public LinkedHashMap<String, Object> getGroupParams() throws PortalException {
if (_groupParams != null) {
return _groupParams;
}
long groupId = ParamUtil.getLong(_request, "groupId");
boolean includeCurrentGroup = ParamUtil.getBoolean(_request, "includeCurrentGroup", true);
String type = getType();
ThemeDisplay themeDisplay = (ThemeDisplay) _request.getAttribute(WebKeys.THEME_DISPLAY);
PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
User user = themeDisplay.getUser();
boolean filterManageableGroups = true;
if (permissionChecker.isCompanyAdmin()) {
filterManageableGroups = false;
}
_groupParams = new LinkedHashMap<>();
_groupParams.put("active", Boolean.TRUE);
if (isManualMembership()) {
_groupParams.put("manualMembership", Boolean.TRUE);
}
if (type.equals("child-sites")) {
Group parentGroup = GroupLocalServiceUtil.getGroup(groupId);
List<Group> parentGroups = new ArrayList<>();
parentGroups.add(parentGroup);
_groupParams.put("groupsTree", parentGroups);
} else if (filterManageableGroups) {
_groupParams.put("usersGroups", user.getUserId());
}
_groupParams.put("site", Boolean.TRUE);
if (!includeCurrentGroup && (groupId > 0)) {
List<Long> excludedGroupIds = new ArrayList<>();
Group group = GroupLocalServiceUtil.getGroup(groupId);
if (group.isStagingGroup()) {
excludedGroupIds.add(group.getLiveGroupId());
} else {
excludedGroupIds.add(groupId);
}
_groupParams.put("excludedGroupIds", excludedGroupIds);
}
return _groupParams;
}
/**
* Returns a range of all the site groups for which the user has control panel access.
*
* @param portlets the portlets to manage
* @param max the upper bound of the range of groups to consider (not inclusive)
* @return the range of site groups for which the user has Control Panel access
* @throws PortalException if a portal exception occurred
*/
@Override
public List<Group> getManageableSiteGroups(Collection<Portlet> portlets, int max)
throws PortalException {
PermissionChecker permissionChecker = getPermissionChecker();
if (permissionChecker.isCompanyAdmin()) {
LinkedHashMap<String, Object> params = new LinkedHashMap<>();
params.put("site", Boolean.TRUE);
return ListUtil.unique(
groupLocalService.search(
permissionChecker.getCompanyId(), null, null, null, params, true, 0, max));
}
Set<Group> groups = new LinkedHashSet<>();
List<Group> userSitesGroups = getUserSitesGroups(null, max);
Iterator<Group> itr = userSitesGroups.iterator();
while (itr.hasNext()) {
Group group = itr.next();
if (group.isSite()
&& PortletPermissionUtil.hasControlPanelAccessPermission(
permissionChecker, group.getGroupId(), portlets)) {
groups.add(group);
}
}
return new ArrayList<>(groups);
}
protected boolean isFilterManageableGroups(PortletRequest portletRequest) {
ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);
PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
if (permissionChecker.isCompanyAdmin()) {
return false;
}
if (GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) {
return false;
}
return true;
}
@Override
protected boolean isProcessPortletRequest(PortletRequest portletRequest) {
ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);
PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
if (permissionChecker.isCompanyAdmin()) {
return true;
}
Group group = themeDisplay.getScopeGroup();
if (group.isSite() && permissionChecker.isGroupAdmin(themeDisplay.getScopeGroupId())) {
return true;
}
return false;
}
protected LinkedHashMap<String, Object> getGroupParams(
PortletRequest portletRequest, GroupSearchTerms searchTerms, long parentGroupId)
throws PortalException {
ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY);
LinkedHashMap<String, Object> groupParams = new LinkedHashMap<>();
groupParams.put("site", Boolean.TRUE);
PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();
User user = themeDisplay.getUser();
if (searchTerms.hasSearchTerms()) {
if (isFilterManageableGroups(portletRequest)) {
groupParams.put("groupsTree", getAllGroups(portletRequest));
} else if (parentGroupId > 0) {
List<Group> groupsTree = new ArrayList<>();
Group parentGroup = _groupLocalService.getGroup(parentGroupId);
groupsTree.add(parentGroup);
groupParams.put("groupsTree", groupsTree);
}
if (!permissionChecker.isCompanyAdmin()
&& !GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) {
groupParams.put("usersGroups", Long.valueOf(user.getUserId()));
}
}
return groupParams;
}
@Override
public boolean contains(
PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {
try {
User user = null;
if (userId != ResourceConstants.PRIMKEY_DNE) {
user = UserLocalServiceUtil.getUserById(userId);
if ((actionId.equals(ActionKeys.DELETE)
|| actionId.equals(ActionKeys.IMPERSONATE)
|| actionId.equals(ActionKeys.PERMISSIONS)
|| actionId.equals(ActionKeys.UPDATE)
|| actionId.equals(ActionKeys.VIEW))
&& !permissionChecker.isOmniadmin()
&& (PortalUtil.isOmniadmin(user)
|| (!permissionChecker.isCompanyAdmin() && PortalUtil.isCompanyAdmin(user)))) {
return false;
}
Contact contact = user.getContact();
if (permissionChecker.hasOwnerPermission(
permissionChecker.getCompanyId(),
User.class.getName(),
userId,
contact.getUserId(),
actionId)
|| (permissionChecker.getUserId() == userId)) {
return true;
}
}
if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {
return true;
}
if (user == null) {
return false;
}
if (organizationIds == null) {
organizationIds = user.getOrganizationIds();
}
for (long organizationId : organizationIds) {
Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);
if (OrganizationPermissionUtil.contains(
permissionChecker, organization, ActionKeys.MANAGE_USERS)) {
if (permissionChecker.getUserId() == user.getUserId()) {
return true;
}
Group organizationGroup = organization.getGroup();
// Organization administrators can only manage normal users.
// Owners can only manage normal users and administrators.
if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_OWNER,
true)) {
continue;
} else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
user.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_ADMINISTRATOR,
true)
&& !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
permissionChecker.getUserId(),
organizationGroup.getGroupId(),
RoleConstants.ORGANIZATION_OWNER,
true)) {
continue;
}
return true;
}
}
} catch (Exception e) {
_log.error(e, e);
}
return false;
}