1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.PortalException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.model.Group;
29 import com.liferay.portal.model.Layout;
30 import com.liferay.portal.model.PortletConstants;
31 import com.liferay.portal.model.Resource;
32 import com.liferay.portal.model.Role;
33 import com.liferay.portal.model.User;
34 import com.liferay.portal.security.auth.PrincipalException;
35 import com.liferay.portal.security.permission.ActionKeys;
36 import com.liferay.portal.security.permission.PermissionChecker;
37 import com.liferay.portal.security.permission.PermissionCheckerBag;
38 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39 import com.liferay.portal.service.permission.GroupPermissionUtil;
40 import com.liferay.portal.service.permission.PortletPermissionUtil;
41 import com.liferay.portal.service.permission.UserPermissionUtil;
42
43 import java.util.List;
44
45
51 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
52
53 public void checkPermission(long groupId, long resourceId)
54 throws PortalException, SystemException {
55
56 checkPermission(getPermissionChecker(), groupId, resourceId);
57 }
58
59 public void checkPermission(long groupId, String name, long primKey)
60 throws PortalException, SystemException {
61
62 checkPermission(getPermissionChecker(), groupId, name, primKey);
63 }
64
65 public void checkPermission(long groupId, String name, String primKey)
66 throws PortalException, SystemException {
67
68 checkPermission(getPermissionChecker(), groupId, name, primKey);
69 }
70
71 public boolean hasGroupPermission(
72 long groupId, String actionId, long resourceId)
73 throws SystemException {
74
75 return permissionLocalService.hasGroupPermission(
76 groupId, actionId, resourceId);
77 }
78
79 public boolean hasUserPermission(
80 long userId, String actionId, long resourceId)
81 throws SystemException {
82
83 return permissionLocalService.hasUserPermission(
84 userId, actionId, resourceId);
85 }
86
87 public boolean hasUserPermissions(
88 long userId, long groupId, List<Resource> resources,
89 String actionId, PermissionCheckerBag permissionCheckerBag)
90 throws PortalException, SystemException {
91
92 return permissionLocalService.hasUserPermissions(
93 userId, groupId, resources, actionId, permissionCheckerBag);
94 }
95
96 public void setGroupPermissions(
97 long groupId, String[] actionIds, long resourceId)
98 throws PortalException, SystemException {
99
100 checkPermission(getPermissionChecker(), groupId, resourceId);
101
102 permissionLocalService.setGroupPermissions(
103 groupId, actionIds, resourceId);
104 }
105
106 public void setGroupPermissions(
107 String className, String classPK, long groupId,
108 String[] actionIds, long resourceId)
109 throws PortalException, SystemException {
110
111 checkPermission(getPermissionChecker(), groupId, resourceId);
112
113 permissionLocalService.setGroupPermissions(
114 className, classPK, groupId, actionIds, resourceId);
115 }
116
117 public void setOrgGroupPermissions(
118 long organizationId, long groupId, String[] actionIds,
119 long resourceId)
120 throws PortalException, SystemException {
121
122 checkPermission(getPermissionChecker(), groupId, resourceId);
123
124 permissionLocalService.setOrgGroupPermissions(
125 organizationId, groupId, actionIds, resourceId);
126 }
127
128 public void setRolePermission(
129 long roleId, long groupId, String name, int scope, String primKey,
130 String actionId)
131 throws PortalException, SystemException {
132
133 checkPermission(
134 getPermissionChecker(), groupId, Role.class.getName(), roleId);
135
136 permissionLocalService.setRolePermission(
137 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
138 }
139
140 public void setRolePermissions(
141 long roleId, long groupId, String[] actionIds, long resourceId)
142 throws PortalException, SystemException {
143
144 checkPermission(getPermissionChecker(), groupId, resourceId);
145
146 permissionLocalService.setRolePermissions(
147 roleId, actionIds, resourceId);
