1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * Permission is hereby granted, free of charge, to any person obtaining a copy
5    * of this software and associated documentation files (the "Software"), to deal
6    * in the Software without restriction, including without limitation the rights
7    * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8    * copies of the Software, and to permit persons to whom the Software is
9    * furnished to do so, subject to the following conditions:
10   *
11   * The above copyright notice and this permission notice shall be included in
12   * all copies or substantial portions of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.service.impl;
24  
25  import com.liferay.portal.PortalException;
26  import com.liferay.portal.SystemException;
27  import com.liferay.portal.kernel.util.GetterUtil;
28  import com.liferay.portal.model.Group;
29  import com.liferay.portal.model.Layout;
30  import com.liferay.portal.model.PortletConstants;
31  import com.liferay.portal.model.Resource;
32  import com.liferay.portal.model.Role;
33  import com.liferay.portal.model.User;
34  import com.liferay.portal.security.auth.PrincipalException;
35  import com.liferay.portal.security.permission.ActionKeys;
36  import com.liferay.portal.security.permission.PermissionChecker;
37  import com.liferay.portal.security.permission.PermissionCheckerBag;
38  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
39  import com.liferay.portal.service.permission.GroupPermissionUtil;
40  import com.liferay.portal.service.permission.PortletPermissionUtil;
41  import com.liferay.portal.service.permission.UserPermissionUtil;
42  import com.liferay.portlet.blogs.model.BlogsEntry;
43  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
44  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
45  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
46  import com.liferay.portlet.calendar.model.CalEvent;
47  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
48  import com.liferay.portlet.documentlibrary.model.DLFolder;
49  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
50  import com.liferay.portlet.imagegallery.model.IGFolder;
51  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
52  import com.liferay.portlet.journal.model.JournalArticle;
53  import com.liferay.portlet.journal.model.JournalFeed;
54  import com.liferay.portlet.journal.model.JournalStructure;
55  import com.liferay.portlet.journal.model.JournalTemplate;
56  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
57  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
58  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
59  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
60  import com.liferay.portlet.messageboards.model.MBCategory;
61  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
62  import com.liferay.portlet.polls.model.PollsQuestion;
63  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
64  import com.liferay.portlet.shopping.model.ShoppingCategory;
65  import com.liferay.portlet.shopping.model.ShoppingItem;
66  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
67  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
68  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
69  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
70  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
71  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
72  import com.liferay.portlet.wiki.model.WikiNode;
73  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
74  
75  import java.util.List;
76  
77  /**
78   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
79   *
80   * @author Brian Wing Shun Chan
81   * @author Raymond Augé
82   *
83   */
84  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
85  
86      public void checkPermission(long groupId, long resourceId)
87          throws PortalException, SystemException {
88  
89          checkPermission(getPermissionChecker(), groupId, resourceId);
90      }
91  
92      public void checkPermission(long groupId, String name, long primKey)
93          throws PortalException, SystemException {
94  
95          checkPermission(getPermissionChecker(), groupId, name, primKey);
96      }
97  
98      public void checkPermission(long groupId, String name, String primKey)
99          throws PortalException, SystemException {
100 
101         checkPermission(getPermissionChecker(), groupId, name, primKey);
102     }
103 
104     public boolean hasGroupPermission(
105             long groupId, String actionId, long resourceId)
106         throws SystemException {
107 
108         return permissionLocalService.hasGroupPermission(
109             groupId, actionId, resourceId);
110     }
111 
112     public boolean hasUserPermission(
113             long userId, String actionId, long resourceId)
114         throws SystemException {
115 
116         return permissionLocalService.hasUserPermission(
117             userId, actionId, resourceId);
118     }
119 
120     public boolean hasUserPermissions(
121             long userId, long groupId, List<Resource> resources,
122             String actionId, PermissionCheckerBag permissionCheckerBag)
123         throws PortalException, SystemException {
124 
125         return permissionLocalService.hasUserPermissions(
126             userId, groupId, resources, actionId, permissionCheckerBag);
127     }
