예제 #1
0
  /**
   * Returns a range of all the site groups for which the user has control panel access.
   *
   * @param portlets the portlets to manage
   * @param max the upper bound of the range of groups to consider (not inclusive)
   * @return the range of site groups for which the user has Control Panel access
   * @throws PortalException if a portal exception occurred
   */
  @Override
  public List<Group> getManageableSiteGroups(Collection<Portlet> portlets, int max)
      throws PortalException {

    PermissionChecker permissionChecker = getPermissionChecker();

    if (permissionChecker.isCompanyAdmin()) {
      LinkedHashMap<String, Object> params = new LinkedHashMap<>();

      params.put("site", Boolean.TRUE);

      return ListUtil.unique(
          groupLocalService.search(
              permissionChecker.getCompanyId(), null, null, null, params, true, 0, max));
    }

    Set<Group> groups = new LinkedHashSet<>();

    List<Group> userSitesGroups = getUserSitesGroups(null, max);

    Iterator<Group> itr = userSitesGroups.iterator();

    while (itr.hasNext()) {
      Group group = itr.next();

      if (group.isSite()
          && PortletPermissionUtil.hasControlPanelAccessPermission(
              permissionChecker, group.getGroupId(), portlets)) {

        groups.add(group);
      }
    }

    return new ArrayList<>(groups);
  }
예제 #2
0
  public static boolean isViewableMessage(
      ThemeDisplay themeDisplay, MBMessage message, MBMessage parentMessage) throws Exception {

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    if (!MBMessagePermission.contains(permissionChecker, parentMessage, ActionKeys.VIEW)) {

      return false;
    }

    if ((message.getMessageId() != parentMessage.getMessageId())
        && !MBMessagePermission.contains(permissionChecker, message, ActionKeys.VIEW)) {

      return false;
    }

    if (!message.isApproved()
        && !Validator.equals(message.getUserId(), themeDisplay.getUserId())
        && !permissionChecker.isGroupAdmin(themeDisplay.getScopeGroupId())) {

      return false;
    }

    return true;
  }
예제 #3
0
  public LinkedHashMap<String, Object> getGroupParams() throws PortalException {

    if (_groupParams != null) {
      return _groupParams;
    }

    long groupId = ParamUtil.getLong(_request, "groupId");
    boolean includeCurrentGroup = ParamUtil.getBoolean(_request, "includeCurrentGroup", true);

    String type = getType();

    ThemeDisplay themeDisplay = (ThemeDisplay) _request.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
    User user = themeDisplay.getUser();

    boolean filterManageableGroups = true;

    if (permissionChecker.isCompanyAdmin()) {
      filterManageableGroups = false;
    }

    _groupParams = new LinkedHashMap<>();

    _groupParams.put("active", Boolean.TRUE);

    if (isManualMembership()) {
      _groupParams.put("manualMembership", Boolean.TRUE);
    }

    if (type.equals("child-sites")) {
      Group parentGroup = GroupLocalServiceUtil.getGroup(groupId);

      List<Group> parentGroups = new ArrayList<>();

      parentGroups.add(parentGroup);

      _groupParams.put("groupsTree", parentGroups);
    } else if (filterManageableGroups) {
      _groupParams.put("usersGroups", user.getUserId());
    }

    _groupParams.put("site", Boolean.TRUE);

    if (!includeCurrentGroup && (groupId > 0)) {
      List<Long> excludedGroupIds = new ArrayList<>();

      Group group = GroupLocalServiceUtil.getGroup(groupId);

      if (group.isStagingGroup()) {
        excludedGroupIds.add(group.getLiveGroupId());
      } else {
        excludedGroupIds.add(groupId);
      }

      _groupParams.put("excludedGroupIds", excludedGroupIds);
    }

    return _groupParams;
  }
예제 #4
0
  @Test(expected = PrincipalException.MustHavePermission.class)
  public void testCreateRepositoryFromExistingFolderWithoutPermissions() throws Exception {

    DLFolder dlFolder = DLTestUtil.addDLFolder(_group.getGroupId());

    PermissionChecker originalPermissionChecker = PermissionThreadLocal.getPermissionChecker();

    try {
      PermissionChecker permissionChecker =
          new SimplePermissionChecker() {

            @Override
            public boolean hasOwnerPermission(
                long companyId, String name, String primKey, long ownerId, String actionId) {

              return false;
            }

            @Override
            public boolean hasPermission(
                long groupId, String name, String primKey, String actionId) {

              return false;
            }
          };

      permissionChecker.init(originalPermissionChecker.getUser());

      PermissionThreadLocal.setPermissionChecker(permissionChecker);

