001    /**
002     * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.Group;
021    import com.liferay.portal.model.Layout;
022    import com.liferay.portal.model.PortletConstants;
023    import com.liferay.portal.model.Resource;
024    import com.liferay.portal.model.Role;
025    import com.liferay.portal.model.Team;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.auth.PrincipalException;
028    import com.liferay.portal.security.permission.ActionKeys;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.PermissionCheckerBag;
031    import com.liferay.portal.security.permission.ResourceActionsUtil;
032    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033    import com.liferay.portal.service.permission.GroupPermissionUtil;
034    import com.liferay.portal.service.permission.PortletPermissionUtil;
035    import com.liferay.portal.service.permission.UserPermissionUtil;
036    import com.liferay.portlet.blogs.model.BlogsEntry;
037    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
038    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
039    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
040    import com.liferay.portlet.calendar.model.CalEvent;
041    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
042    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
043    import com.liferay.portlet.documentlibrary.model.DLFolder;
044    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
045    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
046    import com.liferay.portlet.imagegallery.model.IGFolder;
047    import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
048    import com.liferay.portlet.journal.model.JournalArticle;
049    import com.liferay.portlet.journal.model.JournalFeed;
050    import com.liferay.portlet.journal.model.JournalStructure;
051    import com.liferay.portlet.journal.model.JournalTemplate;
052    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
053    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
054    import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
055    import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
056    import com.liferay.portlet.messageboards.model.MBCategory;
057    import com.liferay.portlet.messageboards.model.MBMessage;
058    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
059    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
060    import com.liferay.portlet.polls.model.PollsQuestion;
061    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
062    import com.liferay.portlet.shopping.model.ShoppingCategory;
063    import com.liferay.portlet.shopping.model.ShoppingItem;
064    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
065    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
066    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
067    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
068    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
069    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
070    import com.liferay.portlet.wiki.model.WikiNode;
071    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
072    
073    import java.util.List;
074    
075    /**
076     * @author Brian Wing Shun Chan
077     * @author Raymond Augé
078     */
079    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
080    
081            public void checkPermission(long groupId, long resourceId)
082                    throws PortalException, SystemException {
083    
084                    checkPermission(getPermissionChecker(), groupId, resourceId);
085            }
086    
087            public void checkPermission(long groupId, String name, long primKey)
088                    throws PortalException, SystemException {
089    
090                    checkPermission(getPermissionChecker(), groupId, name, primKey);
091            }
092    
093            public void checkPermission(long groupId, String name, String primKey)
094                    throws PortalException, SystemException {
095    
096                    checkPermission(getPermissionChecker(), groupId, name, primKey);
097            }
098    
099            public boolean hasGroupPermission(
100                            long groupId, String actionId, long resourceId)
101                    throws SystemException {
102    
103                    return permissionLocalService.hasGroupPermission(
104                            groupId, actionId, resourceId);
105            }
106    
107            public boolean hasUserPermission(
108                            long userId, String actionId, long resourceId)
109                    throws SystemException {
110    
111                    return permissionLocalService.hasUserPermission(
112                            userId, actionId, resourceId);
113            }
114    
115            public boolean hasUserPermissions(
116                            long userId, long groupId, List<Resource> resources,
117                            String actionId, PermissionCheckerBag permissionCheckerBag)
118                    throws PortalException, SystemException {
119    
120                    return permissionLocalService.hasUserPermissions(
121                            userId, groupId, resources, actionId, permissionCheckerBag);
122            }
123    
124            public void setGroupPermissions(
125                            long groupId, String[] actionIds, long resourceId)
126                    throws PortalException, SystemException {
127    
128                    checkPermission(getPermissionChecker(), groupId, resourceId);
129    
130                    permissionLocalService.setGroupPermissions(
131                            groupId, actionIds, resourceId);
132            }
133    
134            public void setGroupPermissions(
135                            String className, String classPK, long groupId,
136                            String[] actionIds, long resourceId)
137                    throws PortalException, SystemException {
138    
139                    checkPermission(getPermissionChecker(), groupId, resourceId);
140    
141                    permissionLocalService.setGroupPermissions(
142                            className, classPK, groupId, actionIds, resourceId);
143            }
144    
145            public void setOrgGroupPermissions(
146                            long organizationId, long groupId, String[] actionIds,
147                            long resourceId)
148                    throws PortalException, SystemException {
149    
150                    checkPermission(getPermissionChecker(), groupId, resourceId);
151    
152                    permissionLocalService.setOrgGroupPermissions(
