001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Layout;
022 import com.liferay.portal.model.PortletConstants;
023 import com.liferay.portal.model.Resource;
024 import com.liferay.portal.model.Role;
025 import com.liferay.portal.model.Team;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.PermissionChecker;
030 import com.liferay.portal.security.permission.PermissionCheckerBag;
031 import com.liferay.portal.security.permission.ResourceActionsUtil;
032 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033 import com.liferay.portal.service.permission.GroupPermissionUtil;
034 import com.liferay.portal.service.permission.PortletPermissionUtil;
035 import com.liferay.portal.service.permission.UserPermissionUtil;
036 import com.liferay.portlet.blogs.model.BlogsEntry;
037 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
038 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
039 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
040 import com.liferay.portlet.calendar.model.CalEvent;
041 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
042 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
043 import com.liferay.portlet.documentlibrary.model.DLFolder;
044 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
045 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
046 import com.liferay.portlet.imagegallery.model.IGFolder;
047 import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
048 import com.liferay.portlet.journal.model.JournalArticle;
049 import com.liferay.portlet.journal.model.JournalFeed;
050 import com.liferay.portlet.journal.model.JournalStructure;
051 import com.liferay.portlet.journal.model.JournalTemplate;
052 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
053 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
054 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
055 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
056 import com.liferay.portlet.messageboards.model.MBCategory;
057 import com.liferay.portlet.messageboards.model.MBMessage;
058 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
059 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
060 import com.liferay.portlet.polls.model.PollsQuestion;
061 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
062 import com.liferay.portlet.shopping.model.ShoppingCategory;
063 import com.liferay.portlet.shopping.model.ShoppingItem;
064 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
065 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
066 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
067 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
068 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
069 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
070 import com.liferay.portlet.wiki.model.WikiNode;
071 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
072
073 import java.util.List;
074
075
079 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
080
081 public void checkPermission(long groupId, long resourceId)
082 throws PortalException, SystemException {
083
084 checkPermission(getPermissionChecker(), groupId, resourceId);
085 }
086
087 public void checkPermission(long groupId, String name, long primKey)
088 throws PortalException, SystemException {
089
090 checkPermission(getPermissionChecker(), groupId, name, primKey);
091 }
092
093 public void checkPermission(long groupId, String name, String primKey)
094 throws PortalException, SystemException {
095
096 checkPermission(getPermissionChecker(), groupId, name, primKey);
097 }
098
099 public boolean hasGroupPermission(
100 long groupId, String actionId, long resourceId)
101 throws SystemException {
102
103 return permissionLocalService.hasGroupPermission(
104 groupId, actionId, resourceId);
105 }
106
107 public boolean hasUserPermission(
108 long userId, String actionId, long resourceId)
109 throws SystemException {
110
111 return permissionLocalService.hasUserPermission(
112 userId, actionId, resourceId);
113 }
114
115 public boolean hasUserPermissions(
116 long userId, long groupId, List<Resource> resources,
117 String actionId, PermissionCheckerBag permissionCheckerBag)
118 throws PortalException, SystemException {
119
120 return permissionLocalService.hasUserPermissions(
121 userId, groupId, resources, actionId, permissionCheckerBag);
122 }
123
124 public void setGroupPermissions(
125 long groupId, String[] actionIds, long resourceId)
126 throws PortalException, SystemException {
127
128 checkPermission(getPermissionChecker(), groupId, resourceId);
129
