1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.kernel.exception.PortalException;
18  import com.liferay.portal.kernel.exception.SystemException;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.model.Group;
21  import com.liferay.portal.model.Layout;
22  import com.liferay.portal.model.PortletConstants;
23  import com.liferay.portal.model.Resource;
24  import com.liferay.portal.model.Role;
25  import com.liferay.portal.model.Team;
26  import com.liferay.portal.model.User;
27  import com.liferay.portal.security.auth.PrincipalException;
28  import com.liferay.portal.security.permission.ActionKeys;
29  import com.liferay.portal.security.permission.PermissionChecker;
30  import com.liferay.portal.security.permission.PermissionCheckerBag;
31  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
32  import com.liferay.portal.service.permission.GroupPermissionUtil;
33  import com.liferay.portal.service.permission.PortletPermissionUtil;
34  import com.liferay.portal.service.permission.UserPermissionUtil;
35  import com.liferay.portlet.blogs.model.BlogsEntry;
36  import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
37  import com.liferay.portlet.bookmarks.model.BookmarksFolder;
38  import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
39  import com.liferay.portlet.calendar.model.CalEvent;
40  import com.liferay.portlet.calendar.service.permission.CalEventPermission;
41  import com.liferay.portlet.documentlibrary.model.DLFileEntry;
42  import com.liferay.portlet.documentlibrary.model.DLFolder;
43  import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
44  import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
45  import com.liferay.portlet.imagegallery.model.IGFolder;
46  import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
47  import com.liferay.portlet.journal.model.JournalArticle;
48  import com.liferay.portlet.journal.model.JournalFeed;
49  import com.liferay.portlet.journal.model.JournalStructure;
50  import com.liferay.portlet.journal.model.JournalTemplate;
51  import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
52  import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
53  import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
54  import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
55  import com.liferay.portlet.messageboards.model.MBCategory;
56  import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
57  import com.liferay.portlet.polls.model.PollsQuestion;
58  import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
59  import com.liferay.portlet.shopping.model.ShoppingCategory;
60  import com.liferay.portlet.shopping.model.ShoppingItem;
61  import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
62  import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
63  import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
64  import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
65  import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
66  import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
67  import com.liferay.portlet.wiki.model.WikiNode;
68  import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
69  
70  import java.util.List;
71  
72  /**
73   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
74   *
75   * @author Brian Wing Shun Chan
76   * @author Raymond Augé
77   */
78  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
79  
80      public void checkPermission(long groupId, long resourceId)
81          throws PortalException, SystemException {
82  
83          checkPermission(getPermissionChecker(), groupId, resourceId);
84      }
85  
86      public void checkPermission(long groupId, String name, long primKey)
87          throws PortalException, SystemException {
88  
89          checkPermission(getPermissionChecker(), groupId, name, primKey);
90      }
91  
92      public void checkPermission(long groupId, String name, String primKey)
93          throws PortalException, SystemException {
94  
95          checkPermission(getPermissionChecker(), groupId, name, primKey);
96      }
97  
98      public boolean hasGroupPermission(
99              long groupId, String actionId, long resourceId)
100         throws SystemException {
101 
102         return permissionLocalService.hasGroupPermission(
103             groupId, actionId, resourceId);
104     }
105 
106     public boolean hasUserPermission(
107             long userId, String actionId, long resourceId)
108         throws SystemException {
109 
110         return permissionLocalService.hasUserPermission(
111             userId, actionId, resourceId);
112     }
113 
114     public boolean hasUserPermissions(
115             long userId, long groupId, List<Resource> resources,
116             String actionId, PermissionCheckerBag permissionCheckerBag)
117         throws PortalException, SystemException {
118 
119         return permissionLocalService.hasUserPermissions(
120             userId, groupId, resources, actionId, permissionCheckerBag);
121     }
122 
123     public void setGroupPermissions(
124             long groupId, String[] actionIds, long resourceId)
125         throws PortalException, SystemException {
126 
127         checkPermission(getPermissionChecker(), groupId, resourceId);
128 
129         permissionLocalService.setGroupPermissions(
130             groupId, actionIds, resourceId);
131     }
132 
133     public void setGroupPermissions(
134             String className, String classPK, long groupId,
