001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.AuditedModel;
021    import com.liferay.portal.model.Group;
022    import com.liferay.portal.model.GroupedModel;
023    import com.liferay.portal.model.Layout;
024    import com.liferay.portal.model.PermissionedModel;
025    import com.liferay.portal.model.PortletConstants;
026    import com.liferay.portal.model.Resource;
027    import com.liferay.portal.model.ResourceConstants;
028    import com.liferay.portal.model.ResourcePermission;
029    import com.liferay.portal.model.Role;
030    import com.liferay.portal.model.Team;
031    import com.liferay.portal.model.User;
032    import com.liferay.portal.security.auth.PrincipalException;
033    import com.liferay.portal.security.permission.ActionKeys;
034    import com.liferay.portal.security.permission.PermissionChecker;
035    import com.liferay.portal.security.permission.PermissionCheckerBag;
036    import com.liferay.portal.security.permission.ResourceActionsUtil;
037    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
038    import com.liferay.portal.service.permission.GroupPermissionUtil;
039    import com.liferay.portal.service.permission.LayoutPermissionUtil;
040    import com.liferay.portal.service.permission.PortletPermissionUtil;
041    import com.liferay.portal.service.permission.TeamPermissionUtil;
042    import com.liferay.portal.service.permission.UserPermissionUtil;
043    import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
044    import com.liferay.portlet.asset.model.AssetRendererFactory;
045    import com.liferay.portlet.blogs.model.BlogsEntry;
046    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
047    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
048    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
049    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
050    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
051    import com.liferay.portlet.calendar.model.CalEvent;
052    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
053    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
054    import com.liferay.portlet.documentlibrary.model.DLFolder;
055    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
056    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
057    import com.liferay.portlet.journal.model.JournalArticle;
058    import com.liferay.portlet.journal.model.JournalFeed;
059    import com.liferay.portlet.journal.model.JournalStructure;
060    import com.liferay.portlet.journal.model.JournalTemplate;
061    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
062    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
063    import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
064    import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
065    import com.liferay.portlet.messageboards.model.MBCategory;
066    import com.liferay.portlet.messageboards.model.MBMessage;
067    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
068    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
069    import com.liferay.portlet.polls.model.PollsQuestion;
070    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
071    import com.liferay.portlet.shopping.model.ShoppingCategory;
072    import com.liferay.portlet.shopping.model.ShoppingItem;
073    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
074    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
075    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
076    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
077    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
078    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
079    import com.liferay.portlet.wiki.model.WikiNode;
080    import com.liferay.portlet.wiki.model.WikiPage;
081    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
082    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
083    
084    import java.util.List;
085    import java.util.Map;
086    
087    /**
088     * The implementation of the permission remote service.
089     *
090     * @author Brian Wing Shun Chan
091     * @author Raymond Aug??
092     */
093    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
094    
095            /**
096             * Checks to see if the group has permission to the resource.
097             *
098             * @param  groupId the primary key of the group
099             * @param  resourceId the primary key of the resource
100             * @throws PortalException if the group did not have permission to the
101             *         resource, or if a group or resource with the primary key could
102             *         not be found or was invalid
103             * @throws SystemException if a system exception occurred
104             */
105            @Override
106            public void checkPermission(long groupId, long resourceId)
107                    throws PortalException, SystemException {
108    
109                    checkPermission(getPermissionChecker(), groupId, resourceId);
110            }
111    
112            /**
113             * Checks to see if the group has permission to the service.
114             *
115             * @param  groupId the primary key of the group
116             * @param  name the service name
117             * @param  primKey the primary key of the service
118             * @throws PortalException if the group did not have permission to the
119             *         service, if a group with the primary key could not be found or if
120             *         the permission information was invalid
121             * @throws SystemException if a system exception occurred
122             */
123            @Override
124            public void checkPermission(long groupId, String name, long primKey)
125                    throws PortalException, SystemException {
126    
127                    checkPermission(getPermissionChecker(), groupId, name, primKey);
128            }
129    
130            /**
131             * Checks to see if the group has permission to the service.