130 permissionLocalService.setGroupPermissions(
131 groupId, actionIds, resourceId);
132 }
133
134 public void setGroupPermissions(
135 String className, String classPK, long groupId,
136 String[] actionIds, long resourceId)
137 throws PortalException, SystemException {
138
139 checkPermission(getPermissionChecker(), groupId, resourceId);
140
141 permissionLocalService.setGroupPermissions(
142 className, classPK, groupId, actionIds, resourceId);
143 }
144
145 public void setOrgGroupPermissions(
146 long organizationId, long groupId, String[] actionIds,
147 long resourceId)
148 throws PortalException, SystemException {
149
150 checkPermission(getPermissionChecker(), groupId, resourceId);
151
152 permissionLocalService.setOrgGroupPermissions(
153 organizationId, groupId, actionIds, resourceId);
154 }
155
156 public void setRolePermission(
157 long roleId, long groupId, String name, int scope, String primKey,
158 String actionId)
159 throws PortalException, SystemException {
160
161 checkPermission(
162 getPermissionChecker(), groupId, Role.class.getName(), roleId);
163
164 permissionLocalService.setRolePermission(
165 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
166 }
167
168 public void setRolePermissions(
169 long roleId, long groupId, String[] actionIds, long resourceId)
170 throws PortalException, SystemException {
171
172 checkPermission(getPermissionChecker(), groupId, resourceId);
173
174 permissionLocalService.setRolePermissions(
175 roleId, actionIds, resourceId);
176 }
177
178 public void setUserPermissions(
179 long userId, long groupId, String[] actionIds, long resourceId)
180 throws PortalException, SystemException {
181
182 checkPermission(getPermissionChecker(), groupId, resourceId);
183
184 permissionLocalService.setUserPermissions(
185 userId, actionIds, resourceId);
186 }
187
188 public void unsetRolePermission(
189 long roleId, long groupId, long permissionId)
190 throws SystemException, PortalException {
191
192 checkPermission(
193 getPermissionChecker(), groupId, Role.class.getName(), roleId);
194
195 permissionLocalService.unsetRolePermission(roleId, permissionId);
196 }
197
198 public void unsetRolePermission(
199 long roleId, long groupId, String name, int scope, String primKey,
200 String actionId)
201 throws PortalException, SystemException {
202
203 checkPermission(
204 getPermissionChecker(), groupId, Role.class.getName(), roleId);
205
206 permissionLocalService.unsetRolePermission(
207 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
208 }
209
210 public void unsetRolePermissions(
211 long roleId, long groupId, String name, int scope, String actionId)
212 throws PortalException, SystemException {
213
214 checkPermission(
215 getPermissionChecker(), groupId, Role.class.getName(), roleId);
216
217 permissionLocalService.unsetRolePermissions(
218 roleId, getUser().getCompanyId(), name, scope, actionId);
219 }
220
221 public void unsetUserPermissions(
222 long userId, long groupId, String[] actionIds, long resourceId)
223 throws PortalException, SystemException {
224
225 checkPermission(getPermissionChecker(), groupId, resourceId);
226
227 permissionLocalService.unsetUserPermissions(
228 userId, actionIds, resourceId);
229 }
230
231 protected void checkPermission(
232 PermissionChecker permissionChecker, long groupId,
233 long resourceId)
234 throws PortalException, SystemException {
235
236 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
237
238 checkPermission(
239 permissionChecker, groupId, resource.getName(),
240 resource.getPrimKey().toString());
241 }
242
243 protected void checkPermission(
244 PermissionChecker permissionChecker, long groupId, String name,
245 long primKey)
246 throws PortalException, SystemException {
247
248 checkPermission(
249 permissionChecker, groupId, name, String.valueOf(primKey));
250 }
251
252 protected void checkPermission(
253 PermissionChecker permissionChecker, long groupId, String name,
254 String primKey)
255 throws PortalException, SystemException {
256
257 if (name.equals(BlogsEntry.class.getName())) {
258 BlogsEntryPermission.check(
259 permissionChecker, GetterUtil.getLong(primKey),
260 ActionKeys.PERMISSIONS);
261 }
262 else if (name.equals(BookmarksFolder.class.getName())) {
263 BookmarksFolderPermission.check(
264 permissionChecker, groupId, GetterUtil.getLong(primKey),
265 ActionKeys.PERMISSIONS);
266 }
267 else if (name.equals(CalEvent.class.getName())) {
268 CalEventPermission.check(
269 permissionChecker, GetterUtil.getLong(primKey),
270 ActionKeys.PERMISSIONS);
271 }
272 else if (name.equals(DLFileEntry.class.getName())) {
