1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   * 
13   */
14  
15  package com.liferay.portal.service.impl;
16  
17  import com.liferay.portal.PortalException;
18  import com.liferay.portal.SystemException;
19  import com.liferay.portal.kernel.util.GetterUtil;
20  import com.liferay.portal.model.Group;
21  import com.liferay.portal.model.Layout;
22  import com.liferay.portal.model.PortletConstants;
23  import com.liferay.portal.model.Resource;
24  import com.liferay.portal.model.Role;
25  import com.liferay.portal.model.User;
26  import com.liferay.portal.security.auth.PrincipalException;
27  import com.liferay.portal.security.permission.ActionKeys;
28  import com.liferay.portal.security.permission.PermissionChecker;
29  import com.liferay.portal.security.permission.PermissionCheckerBag;
30  import com.liferay.portal.service.base.PermissionServiceBaseImpl;
31  import com.liferay.portal.service.permission.GroupPermissionUtil;
32  import com.liferay.portal.service.permission.PortletPermissionUtil;
33  import com.liferay.portal.service.permission.UserPermissionUtil;
34  
35  import java.util.List;
36  
37  /**
38   * <a href="PermissionServiceImpl.java.html"><b><i>View Source</i></b></a>
39   *
40   * @author Brian Wing Shun Chan
41   */
42  public class PermissionServiceImpl extends PermissionServiceBaseImpl {
43  
44      public void checkPermission(long groupId, long resourceId)
45          throws PortalException, SystemException {
46  
47          checkPermission(getPermissionChecker(), groupId, resourceId);
48      }
49  
50      public void checkPermission(long groupId, String name, long primKey)
51          throws PortalException, SystemException {
52  
53          checkPermission(getPermissionChecker(), groupId, name, primKey);
54      }
55  
56      public void checkPermission(long groupId, String name, String primKey)
57          throws PortalException, SystemException {
58  
59          checkPermission(getPermissionChecker(), groupId, name, primKey);
60      }
61  
62      public boolean hasGroupPermission(
63              long groupId, String actionId, long resourceId)
64          throws SystemException {
65  
66          return permissionLocalService.hasGroupPermission(
67              groupId, actionId, resourceId);
68      }
69  
70      public boolean hasUserPermission(
71              long userId, String actionId, long resourceId)
72          throws SystemException {
73  
74          return permissionLocalService.hasUserPermission(
75              userId, actionId, resourceId);
76      }
77  
78      public boolean hasUserPermissions(
79              long userId, long groupId, List<Resource> resources,
80              String actionId, PermissionCheckerBag permissionCheckerBag)
81          throws PortalException, SystemException {
82  
83          return permissionLocalService.hasUserPermissions(
84              userId, groupId, resources, actionId, permissionCheckerBag);
85      }
86  
87      public void setGroupPermissions(
88              long groupId, String[] actionIds, long resourceId)
89          throws PortalException, SystemException {
90  
91          checkPermission(getPermissionChecker(), groupId, resourceId);
92  
93          permissionLocalService.setGroupPermissions(
94              groupId, actionIds, resourceId);
95      }
96  
97      public void setGroupPermissions(
98              String className, String classPK, long groupId,
99              String[] actionIds, long resourceId)
100         throws PortalException, SystemException {
101 
102         checkPermission(getPermissionChecker(), groupId, resourceId);
103 
104         permissionLocalService.setGroupPermissions(
105             className, classPK, groupId, actionIds, resourceId);
106     }
107 
108     public void setOrgGroupPermissions(
109             long organizationId, long groupId, String[] actionIds,
110             long resourceId)
111         throws PortalException, SystemException {
112 
113         checkPermission(getPermissionChecker(), groupId, resourceId);
114 
115         permissionLocalService.setOrgGroupPermissions(
116             organizationId, groupId, actionIds, resourceId);
117     }
118 
119     public void setRolePermission(
120             long roleId, long groupId, String name, int scope, String primKey,
121             String actionId)
122         throws PortalException, SystemException {
123 
124         checkPermission(
125             getPermissionChecker(), groupId, Role.class.getName(), roleId);
126 
127         permissionLocalService.setRolePermission(
128             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
129     }
130 
131     public void setRolePermissions(
132             long roleId, long groupId, String[] actionIds, long resourceId)
133         throws PortalException, SystemException {
134 
135         checkPermission(getPermissionChecker(), groupId, resourceId);
136 
137         permissionLocalService.setRolePermissions(
138             roleId, actionIds, resourceId);
139     }
140 