135             String[] actionIds, long resourceId)
136         throws PortalException, SystemException {
137 
138         checkPermission(getPermissionChecker(), groupId, resourceId);
139 
140         permissionLocalService.setGroupPermissions(
141             className, classPK, groupId, actionIds, resourceId);
142     }
143 
144     public void setOrgGroupPermissions(
145             long organizationId, long groupId, String[] actionIds,
146             long resourceId)
147         throws PortalException, SystemException {
148 
149         checkPermission(getPermissionChecker(), groupId, resourceId);
150 
151         permissionLocalService.setOrgGroupPermissions(
152             organizationId, groupId, actionIds, resourceId);
153     }
154 
155     public void setRolePermission(
156             long roleId, long groupId, String name, int scope, String primKey,
157             String actionId)
158         throws PortalException, SystemException {
159 
160         checkPermission(
161             getPermissionChecker(), groupId, Role.class.getName(), roleId);
162 
163         permissionLocalService.setRolePermission(
164             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
165     }
166 
167     public void setRolePermissions(
168             long roleId, long groupId, String[] actionIds, long resourceId)
169         throws PortalException, SystemException {
170 
171         checkPermission(getPermissionChecker(), groupId, resourceId);
172 
173         permissionLocalService.setRolePermissions(
174             roleId, actionIds, resourceId);
175     }
176 
177     public void setUserPermissions(
178             long userId, long groupId, String[] actionIds, long resourceId)
179         throws PortalException, SystemException {
180 
181         checkPermission(getPermissionChecker(), groupId, resourceId);
182 
183         permissionLocalService.setUserPermissions(
184             userId, actionIds, resourceId);
185     }
186 
187     public void unsetRolePermission(
188             long roleId, long groupId, long permissionId)
189         throws SystemException, PortalException {
190 
191         checkPermission(
192             getPermissionChecker(), groupId, Role.class.getName(), roleId);
193 
194         permissionLocalService.unsetRolePermission(roleId, permissionId);
195     }
196 
197     public void unsetRolePermission(
198             long roleId, long groupId, String name, int scope, String primKey,
199             String actionId)
200         throws PortalException, SystemException {
201 
202         checkPermission(
203             getPermissionChecker(), groupId, Role.class.getName(), roleId);
204 
205         permissionLocalService.unsetRolePermission(
206             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
207     }
208 
209     public void unsetRolePermissions(
210             long roleId, long groupId, String name, int scope, String actionId)
211         throws PortalException, SystemException {
212 
213         checkPermission(
214             getPermissionChecker(), groupId, Role.class.getName(), roleId);
215 
216         permissionLocalService.unsetRolePermissions(
217             roleId, getUser().getCompanyId(), name, scope, actionId);
218     }
219 
220     public void unsetUserPermissions(
221             long userId, long groupId, String[] actionIds, long resourceId)
222         throws PortalException, SystemException {
223 
224         checkPermission(getPermissionChecker(), groupId, resourceId);
225 
226         permissionLocalService.unsetUserPermissions(
227             userId, actionIds, resourceId);
228     }
229 
230     protected void checkPermission(
231             PermissionChecker permissionChecker, long groupId,
232             long resourceId)
233         throws PortalException, SystemException {
234 
235         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
236 
237         checkPermission(
238             permissionChecker, groupId, resource.getName(),
239             resource.getPrimKey().toString());
240     }
241 
242     protected void checkPermission(
243             PermissionChecker permissionChecker, long groupId, String name,
244             long primKey)
245         throws PortalException, SystemException {
246 
247         checkPermission(
248             permissionChecker, groupId, name, String.valueOf(primKey));
249     }
250 
251     protected void checkPermission(
252             PermissionChecker permissionChecker, long groupId, String name,
253             String primKey)
254         throws PortalException, SystemException {
255 
256         if (name.equals(BlogsEntry.class.getName())) {
257             BlogsEntryPermission.check(
258                 permissionChecker, GetterUtil.getLong(primKey),
259                 ActionKeys.PERMISSIONS);
260         }
261         else if (name.equals(BookmarksFolder.class.getName())) {
262             BookmarksFolderPermission.check(
263                 permissionChecker, groupId, GetterUtil.getLong(primKey),
264                 ActionKeys.PERMISSIONS);
265         }
266         else if (name.equals(CalEvent.class.getName())) {
267             CalEventPermission.check(
268                 permissionChecker, GetterUtil.getLong(primKey),
269                 ActionKeys.PERMISSIONS);
270         }
271         else if (name.equals(DLFileEntry.class.getName())) {
272             DLFileEntryPermission.check(
