1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.impl;
21  
22  import com.liferay.portal.PortalException;
23  import com.liferay.portal.SystemException;
24  import com.liferay.portal.kernel.util.GetterUtil;
25  import com.liferay.portal.model.Group;
26  import com.liferay.portal.model.Layout;
27  import com.liferay.portal.model.PortletConstants;
28  import com.liferay.portal.model.Resource;
29  import com.liferay.portal.model.Role;
30  import com.liferay.portal.model.User;
31  import com.liferay.portal.security.auth.PrincipalException;
32  import com.liferay.portal.security.permission.ActionKeys;
33  import com.liferay.portal.security.permission.PermissionChecker;
34  import com.liferay.portal.security.permission.PermissionCheckerBag;
35  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
36  import com.liferay.portal.service.permission.GroupPermissionUtil;
37  import com.liferay.portal.service.permission.PortletPermissionUtil;
38  import com.liferay.portal.service.permission.UserPermissionUtil;
39  import com.liferay.portlet.blogs.model.BlogsEntry;
40  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
41  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
42  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
43  import com.liferay.portlet.calendar.model.CalEvent;
44  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
45  import com.liferay.portlet.documentlibrary.model.DLFolder;
46  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
47  import com.liferay.portlet.imagegallery.model.IGFolder;
48  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
49  import com.liferay.portlet.journal.model.JournalArticle;
50  import com.liferay.portlet.journal.model.JournalFeed;
51  import com.liferay.portlet.journal.model.JournalStructure;
52  import com.liferay.portlet.journal.model.JournalTemplate;
53  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
54  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
55  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
56  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
57  import com.liferay.portlet.messageboards.model.MBCategory;
58  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
59  import com.liferay.portlet.polls.model.PollsQuestion;
60  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
61  import com.liferay.portlet.shopping.model.ShoppingCategory;
62  import com.liferay.portlet.shopping.model.ShoppingItem;
63  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
64  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
65  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
66  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
67  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
68  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
69  import com.liferay.portlet.wiki.model.WikiNode;
70  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
71  
72  import java.util.List;
73  
74  /**
75   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
76   *
77   * @author Brian Wing Shun Chan
78   * @author Raymond Augé
79   *
80   */
81  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
82  
83      public void checkPermission(long groupId, long resourceId)
84          throws PortalException, SystemException {
85  
86          checkPermission(getPermissionChecker(), groupId, resourceId);
87      }
88  
89      public void checkPermission(long groupId, String name, long primKey)
90          throws PortalException, SystemException {
91  
92          checkPermission(getPermissionChecker(), groupId, name, primKey);
93      }
94  
95      public void checkPermission(long groupId, String name, String primKey)
96          throws PortalException, SystemException {
97  
98          checkPermission(getPermissionChecker(), groupId, name, primKey);
99      }
100 
101     public boolean hasGroupPermission(
102             long groupId, String actionId, long resourceId)
103         throws SystemException {
104 
105         return permissionLocalService.hasGroupPermission(
106             groupId, actionId, resourceId);
107     }
108 
109     public boolean hasUserPermission(
110             long userId, String actionId, long resourceId)
111         throws SystemException {
112 
113         return permissionLocalService.hasUserPermission(
114             userId, actionId, resourceId);
115     }
116 
117     public boolean hasUserPermissions(
118             long userId, long groupId, List<Resource> resources,
119             String actionId, PermissionCheckerBag permissionCheckerBag)
120         throws PortalException, SystemException {
121 
122         return permissionLocalService.hasUserPermissions(
123             userId, groupId, resources, actionId, permissionCheckerBag);
124     }
125 
126     public void setGroupPermissions(
127             long groupId, String[] actionIds, long resourceId)
128         throws PortalException, SystemException {
129 
130         checkPermission(getPermissionChecker(), groupId, resourceId);
131 
132         permissionLocalService.setGroupPermissions(
133             groupId, actionIds, resourceId);
134     }
135 
136     public void setGroupPermissions(
