001
014
015 package com.liferay.portal.service.permission;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.model.Contact;
020 import com.liferay.portal.model.ResourceConstants;
021 import com.liferay.portal.model.User;
022 import com.liferay.portal.security.auth.PrincipalException;
023 import com.liferay.portal.security.permission.ActionKeys;
024 import com.liferay.portal.security.permission.PermissionChecker;
025 import com.liferay.portal.service.UserLocalServiceUtil;
026 import com.liferay.portal.util.PortalUtil;
027 import com.liferay.portal.util.PropsValues;
028
029
033 public class UserPermissionImpl implements UserPermission {
034
035
039 public void check(
040 PermissionChecker permissionChecker, long userId,
041 long organizationId, long locationId, String actionId)
042 throws PrincipalException {
043
044 check(
045 permissionChecker, userId, new long[] {organizationId, locationId},
046 actionId);
047 }
048
049 public void check(
050 PermissionChecker permissionChecker, long userId,
051 long[] organizationIds, String actionId)
052 throws PrincipalException {
053
054 if (!contains(permissionChecker, userId, organizationIds, actionId)) {
055 throw new PrincipalException();
056 }
057 }
058
059 public void check(
060 PermissionChecker permissionChecker, long userId, String actionId)
061 throws PrincipalException {
062
063 if (!contains(permissionChecker, userId, actionId)) {
064 throw new PrincipalException();
065 }
066 }
067
068
072 public boolean contains(
073 PermissionChecker permissionChecker, long userId, long organizationId,
074 long locationId, String actionId) {
075
076 return contains(
077 permissionChecker, userId, new long[] {organizationId, locationId},
078 actionId);
079 }
080
081 public boolean contains(
082 PermissionChecker permissionChecker, long userId,
083 long[] organizationIds, String actionId) {
084
085 if (actionId.equals(ActionKeys.IMPERSONATE) &&
086 PortalUtil.isOmniadmin(userId) &&
087 !permissionChecker.isOmniadmin()) {
088
089 return false;
090 }
091
092 try {
093 User user = null;
094
095 if (userId != ResourceConstants.PRIMKEY_DNE) {
096 user = UserLocalServiceUtil.getUserById(userId);
097
098 Contact contact = user.getContact();
099
100 if (((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 ||
101 PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
102 (permissionChecker.hasOwnerPermission(
103 permissionChecker.getCompanyId(), User.class.getName(),
104 userId, contact.getUserId(), actionId))) ||
105 (permissionChecker.getUserId() == userId)) {
106
107 return true;
108 }
109 }
110
111 if (permissionChecker.hasPermission(
112 0, User.class.getName(), userId, actionId)) {
113
114 return true;
115 }
116
117 if (user != null) {
118 if (organizationIds == null) {
119 organizationIds = user.getOrganizationIds();
120 }
121
122 for (long organizationId : organizationIds) {
123 if (OrganizationPermissionUtil.contains(
124 permissionChecker, organizationId,
125 ActionKeys.MANAGE_USERS)) {
126
127 return true;
128 }
129 }
130 }
131 }
132 catch (Exception e) {
133 _log.error(e, e);
134 }
135
136 return false;
137 }
138
139 public boolean contains(
140 PermissionChecker permissionChecker, long userId, String actionId) {
141
142 return contains(permissionChecker, userId, null, actionId);
143 }
144
145 private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
146
147 }