132             *
133             * @param  groupId the primary key of the group
134             * @param  name the service name
135             * @param  primKey the primary key of the service
136             * @throws PortalException if the group did not have permission to the
137             *         service, if a group with the primary key could not be found or if
138             *         the permission information was invalid
139             * @throws SystemException if a system exception occurred
140             */
141            @Override
142            public void checkPermission(long groupId, String name, String primKey)
143                    throws PortalException, SystemException {
144    
145                    checkPermission(getPermissionChecker(), groupId, name, primKey);
146            }
147    
148            /**
149             * Returns <code>true</code> if the group has permission to perform the
150             * action on the resource.
151             *
152             * @param  groupId the primary key of the group
153             * @param  actionId the action's ID
154             * @param  resourceId the primary key of the resource
155             * @return <code>true</code> if the group has permission to perform the
156             *         action on the resource; <code>false</code> otherwise
157             * @throws SystemException if a system exception occurred
158             */
159            @Override
160            public boolean hasGroupPermission(
161                            long groupId, String actionId, long resourceId)
162                    throws SystemException {
163    
164                    return permissionLocalService.hasGroupPermission(
165                            groupId, actionId, resourceId);
166            }
167    
168            /**
169             * Returns <code>true</code> if the user has permission to perform the
170             * action on the resource.
171             *
172             * @param  userId the primary key of the user
173             * @param  actionId the action's ID
174             * @param  resourceId the primary key of the resource
175             * @return <code>true</code> if the user has permission to perform the
176             *         action on the resource; <code>false</code> otherwise
177             * @throws SystemException if a system exception occurred
178             */
179            @Override
180            public boolean hasUserPermission(
181                            long userId, String actionId, long resourceId)
182                    throws SystemException {
183    
184                    return permissionLocalService.hasUserPermission(
185                            userId, actionId, resourceId);
186            }
187    
188            /**
189             * Returns <code>true</code> if the user has permission to perform the
190             * action on the resources.
191             *
192             * <p>
193             * This method does not support resources managed by the resource block
194             * system.
195             * </p>
196             *
197             * @param  userId the primary key of the user
198             * @param  groupId the primary key of the group containing the resource
199             * @param  resources representations of the resource at each scope level
200             *         returned by {@link
201             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
202             *         long, long, String, String, String)}
203             * @param  actionId the action's ID
204             * @param  permissionCheckerBag the permission checker bag
205             * @return <code>true</code> if the user has permission to perform the
206             *         action on the resources; <code>false</code> otherwise
207             * @throws PortalException if a resource action based on any one of the
208             *         resources and the action ID could not be found
209             * @throws SystemException if a system exception occurred
210             */
211            @Override
212            public boolean hasUserPermissions(
213                            long userId, long groupId, List<Resource> resources,
214                            String actionId, PermissionCheckerBag permissionCheckerBag)
215                    throws PortalException, SystemException {
216    
217                    return permissionLocalService.hasUserPermissions(
218                            userId, groupId, resources, actionId, permissionCheckerBag);
219            }
220    
221            /**
222             * Sets the group's permissions to perform the actions on the resource,
223             * replacing the group's existing permissions on the resource.
224             *
225             * @param  groupId the primary key of the group
226             * @param  actionIds the primary keys of the actions
227             * @param  resourceId the primary key of the resource
228             * @throws PortalException if a group with the primary key could not be
229             *         found or if the group did not have permission to the resource
230             * @throws SystemException if a system exception occurred
231             */
232            @Override
233            public void setGroupPermissions(
234                            long groupId, String[] actionIds, long resourceId)
235                    throws PortalException, SystemException {
236    
237                    checkPermission(getPermissionChecker(), groupId, resourceId);
238    
239                    permissionLocalService.setGroupPermissions(
240                            groupId, actionIds, resourceId);
241            }
242    
243            /**
244             * Sets the entity's group permissions to perform the actions on the
245             * resource, replacing the entity's existing group permissions on the
246             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
247             * com.liferay.portal.model.UserGroup} class entities are supported.
