public long[] getRoleIds() {
088 if (_roleIds == null) {
089 List<Role> roles = ListUtil.fromCollection(getRoles());
090
091 long[] roleIds = new long[roles.size()];
092
093 for (int i = 0; i < roles.size(); i++) {
094 Role role = roles.get(i);
095
096 roleIds[i] = role.getRoleId();
097 }
098
099 Arrays.sort(roleIds);
100
101 _roleIds = roleIds;
102 }
103
104 return _roleIds;
105 }
106
107
111 @Deprecated
112 @Override
113 public boolean isCommunityAdmin(
114 PermissionChecker permissionChecker, Group group)
115 throws Exception {
116
117 return isGroupAdmin(permissionChecker, group);
118 }
119
120
124 @Deprecated
125 @Override
126 public boolean isCommunityOwner(
127 PermissionChecker permissionChecker, Group group)
128 throws Exception {
129
130 return isGroupOwner(permissionChecker, group);
131 }
132
133 @Override
134 public boolean isContentReviewer(
135 PermissionChecker permissionChecker, Group group)
136 throws Exception {
137
138 Boolean value = _contentReviewers.get(group.getCompanyId());
139
140 if (value == null) {
141 value = Boolean.valueOf(
142 isContentReviewerImpl(permissionChecker, group));
143
144 _contentReviewers.put(group.getCompanyId(), value);
145 }
146
147 return value.booleanValue();
148 }
149
150 @Override
151 public boolean isGroupAdmin(
152 PermissionChecker permissionChecker, Group group)
153 throws Exception {
154
155 Boolean value = _groupAdmins.get(group.getGroupId());
156
157 if (value == null) {
158 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
159
160 _groupAdmins.put(group.getGroupId(), value);
161 }
162
163 return value.booleanValue();
164 }
165
166 @Override
167 public boolean isGroupMember(
168 PermissionChecker permissionChecker, Group group)
169 throws Exception {
170
171 for (Role role : getRoles()) {
172 String roleName = role.getName();
173
174 if (roleName.equals(RoleConstants.SITE_MEMBER)) {
175 return true;
176 }
177 }
178
179 Set<Group> userGroups = getUserGroups();
180
181 if (userGroups.contains(group)) {
182 return true;
183 }
184
185 return false;
186 }
187
188 @Override
189 public boolean isGroupOwner(
190 PermissionChecker permissionChecker, Group group)
191 throws Exception {
192
193 Boolean value = _groupOwners.get(group.getGroupId());
194
195 if (value == null) {
196 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
197
198 _groupOwners.put(group.getGroupId(), value);
199 }
200
201 return value.booleanValue();
202 }
203
204 @Override
205 public boolean isOrganizationAdmin(
206 PermissionChecker permissionChecker, Organization organization)
207 throws Exception {
208
209 Boolean value = _organizationAdmins.get(
210 organization.getOrganizationId());
211
212 if (value == null) {
213 value = Boolean.valueOf(
214 isOrganizationAdminImpl(permissionChecker, organization));
215
216 _organizationAdmins.put(organization.getOrganizationId(), value);
217 }
218
219 return value.booleanValue();
220 }
221
222 @Override
223 public boolean isOrganizationOwner(
224 PermissionChecker permissionChecker, Organization organization)
225 throws Exception {
226
227 Boolean value = _organizationOwners.get(
228 organization.getOrganizationId());
229
230 if (value == null) {
231 value = Boolean.valueOf(
232 isOrganizationOwnerImpl(permissionChecker, organization));
233
234 _organizationOwners.put(organization.getOrganizationId(), value);
235 }
236
237 return value.booleanValue();
238 }
239
240 protected boolean isContentReviewerImpl(
241 PermissionChecker permissionChecker, Group group)
242 throws PortalException {
243
244 if (permissionChecker.isCompanyAdmin() ||
245 permissionChecker.isGroupAdmin(group.getGroupId())) {
246
247 return true;
248 }
249
250 if (RoleLocalServiceUtil.hasUserRole(
251 getUserId(), group.getCompanyId(),
252 RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
253
254 return true;
255 }
256
257 if (group.isSite()) {
258 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
259 getUserId(), group.getGroupId(),
260 RoleConstants.SITE_CONTENT_REVIEWER, true)) {
261
262 return true;
263 }
264 }
265
266 return false;
267 }
268
269 protected boolean isGroupAdminImpl(
270 PermissionChecker permissionChecker, Group group)
271 throws PortalException {
272
273 if (group.isLayout()) {
274 long parentGroupId = group.getParentGroupId();
275
276 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
277 return false;
278 }
279
280 group = GroupLocalServiceUtil.getGroup(parentGroupId);
281 }
282
283 if (group.isSite()) {
284 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
285 getUserId(), group.getGroupId(),
286 RoleConstants.SITE_ADMINISTRATOR, true) ||
287 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