137             String className, String classPK, long groupId,
138             String[] actionIds, long resourceId)
139         throws PortalException, SystemException {
140 
141         checkPermission(getPermissionChecker(), groupId, resourceId);
142 
143         permissionLocalService.setGroupPermissions(
144             className, classPK, groupId, actionIds, resourceId);
145     }
146 
147     public void setOrgGroupPermissions(
148             long organizationId, long groupId, String[] actionIds,
149             long resourceId)
150         throws PortalException, SystemException {
151 
152         checkPermission(getPermissionChecker(), groupId, resourceId);
153 
154         permissionLocalService.setOrgGroupPermissions(
155             organizationId, groupId, actionIds, resourceId);
156     }
157 
158     public void setRolePermission(
159             long roleId, long groupId, String name, int scope, String primKey,
160             String actionId)
161         throws PortalException, SystemException {
162 
163         checkPermission(
164             getPermissionChecker(), groupId, Role.class.getName(), roleId);
165 
166         permissionLocalService.setRolePermission(
167             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
168     }
169 
170     public void setRolePermissions(
171             long roleId, long groupId, String[] actionIds, long resourceId)
172         throws PortalException, SystemException {
173 
174         checkPermission(getPermissionChecker(), groupId, resourceId);
175 
176         permissionLocalService.setRolePermissions(
177             roleId, actionIds, resourceId);
178     }
179 
180     public void setUserPermissions(
181             long userId, long groupId, String[] actionIds, long resourceId)
182         throws PortalException, SystemException {
183 
184         checkPermission(getPermissionChecker(), groupId, resourceId);
185 
186         permissionLocalService.setUserPermissions(
187             userId, actionIds, resourceId);
188     }
189 
190     public void unsetRolePermission(
191             long roleId, long groupId, long permissionId)
192         throws SystemException, PortalException {
193 
194         checkPermission(
195             getPermissionChecker(), groupId, Role.class.getName(), roleId);
196 
197         permissionLocalService.unsetRolePermission(roleId, permissionId);
198     }
199 
200     public void unsetRolePermission(
201             long roleId, long groupId, String name, int scope, String primKey,
202             String actionId)
203         throws PortalException, SystemException {
204 
205         checkPermission(
206             getPermissionChecker(), groupId, Role.class.getName(), roleId);
207 
208         permissionLocalService.unsetRolePermission(
209             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
210     }
211 
212     public void unsetRolePermissions(
213             long roleId, long groupId, String name, int scope, String actionId)
214         throws PortalException, SystemException {
215 
216         checkPermission(
217             getPermissionChecker(), groupId, Role.class.getName(), roleId);
218 
219         permissionLocalService.unsetRolePermissions(
220             roleId, getUser().getCompanyId(), name, scope, actionId);
221     }
222 
223     public void unsetUserPermissions(
224             long userId, long groupId, String[] actionIds, long resourceId)
225         throws PortalException, SystemException {
226 
227         checkPermission(getPermissionChecker(), groupId, resourceId);
228 
229         permissionLocalService.unsetUserPermissions(
230             userId, actionIds, resourceId);
231     }
232 
233     protected void checkPermission(
234             PermissionChecker permissionChecker, long groupId,
235             long resourceId)
236         throws PortalException, SystemException {
237 
238         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
239 
240         checkPermission(
241             permissionChecker, groupId, resource.getName(),
242             resource.getPrimKey().toString());
243     }
244 
245     protected void checkPermission(
246             PermissionChecker permissionChecker, long groupId, String name,
247             long primKey)
248         throws PortalException, SystemException {
249 
250         checkPermission(
251             permissionChecker, groupId, name, String.valueOf(primKey));
252     }
253 
254     protected void checkPermission(
255             PermissionChecker permissionChecker, long groupId, String name,
256             String primKey)
257         throws PortalException, SystemException {
258 
259         if (name.equals(BlogsEntry.class.getName())) {
260             BlogsEntryPermission.check(
261                 permissionChecker, GetterUtil.getLong(primKey),
262                 ActionKeys.PERMISSIONS);
263         }
264         else if (name.equals(BookmarksFolder.class.getName())) {
265             BookmarksFolderPermission.check(
266                 permissionChecker, GetterUtil.getLong(primKey),
267                 ActionKeys.PERMISSIONS);
268         }
269         else if (name.equals(CalEvent.class.getName())) {
