@Override
public boolean isChecked(Object obj) {
User user = (User) obj;
try {
return UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(), _organization.getGroupId(), _role.getRoleId());
} catch (Exception e) {
_log.error(e, e);
return false;
}
}
protected void addSearchByUserRolesCriterion(
Criteria criteria, Boolean searchByUserRoles, ServiceContext serviceContext)
throws SystemException {
if (searchByUserRoles == null) {
return;
}
Criteria assigneesCriteria = criteria.createCriteria("assignees");
if (!searchByUserRoles) {
assigneesCriteria.add(Restrictions.eq("assigneeClassName", User.class.getName()));
assigneesCriteria.add(Restrictions.eq("assigneeClassPK", serviceContext.getUserId()));
return;
}
List<Long> roleIds = RoleRetrievalUtil.getRoleIds(serviceContext);
List<UserGroupRole> userGroupRoles =
UserGroupRoleLocalServiceUtil.getUserGroupRoles(serviceContext.getUserId());
if (userGroupRoles.isEmpty()) {
assigneesCriteria.add(Restrictions.eq("assigneeClassName", Role.class.getName()));
assigneesCriteria.add(
Restrictions.in("assigneeClassPK", roleIds.toArray(new Long[roleIds.size()])));
} else {
Junction junction = Restrictions.disjunction();
junction.add(
Restrictions.and(
Restrictions.eq("assigneeClassName", Role.class.getName()),
Restrictions.in("assigneeClassPK", roleIds.toArray(new Long[roleIds.size()]))));
for (UserGroupRole userGroupRole : userGroupRoles) {
junction.add(
Restrictions.and(
Restrictions.eq("groupId", userGroupRole.getGroupId()),
Restrictions.and(
Restrictions.eq("assigneeClassName", Role.class.getName()),
Restrictions.eq("assigneeClassPK", userGroupRole.getRoleId()))));
}
assigneesCriteria.add(junction);
}
}
@Override
protected boolean hasPermissionImplicitlyGranted(
PermissionChecker permissionChecker, Group group, Portlet portlet) throws Exception {
List<UserGroupRole> userGroupRoles =
UserGroupRoleLocalServiceUtil.getUserGroupRoles(permissionChecker.getUserId());
for (UserGroupRole userGroupRole : userGroupRoles) {
Role role = userGroupRole.getRole();
String roleName = role.getName();
if (roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR)
|| roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {
return true;
}
}
List<Organization> organizations =
OrganizationLocalServiceUtil.getUserOrganizations(permissionChecker.getUserId());
for (Organization organization : organizations) {
if (OrganizationPermissionUtil.contains(
permissionChecker, organization, ActionKeys.MANAGE_USERS)) {
return true;
}
if (OrganizationPermissionUtil.contains(
permissionChecker, organization, ActionKeys.MANAGE_SUBORGANIZATIONS)) {
return true;
}
/*if (OrganizationPermissionUtil.contains(
permissionChecker, organization.getOrganizationId(),
ActionKeys.VIEW)) {
return true;
}*/
}
return false;
}
private static boolean _isEntityRank(
long companyId, MBStatsUser statsUser, String entityType, String entityValue)
throws Exception {
long groupId = statsUser.getGroupId();
long userId = statsUser.getUserId();
if (entityType.equals("organization-role") || entityType.equals("site-role")) {
Role role = RoleLocalServiceUtil.getRole(companyId, entityValue);
if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(userId, groupId, role.getRoleId(), true)) {
return true;
}
} else if (entityType.equals("organization")) {
Organization organization =
OrganizationLocalServiceUtil.getOrganization(companyId, entityValue);
if (OrganizationLocalServiceUtil.hasUserOrganization(
userId, organization.getOrganizationId(), false, false)) {
return true;
}
} else if (entityType.equals("regular-role")) {
if (RoleLocalServiceUtil.hasUserRole(userId, companyId, entityValue, true)) {
return true;
}
} else if (entityType.equals("user-group")) {
UserGroup userGroup = UserGroupLocalServiceUtil.getUserGroup(companyId, entityValue);
if (UserLocalServiceUtil.hasUserGroupUser(userGroup.getUserGroupId(), userId)) {
return true;
}
}
return false;
}
@Override
public long[] getPooledActorsIds(long companyId, long workflowTaskInstanceId)
throws WorkflowException {
try {
