001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.kernel.util.GetterUtil;
020    import com.liferay.portal.model.Group;
021    import com.liferay.portal.model.Layout;
022    import com.liferay.portal.model.PortletConstants;
023    import com.liferay.portal.model.Resource;
024    import com.liferay.portal.model.Role;
025    import com.liferay.portal.model.Team;
026    import com.liferay.portal.model.User;
027    import com.liferay.portal.security.auth.PrincipalException;
028    import com.liferay.portal.security.permission.ActionKeys;
029    import com.liferay.portal.security.permission.PermissionChecker;
030    import com.liferay.portal.security.permission.PermissionCheckerBag;
031    import com.liferay.portal.security.permission.ResourceActionsUtil;
032    import com.liferay.portal.service.base.PermissionServiceBaseImpl;
033    import com.liferay.portal.service.permission.GroupPermissionUtil;
034    import com.liferay.portal.service.permission.LayoutPermissionUtil;
035    import com.liferay.portal.service.permission.PortletPermissionUtil;
036    import com.liferay.portal.service.permission.UserPermissionUtil;
037    import com.liferay.portlet.blogs.model.BlogsEntry;
038    import com.liferay.portlet.blogs.service.permission.BlogsEntryPermission;
039    import com.liferay.portlet.bookmarks.model.BookmarksEntry;
040    import com.liferay.portlet.bookmarks.model.BookmarksFolder;
041    import com.liferay.portlet.bookmarks.service.permission.BookmarksEntryPermission;
042    import com.liferay.portlet.bookmarks.service.permission.BookmarksFolderPermission;
043    import com.liferay.portlet.calendar.model.CalEvent;
044    import com.liferay.portlet.calendar.service.permission.CalEventPermission;
045    import com.liferay.portlet.documentlibrary.model.DLFileEntry;
046    import com.liferay.portlet.documentlibrary.model.DLFolder;
047    import com.liferay.portlet.documentlibrary.service.permission.DLFileEntryPermission;
048    import com.liferay.portlet.documentlibrary.service.permission.DLFolderPermission;
049    import com.liferay.portlet.journal.model.JournalArticle;
050    import com.liferay.portlet.journal.model.JournalFeed;
051    import com.liferay.portlet.journal.model.JournalStructure;
052    import com.liferay.portlet.journal.model.JournalTemplate;
053    import com.liferay.portlet.journal.service.permission.JournalArticlePermission;
054    import com.liferay.portlet.journal.service.permission.JournalFeedPermission;
055    import com.liferay.portlet.journal.service.permission.JournalStructurePermission;
056    import com.liferay.portlet.journal.service.permission.JournalTemplatePermission;
057    import com.liferay.portlet.messageboards.model.MBCategory;
058    import com.liferay.portlet.messageboards.model.MBMessage;
059    import com.liferay.portlet.messageboards.service.permission.MBCategoryPermission;
060    import com.liferay.portlet.messageboards.service.permission.MBMessagePermission;
061    import com.liferay.portlet.polls.model.PollsQuestion;
062    import com.liferay.portlet.polls.service.permission.PollsQuestionPermission;
063    import com.liferay.portlet.shopping.model.ShoppingCategory;
064    import com.liferay.portlet.shopping.model.ShoppingItem;
065    import com.liferay.portlet.shopping.service.permission.ShoppingCategoryPermission;
066    import com.liferay.portlet.shopping.service.permission.ShoppingItemPermission;
067    import com.liferay.portlet.softwarecatalog.model.SCFrameworkVersion;
068    import com.liferay.portlet.softwarecatalog.model.SCProductEntry;
069    import com.liferay.portlet.softwarecatalog.service.permission.SCFrameworkVersionPermission;
070    import com.liferay.portlet.softwarecatalog.service.permission.SCProductEntryPermission;
071    import com.liferay.portlet.wiki.model.WikiNode;
072    import com.liferay.portlet.wiki.model.WikiPage;
073    import com.liferay.portlet.wiki.service.permission.WikiNodePermission;
074    import com.liferay.portlet.wiki.service.permission.WikiPagePermission;
075    
076    import java.util.List;
077    import java.util.Map;
078    
079    /**
080     * The implementation of the permission remote service.
