001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.workflow.permission;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.security.pacl.DoPrivileged;
020    import com.liferay.portal.kernel.workflow.WorkflowException;
021    import com.liferay.portal.kernel.workflow.WorkflowInstance;
022    import com.liferay.portal.kernel.workflow.WorkflowInstanceManagerUtil;
023    import com.liferay.portal.kernel.workflow.WorkflowTaskManagerUtil;
024    import com.liferay.portal.kernel.workflow.permission.WorkflowPermission;
025    import com.liferay.portal.model.WorkflowInstanceLink;
026    import com.liferay.portal.security.permission.ActionKeys;
027    import com.liferay.portal.security.permission.PermissionChecker;
028    import com.liferay.portal.service.WorkflowDefinitionLinkLocalServiceUtil;
029    import com.liferay.portal.service.WorkflowInstanceLinkLocalServiceUtil;
030    
031    /**
032     * @author Jorge Ferrer
033     */
034    @DoPrivileged
035    public class WorkflowPermissionImpl implements WorkflowPermission {
036    
037            @Override
038            public Boolean hasPermission(
039                    PermissionChecker permissionChecker, long groupId, String className,
040                    long classPK, String actionId) {
041    
042                    try {
043                            return doHasPermission(
044                                    permissionChecker, groupId, className, classPK, actionId);
045                    }
046                    catch (Exception e) {
047                            _log.error(e, e);
048                    }
049    
050                    return null;
051            }
052    
053            protected Boolean doHasPermission(
054                            PermissionChecker permissionChecker, long groupId, String className,
055                            long classPK, String actionId)
056                    throws Exception {
057    
058                    long companyId = permissionChecker.getCompanyId();
059    
060                    if (permissionChecker.isCompanyAdmin() ||
061                            permissionChecker.isGroupAdmin(groupId)) {
062    
063                            return Boolean.TRUE;
064                    }
065    
066                    if (!WorkflowDefinitionLinkLocalServiceUtil.hasWorkflowDefinitionLink(
067                                    companyId, groupId, className)) {
068    
069                            return null;
070                    }
071    
072                    if (WorkflowInstanceLinkLocalServiceUtil.hasWorkflowInstanceLink(
073                                    companyId, groupId, className, classPK)) {
074    
075                            WorkflowInstanceLink workflowInstanceLink =
076                                    WorkflowInstanceLinkLocalServiceUtil.getWorkflowInstanceLink(
077                                            companyId, groupId, className, classPK);
078    
079                            WorkflowInstance workflowInstance =
080                                    WorkflowInstanceManagerUtil.getWorkflowInstance(
081                                            companyId, workflowInstanceLink.getWorkflowInstanceId());
082    
083                            if (workflowInstance.isComplete()) {
084                                    return null;
085                            }
086    
087                            boolean hasPermission = hasImplicitPermission(
088                                    permissionChecker, workflowInstance);
089    
090                            if (!hasPermission && actionId.equals(ActionKeys.VIEW)) {
091                                    return null;
092                            }
093                            else {
094                                    return hasPermission;
095                            }
096                    }
097    
098                    return null;
099            }
100    
101            protected boolean hasImplicitPermission(
102                            PermissionChecker permissionChecker,
103                            WorkflowInstance workflowInstance)
104                    throws WorkflowException {
105    
106                    if (WorkflowTaskManagerUtil.getWorkflowTaskCountByWorkflowInstance(
107                                    permissionChecker.getCompanyId(), permissionChecker.getUserId(),
108                                    workflowInstance.getWorkflowInstanceId(), Boolean.FALSE) > 0) {
109    
110                            return true;
111                    }
112    
113                    if (WorkflowTaskManagerUtil.getWorkflowTaskCountByUserRoles(
114                                    permissionChecker.getCompanyId(), permissionChecker.getUserId(),
115                                    Boolean.FALSE) > 0) {
116    
117                            return true;
118                    }
119    
120                    return false;
121            }
122    
123            private static Log _log = LogFactoryUtil.getLog(
124                    WorkflowPermissionImpl.class);
125    
126    }