1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.PortalException;
18  import com.liferay.portal.SystemException;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.model.Group;
21  import com.liferay.portal.model.Layout;
22  import com.liferay.portal.model.PortletConstants;
23  import com.liferay.portal.model.Resource;
24  import com.liferay.portal.model.Role;
25  import com.liferay.portal.model.User;
26  import com.liferay.portal.security.auth.PrincipalException;
27  import com.liferay.portal.security.permission.ActionKeys;
28  import com.liferay.portal.security.permission.PermissionChecker;
29  import com.liferay.portal.security.permission.PermissionCheckerBag;
30  import com.liferay.portal.security.permission.ResourceActionsUtil;
31  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
32  import com.liferay.portal.service.permission.GroupPermissionUtil;
33  import com.liferay.portal.service.permission.PortletPermissionUtil;
34  import com.liferay.portal.service.permission.UserPermissionUtil;
35  import com.liferay.portlet.blogs.model.BlogsEntry;
36  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
37  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
38  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
39  import com.liferay.portlet.calendar.model.CalEvent;
40  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
41  import com.liferay.portlet.documentlibrary.model.DLFileEntry;
42  import com.liferay.portlet.documentlibrary.model.DLFolder;
43  import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
44  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
45  import com.liferay.portlet.imagegallery.model.IGFolder;
46  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
47  import com.liferay.portlet.journal.model.JournalArticle;
48  import com.liferay.portlet.journal.model.JournalFeed;
49  import com.liferay.portlet.journal.model.JournalStructure;
50  import com.liferay.portlet.journal.model.JournalTemplate;
51  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
52  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
53  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
54  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
55  import com.liferay.portlet.messageboards.model.MBCategory;
56  import com.liferay.portlet.messageboards.model.MBMessage;
57  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
58  import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
59  import com.liferay.portlet.polls.model.PollsQuestion;
60  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
61  import com.liferay.portlet.shopping.model.ShoppingCategory;
62  import com.liferay.portlet.shopping.model.ShoppingItem;
63  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
64  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
65  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
66  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
67  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
68  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
69  import com.liferay.portlet.wiki.model.WikiNode;
70  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
71  
72  import java.util.List;
73  
74  /**
75   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
76   *
77   * @author Brian Wing Shun Chan
78   * @author Raymond Augé
79   */
80  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
81  
82      public void checkPermission(long groupId, long resourceId)
83          throws PortalException, SystemException {
84  
85          checkPermission(getPermissionChecker(), groupId, resourceId);
86      }
87  
88      public void checkPermission(long groupId, String name, long primKey)
89          throws PortalException, SystemException {
90  
91          checkPermission(getPermissionChecker(), groupId, name, primKey);
92      }
93  
94      public void checkPermission(long groupId, String name, String primKey)
95          throws PortalException, SystemException {
96  
97          checkPermission(getPermissionChecker(), groupId, name, primKey);
98      }
99  
100     public boolean hasGroupPermission(
101             long groupId, String actionId, long resourceId)
102         throws SystemException {
103 
104         return permissionLocalService.hasGroupPermission(
105             groupId, actionId, resourceId);
106     }
107 
108     public boolean hasUserPermission(
109             long userId, String actionId, long resourceId)
110         throws SystemException {
111 
112         return permissionLocalService.hasUserPermission(
113             userId, actionId, resourceId);
114     }
115 
116     public boolean hasUserPermissions(
117             long userId, long groupId, List<Resource> resources,
118             String actionId, PermissionCheckerBag permissionCheckerBag)
119         throws PortalException, SystemException {
120 
121         return permissionLocalService.hasUserPermissions(
122             userId, groupId, resources, actionId, permissionCheckerBag);
123     }
124 
125     public void setGroupPermissions(
126             long groupId, String[] actionIds, long resourceId)
127         throws PortalException, SystemException {
128 
129         checkPermission(getPermissionChecker(), groupId, resourceId);
130 
131         permissionLocalService.setGroupPermissions(
132             groupId, actionIds, resourceId);
133     }
134 
135     public void setGroupPermissions(
136             String className, String classPK, long groupId,