148 }
149
150 public void setUserPermissions(
151 long userId, long groupId, String[] actionIds, long resourceId)
152 throws PortalException, SystemException {
153
154 checkPermission(getPermissionChecker(), groupId, resourceId);
155
156 permissionLocalService.setUserPermissions(
157 userId, actionIds, resourceId);
158 }
159
160 public void unsetRolePermission(
161 long roleId, long groupId, long permissionId)
162 throws SystemException, PortalException {
163
164 checkPermission(
165 getPermissionChecker(), groupId, Role.class.getName(), roleId);
166
167 permissionLocalService.unsetRolePermission(roleId, permissionId);
168 }
169
170 public void unsetRolePermission(
171 long roleId, long groupId, String name, int scope, String primKey,
172 String actionId)
173 throws PortalException, SystemException {
174
175 checkPermission(
176 getPermissionChecker(), groupId, Role.class.getName(), roleId);
177
178 permissionLocalService.unsetRolePermission(
179 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
180 }
181
182 public void unsetRolePermissions(
183 long roleId, long groupId, String name, int scope, String actionId)
184 throws PortalException, SystemException {
185
186 checkPermission(
187 getPermissionChecker(), groupId, Role.class.getName(), roleId);
188
189 permissionLocalService.unsetRolePermissions(
190 roleId, getUser().getCompanyId(), name, scope, actionId);
191 }
192
193 public void unsetUserPermissions(
194 long userId, long groupId, String[] actionIds, long resourceId)
195 throws PortalException, SystemException {
196
197 checkPermission(getPermissionChecker(), groupId, resourceId);
198
199 permissionLocalService.unsetUserPermissions(
200 userId, actionIds, resourceId);
201 }
202
203 protected void checkPermission(
204 PermissionChecker permissionChecker, long groupId,
205 long resourceId)
206 throws PortalException, SystemException {
207
208 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
209
210 checkPermission(
211 permissionChecker, groupId, resource.getName(),
212 resource.getPrimKey().toString());
213 }
214
215 protected void checkPermission(
216 PermissionChecker permissionChecker, long groupId, String name,
217 long primKey)
218 throws PortalException, SystemException {
219
220 checkPermission(
221 permissionChecker, groupId, name, String.valueOf(primKey));
222 }
223
224 protected void checkPermission(
225 PermissionChecker permissionChecker, long groupId, String name,
226 String primKey)
227 throws PortalException, SystemException {
228
229 if (name.equals(Group.class.getName())) {
230 GroupPermissionUtil.check(
231 permissionChecker, GetterUtil.getLong(primKey),
232 ActionKeys.PERMISSIONS);
233 }
234 else if (name.equals(Layout.class.getName())) {
235 long plid = GetterUtil.getLong(primKey);
236
237 Layout layout = layoutPersistence.findByPrimaryKey(plid);
238
239 GroupPermissionUtil.check(
240 permissionChecker, layout.getGroupId(),
241 ActionKeys.MANAGE_LAYOUTS);
242 }
243 else if (name.equals(User.class.getName())) {
244 long userId = GetterUtil.getLong(primKey);
245
246 User user = userPersistence.findByPrimaryKey(userId);
247
248 UserPermissionUtil.check(
249 permissionChecker, userId, user.getOrganizationIds(),
250 ActionKeys.PERMISSIONS);
251 }
252 else if ((primKey != null) &&
253 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
254
255 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
256
257 long plid = GetterUtil.getLong(primKey.substring(0, pos));
258
259 String portletId = primKey.substring(
260 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
261 primKey.length());
262
263 if (!PortletPermissionUtil.contains(
264 permissionChecker, plid, portletId,
265 ActionKeys.CONFIGURATION)) {
266
267 throw new PrincipalException();
268 }
269 }
270 else if (!permissionChecker.hasPermission(
271 groupId, name, primKey, ActionKeys.PERMISSIONS) &&
272 !permissionChecker.hasPermission(
273 groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
274
275 throw new PrincipalException();
276 }
277 }
278
279 }