1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.permission;
21  
22  import com.liferay.portal.PortalException;
23  import com.liferay.portal.SystemException;
24  import com.liferay.portal.model.Group;
25  import com.liferay.portal.model.Organization;
26  import com.liferay.portal.security.auth.PrincipalException;
27  import com.liferay.portal.security.permission.ActionKeys;
28  import com.liferay.portal.security.permission.PermissionChecker;
29  import com.liferay.portal.service.GroupLocalServiceUtil;
30  import com.liferay.portal.service.OrganizationLocalServiceUtil;
31  
32  import java.util.List;
33  
34  /**
35   * <a href="GroupPermissionImpl.java.html"><b><i>View Source</i></b></a>
36   *
37   * @author Brian Wing Shun Chan
38   *
39   */
40  public class GroupPermissionImpl implements GroupPermission {
41  
42      public void check(
43              PermissionChecker permissionChecker, long groupId,
44              String actionId)
45          throws PortalException, SystemException {
46  
47          if (!contains(permissionChecker, groupId, actionId)) {
48              throw new PrincipalException();
49          }
50      }
51  
52      public boolean contains(
53              PermissionChecker permissionChecker, long groupId, String actionId)
54          throws PortalException, SystemException {
55  
56          if (actionId.equals(ActionKeys.MANAGE_LAYOUTS)) {
57              Group group = GroupLocalServiceUtil.getGroup(groupId);
58  
59              if (group.isOrganization()) {
60                  long organizationId = group.getClassPK();
61  
62                  return OrganizationPermissionUtil.contains(
63                      permissionChecker, organizationId, actionId);
64              }
65              else if (group.isUser()) {
66  
67                  // An individual user would never reach this block because he
68                  // would be an administrator of his own layouts. However, a user
69                  // who manages a set of organizations may be modifying pages of
70                  // a user he manages.
71  
72                  long userId = group.getClassPK();
73  
74                  List<Organization> organizations =
75                      OrganizationLocalServiceUtil.getUserOrganizations(
76                          userId);
77  
78                  for (Organization organization : organizations) {
79                      if (OrganizationPermissionUtil.contains(
80                              permissionChecker, organization.getOrganizationId(),
81                              ActionKeys.MANAGE_USERS)) {
82  
83                          return true;
84                      }
85                  }
86              }
87          }
88  
89          // Group id must be set so that users can modify their personal pages
90  
91          return permissionChecker.hasPermission(
92              groupId, Group.class.getName(), groupId, actionId);
93      }
94  
95  }