1   /**
2    * Copyright (c) 2000-2008 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39  import com.liferay.portal.service.permission.GroupPermissionUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.service.permission.UserPermissionUtil;
42  
43  /**
44   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
45   *
46   * @author Brian Wing Shun Chan
47   *
48   */
49  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
50  
51      public void checkPermission(long groupId, String name, String primKey)
52          throws PortalException, SystemException {
53  
54          checkPermission(getPermissionChecker(), groupId, name, primKey);
55      }
56  
57      public boolean hasGroupPermission(
58              long groupId, String actionId, long resourceId)
59          throws SystemException {
60  
61          return permissionLocalService.hasGroupPermission(
62              groupId, actionId, resourceId);
63      }
64  
65      public boolean hasUserPermission(
66              long userId, String actionId, long resourceId)
67          throws SystemException {
68  
69          return permissionLocalService.hasUserPermission(
70              userId, actionId, resourceId);
71      }
72  
73      public boolean hasUserPermissions(
74              long userId, long groupId, String actionId, long[] resourceIds,
75              PermissionCheckerBag permissionCheckerBag)
76          throws SystemException {
77  
78          return permissionLocalService.hasUserPermissions(
79              userId, groupId, actionId, resourceIds, permissionCheckerBag);
80      }
81  
82      public void setGroupPermissions(
83              long groupId, String[] actionIds, long resourceId)
84          throws PortalException, SystemException {
85  
86          checkPermission(getPermissionChecker(), groupId, resourceId);
87  
88          permissionLocalService.setGroupPermissions(
89              groupId, actionIds, resourceId);
90      }
91  
92      public void setGroupPermissions(
93              String className, String classPK, long groupId,
94              String[] actionIds, long resourceId)
95          throws PortalException, SystemException {
96  
97          checkPermission(getPermissionChecker(), groupId, resourceId);
98  
99          permissionLocalService.setGroupPermissions(
100             className, classPK, groupId, actionIds, resourceId);
101     }
102 
103     public void setOrgGroupPermissions(
104             long organizationId, long groupId, String[] actionIds,
105             long resourceId)
106         throws PortalException, SystemException {
107 
108         checkPermission(getPermissionChecker(), groupId, resourceId);
109 
110         permissionLocalService.setOrgGroupPermissions(
111             organizationId, groupId, actionIds, resourceId);
112     }
113 
114     public void setRolePermission(
115             long roleId, long groupId, String name, int scope, String primKey,
116             String actionId)
117         throws PortalException, SystemException {
118 
119         checkPermission(
120             getPermissionChecker(), groupId, Role.class.getName(), roleId);
121 
122         permissionLocalService.setRolePermission(
123             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
124     }
125 
126     public void setRolePermissions(
127             long roleId, long groupId, String[] actionIds, long resourceId)
128         throws PortalException, SystemException {
129 
130         checkPermission(getPermissionChecker(), groupId, resourceId);
131 
132         permissionLocalService.setRolePermissions(
133             roleId, actionIds, resourceId);
134     }
135 
136     public void setUserPermissions(
137             long userId, long groupId, String[] actionIds, long resourceId)
138         throws PortalException, SystemException {
139 
140         checkPermission(getPermissionChecker(), groupId, resourceId);
141 
142         permissionLocalService.setUserPermissions(
143             userId, actionIds, resourceId);
144     }
145 
146     public void unsetRolePermission(
147             long roleId, long groupId, long permissionId)
148         throws SystemException, PortalException {
149 
150         checkPermission(
151             getPermissionChecker(), groupId, Role.class.getName(), roleId);
152 
153         permissionLocalService.unsetRolePermission(roleId, permissionId);
154     }
155 
156     public void unsetRolePermission(
157             long roleId, long groupId, String name, int scope, String primKey,
158             String actionId)
159         throws PortalException, SystemException {
160 
161         checkPermission(
162             getPermissionChecker(), groupId, Role.class.getName(), roleId);
163 
164         permissionLocalService.unsetRolePermission(
165             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
166     }
167 
168     public void unsetRolePermissions(
169             long roleId, long groupId, String name, int scope, String actionId)
170         throws PortalException, SystemException {
171 
172         checkPermission(
173             getPermissionChecker(), groupId, Role.class.getName(), roleId);
174 
175         permissionLocalService.unsetRolePermissions(
176             roleId, getUser().getCompanyId(), name, scope, actionId);
177     }
178 
179     public void unsetUserPermissions(
180             long userId, long groupId, String[] actionIds, long resourceId)
181         throws PortalException, SystemException {
182 
183         checkPermission(getPermissionChecker(), groupId, resourceId);
184 
185         permissionLocalService.unsetUserPermissions(
186             userId, actionIds, resourceId);
187     }
188 
189     protected void checkPermission(
190             PermissionChecker permissionChecker, long groupId,
191             long resourceId)
192         throws PortalException, SystemException {
193 
194         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
195 
196         checkPermission(
197             permissionChecker, groupId, resource.getName(),
198             resource.getPrimKey().toString());
199     }
200 
201     protected void checkPermission(
202             PermissionChecker permissionChecker, long groupId, String name,
203             long primKey)
204         throws PortalException, SystemException {
205 
206         checkPermission(
207             permissionChecker, groupId, name, String.valueOf(primKey));
208     }
209 
210     protected void checkPermission(
211             PermissionChecker permissionChecker, long groupId, String name,
212             String primKey)
213         throws PortalException, SystemException {
214 
215         if (name.equals(Group.class.getName())) {
216             GroupPermissionUtil.check(
217                 permissionChecker, GetterUtil.getLong(primKey),
218                 ActionKeys.PERMISSIONS);
219         }
220         else if (name.equals(Layout.class.getName())) {
221             long plid = GetterUtil.getLong(primKey);
222 
223             Layout layout = layoutPersistence.findByPrimaryKey(plid);
224 
225             GroupPermissionUtil.check(
226                 permissionChecker, layout.getGroupId(),
227                 ActionKeys.MANAGE_LAYOUTS);
228         }
229         else if (name.equals(User.class.getName())) {
230             long userId = GetterUtil.getLong(primKey);
231 
232             User user = userPersistence.findByPrimaryKey(userId);
233 
234             UserPermissionUtil.check(
235                 permissionChecker, userId, user.getOrganizationIds(),
236                 ActionKeys.PERMISSIONS);
237         }
238         else if ((primKey != null) &&
239                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
240 
241             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
242 
243             long plid = GetterUtil.getLong(primKey.substring(0, pos));
244 
245             String portletId = primKey.substring(
246                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
247                 primKey.length());
248 
249             if (!PortletPermissionUtil.contains(
250                     permissionChecker, plid, portletId,
251                     ActionKeys.CONFIGURATION)) {
252 
253                 throw new PrincipalException();
254             }
255         }
256         else if (!permissionChecker.hasPermission(
257                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
258                  !permissionChecker.hasPermission(
259                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
260 
261             throw new PrincipalException();
262         }
263     }
264 
265 }