KaleoTaskInstanceToken kaleoTaskInstanceToken =
KaleoTaskInstanceTokenLocalServiceUtil.getKaleoTaskInstanceToken(workflowTaskInstanceId);
List<KaleoTaskAssignment> calculatedKaleoTaskAssignments =
getCalculatedKaleoTaskAssignments(kaleoTaskInstanceToken);
Map<String, Long> pooledActors = new TreeMap<>(new NaturalOrderStringComparator());
for (KaleoTaskAssignment calculatedKaleoTaskAssignment : calculatedKaleoTaskAssignments) {
String assigneeClassName = calculatedKaleoTaskAssignment.getAssigneeClassName();
long assigneeClassPK = calculatedKaleoTaskAssignment.getAssigneeClassPK();
if (assigneeClassName.equals(User.class.getName())) {
User user = UserLocalServiceUtil.fetchUser(assigneeClassPK);
if (user != null) {
pooledActors.put(user.getFullName(), user.getUserId());
}
continue;
}
Role role =
RoleLocalServiceUtil.getRole(calculatedKaleoTaskAssignment.getAssigneeClassPK());
if ((role.getType() == RoleConstants.TYPE_SITE)
|| (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {
List<UserGroupRole> userGroupRoles =
UserGroupRoleLocalServiceUtil.getUserGroupRolesByGroupAndRole(
kaleoTaskInstanceToken.getGroupId(), assigneeClassPK);
for (UserGroupRole userGroupRole : userGroupRoles) {
User user = userGroupRole.getUser();
pooledActors.put(user.getFullName(), user.getUserId());
}
List<UserGroupGroupRole> userGroupGroupRoles =
UserGroupGroupRoleLocalServiceUtil.getUserGroupGroupRolesByGroupAndRole(
kaleoTaskInstanceToken.getGroupId(), assigneeClassPK);
for (UserGroupGroupRole userGroupGroupRole : userGroupGroupRoles) {
List<User> userGroupUsers =
UserLocalServiceUtil.getUserGroupUsers(userGroupGroupRole.getUserGroupId());
for (User user : userGroupUsers) {
pooledActors.put(user.getFullName(), user.getUserId());
}
}
} else {
List<User> inheritedRoleUsers =
UserLocalServiceUtil.getInheritedRoleUsers(
assigneeClassPK, QueryUtil.ALL_POS, QueryUtil.ALL_POS, null);
for (User user : inheritedRoleUsers) {
pooledActors.put(user.getFullName(), user.getUserId());
}
}
}
return ArrayUtil.toLongArray(pooledActors.values());
} catch (Exception e) {
throw new WorkflowException(e);
}
}
protected Query doGetPermissionQuery(
long companyId,
long[] groupIds,
long userId,
String className,
Query query,
SearchContext searchContext)
throws Exception {
Indexer indexer = IndexerRegistryUtil.getIndexer(className);
if (!indexer.isPermissionAware()) {
return query;
}
PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();
AdvancedPermissionChecker advancedPermissionChecker = null;
if ((permissionChecker != null) && (permissionChecker instanceof AdvancedPermissionChecker)) {
advancedPermissionChecker = (AdvancedPermissionChecker) permissionChecker;
}
if (advancedPermissionChecker == null) {
return query;
}
PermissionCheckerBag permissionCheckerBag =
getPermissionCheckerBag(advancedPermissionChecker, userId);
if (permissionCheckerBag == null) {
return query;
}
List<Group> groups = new UniqueList<Group>();
List<Role> roles = new UniqueList<Role>();
List<UserGroupRole> userGroupRoles = new UniqueList<UserGroupRole>();
Map<Long, List<Role>> groupIdsToRoles = new HashMap<Long, List<Role>>();
roles.addAll(permissionCheckerBag.getRoles());
if (ArrayUtil.isEmpty(groupIds)) {
groups.addAll(GroupLocalServiceUtil.getUserGroups(userId, true));
groups.addAll(permissionCheckerBag.getGroups());
userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId);
} else {
groups.addAll(permissionCheckerBag.getGroups());
for (long groupId : groupIds) {
if (GroupLocalServiceUtil.hasUserGroup(userId, groupId)) {
Group group = GroupLocalServiceUtil.getGroup(groupId);
groups.add(group);
}
userGroupRoles.addAll(UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
userGroupRoles.addAll(
UserGroupRoleLocalServiceUtil.getUserGroupRolesByUserUserGroupAndGroup(
userId, groupId));
}
}
if (advancedPermissionChecker.isSignedIn()) {
roles.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST));
}
for (Group group : groups) {
PermissionCheckerBag userBag =
advancedPermissionChecker.getUserBag(userId, group.getGroupId());
