001
014
015 package com.liferay.portal.service.impl;
016
017 import com.liferay.portal.kernel.exception.PortalException;
018 import com.liferay.portal.kernel.exception.SystemException;
019 import com.liferay.portal.kernel.util.GetterUtil;
020 import com.liferay.portal.model.Group;
021 import com.liferay.portal.model.Layout;
022 import com.liferay.portal.model.PortletConstants;
023 import com.liferay.portal.model.Resource;
024 import com.liferay.portal.model.Role;
025 import com.liferay.portal.model.Team;
026 import com.liferay.portal.model.User;
027 import com.liferay.portal.security.auth.PrincipalException;
028 import com.liferay.portal.security.permission.ActionKeys;
029 import com.liferay.portal.security.permission.PermissionChecker;
030 import com.liferay.portal.security.permission.PermissionCheckerBag;
031 import com.liferay.portal.security.permission.ResourceActionsUtil;
032 import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033 import com.liferay.portal.service.permission.GroupPermissionUtil;
034 import com.liferay.portal.service.permission.LayoutPermissionUtil;
035 import com.liferay.portal.service.permission.PortletPermissionUtil;
036 import com.liferay.portal.service.permission.UserPermissionUtil;
037 import com.liferay.portlet.blogs.model.BlogsEntry;
038 import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
039 import com.liferay.portlet.bookmarks.model.BookmarksEntry;
040 import com.liferay.portlet.bookmarks.model.BookmarksFolder;
041 import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
042 import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
043 import com.liferay.portlet.calendar.model.CalEvent;
044 import com.liferay.portlet.calendar.service.permission.CalEventPermission;
045 import com.liferay.portlet.documentlibrary.model.DLFileEntry;
046 import com.liferay.portlet.documentlibrary.model.DLFolder;
047 import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
048 import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
049 import com.liferay.portlet.journal.model.JournalArticle;
050 import com.liferay.portlet.journal.model.JournalFeed;
051 import com.liferay.portlet.journal.model.JournalStructure;
052 import com.liferay.portlet.journal.model.JournalTemplate;
053 import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
054 import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
055 import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
056 import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
057 import com.liferay.portlet.messageboards.model.MBCategory;
058 import com.liferay.portlet.messageboards.model.MBMessage;
059 import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060 import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061 import com.liferay.portlet.polls.model.PollsQuestion;
062 import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063 import com.liferay.portlet.shopping.model.ShoppingCategory;
064 import com.liferay.portlet.shopping.model.ShoppingItem;
065 import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066 import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067 import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068 import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069 import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070 import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071 import com.liferay.portlet.wiki.model.WikiNode;
072 import com.liferay.portlet.wiki.model.WikiPage;
073 import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074 import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075
076 import java.util.List;
077 import java.util.Map;
078
079
085 public class PermissionServiceImpl extends PermissionServiceBaseImpl {
086
087
097 public void checkPermission(long groupId, long resourceId)
098 throws PortalException, SystemException {
099
100 checkPermission(getPermissionChecker(), groupId, resourceId);
101 }
102
103
114 public void checkPermission(long groupId, String name, long primKey)
115 throws PortalException, SystemException {
116
117 checkPermission(getPermissionChecker(), groupId, name, primKey);
118 }
119
120
131 public void checkPermission(long groupId, String name, String primKey)
132 throws PortalException, SystemException {
133
134 checkPermission(getPermissionChecker(), groupId, name, primKey);
135 }
136
137
148 public boolean hasGroupPermission(
149 long groupId, String actionId, long resourceId)
150 throws SystemException {
151
152 return permissionLocalService.hasGroupPermission(
153 groupId, actionId, resourceId);
154 }
155
156
167 public boolean hasUserPermission(
168 long userId, String actionId, long resourceId)
169 throws SystemException {
170
171 return permissionLocalService.hasUserPermission(
172 userId, actionId, resourceId);
173 }
174
175
198 public boolean hasUserPermissions(
199 long userId, long groupId, List<Resource> resources,
200 String actionId, PermissionCheckerBag permissionCheckerBag)
201 throws PortalException, SystemException {
202