081     *
082     * @author Brian Wing Shun Chan
083     * @author Raymond Augé
084     */
085    public class PermissionServiceImpl extends PermissionServiceBaseImpl {
086    
087            /**
088             * Checks to see if the group has permission to the resource.
089             *
090             * @param  groupId the primary key of the group
091             * @param  resourceId the primary key of the resource
092             * @throws PortalException if the group did not have permission to the
093             *         resource, or if a group or resource with the primary key could
094             *         not be found or was invalid
095             * @throws SystemException if a system exception occurred
096             */
097            public void checkPermission(long groupId, long resourceId)
098                    throws PortalException, SystemException {
099    
100                    checkPermission(getPermissionChecker(), groupId, resourceId);
101            }
102    
103            /**
104             * Checks to see if the group has permission to the service.
105             *
106             * @param  groupId the primary key of the group
107             * @param  name the service name
108             * @param  primKey the primary key of the service
109             * @throws PortalException if the group did not have permission to the
110             *         service, if a group with the primary key could not be found or if
111             *         the permission information was invalid
112             * @throws SystemException if a system exception occurred
113             */
114            public void checkPermission(long groupId, String name, long primKey)
115                    throws PortalException, SystemException {
116    
117                    checkPermission(getPermissionChecker(), groupId, name, primKey);
118            }
119    
120            /**
121             * Checks to see if the group has permission to the service.
122             *
123             * @param  groupId the primary key of the group
124             * @param  name the service name
125             * @param  primKey the primary key of the service
126             * @throws PortalException if the group did not have permission to the
127             *         service, if a group with the primary key could not be found or if
128             *         the permission information was invalid
129             * @throws SystemException if a system exception occurred
130             */
131            public void checkPermission(long groupId, String name, String primKey)
132                    throws PortalException, SystemException {
133    
134                    checkPermission(getPermissionChecker(), groupId, name, primKey);
135            }
136    
137            /**
138             * Returns <code>true</code> if the group has permission to perform the
139             * action on the resource.
140             *
141             * @param  groupId the primary key of the group
142             * @param  actionId the action's ID
143             * @param  resourceId the primary key of the resource
144             * @return <code>true</code> if the group has permission to perform the
145             *         action on the resource; <code>false</code> otherwise
146             * @throws SystemException if a system exception occurred
147             */
148            public boolean hasGroupPermission(
149                            long groupId, String actionId, long resourceId)
150                    throws SystemException {
151    
152                    return permissionLocalService.hasGroupPermission(
153                            groupId, actionId, resourceId);
154            }
155    
156            /**
157             * Returns <code>true</code> if the user has permission to perform the
158             * action on the resource.
159             *
160             * @param  userId the primary key of the user
161             * @param  actionId the action's ID
162             * @param  resourceId the primary key of the resource
163             * @return <code>true</code> if the user has permission to perform the
164             *         action on the resource; <code>false</code> otherwise
165             * @throws SystemException if a system exception occurred
166             */
167            public boolean hasUserPermission(
168                            long userId, String actionId, long resourceId)
169                    throws SystemException {
170    
171                    return permissionLocalService.hasUserPermission(
172                            userId, actionId, resourceId);
173            }
174    
175            /**
176             * Returns <code>true</code> if the user has permission to perform the
177             * action on the resources.
178             *
179             * <p>
180             * This method does not support resources managed by the resource block
181             * system.
182             * </p>
183             *
184             * @param  userId the primary key of the user
185             * @param  groupId the primary key of the group containing the resource
186             * @param  resources representations of the resource at each scope level
187             *         returned by {@link
188             *         com.liferay.portal.security.permission.AdvancedPermissionChecker#getResources(
189             *         long, long, String, String, String)}
190             * @param  actionId the action's ID
191             * @param  permissionCheckerBag the permission checker bag
192             * @return <code>true</code> if the user has permission to perform the
193             *         action on the resources; <code>false</code> otherwise
194             * @throws PortalException if a resource action based on any one of the
195             *         resources and the action ID could not be found
196             * @throws SystemException if a system exception occurred
197             */
198            public boolean hasUserPermissions(
199                            long userId, long groupId, List<Resource> resources,
200                            String actionId, PermissionCheckerBag permissionCheckerBag)
201                    throws PortalException, SystemException {
202    
203                    return permissionLocalService.hasUserPermissions(
204                            userId, groupId, resources, actionId, permissionCheckerBag);
205            }
206    
207            /**
208             * Sets the group's permissions to perform the actions on the resource,
209             * replacing the group's existing permissions on the resource.
