001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.User;
021 import com.liferay.portal.security.auth.PrincipalException;
022 import com.liferay.portal.security.permission.ActionKeys;
023 import com.liferay.portal.security.permission.PermissionChecker;
024 import com.liferay.portal.service.GroupLocalServiceUtil;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026
027
031 public class GroupPermissionImpl implements GroupPermission {
032
033 @Override
034 public void check(
035 PermissionChecker permissionChecker, Group group, String actionId)
036 throws PortalException, SystemException {
037
038 if (!contains(permissionChecker, group, actionId)) {
039 throw new PrincipalException();
040 }
041 }
042
043 @Override
044 public void check(
045 PermissionChecker permissionChecker, long groupId, String actionId)
046 throws PortalException, SystemException {
047
048 if (!contains(permissionChecker, groupId, actionId)) {
049 throw new PrincipalException();
050 }
051 }
052
053 @Override
054 public void check(PermissionChecker permissionChecker, String actionId)
055 throws PortalException {
056
057 if (!contains(permissionChecker, actionId)) {
058 throw new PrincipalException();
059 }
060 }
061
062 @Override
063 public boolean contains(
064 PermissionChecker permissionChecker, Group group, String actionId)
065 throws PortalException, SystemException {
066
067 if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
068 actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
069 (group.hasLocalOrRemoteStagingGroup() ||
070 group.isLayoutPrototype())) {
071
072 return false;
073 }
074
075 long groupId = group.getGroupId();
076
077 if (group.isStagingGroup()) {
078 group = group.getLiveGroup();
079 }
080
081 if (group.isUser()) {
082
083
084
085
086
087
088 User user = UserLocalServiceUtil.getUserById(group.getClassPK());
089
090 if ((permissionChecker.getUserId() != user.getUserId()) &&
091 UserPermissionUtil.contains(
092 permissionChecker, user.getUserId(),
093 user.getOrganizationIds(), ActionKeys.UPDATE)) {
094
095 return true;
096 }
097 }
098
099 if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
100 (permissionChecker.hasPermission(
101 groupId, Group.class.getName(), groupId,
102 ActionKeys.MANAGE_SUBGROUPS) ||
103 PortalPermissionUtil.contains(
104 permissionChecker, ActionKeys.ADD_COMMUNITY))) {
105
106 return true;
107 }
108 else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
109 permissionChecker.hasPermission(
110 groupId, Group.class.getName(), groupId,
111 ActionKeys.MANAGE_LAYOUTS)) {
112
113 return true;
114 }
115 else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
116 actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
117 permissionChecker.hasPermission(
118 groupId, Group.class.getName(), groupId,
119 ActionKeys.PUBLISH_STAGING)) {
120
121 return true;
122 }
123 else if (actionId.equals(ActionKeys.VIEW) &&
124 (permissionChecker.hasPermission(
125 groupId, Group.class.getName(), groupId,
126 ActionKeys.ASSIGN_USER_ROLES) ||
127 permissionChecker.hasPermission(
128 groupId, Group.class.getName(), groupId,
129 ActionKeys.MANAGE_LAYOUTS))) {
130
131 return true;
132 }
133 else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
134 (permissionChecker.hasPermission(
135 groupId, Group.class.getName(), groupId,
136 ActionKeys.MANAGE_LAYOUTS) ||
137 permissionChecker.hasPermission(
138 groupId, Group.class.getName(), groupId,
139 ActionKeys.MANAGE_STAGING) ||
140 permissionChecker.hasPermission(
141 groupId, Group.class.getName(), groupId,
142 ActionKeys.PUBLISH_STAGING) ||
143 permissionChecker.hasPermission(
144 groupId, Group.class.getName(), groupId,
145 ActionKeys.UPDATE))) {
146
147 return true;
148 }
149
150
151
152 if (permissionChecker.hasPermission(
153 groupId, Group.class.getName(), groupId, actionId)) {
154
155 return true;
156 }
157
158 while (!group.isRoot()) {
159 if (contains(
160 permissionChecker, group.getParentGroupId(),
161 ActionKeys.MANAGE_SUBGROUPS)) {
162
163 return true;
164 }
165
166 group = group.getParentGroup();
167 }
168
169 return false;
170 }
171
172 @Override
173 public boolean contains(
174 PermissionChecker permissionChecker, long groupId, String actionId)
175 throws PortalException, SystemException {
176
177 if (groupId > 0) {
178 Group group = GroupLocalServiceUtil.getGroup(groupId);
179
180 return contains(permissionChecker, group, actionId);
181 }
182 else {
183 return false;
184 }
185 }
186
187 @Override
188 public boolean contains(
189 PermissionChecker permissionChecker, String actionId) {
190
191 return permissionChecker.hasPermission(
192 0, Group.class.getName(), 0, actionId);
193 }
194
195 }