1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39  import com.liferay.portal.service.permission.GroupPermissionUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.service.permission.UserPermissionUtil;
42  import com.liferay.portlet.blogs.model.BlogsEntry;
43  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
44  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
45  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
46  import com.liferay.portlet.calendar.model.CalEvent;
47  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
48  import com.liferay.portlet.documentlibrary.model.DLFolder;
49  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
50  import com.liferay.portlet.imagegallery.model.IGFolder;
51  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
52  import com.liferay.portlet.journal.model.JournalArticle;
53  import com.liferay.portlet.journal.model.JournalFeed;
54  import com.liferay.portlet.journal.model.JournalStructure;
55  import com.liferay.portlet.journal.model.JournalTemplate;
56  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
57  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
58  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
59  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
60  import com.liferay.portlet.messageboards.model.MBCategory;
61  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
62  import com.liferay.portlet.polls.model.PollsQuestion;
63  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
64  import com.liferay.portlet.shopping.model.ShoppingCategory;
65  import com.liferay.portlet.shopping.model.ShoppingItem;
66  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
67  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
68  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
69  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
70  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
71  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
72  import com.liferay.portlet.wiki.model.WikiNode;
73  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
74  
75  /**
76   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
77   *
78   * @author Brian Wing Shun Chan
79   * @author Raymond Augé
80   *
81   */
82  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
83  
84      public void checkPermission(long groupId, String name, String primKey)
85          throws PortalException, SystemException {
86  
87          checkPermission(getPermissionChecker(), groupId, name, primKey);
88      }
89  
90      public boolean hasGroupPermission(
91              long groupId, String actionId, long resourceId)
92          throws SystemException {
93  
94          return permissionLocalService.hasGroupPermission(
95              groupId, actionId, resourceId);
96      }
97  
98      public boolean hasUserPermission(
99              long userId, String actionId, long resourceId)
100         throws SystemException {
101 
102         return permissionLocalService.hasUserPermission(
103             userId, actionId, resourceId);
104     }
105 
106     public boolean hasUserPermissions(
107             long userId, long groupId, String actionId, long[] resourceIds,
108             PermissionCheckerBag permissionCheckerBag)
109         throws SystemException {
110 
111         return permissionLocalService.hasUserPermissions(
112             userId, groupId, actionId, resourceIds, permissionCheckerBag);
113     }
114 
115     public void setGroupPermissions(
116             long groupId, String[] actionIds, long resourceId)
117         throws PortalException, SystemException {
118 
119         checkPermission(getPermissionChecker(), groupId, resourceId);
120 
121         permissionLocalService.setGroupPermissions(
122             groupId, actionIds, resourceId);
123     }
124 
125     public void setGroupPermissions(
126             String className, String classPK, long groupId,
127             String[] actionIds, long resourceId)
128         throws PortalException, SystemException {
129 
130         checkPermission(getPermissionChecker(), groupId, resourceId);
131 
132         permissionLocalService.setGroupPermissions(
133             className, classPK, groupId, actionIds, resourceId);
134     }
135 
136     public void setOrgGroupPermissions(
137             long organizationId, long groupId, String[] actionIds,
138             long resourceId)
139         throws PortalException, SystemException {
140 
141         checkPermission(getPermissionChecker(), groupId, resourceId);
142 
143         permissionLocalService.setOrgGroupPermissions(
144             organizationId, groupId, actionIds, resourceId);
145     }
146 
147     public void setRolePermission(
