1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.service.impl;
21  
22  import com.liferay.portal.PortalException;
23  import com.liferay.portal.SystemException;
24  import com.liferay.portal.kernel.util.GetterUtil;
25  import com.liferay.portal.model.Group;
26  import com.liferay.portal.model.Layout;
27  import com.liferay.portal.model.PortletConstants;
28  import com.liferay.portal.model.Resource;
29  import com.liferay.portal.model.Role;
30  import com.liferay.portal.model.User;
31  import com.liferay.portal.security.auth.PrincipalException;
32  import com.liferay.portal.security.permission.ActionKeys;
33  import com.liferay.portal.security.permission.PermissionChecker;
34  import com.liferay.portal.security.permission.PermissionCheckerBag;
35  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
36  import com.liferay.portal.service.permission.GroupPermissionUtil;
37  import com.liferay.portal.service.permission.PortletPermissionUtil;
38  import com.liferay.portal.service.permission.UserPermissionUtil;
39  
40  /**
41   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
42   *
43   * @author Brian Wing Shun Chan
44   *
45   */
46  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
47  
48      public void checkPermission(long groupId, String name, String primKey)
49          throws PortalException, SystemException {
50  
51          checkPermission(getPermissionChecker(), groupId, name, primKey);
52      }
53  
54      public boolean hasGroupPermission(
55              long groupId, String actionId, long resourceId)
56          throws SystemException {
57  
58          return permissionLocalService.hasGroupPermission(
59              groupId, actionId, resourceId);
60      }
61  
62      public boolean hasUserPermission(
63              long userId, String actionId, long resourceId)
64          throws SystemException {
65  
66          return permissionLocalService.hasUserPermission(
67              userId, actionId, resourceId);
68      }
69  
70      public boolean hasUserPermissions(
71              long userId, long groupId, String actionId, long[] resourceIds,
72              PermissionCheckerBag permissionCheckerBag)
73          throws SystemException {
74  
75          return permissionLocalService.hasUserPermissions(
76              userId, groupId, actionId, resourceIds, permissionCheckerBag);
77      }
78  
79      public void setGroupPermissions(
80              long groupId, String[] actionIds, long resourceId)
81          throws PortalException, SystemException {
82  
83          checkPermission(getPermissionChecker(), groupId, resourceId);
84  
85          permissionLocalService.setGroupPermissions(
86              groupId, actionIds, resourceId);
87      }
88  
89      public void setGroupPermissions(
90              String className, String classPK, long groupId,
91              String[] actionIds, long resourceId)
92          throws PortalException, SystemException {
93  
94          checkPermission(getPermissionChecker(), groupId, resourceId);
95  
96          permissionLocalService.setGroupPermissions(
97              className, classPK, groupId, actionIds, resourceId);
98      }
99  
100     public void setOrgGroupPermissions(
101             long organizationId, long groupId, String[] actionIds,
102             long resourceId)
103         throws PortalException, SystemException {
104 
105         checkPermission(getPermissionChecker(), groupId, resourceId);
106 
107         permissionLocalService.setOrgGroupPermissions(
108             organizationId, groupId, actionIds, resourceId);
109     }
110 
111     public void setRolePermission(
112             long roleId, long groupId, String name, int scope, String primKey,
113             String actionId)
114         throws PortalException, SystemException {
115 
116         checkPermission(
117             getPermissionChecker(), groupId, Role.class.getName(), roleId);
118 
119         permissionLocalService.setRolePermission(
120             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
121     }
122 
123     public void setRolePermissions(
124             long roleId, long groupId, String[] actionIds, long resourceId)
125         throws PortalException, SystemException {
126 
127         checkPermission(getPermissionChecker(), groupId, resourceId);
128 
129         permissionLocalService.setRolePermissions(
130             roleId, actionIds, resourceId);
131     }
132 
133     public void setUserPermissions(
134             long userId, long groupId, String[] actionIds, long resourceId)
135         throws PortalException, SystemException {
136 
137         checkPermission(getPermissionChecker(), groupId, resourceId);
138 
