001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.jsonwebservice.JSONWebService;
020 import com.liferay.portal.kernel.jsonwebservice.JSONWebServiceMode;
021 import com.liferay.portal.kernel.util.GetterUtil;
022 import com.liferay.portal.model.AuditedModel;
023 import com.liferay.portal.model.Group;
024 import com.liferay.portal.model.GroupedModel;
025 import com.liferay.portal.model.Layout;
026 import com.liferay.portal.model.PermissionedModel;
027 import com.liferay.portal.model.PortletConstants;
028 import com.liferay.portal.model.ResourceConstants;
029 import com.liferay.portal.model.ResourcePermission;
030 import com.liferay.portal.model.Role;
031 import com.liferay.portal.model.Team;
032 import com.liferay.portal.model.User;
033 import com.liferay.portal.security.auth.PrincipalException;
034 import com.liferay.portal.security.permission.ActionKeys;
035 import com.liferay.portal.security.permission.PermissionChecker;
036 import com.liferay.portal.security.permission.ResourceActionsUtil;
037 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
038 import com.liferay.portal.service.permission.GroupPermissionUtil;
039 import com.liferay.portal.service.permission.LayoutPermissionUtil;
040 import com.liferay.portal.service.permission.PortletPermissionUtil;
041 import com.liferay.portal.service.permission.TeamPermissionUtil;
042 import com.liferay.portal.service.permission.UserPermissionUtil;
043 import com.liferay.portlet.asset.AssetRendererFactoryRegistryUtil;
044 import com.liferay.portlet.asset.model.AssetRendererFactory;
045 import com.liferay.portlet.blogs.model.BlogsEntry;
046 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
047 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
048 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
049 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
050 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
051 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
052 import com.liferay.portlet.documentlibrary.model.DLFolder;
053 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
054 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
055 import com.liferay.portlet.journal.model.JournalArticle;
056 import com.liferay.portlet.journal.model.JournalFeed;
057 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
058 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
059 import com.liferay.portlet.messageboards.model.MBCategory;
060 import com.liferay.portlet.messageboards.model.MBMessage;
061 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
062 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
063 import com.liferay.portlet.polls.model.PollsQuestion;
064 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
065 import com.liferay.portlet.shopping.model.ShoppingCategory;
066 import com.liferay.portlet.shopping.model.ShoppingItem;
067 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
068 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
069 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
070 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
071 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
072 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
073 import com.liferay.portlet.wiki.model.WikiNode;
074 import com.liferay.portlet.wiki.model.WikiPage;
075 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
076 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
077
078 import java.util.List;
079
080
086 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
087
088
099 @JSONWebService(mode = JSONWebServiceMode.IGNORE)
100 @Override
101 public void checkPermission(long groupId, String name, long primKey)
102 throws PortalException, SystemException {
103
104 checkPermission(
105 getPermissionChecker(), groupId, name, String.valueOf(primKey));
106 }
107
108
119 @Override
120 public void checkPermission(long groupId, String name, String primKey)
121 throws PortalException, SystemException {
122
123 checkPermission(getPermissionChecker(), groupId, name, primKey);
124 }
125
126 protected void checkPermission(
127 PermissionChecker permissionChecker, long groupId, String name,
128 String primKey)
129 throws PortalException, SystemException {
130
131 if (name.equals(BlogsEntry.class.getName())) {
132 BlogsEntryPermission.check(
133 permissionChecker, GetterUtil.getLong(primKey),
134 ActionKeys.PERMISSIONS);
135 }
136 else if (name.equals(BookmarksEntry.class.getName())) {
137 BookmarksEntryPermission.check(
138 permissionChecker, GetterUtil.getLong(primKey),
139 ActionKeys.PERMISSIONS);
140 }
141 else if (name.equals(BookmarksFolder.class.getName())) {
142 BookmarksFolderPermission.check(
143 permissionChecker, groupId, GetterUtil.getLong(primKey),
144 ActionKeys.PERMISSIONS);
145 }
146 else if (name.equals(DLFileEntry.class.getName())) {
147 DLFileEntryPermission.check(
148 permissionChecker, GetterUtil.getLong(primKey),
149 ActionKeys.PERMISSIONS);
150 }
151 else if (name.equals(DLFolder.class.getName())) {
152 DLFolderPermission.check(
153 permissionChecker, groupId, GetterUtil.getLong(primKey),
154 ActionKeys.PERMISSIONS);
155 }
156 else if (name.equals(Group.class.getName())) {
157 GroupPermissionUtil.check(
158 permissionChecker, GetterUtil.getLong(primKey),
159 ActionKeys.PERMISSIONS);
160 }
161 else if (name.equals(JournalArticle.class.getName())) {