248             *
249             * @param  className the class name of an organization or user group
250             * @param  classPK the primary key of the class
251             * @param  groupId the primary key of the group
252             * @param  actionIds the primary keys of the actions
253             * @param  resourceId the primary key of the resource
254             * @throws PortalException if the group did not have permission to the
255             *         resource, if an entity with the class name and primary key could
256             *         not be found, or if the entity's associated group could not be
257             *         found
258             * @throws SystemException if a system exception occurred
259             */
260            @Override
261            public void setGroupPermissions(
262                            String className, String classPK, long groupId, String[] actionIds,
263                            long resourceId)
264                    throws PortalException, SystemException {
265    
266                    checkPermission(getPermissionChecker(), groupId, resourceId);
267    
268                    permissionLocalService.setGroupPermissions(
269                            className, classPK, groupId, actionIds, resourceId);
270            }
271    
272            /**
273             * Sets the permissions of each role to perform respective actions on the
274             * resource, replacing the existing permissions of each role on the
275             * resource.
276             *
277             * @param  groupId the primary key of the group
278             * @param  companyId the primary key of the company
279             * @param  roleIdsToActionIds the map of roles to their new actions on the
280             *         resource
281             * @param  resourceId the primary key of the resource
282             * @throws PortalException if the group did not have permission to the
283             *         resource
284             * @throws SystemException if a system exception occurred
285             */
286            @Override
287            public void setIndividualPermissions(
288                            long groupId, long companyId,
289                            Map<Long, String[]> roleIdsToActionIds, long resourceId)
290                    throws PortalException, SystemException {
291    
292                    checkPermission(getPermissionChecker(), groupId, resourceId);
293    
294                    permissionLocalService.setRolesPermissions(
295                            companyId, roleIdsToActionIds, resourceId);
296            }
297    
298            /**
299             * Sets the organization permission to perform the actions on the resource
300             * for a particular group, replacing the organization's existing permissions
301             * on the resource.
302             *
303             * @param  organizationId the primary key of the organization
304             * @param  groupId the primary key of the group in which to scope the
305             *         permissions
306             * @param  actionIds the primary keys of the actions
307             * @param  resourceId the primary key of the resource
308             * @throws PortalException if the group did not have permission to the
309             *         resource or if an organization with the primary key could not be
310             *         found
311             * @throws SystemException if a system exception occurred
312             */
313            @Override
314            public void setOrgGroupPermissions(
315                            long organizationId, long groupId, String[] actionIds,
316                            long resourceId)
317                    throws PortalException, SystemException {
318    
319                    checkPermission(getPermissionChecker(), groupId, resourceId);
320    
321                    permissionLocalService.setOrgGroupPermissions(
322                            organizationId, groupId, actionIds, resourceId);
323            }
324    
325            /**
326             * Sets the role's permissions to perform the action on the named resource,
327             * replacing the role's existing permissions on the resource.
328             *
329             * @param  roleId the primary key of the role
330             * @param  groupId the primary key of the group
331             * @param  name the resource name
332             * @param  scope the resource scope
333             * @param  primKey the resource primKey
334             * @param  actionId the action's ID
335             * @throws PortalException if the group did not have permission to the role
336             *         or if the scope was {@link
337             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
338             * @throws SystemException if a system exception occurred
339             */
340            @Override
341            public void setRolePermission(
342                            long roleId, long groupId, String name, int scope, String primKey,
343                            String actionId)
344                    throws PortalException, SystemException {
345    
346                    checkPermission(
347                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
348    
349                    User user = getUser();
350    
351                    permissionLocalService.setRolePermission(
352                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
353            }
354    
355            /**
356             * Sets the role's permissions to perform the actions on the resource,
357             * replacing the role's existing permissions on the resource.
358             *
359             * @param  roleId the primary key of the role
360             * @param  groupId the primary key of the group
361             * @param  actionIds the primary keys of the actions
362             * @param  resourceId the primary key of the resource
363             * @throws PortalException if the group did not have permission to the
364             *         resource or if a role with the primary key could not be found
365             * @throws SystemException if a system exception occurred
366             */
367            @Override
368            public void setRolePermissions(
369                            long roleId, long groupId, String[] actionIds, long resourceId)
370                    throws PortalException, SystemException {
371    
372                    checkPermission(getPermissionChecker(), groupId, resourceId);
373    
374                    permissionLocalService.setRolePermissions(
375                            roleId, actionIds, resourceId);
376            }
377    
378            /**
379             * Sets the user's permissions to perform the actions on the resource,
380             * replacing the user's existing permissions on the resource.
