1
14
15 package com.liferay.portal.service.impl;
16
17 import com.liferay.portal.kernel.exception.PortalException;
18 import com.liferay.portal.kernel.exception.SystemException;
19 import com.liferay.portal.kernel.util.GetterUtil;
20 import com.liferay.portal.model.Group;
21 import com.liferay.portal.model.Layout;
22 import com.liferay.portal.model.PortletConstants;
23 import com.liferay.portal.model.Resource;
24 import com.liferay.portal.model.Role;
25 import com.liferay.portal.model.Team;
26 import com.liferay.portal.model.User;
27 import com.liferay.portal.security.auth.PrincipalException;
28 import com.liferay.portal.security.permission.ActionKeys;
29 import com.liferay.portal.security.permission.PermissionChecker;
30 import com.liferay.portal.security.permission.PermissionCheckerBag;
31 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
32 import com.liferay.portal.service.permission.GroupPermissionUtil;
33 import com.liferay.portal.service.permission.PortletPermissionUtil;
34 import com.liferay.portal.service.permission.UserPermissionUtil;
35 import com.liferay.portlet.blogs.model.BlogsEntry;
36 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
37 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
38 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
39 import com.liferay.portlet.calendar.model.CalEvent;
40 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
41 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
42 import com.liferay.portlet.documentlibrary.model.DLFolder;
43 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
44 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
45 import com.liferay.portlet.imagegallery.model.IGFolder;
46 import com.liferay.portlet.imagegallery.service.permission.IGFolderPermission;
47 import com.liferay.portlet.journal.model.JournalArticle;
48 import com.liferay.portlet.journal.model.JournalFeed;
49 import com.liferay.portlet.journal.model.JournalStructure;
50 import com.liferay.portlet.journal.model.JournalTemplate;
51 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
52 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
53 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
54 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
55 import com.liferay.portlet.messageboards.model.MBCategory;
56 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
57 import com.liferay.portlet.polls.model.PollsQuestion;
58 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
59 import com.liferay.portlet.shopping.model.ShoppingCategory;
60 import com.liferay.portlet.shopping.model.ShoppingItem;
61 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
62 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
63 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
64 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
65 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
66 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
67 import com.liferay.portlet.wiki.model.WikiNode;
68 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
69
70 import java.util.List;
71
72
78 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
79
80 public void checkPermission(long groupId, long resourceId)
81 throws PortalException, SystemException {
82
83 checkPermission(getPermissionChecker(), groupId, resourceId);
84 }
85
86 public void checkPermission(long groupId, String name, long primKey)
87 throws PortalException, SystemException {
88
89 checkPermission(getPermissionChecker(), groupId, name, primKey);
90 }
91
92 public void checkPermission(long groupId, String name, String primKey)
93 throws PortalException, SystemException {
94
95 checkPermission(getPermissionChecker(), groupId, name, primKey);
96 }
97
98 public boolean hasGroupPermission(
99 long groupId, String actionId, long resourceId)
100 throws SystemException {
101
102 return permissionLocalService.hasGroupPermission(
103 groupId, actionId, resourceId);
104 }
105
106 public boolean hasUserPermission(
107 long userId, String actionId, long resourceId)
108 throws SystemException {
109
110 return permissionLocalService.hasUserPermission(
111 userId, actionId, resourceId);
112 }
113
114 public boolean hasUserPermissions(
115 long userId, long groupId, List<Resource> resources,
116 String actionId, PermissionCheckerBag permissionCheckerBag)
117 throws PortalException, SystemException {
118
119 return permissionLocalService.hasUserPermissions(
120 userId, groupId, resources, actionId, permissionCheckerBag);
121 }
122
