1
22
23 package com.liferay.portal.service.impl;
24
25 import com.liferay.portal.PortalException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.util.GetterUtil;
28 import com.liferay.portal.model.Group;
29 import com.liferay.portal.model.Layout;
30 import com.liferay.portal.model.PortletConstants;
31 import com.liferay.portal.model.Resource;
32 import com.liferay.portal.model.Role;
33 import com.liferay.portal.model.User;
34 import com.liferay.portal.security.auth.PrincipalException;
35 import com.liferay.portal.security.permission.ActionKeys;
36 import com.liferay.portal.security.permission.PermissionChecker;
37 import com.liferay.portal.security.permission.PermissionCheckerBag;
38 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39 import com.liferay.portal.service.permission.GroupPermissionUtil;
40 import com.liferay.portal.service.permission.PortletPermissionUtil;
41 import com.liferay.portal.service.permission.UserPermissionUtil;
42 import com.liferay.portlet.blogs.model.BlogsEntry;
43 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
44 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
45 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
46 import com.liferay.portlet.calendar.model.CalEvent;
47 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
48 import com.liferay.portlet.documentlibrary.model.DLFolder;
49 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
50 import com.liferay.portlet.imagegallery.model.IGFolder;
51 import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
52 import com.liferay.portlet.journal.model.JournalArticle;
53 import com.liferay.portlet.journal.model.JournalFeed;
54 import com.liferay.portlet.journal.model.JournalStructure;
55 import com.liferay.portlet.journal.model.JournalTemplate;
56 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
57 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
58 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
59 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
60 import com.liferay.portlet.messageboards.model.MBCategory;
61 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
62 import com.liferay.portlet.polls.model.PollsQuestion;
63 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
64 import com.liferay.portlet.shopping.model.ShoppingCategory;
65 import com.liferay.portlet.shopping.model.ShoppingItem;
66 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
67 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
68 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
69 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
70 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
71 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
72 import com.liferay.portlet.wiki.model.WikiNode;
73 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
74
75 import java.util.List;
76
77
84 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
85
86 public void checkPermission(long groupId, long resourceId)
87 throws PortalException, SystemException {
88
89 checkPermission(getPermissionChecker(), groupId, resourceId);
90 }
91
92 public void checkPermission(long groupId, String name, long primKey)
93 throws PortalException, SystemException {
94
95 checkPermission(getPermissionChecker(), groupId, name, primKey);
96 }
97
98 public void checkPermission(long groupId, String name, String primKey)
99 throws PortalException, SystemException {
100
101 checkPermission(getPermissionChecker(), groupId, name, primKey);
102 }
103
104 public boolean hasGroupPermission(
105 long groupId, String actionId, long resourceId)
106 throws SystemException {
107
108 return permissionLocalService.hasGroupPermission(
109 groupId, actionId, resourceId);
110 }
111
112 public boolean hasUserPermission(
113 long userId, String actionId, long resourceId)
114 throws SystemException {
115
116 return permissionLocalService.hasUserPermission(
117 userId, actionId, resourceId);
118 }
119
120 public boolean hasUserPermissions(
121 long userId, long groupId, List<Resource> resources,
122 String actionId, PermissionCheckerBag permissionCheckerBag)
123 throws PortalException, SystemException {
124
125 return permissionLocalService.hasUserPermissions(
126 userId, groupId, resources, actionId, permissionCheckerBag);
127 }
128