203 return permissionLocalService.hasUserPermissions(
204 userId, groupId, resources, actionId, permissionCheckerBag);
205 }
206
207
218 public void setGroupPermissions(
219 long groupId, String[] actionIds, long resourceId)
220 throws PortalException, SystemException {
221
222 checkPermission(getPermissionChecker(), groupId, resourceId);
223
224 permissionLocalService.setGroupPermissions(
225 groupId, actionIds, resourceId);
226 }
227
228
245 public void setGroupPermissions(
246 String className, String classPK, long groupId, String[] actionIds,
247 long resourceId)
248 throws PortalException, SystemException {
249
250 checkPermission(getPermissionChecker(), groupId, resourceId);
251
252 permissionLocalService.setGroupPermissions(
253 className, classPK, groupId, actionIds, resourceId);
254 }
255
256
270 public void setIndividualPermissions(
271 long groupId, long companyId,
272 Map<Long, String[]> roleIdsToActionIds, long resourceId)
273 throws PortalException, SystemException {
274
275 checkPermission(getPermissionChecker(), groupId, resourceId);
276
277 permissionLocalService.setRolesPermissions(
278 companyId, roleIdsToActionIds, resourceId);
279 }
280
281
296 public void setOrgGroupPermissions(
297 long organizationId, long groupId, String[] actionIds,
298 long resourceId)
299 throws PortalException, SystemException {
300
301 checkPermission(getPermissionChecker(), groupId, resourceId);
302
303 permissionLocalService.setOrgGroupPermissions(
304 organizationId, groupId, actionIds, resourceId);
305 }
306
307
322 public void setRolePermission(
323 long roleId, long groupId, String name, int scope, String primKey,
324 String actionId)
325 throws PortalException, SystemException {
326
327 checkPermission(
328 getPermissionChecker(), groupId, Role.class.getName(), roleId);
329
330 User user = getUser();
331
332 permissionLocalService.setRolePermission(
333 roleId, user.getCompanyId(), name, scope, primKey, actionId);
334 }
335
336
348 public void setRolePermissions(
349 long roleId, long groupId, String[] actionIds, long resourceId)
350 throws PortalException, SystemException {
351
352 checkPermission(getPermissionChecker(), groupId, resourceId);
353
354 permissionLocalService.setRolePermissions(
355 roleId, actionIds, resourceId);
356 }
357
358
370 public void setUserPermissions(
371 long userId, long groupId, String[] actionIds, long resourceId)
372 throws PortalException, SystemException {
373
374 checkPermission(getPermissionChecker(), groupId, resourceId);
375
376 permissionLocalService.setUserPermissions(
377 userId, actionIds, resourceId);
378 }
379
380
389 public void unsetRolePermission(
390 long roleId, long groupId, long permissionId)
391 throws PortalException, SystemException {
392
393 checkPermission(
394 getPermissionChecker(), groupId, Role.class.getName(), roleId);
395
396 permissionLocalService.unsetRolePermission(roleId, permissionId);
397 }
398
399
412 public void unsetRolePermission(
413 long roleId, long groupId, String name, int scope, String primKey,
414 String actionId)
415 throws PortalException, SystemException {
416
417 checkPermission(
418 getPermissionChecker(), groupId, Role.class.getName(), roleId);
419
420 User user = getUser();
421
422 permissionLocalService.unsetRolePermission(
423 roleId, user.getCompanyId(), name, scope, primKey, actionId);
424 }
425
426
438 public void unsetRolePermissions(
439 long roleId, long groupId, String name, int scope, String actionId)
440 throws PortalException, SystemException {
441
442 checkPermission(
443 getPermissionChecker(), groupId, Role.class.getName(), roleId);
444
445 User user = getUser();
446
447 permissionLocalService.unsetRolePermissions(
448 roleId, user.getCompanyId(), name, scope, actionId);
449 }
450
451
462 public void unsetUserPermissions(
463 long userId, long groupId, String[] actionIds, long resourceId)
464 throws PortalException, SystemException {
465
466 checkPermission(getPermissionChecker(), groupId, resourceId);
467
468 permissionLocalService.unsetUserPermissions(
469 userId, actionIds, resourceId);
470 }
471
472 protected void checkPermission(
473 PermissionChecker permissionChecker, long groupId, long resourceId)
474 throws PortalException, SystemException {
475
476 Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
477
478 checkPermission(
479 permissionChecker, groupId, resource.getName(),
480 resource.getPrimKey().toString());
481 }
482
483 protected void checkPermission(
484 PermissionChecker permissionChecker, long groupId, String name,
485 long primKey)
486 throws PortalException, SystemException {
487
488 checkPermission(
489 permissionChecker, groupId, name, String.valueOf(primKey));
490 }
491
492 protected void checkPermission(
493 PermissionChecker permissionChecker, long groupId, String name,
494 String primKey)
495 throws PortalException, SystemException {
496
497 if (name.equals(BlogsEntry.class.getName())) {
498 BlogsEntryPermission.check(
499 permissionChecker, GetterUtil.getLong(primKey),
500 ActionKeys.PERMISSIONS);
501 }