270             CalEventPermission.check(
271                 permissionChecker, GetterUtil.getLong(primKey),
272                 ActionKeys.PERMISSIONS);
273         }
274         else if (name.equals(DLFolder.class.getName())) {
275             DLFolderPermission.check(
276                 permissionChecker, GetterUtil.getLong(primKey),
277                 ActionKeys.PERMISSIONS);
278         }
279         else if (name.equals(Group.class.getName())) {
280             GroupPermissionUtil.check(
281                 permissionChecker, GetterUtil.getLong(primKey),
282                 ActionKeys.PERMISSIONS);
283         }
284         else if (name.equals(IGFolder.class.getName())) {
285             IGFolderPermission.check(
286                 permissionChecker, GetterUtil.getLong(primKey),
287                 ActionKeys.PERMISSIONS);
288         }
289         else if (name.equals(JournalArticle.class.getName())) {
290             JournalArticlePermission.check(
291                 permissionChecker, GetterUtil.getLong(primKey),
292                 ActionKeys.PERMISSIONS);
293         }
294         else if (name.equals(JournalFeed.class.getName())) {
295             JournalFeedPermission.check(
296                 permissionChecker, GetterUtil.getLong(primKey),
297                 ActionKeys.PERMISSIONS);
298         }
299         else if (name.equals(JournalStructure.class.getName())) {
300             JournalStructurePermission.check(
301                 permissionChecker, GetterUtil.getLong(primKey),
302                 ActionKeys.PERMISSIONS);
303         }
304         else if (name.equals(JournalTemplate.class.getName())) {
305             JournalTemplatePermission.check(
306                 permissionChecker, GetterUtil.getLong(primKey),
307                 ActionKeys.PERMISSIONS);
308         }
309         else if (name.equals(Layout.class.getName())) {
310             long plid = GetterUtil.getLong(primKey);
311 
312             Layout layout = layoutPersistence.findByPrimaryKey(plid);
313 
314             GroupPermissionUtil.check(
315                 permissionChecker, layout.getGroupId(),
316                 ActionKeys.MANAGE_LAYOUTS);
317         }
318         else if (name.equals(MBCategory.class.getName())) {
319             MBCategoryPermission.check(
320                 permissionChecker, GetterUtil.getLong(primKey),
321                 ActionKeys.PERMISSIONS);
322         }
323         else if (name.equals(PollsQuestion.class.getName())) {
324             PollsQuestionPermission.check(
325                 permissionChecker, GetterUtil.getLong(primKey),
326                 ActionKeys.PERMISSIONS);
327         }
328         else if (name.equals(SCFrameworkVersion.class.getName())) {
329             SCFrameworkVersionPermission.check(
330                 permissionChecker, GetterUtil.getLong(primKey),
331                 ActionKeys.PERMISSIONS);
332         }
333         else if (name.equals(SCProductEntry.class.getName())) {
334             SCProductEntryPermission.check(
335                 permissionChecker, GetterUtil.getLong(primKey),
336                 ActionKeys.PERMISSIONS);
337         }
338         else if (name.equals(ShoppingCategory.class.getName())) {
339             ShoppingCategoryPermission.check(
340                 permissionChecker, GetterUtil.getLong(primKey),
341                 ActionKeys.PERMISSIONS);
342         }
343         else if (name.equals(ShoppingItem.class.getName())) {
344             ShoppingItemPermission.check(
345                 permissionChecker, GetterUtil.getLong(primKey),
346                 ActionKeys.PERMISSIONS);
347         }
348         else if (name.equals(User.class.getName())) {
349             long userId = GetterUtil.getLong(primKey);
350 
351             User user = userPersistence.findByPrimaryKey(userId);
352 
353             UserPermissionUtil.check(
354                 permissionChecker, userId, user.getOrganizationIds(),
355                 ActionKeys.PERMISSIONS);
356         }
357         else if (name.equals(WikiNode.class.getName())) {
358             WikiNodePermission.check(
359                 permissionChecker, GetterUtil.getLong(primKey),
360                 ActionKeys.PERMISSIONS);
361         }
362         else if ((primKey != null) &&
363                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
364 
365             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
366 
367             long plid = GetterUtil.getLong(primKey.substring(0, pos));
368 
369             String portletId = primKey.substring(
370                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
371                 primKey.length());
372 
373             PortletPermissionUtil.check(
374                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
375         }
376         else if (!permissionChecker.hasPermission(
377                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
378                  !permissionChecker.hasPermission(
379                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
380 
381             throw new PrincipalException();
382         }
383     }
384 
385 }