001
014
015 package com.liferay.portal.workflow.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.security.pacl.DoPrivileged;
020 import com.liferay.portal.kernel.workflow.WorkflowException;
021 import com.liferay.portal.kernel.workflow.WorkflowInstance;
022 import com.liferay.portal.kernel.workflow.WorkflowInstanceManagerUtil;
023 import com.liferay.portal.kernel.workflow.WorkflowTaskManagerUtil;
024 import com.liferay.portal.kernel.workflow.permission.WorkflowPermission;
025 import com.liferay.portal.model.WorkflowInstanceLink;
026 import com.liferay.portal.security.permission.ActionKeys;
027 import com.liferay.portal.security.permission.PermissionChecker;
028 import com.liferay.portal.service.WorkflowDefinitionLinkLocalServiceUtil;
029 import com.liferay.portal.service.WorkflowInstanceLinkLocalServiceUtil;
030
031
034 @DoPrivileged
035 public class WorkflowPermissionImpl implements WorkflowPermission {
036
037 @Override
038 public Boolean hasPermission(
039 PermissionChecker permissionChecker, long groupId, String className,
040 long classPK, String actionId) {
041
042 try {
043 return doHasPermission(
044 permissionChecker, groupId, className, classPK, actionId);
045 }
046 catch (Exception e) {
047 _log.error(e, e);
048 }
049
050 return null;
051 }
052
053 protected Boolean doHasPermission(
054 PermissionChecker permissionChecker, long groupId, String className,
055 long classPK, String actionId)
056 throws Exception {
057
058 long companyId = permissionChecker.getCompanyId();
059
060 if (permissionChecker.isCompanyAdmin() ||
061 permissionChecker.isGroupAdmin(groupId)) {
062
063 return Boolean.TRUE;
064 }
065
066 if (!WorkflowDefinitionLinkLocalServiceUtil.hasWorkflowDefinitionLink(
067 companyId, groupId, className)) {
068
069 return null;
070 }
071
072 if (WorkflowInstanceLinkLocalServiceUtil.hasWorkflowInstanceLink(
073 companyId, groupId, className, classPK)) {
074
075 WorkflowInstanceLink workflowInstanceLink =
076 WorkflowInstanceLinkLocalServiceUtil.getWorkflowInstanceLink(
077 companyId, groupId, className, classPK);
078
079 WorkflowInstance workflowInstance =
080 WorkflowInstanceManagerUtil.getWorkflowInstance(
081 companyId, workflowInstanceLink.getWorkflowInstanceId());
082
083 if (workflowInstance.isComplete()) {
084 return null;
085 }
086
087 boolean hasPermission = hasImplicitPermission(
088 permissionChecker, workflowInstance);
089
090 if (!hasPermission && actionId.equals(ActionKeys.VIEW)) {
091 return null;
092 }
093 else {
094 return hasPermission;
095 }
096 }
097
098 return null;
099 }
100
101 protected boolean hasImplicitPermission(
102 PermissionChecker permissionChecker,
103 WorkflowInstance workflowInstance)
104 throws WorkflowException {
105
106 if (WorkflowTaskManagerUtil.getWorkflowTaskCountByWorkflowInstance(
107 permissionChecker.getCompanyId(), permissionChecker.getUserId(),
108 workflowInstance.getWorkflowInstanceId(), Boolean.FALSE) > 0) {
109
110 return true;
111 }
112
113 if (WorkflowTaskManagerUtil.getWorkflowTaskCountByUserRoles(
114 permissionChecker.getCompanyId(), permissionChecker.getUserId(),
115 Boolean.FALSE) > 0) {
116
117 return true;
118 }
119
120 return false;
121 }
122
123 private static Log _log = LogFactoryUtil.getLog(
124 WorkflowPermissionImpl.class);
125
126 }