148             long roleId, long groupId, String name, int scope, String primKey,
149             String actionId)
150         throws PortalException, SystemException {
151 
152         checkPermission(
153             getPermissionChecker(), groupId, Role.class.getName(), roleId);
154 
155         permissionLocalService.setRolePermission(
156             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
157     }
158 
159     public void setRolePermissions(
160             long roleId, long groupId, String[] actionIds, long resourceId)
161         throws PortalException, SystemException {
162 
163         checkPermission(getPermissionChecker(), groupId, resourceId);
164 
165         permissionLocalService.setRolePermissions(
166             roleId, actionIds, resourceId);
167     }
168 
169     public void setUserPermissions(
170             long userId, long groupId, String[] actionIds, long resourceId)
171         throws PortalException, SystemException {
172 
173         checkPermission(getPermissionChecker(), groupId, resourceId);
174 
175         permissionLocalService.setUserPermissions(
176             userId, actionIds, resourceId);
177     }
178 
179     public void unsetRolePermission(
180             long roleId, long groupId, long permissionId)
181         throws SystemException, PortalException {
182 
183         checkPermission(
184             getPermissionChecker(), groupId, Role.class.getName(), roleId);
185 
186         permissionLocalService.unsetRolePermission(roleId, permissionId);
187     }
188 
189     public void unsetRolePermission(
190             long roleId, long groupId, String name, int scope, String primKey,
191             String actionId)
192         throws PortalException, SystemException {
193 
194         checkPermission(
195             getPermissionChecker(), groupId, Role.class.getName(), roleId);
196 
197         permissionLocalService.unsetRolePermission(
198             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
199     }
200 
201     public void unsetRolePermissions(
202             long roleId, long groupId, String name, int scope, String actionId)
203         throws PortalException, SystemException {
204 
205         checkPermission(
206             getPermissionChecker(), groupId, Role.class.getName(), roleId);
207 
208         permissionLocalService.unsetRolePermissions(
209             roleId, getUser().getCompanyId(), name, scope, actionId);
210     }
211 
212     public void unsetUserPermissions(
213             long userId, long groupId, String[] actionIds, long resourceId)
214         throws PortalException, SystemException {
215 
216         checkPermission(getPermissionChecker(), groupId, resourceId);
217 
218         permissionLocalService.unsetUserPermissions(
219             userId, actionIds, resourceId);
220     }
221 
222     protected void checkPermission(
223             PermissionChecker permissionChecker, long groupId,
224             long resourceId)
225         throws PortalException, SystemException {
226 
227         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
228 
229         checkPermission(
230             permissionChecker, groupId, resource.getName(),
231             resource.getPrimKey().toString());
232     }
233 
234     protected void checkPermission(
235             PermissionChecker permissionChecker, long groupId, String name,
236             long primKey)
237         throws PortalException, SystemException {
238 
239         checkPermission(
240             permissionChecker, groupId, name, String.valueOf(primKey));
241     }
242 
243     protected void checkPermission(
244             PermissionChecker permissionChecker, long groupId, String name,
245             String primKey)
246         throws PortalException, SystemException {
247 
248         if (name.equals(BlogsEntry.class.getName())) {
249             BlogsEntryPermission.check(
250                 permissionChecker, GetterUtil.getLong(primKey),
251                 ActionKeys.PERMISSIONS);
252         }
253         else if (name.equals(BookmarksFolder.class.getName())) {
254             BookmarksFolderPermission.check(
255                 permissionChecker, GetterUtil.getLong(primKey),
256                 ActionKeys.PERMISSIONS);
257         }
258         else if (name.equals(CalEvent.class.getName())) {
259             CalEventPermission.check(
260                 permissionChecker, GetterUtil.getLong(primKey),
261                 ActionKeys.PERMISSIONS);
262         }
263         else if (name.equals(DLFolder.class.getName())) {
264             DLFolderPermission.check(
265                 permissionChecker, GetterUtil.getLong(primKey),
266                 ActionKeys.PERMISSIONS);
267         }
