protected boolean isViewableGroup( PermissionChecker permissionChecker, Layout layout, String controlPanelCategory, boolean checkResourcePermission) throws PortalException, SystemException { Group group = GroupLocalServiceUtil.getGroup(layout.getGroupId()); // Inactive sites are not viewable if (!group.isActive()) { return false; } else if (group.isStagingGroup()) { Group liveGroup = group.getLiveGroup(); if (!liveGroup.isActive()) { return false; } } // User private layouts are only viewable by the user and anyone who can // update the user. The user must also be active. if (group.isUser()) { long groupUserId = group.getClassPK(); if (groupUserId == permissionChecker.getUserId()) { return true; } User groupUser = UserLocalServiceUtil.getUserById(groupUserId); if (!groupUser.isActive()) { return false; } if (layout.isPrivateLayout()) { if (GroupPermissionUtil.contains( permissionChecker, groupUser.getGroupId(), ActionKeys.MANAGE_LAYOUTS) || UserPermissionUtil.contains( permissionChecker, groupUserId, groupUser.getOrganizationIds(), ActionKeys.UPDATE)) { return true; } return false; } } // If the current group is staging, only users with editorial rights // can access it if (group.isStagingGroup()) { if (GroupPermissionUtil.contains( permissionChecker, group.getGroupId(), ActionKeys.VIEW_STAGING)) { return true; } return false; } // Control panel layouts are only viewable by authenticated users if (group.isControlPanel()) { if (!permissionChecker.isSignedIn()) { return false; } if (PortalPermissionUtil.contains(permissionChecker, ActionKeys.VIEW_CONTROL_PANEL)) { return true; } if (Validator.isNotNull(controlPanelCategory)) { return true; } return false; } // Site layouts are only viewable by users who are members of the site // or by users who can update the site if (group.isSite()) { if (GroupPermissionUtil.contains( permissionChecker, group.getGroupId(), ActionKeys.MANAGE_LAYOUTS) || GroupPermissionUtil.contains( permissionChecker, group.getGroupId(), ActionKeys.UPDATE)) { return true; } if (layout.isPrivateLayout() && !permissionChecker.isGroupMember(group.getGroupId())) { return false; } } // Organization site layouts are also viewable by users who belong to // the organization or by users who can update organization if (group.isCompany()) { return false; } else if (group.isLayoutPrototype()) { if (LayoutPrototypePermissionUtil.contains( permissionChecker, group.getClassPK(), ActionKeys.VIEW)) { return true; } return false; } else if (group.isLayoutSetPrototype()) { if (LayoutSetPrototypePermissionUtil.contains( permissionChecker, group.getClassPK(), ActionKeys.VIEW)) { return true; } return false; } else if (group.isOrganization()) { long organizationId = group.getOrganizationId(); if (OrganizationLocalServiceUtil.hasUserOrganization( permissionChecker.getUserId(), organizationId, false, false)) { return true; } else if (OrganizationPermissionUtil.contains( permissionChecker, organizationId, ActionKeys.UPDATE)) { return true; } if (!PropsValues.ORGANIZATIONS_MEMBERSHIP_STRICT) { List<Organization> userOrgs = OrganizationLocalServiceUtil.getUserOrganizations(permissionChecker.getUserId()); for (Organization organization : userOrgs) { for (Organization ancestorOrganization : organization.getAncestors()) { if (organizationId == ancestorOrganization.getOrganizationId()) { return true; } } } } } else if (group.isUserGroup()) { if (UserGroupPermissionUtil.contains( permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) { return true; } } // Only check the actual Layout if all of the above failed if (containsWithoutViewableGroup( permissionChecker, layout, controlPanelCategory, ActionKeys.VIEW)) { return true; } // As a last resort, check if any top level pages are viewable by the // user List<Layout> layouts = LayoutLocalServiceUtil.getLayouts( layout.getGroupId(), layout.isPrivateLayout(), LayoutConstants.DEFAULT_PARENT_LAYOUT_ID); for (Layout curLayout : layouts) { if (!curLayout.isHidden() && containsWithoutViewableGroup( permissionChecker, curLayout, controlPanelCategory, ActionKeys.VIEW)) { return true; } } return false; }
@Override public boolean contains(PermissionChecker permissionChecker, Group group, String actionId) throws PortalException, SystemException { long groupId = group.getGroupId(); if (group.isStagingGroup()) { group = group.getLiveGroup(); } if (group.isUser()) { // An individual user would never reach this block because he would // be an administrator of his own layouts. However, a user who // manages a set of organizations may be modifying pages of a user // he manages. User user = UserLocalServiceUtil.getUserById(group.getClassPK()); if ((permissionChecker.getUserId() != user.getUserId()) && UserPermissionUtil.contains( permissionChecker, user.getUserId(), user.getOrganizationIds(), ActionKeys.UPDATE)) { return true; } } if (actionId.equals(ActionKeys.ADD_COMMUNITY) && permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.MANAGE_SUBGROUPS) || PortalPermissionUtil.contains(permissionChecker, ActionKeys.ADD_COMMUNITY)) { return true; } else if (actionId.equals(ActionKeys.ADD_LAYOUT) && !group.isLayoutPrototype() && permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.MANAGE_LAYOUTS)) { return true; } else if ((actionId.equals(ActionKeys.EXPORT_IMPORT_LAYOUTS) || actionId.equals(ActionKeys.EXPORT_IMPORT_PORTLET_INFO)) && permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.PUBLISH_STAGING)) { return true; } else if (actionId.equals(ActionKeys.VIEW) && (permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.ASSIGN_USER_ROLES) || permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.MANAGE_LAYOUTS))) { return true; } else if (actionId.equals(ActionKeys.VIEW_STAGING) && (permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.MANAGE_LAYOUTS) || permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.MANAGE_STAGING) || permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.PUBLISH_STAGING) || permissionChecker.hasPermission( groupId, Group.class.getName(), groupId, ActionKeys.UPDATE))) { return true; } // Group id must be set so that users can modify their personal pages if (permissionChecker.hasPermission(groupId, Group.class.getName(), groupId, actionId)) { return true; } while (!group.isRoot()) { if (contains(permissionChecker, group.getParentGroupId(), ActionKeys.MANAGE_SUBGROUPS)) { return true; } group = group.getParentGroup(); } return false; }