      RepositoryProviderUtil.getFolderRepository(dlFolder.getFolderId());
    } finally {
      PermissionThreadLocal.setPermissionChecker(originalPermissionChecker);
    }
  }
예제 #5
0
  @Override
  public boolean isCheckLayoutViewPermission() {
    PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();

    if (!permissionChecker.isSignedIn()) {
      return true;
    }

    return false;
  }
예제 #6
0
  /**
   * Checks that the current user is permitted to use the group for Remote Staging.
   *
   * @param groupId the primary key of the group
   * @throws PortalException if a portal exception occurred
   */
  @Override
  public void checkRemoteStagingGroup(long groupId) throws PortalException {
    Group group = getGroup(groupId);

    PermissionChecker permissionChecker = getPermissionChecker();

    if (group.getCompanyId() != permissionChecker.getCompanyId()) {
      throw new NoSuchGroupException(
          "Group " + groupId + " does not belong in company " + permissionChecker.getCompanyId());
    }
  }
예제 #7
0
  @Override
  protected boolean hasPermissionImplicitlyGranted(
      PermissionChecker permissionChecker, Group group, Portlet portlet) throws Exception {

    if (WorkflowInstanceManagerUtil.getWorkflowInstanceCount(
            permissionChecker.getCompanyId(), permissionChecker.getUserId(), null, null, null)
        > 0) {

      return true;
    }

    return super.hasPermissionImplicitlyGranted(permissionChecker, group, portlet);
  }
예제 #8
0
  protected boolean isFilterManageableGroups(PortletRequest portletRequest) {
    ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    if (permissionChecker.isCompanyAdmin()) {
      return false;
    }

    if (GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) {
      return false;
    }

    return true;
  }
예제 #9
0
  @Override
  protected boolean isProcessPortletRequest(PortletRequest portletRequest) {
    ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    if (permissionChecker.isCompanyAdmin()) {
      return true;
    }

    Group group = themeDisplay.getScopeGroup();

    if (group.isSite() && permissionChecker.isGroupAdmin(themeDisplay.getScopeGroupId())) {

      return true;
    }

    return false;
  }
예제 #10
0
  public static boolean contains(
      PermissionChecker permissionChecker, DDMTemplate template, String actionId)
      throws PortalException {

    String templateModelResourceName =
        getTemplateModelResourceName(template.getResourceClassNameId());

    if (permissionChecker.hasOwnerPermission(
        template.getCompanyId(),
        templateModelResourceName,
        template.getTemplateId(),
        template.getUserId(),
        actionId)) {

      return true;
    }

    return permissionChecker.hasPermission(
        template.getGroupId(), templateModelResourceName,
        template.getTemplateId(), actionId);
  }
예제 #11
0
  protected String getRoleOwnerIdsSQL(long groupId, long userId) {
    StringBundler sb = new StringBundler(8);

    PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();

    long[] roleIds = permissionChecker.getRoleIds(userId, groupId);

    sb.append(StringPool.OPEN_PARENTHESIS);

    if (roleIds.length != 0) {
      sb.append("roleId IN (");
      sb.append(StringUtil.merge(roleIds));
      sb.append(StringPool.CLOSE_PARENTHESIS);
      sb.append(WHERE_OR);
    }

    sb.append("ownerId = ");
    sb.append(userId);
    sb.append(StringPool.CLOSE_PARENTHESIS);

    return sb.toString();
  }
예제 #12
0
  public int getStatus() {
    if (_status != null) {
      return _status;
    }

    ThemeDisplay themeDisplay = (ThemeDisplay) _request.getAttribute(WebKeys.THEME_DISPLAY);

    int defaultStatus = WorkflowConstants.STATUS_APPROVED;

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    if (permissionChecker.isContentReviewer(
            themeDisplay.getCompanyId(), themeDisplay.getScopeGroupId())
        || isNavigationMine()) {

      defaultStatus = WorkflowConstants.STATUS_ANY;
    }

    _status = ParamUtil.getInteger(_request, "status", defaultStatus);

    return _status;
  }
예제 #13
0
  public static boolean containsAddTemplatePermission(
      PermissionChecker permissionChecker, long groupId, long classNameId, long resourceClassNameId)
      throws PortalException {

    ServiceWrapper<DDMTemplatePermissionSupport> templatePermissionSupportServiceWrapper =
        _ddmPermissionSupportTracker.getDDMTemplatePermissionSupportServiceWrapper(
            resourceClassNameId);

    return permissionChecker.hasPermission(
        groupId,
        getResourceName(templatePermissionSupportServiceWrapper, classNameId),
        groupId,
        getAddTemplateActionId(templatePermissionSupportServiceWrapper));
  }
예제 #14
0
  protected LinkedHashMap<String, Object> getGroupParams(
      PortletRequest portletRequest, GroupSearchTerms searchTerms, long parentGroupId)
      throws PortalException {

    ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);

