001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Layout;
022 import com.liferay.portal.model.PortletConstants;
023 import com.liferay.portal.model.Resource;
024 import com.liferay.portal.model.Role;
025 import com.liferay.portal.model.Team;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.PermissionChecker;
030 import com.liferay.portal.security.permission.PermissionCheckerBag;
031 import com.liferay.portal.security.permission.ResourceActionsUtil;
032 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033 import com.liferay.portal.service.permission.GroupPermissionUtil;
034 import com.liferay.portal.service.permission.PortletPermissionUtil;
035 import com.liferay.portal.service.permission.UserPermissionUtil;
036 import com.liferay.portlet.blogs.model.BlogsEntry;
037 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
038 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
039 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
040 import com.liferay.portlet.calendar.model.CalEvent;
041 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
042 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
043 import com.liferay.portlet.documentlibrary.model.DLFolder;
044 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
045 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
046 import com.liferay.portlet.imagegallery.model.IGFolder;
047 import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
048 import com.liferay.portlet.journal.model.JournalArticle;
049 import com.liferay.portlet.journal.model.JournalFeed;
050 import com.liferay.portlet.journal.model.JournalStructure;
051 import com.liferay.portlet.journal.model.JournalTemplate;
052 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
053 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
054 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
055 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
056 import com.liferay.portlet.messageboards.model.MBCategory;
057 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
058 import com.liferay.portlet.polls.model.PollsQuestion;
059 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
060 import com.liferay.portlet.shopping.model.ShoppingCategory;
061 import com.liferay.portlet.shopping.model.ShoppingItem;
062 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
063 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
064 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
065 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
066 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
067 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
068 import com.liferay.portlet.wiki.model.WikiNode;
069 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
070
071 import java.util.List;
072
073
077 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
078
079 public void checkPermission(long groupId, long resourceId)
080 throws PortalException, SystemException {
081
082 checkPermission(getPermissionChecker(), groupId, resourceId);
083 }
084
085 public void checkPermission(long groupId, String name, long primKey)
086 throws PortalException, SystemException {
087
088 checkPermission(getPermissionChecker(), groupId, name, primKey);
089 }
090
091 public void checkPermission(long groupId, String name, String primKey)
092 throws PortalException, SystemException {
093
094 checkPermission(getPermissionChecker(), groupId, name, primKey);
095 }
096
097 public boolean hasGroupPermission(
098 long groupId, String actionId, long resourceId)
099 throws SystemException {
100
101 return permissionLocalService.hasGroupPermission(
102 groupId, actionId, resourceId);
103 }
104
105 public boolean hasUserPermission(
106 long userId, String actionId, long resourceId)
107 throws SystemException {
108
109 return permissionLocalService.hasUserPermission(
110 userId, actionId, resourceId);
111 }
112
113 public boolean hasUserPermissions(
114 long userId, long groupId, List<Resource> resources,
115 String actionId, PermissionCheckerBag permissionCheckerBag)
116 throws PortalException, SystemException {
117
118 return permissionLocalService.hasUserPermissions(
119 userId, groupId, resources, actionId, permissionCheckerBag);
120 }
121
122 public void setGroupPermissions(
123 long groupId, String[] actionIds, long resourceId)
124 throws PortalException, SystemException {
125
126 checkPermission(getPermissionChecker(), groupId, resourceId);
127
128 permissionLocalService.setGroupPermissions(
