1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39  import com.liferay.portal.service.permission.GroupPermissionUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.service.permission.UserPermissionUtil;
42  import com.liferay.portlet.blogs.model.BlogsEntry;
43  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
44  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
45  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
46  import com.liferay.portlet.calendar.model.CalEvent;
47  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
48  import com.liferay.portlet.documentlibrary.model.DLFolder;
49  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
50  import com.liferay.portlet.imagegallery.model.IGFolder;
51  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
52  import com.liferay.portlet.journal.model.JournalArticle;
53  import com.liferay.portlet.journal.model.JournalFeed;
54  import com.liferay.portlet.journal.model.JournalStructure;
55  import com.liferay.portlet.journal.model.JournalTemplate;
56  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
57  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
58  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
59  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
60  import com.liferay.portlet.messageboards.model.MBCategory;
61  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
62  import com.liferay.portlet.polls.model.PollsQuestion;
63  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
64  import com.liferay.portlet.shopping.model.ShoppingCategory;
65  import com.liferay.portlet.shopping.model.ShoppingItem;
66  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
67  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
68  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
69  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
70  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
71  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
72  import com.liferay.portlet.wiki.model.WikiNode;
73  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
74  
75  import java.util.List;
76  
77  /**
78   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
79   *
80   * @author Brian Wing Shun Chan
81   * @author Raymond Augé
82   */
83  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
84  
85      public void checkPermission(long groupId, long resourceId)
86          throws PortalException, SystemException {
87  
88          checkPermission(getPermissionChecker(), groupId, resourceId);
89      }
90  
91      public void checkPermission(long groupId, String name, long primKey)
92          throws PortalException, SystemException {
93  
94          checkPermission(getPermissionChecker(), groupId, name, primKey);
95      }
96  
97      public void checkPermission(long groupId, String name, String primKey)
98          throws PortalException, SystemException {
99  
100         checkPermission(getPermissionChecker(), groupId, name, primKey);
101     }
102 
103     public boolean hasGroupPermission(
104             long groupId, String actionId, long resourceId)
105         throws SystemException {
106 
107         return permissionLocalService.hasGroupPermission(
108             groupId, actionId, resourceId);
109     }
110 
111     public boolean hasUserPermission(
112             long userId, String actionId, long resourceId)
113         throws SystemException {
114 
115         return permissionLocalService.hasUserPermission(
116             userId, actionId, resourceId);
117     }
118 
119     public boolean hasUserPermissions(
120             long userId, long groupId, List<Resource> resources,
121             String actionId, PermissionCheckerBag permissionCheckerBag)
122         throws PortalException, SystemException {
123 
124         return permissionLocalService.hasUserPermissions(
125             userId, groupId, resources, actionId, permissionCheckerBag);
126     }
127 
128     public void setGroupPermissions(
129             long groupId, String[] actionIds, long resourceId)
130         throws PortalException, SystemException {
131 
132         checkPermission(getPermissionChecker(), groupId, resourceId);
133 
134         permissionLocalService.setGroupPermissions(
135             groupId, actionIds, resourceId);
136     }
137 
138     public void setGroupPermissions(
139             String className, String classPK, long groupId,
140             String[] actionIds, long resourceId)
141         throws PortalException, SystemException {
142 
143         checkPermission(getPermissionChecker(), groupId, resourceId);
144 
145         permissionLocalService.setGroupPermissions(
146             className, classPK, groupId, actionIds, resourceId);
147     }
148 
149     public void setOrgGroupPermissions(
150             long organizationId, long groupId, String[] actionIds,
151             long resourceId)
