001
014
015 package com.liferay.portal.security.permission;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.model.Group;
020 import com.liferay.portal.model.GroupConstants;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.OrganizationConstants;
023 import com.liferay.portal.model.Role;
024 import com.liferay.portal.model.RoleConstants;
025 import com.liferay.portal.model.UserConstants;
026 import com.liferay.portal.service.GroupLocalServiceUtil;
027 import com.liferay.portal.service.OrganizationLocalServiceUtil;
028 import com.liferay.portal.service.RoleLocalServiceUtil;
029 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
030 import com.liferay.portal.service.permission.LayoutPrototypePermissionUtil;
031 import com.liferay.portal.service.permission.LayoutSetPrototypePermissionUtil;
032
033 import java.util.Arrays;
034 import java.util.Collections;
035 import java.util.HashMap;
036 import java.util.List;
037 import java.util.Map;
038
039
042 public class PermissionCheckerBagImpl
043 extends UserPermissionCheckerBagImpl implements PermissionCheckerBag {
044
045 public PermissionCheckerBagImpl() {
046 this(UserConstants.USER_ID_DEFAULT);
047 }
048
049 public PermissionCheckerBagImpl(long userId) {
050 this(userId, Collections.<Role>emptyList());
051 }
052
053 public PermissionCheckerBagImpl(
054 long userId, List<Group> userGroups, List<Organization> userOrgs,
055 List<Group> userOrgGroups, List<Group> userUserGroupGroups,
056 List<Role> roles) {
057
058 super(userId, userGroups, userOrgs, userOrgGroups, userUserGroupGroups);
059
060 _roles = roles;
061 }
062
063 public PermissionCheckerBagImpl(long userId, List<Role> roles) {
064 super(userId);
065
066 _roles = roles;
067 }
068
069 public PermissionCheckerBagImpl(
070 UserPermissionCheckerBag userPermissionCheckerBag, List<Role> roles) {
071
072 super(userPermissionCheckerBag);
073
074 _roles = roles;
075 }
076
077
081 @Override
082 public List<Group> getGroups() {
083 return super.getGroups();
084 }
085
086 @Override
087 public long[] getRoleIds() {
088 if (_roleIds == null) {
089 List<Role> roles = getRoles();
090
091 long[] roleIds = new long[roles.size()];
092
093 for (int i = 0; i < roles.size(); i++) {
094 Role role = roles.get(i);
095
096 roleIds[i] = role.getRoleId();
097 }
098
099 Arrays.sort(roleIds);
100
101 _roleIds = roleIds;
102 }
103
104 return _roleIds;
105 }
106
107 @Override
108 public List<Role> getRoles() {
109 return _roles;
110 }
111
112
116 @Override
117 public List<Group> getUserGroups() {
118 return super.getUserGroups();
119 }
120
121
125 @Override
126 public List<Group> getUserOrgGroups() {
127 return super.getUserOrgGroups();
128 }
129
130
134 @Override
135 public List<Organization> getUserOrgs() {
136 return super.getUserOrgs();
137 }
138
139
143 @Override
144 public List<Group> getUserUserGroupGroups() {
145 return super.getUserUserGroupGroups();
146 }
147
148
152 @Override
153 public boolean isCommunityAdmin(
154 PermissionChecker permissionChecker, Group group)
155 throws Exception {
156
157 return isGroupAdmin(permissionChecker, group);
158 }
159
160
164 @Override
165 public boolean isCommunityOwner(
166 PermissionChecker permissionChecker, Group group)
167 throws Exception {
168
169 return isGroupOwner(permissionChecker, group);
170 }
171
172 @Override
173 public boolean isContentReviewer(
174 PermissionChecker permissionChecker, Group group)
175 throws Exception {
176
177 Boolean value = _contentReviewers.get(group.getCompanyId());
178
179 if (value == null) {
180 value = Boolean.valueOf(
181 isContentReviewerImpl(permissionChecker, group));
182
183 _contentReviewers.put(group.getCompanyId(), value);
184 }
185
186 return value.booleanValue();
187 }
188
189 @Override
190 public boolean isGroupAdmin(
191 PermissionChecker permissionChecker, Group group)
192 throws Exception {
193
194 Boolean value = _groupAdmins.get(group.getGroupId());
195
196 if (value == null) {
197 value = Boolean.valueOf(isGroupAdminImpl(permissionChecker, group));