153                            organizationId, groupId, actionIds, resourceId);
154            }
155    
156            public void setRolePermission(
157                            long roleId, long groupId, String name, int scope, String primKey,
158                            String actionId)
159                    throws PortalException, SystemException {
160    
161                    checkPermission(
162                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
163    
164                    permissionLocalService.setRolePermission(
165                            roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
166            }
167    
168            public void setRolePermissions(
169                            long roleId, long groupId, String[] actionIds, long resourceId)
170                    throws PortalException, SystemException {
171    
172                    checkPermission(getPermissionChecker(), groupId, resourceId);
173    
174                    permissionLocalService.setRolePermissions(
175                            roleId, actionIds, resourceId);
176            }
177    
178            public void setUserPermissions(
179                            long userId, long groupId, String[] actionIds, long resourceId)
180                    throws PortalException, SystemException {
181    
182                    checkPermission(getPermissionChecker(), groupId, resourceId);
183    
184                    permissionLocalService.setUserPermissions(
185                            userId, actionIds, resourceId);
186            }
187    
188            public void unsetRolePermission(
189                            long roleId, long groupId, long permissionId)
190                    throws SystemException, PortalException {
191    
192                    checkPermission(
193                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
194    
195                    permissionLocalService.unsetRolePermission(roleId, permissionId);
196            }
197    
198            public void unsetRolePermission(
199                            long roleId, long groupId, String name, int scope, String primKey,
200                            String actionId)
201                    throws PortalException, SystemException {
202    
203                    checkPermission(
204                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
205    
206                    permissionLocalService.unsetRolePermission(
207                            roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
208            }
209    
210            public void unsetRolePermissions(
211                            long roleId, long groupId, String name, int scope, String actionId)
212                    throws PortalException, SystemException {
213    
214                    checkPermission(
215                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
216    
217                    permissionLocalService.unsetRolePermissions(
218                            roleId, getUser().getCompanyId(), name, scope, actionId);
219            }
220    
221            public void unsetUserPermissions(
222                            long userId, long groupId, String[] actionIds, long resourceId)
223                    throws PortalException, SystemException {
224    
225                    checkPermission(getPermissionChecker(), groupId, resourceId);
226    
227                    permissionLocalService.unsetUserPermissions(
228                            userId, actionIds, resourceId);
229            }
230    
231            protected void checkPermission(
232                            PermissionChecker permissionChecker, long groupId,
233                            long resourceId)
234                    throws PortalException, SystemException {
235    
236                    Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
237    
238                    checkPermission(
239                            permissionChecker, groupId, resource.getName(),
240                            resource.getPrimKey().toString());
241            }
242    
243            protected void checkPermission(
244                            PermissionChecker permissionChecker, long groupId, String name,
245                            long primKey)
246                    throws PortalException, SystemException {
247    
248                    checkPermission(
249                            permissionChecker, groupId, name, String.valueOf(primKey));
250            }
251    
252            protected void checkPermission(
253                            PermissionChecker permissionChecker, long groupId, String name,
254                            String primKey)
255                    throws PortalException, SystemException {
256    
257                    if (name.equals(BlogsEntry.class.getName())) {
258                            BlogsEntryPermission.check(
259                                    permissionChecker, GetterUtil.getLong(primKey),
260                                    ActionKeys.PERMISSIONS);
261                    }
262                    else if (name.equals(BookmarksFolder.class.getName())) {
263                            BookmarksFolderPermission.check(
264                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
265                                    ActionKeys.PERMISSIONS);
266                    }
267                    else if (name.equals(CalEvent.class.getName())) {
268                            CalEventPermission.check(
269                                    permissionChecker, GetterUtil.getLong(primKey),
270                                    ActionKeys.PERMISSIONS);
271                    }
272                    else if (name.equals(DLFileEntry.class.getName())) {
273                            DLFileEntryPermission.check(
274                                    permissionChecker, GetterUtil.getLong(primKey),
275                                    ActionKeys.PERMISSIONS);
276                    }
277                    else if (name.equals(DLFolder.class.getName())) {
278                            DLFolderPermission.check(
279                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
280                                    ActionKeys.PERMISSIONS);
281                    }
282                    else if (name.equals(Group.class.getName())) {
283                            GroupPermissionUtil.check(
284                                    permissionChecker, GetterUtil.getLong(primKey),
285                                    ActionKeys.PERMISSIONS);
286                    }
287                    else if (name.equals(IGFolder.class.getName())) {
288                            IGFolderPermission.check(
