001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.Group;
020    import com.liferay.portal.model.User;
021    import com.liferay.portal.security.auth.PrincipalException;
022    import com.liferay.portal.security.permission.ActionKeys;
023    import com.liferay.portal.security.permission.PermissionChecker;
024    import com.liferay.portal.service.GroupLocalServiceUtil;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    
027    /**
028     * @author Brian Wing Shun Chan
029     * @author Raymond Aug??
030     */
031    public class GroupPermissionImpl implements GroupPermission {
032    
033            @Override
034            public void check(
035                            PermissionChecker permissionChecker, Group group, String actionId)
036                    throws PortalException, SystemException {
037    
038                    if (!contains(permissionChecker, group, actionId)) {
039                            throw new PrincipalException();
040                    }
041            }
042    
043            @Override
044            public void check(
045                            PermissionChecker permissionChecker, long groupId, String actionId)
046                    throws PortalException, SystemException {
047    
048                    if (!contains(permissionChecker, groupId, actionId)) {
049                            throw new PrincipalException();
050                    }
051            }
052    
053            @Override
054            public void check(PermissionChecker permissionChecker, String actionId)
055                    throws PortalException {
056    
057                    if (!contains(permissionChecker, actionId)) {
058                            throw new PrincipalException();
059                    }
060            }
061    
062            @Override
063            public boolean contains(
064                            PermissionChecker permissionChecker, Group group, String actionId)
065                    throws PortalException, SystemException {
066    
067                    if ((actionId.equals(ActionKeys.ADD_LAYOUT) ||
068                             actionId.equals(ActionKeys.MANAGE_LAYOUTS)) &&
069                            (group.hasLocalOrRemoteStagingGroup() ||
070                             group.isLayoutPrototype())) {
071    
072                            return false;
073                    }
074    
075                    long groupId = group.getGroupId();
076    
077                    if (group.isStagingGroup()) {
078                            group = group.getLiveGroup();
079                    }
080    
081                    if (group.isUser()) {
082    
083                            // An individual user would never reach this block because he would
084                            // be an administrator of his own layouts. However, a user who
085                            // manages a set of organizations may be modifying pages of a user
086                            // he manages.
087    
088                            User user = UserLocalServiceUtil.getUserById(group.getClassPK());
089    
090                            if ((permissionChecker.getUserId() != user.getUserId()) &&
091                                    UserPermissionUtil.contains(
092                                            permissionChecker, user.getUserId(),
093                                            user.getOrganizationIds(), ActionKeys.UPDATE)) {
094    
095                                    return true;
096                            }
097                    }
098    
099                    if (actionId.equals(ActionKeys.ADD_COMMUNITY) &&
100                            (permissionChecker.hasPermission(
101                                    groupId, Group.class.getName(), groupId,
102                                    ActionKeys.MANAGE_SUBGROUPS) ||
103                             PortalPermissionUtil.contains(
104                                    permissionChecker, ActionKeys.ADD_COMMUNITY))) {
105    
106                            return true;
107                    }
108                    else if (actionId.equals(ActionKeys.ADD_LAYOUT) &&
109                                     permissionChecker.hasPermission(
110                                            groupId, Group.class.getName(), groupId,
111                                            ActionKeys.MANAGE_LAYOUTS)) {
112    
113                            return true;
114                    }
115                    else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) ||
116                                      actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) &&
117                                     permissionChecker.hasPermission(
118                                             groupId, Group.class.getName(), groupId,
119                                             ActionKeys.PUBLISH_STAGING)) {
120    
121                            return true;
122                    }
123                    else if (actionId.equals(ActionKeys.VIEW) &&
124                                     (permissionChecker.hasPermission(
125                                             groupId, Group.class.getName(), groupId,
126                                             ActionKeys.ASSIGN_USER_ROLES) ||
127                                      permissionChecker.hasPermission(
128                                             groupId, Group.class.getName(), groupId,
129                                             ActionKeys.MANAGE_LAYOUTS))) {
130    
131                            return true;
132                    }
133                    else if (actionId.equals(ActionKeys.VIEW_STAGING) &&
134                                     (permissionChecker.hasPermission(
135                                             groupId, Group.class.getName(), groupId,
136                                             ActionKeys.MANAGE_LAYOUTS) ||
137                                      permissionChecker.hasPermission(
138                                             groupId, Group.class.getName(), groupId,
139                                             ActionKeys.MANAGE_STAGING) ||
140                                      permissionChecker.hasPermission(
141                                             groupId, Group.class.getName(), groupId,
142                                             ActionKeys.PUBLISH_STAGING) ||
143                                      permissionChecker.hasPermission(
144                                             groupId, Group.class.getName(), groupId,
145                                             ActionKeys.UPDATE))) {
146    
147                            return true;
148                    }
149    
150                    // Group id must be set so that users can modify their personal pages
151    
152                    if (permissionChecker.hasPermission(
153                                    groupId, Group.class.getName(), groupId, actionId)) {
154    
155                            return true;
156                    }
157    
158                    while (!group.isRoot()) {
159                            if (contains(
160                                            permissionChecker, group.getParentGroupId(),
161                                            ActionKeys.MANAGE_SUBGROUPS)) {
162    
163                                    return true;
164                            }
165    
166                            group = group.getParentGroup();
167                    }
168    
169                    return false;
170            }
171    
172            @Override
173            public boolean contains(
174                            PermissionChecker permissionChecker, long groupId, String actionId)
175                    throws PortalException, SystemException {
176    
177                    if (groupId > 0) {
178                            Group group = GroupLocalServiceUtil.getGroup(groupId);
179    
180                            return contains(permissionChecker, group, actionId);
181                    }
182                    else {
183                            return false;
184                    }
185            }
186    
187            @Override
188            public boolean contains(
189                    PermissionChecker permissionChecker, String actionId) {
190    
191                    return permissionChecker.hasPermission(
192                            0, Group.class.getName(), 0, actionId);
193            }
194    
195    }