198
199 _groupAdmins.put(group.getGroupId(), value);
200 }
201
202 return value.booleanValue();
203 }
204
205 @Override
206 public boolean isGroupMember(
207 PermissionChecker permissionChecker, Group group)
208 throws Exception {
209
210 for (Role role : _roles) {
211 String roleName = role.getName();
212
213 if (roleName.equals(RoleConstants.SITE_MEMBER)) {
214 return true;
215 }
216 }
217
218 List<Group> userGroups = getUserGroups();
219
220 if (userGroups.contains(group)) {
221 return true;
222 }
223
224 return false;
225 }
226
227 @Override
228 public boolean isGroupOwner(
229 PermissionChecker permissionChecker, Group group)
230 throws Exception {
231
232 Boolean value = _groupOwners.get(group.getGroupId());
233
234 if (value == null) {
235 value = Boolean.valueOf(isGroupOwnerImpl(permissionChecker, group));
236
237 _groupOwners.put(group.getGroupId(), value);
238 }
239
240 return value.booleanValue();
241 }
242
243 @Override
244 public boolean isOrganizationAdmin(
245 PermissionChecker permissionChecker, Organization organization)
246 throws Exception {
247
248 Boolean value = _organizationAdmins.get(
249 organization.getOrganizationId());
250
251 if (value == null) {
252 value = Boolean.valueOf(
253 isOrganizationAdminImpl(permissionChecker, organization));
254
255 _organizationAdmins.put(organization.getOrganizationId(), value);
256 }
257
258 return value.booleanValue();
259 }
260
261 @Override
262 public boolean isOrganizationOwner(
263 PermissionChecker permissionChecker, Organization organization)
264 throws Exception {
265
266 Boolean value = _organizationOwners.get(
267 organization.getOrganizationId());
268
269 if (value == null) {
270 value = Boolean.valueOf(
271 isOrganizationOwnerImpl(permissionChecker, organization));
272
273 _organizationOwners.put(organization.getOrganizationId(), value);
274 }
275
276 return value.booleanValue();
277 }
278
279 protected boolean isContentReviewerImpl(
280 PermissionChecker permissionChecker, Group group)
281 throws PortalException, SystemException {
282
283 if (permissionChecker.isCompanyAdmin() ||
284 permissionChecker.isGroupAdmin(group.getGroupId())) {
285
286 return true;
287 }
288
289 if (RoleLocalServiceUtil.hasUserRole(
290 getUserId(), group.getCompanyId(),
291 RoleConstants.PORTAL_CONTENT_REVIEWER, true)) {
292
293 return true;
294 }
295
296 if (group.isSite()) {
297 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
298 getUserId(), group.getGroupId(),
299 RoleConstants.SITE_CONTENT_REVIEWER, true)) {
300
301 return true;
302 }
303 }
304
305 return false;
306 }
307
308 protected boolean isGroupAdminImpl(
309 PermissionChecker permissionChecker, Group group)
310 throws PortalException, SystemException {
311
312 if (group.isLayout()) {
313 long parentGroupId = group.getParentGroupId();
314
315 if (parentGroupId == GroupConstants.DEFAULT_PARENT_GROUP_ID) {
316 return false;
317 }
318
319 group = GroupLocalServiceUtil.getGroup(parentGroupId);
320 }
321
322 if (group.isSite()) {
323 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
324 getUserId(), group.getGroupId(),
325 RoleConstants.SITE_ADMINISTRATOR, true) ||
326 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
327 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
328 true)) {
329
330 return true;
331 }
332 }
333
334 if (group.isCompany()) {
335 if (permissionChecker.isCompanyAdmin()) {
336 return true;
337 }
338 else {
339 return false;
340 }
341 }
342 else if (group.isLayoutPrototype()) {
343 if (LayoutPrototypePermissionUtil.contains(
344 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
345
346 return true;
347 }
348 else {
349 return false;
350 }
351 }
352 else if (group.isLayoutSetPrototype()) {
353 if (LayoutSetPrototypePermissionUtil.contains(
354 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
355
356 return true;
357 }
358 else {
359 return false;
360 }
361 }
362 else if (group.isOrganization()) {
363 long organizationId = group.getOrganizationId();
364
