1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.permission;
16  
17  import com.liferay.portal.kernel.exception.PortalException;
18  import com.liferay.portal.kernel.exception.SystemException;
19  import com.liferay.portal.model.Group;
20  import com.liferay.portal.model.Organization;
21  import com.liferay.portal.security.auth.PrincipalException;
22  import com.liferay.portal.security.permission.ActionKeys;
23  import com.liferay.portal.security.permission.PermissionChecker;
24  import com.liferay.portal.service.GroupLocalServiceUtil;
25  import com.liferay.portal.service.OrganizationLocalServiceUtil;
26  
27  import java.util.List;
28  
29  /**
30   * <a href="GroupPermissionImpl.java.html"><b><i>View Source</i></b></a>
31   *
32   * @author Brian Wing Shun Chan
33   */
34  public class GroupPermissionImpl implements GroupPermission {
35  
36      public void check(
37              PermissionChecker permissionChecker, long groupId,
38              String actionId)
39          throws PortalException, SystemException {
40  
41          if (!contains(permissionChecker, groupId, actionId)) {
42              throw new PrincipalException();
43          }
44      }
45  
46      public boolean contains(
47              PermissionChecker permissionChecker, long groupId, String actionId)
48          throws PortalException, SystemException {
49  
50          Group group = GroupLocalServiceUtil.getGroup(groupId);
51  
52          if (group.isStagingGroup()) {
53              group = group.getLiveGroup();
54          }
55  
56          if (group.isOrganization()) {
57              long organizationId = group.getClassPK();
58  
59              return OrganizationPermissionUtil.contains(
60                  permissionChecker, organizationId, actionId);
61          }
62          else if (group.isUser()) {
63  
64              // An individual user would never reach this block because he would
65              // be an administrator of his own layouts. However, a user who
66              // manages a set of organizations may be modifying pages of a user
67              // he manages.
68  
69              long userId = group.getClassPK();
70  
71              List<Organization> organizations =
72                  OrganizationLocalServiceUtil.getUserOrganizations(userId);
73  
74              for (Organization organization : organizations) {
75                  if (OrganizationPermissionUtil.contains(
76                          permissionChecker, organization.getOrganizationId(),
77                          ActionKeys.MANAGE_USERS)) {
78  
79                      return true;
80                  }
81              }
82          }
83  
84          // Group id must be set so that users can modify their personal pages
85  
86          return permissionChecker.hasPermission(
87              groupId, Group.class.getName(), groupId, actionId);
88      }
89  
90  }