129 public void setGroupPermissions(
130 long groupId, String[] actionIds, long resourceId)
131 throws PortalException, SystemException {
132
133 checkPermission(getPermissionChecker(), groupId, resourceId);
134
135 permissionLocalService.setGroupPermissions(
136 groupId, actionIds, resourceId);
137 }
138
139 public void setGroupPermissions(
140 String className, String classPK, long groupId,
141 String[] actionIds, long resourceId)
142 throws PortalException, SystemException {
143
144 checkPermission(getPermissionChecker(), groupId, resourceId);
145
146 permissionLocalService.setGroupPermissions(
147 className, classPK, groupId, actionIds, resourceId);
148 }
149
150 public void setOrgGroupPermissions(
151 long organizationId, long groupId, String[] actionIds,
152 long resourceId)
153 throws PortalException, SystemException {
154
155 checkPermission(getPermissionChecker(), groupId, resourceId);
156
157 permissionLocalService.setOrgGroupPermissions(
158 organizationId, groupId, actionIds, resourceId);
159 }
160
161 public void setRolePermission(
162 long roleId, long groupId, String name, int scope, String primKey,
163 String actionId)
164 throws PortalException, SystemException {
165
166 checkPermission(
167 getPermissionChecker(), groupId, Role.class.getName(), roleId);
168
169 permissionLocalService.setRolePermission(
170 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
171 }
172
173 public void setRolePermissions(
174 long roleId, long groupId, String[] actionIds, long resourceId)
175 throws PortalException, SystemException {
176
177 checkPermission(getPermissionChecker(), groupId, resourceId);
178
179 permissionLocalService.setRolePermissions(
180 roleId, actionIds, resourceId);
181 }
182
183 public void setUserPermissions(
184 long userId, long groupId, String[] actionIds, long resourceId)
185 throws PortalException, SystemException {
186
187 checkPermission(getPermissionChecker(), groupId, resourceId);
188
189 permissionLocalService.setUserPermissions(
190 userId, actionIds, resourceId);
191 }
192
193 public void unsetRolePermission(
194 long roleId, long groupId, long permissionId)
195 throws SystemException, PortalException {
196
197 checkPermission(
198 getPermissionChecker(), groupId, Role.class.getName(), roleId);
199
200 permissionLocalService.unsetRolePermission(roleId, permissionId);
201 }
202
203 public void unsetRolePermission(
204 long roleId, long groupId, String name, int scope, String primKey,
205 String actionId)
206 throws PortalException, SystemException {
207
208 checkPermission(
209 getPermissionChecker(), groupId, Role.class.getName(), roleId);
210
211 permissionLocalService.unsetRolePermission(
212 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
213 }
214
215 public void unsetRolePermissions(
216 long roleId, long groupId, String name, int scope, String actionId)
217 throws PortalException, SystemException {
218
219 checkPermission(
220 getPermissionChecker(), groupId, Role.class.getName(), roleId);
221
222 permissionLocalService.unsetRolePermissions(
223 roleId, getUser().getCompanyId(), name, scope, actionId);
224 }
225
226 public void unsetUserPermissions(
227 long userId, long groupId, String[] actionIds, long resourceId)
228 throws PortalException, SystemException {
229
230 checkPermission(getPermissionChecker(), groupId, resourceId);
231
232 permissionLocalService.unsetUserPermissions(
233 userId, actionIds, resourceId);
234 }
235
236 protected void checkPermission(
237 PermissionChecker permissionChecker, long groupId,
238 long resourceId)
239 throws PortalException, SystemException {
240
241 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
242
243 checkPermission(
244 permissionChecker, groupId, resource.getName(),
245 resource.getPrimKey().toString());
246 }
247
248 protected void checkPermission(
249 PermissionChecker permissionChecker, long groupId, String name,
250 long primKey)
251 throws PortalException, SystemException {
252
253 checkPermission(
254 permissionChecker, groupId, name, String.valueOf(primKey));
255 }
256
257 protected void checkPermission(
258 PermissionChecker permissionChecker, long groupId, String name,
259 String primKey)
260 throws PortalException, SystemException {
261
262 if (name.equals(BlogsEntry.class.getName())) {