210             *
211             * @param  groupId the primary key of the group
212             * @param  actionIds the primary keys of the actions
213             * @param  resourceId the primary key of the resource
214             * @throws PortalException if a group with the primary key could not be
215             *         found or if the group did not have permission to the resource
216             * @throws SystemException if a system exception occurred
217             */
218            public void setGroupPermissions(
219                            long groupId, String[] actionIds, long resourceId)
220                    throws PortalException, SystemException {
221    
222                    checkPermission(getPermissionChecker(), groupId, resourceId);
223    
224                    permissionLocalService.setGroupPermissions(
225                            groupId, actionIds, resourceId);
226            }
227    
228            /**
229             * Sets the entity's group permissions to perform the actions on the
230             * resource, replacing the entity's existing group permissions on the
231             * resource. Only {@link com.liferay.portal.model.Organization} and {@link
232             * com.liferay.portal.model.UserGroup} class entities are supported.
233             *
234             * @param  className the class name of an organization or user group
235             * @param  classPK the primary key of the class
236             * @param  groupId the primary key of the group
237             * @param  actionIds the primary keys of the actions
238             * @param  resourceId the primary key of the resource
239             * @throws PortalException if the group did not have permission to the
240             *         resource, if an entity with the class name and primary key could
241             *         not be found, or if the entity's associated group could not be
242             *         found
243             * @throws SystemException if a system exception occurred
244             */
245            public void setGroupPermissions(
246                            String className, String classPK, long groupId, String[] actionIds,
247                            long resourceId)
248                    throws PortalException, SystemException {
249    
250                    checkPermission(getPermissionChecker(), groupId, resourceId);
251    
252                    permissionLocalService.setGroupPermissions(
253                            className, classPK, groupId, actionIds, resourceId);
254            }
255    
256            /**
257             * Sets the permissions of each role to perform respective actions on the
258             * resource, replacing the existing permissions of each role on the
259             * resource.
260             *
261             * @param  groupId the primary key of the group
262             * @param  companyId the primary key of the company
263             * @param  roleIdsToActionIds the map of roles to their new actions on the
264             *         resource
265             * @param  resourceId the primary key of the resource
266             * @throws PortalException if the group did not have permission to the
267             *         resource
268             * @throws SystemException if a system exception occurred
269             */
270            public void setIndividualPermissions(
271                            long groupId, long companyId,
272                            Map<Long, String[]> roleIdsToActionIds, long resourceId)
273                    throws PortalException, SystemException {
274    
275                    checkPermission(getPermissionChecker(), groupId, resourceId);
276    
277                    permissionLocalService.setRolesPermissions(
278                            companyId, roleIdsToActionIds, resourceId);
279            }
280    
281            /**
282             * Sets the organization permission to perform the actions on the resource
283             * for a particular group, replacing the organization's existing permissions
284             * on the resource.
285             *
286             * @param  organizationId the primary key of the organization
287             * @param  groupId the primary key of the group in which to scope the
288             *         permissions
289             * @param  actionIds the primary keys of the actions
290             * @param  resourceId the primary key of the resource
291             * @throws PortalException if the group did not have permission to the
292             *         resource or if an organization with the primary key could not be
293             *         found
294             * @throws SystemException if a system exception occurred
295             */
296            public void setOrgGroupPermissions(
297                            long organizationId, long groupId, String[] actionIds,
298                            long resourceId)
299                    throws PortalException, SystemException {
300    
301                    checkPermission(getPermissionChecker(), groupId, resourceId);
302    
303                    permissionLocalService.setOrgGroupPermissions(
304                            organizationId, groupId, actionIds, resourceId);
305            }
306    
307            /**
308             * Sets the role's permissions to perform the action on the named resource,
309             * replacing the role's existing permissions on the resource.
