1
14
15 package com.liferay.portal.service.impl;
16
17 import com.liferay.portal.PortalException;
18 import com.liferay.portal.SystemException;
19 import com.liferay.portal.kernel.util.GetterUtil;
20 import com.liferay.portal.model.Group;
21 import com.liferay.portal.model.Layout;
22 import com.liferay.portal.model.PortletConstants;
23 import com.liferay.portal.model.Resource;
24 import com.liferay.portal.model.Role;
25 import com.liferay.portal.model.User;
26 import com.liferay.portal.security.auth.PrincipalException;
27 import com.liferay.portal.security.permission.ActionKeys;
28 import com.liferay.portal.security.permission.PermissionChecker;
29 import com.liferay.portal.security.permission.PermissionCheckerBag;
30 import com.liferay.portal.security.permission.ResourceActionsUtil;
31 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
32 import com.liferay.portal.service.permission.GroupPermissionUtil;
33 import com.liferay.portal.service.permission.PortletPermissionUtil;
34 import com.liferay.portal.service.permission.UserPermissionUtil;
35 import com.liferay.portlet.blogs.model.BlogsEntry;
36 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
37 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
38 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
39 import com.liferay.portlet.calendar.model.CalEvent;
40 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
41 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
42 import com.liferay.portlet.documentlibrary.model.DLFolder;
43 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
44 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
45 import com.liferay.portlet.imagegallery.model.IGFolder;
46 import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
47 import com.liferay.portlet.journal.model.JournalArticle;
48 import com.liferay.portlet.journal.model.JournalFeed;
49 import com.liferay.portlet.journal.model.JournalStructure;
50 import com.liferay.portlet.journal.model.JournalTemplate;
51 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
52 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
53 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
54 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
55 import com.liferay.portlet.messageboards.model.MBCategory;
56 import com.liferay.portlet.messageboards.model.MBMessage;
57 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
58 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
59 import com.liferay.portlet.polls.model.PollsQuestion;
60 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
61 import com.liferay.portlet.shopping.model.ShoppingCategory;
62 import com.liferay.portlet.shopping.model.ShoppingItem;
63 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
64 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
65 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
66 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
67 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
68 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
69 import com.liferay.portlet.wiki.model.WikiNode;
70 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
71
72 import java.util.List;
73
74
80 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
81
82 public void checkPermission(long groupId, long resourceId)
83 throws PortalException, SystemException {
84
85 checkPermission(getPermissionChecker(), groupId, resourceId);
86 }
87
88 public void checkPermission(long groupId, String name, long primKey)
89 throws PortalException, SystemException {
90
91 checkPermission(getPermissionChecker(), groupId, name, primKey);
92 }
93
94 public void checkPermission(long groupId, String name, String primKey)
95 throws PortalException, SystemException {
96
97 checkPermission(getPermissionChecker(), groupId, name, primKey);
98 }
99
100 public boolean hasGroupPermission(
101 long groupId, String actionId, long resourceId)
102 throws SystemException {
103
104 return permissionLocalService.hasGroupPermission(
105 groupId, actionId, resourceId);
106 }
107
108 public boolean hasUserPermission(
109 long userId, String actionId, long resourceId)
110 throws SystemException {
111
112 return permissionLocalService.hasUserPermission(
113 userId, actionId, resourceId);
114 }
115
116 public boolean hasUserPermissions(
117 long userId, long groupId, List<Resource> resources,
118 String actionId, PermissionCheckerBag permissionCheckerBag)
119 throws PortalException, SystemException {
120
121 return permissionLocalService.hasUserPermissions(