289                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
290                                    ActionKeys.PERMISSIONS);
291                    }
292                    else if (name.equals(JournalArticle.class.getName())) {
293                            JournalArticlePermission.check(
294                                    permissionChecker, GetterUtil.getLong(primKey),
295                                    ActionKeys.PERMISSIONS);
296                    }
297                    else if (name.equals(JournalFeed.class.getName())) {
298                            JournalFeedPermission.check(
299                                    permissionChecker, GetterUtil.getLong(primKey),
300                                    ActionKeys.PERMISSIONS);
301                    }
302                    else if (name.equals(JournalStructure.class.getName())) {
303                            JournalStructurePermission.check(
304                                    permissionChecker, GetterUtil.getLong(primKey),
305                                    ActionKeys.PERMISSIONS);
306                    }
307                    else if (name.equals(JournalTemplate.class.getName())) {
308                            JournalTemplatePermission.check(
309                                    permissionChecker, GetterUtil.getLong(primKey),
310                                    ActionKeys.PERMISSIONS);
311                    }
312                    else if (name.equals(Layout.class.getName())) {
313                            long plid = GetterUtil.getLong(primKey);
314    
315                            Layout layout = layoutPersistence.findByPrimaryKey(plid);
316    
317                            GroupPermissionUtil.check(
318                                    permissionChecker, layout.getGroupId(),
319                                    ActionKeys.MANAGE_LAYOUTS);
320                    }
321                    else if (name.equals(MBCategory.class.getName())) {
322                            MBCategoryPermission.check(
323                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
324                                    ActionKeys.PERMISSIONS);
325                    }
326                    else if (name.equals(MBMessage.class.getName())) {
327                            MBMessagePermission.check(
328                                    permissionChecker, GetterUtil.getLong(primKey),
329                                    ActionKeys.PERMISSIONS);
330                    }
331                    else if (name.equals(PollsQuestion.class.getName())) {
332                            PollsQuestionPermission.check(
333                                    permissionChecker, GetterUtil.getLong(primKey),
334                                    ActionKeys.PERMISSIONS);
335                    }
336                    else if (name.equals(SCFrameworkVersion.class.getName())) {
337                            SCFrameworkVersionPermission.check(
338                                    permissionChecker, GetterUtil.getLong(primKey),
339                                    ActionKeys.PERMISSIONS);
340                    }
341                    else if (name.equals(SCProductEntry.class.getName())) {
342                            SCProductEntryPermission.check(
343                                    permissionChecker, GetterUtil.getLong(primKey),
344                                    ActionKeys.PERMISSIONS);
345                    }
346                    else if (name.equals(ShoppingCategory.class.getName())) {
347                            ShoppingCategoryPermission.check(
348                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
349                                    ActionKeys.PERMISSIONS);
350                    }
351                    else if (name.equals(ShoppingItem.class.getName())) {
352                            ShoppingItemPermission.check(
353                                    permissionChecker, GetterUtil.getLong(primKey),
354                                    ActionKeys.PERMISSIONS);
355                    }
356                    else if (name.equals(Team.class.getName())) {
357                            long teamId = GetterUtil.getLong(primKey);
358    
359                            Team team = teamPersistence.findByPrimaryKey(teamId);
360    
361                            GroupPermissionUtil.check(
362                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
363                    }
364                    else if (name.equals(User.class.getName())) {
365                            long userId = GetterUtil.getLong(primKey);
366    
367                            User user = userPersistence.findByPrimaryKey(userId);
368    
369                            UserPermissionUtil.check(
370                                    permissionChecker, userId, user.getOrganizationIds(),
371                                    ActionKeys.PERMISSIONS);
372                    }
373                    else if (name.equals(WikiNode.class.getName())) {
374                            WikiNodePermission.check(
375                                    permissionChecker, GetterUtil.getLong(primKey),
376                                    ActionKeys.PERMISSIONS);
377                    }
378                    else if ((primKey != null) &&
379                                     (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
380    
381                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
382    
383                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
384    
385                            String portletId = primKey.substring(
386                                    pos + PortletConstants.LAYOUT_SEPARATOR.length(),
387                                    primKey.length());
388    
389                            PortletPermissionUtil.check(
390                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
391                    }
392                    else if (!permissionChecker.hasPermission(
393                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
394    
395                            List<String> resourceActions =
396                                    ResourceActionsUtil.getResourceActions(name);
397    
398                            if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
399                                    !permissionChecker.hasPermission(
400                                                    groupId, name, primKey,
401                                                    ActionKeys.DEFINE_PERMISSIONS)) {
402    
403                                    throw new PrincipalException();
404                            }
405                    }
406            }
407    
408    }