502 else if (name.equals(BookmarksEntry.class.getName())) {
503 BookmarksEntryPermission.check(
504 permissionChecker, GetterUtil.getLong(primKey),
505 ActionKeys.PERMISSIONS);
506 }
507 else if (name.equals(BookmarksFolder.class.getName())) {
508 BookmarksFolderPermission.check(
509 permissionChecker, groupId, GetterUtil.getLong(primKey),
510 ActionKeys.PERMISSIONS);
511 }
512 else if (name.equals(CalEvent.class.getName())) {
513 CalEventPermission.check(
514 permissionChecker, GetterUtil.getLong(primKey),
515 ActionKeys.PERMISSIONS);
516 }
517 else if (name.equals(DLFileEntry.class.getName())) {
518 DLFileEntryPermission.check(
519 permissionChecker, GetterUtil.getLong(primKey),
520 ActionKeys.PERMISSIONS);
521 }
522 else if (name.equals(DLFolder.class.getName())) {
523 DLFolderPermission.check(
524 permissionChecker, groupId, GetterUtil.getLong(primKey),
525 ActionKeys.PERMISSIONS);
526 }
527 else if (name.equals(Group.class.getName())) {
528 GroupPermissionUtil.check(
529 permissionChecker, GetterUtil.getLong(primKey),
530 ActionKeys.PERMISSIONS);
531 }
532 else if (name.equals(JournalArticle.class.getName())) {
533 JournalArticlePermission.check(
534 permissionChecker, GetterUtil.getLong(primKey),
535 ActionKeys.PERMISSIONS);
536 }
537 else if (name.equals(JournalFeed.class.getName())) {
538 JournalFeedPermission.check(
539 permissionChecker, GetterUtil.getLong(primKey),
540 ActionKeys.PERMISSIONS);
541 }
542 else if (name.equals(JournalStructure.class.getName())) {
543 JournalStructurePermission.check(
544 permissionChecker, GetterUtil.getLong(primKey),
545 ActionKeys.PERMISSIONS);
546 }
547 else if (name.equals(JournalTemplate.class.getName())) {
548 JournalTemplatePermission.check(
549 permissionChecker, GetterUtil.getLong(primKey),
550 ActionKeys.PERMISSIONS);
551 }
552 else if (name.equals(Layout.class.getName())) {
553 LayoutPermissionUtil.check(
554 permissionChecker, GetterUtil.getLong(primKey),
555 ActionKeys.PERMISSIONS);
556 }
557 else if (name.equals(MBCategory.class.getName())) {
558 MBCategoryPermission.check(
559 permissionChecker, groupId, GetterUtil.getLong(primKey),
560 ActionKeys.PERMISSIONS);
561 }
562 else if (name.equals(MBMessage.class.getName())) {
563 MBMessagePermission.check(
564 permissionChecker, GetterUtil.getLong(primKey),
565 ActionKeys.PERMISSIONS);
566 }
567 else if (name.equals(PollsQuestion.class.getName())) {
568 PollsQuestionPermission.check(
569 permissionChecker, GetterUtil.getLong(primKey),
570 ActionKeys.PERMISSIONS);
571 }
572 else if (name.equals(SCFrameworkVersion.class.getName())) {
573 SCFrameworkVersionPermission.check(
574 permissionChecker, GetterUtil.getLong(primKey),
575 ActionKeys.PERMISSIONS);
576 }
577 else if (name.equals(SCProductEntry.class.getName())) {
578 SCProductEntryPermission.check(
579 permissionChecker, GetterUtil.getLong(primKey),
580 ActionKeys.PERMISSIONS);
581 }
582 else if (name.equals(ShoppingCategory.class.getName())) {
583 ShoppingCategoryPermission.check(
584 permissionChecker, groupId, GetterUtil.getLong(primKey),
585 ActionKeys.PERMISSIONS);
586 }
587 else if (name.equals(ShoppingItem.class.getName())) {
588 ShoppingItemPermission.check(
589 permissionChecker, GetterUtil.getLong(primKey),
590 ActionKeys.PERMISSIONS);
591 }
592 else if (name.equals(Team.class.getName())) {
593 long teamId = GetterUtil.getLong(primKey);
594
595 Team team = teamPersistence.findByPrimaryKey(teamId);
596
597 GroupPermissionUtil.check(
598 permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
599 }
600 else if (name.equals(User.class.getName())) {
601 long userId = GetterUtil.getLong(primKey);
602
603 User user = userPersistence.findByPrimaryKey(userId);
604
605 UserPermissionUtil.check(
606 permissionChecker, userId, user.getOrganizationIds(),
607 ActionKeys.PERMISSIONS);
608 }
609 else if (name.equals(WikiNode.class.getName())) {
610 WikiNodePermission.check(
611 permissionChecker, GetterUtil.getLong(primKey),
612 ActionKeys.PERMISSIONS);
613 }
614 else if (name.equals(WikiPage.class.getName())) {
615 WikiPagePermission.check(
616 permissionChecker, GetterUtil.getLong(primKey),
617 ActionKeys.PERMISSIONS);
618 }
619 else if ((primKey != null) &&
620 (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
621
622 int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
623
624 long plid = GetterUtil.getLong(primKey.substring(0, pos));
625
626 String portletId = primKey.substring(
627 pos + PortletConstants.LAYOUT_SEPARATOR.length(),
628 primKey.length());
629
630 PortletPermissionUtil.check(
631 permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
632 }
633 else if (!permissionChecker.hasPermission(
634 groupId, name, primKey, ActionKeys.PERMISSIONS)) {
635
636 List<String> resourceActions =
637 ResourceActionsUtil.getResourceActions(name);
638
639 if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
640 !permissionChecker.hasPermission(
641 groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
642
643 throw new PrincipalException();
644 }
645 }
646 }
647
648 }