1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.service.permission;
16  
17  import com.liferay.portal.PortalException;
18  import com.liferay.portal.SystemException;
19  import com.liferay.portal.model.Group;
20  import com.liferay.portal.model.Organization;
21  import com.liferay.portal.security.auth.PrincipalException;
22  import com.liferay.portal.security.permission.ActionKeys;
23  import com.liferay.portal.security.permission.PermissionChecker;
24  import com.liferay.portal.service.GroupLocalServiceUtil;
25  import com.liferay.portal.service.OrganizationLocalServiceUtil;
26  
27  import java.util.List;
28  
29  /**
30   * <a href="GroupPermissionImpl.java.html"><b><i>View Source</i></b></a>
31   *
32   * @author Brian Wing Shun Chan
33   */
34  public class GroupPermissionImpl implements GroupPermission {
35  
36      public void check(
37              PermissionChecker permissionChecker, long groupId,
38              String actionId)
39          throws PortalException, SystemException {
40  
41          if (!contains(permissionChecker, groupId, actionId)) {
42              throw new PrincipalException();
43          }
44      }
45  
46      public boolean contains(
47              PermissionChecker permissionChecker, long groupId, String actionId)
48          throws PortalException, SystemException {
49  
50          Group group = GroupLocalServiceUtil.getGroup(groupId);
51  
52          if (group.isStagingGroup()) {
53              group = group.getLiveGroup();
54          }
55  
56          if (group.isOrganization()) {
57              long organizationId = group.getClassPK();
58  
59              return OrganizationPermissionUtil.contains(
60                  permissionChecker, organizationId, actionId);
61          }
62          else if (group.isUser()) {
63  
64              // An individual user would never reach this block because he would
65              // be an administrator of his own layouts. However, a user who
66              // manages a set of organizations may be modifying pages of a user
67              // he manages.
68  
69              long userId = group.getClassPK();
70  
71              List<Organization> organizations =
72                  OrganizationLocalServiceUtil.getUserOrganizations(userId);
73  
74              for (Organization organization : organizations) {
75                  if (OrganizationPermissionUtil.contains(
76                          permissionChecker, organization.getOrganizationId(),
77                          ActionKeys.MANAGE_USERS)) {
78  
79                      return true;
80                  }
81              }
82          }
83  
84          // Group id must be set so that users can modify their personal pages
85  
86          return permissionChecker.hasPermission(
87              groupId, Group.class.getName(), groupId, actionId);
88      }
89  
90  }