public LinkedHashMap<String, Object> getGroupParams() throws PortalException {

    if (_groupParams != null) {
      return _groupParams;
    }

    long groupId = ParamUtil.getLong(_request, "groupId");
    boolean includeCurrentGroup = ParamUtil.getBoolean(_request, "includeCurrentGroup", true);

    String type = getType();

    ThemeDisplay themeDisplay = (ThemeDisplay) _request.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
    User user = themeDisplay.getUser();

    boolean filterManageableGroups = true;

    if (permissionChecker.isCompanyAdmin()) {
      filterManageableGroups = false;
    }

    _groupParams = new LinkedHashMap<>();

    _groupParams.put("active", Boolean.TRUE);

    if (isManualMembership()) {
      _groupParams.put("manualMembership", Boolean.TRUE);
    }

    if (type.equals("child-sites")) {
      Group parentGroup = GroupLocalServiceUtil.getGroup(groupId);

      List<Group> parentGroups = new ArrayList<>();

      parentGroups.add(parentGroup);

      _groupParams.put("groupsTree", parentGroups);
    } else if (filterManageableGroups) {
      _groupParams.put("usersGroups", user.getUserId());
    }

    _groupParams.put("site", Boolean.TRUE);

    if (!includeCurrentGroup && (groupId > 0)) {
      List<Long> excludedGroupIds = new ArrayList<>();

      Group group = GroupLocalServiceUtil.getGroup(groupId);

      if (group.isStagingGroup()) {
        excludedGroupIds.add(group.getLiveGroupId());
      } else {
        excludedGroupIds.add(groupId);
      }

      _groupParams.put("excludedGroupIds", excludedGroupIds);
    }

    return _groupParams;
  }
  /**
   * Returns a range of all the site groups for which the user has control panel access.
   *
   * @param portlets the portlets to manage
   * @param max the upper bound of the range of groups to consider (not inclusive)
   * @return the range of site groups for which the user has Control Panel access
   * @throws PortalException if a portal exception occurred
   */
  @Override
  public List<Group> getManageableSiteGroups(Collection<Portlet> portlets, int max)
      throws PortalException {

    PermissionChecker permissionChecker = getPermissionChecker();

    if (permissionChecker.isCompanyAdmin()) {
      LinkedHashMap<String, Object> params = new LinkedHashMap<>();

      params.put("site", Boolean.TRUE);

      return ListUtil.unique(
          groupLocalService.search(
              permissionChecker.getCompanyId(), null, null, null, params, true, 0, max));
    }

    Set<Group> groups = new LinkedHashSet<>();

    List<Group> userSitesGroups = getUserSitesGroups(null, max);

    Iterator<Group> itr = userSitesGroups.iterator();

    while (itr.hasNext()) {
      Group group = itr.next();

      if (group.isSite()
          && PortletPermissionUtil.hasControlPanelAccessPermission(
              permissionChecker, group.getGroupId(), portlets)) {

        groups.add(group);
      }
    }

    return new ArrayList<>(groups);
  }
  protected boolean isFilterManageableGroups(PortletRequest portletRequest) {
    ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    if (permissionChecker.isCompanyAdmin()) {
      return false;
    }

    if (GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) {
      return false;
    }

    return true;
  }
  @Override
  protected boolean isProcessPortletRequest(PortletRequest portletRequest) {
    ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    if (permissionChecker.isCompanyAdmin()) {
      return true;
    }

    Group group = themeDisplay.getScopeGroup();

    if (group.isSite() && permissionChecker.isGroupAdmin(themeDisplay.getScopeGroupId())) {

      return true;
    }

    return false;
  }
  protected LinkedHashMap<String, Object> getGroupParams(
      PortletRequest portletRequest, GroupSearchTerms searchTerms, long parentGroupId)
      throws PortalException {

    ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);

    LinkedHashMap<String, Object> groupParams = new LinkedHashMap<>();

    groupParams.put("site", Boolean.TRUE);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    User user = themeDisplay.getUser();

    if (searchTerms.hasSearchTerms()) {
      if (isFilterManageableGroups(portletRequest)) {
        groupParams.put("groupsTree", getAllGroups(portletRequest));
      } else if (parentGroupId > 0) {
        List<Group> groupsTree = new ArrayList<>();

        Group parentGroup = _groupLocalService.getGroup(parentGroupId);

        groupsTree.add(parentGroup);

        groupParams.put("groupsTree", groupsTree);
      }

      if (!permissionChecker.isCompanyAdmin()
          && !GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) {

        groupParams.put("usersGroups", Long.valueOf(user.getUserId()));
      }
    }

    return groupParams;
  }
  @Override
  public boolean contains(
      PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {

    try {
      User user = null;

      if (userId != ResourceConstants.PRIMKEY_DNE) {
        user = UserLocalServiceUtil.getUserById(userId);

        if ((actionId.equals(ActionKeys.DELETE)
                || actionId.equals(ActionKeys.IMPERSONATE)
                || actionId.equals(ActionKeys.PERMISSIONS)
                || actionId.equals(ActionKeys.UPDATE)
                || actionId.equals(ActionKeys.VIEW))
            && !permissionChecker.isOmniadmin()
            && (PortalUtil.isOmniadmin(user)
                || (!permissionChecker.isCompanyAdmin() && PortalUtil.isCompanyAdmin(user)))) {

          return false;
        }

        Contact contact = user.getContact();

        if (permissionChecker.hasOwnerPermission(
                permissionChecker.getCompanyId(),
                User.class.getName(),
                userId,
                contact.getUserId(),
                actionId)
            || (permissionChecker.getUserId() == userId)) {

          return true;
        }
      }

      if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {

        return true;
      }

      if (user == null) {
        return false;
      }

      if (organizationIds == null) {
        organizationIds = user.getOrganizationIds();
      }

      for (long organizationId : organizationIds) {
        Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);

        if (OrganizationPermissionUtil.contains(
            permissionChecker, organization, ActionKeys.MANAGE_USERS)) {

          if (permissionChecker.getUserId() == user.getUserId()) {
            return true;
          }

          Group organizationGroup = organization.getGroup();

          // Organization administrators can only manage normal users.
          // Owners can only manage normal users and administrators.

          if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
              user.getUserId(),
              organizationGroup.getGroupId(),
              RoleConstants.ORGANIZATION_OWNER,
              true)) {

            continue;
          } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  user.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_ADMINISTRATOR,
                  true)
              && !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  permissionChecker.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_OWNER,
                  true)) {

            continue;
          }

          return true;
        }
      }
    } catch (Exception e) {
      _log.error(e, e);
    }

    return false;
  }