128 
129     public void setGroupPermissions(
130             long groupId, String[] actionIds, long resourceId)
131         throws PortalException, SystemException {
132 
133         checkPermission(getPermissionChecker(), groupId, resourceId);
134 
135         permissionLocalService.setGroupPermissions(
136             groupId, actionIds, resourceId);
137     }
138 
139     public void setGroupPermissions(
140             String className, String classPK, long groupId,
141             String[] actionIds, long resourceId)
142         throws PortalException, SystemException {
143 
144         checkPermission(getPermissionChecker(), groupId, resourceId);
145 
146         permissionLocalService.setGroupPermissions(
147             className, classPK, groupId, actionIds, resourceId);
148     }
149 
150     public void setOrgGroupPermissions(
151             long organizationId, long groupId, String[] actionIds,
152             long resourceId)
153         throws PortalException, SystemException {
154 
155         checkPermission(getPermissionChecker(), groupId, resourceId);
156 
157         permissionLocalService.setOrgGroupPermissions(
158             organizationId, groupId, actionIds, resourceId);
159     }
160 
161     public void setRolePermission(
162             long roleId, long groupId, String name, int scope, String primKey,
163             String actionId)
164         throws PortalException, SystemException {
165 
166         checkPermission(
167             getPermissionChecker(), groupId, Role.class.getName(), roleId);
168 
169         permissionLocalService.setRolePermission(
170             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
171     }
172 
173     public void setRolePermissions(
174             long roleId, long groupId, String[] actionIds, long resourceId)
175         throws PortalException, SystemException {
176 
177         checkPermission(getPermissionChecker(), groupId, resourceId);
178 
179         permissionLocalService.setRolePermissions(
180             roleId, actionIds, resourceId);
181     }
182 
183     public void setUserPermissions(
184             long userId, long groupId, String[] actionIds, long resourceId)
185         throws PortalException, SystemException {
186 
187         checkPermission(getPermissionChecker(), groupId, resourceId);
188 
189         permissionLocalService.setUserPermissions(
190             userId, actionIds, resourceId);
191     }
192 
193     public void unsetRolePermission(
194             long roleId, long groupId, long permissionId)
195         throws SystemException, PortalException {
196 
197         checkPermission(
198             getPermissionChecker(), groupId, Role.class.getName(), roleId);
199 
200         permissionLocalService.unsetRolePermission(roleId, permissionId);
201     }
202 
203     public void unsetRolePermission(
204             long roleId, long groupId, String name, int scope, String primKey,
205             String actionId)
206         throws PortalException, SystemException {
207 
208         checkPermission(
209             getPermissionChecker(), groupId, Role.class.getName(), roleId);
210 
211         permissionLocalService.unsetRolePermission(
212             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
213     }
214 
215     public void unsetRolePermissions(
216             long roleId, long groupId, String name, int scope, String actionId)
217         throws PortalException, SystemException {
218 
219         checkPermission(
220             getPermissionChecker(), groupId, Role.class.getName(), roleId);
221 
222         permissionLocalService.unsetRolePermissions(
223             roleId, getUser().getCompanyId(), name, scope, actionId);
224     }
225 
226     public void unsetUserPermissions(
227             long userId, long groupId, String[] actionIds, long resourceId)
228         throws PortalException, SystemException {
229 
230         checkPermission(getPermissionChecker(), groupId, resourceId);
231 
232         permissionLocalService.unsetUserPermissions(
233             userId, actionIds, resourceId);
234     }
235 
236     protected void checkPermission(
237             PermissionChecker permissionChecker, long groupId,
238             long resourceId)
239         throws PortalException, SystemException {
240 
241         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
242 
243         checkPermission(
244             permissionChecker, groupId, resource.getName(),
245             resource.getPrimKey().toString());
246     }
247 
248     protected void checkPermission(
249             PermissionChecker permissionChecker, long groupId, String name,
250             long primKey)
251         throws PortalException, SystemException {
252 
253         checkPermission(
254             permissionChecker, groupId, name, String.valueOf(primKey));
255     }
256 
257     protected void checkPermission(
258             PermissionChecker permissionChecker, long groupId, String name,
259             String primKey)
260         throws PortalException, SystemException {
261 
262         if (name.equals(BlogsEntry.class.getName())) {
263             BlogsEntryPermission.check(
264                 permissionChecker, GetterUtil.getLong(primKey),
265                 ActionKeys.PERMISSIONS);
266         }
267         else if (name.equals(BookmarksFolder.class.getName())) {
