1
19
20 package com.liferay.portal.service.impl;
21
22 import com.liferay.portal.PortalException;
23 import com.liferay.portal.SystemException;
24 import com.liferay.portal.kernel.util.GetterUtil;
25 import com.liferay.portal.model.Group;
26 import com.liferay.portal.model.Layout;
27 import com.liferay.portal.model.PortletConstants;
28 import com.liferay.portal.model.Resource;
29 import com.liferay.portal.model.Role;
30 import com.liferay.portal.model.User;
31 import com.liferay.portal.security.auth.PrincipalException;
32 import com.liferay.portal.security.permission.ActionKeys;
33 import com.liferay.portal.security.permission.PermissionChecker;
34 import com.liferay.portal.security.permission.PermissionCheckerBag;
35 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
36 import com.liferay.portal.service.permission.GroupPermissionUtil;
37 import com.liferay.portal.service.permission.PortletPermissionUtil;
38 import com.liferay.portal.service.permission.UserPermissionUtil;
39 import com.liferay.portlet.blogs.model.BlogsEntry;
40 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
41 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
42 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
43 import com.liferay.portlet.calendar.model.CalEvent;
44 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
45 import com.liferay.portlet.documentlibrary.model.DLFolder;
46 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
47 import com.liferay.portlet.imagegallery.model.IGFolder;
48 import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
49 import com.liferay.portlet.journal.model.JournalArticle;
50 import com.liferay.portlet.journal.model.JournalFeed;
51 import com.liferay.portlet.journal.model.JournalStructure;
52 import com.liferay.portlet.journal.model.JournalTemplate;
53 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
54 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
55 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
56 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
57 import com.liferay.portlet.messageboards.model.MBCategory;
58 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
59 import com.liferay.portlet.polls.model.PollsQuestion;
60 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
61 import com.liferay.portlet.shopping.model.ShoppingCategory;
62 import com.liferay.portlet.shopping.model.ShoppingItem;
63 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
64 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
65 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
66 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
67 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
68 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
69 import com.liferay.portlet.wiki.model.WikiNode;
70 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
71
72 import java.util.List;
73
74
81 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
82
83 public void checkPermission(long groupId, long resourceId)
84 throws PortalException, SystemException {
85
86 checkPermission(getPermissionChecker(), groupId, resourceId);
87 }
88
89 public void checkPermission(long groupId, String name, long primKey)
90 throws PortalException, SystemException {
91
92 checkPermission(getPermissionChecker(), groupId, name, primKey);
93 }
94
95 public void checkPermission(long groupId, String name, String primKey)
96 throws PortalException, SystemException {
97
98 checkPermission(getPermissionChecker(), groupId, name, primKey);
99 }
100
101 public boolean hasGroupPermission(
102 long groupId, String actionId, long resourceId)
103 throws SystemException {
104
105 return permissionLocalService.hasGroupPermission(
106 groupId, actionId, resourceId);
107 }
108
109 public boolean hasUserPermission(
110 long userId, String actionId, long resourceId)
111 throws SystemException {
112
113 return permissionLocalService.hasUserPermission(
114 userId, actionId, resourceId);
115 }
116
117 public boolean hasUserPermissions(
118 long userId, long groupId, List<Resource> resources,
119 String actionId, PermissionCheckerBag permissionCheckerBag)
120 throws PortalException, SystemException {
121
122 return permissionLocalService.hasUserPermissions(
123 userId, groupId, resources, actionId, permissionCheckerBag);
