1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39  import com.liferay.portal.service.permission.GroupPermissionUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.service.permission.UserPermissionUtil;
42  
43  import java.util.List;
44  
45  /**
46   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
47   *
48   * @author Brian Wing Shun Chan
49   *
50   */
51  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
52  
53      public void checkPermission(long groupId, long resourceId)
54          throws PortalException, SystemException {
55  
56          checkPermission(getPermissionChecker(), groupId, resourceId);
57      }
58  
59      public void checkPermission(long groupId, String name, long primKey)
60          throws PortalException, SystemException {
61  
62          checkPermission(getPermissionChecker(), groupId, name, primKey);
63      }
64  
65      public void checkPermission(long groupId, String name, String primKey)
66          throws PortalException, SystemException {
67  
68          checkPermission(getPermissionChecker(), groupId, name, primKey);
69      }
70  
71      public boolean hasGroupPermission(
72              long groupId, String actionId, long resourceId)
73          throws SystemException {
74  
75          return permissionLocalService.hasGroupPermission(
76              groupId, actionId, resourceId);
77      }
78  
79      public boolean hasUserPermission(
80              long userId, String actionId, long resourceId)
81          throws SystemException {
82  
83          return permissionLocalService.hasUserPermission(
84              userId, actionId, resourceId);
85      }
86  
87      public boolean hasUserPermissions(
88              long userId, long groupId, List<Resource> resources,
89              String actionId, PermissionCheckerBag permissionCheckerBag)
90          throws PortalException, SystemException {
91  
92          return permissionLocalService.hasUserPermissions(
93              userId, groupId, resources, actionId, permissionCheckerBag);
94      }
95  
96      public void setGroupPermissions(
97              long groupId, String[] actionIds, long resourceId)
98          throws PortalException, SystemException {
99  
100         checkPermission(getPermissionChecker(), groupId, resourceId);
101 
102         permissionLocalService.setGroupPermissions(
103             groupId, actionIds, resourceId);
104     }
105 
106     public void setGroupPermissions(
107             String className, String classPK, long groupId,
108             String[] actionIds, long resourceId)
109         throws PortalException, SystemException {
110 
111         checkPermission(getPermissionChecker(), groupId, resourceId);
112 
113         permissionLocalService.setGroupPermissions(
114             className, classPK, groupId, actionIds, resourceId);
115     }
116 
117     public void setOrgGroupPermissions(
118             long organizationId, long groupId, String[] actionIds,
119             long resourceId)
120         throws PortalException, SystemException {
121 
122         checkPermission(getPermissionChecker(), groupId, resourceId);
123 
124         permissionLocalService.setOrgGroupPermissions(
125             organizationId, groupId, actionIds, resourceId);
126     }
127 
128     public void setRolePermission(
129             long roleId, long groupId, String name, int scope, String primKey,
130             String actionId)
131         throws PortalException, SystemException {
132 
133         checkPermission(
134             getPermissionChecker(), groupId, Role.class.getName(), roleId);
135 
136         permissionLocalService.setRolePermission(
137             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
138     }
139 
140     public void setRolePermissions(
141             long roleId, long groupId, String[] actionIds, long resourceId)
142         throws PortalException, SystemException {
143 
144         checkPermission(getPermissionChecker(), groupId, resourceId);
145 
146         permissionLocalService.setRolePermissions(
147             roleId, actionIds, resourceId);
148     }
149 
150     public void setUserPermissions(
151             long userId, long groupId, String[] actionIds, long resourceId)
152         throws PortalException, SystemException {
153 
154         checkPermission(getPermissionChecker(), groupId, resourceId);
155 
156         permissionLocalService.setUserPermissions(
157             userId, actionIds, resourceId);
158     }
159 
160     public void unsetRolePermission(
161             long roleId, long groupId, long permissionId)
162         throws SystemException, PortalException {
163 
164         checkPermission(
165             getPermissionChecker(), groupId, Role.class.getName(), roleId);
166 
167         permissionLocalService.unsetRolePermission(roleId, permissionId);
168     }
169 
170     public void unsetRolePermission(
171             long roleId, long groupId, String name, int scope, String primKey,
172             String actionId)
173         throws PortalException, SystemException {
174 
175         checkPermission(
176             getPermissionChecker(), groupId, Role.class.getName(), roleId);
177 
178         permissionLocalService.unsetRolePermission(
179             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
180     }
181 
182     public void unsetRolePermissions(
183             long roleId, long groupId, String name, int scope, String actionId)
184         throws PortalException, SystemException {
185 
186         checkPermission(
187             getPermissionChecker(), groupId, Role.class.getName(), roleId);
188 
189         permissionLocalService.unsetRolePermissions(
190             roleId, getUser().getCompanyId(), name, scope, actionId);
191     }
192 
193     public void unsetUserPermissions(
194             long userId, long groupId, String[] actionIds, long resourceId)
195         throws PortalException, SystemException {
196 
197         checkPermission(getPermissionChecker(), groupId, resourceId);
198 
199         permissionLocalService.unsetUserPermissions(
200             userId, actionIds, resourceId);
201     }
202 
203     protected void checkPermission(
204             PermissionChecker permissionChecker, long groupId,
205             long resourceId)
206         throws PortalException, SystemException {
207 
208         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
209 
210         checkPermission(
211             permissionChecker, groupId, resource.getName(),
212             resource.getPrimKey().toString());
213     }
214 
215     protected void checkPermission(
216             PermissionChecker permissionChecker, long groupId, String name,
217             long primKey)
218         throws PortalException, SystemException {
219 
220         checkPermission(
221             permissionChecker, groupId, name, String.valueOf(primKey));
222     }
223 
224     protected void checkPermission(
225             PermissionChecker permissionChecker, long groupId, String name,
226             String primKey)
227         throws PortalException, SystemException {
228 
229         if (name.equals(Group.class.getName())) {
230             GroupPermissionUtil.check(
231                 permissionChecker, GetterUtil.getLong(primKey),
232                 ActionKeys.PERMISSIONS);
233         }
234         else if (name.equals(Layout.class.getName())) {
235             long plid = GetterUtil.getLong(primKey);
236 
237             Layout layout = layoutPersistence.findByPrimaryKey(plid);
238 
239             GroupPermissionUtil.check(
240                 permissionChecker, layout.getGroupId(),
241                 ActionKeys.MANAGE_LAYOUTS);
242         }
243         else if (name.equals(User.class.getName())) {
244             long userId = GetterUtil.getLong(primKey);
245 
246             User user = userPersistence.findByPrimaryKey(userId);
247 
248             UserPermissionUtil.check(
249                 permissionChecker, userId, user.getOrganizationIds(),
250                 ActionKeys.PERMISSIONS);
251         }
252         else if ((primKey != null) &&
253                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
254 
255             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
256 
257             long plid = GetterUtil.getLong(primKey.substring(0, pos));
258 
259             String portletId = primKey.substring(
260                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
261                 primKey.length());
262 
263             if (!PortletPermissionUtil.contains(
264                     permissionChecker, plid, portletId,
265                     ActionKeys.CONFIGURATION)) {
266 
267                 throw new PrincipalException();
268             }
269         }
270         else if (!permissionChecker.hasPermission(
271                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
272                  !permissionChecker.hasPermission(
273                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
274 
275             throw new PrincipalException();
276         }
277     }
278 
279 }