1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.kernel.exception.PortalException;
18  import com.liferay.portal.kernel.exception.SystemException;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.model.Group;
21  import com.liferay.portal.model.Layout;
22  import com.liferay.portal.model.PortletConstants;
23  import com.liferay.portal.model.Resource;
24  import com.liferay.portal.model.Role;
25  import com.liferay.portal.model.User;
26  import com.liferay.portal.security.auth.PrincipalException;
27  import com.liferay.portal.security.permission.ActionKeys;
28  import com.liferay.portal.security.permission.PermissionChecker;
29  import com.liferay.portal.security.permission.PermissionCheckerBag;
30  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
31  import com.liferay.portal.service.permission.GroupPermissionUtil;
32  import com.liferay.portal.service.permission.PortletPermissionUtil;
33  import com.liferay.portal.service.permission.UserPermissionUtil;
34  import com.liferay.portlet.blogs.model.BlogsEntry;
35  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
36  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
37  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
38  import com.liferay.portlet.calendar.model.CalEvent;
39  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
40  import com.liferay.portlet.documentlibrary.model.DLFileEntry;
41  import com.liferay.portlet.documentlibrary.model.DLFolder;
42  import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
43  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
44  import com.liferay.portlet.imagegallery.model.IGFolder;
45  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
46  import com.liferay.portlet.journal.model.JournalArticle;
47  import com.liferay.portlet.journal.model.JournalFeed;
48  import com.liferay.portlet.journal.model.JournalStructure;
49  import com.liferay.portlet.journal.model.JournalTemplate;
50  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
51  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
52  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
53  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
54  import com.liferay.portlet.messageboards.model.MBCategory;
55  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
56  import com.liferay.portlet.polls.model.PollsQuestion;
57  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
58  import com.liferay.portlet.shopping.model.ShoppingCategory;
59  import com.liferay.portlet.shopping.model.ShoppingItem;
60  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
61  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
62  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
63  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
64  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
65  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
66  import com.liferay.portlet.wiki.model.WikiNode;
67  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
68  
69  import java.util.List;
70  
71  /**
72   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
73   *
74   * @author Brian Wing Shun Chan
75   * @author Raymond Augé
76   */
77  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
78  
79      public void checkPermission(long groupId, long resourceId)
80          throws PortalException, SystemException {
81  
82          checkPermission(getPermissionChecker(), groupId, resourceId);
83      }
84  
85      public void checkPermission(long groupId, String name, long primKey)
86          throws PortalException, SystemException {
87  
88          checkPermission(getPermissionChecker(), groupId, name, primKey);
89      }
90  
91      public void checkPermission(long groupId, String name, String primKey)
92          throws PortalException, SystemException {
93  
94          checkPermission(getPermissionChecker(), groupId, name, primKey);
95      }
96  
97      public boolean hasGroupPermission(
98              long groupId, String actionId, long resourceId)
99          throws SystemException {
100 
101         return permissionLocalService.hasGroupPermission(
102             groupId, actionId, resourceId);
103     }
104 
105     public boolean hasUserPermission(
106             long userId, String actionId, long resourceId)
107         throws SystemException {
108 
109         return permissionLocalService.hasUserPermission(
110             userId, actionId, resourceId);
111     }
112 
113     public boolean hasUserPermissions(
114             long userId, long groupId, List<Resource> resources,
115             String actionId, PermissionCheckerBag permissionCheckerBag)
116         throws PortalException, SystemException {
117 
118         return permissionLocalService.hasUserPermissions(
119             userId, groupId, resources, actionId, permissionCheckerBag);
120     }
121 
122     public void setGroupPermissions(
123             long groupId, String[] actionIds, long resourceId)
124         throws PortalException, SystemException {
125 
126         checkPermission(getPermissionChecker(), groupId, resourceId);
127 
128         permissionLocalService.setGroupPermissions(
129             groupId, actionIds, resourceId);
130     }
131 
132     public void setGroupPermissions(
133             String className, String classPK, long groupId,