310             *
311             * @param  roleId the primary key of the role
312             * @param  groupId the primary key of the group
313             * @param  name the resource name
314             * @param  scope the resource scope
315             * @param  primKey the resource primKey
316             * @param  actionId the action's ID
317             * @throws PortalException if the group did not have permission to the role
318             *         or if the scope was {@link
319             *         com.liferay.portal.model.ResourceConstants#SCOPE_INDIVIDUAL}
320             * @throws SystemException if a system exception occurred
321             */
322            public void setRolePermission(
323                            long roleId, long groupId, String name, int scope, String primKey,
324                            String actionId)
325                    throws PortalException, SystemException {
326    
327                    checkPermission(
328                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
329    
330                    User user = getUser();
331    
332                    permissionLocalService.setRolePermission(
333                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
334            }
335    
336            /**
337             * Sets the role's permissions to perform the actions on the resource,
338             * replacing the role's existing permissions on the resource.
339             *
340             * @param  roleId the primary key of the role
341             * @param  groupId the primary key of the group
342             * @param  actionIds the primary keys of the actions
343             * @param  resourceId the primary key of the resource
344             * @throws PortalException if the group did not have permission to the
345             *         resource or if a role with the primary key could not be found
346             * @throws SystemException if a system exception occurred
347             */
348            public void setRolePermissions(
349                            long roleId, long groupId, String[] actionIds, long resourceId)
350                    throws PortalException, SystemException {
351    
352                    checkPermission(getPermissionChecker(), groupId, resourceId);
353    
354                    permissionLocalService.setRolePermissions(
355                            roleId, actionIds, resourceId);
356            }
357    
358            /**
359             * Sets the user's permissions to perform the actions on the resource,
360             * replacing the user's existing permissions on the resource.
361             *
362             * @param  userId the primary key of the user
363             * @param  groupId the primary key of the group
364             * @param  actionIds the primary keys of the actions
365             * @param  resourceId the primary key of the resource
366             * @throws PortalException if the group did not have permission to the
367             *         resource or if a user with the primary key could not be found
368             * @throws SystemException if a system exception occurred
369             */
370            public void setUserPermissions(
371                            long userId, long groupId, String[] actionIds, long resourceId)
372                    throws PortalException, SystemException {
373    
374                    checkPermission(getPermissionChecker(), groupId, resourceId);
375    
376                    permissionLocalService.setUserPermissions(
377                            userId, actionIds, resourceId);
378            }
379    
380            /**
381             * Removes the permission from the role.
382             *
383             * @param  roleId the primary key of the role
384             * @param  groupId the primary key of the group
385             * @param  permissionId the primary key of the permission
386             * @throws PortalException if the group did not have permission to the role
387             * @throws SystemException if a system exception occurred
388             */
389            public void unsetRolePermission(
390                            long roleId, long groupId, long permissionId)
391                    throws PortalException, SystemException {
392    
393                    checkPermission(
394                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
395    
396                    permissionLocalService.unsetRolePermission(roleId, permissionId);
397            }
398    
399            /**
400             * Removes the role's permissions to perform the action on the named
401             * resource with the scope and primKey.
402             *
403             * @param  roleId the primary key of the role
404             * @param  groupId the primary key of the group
405             * @param  name the resource name
406             * @param  scope the resource scope
407             * @param  primKey the resource primKey
408             * @param  actionId the action's ID
409             * @throws PortalException if the group did not have permission to the role
410             * @throws SystemException if a system exception occurred
411             */
412            public void unsetRolePermission(
413                            long roleId, long groupId, String name, int scope, String primKey,
414                            String actionId)
415                    throws PortalException, SystemException {
416    
417                    checkPermission(
418                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
419    
420                    User user = getUser();
421    
422                    permissionLocalService.unsetRolePermission(
423                            roleId, user.getCompanyId(), name, scope, primKey, actionId);
424            }
425    
426            /**
427             * Removes the role's permissions to perform the action on the named
428             * resource.
429             *
430             * @param  roleId the primary key of the role
431             * @param  groupId the primary key of the group
432             * @param  name the resource name
433             * @param  scope the resource scope
434             * @param  actionId the action's ID
435             * @throws PortalException if the group did not have permission to the role
436             * @throws SystemException if a system exception occurred
437             */
438            public void unsetRolePermissions(
439                            long roleId, long groupId, String name, int scope, String actionId)
440                    throws PortalException, SystemException {
441    
442                    checkPermission(
443                            getPermissionChecker(), groupId, Role.class.getName(), roleId);
444    
445                    User user = getUser();
446    
447                    permissionLocalService.unsetRolePermissions(
448                            roleId, user.getCompanyId(), name, scope, actionId);
449            }
450    
451            /**
452             * Removes the user's permissions to perform the actions on the resource.
