001
014
015 package com.liferay.portal.json.transformer;
016
017 import com.liferay.portal.kernel.util.StringPool;
018 import com.liferay.portal.model.User;
019 import com.liferay.portal.security.permission.ActionKeys;
020 import com.liferay.portal.security.permission.PermissionChecker;
021 import com.liferay.portal.security.permission.PermissionThreadLocal;
022 import com.liferay.portal.service.permission.UserPermissionUtil;
023
024
027 public class UserJSONTransformer extends FlexjsonObjectJSONTransformer {
028
029 @Override
030 public void transform(Object object) {
031 User user = (User)object;
032
033 boolean hidePrivateUserData = true;
034
035 PermissionChecker permissionChecker =
036 PermissionThreadLocal.getPermissionChecker();
037
038 if (permissionChecker != null) {
039 if ((user.getUserId() == permissionChecker.getUserId()) ||
040 UserPermissionUtil.contains(
041 permissionChecker, user.getUserId(), ActionKeys.VIEW)) {
042
043 hidePrivateUserData = false;
044 }
045 }
046
047 if (hidePrivateUserData) {
048 user.setPasswordUnencrypted(StringPool.BLANK);
049 user.setReminderQueryQuestion(StringPool.BLANK);
050 user.setReminderQueryAnswer(StringPool.BLANK);
051 user.setEmailAddress(StringPool.BLANK);
052 user.setFacebookId(0);
053 user.setComments(StringPool.BLANK);
054 }
055
056 super.transform(object);
057 }
058
059 }