134             String[] actionIds, long resourceId)
135         throws PortalException, SystemException {
136 
137         checkPermission(getPermissionChecker(), groupId, resourceId);
138 
139         permissionLocalService.setGroupPermissions(
140             className, classPK, groupId, actionIds, resourceId);
141     }
142 
143     public void setOrgGroupPermissions(
144             long organizationId, long groupId, String[] actionIds,
145             long resourceId)
146         throws PortalException, SystemException {
147 
148         checkPermission(getPermissionChecker(), groupId, resourceId);
149 
150         permissionLocalService.setOrgGroupPermissions(
151             organizationId, groupId, actionIds, resourceId);
152     }
153 
154     public void setRolePermission(
155             long roleId, long groupId, String name, int scope, String primKey,
156             String actionId)
157         throws PortalException, SystemException {
158 
159         checkPermission(
160             getPermissionChecker(), groupId, Role.class.getName(), roleId);
161 
162         permissionLocalService.setRolePermission(
163             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
164     }
165 
166     public void setRolePermissions(
167             long roleId, long groupId, String[] actionIds, long resourceId)
168         throws PortalException, SystemException {
169 
170         checkPermission(getPermissionChecker(), groupId, resourceId);
171 
172         permissionLocalService.setRolePermissions(
173             roleId, actionIds, resourceId);
174     }
175 
176     public void setUserPermissions(
177             long userId, long groupId, String[] actionIds, long resourceId)
178         throws PortalException, SystemException {
179 
180         checkPermission(getPermissionChecker(), groupId, resourceId);
181 
182         permissionLocalService.setUserPermissions(
183             userId, actionIds, resourceId);
184     }
185 
186     public void unsetRolePermission(
187             long roleId, long groupId, long permissionId)
188         throws SystemException, PortalException {
189 
190         checkPermission(
191             getPermissionChecker(), groupId, Role.class.getName(), roleId);
192 
193         permissionLocalService.unsetRolePermission(roleId, permissionId);
194     }
195 
196     public void unsetRolePermission(
197             long roleId, long groupId, String name, int scope, String primKey,
198             String actionId)
199         throws PortalException, SystemException {
200 
201         checkPermission(
202             getPermissionChecker(), groupId, Role.class.getName(), roleId);
203 
204         permissionLocalService.unsetRolePermission(
205             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
206     }
207 
208     public void unsetRolePermissions(
209             long roleId, long groupId, String name, int scope, String actionId)
210         throws PortalException, SystemException {
211 
212         checkPermission(
213             getPermissionChecker(), groupId, Role.class.getName(), roleId);
214 
215         permissionLocalService.unsetRolePermissions(
216             roleId, getUser().getCompanyId(), name, scope, actionId);
217     }
218 
219     public void unsetUserPermissions(
220             long userId, long groupId, String[] actionIds, long resourceId)
221         throws PortalException, SystemException {
222 
223         checkPermission(getPermissionChecker(), groupId, resourceId);
224 
225         permissionLocalService.unsetUserPermissions(
226             userId, actionIds, resourceId);
227     }
228 
229     protected void checkPermission(
230             PermissionChecker permissionChecker, long groupId,
231             long resourceId)
232         throws PortalException, SystemException {
233 
234         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
235 
236         checkPermission(
237             permissionChecker, groupId, resource.getName(),
238             resource.getPrimKey().toString());
239     }
240 
241     protected void checkPermission(
242             PermissionChecker permissionChecker, long groupId, String name,
243             long primKey)
244         throws PortalException, SystemException {
245 
246         checkPermission(
247             permissionChecker, groupId, name, String.valueOf(primKey));
248     }
249 
250     protected void checkPermission(
251             PermissionChecker permissionChecker, long groupId, String name,
252             String primKey)
253         throws PortalException, SystemException {
254 
255         if (name.equals(BlogsEntry.class.getName())) {
256             BlogsEntryPermission.check(
257                 permissionChecker, GetterUtil.getLong(primKey),
258                 ActionKeys.PERMISSIONS);
259         }
260         else if (name.equals(BookmarksFolder.class.getName())) {
261             BookmarksFolderPermission.check(
262                 permissionChecker, groupId, GetterUtil.getLong(primKey),
263                 ActionKeys.PERMISSIONS);
264         }
265         else if (name.equals(CalEvent.class.getName())) {
266             CalEventPermission.check(
267                 permissionChecker, GetterUtil.getLong(primKey),
268                 ActionKeys.PERMISSIONS);