288 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
289 true)) {
290
291 return true;
292 }
293 }
294
295 if (group.isCompany()) {
296 if (permissionChecker.isCompanyAdmin()) {
297 return true;
298 }
299 else {
300 return false;
301 }
302 }
303 else if (group.isLayoutPrototype()) {
304 if (LayoutPrototypePermissionUtil.contains(
305 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
306
307 return true;
308 }
309 else {
310 return false;
311 }
312 }
313 else if (group.isLayoutSetPrototype()) {
314 if (LayoutSetPrototypePermissionUtil.contains(
315 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
316
317 return true;
318 }
319 else {
320 return false;
321 }
322 }
323 else if (group.isOrganization()) {
324 long organizationId = group.getOrganizationId();
325
326 while (organizationId !=
327 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
328
329 Organization organization =
330 OrganizationLocalServiceUtil.getOrganization(
331 organizationId);
332
333 long organizationGroupId = organization.getGroupId();
334
335 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
336 getUserId(), organizationGroupId,
337 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
338 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
339 getUserId(), organizationGroupId,
340 RoleConstants.ORGANIZATION_OWNER, true)) {
341
342 return true;
343 }
344
345 organizationId = organization.getParentOrganizationId();
346 }
347 }
348
349 return false;
350 }
351
352 protected boolean isGroupOwnerImpl(
353 PermissionChecker permissionChecker, Group group)
354 throws PortalException {
355
356 if (group.isSite()) {
357 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
358 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
359 true)) {
360
361 return true;
362 }
363 }
364
365 if (group.isLayoutPrototype()) {
366 if (LayoutPrototypePermissionUtil.contains(
367 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
368
369 return true;
370 }
371 else {
372 return false;
373 }
374 }
375 else if (group.isLayoutSetPrototype()) {
376 if (LayoutSetPrototypePermissionUtil.contains(
377 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
378
379 return true;
380 }
381 else {
382 return false;
383 }
384 }
385 else if (group.isOrganization()) {
386 long organizationId = group.getOrganizationId();
387
388 while (organizationId !=
389 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
390
391 Organization organization =
392 OrganizationLocalServiceUtil.getOrganization(
393 organizationId);
394
395 long organizationGroupId = organization.getGroupId();
396
397 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
398 getUserId(), organizationGroupId,
399 RoleConstants.ORGANIZATION_OWNER, true)) {
400
401 return true;
402 }
403
404 organizationId = organization.getParentOrganizationId();
405 }
406 }
407 else if (group.isUser()) {
408 long groupUserId = group.getClassPK();
409
410 if (getUserId() == groupUserId) {
411 return true;
412 }
413 }
414
415 return false;
416 }
417
418 protected boolean isOrganizationAdminImpl(
419 PermissionChecker permissionChecker, Organization organization)
420 throws PortalException {
421
422 while (organization != null) {
423 long organizationGroupId = organization.getGroupId();
424
425 long userId = getUserId();
426
427 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
428 userId, organizationGroupId,
429 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
430 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
431 userId, organizationGroupId,
432 RoleConstants.ORGANIZATION_OWNER, true)) {
433
434 return true;
435 }
436
437 organization = organization.getParentOrganization();
438 }
439
440 return false;
441 }
442
443 protected boolean isOrganizationOwnerImpl(
444 PermissionChecker permissionChecker, Organization organization)
445 throws PortalException {
446
447 while (organization != null) {
448 long organizationGroupId = organization.getGroupId();
449
450 long userId = getUserId();
451
452 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
453 userId, organizationGroupId,
454 RoleConstants.ORGANIZATION_OWNER, true)) {
455
456 return true;
457 }
458
459 organization = organization.getParentOrganization();
460 }
461
462 return false;
463 }
464
465 private final Map<Long, Boolean> _contentReviewers = new HashMap<>();
466 private final Map<Long, Boolean> _groupAdmins = new HashMap<>();
467 private final Map<Long, Boolean> _groupOwners = new HashMap<>();
468 private final Map<Long, Boolean> _organizationAdmins = new HashMap<>();
469 private final Map<Long, Boolean> _organizationOwners = new HashMap<>();
470 private long[] _roleIds;
471
472 }