122 userId, groupId, resources, actionId, permissionCheckerBag);
123 }
124
125 public void setGroupPermissions(
126 long groupId, String[] actionIds, long resourceId)
127 throws PortalException, SystemException {
128
129 checkPermission(getPermissionChecker(), groupId, resourceId);
130
131 permissionLocalService.setGroupPermissions(
132 groupId, actionIds, resourceId);
133 }
134
135 public void setGroupPermissions(
136 String className, String classPK, long groupId,
137 String[] actionIds, long resourceId)
138 throws PortalException, SystemException {
139
140 checkPermission(getPermissionChecker(), groupId, resourceId);
141
142 permissionLocalService.setGroupPermissions(
143 className, classPK, groupId, actionIds, resourceId);
144 }
145
146 public void setOrgGroupPermissions(
147 long organizationId, long groupId, String[] actionIds,
148 long resourceId)
149 throws PortalException, SystemException {
150
151 checkPermission(getPermissionChecker(), groupId, resourceId);
152
153 permissionLocalService.setOrgGroupPermissions(
154 organizationId, groupId, actionIds, resourceId);
155 }
156
157 public void setRolePermission(
158 long roleId, long groupId, String name, int scope, String primKey,
159 String actionId)
160 throws PortalException, SystemException {
161
162 checkPermission(
163 getPermissionChecker(), groupId, Role.class.getName(), roleId);
164
165 permissionLocalService.setRolePermission(
166 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
167 }
168
169 public void setRolePermissions(
170 long roleId, long groupId, String[] actionIds, long resourceId)
171 throws PortalException, SystemException {
172
173 checkPermission(getPermissionChecker(), groupId, resourceId);
174
175 permissionLocalService.setRolePermissions(
176 roleId, actionIds, resourceId);
177 }
178
179 public void setUserPermissions(
180 long userId, long groupId, String[] actionIds, long resourceId)
181 throws PortalException, SystemException {
182
183 checkPermission(getPermissionChecker(), groupId, resourceId);
184
185 permissionLocalService.setUserPermissions(
186 userId, actionIds, resourceId);
187 }
188
189 public void unsetRolePermission(
190 long roleId, long groupId, long permissionId)
191 throws SystemException, PortalException {
192
193 checkPermission(
194 getPermissionChecker(), groupId, Role.class.getName(), roleId);
195
196 permissionLocalService.unsetRolePermission(roleId, permissionId);
197 }
198
199 public void unsetRolePermission(
200 long roleId, long groupId, String name, int scope, String primKey,
201 String actionId)
202 throws PortalException, SystemException {
203
204 checkPermission(
205 getPermissionChecker(), groupId, Role.class.getName(), roleId);
206
207 permissionLocalService.unsetRolePermission(
208 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
209 }
210
211 public void unsetRolePermissions(
212 long roleId, long groupId, String name, int scope, String actionId)
213 throws PortalException, SystemException {
214
215 checkPermission(
216 getPermissionChecker(), groupId, Role.class.getName(), roleId);
217
218 permissionLocalService.unsetRolePermissions(
219 roleId, getUser().getCompanyId(), name, scope, actionId);
220 }
221
222 public void unsetUserPermissions(
223 long userId, long groupId, String[] actionIds, long resourceId)
224 throws PortalException, SystemException {
225
226 checkPermission(getPermissionChecker(), groupId, resourceId);
227
228 permissionLocalService.unsetUserPermissions(
229 userId, actionIds, resourceId);
230 }
231
232 protected void checkPermission(
233 PermissionChecker permissionChecker, long groupId,
234 long resourceId)
235 throws PortalException, SystemException {
236
237 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
238
239 checkPermission(
240 permissionChecker, groupId, resource.getName(),
241 resource.getPrimKey().toString());
242 }
243
244 protected void checkPermission(
245 PermissionChecker permissionChecker, long groupId, String name,
246 long primKey)
247 throws PortalException, SystemException {
248
249 checkPermission(
250 permissionChecker, groupId, name, String.valueOf(primKey));
251 }
252
253 protected void checkPermission(
254 PermissionChecker permissionChecker, long groupId, String name,
255 String primKey)
256 throws PortalException, SystemException {
257
258 if (name.equals(BlogsEntry.class.getName())) {
259 BlogsEntryPermission.check(
260 permissionChecker, GetterUtil.getLong(primKey),
261 ActionKeys.PERMISSIONS);
262 }
263 else if (name.equals(BookmarksFolder.class.getName())) {
264 BookmarksFolderPermission.check(
