1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.PortalException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.security.permission.ActionKeys;
28 import com.liferay.portal.kernel.security.permission.PermissionChecker;
29 import com.liferay.portal.kernel.security.permission.PermissionCheckerBag;
30 import com.liferay.portal.kernel.util.GetterUtil;
31 import com.liferay.portal.model.Group;
32 import com.liferay.portal.model.Layout;
33 import com.liferay.portal.model.Resource;
34 import com.liferay.portal.model.Role;
35 import com.liferay.portal.model.User;
36 import com.liferay.portal.model.impl.PortletImpl;
37 import com.liferay.portal.security.auth.PrincipalException;
38 import com.liferay.portal.service.LayoutLocalServiceUtil;
39 import com.liferay.portal.service.PermissionLocalServiceUtil;
40 import com.liferay.portal.service.PermissionService;
41 import com.liferay.portal.service.ResourceLocalServiceUtil;
42 import com.liferay.portal.service.UserLocalServiceUtil;
43 import com.liferay.portal.service.permission.GroupPermissionUtil;
44 import com.liferay.portal.service.permission.PortletPermissionUtil;
45 import com.liferay.portal.service.permission.UserPermissionUtil;
46
47
53 public class PermissionServiceImpl
54 extends PrincipalBean implements PermissionService {
55
56 public void checkPermission(long groupId, String name, String primKey)
57 throws PortalException, SystemException {
58
59 checkPermission(getPermissionChecker(), groupId, name, primKey);
60 }
61
62 public boolean hasGroupPermission(
63 long groupId, String actionId, long resourceId)
64 throws PortalException, SystemException {
65
66 return PermissionLocalServiceUtil.hasGroupPermission(
67 groupId, actionId, resourceId);
68 }
69
70 public boolean hasUserPermission(
71 long userId, String actionId, long resourceId)
72 throws PortalException, SystemException {
73
74 return PermissionLocalServiceUtil.hasUserPermission(
75 userId, actionId, resourceId);
76 }
77
78 public boolean hasUserPermissions(
79 long userId, long groupId, String actionId, long[] resourceIds,
80 PermissionCheckerBag permissionCheckerBag)
81 throws PortalException, SystemException {
82
83 return PermissionLocalServiceUtil.hasUserPermissions(
84 userId, groupId, actionId, resourceIds, permissionCheckerBag);
85 }
86
87 public void setGroupPermissions(
88 long groupId, String[] actionIds, long resourceId)
89 throws PortalException, SystemException {
90
91 checkPermission(getPermissionChecker(), groupId, resourceId);
92
93 PermissionLocalServiceUtil.setGroupPermissions(
94 groupId, actionIds, resourceId);
95 }
96
97 public void setGroupPermissions(
98 String className, String classPK, long groupId,
99 String[] actionIds, long resourceId)
100 throws PortalException, SystemException {
101
102 checkPermission(getPermissionChecker(), groupId, resourceId);
103
104 PermissionLocalServiceUtil.setGroupPermissions(
105 className, classPK, groupId, actionIds, resourceId);
106 }
107
108 public void setOrgGroupPermissions(
109 long organizationId, long groupId, String[] actionIds,
110 long resourceId)
111 throws PortalException, SystemException {
112
113 checkPermission(getPermissionChecker(), groupId, resourceId);
114
115 PermissionLocalServiceUtil.setOrgGroupPermissions(
116 organizationId, groupId, actionIds, resourceId);
117 }
118
119 public void setRolePermission(
120 long roleId, long groupId, String name, int scope, String primKey,
121 String actionId)
122 throws PortalException, SystemException {
123
124 checkPermission(
125 getPermissionChecker(), groupId, Role.class.getName(), roleId);
126
127 PermissionLocalServiceUtil.setRolePermission(
128 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
129 }
130
131 public void setUserPermissions(
132 long userId, long groupId, String[] actionIds,
133 long resourceId)
134 throws PortalException, SystemException {
135