141     public void setUserPermissions(
142             long userId, long groupId, String[] actionIds, long resourceId)
143         throws PortalException, SystemException {
144 
145         checkPermission(getPermissionChecker(), groupId, resourceId);
146 
147         permissionLocalService.setUserPermissions(
148             userId, actionIds, resourceId);
149     }
150 
151     public void unsetRolePermission(
152             long roleId, long groupId, long permissionId)
153         throws SystemException, PortalException {
154 
155         checkPermission(
156             getPermissionChecker(), groupId, Role.class.getName(), roleId);
157 
158         permissionLocalService.unsetRolePermission(roleId, permissionId);
159     }
160 
161     public void unsetRolePermission(
162             long roleId, long groupId, String name, int scope, String primKey,
163             String actionId)
164         throws PortalException, SystemException {
165 
166         checkPermission(
167             getPermissionChecker(), groupId, Role.class.getName(), roleId);
168 
169         permissionLocalService.unsetRolePermission(
170             roleId, getUser().getCompanyId(), name, scope, primKey, actionId);
171     }
172 
173     public void unsetRolePermissions(
174             long roleId, long groupId, String name, int scope, String actionId)
175         throws PortalException, SystemException {
176 
177         checkPermission(
178             getPermissionChecker(), groupId, Role.class.getName(), roleId);
179 
180         permissionLocalService.unsetRolePermissions(
181             roleId, getUser().getCompanyId(), name, scope, actionId);
182     }
183 
184     public void unsetUserPermissions(
185             long userId, long groupId, String[] actionIds, long resourceId)
186         throws PortalException, SystemException {
187 
188         checkPermission(getPermissionChecker(), groupId, resourceId);
189 
190         permissionLocalService.unsetUserPermissions(
191             userId, actionIds, resourceId);
192     }
193 
194     protected void checkPermission(
195             PermissionChecker permissionChecker, long groupId,
196             long resourceId)
197         throws PortalException, SystemException {
198 
199         Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
200 
201         checkPermission(
202             permissionChecker, groupId, resource.getName(),
203             resource.getPrimKey().toString());
204     }
205 
206     protected void checkPermission(
207             PermissionChecker permissionChecker, long groupId, String name,
208             long primKey)
209         throws PortalException, SystemException {
210 
211         checkPermission(
212             permissionChecker, groupId, name, String.valueOf(primKey));
213     }
214 
215     protected void checkPermission(
216             PermissionChecker permissionChecker, long groupId, String name,
217             String primKey)
218         throws PortalException, SystemException {
219 
220         if (name.equals(Group.class.getName())) {
221             GroupPermissionUtil.check(
222                 permissionChecker, GetterUtil.getLong(primKey),
223                 ActionKeys.PERMISSIONS);
224         }
225         else if (name.equals(Layout.class.getName())) {
226             long plid = GetterUtil.getLong(primKey);
227 
228             Layout layout = layoutPersistence.findByPrimaryKey(plid);
229 
230             GroupPermissionUtil.check(
231                 permissionChecker, layout.getGroupId(),
232                 ActionKeys.MANAGE_LAYOUTS);
233         }
234         else if (name.equals(User.class.getName())) {
235             long userId = GetterUtil.getLong(primKey);
236 
237             User user = userPersistence.findByPrimaryKey(userId);
238 
239             UserPermissionUtil.check(
240                 permissionChecker, userId, user.getOrganizationIds(),
241                 ActionKeys.PERMISSIONS);
242         }
243         else if ((primKey != null) &&
244                  (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
245 
246             int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
247 
248             long plid = GetterUtil.getLong(primKey.substring(0, pos));
249 
250             String portletId = primKey.substring(
251                 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
252                 primKey.length());
253 
254             if (!PortletPermissionUtil.contains(
255                     permissionChecker, plid, portletId,
256                     ActionKeys.CONFIGURATION)) {
257 
258                 throw new PrincipalException();
259             }
260         }
261         else if (!permissionChecker.hasPermission(
262                     groupId, name, primKey, ActionKeys.PERMISSIONS) &&
263                  !permissionChecker.hasPermission(
264                     groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
265 
266             throw new PrincipalException();
267         }
268     }
269 
270 }