124 }
125
126 public void setGroupPermissions(
127 long groupId, String[] actionIds, long resourceId)
128 throws PortalException, SystemException {
129
130 checkPermission(getPermissionChecker(), groupId, resourceId);
131
132 permissionLocalService.setGroupPermissions(
133 groupId, actionIds, resourceId);
134 }
135
136 public void setGroupPermissions(
137 String className, String classPK, long groupId,
138 String[] actionIds, long resourceId)
139 throws PortalException, SystemException {
140
141 checkPermission(getPermissionChecker(), groupId, resourceId);
142
143 permissionLocalService.setGroupPermissions(
144 className, classPK, groupId, actionIds, resourceId);
145 }
146
147 public void setOrgGroupPermissions(
148 long organizationId, long groupId, String[] actionIds,
149 long resourceId)
150 throws PortalException, SystemException {
151
152 checkPermission(getPermissionChecker(), groupId, resourceId);
153
154 permissionLocalService.setOrgGroupPermissions(
155 organizationId, groupId, actionIds, resourceId);
156 }
157
158 public void setRolePermission(
159 long roleId, long groupId, String name, int scope, String primKey,
160 String actionId)
161 throws PortalException, SystemException {
162
163 checkPermission(
164 getPermissionChecker(), groupId, Role.class.getName(), roleId);
165
166 permissionLocalService.setRolePermission(
167 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
168 }
169
170 public void setRolePermissions(
171 long roleId, long groupId, String[] actionIds, long resourceId)
172 throws PortalException, SystemException {
173
174 checkPermission(getPermissionChecker(), groupId, resourceId);
175
176 permissionLocalService.setRolePermissions(
177 roleId, actionIds, resourceId);
178 }
179
180 public void setUserPermissions(
181 long userId, long groupId, String[] actionIds, long resourceId)
182 throws PortalException, SystemException {
183
184 checkPermission(getPermissionChecker(), groupId, resourceId);
185
186 permissionLocalService.setUserPermissions(
187 userId, actionIds, resourceId);
188 }
189
190 public void unsetRolePermission(
191 long roleId, long groupId, long permissionId)
192 throws SystemException, PortalException {
193
194 checkPermission(
195 getPermissionChecker(), groupId, Role.class.getName(), roleId);
196
197 permissionLocalService.unsetRolePermission(roleId, permissionId);
198 }
199
200 public void unsetRolePermission(
201 long roleId, long groupId, String name, int scope, String primKey,
202 String actionId)
203 throws PortalException, SystemException {
204
205 checkPermission(
206 getPermissionChecker(), groupId, Role.class.getName(), roleId);
207
208 permissionLocalService.unsetRolePermission(
209 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
210 }
211
212 public void unsetRolePermissions(
213 long roleId, long groupId, String name, int scope, String actionId)
214 throws PortalException, SystemException {
215
216 checkPermission(
217 getPermissionChecker(), groupId, Role.class.getName(), roleId);
218
219 permissionLocalService.unsetRolePermissions(
220 roleId, getUser().getCompanyId(), name, scope, actionId);
221 }
222
223 public void unsetUserPermissions(
224 long userId, long groupId, String[] actionIds, long resourceId)
225 throws PortalException, SystemException {
226
227 checkPermission(getPermissionChecker(), groupId, resourceId);
228
229 permissionLocalService.unsetUserPermissions(
230 userId, actionIds, resourceId);
231 }
232
233 protected void checkPermission(
234 PermissionChecker permissionChecker, long groupId,
235 long resourceId)
236 throws PortalException, SystemException {
237
238 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
239
240 checkPermission(
241 permissionChecker, groupId, resource.getName(),
242 resource.getPrimKey().toString());
243 }
244
245 protected void checkPermission(
246 PermissionChecker permissionChecker, long groupId, String name,
247 long primKey)
248 throws PortalException, SystemException {
249
250 checkPermission(
251 permissionChecker, groupId, name, String.valueOf(primKey));
252 }
253
254 protected void checkPermission(
255 PermissionChecker permissionChecker, long groupId, String name,
256 String primKey)
257 throws PortalException, SystemException {
258
259 if (name.equals(BlogsEntry.class.getName())) {
