1   /**
2    * Copyright (c) 2000-2007 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.security.permission.ActionKeys;
28  import com.liferay.portal.kernel.security.permission.PermissionChecker;
29  import com.liferay.portal.kernel.security.permission.PermissionCheckerBag;
30  import com.liferay.portal.kernel.util.GetterUtil;
31  import com.liferay.portal.model.Group;
32  import com.liferay.portal.model.Layout;
33  import com.liferay.portal.model.Resource;
34  import com.liferay.portal.model.Role;
35  import com.liferay.portal.model.User;
36  import com.liferay.portal.model.impl.PortletImpl;
37  import com.liferay.portal.security.auth.PrincipalException;
38  import com.liferay.portal.service.LayoutLocalServiceUtil;
39  import com.liferay.portal.service.PermissionLocalServiceUtil;
40  import com.liferay.portal.service.PermissionService;
41  import com.liferay.portal.service.ResourceLocalServiceUtil;
42  import com.liferay.portal.service.UserLocalServiceUtil;
43  import com.liferay.portal.service.permission.GroupPermissionUtil;
44  import com.liferay.portal.service.permission.PortletPermissionUtil;
45  import com.liferay.portal.service.permission.UserPermissionUtil;
46  
47  /**
48   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
49   *
50   * @author Brian Wing Shun Chan
51   *
52   */
53  public class PermissionServiceImpl
54      extends PrincipalBean implements PermissionService {
55  
56      public void checkPermission(long groupId, String name, String primKey)
57          throws PortalException, SystemException {
58  
59          checkPermission(getPermissionChecker(), groupId, name, primKey);
60      }
61  
62      public boolean hasGroupPermission(
63              long groupId, String actionId, long resourceId)
64          throws PortalException, SystemException {
65  
66          return PermissionLocalServiceUtil.hasGroupPermission(
67              groupId, actionId, resourceId);
68      }
69  
70      public boolean hasUserPermission(
71              long userId, String actionId, long resourceId)
72          throws PortalException, SystemException {
73  
74          return PermissionLocalServiceUtil.hasUserPermission(
75              userId, actionId, resourceId);
76      }
77  
78      public boolean hasUserPermissions(
79              long userId, long groupId, String actionId, long[] resourceIds,
80              PermissionCheckerBag permissionCheckerBag)
81          throws PortalException, SystemException {
82  
83          return PermissionLocalServiceUtil.hasUserPermissions(
84              userId, groupId, actionId, resourceIds, permissionCheckerBag);
85      }
86  
87      public void setGroupPermissions(
88              long groupId, String[] actionIds, long resourceId)
89          throws PortalException, SystemException {
90  
91          checkPermission(getPermissionChecker(), groupId, resourceId);
92  
93          PermissionLocalServiceUtil.setGroupPermissions(
94              groupId, actionIds, resourceId);
95      }
96  
97      public void setGroupPermissions(
98              String className, String classPK, long groupId,
99              String[] actionIds, long resourceId)
100         throws PortalException, SystemException {
101 
102         checkPermission(getPermissionChecker(), groupId, resourceId);
103 
104         PermissionLocalServiceUtil.setGroupPermissions(
105             className, classPK, groupId, actionIds, resourceId);
106     }
107 
108     public void setOrgGroupPermissions(
109             long organizationId, long groupId, String[] actionIds,
110             long resourceId)
111         throws PortalException, SystemException {
112 
113         checkPermission(getPermissionChecker(), groupId, resourceId);
114 
115         PermissionLocalServiceUtil.setOrgGroupPermissions(
116             organizationId, groupId, actionIds, resourceId);
117     }
118 
119     public void setRolePermission(
120             long roleId, long groupId, String name, int scope, String primKey,
121             String actionId)
122         throws PortalException, SystemException {
123 
124         checkPermission(
125             getPermissionChecker(), groupId, Role.class.getName(), roleId);
126 
127         PermissionLocalServiceUtil.setRolePermission(
128             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
129     }
130 
131     public void setUserPermissions(
132             long userId, long groupId, String[] actionIds,
133             long resourceId)
134         throws PortalException, SystemException {
135 
136         checkPermission(getPermissionChecker(), groupId, resourceId);
137 
138         PermissionLocalServiceUtil.setUserPermissions(
139             userId, actionIds, resourceId);
140     }