152         throws PortalException, SystemException {
153 
154         checkPermission(getPermissionChecker(), groupId, resourceId);
155 
156         permissionLocalService.setOrgGroupPermissions(
157             organizationId, groupId, actionIds, resourceId);
158     }
159 
160     public void setRolePermission(
161             long roleId, long groupId, String name, int scope, String primKey,
162             String actionId)
163         throws PortalException, SystemException {
164 
165         checkPermission(
166             getPermissionChecker(), groupId, Role.class.getName(), roleId);
167 
168         permissionLocalService.setRolePermission(
169             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
170     }
171 
172     public void setRolePermissions(
173             long roleId, long groupId, String[] actionIds, long resourceId)
174         throws PortalException, SystemException {
175 
176         checkPermission(getPermissionChecker(), groupId, resourceId);
177 
178         permissionLocalService.setRolePermissions(
179             roleId, actionIds, resourceId);
180     }
181 
182     public void setUserPermissions(
183             long userId, long groupId, String[] actionIds, long resourceId)
184         throws PortalException, SystemException {
185 
186         checkPermission(getPermissionChecker(), groupId, resourceId);
187 
188         permissionLocalService.setUserPermissions(
189             userId, actionIds, resourceId);
190     }
191 
192     public void unsetRolePermission(
193             long roleId, long groupId, long permissionId)
194         throws SystemException, PortalException {
195 
196         checkPermission(
197             getPermissionChecker(), groupId, Role.class.getName(), roleId);
198 
199         permissionLocalService.unsetRolePermission(roleId, permissionId);
200     }
201 
202     public void unsetRolePermission(
203             long roleId, long groupId, String name, int scope, String primKey,
204             String actionId)
205         throws PortalException, SystemException {
206 
207         checkPermission(
208             getPermissionChecker(), groupId, Role.class.getName(), roleId);
209 
210         permissionLocalService.unsetRolePermission(
211             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
212     }
213 
214     public void unsetRolePermissions(
215             long roleId, long groupId, String name, int scope, String actionId)
216         throws PortalException, SystemException {
217 
218         checkPermission(
219             getPermissionChecker(), groupId, Role.class.getName(), roleId);
220 
221         permissionLocalService.unsetRolePermissions(
222             roleId, getUser().getCompanyId(), name, scope, actionId);
223     }
224 
225     public void unsetUserPermissions(
226             long userId, long groupId, String[] actionIds, long resourceId)
227         throws PortalException, SystemException {
228 
229         checkPermission(getPermissionChecker(), groupId, resourceId);
230 
231         permissionLocalService.unsetUserPermissions(
232             userId, actionIds, resourceId);
233     }
234 
235     protected void checkPermission(
236             PermissionChecker permissionChecker, long groupId,
237             long resourceId)
238         throws PortalException, SystemException {
239 
240         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
241 
242         checkPermission(
243             permissionChecker, groupId, resource.getName(),
244             resource.getPrimKey().toString());
245     }
246 
247     protected void checkPermission(
248             PermissionChecker permissionChecker, long groupId, String name,
249             long primKey)
250         throws PortalException, SystemException {
251 
252         checkPermission(
253             permissionChecker, groupId, name, String.valueOf(primKey));
254     }
255 
256     protected void checkPermission(
257             PermissionChecker permissionChecker, long groupId, String name,
258             String primKey)
259         throws PortalException, SystemException {
260 
261         if (name.equals(BlogsEntry.class.getName())) {
262             BlogsEntryPermission.check(
263                 permissionChecker, GetterUtil.getLong(primKey),
264                 ActionKeys.PERMISSIONS);
265         }
266         else if (name.equals(BookmarksFolder.class.getName())) {
267             BookmarksFolderPermission.check(
268                 permissionChecker, GetterUtil.getLong(primKey),
269                 ActionKeys.PERMISSIONS);
270         }
271         else if (name.equals(CalEvent.class.getName())) {
272             CalEventPermission.check(
273                 permissionChecker, GetterUtil.getLong(primKey),
274                 ActionKeys.PERMISSIONS);
275         }
276         else if (name.equals(DLFolder.class.getName())) {
277             DLFolderPermission.check(