129 groupId, actionIds, resourceId);
130 }
131
132 public void setGroupPermissions(
133 String className, String classPK, long groupId,
134 String[] actionIds, long resourceId)
135 throws PortalException, SystemException {
136
137 checkPermission(getPermissionChecker(), groupId, resourceId);
138
139 permissionLocalService.setGroupPermissions(
140 className, classPK, groupId, actionIds, resourceId);
141 }
142
143 public void setOrgGroupPermissions(
144 long organizationId, long groupId, String[] actionIds,
145 long resourceId)
146 throws PortalException, SystemException {
147
148 checkPermission(getPermissionChecker(), groupId, resourceId);
149
150 permissionLocalService.setOrgGroupPermissions(
151 organizationId, groupId, actionIds, resourceId);
152 }
153
154 public void setRolePermission(
155 long roleId, long groupId, String name, int scope, String primKey,
156 String actionId)
157 throws PortalException, SystemException {
158
159 checkPermission(
160 getPermissionChecker(), groupId, Role.class.getName(), roleId);
161
162 permissionLocalService.setRolePermission(
163 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
164 }
165
166 public void setRolePermissions(
167 long roleId, long groupId, String[] actionIds, long resourceId)
168 throws PortalException, SystemException {
169
170 checkPermission(getPermissionChecker(), groupId, resourceId);
171
172 permissionLocalService.setRolePermissions(
173 roleId, actionIds, resourceId);
174 }
175
176 public void setUserPermissions(
177 long userId, long groupId, String[] actionIds, long resourceId)
178 throws PortalException, SystemException {
179
180 checkPermission(getPermissionChecker(), groupId, resourceId);
181
182 permissionLocalService.setUserPermissions(
183 userId, actionIds, resourceId);
184 }
185
186 public void unsetRolePermission(
187 long roleId, long groupId, long permissionId)
188 throws SystemException, PortalException {
189
190 checkPermission(
191 getPermissionChecker(), groupId, Role.class.getName(), roleId);
192
193 permissionLocalService.unsetRolePermission(roleId, permissionId);
194 }
195
196 public void unsetRolePermission(
197 long roleId, long groupId, String name, int scope, String primKey,
198 String actionId)
199 throws PortalException, SystemException {
200
201 checkPermission(
202 getPermissionChecker(), groupId, Role.class.getName(), roleId);
203
204 permissionLocalService.unsetRolePermission(
205 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
206 }
207
208 public void unsetRolePermissions(
209 long roleId, long groupId, String name, int scope, String actionId)
210 throws PortalException, SystemException {
211
212 checkPermission(
213 getPermissionChecker(), groupId, Role.class.getName(), roleId);
214
215 permissionLocalService.unsetRolePermissions(
216 roleId, getUser().getCompanyId(), name, scope, actionId);
217 }
218
219 public void unsetUserPermissions(
220 long userId, long groupId, String[] actionIds, long resourceId)
221 throws PortalException, SystemException {
222
223 checkPermission(getPermissionChecker(), groupId, resourceId);
224
225 permissionLocalService.unsetUserPermissions(
226 userId, actionIds, resourceId);
227 }
228
229 protected void checkPermission(
230 PermissionChecker permissionChecker, long groupId,
231 long resourceId)
232 throws PortalException, SystemException {
233
234 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
235
236 checkPermission(
237 permissionChecker, groupId, resource.getName(),
238 resource.getPrimKey().toString());
239 }
240
241 protected void checkPermission(
242 PermissionChecker permissionChecker, long groupId, String name,
243 long primKey)
244 throws PortalException, SystemException {
245
246 checkPermission(
247 permissionChecker, groupId, name, String.valueOf(primKey));
248 }
249
250 protected void checkPermission(
251 PermissionChecker permissionChecker, long groupId, String name,
252 String primKey)
253 throws PortalException, SystemException {
254
255 if (name.equals(BlogsEntry.class.getName())) {
256 BlogsEntryPermission.check(
257 permissionChecker, GetterUtil.getLong(primKey),
258 ActionKeys.PERMISSIONS);
259 }
260 else if (name.equals(BookmarksFolder.class.getName())) {
261 BookmarksFolderPermission.check(
262 permissionChecker, groupId, GetterUtil.getLong(primKey),
263 ActionKeys.PERMISSIONS);
264 }
265 else if (name.equals(CalEvent.class.getName())) {
266 CalEventPermission.check(
267 permissionChecker, GetterUtil.getLong(primKey),