268             BookmarksFolderPermission.check(
269                 permissionChecker, GetterUtil.getLong(primKey),
270                 ActionKeys.PERMISSIONS);
271         }
272         else if (name.equals(CalEvent.class.getName())) {
273             CalEventPermission.check(
274                 permissionChecker, GetterUtil.getLong(primKey),
275                 ActionKeys.PERMISSIONS);
276         }
277         else if (name.equals(DLFolder.class.getName())) {
278             DLFolderPermission.check(
279                 permissionChecker, GetterUtil.getLong(primKey),
280                 ActionKeys.PERMISSIONS);
281         }
282         else if (name.equals(Group.class.getName())) {
283             GroupPermissionUtil.check(
284                 permissionChecker, GetterUtil.getLong(primKey),
285                 ActionKeys.PERMISSIONS);
286         }
287         else if (name.equals(IGFolder.class.getName())) {
288             IGFolderPermission.check(
289                 permissionChecker, GetterUtil.getLong(primKey),
290                 ActionKeys.PERMISSIONS);
291         }
292         else if (name.equals(JournalArticle.class.getName())) {
293             JournalArticlePermission.check(
294                 permissionChecker, GetterUtil.getLong(primKey),
295                 ActionKeys.PERMISSIONS);
296         }
297         else if (name.equals(JournalFeed.class.getName())) {
298             JournalFeedPermission.check(
299                 permissionChecker, GetterUtil.getLong(primKey),
300                 ActionKeys.PERMISSIONS);
301         }
302         else if (name.equals(JournalStructure.class.getName())) {
303             JournalStructurePermission.check(
304                 permissionChecker, GetterUtil.getLong(primKey),
305                 ActionKeys.PERMISSIONS);
306         }
307         else if (name.equals(JournalTemplate.class.getName())) {
308             JournalTemplatePermission.check(
309                 permissionChecker, GetterUtil.getLong(primKey),
310                 ActionKeys.PERMISSIONS);
311         }
312         else if (name.equals(Layout.class.getName())) {
313             long plid = GetterUtil.getLong(primKey);
314 
315             Layout layout = layoutPersistence.findByPrimaryKey(plid);
316 
317             GroupPermissionUtil.check(
318                 permissionChecker, layout.getGroupId(),
319                 ActionKeys.MANAGE_LAYOUTS);
320         }
321         else if (name.equals(MBCategory.class.getName())) {
322             MBCategoryPermission.check(
323                 permissionChecker, GetterUtil.getLong(primKey),
324                 ActionKeys.PERMISSIONS);
325         }
326         else if (name.equals(PollsQuestion.class.getName())) {
327             PollsQuestionPermission.check(
328                 permissionChecker, GetterUtil.getLong(primKey),
329                 ActionKeys.PERMISSIONS);
330         }
331         else if (name.equals(SCFrameworkVersion.class.getName())) {
332             SCFrameworkVersionPermission.check(
333                 permissionChecker, GetterUtil.getLong(primKey),
334                 ActionKeys.PERMISSIONS);
335         }
336         else if (name.equals(SCProductEntry.class.getName())) {
337             SCProductEntryPermission.check(
338                 permissionChecker, GetterUtil.getLong(primKey),
339                 ActionKeys.PERMISSIONS);
340         }
341         else if (name.equals(ShoppingCategory.class.getName())) {
342             ShoppingCategoryPermission.check(
343                 permissionChecker, GetterUtil.getLong(primKey),
344                 ActionKeys.PERMISSIONS);
345         }
346         else if (name.equals(ShoppingItem.class.getName())) {
347             ShoppingItemPermission.check(
348                 permissionChecker, GetterUtil.getLong(primKey),
349                 ActionKeys.PERMISSIONS);
350         }
351         else if (name.equals(User.class.getName())) {
352             long userId = GetterUtil.getLong(primKey);
353 
354             User user = userPersistence.findByPrimaryKey(userId);
355 
356             UserPermissionUtil.check(
357                 permissionChecker, userId, user.getOrganizationIds(),
358                 ActionKeys.PERMISSIONS);
359         }
360         else if (name.equals(WikiNode.class.getName())) {
361             WikiNodePermission.check(
362                 permissionChecker, GetterUtil.getLong(primKey),
363                 ActionKeys.PERMISSIONS);
364         }
365         else if ((primKey != null) &&
366                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
367 
368             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
369 
370             long plid = GetterUtil.getLong(primKey.substring(0, pos));
371 
372             String portletId = primKey.substring(
373                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
374                 primKey.length());
375 
376             PortletPermissionUtil.check(
377                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
378         }
379         else if (!permissionChecker.hasPermission(
380                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
381                  !permissionChecker.hasPermission(
382                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
383 
384             throw new PrincipalException();
385         }
386     }
387 
388 }