001
014
015 package com.liferay.portlet.shopping.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.security.auth.PrincipalException;
020 import com.liferay.portal.security.permission.ActionKeys;
021 import com.liferay.portal.security.permission.PermissionChecker;
022 import com.liferay.portlet.shopping.model.ShoppingOrder;
023 import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
024
025
028 public class ShoppingOrderPermission {
029
030 public static void check(
031 PermissionChecker permissionChecker, long groupId, long orderId,
032 String actionId)
033 throws PortalException, SystemException {
034
035 if (!contains(permissionChecker, groupId, orderId, actionId)) {
036 throw new PrincipalException();
037 }
038 }
039
040 public static void check(
041 PermissionChecker permissionChecker, long groupId,
042 ShoppingOrder order, String actionId)
043 throws PortalException {
044
045 if (!contains(permissionChecker, groupId, order, actionId)) {
046 throw new PrincipalException();
047 }
048 }
049
050 public static boolean contains(
051 PermissionChecker permissionChecker, long groupId, long orderId,
052 String actionId)
053 throws PortalException, SystemException {
054
055 ShoppingOrder order =
056 ShoppingOrderLocalServiceUtil.getOrder(orderId);
057
058 return contains(permissionChecker, groupId, order, actionId);
059 }
060
061 public static boolean contains(
062 PermissionChecker permissionChecker, long groupId, ShoppingOrder order,
063 String actionId) {
064
065 if (ShoppingPermission.contains(
066 permissionChecker, groupId, ActionKeys.MANAGE_ORDERS)) {
067
068 return true;
069 }
070 else {
071 if (permissionChecker.hasOwnerPermission(
072 order.getCompanyId(), ShoppingOrder.class.getName(),
073 order.getOrderId(), order.getUserId(), actionId)) {
074
075 return true;
076 }
077
078 return permissionChecker.hasPermission(
079 order.getGroupId(), ShoppingOrder.class.getName(),
080 order.getOrderId(), actionId);
081 }
082 }
083
084 }