381             *
382             * @param  userId the primary key of the user
383             * @param  groupId the primary key of the group
384             * @param  actionIds the primary keys of the actions
385             * @param  resourceId the primary key of the resource
386             * @throws PortalException if the group did not have permission to the
387             *         resource or if a user with the primary key could not be found
388             * @throws SystemException if a system exception occurred
389             */
390            @Override
391            public void setUserPermissions(
392                            long userId, long groupId, String[] actionIds, long resourceId)
393                    throws PortalException, SystemException {
394    
395                    checkPermission(getPermissionChecker(), groupId, resourceId);
396    
397                    permissionLocalService.setUserPermissions(
398                            userId, actionIds, resourceId);
399            }
400    
401            /**
402             * Removes the permission from the role.
403             *
404             * @param  roleId the primary key of the role
405             * @param  groupId the primary key of the group
406             * @param  permissionId the primary key of the permission
407             * @throws PortalException if the group did not have permission to the role
408             * @throws SystemException if a system exception occurred
409             */
410            @Override
411            public void unsetRolePermission(
412                            long roleId, long groupId, long permissionId)
413                    throws PortalException, SystemException {
414    
415                    checkPermission(
416                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
417    
418                    permissionLocalService.unsetRolePermission(roleId, permissionId);
419            }
420    
421            /**
422             * Removes the role's permissions to perform the action on the named
423             * resource with the scope and primKey.
424             *
425             * @param  roleId the primary key of the role
426             * @param  groupId the primary key of the group
427             * @param  name the resource name
428             * @param  scope the resource scope
429             * @param  primKey the resource primKey
430             * @param  actionId the action's ID
431             * @throws PortalException if the group did not have permission to the role
432             * @throws SystemException if a system exception occurred
433             */
434            @Override
435            public void unsetRolePermission(
436                            long roleId, long groupId, String name, int scope, String primKey,
437                            String actionId)
438                    throws PortalException, SystemException {
439    
440                    checkPermission(
441                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
442    
443                    User user = getUser();
444    
445                    permissionLocalService.unsetRolePermission(
446                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
447            }
448    
449            /**
450             * Removes the role's permissions to perform the action on the named
451             * resource.
452             *
453             * @param  roleId the primary key of the role
454             * @param  groupId the primary key of the group
455             * @param  name the resource name
456             * @param  scope the resource scope
457             * @param  actionId the action's ID
458             * @throws PortalException if the group did not have permission to the role
459             * @throws SystemException if a system exception occurred
460             */
461            @Override
462            public void unsetRolePermissions(
463                            long roleId, long groupId, String name, int scope, String actionId)
464                    throws PortalException, SystemException {
465    
466                    checkPermission(
467                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
468    
469                    User user = getUser();
470    
471                    permissionLocalService.unsetRolePermissions(
472                            roleId, user.getCompanyId(), name, scope, actionId);
473            }
474    
475            /**
476             * Removes the user's permissions to perform the actions on the resource.
477             *
478             * @param  userId the primary key of the user
479             * @param  groupId the primary key of the group
480             * @param  actionIds the primary keys of the actions
481             * @param  resourceId the primary key of the resource
482             * @throws PortalException if the group did not have permission to the
483             *         resource
484             * @throws SystemException if a system exception occurred
485             */
486            @Override
487            public void unsetUserPermissions(
488                            long userId, long groupId, String[] actionIds, long resourceId)
489                    throws PortalException, SystemException {
490    
491                    checkPermission(getPermissionChecker(), groupId, resourceId);
492    
493                    permissionLocalService.unsetUserPermissions(
494                            userId, actionIds, resourceId);
495            }
496    
497            protected void checkPermission(
498                            PermissionChecker permissionChecker, long groupId, long resourceId)
499                    throws PortalException, SystemException {
500    
501                    Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
502    
503                    checkPermission(
504                            permissionChecker, groupId, resource.getName(),
505                            resource.getPrimKey().toString());
506            }
507    
508            protected void checkPermission(
509                            PermissionChecker permissionChecker, long groupId, String name,
510                            long primKey)
511                    throws PortalException, SystemException {
512    
513                    checkPermission(
514                            permissionChecker, groupId, name, String.valueOf(primKey));
515            }
516    