453             *
454             * @param  userId the primary key of the user
455             * @param  groupId the primary key of the group
456             * @param  actionIds the primary keys of the actions
457             * @param  resourceId the primary key of the resource
458             * @throws PortalException if the group did not have permission to the
459             *         resource
460             * @throws SystemException if a system exception occurred
461             */
462            public void unsetUserPermissions(
463                            long userId, long groupId, String[] actionIds, long resourceId)
464                    throws PortalException, SystemException {
465    
466                    checkPermission(getPermissionChecker(), groupId, resourceId);
467    
468                    permissionLocalService.unsetUserPermissions(
469                            userId, actionIds, resourceId);
470            }
471    
472            protected void checkPermission(
473                            PermissionChecker permissionChecker, long groupId, long resourceId)
474                    throws PortalException, SystemException {
475    
476                    Resource resource = resourcePersistence.findByPrimaryKey(resourceId);
477    
478                    checkPermission(
479                            permissionChecker, groupId, resource.getName(),
480                            resource.getPrimKey().toString());
481            }
482    
483            protected void checkPermission(
484                            PermissionChecker permissionChecker, long groupId, String name,
485                            long primKey)
486                    throws PortalException, SystemException {
487    
488                    checkPermission(
489                            permissionChecker, groupId, name, String.valueOf(primKey));
490            }
491    
492            protected void checkPermission(
493                            PermissionChecker permissionChecker, long groupId, String name,
494                            String primKey)
495                    throws PortalException, SystemException {
496    
497                    if (name.equals(BlogsEntry.class.getName())) {
498                            BlogsEntryPermission.check(
499                                    permissionChecker, GetterUtil.getLong(primKey),
500                                    ActionKeys.PERMISSIONS);
501                    }
502                    else if (name.equals(BookmarksEntry.class.getName())) {
503                            BookmarksEntryPermission.check(
504                                    permissionChecker, GetterUtil.getLong(primKey),
505                                    ActionKeys.PERMISSIONS);
506                    }
507                    else if (name.equals(BookmarksFolder.class.getName())) {
508                            BookmarksFolderPermission.check(
509                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
510                                    ActionKeys.PERMISSIONS);
511                    }
512                    else if (name.equals(CalEvent.class.getName())) {
513                            CalEventPermission.check(
514                                    permissionChecker, GetterUtil.getLong(primKey),
515                                    ActionKeys.PERMISSIONS);
516                    }
517                    else if (name.equals(DLFileEntry.class.getName())) {
518                            DLFileEntryPermission.check(
519                                    permissionChecker, GetterUtil.getLong(primKey),
520                                    ActionKeys.PERMISSIONS);
521                    }
522                    else if (name.equals(DLFolder.class.getName())) {
523                            DLFolderPermission.check(
524                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
525                                    ActionKeys.PERMISSIONS);
526                    }
527                    else if (name.equals(Group.class.getName())) {
528                            GroupPermissionUtil.check(
529                                    permissionChecker, GetterUtil.getLong(primKey),
530                                    ActionKeys.PERMISSIONS);
531                    }
532                    else if (name.equals(JournalArticle.class.getName())) {
533                            JournalArticlePermission.check(
534                                    permissionChecker, GetterUtil.getLong(primKey),
535                                    ActionKeys.PERMISSIONS);
536                    }
537                    else if (name.equals(JournalFeed.class.getName())) {
538                            JournalFeedPermission.check(
539                                    permissionChecker, GetterUtil.getLong(primKey),
540                                    ActionKeys.PERMISSIONS);
541                    }
542                    else if (name.equals(JournalStructure.class.getName())) {
543                            JournalStructurePermission.check(
544                                    permissionChecker, GetterUtil.getLong(primKey),
545                                    ActionKeys.PERMISSIONS);
546                    }
547                    else if (name.equals(JournalTemplate.class.getName())) {
548                            JournalTemplatePermission.check(
549                                    permissionChecker, GetterUtil.getLong(primKey),
550                                    ActionKeys.PERMISSIONS);
551                    }