365 while (organizationId !=
366 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
367
368 Organization organization =
369 OrganizationLocalServiceUtil.getOrganization(
370 organizationId);
371
372 long organizationGroupId = organization.getGroupId();
373
374 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
375 getUserId(), organizationGroupId,
376 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
377 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
378 getUserId(), organizationGroupId,
379 RoleConstants.ORGANIZATION_OWNER, true)) {
380
381 return true;
382 }
383
384 organizationId = organization.getParentOrganizationId();
385 }
386 }
387
388 return false;
389 }
390
391 protected boolean isGroupOwnerImpl(
392 PermissionChecker permissionChecker, Group group)
393 throws PortalException, SystemException {
394
395 if (group.isSite()) {
396 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
397 getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER,
398 true)) {
399
400 return true;
401 }
402 }
403
404 if (group.isLayoutPrototype()) {
405 if (LayoutPrototypePermissionUtil.contains(
406 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
407
408 return true;
409 }
410 else {
411 return false;
412 }
413 }
414 else if (group.isLayoutSetPrototype()) {
415 if (LayoutSetPrototypePermissionUtil.contains(
416 permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
417
418 return true;
419 }
420 else {
421 return false;
422 }
423 }
424 else if (group.isOrganization()) {
425 long organizationId = group.getOrganizationId();
426
427 while (organizationId !=
428 OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
429
430 Organization organization =
431 OrganizationLocalServiceUtil.getOrganization(
432 organizationId);
433
434 long organizationGroupId = organization.getGroupId();
435
436 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
437 getUserId(), organizationGroupId,
438 RoleConstants.ORGANIZATION_OWNER, true)) {
439
440 return true;
441 }
442
443 organizationId = organization.getParentOrganizationId();
444 }
445 }
446 else if (group.isUser()) {
447 long groupUserId = group.getClassPK();
448
449 if (getUserId() == groupUserId) {
450 return true;
451 }
452 }
453
454 return false;
455 }
456
457 protected boolean isOrganizationAdminImpl(
458 PermissionChecker permissionChecker, Organization organization)
459 throws PortalException, SystemException {
460
461 while (organization != null) {
462 long organizationGroupId = organization.getGroupId();
463
464 long userId = getUserId();
465
466 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
467 userId, organizationGroupId,
468 RoleConstants.ORGANIZATION_ADMINISTRATOR, true) ||
469 UserGroupRoleLocalServiceUtil.hasUserGroupRole(
470 userId, organizationGroupId,
471 RoleConstants.ORGANIZATION_OWNER, true)) {
472
473 return true;
474 }
475
476 organization = organization.getParentOrganization();
477 }
478
479 return false;
480 }
481
482 protected boolean isOrganizationOwnerImpl(
483 PermissionChecker permissionChecker, Organization organization)
484 throws PortalException, SystemException {
485
486 long userId = getUserId();
487
488 while (organization != null) {
489 long organizationGroupId = organization.getGroupId();
490
491 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
492 userId, organizationGroupId,
493 RoleConstants.ORGANIZATION_OWNER, true)) {
494
495 return true;
496 }
497
498 organization = organization.getParentOrganization();
499 }
500
501 return false;
502 }
503
504 private Map<Long, Boolean> _contentReviewers = new HashMap<Long, Boolean>();
505 private Map<Long, Boolean> _groupAdmins = new HashMap<Long, Boolean>();
506 private Map<Long, Boolean> _groupOwners = new HashMap<Long, Boolean>();
507 private Map<Long, Boolean> _organizationAdmins =
508 new HashMap<Long, Boolean>();
509 private Map<Long, Boolean> _organizationOwners =
510 new HashMap<Long, Boolean>();
511 private long[] _roleIds;
512 private List<Role> _roles;
513
514 }