278                 permissionChecker, GetterUtil.getLong(primKey),
279                 ActionKeys.PERMISSIONS);
280         }
281         else if (name.equals(Group.class.getName())) {
282             GroupPermissionUtil.check(
283                 permissionChecker, GetterUtil.getLong(primKey),
284                 ActionKeys.PERMISSIONS);
285         }
286         else if (name.equals(IGFolder.class.getName())) {
287             IGFolderPermission.check(
288                 permissionChecker, GetterUtil.getLong(primKey),
289                 ActionKeys.PERMISSIONS);
290         }
291         else if (name.equals(JournalArticle.class.getName())) {
292             JournalArticlePermission.check(
293                 permissionChecker, GetterUtil.getLong(primKey),
294                 ActionKeys.PERMISSIONS);
295         }
296         else if (name.equals(JournalFeed.class.getName())) {
297             JournalFeedPermission.check(
298                 permissionChecker, GetterUtil.getLong(primKey),
299                 ActionKeys.PERMISSIONS);
300         }
301         else if (name.equals(JournalStructure.class.getName())) {
302             JournalStructurePermission.check(
303                 permissionChecker, GetterUtil.getLong(primKey),
304                 ActionKeys.PERMISSIONS);
305         }
306         else if (name.equals(JournalTemplate.class.getName())) {
307             JournalTemplatePermission.check(
308                 permissionChecker, GetterUtil.getLong(primKey),
309                 ActionKeys.PERMISSIONS);
310         }
311         else if (name.equals(Layout.class.getName())) {
312             long plid = GetterUtil.getLong(primKey);
313 
314             Layout layout = layoutPersistence.findByPrimaryKey(plid);
315 
316             GroupPermissionUtil.check(
317                 permissionChecker, layout.getGroupId(),
318                 ActionKeys.MANAGE_LAYOUTS);
319         }
320         else if (name.equals(MBCategory.class.getName())) {
321             MBCategoryPermission.check(
322                 permissionChecker, GetterUtil.getLong(primKey),
323                 ActionKeys.PERMISSIONS);
324         }
325         else if (name.equals(PollsQuestion.class.getName())) {
326             PollsQuestionPermission.check(
327                 permissionChecker, GetterUtil.getLong(primKey),
328                 ActionKeys.PERMISSIONS);
329         }
330         else if (name.equals(SCFrameworkVersion.class.getName())) {
331             SCFrameworkVersionPermission.check(
332                 permissionChecker, GetterUtil.getLong(primKey),
333                 ActionKeys.PERMISSIONS);
334         }
335         else if (name.equals(SCProductEntry.class.getName())) {
336             SCProductEntryPermission.check(
337                 permissionChecker, GetterUtil.getLong(primKey),
338                 ActionKeys.PERMISSIONS);
339         }
340         else if (name.equals(ShoppingCategory.class.getName())) {
341             ShoppingCategoryPermission.check(
342                 permissionChecker, GetterUtil.getLong(primKey),
343                 ActionKeys.PERMISSIONS);
344         }
345         else if (name.equals(ShoppingItem.class.getName())) {
346             ShoppingItemPermission.check(
347                 permissionChecker, GetterUtil.getLong(primKey),
348                 ActionKeys.PERMISSIONS);
349         }
350         else if (name.equals(User.class.getName())) {
351             long userId = GetterUtil.getLong(primKey);
352 
353             User user = userPersistence.findByPrimaryKey(userId);
354 
355             UserPermissionUtil.check(
356                 permissionChecker, userId, user.getOrganizationIds(),
357                 ActionKeys.PERMISSIONS);
358         }
359         else if (name.equals(WikiNode.class.getName())) {
360             WikiNodePermission.check(
361                 permissionChecker, GetterUtil.getLong(primKey),
362                 ActionKeys.PERMISSIONS);
363         }
364         else if ((primKey != null) &&
365                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
366 
367             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
368 
369             long plid = GetterUtil.getLong(primKey.substring(0, pos));
370 
371             String portletId = primKey.substring(
372                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
373                 primKey.length());
374 
375             PortletPermissionUtil.check(
376                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
377         }
378         else if (!permissionChecker.hasPermission(
379                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
380                  !permissionChecker.hasPermission(
381                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
382 
383             throw new PrincipalException();
384         }
385     }
386 
387 }