162 JournalArticlePermission.check(
163 permissionChecker, GetterUtil.getLong(primKey),
164 ActionKeys.PERMISSIONS);
165 }
166 else if (name.equals(JournalFeed.class.getName())) {
167 JournalFeedPermission.check(
168 permissionChecker, GetterUtil.getLong(primKey),
169 ActionKeys.PERMISSIONS);
170 }
171 else if (name.equals(Layout.class.getName())) {
172 LayoutPermissionUtil.check(
173 permissionChecker, GetterUtil.getLong(primKey),
174 ActionKeys.PERMISSIONS);
175 }
176 else if (name.equals(MBCategory.class.getName())) {
177 MBCategoryPermission.check(
178 permissionChecker, groupId, GetterUtil.getLong(primKey),
179 ActionKeys.PERMISSIONS);
180 }
181 else if (name.equals(MBMessage.class.getName())) {
182 MBMessagePermission.check(
183 permissionChecker, GetterUtil.getLong(primKey),
184 ActionKeys.PERMISSIONS);
185 }
186 else if (name.equals(PollsQuestion.class.getName())) {
187 PollsQuestionPermission.check(
188 permissionChecker, GetterUtil.getLong(primKey),
189 ActionKeys.PERMISSIONS);
190 }
191 else if (name.equals(SCFrameworkVersion.class.getName())) {
192 SCFrameworkVersionPermission.check(
193 permissionChecker, GetterUtil.getLong(primKey),
194 ActionKeys.PERMISSIONS);
195 }
196 else if (name.equals(SCProductEntry.class.getName())) {
197 SCProductEntryPermission.check(
198 permissionChecker, GetterUtil.getLong(primKey),
199 ActionKeys.PERMISSIONS);
200 }
201 else if (name.equals(ShoppingCategory.class.getName())) {
202 ShoppingCategoryPermission.check(
203 permissionChecker, groupId, GetterUtil.getLong(primKey),
204 ActionKeys.PERMISSIONS);
205 }
206 else if (name.equals(ShoppingItem.class.getName())) {
207 ShoppingItemPermission.check(
208 permissionChecker, GetterUtil.getLong(primKey),
209 ActionKeys.PERMISSIONS);
210 }
211 else if (name.equals(Team.class.getName())) {
212 long teamId = GetterUtil.getLong(primKey);
213
214 Team team = teamPersistence.findByPrimaryKey(teamId);
215
216 GroupPermissionUtil.check(
217 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
218 }
219 else if (name.equals(User.class.getName())) {
220 long userId = GetterUtil.getLong(primKey);
221
222 User user = userPersistence.findByPrimaryKey(userId);
223
224 UserPermissionUtil.check(
225 permissionChecker, userId, user.getOrganizationIds(),
226 ActionKeys.PERMISSIONS);
227 }
228 else if (name.equals(WikiNode.class.getName())) {
229 WikiNodePermission.check(
230 permissionChecker, GetterUtil.getLong(primKey),
231 ActionKeys.PERMISSIONS);
232 }
233 else if (name.equals(WikiPage.class.getName())) {
234 WikiPagePermission.check(
235 permissionChecker, GetterUtil.getLong(primKey),
236 ActionKeys.PERMISSIONS);
237 }
238 else if ((primKey != null) &&
239 primKey.contains(PortletConstants.LAYOUT_SEPARATOR)) {
240
241 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
242
243 long plid = GetterUtil.getLong(primKey.substring(0, pos));
244
245 String portletId = primKey.substring(
246 pos + PortletConstants.LAYOUT_SEPARATOR.length());
247
248 PortletPermissionUtil.check(
249 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
250 }
251 else if (!permissionChecker.hasPermission(
252 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
253
254 AssetRendererFactory assetRendererFactory =
255 AssetRendererFactoryRegistryUtil.
256 getAssetRendererFactoryByClassName(name);
257
258 if (assetRendererFactory != null) {
259 try {
260 if (assetRendererFactory.hasPermission(
261 permissionChecker, GetterUtil.getLong(primKey),
262 ActionKeys.PERMISSIONS)) {
263
264 return;
265 }
266 }
267 catch (Exception e) {
268 }
269 }
270
271 long ownerId = 0;
272
273 if (resourceBlockLocalService.isSupported(name)) {
274 PermissionedModel permissionedModel =
275 resourceBlockLocalService.getPermissionedModel(
276 name, GetterUtil.getLong(primKey));
277
278 if (permissionedModel instanceof GroupedModel) {
279 GroupedModel groupedModel = (GroupedModel)permissionedModel;
280
281 ownerId = groupedModel.getUserId();
282 }
283 else if (permissionedModel instanceof AuditedModel) {
284 AuditedModel auditedModel = (AuditedModel)permissionedModel;
285
286 ownerId = auditedModel.getUserId();
287 }
288 }
289 else {
290 ResourcePermission resourcePermission =
291 resourcePermissionLocalService.getResourcePermission(
292 permissionChecker.getCompanyId(), name,
293 ResourceConstants.SCOPE_INDIVIDUAL, primKey,
294 permissionChecker.getOwnerRoleId());
295
296 ownerId = resourcePermission.getOwnerId();
297 }
298
299 if (permissionChecker.hasOwnerPermission(
300 permissionChecker.getCompanyId(), name, primKey, ownerId,
301 ActionKeys.PERMISSIONS)) {
302
303 return;
304 }
305
306 Role role = null;
307
308 if (name.equals(Role.class.getName())) {
309 long roleId = GetterUtil.getLong(primKey);
310
311 role = rolePersistence.findByPrimaryKey(roleId);
312 }
313
314 if ((role != null) && role.isTeam()) {
315 Team team = teamPersistence.findByPrimaryKey(role.getClassPK());
316
317 TeamPermissionUtil.check(
318 permissionChecker, team.getTeamId(),
319 ActionKeys.PERMISSIONS);
320 }
321 else {
322 List<String> resourceActions =
323 ResourceActionsUtil.getResourceActions(name);
324
325 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
326 !permissionChecker.hasPermission(
327 groupId, name, primKey,
328 ActionKeys.DEFINE_PERMISSIONS)) {
329
330 throw new PrincipalException();
331 }
332 }
333 }
334 }
335
336 }