137             String[] actionIds, long resourceId)
138         throws PortalException, SystemException {
139 
140         checkPermission(getPermissionChecker(), groupId, resourceId);
141 
142         permissionLocalService.setGroupPermissions(
143             className, classPK, groupId, actionIds, resourceId);
144     }
145 
146     public void setOrgGroupPermissions(
147             long organizationId, long groupId, String[] actionIds,
148             long resourceId)
149         throws PortalException, SystemException {
150 
151         checkPermission(getPermissionChecker(), groupId, resourceId);
152 
153         permissionLocalService.setOrgGroupPermissions(
154             organizationId, groupId, actionIds, resourceId);
155     }
156 
157     public void setRolePermission(
158             long roleId, long groupId, String name, int scope, String primKey,
159             String actionId)
160         throws PortalException, SystemException {
161 
162         checkPermission(
163             getPermissionChecker(), groupId, Role.class.getName(), roleId);
164 
165         permissionLocalService.setRolePermission(
166             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
167     }
168 
169     public void setRolePermissions(
170             long roleId, long groupId, String[] actionIds, long resourceId)
171         throws PortalException, SystemException {
172 
173         checkPermission(getPermissionChecker(), groupId, resourceId);
174 
175         permissionLocalService.setRolePermissions(
176             roleId, actionIds, resourceId);
177     }
178 
179     public void setUserPermissions(
180             long userId, long groupId, String[] actionIds, long resourceId)
181         throws PortalException, SystemException {
182 
183         checkPermission(getPermissionChecker(), groupId, resourceId);
184 
185         permissionLocalService.setUserPermissions(
186             userId, actionIds, resourceId);
187     }
188 
189     public void unsetRolePermission(
190             long roleId, long groupId, long permissionId)
191         throws SystemException, PortalException {
192 
193         checkPermission(
194             getPermissionChecker(), groupId, Role.class.getName(), roleId);
195 
196         permissionLocalService.unsetRolePermission(roleId, permissionId);
197     }
198 
199     public void unsetRolePermission(
200             long roleId, long groupId, String name, int scope, String primKey,
201             String actionId)
202         throws PortalException, SystemException {
203 
204         checkPermission(
205             getPermissionChecker(), groupId, Role.class.getName(), roleId);
206 
207         permissionLocalService.unsetRolePermission(
208             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
209     }
210 
211     public void unsetRolePermissions(
212             long roleId, long groupId, String name, int scope, String actionId)
213         throws PortalException, SystemException {
214 
215         checkPermission(
216             getPermissionChecker(), groupId, Role.class.getName(), roleId);
217 
218         permissionLocalService.unsetRolePermissions(
219             roleId, getUser().getCompanyId(), name, scope, actionId);
220     }
221 
222     public void unsetUserPermissions(
223             long userId, long groupId, String[] actionIds, long resourceId)
224         throws PortalException, SystemException {
225 
226         checkPermission(getPermissionChecker(), groupId, resourceId);
227 
228         permissionLocalService.unsetUserPermissions(
229             userId, actionIds, resourceId);
230     }
231 
232     protected void checkPermission(
233             PermissionChecker permissionChecker, long groupId,
234             long resourceId)
235         throws PortalException, SystemException {
236 
237         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
238 
239         checkPermission(
240             permissionChecker, groupId, resource.getName(),
241             resource.getPrimKey().toString());
242     }
243 
244     protected void checkPermission(
245             PermissionChecker permissionChecker, long groupId, String name,
246             long primKey)
247         throws PortalException, SystemException {
248 
249         checkPermission(
250             permissionChecker, groupId, name, String.valueOf(primKey));
251     }
252 
253     protected void checkPermission(
254             PermissionChecker permissionChecker, long groupId, String name,
255             String primKey)
256         throws PortalException, SystemException {
257 
258         if (name.equals(BlogsEntry.class.getName())) {
259             BlogsEntryPermission.check(
260                 permissionChecker, GetterUtil.getLong(primKey),
261                 ActionKeys.PERMISSIONS);
262         }
263         else if (name.equals(BookmarksFolder.class.getName())) {
264             BookmarksFolderPermission.check(
265                 permissionChecker, GetterUtil.getLong(primKey),
266                 ActionKeys.PERMISSIONS);
267         }
268         else if (name.equals(CalEvent.class.getName())) {
269             CalEventPermission.check(
270                 permissionChecker, GetterUtil.getLong(primKey),
271                 ActionKeys.PERMISSIONS);
272         }
273         else if (name.equals(DLFileEntry.class.getName())) {
274             DLFileEntryPermission.check(
275                 permissionChecker, GetterUtil.getLong(primKey),
276                 ActionKeys.PERMISSIONS);