141 
142     public void unsetRolePermission(
143             long roleId, long groupId, long permissionId)
144         throws SystemException, PortalException {
145 
146         checkPermission(
147             getPermissionChecker(), groupId, Role.class.getName(), roleId);
148 
149         PermissionLocalServiceUtil.unsetRolePermission(roleId, permissionId);
150     }
151 
152     public void unsetRolePermission(
153             long roleId, long groupId, String name, int scope, String primKey,
154             String actionId)
155         throws PortalException, SystemException {
156 
157         checkPermission(
158             getPermissionChecker(), groupId, Role.class.getName(), roleId);
159 
160         PermissionLocalServiceUtil.unsetRolePermission(
161             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
162     }
163 
164     public void unsetRolePermissions(
165             long roleId, long groupId, String name, int scope, String actionId)
166         throws PortalException, SystemException {
167 
168         checkPermission(
169             getPermissionChecker(), groupId, Role.class.getName(), roleId);
170 
171         PermissionLocalServiceUtil.unsetRolePermissions(
172             roleId, getUser().getCompanyId(), name, scope, actionId);
173     }
174 
175     public void unsetUserPermissions(
176             long userId, long groupId, String[] actionIds, long resourceId)
177         throws PortalException, SystemException {
178 
179         checkPermission(getPermissionChecker(), groupId, resourceId);
180 
181         PermissionLocalServiceUtil.unsetUserPermissions(
182             userId, actionIds, resourceId);
183     }
184 
185     protected void checkPermission(
186             PermissionChecker permissionChecker, long groupId,
187             long resourceId)
188         throws PortalException, SystemException {
189 
190         Resource resource = ResourceLocalServiceUtil.getResource(resourceId);
191 
192         checkPermission(
193             permissionChecker, groupId, resource.getName(),
194             resource.getPrimKey().toString());
195     }
196 
197     protected void checkPermission(
198             PermissionChecker permissionChecker, long groupId, String name,
199             long primKey)
200         throws PortalException, SystemException {
201 
202         checkPermission(
203             permissionChecker, groupId, name, String.valueOf(primKey));
204     }
205 
206     protected void checkPermission(
207             PermissionChecker permissionChecker, long groupId, String name,
208             String primKey)
209         throws PortalException, SystemException {
210 
211         if (name.equals(Group.class.getName())) {
212             GroupPermissionUtil.check(
213                 permissionChecker, GetterUtil.getLong(primKey),
214                 ActionKeys.PERMISSIONS);
215         }
216         else if (name.equals(Layout.class.getName())) {
217             long plid = GetterUtil.getLong(primKey);
218 
219             Layout layout = LayoutLocalServiceUtil.getLayout(plid);
220 
221             GroupPermissionUtil.check(
222                 permissionChecker, layout.getGroupId(),
223                 ActionKeys.MANAGE_LAYOUTS);
224         }
225         else if (name.equals(User.class.getName())) {
226             long userId = GetterUtil.getLong(primKey);
227 
228             User user = UserLocalServiceUtil.getUserById(userId);
229 
230             UserPermissionUtil.check(
231                 permissionChecker, userId,
232                 user.getOrganization().getOrganizationId(),
233                 user.getLocation().getOrganizationId(), ActionKeys.PERMISSIONS);
234         }
235         else if ((primKey != null) &&
236                  (primKey.indexOf(PortletImpl.LAYOUT_SEPARATOR) != -1)) {
237 
238             int pos = primKey.indexOf(PortletImpl.LAYOUT_SEPARATOR);
239 
240             long plid = GetterUtil.getLong(primKey.substring(0, pos));
241 
242             String portletId = primKey.substring(
243                 pos + PortletImpl.LAYOUT_SEPARATOR.length() , primKey.length());
244 
245             if (!PortletPermissionUtil.contains(
246                     permissionChecker, plid, portletId,
247                     ActionKeys.CONFIGURATION)) {
248 
249                 throw new PrincipalException();
250             }
251         }
252         else if (!permissionChecker.hasPermission(
253                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
254                  !permissionChecker.hasPermission(
255                     groupId, name, primKey, ActionKeys.ADD_PERMISSIONS)) {
256 
257             throw new PrincipalException();
258         }
259     }
260 
261 }