265 permissionChecker, GetterUtil.getLong(primKey),
266 ActionKeys.PERMISSIONS);
267 }
268 else if (name.equals(CalEvent.class.getName())) {
269 CalEventPermission.check(
270 permissionChecker, GetterUtil.getLong(primKey),
271 ActionKeys.PERMISSIONS);
272 }
273 else if (name.equals(DLFileEntry.class.getName())) {
274 DLFileEntryPermission.check(
275 permissionChecker, GetterUtil.getLong(primKey),
276 ActionKeys.PERMISSIONS);
277 }
278 else if (name.equals(DLFolder.class.getName())) {
279 DLFolderPermission.check(
280 permissionChecker, GetterUtil.getLong(primKey),
281 ActionKeys.PERMISSIONS);
282 }
283 else if (name.equals(Group.class.getName())) {
284 GroupPermissionUtil.check(
285 permissionChecker, GetterUtil.getLong(primKey),
286 ActionKeys.PERMISSIONS);
287 }
288 else if (name.equals(IGFolder.class.getName())) {
289 IGFolderPermission.check(
290 permissionChecker, GetterUtil.getLong(primKey),
291 ActionKeys.PERMISSIONS);
292 }
293 else if (name.equals(JournalArticle.class.getName())) {
294 JournalArticlePermission.check(
295 permissionChecker, GetterUtil.getLong(primKey),
296 ActionKeys.PERMISSIONS);
297 }
298 else if (name.equals(JournalFeed.class.getName())) {
299 JournalFeedPermission.check(
300 permissionChecker, GetterUtil.getLong(primKey),
301 ActionKeys.PERMISSIONS);
302 }
303 else if (name.equals(JournalStructure.class.getName())) {
304 JournalStructurePermission.check(
305 permissionChecker, GetterUtil.getLong(primKey),
306 ActionKeys.PERMISSIONS);
307 }
308 else if (name.equals(JournalTemplate.class.getName())) {
309 JournalTemplatePermission.check(
310 permissionChecker, GetterUtil.getLong(primKey),
311 ActionKeys.PERMISSIONS);
312 }
313 else if (name.equals(Layout.class.getName())) {
314 long plid = GetterUtil.getLong(primKey);
315
316 Layout layout = layoutPersistence.findByPrimaryKey(plid);
317
318 GroupPermissionUtil.check(
319 permissionChecker, layout.getGroupId(),
320 ActionKeys.MANAGE_LAYOUTS);
321 }
322 else if (name.equals(MBCategory.class.getName())) {
323 MBCategoryPermission.check(
324 permissionChecker, GetterUtil.getLong(primKey),
325 ActionKeys.PERMISSIONS);
326 }
327 else if (name.equals(MBMessage.class.getName())) {
328 MBMessagePermission.check(
329 permissionChecker, GetterUtil.getLong(primKey),
330 ActionKeys.PERMISSIONS);
331 }
332 else if (name.equals(PollsQuestion.class.getName())) {
333 PollsQuestionPermission.check(
334 permissionChecker, GetterUtil.getLong(primKey),
335 ActionKeys.PERMISSIONS);
336 }
337 else if (name.equals(SCFrameworkVersion.class.getName())) {
338 SCFrameworkVersionPermission.check(
339 permissionChecker, GetterUtil.getLong(primKey),
340 ActionKeys.PERMISSIONS);
341 }
342 else if (name.equals(SCProductEntry.class.getName())) {
343 SCProductEntryPermission.check(
344 permissionChecker, GetterUtil.getLong(primKey),
345 ActionKeys.PERMISSIONS);
346 }
347 else if (name.equals(ShoppingCategory.class.getName())) {
348 ShoppingCategoryPermission.check(
349 permissionChecker, GetterUtil.getLong(primKey),
350 ActionKeys.PERMISSIONS);
351 }
352 else if (name.equals(ShoppingItem.class.getName())) {
353 ShoppingItemPermission.check(
354 permissionChecker, GetterUtil.getLong(primKey),
355 ActionKeys.PERMISSIONS);
356 }
357 else if (name.equals(User.class.getName())) {
358 long userId = GetterUtil.getLong(primKey);
359
360 User user = userPersistence.findByPrimaryKey(userId);
361
362 UserPermissionUtil.check(
363 permissionChecker, userId, user.getOrganizationIds(),
364 ActionKeys.PERMISSIONS);
365 }
366 else if (name.equals(WikiNode.class.getName())) {
367 WikiNodePermission.check(
368 permissionChecker, GetterUtil.getLong(primKey),
369 ActionKeys.PERMISSIONS);
370 }
371 else if ((primKey != null) &&
372 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
373
374 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
375
376 long plid = GetterUtil.getLong(primKey.substring(0, pos));
377
378 String portletId = primKey.substring(
379 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
380 primKey.length());
381
382 PortletPermissionUtil.check(
383 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
384 }
385 else if (!permissionChecker.hasPermission(
386 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
387
388 List<String> resourceActions =
389 ResourceActionsUtil.getResourceActions(name);
390
391 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
392 !permissionChecker.hasPermission(
393 groupId, name, primKey,
394 ActionKeys.DEFINE_PERMISSIONS)) {
395
396 throw new PrincipalException();
397 }
398 }
399 }
400
401 }