552                    else if (name.equals(Layout.class.getName())) {
553                            LayoutPermissionUtil.check(
554                                    permissionChecker, GetterUtil.getLong(primKey),
555                                    ActionKeys.PERMISSIONS);
556                    }
557                    else if (name.equals(MBCategory.class.getName())) {
558                            MBCategoryPermission.check(
559                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
560                                    ActionKeys.PERMISSIONS);
561                    }
562                    else if (name.equals(MBMessage.class.getName())) {
563                            MBMessagePermission.check(
564                                    permissionChecker, GetterUtil.getLong(primKey),
565                                    ActionKeys.PERMISSIONS);
566                    }
567                    else if (name.equals(PollsQuestion.class.getName())) {
568                            PollsQuestionPermission.check(
569                                    permissionChecker, GetterUtil.getLong(primKey),
570                                    ActionKeys.PERMISSIONS);
571                    }
572                    else if (name.equals(SCFrameworkVersion.class.getName())) {
573                            SCFrameworkVersionPermission.check(
574                                    permissionChecker, GetterUtil.getLong(primKey),
575                                    ActionKeys.PERMISSIONS);
576                    }
577                    else if (name.equals(SCProductEntry.class.getName())) {
578                            SCProductEntryPermission.check(
579                                    permissionChecker, GetterUtil.getLong(primKey),
580                                    ActionKeys.PERMISSIONS);
581                    }
582                    else if (name.equals(ShoppingCategory.class.getName())) {
583                            ShoppingCategoryPermission.check(
584                                    permissionChecker, groupId, GetterUtil.getLong(primKey),
585                                    ActionKeys.PERMISSIONS);
586                    }
587                    else if (name.equals(ShoppingItem.class.getName())) {
588                            ShoppingItemPermission.check(
589                                    permissionChecker, GetterUtil.getLong(primKey),
590                                    ActionKeys.PERMISSIONS);
591                    }
592                    else if (name.equals(Team.class.getName())) {
593                            long teamId = GetterUtil.getLong(primKey);
594    
595                            Team team = teamPersistence.findByPrimaryKey(teamId);
596    
597                            GroupPermissionUtil.check(
598                                    permissionChecker, team.getGroupId(), ActionKeys.MANAGE_TEAMS);
599                    }
600                    else if (name.equals(User.class.getName())) {
601                            long userId = GetterUtil.getLong(primKey);
602    
603                            User user = userPersistence.findByPrimaryKey(userId);
604    
605                            UserPermissionUtil.check(
606                                    permissionChecker, userId, user.getOrganizationIds(),
607                                    ActionKeys.PERMISSIONS);
608                    }
609                    else if (name.equals(WikiNode.class.getName())) {
610                            WikiNodePermission.check(
611                                    permissionChecker, GetterUtil.getLong(primKey),
612                                    ActionKeys.PERMISSIONS);
613                    }
614                    else if (name.equals(WikiPage.class.getName())) {
615                            WikiPagePermission.check(
616                                    permissionChecker, GetterUtil.getLong(primKey),
617                                    ActionKeys.PERMISSIONS);
618                    }
619                    else if ((primKey != null) &&
620                                     (primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR) != -1)) {
621    
622                            int pos = primKey.indexOf(PortletConstants.LAYOUT_SEPARATOR);
623    
624                            long plid = GetterUtil.getLong(primKey.substring(0, pos));
625    
626                            String portletId = primKey.substring(
627                                    pos + PortletConstants.LAYOUT_SEPARATOR.length(),
628                                    primKey.length());
629    
630                            PortletPermissionUtil.check(
631                                    permissionChecker, plid, portletId, ActionKeys.CONFIGURATION);
632                    }
633                    else if (!permissionChecker.hasPermission(
634                                            groupId, name, primKey, ActionKeys.PERMISSIONS)) {
635    
636                            List<String> resourceActions =
637                                    ResourceActionsUtil.getResourceActions(name);
638    
639                            if (!resourceActions.contains(ActionKeys.DEFINE_PERMISSIONS) ||
640                                    !permissionChecker.hasPermission(
641                                            groupId, name, primKey, ActionKeys.DEFINE_PERMISSIONS)) {
642    
643                                    throw new PrincipalException();
644                            }
645                    }
646            }
647    
648    }