273                 permissionChecker, GetterUtil.getLong(primKey),
274                 ActionKeys.PERMISSIONS);
275         }
276         else if (name.equals(DLFolder.class.getName())) {
277             DLFolderPermission.check(
278                 permissionChecker, groupId, GetterUtil.getLong(primKey),
279                 ActionKeys.PERMISSIONS);
280         }
281         else if (name.equals(Group.class.getName())) {
282             GroupPermissionUtil.check(
283                 permissionChecker, GetterUtil.getLong(primKey),
284                 ActionKeys.PERMISSIONS);
285         }
286         else if (name.equals(IGFolder.class.getName())) {
287             IGFolderPermission.check(
288                 permissionChecker, groupId, GetterUtil.getLong(primKey),
289                 ActionKeys.PERMISSIONS);
290         }
291         else if (name.equals(JournalArticle.class.getName())) {
292             JournalArticlePermission.check(
293                 permissionChecker, GetterUtil.getLong(primKey),
294                 ActionKeys.PERMISSIONS);
295         }
296         else if (name.equals(JournalFeed.class.getName())) {
297             JournalFeedPermission.check(
298                 permissionChecker, GetterUtil.getLong(primKey),
299                 ActionKeys.PERMISSIONS);
300         }
301         else if (name.equals(JournalStructure.class.getName())) {
302             JournalStructurePermission.check(
303                 permissionChecker, GetterUtil.getLong(primKey),
304                 ActionKeys.PERMISSIONS);
305         }
306         else if (name.equals(JournalTemplate.class.getName())) {
307             JournalTemplatePermission.check(
308                 permissionChecker, GetterUtil.getLong(primKey),
309                 ActionKeys.PERMISSIONS);
310         }
311         else if (name.equals(Layout.class.getName())) {
312             long plid = GetterUtil.getLong(primKey);
313 
314             Layout layout = layoutPersistence.findByPrimaryKey(plid);
315 
316             GroupPermissionUtil.check(
317                 permissionChecker, layout.getGroupId(),
318                 ActionKeys.MANAGE_LAYOUTS);
319         }
320         else if (name.equals(MBCategory.class.getName())) {
321             MBCategoryPermission.check(
322                 permissionChecker, groupId, GetterUtil.getLong(primKey),
323                 ActionKeys.PERMISSIONS);
324         }
325         else if (name.equals(PollsQuestion.class.getName())) {
326             PollsQuestionPermission.check(
327                 permissionChecker, GetterUtil.getLong(primKey),
328                 ActionKeys.PERMISSIONS);
329         }
330         else if (name.equals(SCFrameworkVersion.class.getName())) {
331             SCFrameworkVersionPermission.check(
332                 permissionChecker, GetterUtil.getLong(primKey),
333                 ActionKeys.PERMISSIONS);
334         }
335         else if (name.equals(SCProductEntry.class.getName())) {
336             SCProductEntryPermission.check(
337                 permissionChecker, GetterUtil.getLong(primKey),
338                 ActionKeys.PERMISSIONS);
339         }
340         else if (name.equals(ShoppingCategory.class.getName())) {
341             ShoppingCategoryPermission.check(
342                 permissionChecker, groupId, GetterUtil.getLong(primKey),
343                 ActionKeys.PERMISSIONS);
344         }
345         else if (name.equals(ShoppingItem.class.getName())) {
346             ShoppingItemPermission.check(
347                 permissionChecker, GetterUtil.getLong(primKey),
348                 ActionKeys.PERMISSIONS);
349         }
350         else if (name.equals(Team.class.getName())) {
351             long teamId = GetterUtil.getLong(primKey);
352 
353             Team team = teamPersistence.findByPrimaryKey(teamId);
354 
355             GroupPermissionUtil.check(
356                 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
357         }
358         else if (name.equals(User.class.getName())) {
359             long userId = GetterUtil.getLong(primKey);
360 
361             User user = userPersistence.findByPrimaryKey(userId);
362 
363             UserPermissionUtil.check(
364                 permissionChecker, userId, user.getOrganizationIds(),
365                 ActionKeys.PERMISSIONS);
366         }
367         else if (name.equals(WikiNode.class.getName())) {
368             WikiNodePermission.check(
369                 permissionChecker, GetterUtil.getLong(primKey),
370                 ActionKeys.PERMISSIONS);
371         }
372         else if ((primKey != null) &&
373                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
374 
375             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
376 
377             long plid = GetterUtil.getLong(primKey.substring(0, pos));
378 
379             String portletId = primKey.substring(
380                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
381                 primKey.length());
382 
383             PortletPermissionUtil.check(
384                 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
385         }
386         else if (!permissionChecker.hasPermission(
387                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
388                  !permissionChecker.hasPermission(
389                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
390 
391             throw new PrincipalException();
392         }
393     }
394 
395 }