    LinkedHashMap<String, Object> groupParams = new LinkedHashMap<>();

    groupParams.put("site", Boolean.TRUE);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    User user = themeDisplay.getUser();

    if (searchTerms.hasSearchTerms()) {
      if (isFilterManageableGroups(portletRequest)) {
        groupParams.put("groupsTree", getAllGroups(portletRequest));
      } else if (parentGroupId > 0) {
        List<Group> groupsTree = new ArrayList<>();

        Group parentGroup = _groupLocalService.getGroup(parentGroupId);

        groupsTree.add(parentGroup);

        groupParams.put("groupsTree", groupsTree);
      }

      if (!permissionChecker.isCompanyAdmin()
          && !GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) {

        groupParams.put("usersGroups", Long.valueOf(user.getUserId()));
      }
    }

    return groupParams;
  }
예제 #15
0
  @Override
  public boolean hasAddPermission(
      PermissionChecker permissionChecker, long groupId, long classTypeId) throws Exception {

    ServiceContext serviceContext = new ServiceContext();

    serviceContext.setCompanyId(permissionChecker.getCompanyId());

    CalendarResource calendarResource =
        CalendarResourceUtil.getScopeGroupCalendarResource(groupId, serviceContext);

    if (calendarResource == null) {
      return false;
    }

    Calendar calendar = calendarResource.getDefaultCalendar();

    return CalendarPermission.contains(
        permissionChecker, calendar.getCalendarId(), CalendarActionKeys.MANAGE_BOOKINGS);
  }
예제 #16
0
  public static boolean contains(
      PermissionChecker permissionChecker,
      MDRRuleGroupInstance ruleGroupInstance,
      String actionId) {

    Boolean hasPermission =
        StagingPermissionUtil.hasPermission(
            permissionChecker,
            ruleGroupInstance.getGroupId(),
            MDRRuleGroupInstance.class.getName(),
            ruleGroupInstance.getRuleGroupInstanceId(),
            MDRPortletKeys.MOBILE_DEVICE_RULES,
            actionId);

    if (hasPermission != null) {
      return hasPermission.booleanValue();
    }

    return permissionChecker.hasPermission(
        ruleGroupInstance.getGroupId(),
        MDRRuleGroupInstance.class.getName(),
        ruleGroupInstance.getRuleGroupInstanceId(),
        actionId);
  }
예제 #17
0
  @Override
  public boolean contains(PermissionChecker permissionChecker, String actionId) {

    return permissionChecker.hasPermission(0, PortletKeys.PORTAL, PortletKeys.PORTAL, actionId);
  }
예제 #18
0
  @Override
  public boolean contains(
      PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {

    try {
      User user = null;

      if (userId != ResourceConstants.PRIMKEY_DNE) {
        user = UserLocalServiceUtil.getUserById(userId);

        if ((actionId.equals(ActionKeys.DELETE)
                || actionId.equals(ActionKeys.IMPERSONATE)
                || actionId.equals(ActionKeys.PERMISSIONS)
                || actionId.equals(ActionKeys.UPDATE)
                || actionId.equals(ActionKeys.VIEW))
            && !permissionChecker.isOmniadmin()
            && (PortalUtil.isOmniadmin(user)
                || (!permissionChecker.isCompanyAdmin() && PortalUtil.isCompanyAdmin(user)))) {

          return false;
        }

        Contact contact = user.getContact();

        if (permissionChecker.hasOwnerPermission(
                permissionChecker.getCompanyId(),
                User.class.getName(),
                userId,
                contact.getUserId(),
                actionId)
            || (permissionChecker.getUserId() == userId)) {

          return true;
        }
      }

      if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {

        return true;
      }

      if (user == null) {
        return false;
      }

      if (organizationIds == null) {
        organizationIds = user.getOrganizationIds();
      }

      for (long organizationId : organizationIds) {
        Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);

        if (OrganizationPermissionUtil.contains(
            permissionChecker, organization, ActionKeys.MANAGE_USERS)) {

          if (permissionChecker.getUserId() == user.getUserId()) {
            return true;
          }

          Group organizationGroup = organization.getGroup();

          // Organization administrators can only manage normal users.
          // Owners can only manage normal users and administrators.

          if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
              user.getUserId(),
              organizationGroup.getGroupId(),
              RoleConstants.ORGANIZATION_OWNER,
              true)) {

            continue;
          } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  user.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_ADMINISTRATOR,
                  true)
              && !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  permissionChecker.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_OWNER,
                  true)) {

            continue;
          }

          return true;
        }
      }
    } catch (Exception e) {
      _log.error(e, e);
    }

    return false;
  }
예제 #19
0
  @Override
  public boolean contains(
      PermissionChecker permissionChecker, long groupId, long roleId, String actionId) {

    return permissionChecker.hasPermission(groupId, Role.class.getName(), roleId, actionId);
  }