263 BlogsEntryPermission.check(
264 permissionChecker, GetterUtil.getLong(primKey),
265 ActionKeys.PERMISSIONS);
266 }
267 else if (name.equals(BookmarksFolder.class.getName())) {
268 BookmarksFolderPermission.check(
269 permissionChecker, GetterUtil.getLong(primKey),
270 ActionKeys.PERMISSIONS);
271 }
272 else if (name.equals(CalEvent.class.getName())) {
273 CalEventPermission.check(
274 permissionChecker, GetterUtil.getLong(primKey),
275 ActionKeys.PERMISSIONS);
276 }
277 else if (name.equals(DLFolder.class.getName())) {
278 DLFolderPermission.check(
279 permissionChecker, GetterUtil.getLong(primKey),
280 ActionKeys.PERMISSIONS);
281 }
282 else if (name.equals(Group.class.getName())) {
283 GroupPermissionUtil.check(
284 permissionChecker, GetterUtil.getLong(primKey),
285 ActionKeys.PERMISSIONS);
286 }
287 else if (name.equals(IGFolder.class.getName())) {
288 IGFolderPermission.check(
289 permissionChecker, GetterUtil.getLong(primKey),
290 ActionKeys.PERMISSIONS);
291 }
292 else if (name.equals(JournalArticle.class.getName())) {
293 JournalArticlePermission.check(
294 permissionChecker, GetterUtil.getLong(primKey),
295 ActionKeys.PERMISSIONS);
296 }
297 else if (name.equals(JournalFeed.class.getName())) {
298 JournalFeedPermission.check(
299 permissionChecker, GetterUtil.getLong(primKey),
300 ActionKeys.PERMISSIONS);
301 }
302 else if (name.equals(JournalStructure.class.getName())) {
303 JournalStructurePermission.check(
304 permissionChecker, GetterUtil.getLong(primKey),
305 ActionKeys.PERMISSIONS);
306 }
307 else if (name.equals(JournalTemplate.class.getName())) {
308 JournalTemplatePermission.check(
309 permissionChecker, GetterUtil.getLong(primKey),
310 ActionKeys.PERMISSIONS);
311 }
312 else if (name.equals(Layout.class.getName())) {
313 long plid = GetterUtil.getLong(primKey);
314
315 Layout layout = layoutPersistence.findByPrimaryKey(plid);
316
317 GroupPermissionUtil.check(
318 permissionChecker, layout.getGroupId(),
319 ActionKeys.MANAGE_LAYOUTS);
320 }
321 else if (name.equals(MBCategory.class.getName())) {
322 MBCategoryPermission.check(
323 permissionChecker, GetterUtil.getLong(primKey),
324 ActionKeys.PERMISSIONS);
325 }
326 else if (name.equals(PollsQuestion.class.getName())) {
327 PollsQuestionPermission.check(
328 permissionChecker, GetterUtil.getLong(primKey),
329 ActionKeys.PERMISSIONS);
330 }
331 else if (name.equals(SCFrameworkVersion.class.getName())) {
332 SCFrameworkVersionPermission.check(
333 permissionChecker, GetterUtil.getLong(primKey),
334 ActionKeys.PERMISSIONS);
335 }
336 else if (name.equals(SCProductEntry.class.getName())) {
337 SCProductEntryPermission.check(
338 permissionChecker, GetterUtil.getLong(primKey),
339 ActionKeys.PERMISSIONS);
340 }
341 else if (name.equals(ShoppingCategory.class.getName())) {
342 ShoppingCategoryPermission.check(
343 permissionChecker, GetterUtil.getLong(primKey),
344 ActionKeys.PERMISSIONS);
345 }
346 else if (name.equals(ShoppingItem.class.getName())) {
347 ShoppingItemPermission.check(
348 permissionChecker, GetterUtil.getLong(primKey),
349 ActionKeys.PERMISSIONS);
350 }
351 else if (name.equals(User.class.getName())) {
352 long userId = GetterUtil.getLong(primKey);
353
354 User user = userPersistence.findByPrimaryKey(userId);
355
356 UserPermissionUtil.check(
357 permissionChecker, userId, user.getOrganizationIds(),
358 ActionKeys.PERMISSIONS);
359 }
360 else if (name.equals(WikiNode.class.getName())) {
361 WikiNodePermission.check(
362 permissionChecker, GetterUtil.getLong(primKey),
363 ActionKeys.PERMISSIONS);
364 }
365 else if ((primKey != null) &&
366 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
367
368 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
369
370 long plid = GetterUtil.getLong(primKey.substring(0, pos));
371
372 String portletId = primKey.substring(
373 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
374 primKey.length());
375
376 PortletPermissionUtil.check(
377 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
378 }
379 else if (!permissionChecker.hasPermission(
380 groupId, name, primKey, ActionKeys.PERMISSIONS) &&
381 !permissionChecker.hasPermission(
382 groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
383
384 throw new PrincipalException();
385 }
386 }
387
388 }