/** * Checks that the current user is permitted to use the group for Remote Staging. * * @param groupId the primary key of the group * @throws PortalException if a portal exception occurred */ @Override public void checkRemoteStagingGroup(long groupId) throws PortalException { Group group = getGroup(groupId); PermissionChecker permissionChecker = getPermissionChecker(); if (group.getCompanyId() != permissionChecker.getCompanyId()) { throw new NoSuchGroupException( "Group " + groupId + " does not belong in company " + permissionChecker.getCompanyId()); } }
/** * Returns a range of all the site groups for which the user has control panel access. * * @param portlets the portlets to manage * @param max the upper bound of the range of groups to consider (not inclusive) * @return the range of site groups for which the user has Control Panel access * @throws PortalException if a portal exception occurred */ @Override public List<Group> getManageableSiteGroups(Collection<Portlet> portlets, int max) throws PortalException { PermissionChecker permissionChecker = getPermissionChecker(); if (permissionChecker.isCompanyAdmin()) { LinkedHashMap<String, Object> params = new LinkedHashMap<>(); params.put("site", Boolean.TRUE); return ListUtil.unique( groupLocalService.search( permissionChecker.getCompanyId(), null, null, null, params, true, 0, max)); } Set<Group> groups = new LinkedHashSet<>(); List<Group> userSitesGroups = getUserSitesGroups(null, max); Iterator<Group> itr = userSitesGroups.iterator(); while (itr.hasNext()) { Group group = itr.next(); if (group.isSite() && PortletPermissionUtil.hasControlPanelAccessPermission( permissionChecker, group.getGroupId(), portlets)) { groups.add(group); } } return new ArrayList<>(groups); }
@Override protected boolean hasPermissionImplicitlyGranted( PermissionChecker permissionChecker, Group group, Portlet portlet) throws Exception { if (WorkflowInstanceManagerUtil.getWorkflowInstanceCount( permissionChecker.getCompanyId(), permissionChecker.getUserId(), null, null, null) > 0) { return true; } return super.hasPermissionImplicitlyGranted(permissionChecker, group, portlet); }
@Override public boolean hasAddPermission( PermissionChecker permissionChecker, long groupId, long classTypeId) throws Exception { ServiceContext serviceContext = new ServiceContext(); serviceContext.setCompanyId(permissionChecker.getCompanyId()); CalendarResource calendarResource = CalendarResourceUtil.getScopeGroupCalendarResource(groupId, serviceContext); if (calendarResource == null) { return false; } Calendar calendar = calendarResource.getDefaultCalendar(); return CalendarPermission.contains( permissionChecker, calendar.getCalendarId(), CalendarActionKeys.MANAGE_BOOKINGS); }
@Override public boolean contains( PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) { try { User user = null; if (userId != ResourceConstants.PRIMKEY_DNE) { user = UserLocalServiceUtil.getUserById(userId); if ((actionId.equals(ActionKeys.DELETE) || actionId.equals(ActionKeys.IMPERSONATE) || actionId.equals(ActionKeys.PERMISSIONS) || actionId.equals(ActionKeys.UPDATE) || actionId.equals(ActionKeys.VIEW)) && !permissionChecker.isOmniadmin() && (PortalUtil.isOmniadmin(user) || (!permissionChecker.isCompanyAdmin() && PortalUtil.isCompanyAdmin(user)))) { return false; } Contact contact = user.getContact(); if (permissionChecker.hasOwnerPermission( permissionChecker.getCompanyId(), User.class.getName(), userId, contact.getUserId(), actionId) || (permissionChecker.getUserId() == userId)) { return true; } } if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) { return true; } if (user == null) { return false; } if (organizationIds == null) { organizationIds = user.getOrganizationIds(); } for (long organizationId : organizationIds) { Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId); if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_USERS)) { if (permissionChecker.getUserId() == user.getUserId()) { return true; } Group organizationGroup = organization.getGroup(); // Organization administrators can only manage normal users. // Owners can only manage normal users and administrators. if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_ADMINISTRATOR, true) && !UserGroupRoleLocalServiceUtil.hasUserGroupRole( permissionChecker.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } return true; } } } catch (Exception e) { _log.error(e, e); } return false; }