268 ActionKeys.PERMISSIONS);
269 }
270 else if (name.equals(DLFileEntry.class.getName())) {
271 DLFileEntryPermission.check(
272 permissionChecker, GetterUtil.getLong(primKey),
273 ActionKeys.PERMISSIONS);
274 }
275 else if (name.equals(DLFolder.class.getName())) {
276 DLFolderPermission.check(
277 permissionChecker, groupId, GetterUtil.getLong(primKey),
278 ActionKeys.PERMISSIONS);
279 }
280 else if (name.equals(Group.class.getName())) {
281 GroupPermissionUtil.check(
282 permissionChecker, GetterUtil.getLong(primKey),
283 ActionKeys.PERMISSIONS);
284 }
285 else if (name.equals(IGFolder.class.getName())) {
286 IGFolderPermission.check(
287 permissionChecker, groupId, GetterUtil.getLong(primKey),
288 ActionKeys.PERMISSIONS);
289 }
290 else if (name.equals(JournalArticle.class.getName())) {
291 JournalArticlePermission.check(
292 permissionChecker, GetterUtil.getLong(primKey),
293 ActionKeys.PERMISSIONS);
294 }
295 else if (name.equals(JournalFeed.class.getName())) {
296 JournalFeedPermission.check(
297 permissionChecker, GetterUtil.getLong(primKey),
298 ActionKeys.PERMISSIONS);
299 }
300 else if (name.equals(JournalStructure.class.getName())) {
301 JournalStructurePermission.check(
302 permissionChecker, GetterUtil.getLong(primKey),
303 ActionKeys.PERMISSIONS);
304 }
305 else if (name.equals(JournalTemplate.class.getName())) {
306 JournalTemplatePermission.check(
307 permissionChecker, GetterUtil.getLong(primKey),
308 ActionKeys.PERMISSIONS);
309 }
310 else if (name.equals(Layout.class.getName())) {
311 long plid = GetterUtil.getLong(primKey);
312
313 Layout layout = layoutPersistence.findByPrimaryKey(plid);
314
315 GroupPermissionUtil.check(
316 permissionChecker, layout.getGroupId(),
317 ActionKeys.MANAGE_LAYOUTS);
318 }
319 else if (name.equals(MBCategory.class.getName())) {
320 MBCategoryPermission.check(
321 permissionChecker, groupId, GetterUtil.getLong(primKey),
322 ActionKeys.PERMISSIONS);
323 }
324 else if (name.equals(PollsQuestion.class.getName())) {
325 PollsQuestionPermission.check(
326 permissionChecker, GetterUtil.getLong(primKey),
327 ActionKeys.PERMISSIONS);
328 }
329 else if (name.equals(SCFrameworkVersion.class.getName())) {
330 SCFrameworkVersionPermission.check(
331 permissionChecker, GetterUtil.getLong(primKey),
332 ActionKeys.PERMISSIONS);
333 }
334 else if (name.equals(SCProductEntry.class.getName())) {
335 SCProductEntryPermission.check(
336 permissionChecker, GetterUtil.getLong(primKey),
337 ActionKeys.PERMISSIONS);
338 }
339 else if (name.equals(ShoppingCategory.class.getName())) {
340 ShoppingCategoryPermission.check(
341 permissionChecker, groupId, GetterUtil.getLong(primKey),
342 ActionKeys.PERMISSIONS);
343 }
344 else if (name.equals(ShoppingItem.class.getName())) {
345 ShoppingItemPermission.check(
346 permissionChecker, GetterUtil.getLong(primKey),
347 ActionKeys.PERMISSIONS);
348 }
349 else if (name.equals(Team.class.getName())) {
350 long teamId = GetterUtil.getLong(primKey);
351
352 Team team = teamPersistence.findByPrimaryKey(teamId);
353
354 GroupPermissionUtil.check(
355 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
356 }
357 else if (name.equals(User.class.getName())) {
358 long userId = GetterUtil.getLong(primKey);
359
360 User user = userPersistence.findByPrimaryKey(userId);
361
362 UserPermissionUtil.check(
363 permissionChecker, userId, user.getOrganizationIds(),
364 ActionKeys.PERMISSIONS);
365 }
366 else if (name.equals(WikiNode.class.getName())) {
367 WikiNodePermission.check(
368 permissionChecker, GetterUtil.getLong(primKey),
369 ActionKeys.PERMISSIONS);
370 }
371 else if ((primKey != null) &&
372 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
373
374 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
375
376 long plid = GetterUtil.getLong(primKey.substring(0, pos));
377
378 String portletId = primKey.substring(
379 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
380 primKey.length());
381
382 PortletPermissionUtil.check(
383 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
384 }
385 else if (!permissionChecker.hasPermission(
386 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
387
388 List<String> resourceActions =
389 ResourceActionsUtil.getResourceActions(name);
390
391 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
392 !permissionChecker.hasPermission(
393 groupId, name, primKey,
394 ActionKeys.DEFINE_PERMISSIONS)) {
395
396 throw new PrincipalException();
397 }
398 }
399 }
400
401 }