273 DLFileEntryPermission.check(
274 permissionChecker, GetterUtil.getLong(primKey),
275 ActionKeys.PERMISSIONS);
276 }
277 else if (name.equals(DLFolder.class.getName())) {
278 DLFolderPermission.check(
279 permissionChecker, groupId, GetterUtil.getLong(primKey),
280 ActionKeys.PERMISSIONS);
281 }
282 else if (name.equals(Group.class.getName())) {
283 GroupPermissionUtil.check(
284 permissionChecker, GetterUtil.getLong(primKey),
285 ActionKeys.PERMISSIONS);
286 }
287 else if (name.equals(IGFolder.class.getName())) {
288 IGFolderPermission.check(
289 permissionChecker, groupId, GetterUtil.getLong(primKey),
290 ActionKeys.PERMISSIONS);
291 }
292 else if (name.equals(JournalArticle.class.getName())) {
293 JournalArticlePermission.check(
294 permissionChecker, GetterUtil.getLong(primKey),
295 ActionKeys.PERMISSIONS);
296 }
297 else if (name.equals(JournalFeed.class.getName())) {
298 JournalFeedPermission.check(
299 permissionChecker, GetterUtil.getLong(primKey),
300 ActionKeys.PERMISSIONS);
301 }
302 else if (name.equals(JournalStructure.class.getName())) {
303 JournalStructurePermission.check(
304 permissionChecker, GetterUtil.getLong(primKey),
305 ActionKeys.PERMISSIONS);
306 }
307 else if (name.equals(JournalTemplate.class.getName())) {
308 JournalTemplatePermission.check(
309 permissionChecker, GetterUtil.getLong(primKey),
310 ActionKeys.PERMISSIONS);
311 }
312 else if (name.equals(Layout.class.getName())) {
313 long plid = GetterUtil.getLong(primKey);
314
315 Layout layout = layoutPersistence.findByPrimaryKey(plid);
316
317 GroupPermissionUtil.check(
318 permissionChecker, layout.getGroupId(),
319 ActionKeys.MANAGE_LAYOUTS);
320 }
321 else if (name.equals(MBCategory.class.getName())) {
322 MBCategoryPermission.check(
323 permissionChecker, groupId, GetterUtil.getLong(primKey),
324 ActionKeys.PERMISSIONS);
325 }
326 else if (name.equals(MBMessage.class.getName())) {
327 MBMessagePermission.check(
328 permissionChecker, GetterUtil.getLong(primKey),
329 ActionKeys.PERMISSIONS);
330 }
331 else if (name.equals(PollsQuestion.class.getName())) {
332 PollsQuestionPermission.check(
333 permissionChecker, GetterUtil.getLong(primKey),
334 ActionKeys.PERMISSIONS);
335 }
336 else if (name.equals(SCFrameworkVersion.class.getName())) {
337 SCFrameworkVersionPermission.check(
338 permissionChecker, GetterUtil.getLong(primKey),
339 ActionKeys.PERMISSIONS);
340 }
341 else if (name.equals(SCProductEntry.class.getName())) {
342 SCProductEntryPermission.check(
343 permissionChecker, GetterUtil.getLong(primKey),
344 ActionKeys.PERMISSIONS);
345 }
346 else if (name.equals(ShoppingCategory.class.getName())) {
347 ShoppingCategoryPermission.check(
348 permissionChecker, groupId, GetterUtil.getLong(primKey),
349 ActionKeys.PERMISSIONS);
350 }
351 else if (name.equals(ShoppingItem.class.getName())) {
352 ShoppingItemPermission.check(
353 permissionChecker, GetterUtil.getLong(primKey),
354 ActionKeys.PERMISSIONS);
355 }
356 else if (name.equals(Team.class.getName())) {
357 long teamId = GetterUtil.getLong(primKey);
358
359 Team team = teamPersistence.findByPrimaryKey(teamId);
360
361 GroupPermissionUtil.check(
362 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
363 }
364 else if (name.equals(User.class.getName())) {
365 long userId = GetterUtil.getLong(primKey);
366
367 User user = userPersistence.findByPrimaryKey(userId);
368
369 UserPermissionUtil.check(
370 permissionChecker, userId, user.getOrganizationIds(),
371 ActionKeys.PERMISSIONS);
372 }
373 else if (name.equals(WikiNode.class.getName())) {
374 WikiNodePermission.check(
375 permissionChecker, GetterUtil.getLong(primKey),
376 ActionKeys.PERMISSIONS);
377 }
378 else if ((primKey != null) &&
379 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
380
381 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
382
383 long plid = GetterUtil.getLong(primKey.substring(0, pos));
384
385 String portletId = primKey.substring(
386 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
387 primKey.length());
388
389 PortletPermissionUtil.check(
390 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
391 }
392 else if (!permissionChecker.hasPermission(
393 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
394
395 List<String> resourceActions =
396 ResourceActionsUtil.getResourceActions(name);
397
398 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
399 !permissionChecker.hasPermission(
400 groupId, name, primKey,
401 ActionKeys.DEFINE_PERMISSIONS)) {
402
403 throw new PrincipalException();
404 }
405 }
406 }
407
408 }