260 BlogsEntryPermission.check(
261 permissionChecker, GetterUtil.getLong(primKey),
262 ActionKeys.PERMISSIONS);
263 }
264 else if (name.equals(BookmarksFolder.class.getName())) {
265 BookmarksFolderPermission.check(
266 permissionChecker, GetterUtil.getLong(primKey),
267 ActionKeys.PERMISSIONS);
268 }
269 else if (name.equals(CalEvent.class.getName())) {
270 CalEventPermission.check(
271 permissionChecker, GetterUtil.getLong(primKey),
272 ActionKeys.PERMISSIONS);
273 }
274 else if (name.equals(DLFolder.class.getName())) {
275 DLFolderPermission.check(
276 permissionChecker, GetterUtil.getLong(primKey),
277 ActionKeys.PERMISSIONS);
278 }
279 else if (name.equals(Group.class.getName())) {
280 GroupPermissionUtil.check(
281 permissionChecker, GetterUtil.getLong(primKey),
282 ActionKeys.PERMISSIONS);
283 }
284 else if (name.equals(IGFolder.class.getName())) {
285 IGFolderPermission.check(
286 permissionChecker, GetterUtil.getLong(primKey),
287 ActionKeys.PERMISSIONS);
288 }
289 else if (name.equals(JournalArticle.class.getName())) {
290 JournalArticlePermission.check(
291 permissionChecker, GetterUtil.getLong(primKey),
292 ActionKeys.PERMISSIONS);
293 }
294 else if (name.equals(JournalFeed.class.getName())) {
295 JournalFeedPermission.check(
296 permissionChecker, GetterUtil.getLong(primKey),
297 ActionKeys.PERMISSIONS);
298 }
299 else if (name.equals(JournalStructure.class.getName())) {
300 JournalStructurePermission.check(
301 permissionChecker, GetterUtil.getLong(primKey),
302 ActionKeys.PERMISSIONS);
303 }
304 else if (name.equals(JournalTemplate.class.getName())) {
305 JournalTemplatePermission.check(
306 permissionChecker, GetterUtil.getLong(primKey),
307 ActionKeys.PERMISSIONS);
308 }
309 else if (name.equals(Layout.class.getName())) {
310 long plid = GetterUtil.getLong(primKey);
311
312 Layout layout = layoutPersistence.findByPrimaryKey(plid);
313
314 GroupPermissionUtil.check(
315 permissionChecker, layout.getGroupId(),
316 ActionKeys.MANAGE_LAYOUTS);
317 }
318 else if (name.equals(MBCategory.class.getName())) {
319 MBCategoryPermission.check(
320 permissionChecker, GetterUtil.getLong(primKey),
321 ActionKeys.PERMISSIONS);
322 }
323 else if (name.equals(PollsQuestion.class.getName())) {
324 PollsQuestionPermission.check(
325 permissionChecker, GetterUtil.getLong(primKey),
326 ActionKeys.PERMISSIONS);
327 }
328 else if (name.equals(SCFrameworkVersion.class.getName())) {
329 SCFrameworkVersionPermission.check(
330 permissionChecker, GetterUtil.getLong(primKey),
331 ActionKeys.PERMISSIONS);
332 }
333 else if (name.equals(SCProductEntry.class.getName())) {
334 SCProductEntryPermission.check(
335 permissionChecker, GetterUtil.getLong(primKey),
336 ActionKeys.PERMISSIONS);
337 }
338 else if (name.equals(ShoppingCategory.class.getName())) {
339 ShoppingCategoryPermission.check(
340 permissionChecker, GetterUtil.getLong(primKey),
341 ActionKeys.PERMISSIONS);
342 }
343 else if (name.equals(ShoppingItem.class.getName())) {
344 ShoppingItemPermission.check(
345 permissionChecker, GetterUtil.getLong(primKey),
346 ActionKeys.PERMISSIONS);
347 }
348 else if (name.equals(User.class.getName())) {
349 long userId = GetterUtil.getLong(primKey);
350
351 User user = userPersistence.findByPrimaryKey(userId);
352
353 UserPermissionUtil.check(
354 permissionChecker, userId, user.getOrganizationIds(),
355 ActionKeys.PERMISSIONS);
356 }
357 else if (name.equals(WikiNode.class.getName())) {
358 WikiNodePermission.check(
359 permissionChecker, GetterUtil.getLong(primKey),
360 ActionKeys.PERMISSIONS);
361 }
362 else if ((primKey != null) &&
363 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
364
365 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
366
367 long plid = GetterUtil.getLong(primKey.substring(0, pos));
368
369 String portletId = primKey.substring(
370 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
371 primKey.length());
372
373 PortletPermissionUtil.check(
374 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
375 }
376 else if (!permissionChecker.hasPermission(
377 groupId, name, primKey, ActionKeys.PERMISSIONS) &&
378 !permissionChecker.hasPermission(
379 groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
380
381 throw new PrincipalException();
382 }
383 }
384
385 }