001
014
015 package com.liferay.portal.security.membershippolicy;
016
017 import com.liferay.portal.kernel.dao.orm.ActionableDynamicQuery;
018 import com.liferay.portal.kernel.exception.PortalException;
019 import com.liferay.portal.kernel.exception.SystemException;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Organization;
022 import com.liferay.portal.model.Role;
023 import com.liferay.portal.model.RoleConstants;
024 import com.liferay.portal.model.UserGroupRole;
025 import com.liferay.portal.security.permission.PermissionChecker;
026 import com.liferay.portal.service.OrganizationLocalServiceUtil;
027 import com.liferay.portal.service.RoleLocalServiceUtil;
028 import com.liferay.portal.service.UserGroupRoleLocalServiceUtil;
029 import com.liferay.portal.service.persistence.OrganizationActionableDynamicQuery;
030 import com.liferay.portal.service.persistence.UserGroupRoleActionableDynamicQuery;
031 import com.liferay.portal.service.persistence.UserGroupRolePK;
032
033 import java.io.Serializable;
034
035 import java.util.ArrayList;
036 import java.util.List;
037 import java.util.Map;
038
039
043 public abstract class BaseOrganizationMembershipPolicy
044 implements OrganizationMembershipPolicy {
045
046 @Override
047 @SuppressWarnings("unused")
048 public void checkRoles(
049 List<UserGroupRole> addUserGroupRoles,
050 List<UserGroupRole> removeUserGroupRoles)
051 throws PortalException, SystemException {
052 }
053
054 @Override
055 @SuppressWarnings("unused")
056 public boolean isMembershipAllowed(long userId, long organizationId)
057 throws PortalException, SystemException {
058
059 try {
060 checkMembership(
061 new long[] {userId}, new long[] {organizationId}, null);
062 }
063 catch (Exception e) {
064 return false;
065 }
066
067 return true;
068 }
069
070 @Override
071 public boolean isMembershipProtected(
072 PermissionChecker permissionChecker, long userId,
073 long organizationId)
074 throws PortalException, SystemException {
075
076 if (permissionChecker.isOrganizationOwner(organizationId)) {
077 return false;
078 }
079
080 Organization organization =
081 OrganizationLocalServiceUtil.getOrganization(organizationId);
082
083 Group group = organization.getGroup();
084
085 Role organizationAdministratorRole = RoleLocalServiceUtil.getRole(
086 permissionChecker.getCompanyId(),
087 RoleConstants.ORGANIZATION_ADMINISTRATOR);
088
089 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
090 userId, group.getGroupId(),
091 organizationAdministratorRole.getRoleId())) {
092
093 return true;
094 }
095
096 Role organizationOwnerRole = RoleLocalServiceUtil.getRole(
097 permissionChecker.getCompanyId(), RoleConstants.ORGANIZATION_OWNER);
098
099 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
100 userId, group.getGroupId(),
101 organizationOwnerRole.getRoleId())) {
102
103 return true;
104 }
105
106 return false;
107 }
108
109 @Override
110 @SuppressWarnings("unused")
111 public boolean isMembershipRequired(long userId, long organizationId)
112 throws PortalException, SystemException {
113
114 try {
115 checkMembership(
116 new long[] {userId}, null, new long[] {organizationId});
117 }
118 catch (Exception e) {
119 return true;
120 }
121
122 return false;
123 }
124
125 @Override
126 public boolean isRoleAllowed(long userId, long organizationId, long roleId)
127 throws PortalException, SystemException {
128
129 List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
130
131 Organization organization =
132 OrganizationLocalServiceUtil.getOrganization(organizationId);
133
134 UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
135 userId, organization.getGroupId(), roleId);
136
137 UserGroupRole userGroupRole =
138 UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
139
140 userGroupRoles.add(userGroupRole);
141
142 try {
143 checkRoles(userGroupRoles, null);
144 }
145 catch (Exception e) {
146 return false;
147 }
148
149 return true;
150 }
151
152 @Override
153 public boolean isRoleProtected(
154 PermissionChecker permissionChecker, long userId,
155 long organizationId, long roleId)
156 throws PortalException, SystemException {
157
158 if (permissionChecker.isOrganizationOwner(organizationId)) {
159 return false;
160 }
161
162 Role role = RoleLocalServiceUtil.getRole(roleId);
163
164 String roleName = role.getName();
165
166 if (!roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) &&
167 !roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
168
169 return false;
170 }
171
172 Organization organization =
173 OrganizationLocalServiceUtil.getOrganization(organizationId);
174
175 Group group = organization.getGroup();
176
177 if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
178 userId, group.getGroupId(), role.getRoleId())) {
179
180 return true;
181 }
182
183 return false;
184 }
185
186 @Override
187 public boolean isRoleRequired(long userId, long organizationId, long roleId)
188 throws PortalException, SystemException {
189
190 List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
191
192 Organization organization =
193 OrganizationLocalServiceUtil.getOrganization(organizationId);
194
195 UserGroupRolePK userGroupRolePK = new UserGroupRolePK(
196 userId, organization.getGroupId(), roleId);
197
198 UserGroupRole userGroupRole =
199 UserGroupRoleLocalServiceUtil.createUserGroupRole(userGroupRolePK);
200
201 userGroupRoles.add(userGroupRole);
202
203 try {
204 checkRoles(null, userGroupRoles);
205 }
206 catch (Exception e) {
207 return true;
208 }
209
210 return false;
211 }
212
213 @Override
214 public void propagateRoles(
215 List<UserGroupRole> addUserGroupRoles,
216 List<UserGroupRole> removeUserGroupRoles) {
217 }
218
219 @Override
220 public void verifyPolicy() throws PortalException, SystemException {
221 ActionableDynamicQuery organizationActionableDynamicQuery =
222 new OrganizationActionableDynamicQuery() {
223
224 @Override
225 protected void performAction(Object object)
226 throws PortalException, SystemException {
227
228 Organization organization = (Organization)object;
229
230 verifyPolicy(organization);
231
232 ActionableDynamicQuery userGroupRoleActionableDynamicQuery =
233 new UserGroupRoleActionableDynamicQuery() {
234
235 @Override
236 protected void performAction(Object object)
237 throws PortalException, SystemException {
238
239 UserGroupRole userGroupRole = (UserGroupRole)object;
240
241 verifyPolicy(userGroupRole.getRole());
242 }
243
244 };
245
246 userGroupRoleActionableDynamicQuery.setGroupId(
247 organization.getGroupId());
248
249 userGroupRoleActionableDynamicQuery.performActions();
250 }
251
252 };
253
254 organizationActionableDynamicQuery.performActions();
255 }
256
257 @Override
258 public void verifyPolicy(Organization organization)
259 throws PortalException, SystemException {
260
261 verifyPolicy(organization, null, null, null, null);
262 }
263
264 @Override
265 public void verifyPolicy(Role role) {
266 }
267
268 @Override
269 public void verifyPolicy(
270 Role role, Role oldRole,
271 Map<String, Serializable> oldExpandoAttributes) {
272 }
273
274 }