001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.permission;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.model.Contact;
020    import com.liferay.portal.model.ResourceConstants;
021    import com.liferay.portal.model.User;
022    import com.liferay.portal.security.auth.PrincipalException;
023    import com.liferay.portal.security.permission.ActionKeys;
024    import com.liferay.portal.security.permission.PermissionChecker;
025    import com.liferay.portal.service.UserLocalServiceUtil;
026    import com.liferay.portal.util.PortalUtil;
027    import com.liferay.portal.util.PropsValues;
028    
029    /**
030     * @author Charles May
031     * @author Jorge Ferrer
032     */
033    public class UserPermissionImpl implements UserPermission {
034    
035            /**
036             * @deprecated Replaced by {@link #check(PermissionChecker, long, long[],
037             *             String)}
038             */
039            public void check(
040                            PermissionChecker permissionChecker, long userId,
041                            long organizationId, long locationId, String actionId)
042                    throws PrincipalException {
043    
044                    check(
045                            permissionChecker, userId, new long[] {organizationId, locationId},
046                            actionId);
047            }
048    
049            public void check(
050                            PermissionChecker permissionChecker, long userId,
051                            long[] organizationIds, String actionId)
052                    throws PrincipalException {
053    
054                    if (!contains(permissionChecker, userId, organizationIds, actionId)) {
055                            throw new PrincipalException();
056                    }
057            }
058    
059            public void check(
060                            PermissionChecker permissionChecker, long userId, String actionId)
061                    throws PrincipalException {
062    
063                    if (!contains(permissionChecker, userId, actionId)) {
064                            throw new PrincipalException();
065                    }
066            }
067    
068            /**
069             * @deprecated Replaced by {@link #contains(PermissionChecker, long, long[],
070             *             String)}
071             */
072            public boolean contains(
073                    PermissionChecker permissionChecker, long userId, long organizationId,
074                    long locationId, String actionId) {
075    
076                    return contains(
077                            permissionChecker, userId, new long[] {organizationId, locationId},
078                            actionId);
079            }
080    
081            public boolean contains(
082                    PermissionChecker permissionChecker, long userId,
083                    long[] organizationIds, String actionId) {
084    
085                    if (actionId.equals(ActionKeys.IMPERSONATE) &&
086                            PortalUtil.isOmniadmin(userId) &&
087                            !permissionChecker.isOmniadmin()) {
088    
089                            return false;
090                    }
091    
092                    try {
093                            User user = null;
094    
095                            if (userId != ResourceConstants.PRIMKEY_DNE) {
096                                    user = UserLocalServiceUtil.getUserById(userId);
097    
098                                    Contact contact = user.getContact();
099    
100                                    if (((PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 5 ||
101                                              PropsValues.PERMISSIONS_USER_CHECK_ALGORITHM == 6) &&
102                                             (permissionChecker.hasOwnerPermission(
103                                                    permissionChecker.getCompanyId(), User.class.getName(),
104                                                    userId, contact.getUserId(), actionId))) ||
105                                            (permissionChecker.getUserId() == userId)) {
106    
107                                            return true;
108                                    }
109                            }
110    
111                            if (permissionChecker.hasPermission(
112                                            0, User.class.getName(), userId, actionId)) {
113    
114                                    return true;
115                            }
116    
117                            if (user != null) {
118                                    if (organizationIds == null) {
119                                            organizationIds = user.getOrganizationIds();
120                                    }
121    
122                                    for (long organizationId : organizationIds) {
123                                            if (OrganizationPermissionUtil.contains(
124                                                            permissionChecker, organizationId,
125                                                            ActionKeys.MANAGE_USERS)) {
126    
127                                                    return true;
128                                            }
129                                    }
130                            }
131                    }
132                    catch (Exception e) {
133                            _log.error(e, e);
134                    }
135    
136                    return false;
137            }
138    
139            public boolean contains(
140                    PermissionChecker permissionChecker, long userId, String actionId) {
141    
142                    return contains(permissionChecker, userId, null, actionId);
143            }
144    
145            private static Log _log = LogFactoryUtil.getLog(UserPermissionImpl.class);
146    
147    }