123 public void setGroupPermissions(
124 long groupId, String[] actionIds, long resourceId)
125 throws PortalException, SystemException {
126
127 checkPermission(getPermissionChecker(), groupId, resourceId);
128
129 permissionLocalService.setGroupPermissions(
130 groupId, actionIds, resourceId);
131 }
132
133 public void setGroupPermissions(
134 String className, String classPK, long groupId,
135 String[] actionIds, long resourceId)
136 throws PortalException, SystemException {
137
138 checkPermission(getPermissionChecker(), groupId, resourceId);
139
140 permissionLocalService.setGroupPermissions(
141 className, classPK, groupId, actionIds, resourceId);
142 }
143
144 public void setOrgGroupPermissions(
145 long organizationId, long groupId, String[] actionIds,
146 long resourceId)
147 throws PortalException, SystemException {
148
149 checkPermission(getPermissionChecker(), groupId, resourceId);
150
151 permissionLocalService.setOrgGroupPermissions(
152 organizationId, groupId, actionIds, resourceId);
153 }
154
155 public void setRolePermission(
156 long roleId, long groupId, String name, int scope, String primKey,
157 String actionId)
158 throws PortalException, SystemException {
159
160 checkPermission(
161 getPermissionChecker(), groupId, Role.class.getName(), roleId);
162
163 permissionLocalService.setRolePermission(
164 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
165 }
166
167 public void setRolePermissions(
168 long roleId, long groupId, String[] actionIds, long resourceId)
169 throws PortalException, SystemException {
170
171 checkPermission(getPermissionChecker(), groupId, resourceId);
172
173 permissionLocalService.setRolePermissions(
174 roleId, actionIds, resourceId);
175 }
176
177 public void setUserPermissions(
178 long userId, long groupId, String[] actionIds, long resourceId)
179 throws PortalException, SystemException {
180
181 checkPermission(getPermissionChecker(), groupId, resourceId);
182
183 permissionLocalService.setUserPermissions(
184 userId, actionIds, resourceId);
185 }
186
187 public void unsetRolePermission(
188 long roleId, long groupId, long permissionId)
189 throws SystemException, PortalException {
190
191 checkPermission(
192 getPermissionChecker(), groupId, Role.class.getName(), roleId);
193
194 permissionLocalService.unsetRolePermission(roleId, permissionId);
195 }
196
197 public void unsetRolePermission(
198 long roleId, long groupId, String name, int scope, String primKey,
199 String actionId)
200 throws PortalException, SystemException {
201
202 checkPermission(
203 getPermissionChecker(), groupId, Role.class.getName(), roleId);
204
205 permissionLocalService.unsetRolePermission(
206 roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
207 }
208
209 public void unsetRolePermissions(
210 long roleId, long groupId, String name, int scope, String actionId)
211 throws PortalException, SystemException {
212
213 checkPermission(
214 getPermissionChecker(), groupId, Role.class.getName(), roleId);
215
216 permissionLocalService.unsetRolePermissions(
217 roleId, getUser().getCompanyId(), name, scope, actionId);
218 }
219
220 public void unsetUserPermissions(
221 long userId, long groupId, String[] actionIds, long resourceId)
222 throws PortalException, SystemException {
223
224 checkPermission(getPermissionChecker(), groupId, resourceId);
225
226 permissionLocalService.unsetUserPermissions(
227 userId, actionIds, resourceId);
228 }
229
230 protected void checkPermission(
231 PermissionChecker permissionChecker, long groupId,
232 long resourceId)
233 throws PortalException, SystemException {
234
235 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
236
237 checkPermission(
238 permissionChecker, groupId, resource.getName(),
239 resource.getPrimKey().toString());
240 }
241
242 protected void checkPermission(
243 PermissionChecker permissionChecker, long groupId, String name,
244 long primKey)
245 throws PortalException, SystemException {
246
247 checkPermission(
248 permissionChecker, groupId, name, String.valueOf(primKey));
249 }
250
251 protected void checkPermission(
252 PermissionChecker permissionChecker, long groupId, String name,
253 String primKey)
254 throws PortalException, SystemException {
255
256 if (name.equals(BlogsEntry.class.getName())) {
257 BlogsEntryPermission.check(
258 permissionChecker, GetterUtil.getLong(primKey),
259 ActionKeys.PERMISSIONS);
260 }
261 else if (name.equals(BookmarksFolder.class.getName())) {
262 BookmarksFolderPermission.check(