136 checkPermission(getPermissionChecker(), groupId, resourceId);
137
138 PermissionLocalServiceUtil.setUserPermissions(
139 userId, actionIds, resourceId);
140 }
141
142 public void unsetRolePermission(
143 long roleId, long groupId, long permissionId)
144 throws SystemException, PortalException {
145
146 checkPermission(
147 getPermissionChecker(), groupId, Role.class.getName(), roleId);
148
149 PermissionLocalServiceUtil.unsetRolePermission(roleId, permissionId);
150 }
151
152 public void unsetRolePermission(
153 long roleId, long groupId, String name, int scope, String primKey,
154 String actionId)
155 throws PortalException, SystemException {
156
157 checkPermission(
158 getPermissionChecker(), groupId, Role.class.getName(), roleId);
159
160 PermissionLocalServiceUtil.unsetRolePermission(
161 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
162 }
163
164 public void unsetRolePermissions(
165 long roleId, long groupId, String name, int scope, String actionId)
166 throws PortalException, SystemException {
167
168 checkPermission(
169 getPermissionChecker(), groupId, Role.class.getName(), roleId);
170
171 PermissionLocalServiceUtil.unsetRolePermissions(
172 roleId, getUser().getCompanyId(), name, scope, actionId);
173 }
174
175 public void unsetUserPermissions(
176 long userId, long groupId, String[] actionIds, long resourceId)
177 throws PortalException, SystemException {
178
179 checkPermission(getPermissionChecker(), groupId, resourceId);
180
181 PermissionLocalServiceUtil.unsetUserPermissions(
182 userId, actionIds, resourceId);
183 }
184
185 protected void checkPermission(
186 PermissionChecker permissionChecker, long groupId,
187 long resourceId)
188 throws PortalException, SystemException {
189
190 Resource resource = ResourceLocalServiceUtil.getResource(resourceId);
191
192 checkPermission(
193 permissionChecker, groupId, resource.getName(),
194 resource.getPrimKey().toString());
195 }
196
197 protected void checkPermission(
198 PermissionChecker permissionChecker, long groupId, String name,
199 long primKey)
200 throws PortalException, SystemException {
201
202 checkPermission(
203 permissionChecker, groupId, name, String.valueOf(primKey));
204 }
205
206 protected void checkPermission(
207 PermissionChecker permissionChecker, long groupId, String name,
208 String primKey)
209 throws PortalException, SystemException {
210
211 if (name.equals(Group.class.getName())) {
212 GroupPermissionUtil.check(
213 permissionChecker, GetterUtil.getLong(primKey),
214 ActionKeys.PERMISSIONS);
215 }
216 else if (name.equals(Layout.class.getName())) {
217 long plid = GetterUtil.getLong(primKey);
218
219 Layout layout = LayoutLocalServiceUtil.getLayout(plid);
220
221 GroupPermissionUtil.check(
222 permissionChecker, layout.getGroupId(),
223 ActionKeys.MANAGE_LAYOUTS);
224 }
225 else if (name.equals(User.class.getName())) {
226 long userId = GetterUtil.getLong(primKey);
227
228 User user = UserLocalServiceUtil.getUserById(userId);
229
230 UserPermissionUtil.check(
231 permissionChecker, userId,
232 user.getOrganization().getOrganizationId(),
233 user.getLocation().getOrganizationId(), ActionKeys.PERMISSIONS);
234 }
235 else if ((primKey != null) &&
236 (primKey.indexOf(PortletImpl.LAYOUT_SEPARATOR) != -1)) {
237
238 int pos = primKey.indexOf(PortletImpl.LAYOUT_SEPARATOR);
239
240 long plid = GetterUtil.getLong(primKey.substring(0, pos));
241
242 String portletId = primKey.substring(
243 pos + PortletImpl.LAYOUT_SEPARATOR.length() , primKey.length());
244
245 if (!PortletPermissionUtil.contains(
246 permissionChecker, plid, portletId,
247 ActionKeys.CONFIGURATION)) {
248
249 throw new PrincipalException();
250 }
251 }
252 else if (!permissionChecker.hasPermission(
253 groupId, name, primKey, ActionKeys.PERMISSIONS) &&
254 !permissionChecker.hasPermission(
255 groupId, name, primKey, ActionKeys.ADD_PERMISSIONS)) {
256
257 throw new PrincipalException();
258 }
259 }
260
261 }