517            protected void checkPermission(
518                            PermissionChecker permissionChecker, long groupId, String name,
519                            String primKey)
520                    throws PortalException, SystemException {
521    
522                    if (name.equals(BlogsEntry.class.getName())) {
523                            BlogsEntryPermission.check(
524                                    permissionChecker, GetterUtil.getLong(primKey),
525                                    ActionKeys.PERMISSIONS);
526                    }
527                    else if (name.equals(BookmarksEntry.class.getName())) {
528                            BookmarksEntryPermission.check(
529                                    permissionChecker, GetterUtil.getLong(primKey),
530                                    ActionKeys.PERMISSIONS);
531                    }
532                    else if (name.equals(BookmarksFolder.class.getName())) {
533                            BookmarksFolderPermission.check(
534                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
535                                    ActionKeys.PERMISSIONS);
536                    }
537                    else if (name.equals(CalEvent.class.getName())) {
538                            CalEventPermission.check(
539                                    permissionChecker, GetterUtil.getLong(primKey),
540                                    ActionKeys.PERMISSIONS);
541                    }
542                    else if (name.equals(DLFileEntry.class.getName())) {
543                            DLFileEntryPermission.check(
544                                    permissionChecker, GetterUtil.getLong(primKey),
545                                    ActionKeys.PERMISSIONS);
546                    }
547                    else if (name.equals(DLFolder.class.getName())) {
548                            DLFolderPermission.check(
549                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
550                                    ActionKeys.PERMISSIONS);
551                    }
552                    else if (name.equals(Group.class.getName())) {
553                            GroupPermissionUtil.check(
554                                    permissionChecker, GetterUtil.getLong(primKey),
555                                    ActionKeys.PERMISSIONS);
556                    }
557                    else if (name.equals(JournalArticle.class.getName())) {
558                            JournalArticlePermission.check(
559                                    permissionChecker, GetterUtil.getLong(primKey),
560                                    ActionKeys.PERMISSIONS);
561                    }
562                    else if (name.equals(JournalFeed.class.getName())) {
563                            JournalFeedPermission.check(
564                                    permissionChecker, GetterUtil.getLong(primKey),
565                                    ActionKeys.PERMISSIONS);
566                    }
567                    else if (name.equals(JournalStructure.class.getName())) {
568                            JournalStructurePermission.check(
569                                    permissionChecker, GetterUtil.getLong(primKey),
570                                    ActionKeys.PERMISSIONS);
571                    }
572                    else if (name.equals(JournalTemplate.class.getName())) {
573                            JournalTemplatePermission.check(
574                                    permissionChecker, GetterUtil.getLong(primKey),
575                                    ActionKeys.PERMISSIONS);
576                    }
577                    else if (name.equals(Layout.class.getName())) {
578                            LayoutPermissionUtil.check(
579                                    permissionChecker, GetterUtil.getLong(primKey),
580                                    ActionKeys.PERMISSIONS);
581                    }
582                    else if (name.equals(MBCategory.class.getName())) {
583                            MBCategoryPermission.check(
584                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
585                                    ActionKeys.PERMISSIONS);
586                    }
587                    else if (name.equals(MBMessage.class.getName())) {
588                            MBMessagePermission.check(
589                                    permissionChecker, GetterUtil.getLong(primKey),
590                                    ActionKeys.PERMISSIONS);
591                    }
592                    else if (name.equals(PollsQuestion.class.getName())) {
593                            PollsQuestionPermission.check(
594                                    permissionChecker, GetterUtil.getLong(primKey),
595                                    ActionKeys.PERMISSIONS);
596                    }
597                    else if (name.equals(SCFrameworkVersion.class.getName())) {
598                            SCFrameworkVersionPermission.check(
599                                    permissionChecker, GetterUtil.getLong(primKey),
600                                    ActionKeys.PERMISSIONS);
601                    }
602                    else if (name.equals(SCProductEntry.class.getName())) {
603                            SCProductEntryPermission.check(
604                                    permissionChecker, GetterUtil.getLong(primKey),
605                                    ActionKeys.PERMISSIONS);
606                    }
607                    else if (name.equals(ShoppingCategory.class.getName())) {
608                            ShoppingCategoryPermission.check(
609                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
610                                    ActionKeys.PERMISSIONS);
611                    }
612                    else if (name.equals(ShoppingItem.class.getName())) {
613                            ShoppingItemPermission.check(
614                                    permissionChecker, GetterUtil.getLong(primKey),
615                                    ActionKeys.PERMISSIONS);
616                    }
617                    else if (name.equals(Team.class.getName())) {
618                            long teamId = GetterUtil.getLong(primKey);
619    
620                            Team team = teamPersistence.findByPrimaryKey(teamId);
621    
622                            GroupPermissionUtil.check(
623                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