List<Role> groupRoles = userBag.getRoles();
groupIdsToRoles.put(group.getGroupId(), groupRoles);
roles.addAll(groupRoles);
}
return doGetPermissionQuery_6(
companyId,
groupIds,
userId,
className,
query,
searchContext,
advancedPermissionChecker,
groups,
roles,
userGroupRoles,
groupIdsToRoles);
}
public static void getRole(HttpServletRequest request) throws Exception {
ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);
PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
long roleId = ParamUtil.getLong(request, "roleId");
Role role = null;
Group group = (Group) request.getAttribute(WebKeys.GROUP);
if ((group != null) && group.isOrganization()) {
long organizationId = group.getOrganizationId();
while (organizationId != OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {
Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);
long organizationGroupId = organization.getGroupId();
if (GroupPermissionUtil.contains(
permissionChecker, organizationGroupId, ActionKeys.ASSIGN_USER_ROLES)
|| OrganizationPermissionUtil.contains(
permissionChecker, organizationId, ActionKeys.ASSIGN_USER_ROLES)
|| UserGroupRoleLocalServiceUtil.hasUserGroupRole(
themeDisplay.getUserId(),
organizationGroupId,
RoleConstants.ORGANIZATION_ADMINISTRATOR,
true)
|| UserGroupRoleLocalServiceUtil.hasUserGroupRole(
themeDisplay.getUserId(),
organizationGroupId,
RoleConstants.ORGANIZATION_OWNER,
true)) {
if (roleId > 0) {
role = RoleLocalServiceUtil.getRole(roleId);
}
break;
}
organizationId = organization.getParentOrganizationId();
}
if ((roleId > 0) && (role == null)) {
role = RoleServiceUtil.getRole(roleId);
}
} else if ((group != null) && group.isRegularSite()) {
if (GroupPermissionUtil.contains(permissionChecker, group, ActionKeys.ASSIGN_USER_ROLES)
|| UserGroupRoleLocalServiceUtil.hasUserGroupRole(
themeDisplay.getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR, true)
|| UserGroupRoleLocalServiceUtil.hasUserGroupRole(
themeDisplay.getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER, true)) {
if (roleId > 0) {
role = RoleLocalServiceUtil.getRole(roleId);
}
} else {
if (roleId > 0) {
role = RoleServiceUtil.getRole(roleId);
}
}
} else {
if (roleId > 0) {
role = RoleServiceUtil.getRole(roleId);
}
}
request.setAttribute(WebKeys.ROLE, role);
}
@Override
public boolean contains(
PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {
if ((actionId.equals(ActionKeys.DELETE)
|| actionId.equals(ActionKeys.IMPERSONATE)
|| actionId.equals(ActionKeys.PERMISSIONS)
|| actionId.equals(ActionKeys.UPDATE))
&& PortalUtil.isOmniadmin(userId)
&& !permissionChecker.isOmniadmin()) {
return false;
}
try {
User user = null;
if (userId != ResourceConstants.PRIMKEY_DNE) {
user = UserLocalServiceUtil.getUserById(userId);
Contact contact = user.getContact();
if (permissionChecker.hasOwnerPermission(
permissionChecker.getCompanyId(),
User.class.getName(),
userId,
contact.getUserId(),
actionId)
|| (permissionChecker.getUserId() == userId)) {
return true;
}
}
if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {
return true;
}
if (user == null) {
return false;
}
if (organizationIds == null) {
organizationIds = user.getOrganizationIds();
}
for (long organizationId : organizationIds) {
Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);
if (OrganizationPermissionUtil.contains(
permissionChecker, organization, ActionKeys.MANAGE_USERS)) {
if (permissionChecker.getUserId() == user.getUserId()) {
return true;
}
Group organizationGroup = organization.getGroup();
// Organization administrators can only manage normal users.
// Owners can only manage normal users and administrators.
if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_OWNER,
true)) {
continue;
} else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_ADMINISTRATOR,
true)
&& !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
permissionChecker.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_OWNER,
true)) {
continue;
}
return true;
}
}
} catch (Exception e) {
_log.error(e, e);
}
return false;
}
