protected boolean isViewableGroup(
PermissionChecker permissionChecker,
Layout layout,
String controlPanelCategory,
boolean checkResourcePermission)
throws PortalException, SystemException {
Group group = GroupLocalServiceUtil.getGroup(layout.getGroupId());
// Inactive sites are not viewable
if (!group.isActive()) {
return false;
} else if (group.isStagingGroup()) {
Group liveGroup = group.getLiveGroup();
if (!liveGroup.isActive()) {
return false;
}
}
// User private layouts are only viewable by the user and anyone who can
// update the user. The user must also be active.
if (group.isUser()) {
long groupUserId = group.getClassPK();
if (groupUserId == permissionChecker.getUserId()) {
return true;
}
User groupUser = UserLocalServiceUtil.getUserById(groupUserId);
if (!groupUser.isActive()) {
return false;
}
if (layout.isPrivateLayout()) {
if (GroupPermissionUtil.contains(
permissionChecker, groupUser.getGroupId(), ActionKeys.MANAGE_LAYOUTS)
|| UserPermissionUtil.contains(
permissionChecker,
groupUserId,
groupUser.getOrganizationIds(),
ActionKeys.UPDATE)) {
return true;
}
return false;
}
}
// If the current group is staging, only users with editorial rights
// can access it
if (group.isStagingGroup()) {
if (GroupPermissionUtil.contains(
permissionChecker, group.getGroupId(), ActionKeys.VIEW_STAGING)) {
return true;
}
return false;
}
// Control panel layouts are only viewable by authenticated users
if (group.isControlPanel()) {
if (!permissionChecker.isSignedIn()) {
return false;
}
if (PortalPermissionUtil.contains(permissionChecker, ActionKeys.VIEW_CONTROL_PANEL)) {
return true;
}
if (Validator.isNotNull(controlPanelCategory)) {
return true;
}
return false;
}
// Site layouts are only viewable by users who are members of the site
// or by users who can update the site
if (group.isSite()) {
if (GroupPermissionUtil.contains(
permissionChecker, group.getGroupId(), ActionKeys.MANAGE_LAYOUTS)
|| GroupPermissionUtil.contains(
permissionChecker, group.getGroupId(), ActionKeys.UPDATE)) {
return true;
}
if (layout.isPrivateLayout() && !permissionChecker.isGroupMember(group.getGroupId())) {
return false;
}
}
// Organization site layouts are also viewable by users who belong to
// the organization or by users who can update organization
if (group.isCompany()) {
return false;
} else if (group.isLayoutPrototype()) {
if (LayoutPrototypePermissionUtil.contains(
permissionChecker, group.getClassPK(), ActionKeys.VIEW)) {
return true;
}
return false;
} else if (group.isLayoutSetPrototype()) {
if (LayoutSetPrototypePermissionUtil.contains(
permissionChecker, group.getClassPK(), ActionKeys.VIEW)) {
return true;
}
return false;
} else if (group.isOrganization()) {
long organizationId = group.getOrganizationId();
if (OrganizationLocalServiceUtil.hasUserOrganization(
permissionChecker.getUserId(), organizationId, false, false)) {
return true;
} else if (OrganizationPermissionUtil.contains(
permissionChecker, organizationId, ActionKeys.UPDATE)) {
return true;
}
if (!PropsValues.ORGANIZATIONS_MEMBERSHIP_STRICT) {
List<Organization> userOrgs =
OrganizationLocalServiceUtil.getUserOrganizations(permissionChecker.getUserId());
for (Organization organization : userOrgs) {
for (Organization ancestorOrganization : organization.getAncestors()) {
if (organizationId == ancestorOrganization.getOrganizationId()) {
return true;
}
}
}
}
} else if (group.isUserGroup()) {
if (UserGroupPermissionUtil.contains(
permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) {
return true;
}
}
// Only check the actual Layout if all of the above failed
if (containsWithoutViewableGroup(
permissionChecker, layout, controlPanelCategory, ActionKeys.VIEW)) {
return true;
}
// As a last resort, check if any top level pages are viewable by the
// user
List<Layout> layouts =
LayoutLocalServiceUtil.getLayouts(
layout.getGroupId(),
layout.isPrivateLayout(),
LayoutConstants.DEFAULT_PARENT_LAYOUT_ID);
for (Layout curLayout : layouts) {
if (!curLayout.isHidden()
&& containsWithoutViewableGroup(
permissionChecker, curLayout, controlPanelCategory, ActionKeys.VIEW)) {
return true;
}
}
return false;
}
@Override
public boolean contains(
PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {
if ((actionId.equals(ActionKeys.DELETE)
|| actionId.equals(ActionKeys.IMPERSONATE)
|| actionId.equals(ActionKeys.PERMISSIONS)
|| actionId.equals(ActionKeys.UPDATE))
&& PortalUtil.isOmniadmin(userId)
&& !permissionChecker.isOmniadmin()) {
return false;
}
try {
User user = null;
if (userId != ResourceConstants.PRIMKEY_DNE) {
user = UserLocalServiceUtil.getUserById(userId);
Contact contact = user.getContact();
if (permissionChecker.hasOwnerPermission(
permissionChecker.getCompanyId(),
User.class.getName(),
userId,
contact.getUserId(),
actionId)
|| (permissionChecker.getUserId() == userId)) {
return true;
}
}
if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {
return true;
}
if (user == null) {
return false;
}
if (organizationIds == null) {
organizationIds = user.getOrganizationIds();
}
for (long organizationId : organizationIds) {
Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);
if (OrganizationPermissionUtil.contains(
permissionChecker, organization, ActionKeys.MANAGE_USERS)) {
if (permissionChecker.getUserId() == user.getUserId()) {
return true;
}
Group organizationGroup = organization.getGroup();
// Organization administrators can only manage normal users.
// Owners can only manage normal users and administrators.
if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_OWNER,
true)) {
continue;
} else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_ADMINISTRATOR,
true)
&& !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
permissionChecker.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_OWNER,
true)) {
continue;
}
return true;
}
}
} catch (Exception e) {
_log.error(e, e);
}
return false;
}