139         permissionLocalService.setUserPermissions(
140             userId, actionIds, resourceId);
141     }
142 
143     public void unsetRolePermission(
144             long roleId, long groupId, long permissionId)
145         throws SystemException, PortalException {
146 
147         checkPermission(
148             getPermissionChecker(), groupId, Role.class.getName(), roleId);
149 
150         permissionLocalService.unsetRolePermission(roleId, permissionId);
151     }
152 
153     public void unsetRolePermission(
154             long roleId, long groupId, String name, int scope, String primKey,
155             String actionId)
156         throws PortalException, SystemException {
157 
158         checkPermission(
159             getPermissionChecker(), groupId, Role.class.getName(), roleId);
160 
161         permissionLocalService.unsetRolePermission(
162             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
163     }
164 
165     public void unsetRolePermissions(
166             long roleId, long groupId, String name, int scope, String actionId)
167         throws PortalException, SystemException {
168 
169         checkPermission(
170             getPermissionChecker(), groupId, Role.class.getName(), roleId);
171 
172         permissionLocalService.unsetRolePermissions(
173             roleId, getUser().getCompanyId(), name, scope, actionId);
174     }
175 
176     public void unsetUserPermissions(
177             long userId, long groupId, String[] actionIds, long resourceId)
178         throws PortalException, SystemException {
179 
180         checkPermission(getPermissionChecker(), groupId, resourceId);
181 
182         permissionLocalService.unsetUserPermissions(
183             userId, actionIds, resourceId);
184     }
185 
186     protected void checkPermission(
187             PermissionChecker permissionChecker, long groupId,
188             long resourceId)
189         throws PortalException, SystemException {
190 
191         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
192 
193         checkPermission(
194             permissionChecker, groupId, resource.getName(),
195             resource.getPrimKey().toString());
196     }
197 
198     protected void checkPermission(
199             PermissionChecker permissionChecker, long groupId, String name,
200             long primKey)
201         throws PortalException, SystemException {
202 
203         checkPermission(
204             permissionChecker, groupId, name, String.valueOf(primKey));
205     }
206 
207     protected void checkPermission(
208             PermissionChecker permissionChecker, long groupId, String name,
209             String primKey)
210         throws PortalException, SystemException {
211 
212         if (name.equals(Group.class.getName())) {
213             GroupPermissionUtil.check(
214                 permissionChecker, GetterUtil.getLong(primKey),
215                 ActionKeys.PERMISSIONS);
216         }
217         else if (name.equals(Layout.class.getName())) {
218             long plid = GetterUtil.getLong(primKey);
219 
220             Layout layout = layoutPersistence.findByPrimaryKey(plid);
221 
222             GroupPermissionUtil.check(
223                 permissionChecker, layout.getGroupId(),
224                 ActionKeys.MANAGE_LAYOUTS);
225         }
226         else if (name.equals(User.class.getName())) {
227             long userId = GetterUtil.getLong(primKey);
228 
229             User user = userPersistence.findByPrimaryKey(userId);
230 
231             UserPermissionUtil.check(
232                 permissionChecker, userId, user.getOrganizationIds(),
233                 ActionKeys.PERMISSIONS);
234         }
235         else if ((primKey != null) &&
236                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
237 
238             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
239 
240             long plid = GetterUtil.getLong(primKey.substring(0, pos));
241 
242             String portletId = primKey.substring(
243                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
244                 primKey.length());
245 
246             if (!PortletPermissionUtil.contains(
247                     permissionChecker, plid, portletId,
248                     ActionKeys.CONFIGURATION)) {
249 
250                 throw new PrincipalException();
251             }
252         }
253         else if (!permissionChecker.hasPermission(
254                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
255                  !permissionChecker.hasPermission(
256                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
257 
258             throw new PrincipalException();
259         }
260     }
261 
262 }