277         }
278         else if (name.equals(DLFolder.class.getName())) {
279             DLFolderPermission.check(
280                 permissionChecker, GetterUtil.getLong(primKey),
281                 ActionKeys.PERMISSIONS);
282         }
283         else if (name.equals(Group.class.getName())) {
284             GroupPermissionUtil.check(
285                 permissionChecker, GetterUtil.getLong(primKey),
286                 ActionKeys.PERMISSIONS);
287         }
288         else if (name.equals(IGFolder.class.getName())) {
289             IGFolderPermission.check(
290                 permissionChecker, GetterUtil.getLong(primKey),
291                 ActionKeys.PERMISSIONS);
292         }
293         else if (name.equals(JournalArticle.class.getName())) {
294             JournalArticlePermission.check(
295                 permissionChecker, GetterUtil.getLong(primKey),
296                 ActionKeys.PERMISSIONS);
297         }
298         else if (name.equals(JournalFeed.class.getName())) {
299             JournalFeedPermission.check(
300                 permissionChecker, GetterUtil.getLong(primKey),
301                 ActionKeys.PERMISSIONS);
302         }
303         else if (name.equals(JournalStructure.class.getName())) {
304             JournalStructurePermission.check(
305                 permissionChecker, GetterUtil.getLong(primKey),
306                 ActionKeys.PERMISSIONS);
307         }
308         else if (name.equals(JournalTemplate.class.getName())) {
309             JournalTemplatePermission.check(
310                 permissionChecker, GetterUtil.getLong(primKey),
311                 ActionKeys.PERMISSIONS);
312         }
313         else if (name.equals(Layout.class.getName())) {
314             long plid = GetterUtil.getLong(primKey);
315 
316             Layout layout = layoutPersistence.findByPrimaryKey(plid);
317 
318             GroupPermissionUtil.check(
319                 permissionChecker, layout.getGroupId(),
320                 ActionKeys.MANAGE_LAYOUTS);
321         }
322         else if (name.equals(MBCategory.class.getName())) {
323             MBCategoryPermission.check(
324                 permissionChecker, GetterUtil.getLong(primKey),
325                 ActionKeys.PERMISSIONS);
326         }
327         else if (name.equals(MBMessage.class.getName())) {
328             MBMessagePermission.check(
329                 permissionChecker, GetterUtil.getLong(primKey),
330                 ActionKeys.PERMISSIONS);
331         }
332         else if (name.equals(PollsQuestion.class.getName())) {
333             PollsQuestionPermission.check(
334                 permissionChecker, GetterUtil.getLong(primKey),
335                 ActionKeys.PERMISSIONS);
336         }
337         else if (name.equals(SCFrameworkVersion.class.getName())) {
338             SCFrameworkVersionPermission.check(
339                 permissionChecker, GetterUtil.getLong(primKey),
340                 ActionKeys.PERMISSIONS);
341         }
342         else if (name.equals(SCProductEntry.class.getName())) {
343             SCProductEntryPermission.check(
344                 permissionChecker, GetterUtil.getLong(primKey),
345                 ActionKeys.PERMISSIONS);
346         }
347         else if (name.equals(ShoppingCategory.class.getName())) {
348             ShoppingCategoryPermission.check(
349                 permissionChecker, GetterUtil.getLong(primKey),
350                 ActionKeys.PERMISSIONS);
351         }
352         else if (name.equals(ShoppingItem.class.getName())) {
353             ShoppingItemPermission.check(
354                 permissionChecker, GetterUtil.getLong(primKey),
355                 ActionKeys.PERMISSIONS);
356         }
357         else if (name.equals(User.class.getName())) {
358             long userId = GetterUtil.getLong(primKey);
359 
360             User user = userPersistence.findByPrimaryKey(userId);
361 
362             UserPermissionUtil.check(
363                 permissionChecker, userId, user.getOrganizationIds(),
364                 ActionKeys.PERMISSIONS);
365         }
366         else if (name.equals(WikiNode.class.getName())) {
367             WikiNodePermission.check(
368                 permissionChecker, GetterUtil.getLong(primKey),
369                 ActionKeys.PERMISSIONS);
370         }
371         else if ((primKey != null) &&
372                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
373 
374             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
375 
376             long plid = GetterUtil.getLong(primKey.substring(0, pos));
377 
378             String portletId = primKey.substring(
379                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
380                 primKey.length());
381 
382             PortletPermissionUtil.check(
383                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
384         }
385         else if (!permissionChecker.hasPermission(
386                     groupId, name, primKey, ActionKeys.PERMISSIONS)) {
387 
388             List<String> resourceActions =
389                 ResourceActionsUtil.getResourceActions(name);
390 
391             if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
392                 !permissionChecker.hasPermission(
393                         groupId, name, primKey,
394                         ActionKeys.DEFINE_PERMISSIONS)) {
395 
396                 throw new PrincipalException();
397             }
398         }
399     }
400 
401 }