263 permissionChecker, groupId, GetterUtil.getLong(primKey),
264 ActionKeys.PERMISSIONS);
265 }
266 else if (name.equals(CalEvent.class.getName())) {
267 CalEventPermission.check(
268 permissionChecker, GetterUtil.getLong(primKey),
269 ActionKeys.PERMISSIONS);
270 }
271 else if (name.equals(DLFileEntry.class.getName())) {
272 DLFileEntryPermission.check(
273 permissionChecker, GetterUtil.getLong(primKey),
274 ActionKeys.PERMISSIONS);
275 }
276 else if (name.equals(DLFolder.class.getName())) {
277 DLFolderPermission.check(
278 permissionChecker, groupId, GetterUtil.getLong(primKey),
279 ActionKeys.PERMISSIONS);
280 }
281 else if (name.equals(Group.class.getName())) {
282 GroupPermissionUtil.check(
283 permissionChecker, GetterUtil.getLong(primKey),
284 ActionKeys.PERMISSIONS);
285 }
286 else if (name.equals(IGFolder.class.getName())) {
287 IGFolderPermission.check(
288 permissionChecker, groupId, GetterUtil.getLong(primKey),
289 ActionKeys.PERMISSIONS);
290 }
291 else if (name.equals(JournalArticle.class.getName())) {
292 JournalArticlePermission.check(
293 permissionChecker, GetterUtil.getLong(primKey),
294 ActionKeys.PERMISSIONS);
295 }
296 else if (name.equals(JournalFeed.class.getName())) {
297 JournalFeedPermission.check(
298 permissionChecker, GetterUtil.getLong(primKey),
299 ActionKeys.PERMISSIONS);
300 }
301 else if (name.equals(JournalStructure.class.getName())) {
302 JournalStructurePermission.check(
303 permissionChecker, GetterUtil.getLong(primKey),
304 ActionKeys.PERMISSIONS);
305 }
306 else if (name.equals(JournalTemplate.class.getName())) {
307 JournalTemplatePermission.check(
308 permissionChecker, GetterUtil.getLong(primKey),
309 ActionKeys.PERMISSIONS);
310 }
311 else if (name.equals(Layout.class.getName())) {
312 long plid = GetterUtil.getLong(primKey);
313
314 Layout layout = layoutPersistence.findByPrimaryKey(plid);
315
316 GroupPermissionUtil.check(
317 permissionChecker, layout.getGroupId(),
318 ActionKeys.MANAGE_LAYOUTS);
319 }
320 else if (name.equals(MBCategory.class.getName())) {
321 MBCategoryPermission.check(
322 permissionChecker, groupId, GetterUtil.getLong(primKey),
323 ActionKeys.PERMISSIONS);
324 }
325 else if (name.equals(PollsQuestion.class.getName())) {
326 PollsQuestionPermission.check(
327 permissionChecker, GetterUtil.getLong(primKey),
328 ActionKeys.PERMISSIONS);
329 }
330 else if (name.equals(SCFrameworkVersion.class.getName())) {
331 SCFrameworkVersionPermission.check(
332 permissionChecker, GetterUtil.getLong(primKey),
333 ActionKeys.PERMISSIONS);
334 }
335 else if (name.equals(SCProductEntry.class.getName())) {
336 SCProductEntryPermission.check(
337 permissionChecker, GetterUtil.getLong(primKey),
338 ActionKeys.PERMISSIONS);
339 }
340 else if (name.equals(ShoppingCategory.class.getName())) {
341 ShoppingCategoryPermission.check(
342 permissionChecker, groupId, GetterUtil.getLong(primKey),
343 ActionKeys.PERMISSIONS);
344 }
345 else if (name.equals(ShoppingItem.class.getName())) {
346 ShoppingItemPermission.check(
347 permissionChecker, GetterUtil.getLong(primKey),
348 ActionKeys.PERMISSIONS);
349 }
350 else if (name.equals(Team.class.getName())) {
351 long teamId = GetterUtil.getLong(primKey);
352
353 Team team = teamPersistence.findByPrimaryKey(teamId);
354
355 GroupPermissionUtil.check(
356 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
357 }
358 else if (name.equals(User.class.getName())) {
359 long userId = GetterUtil.getLong(primKey);
360
361 User user = userPersistence.findByPrimaryKey(userId);
362
363 UserPermissionUtil.check(
364 permissionChecker, userId, user.getOrganizationIds(),
365 ActionKeys.PERMISSIONS);
366 }
367 else if (name.equals(WikiNode.class.getName())) {
368 WikiNodePermission.check(
369 permissionChecker, GetterUtil.getLong(primKey),
370 ActionKeys.PERMISSIONS);
371 }
372 else if ((primKey != null) &&
373 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
374
375 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
376
377 long plid = GetterUtil.getLong(primKey.substring(0, pos));
378
379 String portletId = primKey.substring(
380 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
381 primKey.length());
382
383 PortletPermissionUtil.check(
384 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
385 }
386 else if (!permissionChecker.hasPermission(
387 groupId, name, primKey, ActionKeys.PERMISSIONS) &&
388 !permissionChecker.hasPermission(
389 groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
390
391 throw new PrincipalException();
392 }
393 }
394
395 }