268         else if (name.equals(Group.class.getName())) {
269             GroupPermissionUtil.check(
270                 permissionChecker, GetterUtil.getLong(primKey),
271                 ActionKeys.PERMISSIONS);
272         }
273         else if (name.equals(IGFolder.class.getName())) {
274             IGFolderPermission.check(
275                 permissionChecker, GetterUtil.getLong(primKey),
276                 ActionKeys.PERMISSIONS);
277         }
278         else if (name.equals(JournalArticle.class.getName())) {
279             JournalArticlePermission.check(
280                 permissionChecker, GetterUtil.getLong(primKey),
281                 ActionKeys.PERMISSIONS);
282         }
283         else if (name.equals(JournalFeed.class.getName())) {
284             JournalFeedPermission.check(
285                 permissionChecker, GetterUtil.getLong(primKey),
286                 ActionKeys.PERMISSIONS);
287         }
288         else if (name.equals(JournalStructure.class.getName())) {
289             JournalStructurePermission.check(
290                 permissionChecker, GetterUtil.getLong(primKey),
291                 ActionKeys.PERMISSIONS);
292         }
293         else if (name.equals(JournalTemplate.class.getName())) {
294             JournalTemplatePermission.check(
295                 permissionChecker, GetterUtil.getLong(primKey),
296                 ActionKeys.PERMISSIONS);
297         }
298         else if (name.equals(Layout.class.getName())) {
299             long plid = GetterUtil.getLong(primKey);
300 
301             Layout layout = layoutPersistence.findByPrimaryKey(plid);
302 
303             GroupPermissionUtil.check(
304                 permissionChecker, layout.getGroupId(),
305                 ActionKeys.MANAGE_LAYOUTS);
306         }
307         else if (name.equals(MBCategory.class.getName())) {
308             MBCategoryPermission.check(
309                 permissionChecker, GetterUtil.getLong(primKey),
310                 ActionKeys.PERMISSIONS);
311         }
312         else if (name.equals(PollsQuestion.class.getName())) {
313             PollsQuestionPermission.check(
314                 permissionChecker, GetterUtil.getLong(primKey),
315                 ActionKeys.PERMISSIONS);
316         }
317         else if (name.equals(SCFrameworkVersion.class.getName())) {
318             SCFrameworkVersionPermission.check(
319                 permissionChecker, GetterUtil.getLong(primKey),
320                 ActionKeys.PERMISSIONS);
321         }
322         else if (name.equals(SCProductEntry.class.getName())) {
323             SCProductEntryPermission.check(
324                 permissionChecker, GetterUtil.getLong(primKey),
325                 ActionKeys.PERMISSIONS);
326         }
327         else if (name.equals(ShoppingCategory.class.getName())) {
328             ShoppingCategoryPermission.check(
329                 permissionChecker, GetterUtil.getLong(primKey),
330                 ActionKeys.PERMISSIONS);
331         }
332         else if (name.equals(ShoppingItem.class.getName())) {
333             ShoppingItemPermission.check(
334                 permissionChecker, GetterUtil.getLong(primKey),
335                 ActionKeys.PERMISSIONS);
336         }
337         else if (name.equals(User.class.getName())) {
338             long userId = GetterUtil.getLong(primKey);
339 
340             User user = userPersistence.findByPrimaryKey(userId);
341 
342             UserPermissionUtil.check(
343                 permissionChecker, userId, user.getOrganizationIds(),
344                 ActionKeys.PERMISSIONS);
345         }
346         else if (name.equals(WikiNode.class.getName())) {
347             WikiNodePermission.check(
348                 permissionChecker, GetterUtil.getLong(primKey),
349                 ActionKeys.PERMISSIONS);
350         }
351         else if ((primKey != null) &&
352                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
353 
354             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
355 
356             long plid = GetterUtil.getLong(primKey.substring(0, pos));
357 
358             String portletId = primKey.substring(
359                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
360                 primKey.length());
361 
362             PortletPermissionUtil.check(
363                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
364         }
365         else if (!permissionChecker.hasPermission(
366                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
367                  !permissionChecker.hasPermission(
368                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
369 
370             throw new PrincipalException();
371         }
372     }
373 
374 }