624                    }
625                    else if (name.equals(User.class.getName())) {
626                            long userId = GetterUtil.getLong(primKey);
627    
628                            User user = userPersistence.findByPrimaryKey(userId);
629    
630                            UserPermissionUtil.check(
631                                    permissionChecker, userId, user.getOrganizationIds(),
632                                    ActionKeys.PERMISSIONS);
633                    }
634                    else if (name.equals(WikiNode.class.getName())) {
635                            WikiNodePermission.check(
636                                    permissionChecker, GetterUtil.getLong(primKey),
637                                    ActionKeys.PERMISSIONS);
638                    }
639                    else if (name.equals(WikiPage.class.getName())) {
640                            WikiPagePermission.check(
641                                    permissionChecker, GetterUtil.getLong(primKey),
642                                    ActionKeys.PERMISSIONS);
643                    }
644                    else if ((primKey != null) &&
645                                     primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
646    
647                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
648    
649                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
650    
651                            String portletId = primKey.substring(
652                                    pos + PortletConstants.LAYOUT_SEPARATOR.length());
653    
654                            PortletPermissionUtil.check(
655                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
656                    }
657                    else if (!permissionChecker.hasPermission(
658                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
659    
660                            AssetRendererFactory assetRendererFactory =
661                                    AssetRendererFactoryRegistryUtil.
662                                            getAssetRendererFactoryByClassName(name);
663    
664                            if (assetRendererFactory != null) {
665                                    try {
666                                            if (assetRendererFactory.hasPermission(
667                                                            permissionChecker, GetterUtil.getLong(primKey),
668                                                            ActionKeys.PERMISSIONS)) {
669    
670                                                    return;
671                                            }
672                                    }
673                                    catch (Exception e) {
674                                    }
675                            }
676    
677                            long ownerId = 0;
678    
679                            if (resourceBlockLocalService.isSupported(name)) {
680                                    PermissionedModel permissionedModel =
681                                            resourceBlockLocalService.getPermissionedModel(
682                                                    name, GetterUtil.getLong(primKey));
683    
684                                    if (permissionedModel instanceof GroupedModel) {
685                                            GroupedModel groupedModel = (GroupedModel)permissionedModel;
686    
687                                            ownerId = groupedModel.getUserId();
688                                    }
689                                    else if (permissionedModel instanceof AuditedModel) {
690                                            AuditedModel auditedModel = (AuditedModel)permissionedModel;
691    
692                                            ownerId = auditedModel.getUserId();
693                                    }
694                            }
695                            else {
696                                    ResourcePermission resourcePermission =
697                                            resourcePermissionLocalService.getResourcePermission(
698                                                    permissionChecker.getCompanyId(), name,
699                                                    ResourceConstants.SCOPE_INDIVIDUAL, primKey,
700                                                    permissionChecker.getOwnerRoleId());
701    
702                                    ownerId = resourcePermission.getOwnerId();
703                            }
704    
705                            if (permissionChecker.hasOwnerPermission(
706                                            permissionChecker.getCompanyId(), name, primKey, ownerId,
707                                            ActionKeys.PERMISSIONS)) {
708    
709                                    return;
710                            }
711    
712                            Role role = null;
713    
714                            if (name.equals(Role.class.getName())) {
715                                    long roleId = GetterUtil.getLong(primKey);
716    
717                                    role = rolePersistence.findByPrimaryKey(roleId);
718                            }
719    
720                            if ((role != null) && role.isTeam()) {
721                                    Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
722    
723                                    TeamPermissionUtil.check(
724                                            permissionChecker, team.getTeamId(),
725                                            ActionKeys.PERMISSIONS);
726                            }
727                            else {
728                                    List<String> resourceActions =
729                                            ResourceActionsUtil.getResourceActions(name);
730    
731                                    if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
732                                            !permissionChecker.hasPermission(
733                                                    groupId, name, primKey,
734                                                    ActionKeys.DEFINE_PERMISSIONS)) {
735    
736                                            throw new PrincipalException();
737                                    }
738                            }
739                    }
740            }
741    
742    }