1
14
15 package com.liferay.portlet.shopping.service.permission;
16
17 import com.liferay.portal.PortalException;
18 import com.liferay.portal.SystemException;
19 import com.liferay.portal.security.auth.PrincipalException;
20 import com.liferay.portal.security.permission.ActionKeys;
21 import com.liferay.portal.security.permission.PermissionChecker;
22 import com.liferay.portal.service.permission.PortletPermissionUtil;
23 import com.liferay.portal.util.PortletKeys;
24 import com.liferay.portlet.shopping.model.ShoppingOrder;
25 import com.liferay.portlet.shopping.service.ShoppingOrderLocalServiceUtil;
26
27
32 public class ShoppingOrderPermission {
33
34 public static void check(
35 PermissionChecker permissionChecker, long plid, long orderId,
36 String actionId)
37 throws PortalException, SystemException {
38
39 if (!contains(permissionChecker, plid, orderId, actionId)) {
40 throw new PrincipalException();
41 }
42 }
43
44 public static void check(
45 PermissionChecker permissionChecker, long plid, ShoppingOrder order,
46 String actionId)
47 throws PortalException, SystemException {
48
49 if (!contains(permissionChecker, plid, order, actionId)) {
50 throw new PrincipalException();
51 }
52 }
53
54 public static boolean contains(
55 PermissionChecker permissionChecker, long plid, long orderId,
56 String actionId)
57 throws PortalException, SystemException {
58
59 ShoppingOrder order =
60 ShoppingOrderLocalServiceUtil.getOrder(orderId);
61
62 return contains(permissionChecker, plid, order, actionId);
63 }
64
65 public static boolean contains(
66 PermissionChecker permissionChecker, long plid, ShoppingOrder order,
67 String actionId)
68 throws PortalException, SystemException {
69
70 if (PortletPermissionUtil.contains(
71 permissionChecker, plid, PortletKeys.SHOPPING,
72 ActionKeys.MANAGE_ORDERS)) {
73
74 return true;
75 }
76 else {
77 if (permissionChecker.hasOwnerPermission(
78 order.getCompanyId(), ShoppingOrder.class.getName(),
79 order.getOrderId(), order.getUserId(), actionId)) {
80
81 return true;
82 }
83
84 return permissionChecker.hasPermission(
85 order.getGroupId(), ShoppingOrder.class.getName(),
86 order.getOrderId(), actionId);
87 }
88 }
89
90 }