269         }
270         else if (name.equals(DLFileEntry.class.getName())) {
271             DLFileEntryPermission.check(
272                 permissionChecker, GetterUtil.getLong(primKey),
273                 ActionKeys.PERMISSIONS);
274         }
275         else if (name.equals(DLFolder.class.getName())) {
276             DLFolderPermission.check(
277                 permissionChecker, groupId, GetterUtil.getLong(primKey),
278                 ActionKeys.PERMISSIONS);
279         }
280         else if (name.equals(Group.class.getName())) {
281             GroupPermissionUtil.check(
282                 permissionChecker, GetterUtil.getLong(primKey),
283                 ActionKeys.PERMISSIONS);
284         }
285         else if (name.equals(IGFolder.class.getName())) {
286             IGFolderPermission.check(
287                 permissionChecker, groupId, GetterUtil.getLong(primKey),
288                 ActionKeys.PERMISSIONS);
289         }
290         else if (name.equals(JournalArticle.class.getName())) {
291             JournalArticlePermission.check(
292                 permissionChecker, GetterUtil.getLong(primKey),
293                 ActionKeys.PERMISSIONS);
294         }
295         else if (name.equals(JournalFeed.class.getName())) {
296             JournalFeedPermission.check(
297                 permissionChecker, GetterUtil.getLong(primKey),
298                 ActionKeys.PERMISSIONS);
299         }
300         else if (name.equals(JournalStructure.class.getName())) {
301             JournalStructurePermission.check(
302                 permissionChecker, GetterUtil.getLong(primKey),
303                 ActionKeys.PERMISSIONS);
304         }
305         else if (name.equals(JournalTemplate.class.getName())) {
306             JournalTemplatePermission.check(
307                 permissionChecker, GetterUtil.getLong(primKey),
308                 ActionKeys.PERMISSIONS);
309         }
310         else if (name.equals(Layout.class.getName())) {
311             long plid = GetterUtil.getLong(primKey);
312 
313             Layout layout = layoutPersistence.findByPrimaryKey(plid);
314 
315             GroupPermissionUtil.check(
316                 permissionChecker, layout.getGroupId(),
317                 ActionKeys.MANAGE_LAYOUTS);
318         }
319         else if (name.equals(MBCategory.class.getName())) {
320             MBCategoryPermission.check(
321                 permissionChecker, groupId, GetterUtil.getLong(primKey),
322                 ActionKeys.PERMISSIONS);
323         }
324         else if (name.equals(PollsQuestion.class.getName())) {
325             PollsQuestionPermission.check(
326                 permissionChecker, GetterUtil.getLong(primKey),
327                 ActionKeys.PERMISSIONS);
328         }
329         else if (name.equals(SCFrameworkVersion.class.getName())) {
330             SCFrameworkVersionPermission.check(
331                 permissionChecker, GetterUtil.getLong(primKey),
332                 ActionKeys.PERMISSIONS);
333         }
334         else if (name.equals(SCProductEntry.class.getName())) {
335             SCProductEntryPermission.check(
336                 permissionChecker, GetterUtil.getLong(primKey),
337                 ActionKeys.PERMISSIONS);
338         }
339         else if (name.equals(ShoppingCategory.class.getName())) {
340             ShoppingCategoryPermission.check(
341                 permissionChecker, groupId, GetterUtil.getLong(primKey),
342                 ActionKeys.PERMISSIONS);
343         }
344         else if (name.equals(ShoppingItem.class.getName())) {
345             ShoppingItemPermission.check(
346                 permissionChecker, GetterUtil.getLong(primKey),
347                 ActionKeys.PERMISSIONS);
348         }
349         else if (name.equals(User.class.getName())) {
350             long userId = GetterUtil.getLong(primKey);
351 
352             User user = userPersistence.findByPrimaryKey(userId);
353 
354             UserPermissionUtil.check(
355                 permissionChecker, userId, user.getOrganizationIds(),
356                 ActionKeys.PERMISSIONS);
357         }
358         else if (name.equals(WikiNode.class.getName())) {
359             WikiNodePermission.check(
360                 permissionChecker, GetterUtil.getLong(primKey),
361                 ActionKeys.PERMISSIONS);
362         }
363         else if ((primKey != null) &&
364                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
365 
366             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
367 
368             long plid = GetterUtil.getLong(primKey.substring(0, pos));
369 
370             String portletId = primKey.substring(
371                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
372                 primKey.length());
373 
374             PortletPermissionUtil.check(
375                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
376         }
377         else if (!permissionChecker.hasPermission(
378                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
379                  !permissionChecker.hasPermission(
380                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
381 
382             throw new PrincipalException();
383         }
384     }
385 
386 }