@Override public boolean contains( PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) { if ((actionId.equals(ActionKeys.DELETE) || actionId.equals(ActionKeys.IMPERSONATE) || actionId.equals(ActionKeys.PERMISSIONS) || actionId.equals(ActionKeys.UPDATE)) && PortalUtil.isOmniadmin(userId) && !permissionChecker.isOmniadmin()) { return false; } try { User user = null; if (userId != ResourceConstants.PRIMKEY_DNE) { user = UserLocalServiceUtil.getUserById(userId); Contact contact = user.getContact(); if (permissionChecker.hasOwnerPermission( permissionChecker.getCompanyId(), User.class.getName(), userId, contact.getUserId(), actionId) || (permissionChecker.getUserId() == userId)) { return true; } } if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) { return true; } if (user == null) { return false; } if (organizationIds == null) { organizationIds = user.getOrganizationIds(); } for (long organizationId : organizationIds) { Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId); if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_USERS)) { if (permissionChecker.getUserId() == user.getUserId()) { return true; } Group organizationGroup = organization.getGroup(); // Organization administrators can only manage normal users. // Owners can only manage normal users and administrators. if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_ADMINISTRATOR, true) && !UserGroupRoleLocalServiceUtil.hasUserGroupRole( permissionChecker.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } return true; } } } catch (Exception e) { _log.error(e, e); } return false; }