@Override
  public boolean isChecked(Object obj) {
    User user = (User) obj;

    try {
      return UserGroupRoleLocalServiceUtil.hasUserGroupRole(
          user.getUserId(), _organization.getGroupId(), _role.getRoleId());
    } catch (Exception e) {
      _log.error(e, e);

      return false;
    }
  }
  protected void addSearchByUserRolesCriterion(
      Criteria criteria, Boolean searchByUserRoles, ServiceContext serviceContext)
      throws SystemException {

    if (searchByUserRoles == null) {
      return;
    }

    Criteria assigneesCriteria = criteria.createCriteria("assignees");

    if (!searchByUserRoles) {
      assigneesCriteria.add(Restrictions.eq("assigneeClassName", User.class.getName()));
      assigneesCriteria.add(Restrictions.eq("assigneeClassPK", serviceContext.getUserId()));

      return;
    }

    List<Long> roleIds = RoleRetrievalUtil.getRoleIds(serviceContext);

    List<UserGroupRole> userGroupRoles =
        UserGroupRoleLocalServiceUtil.getUserGroupRoles(serviceContext.getUserId());

    if (userGroupRoles.isEmpty()) {
      assigneesCriteria.add(Restrictions.eq("assigneeClassName", Role.class.getName()));
      assigneesCriteria.add(
          Restrictions.in("assigneeClassPK", roleIds.toArray(new Long[roleIds.size()])));
    } else {
      Junction junction = Restrictions.disjunction();

      junction.add(
          Restrictions.and(
              Restrictions.eq("assigneeClassName", Role.class.getName()),
              Restrictions.in("assigneeClassPK", roleIds.toArray(new Long[roleIds.size()]))));

      for (UserGroupRole userGroupRole : userGroupRoles) {
        junction.add(
            Restrictions.and(
                Restrictions.eq("groupId", userGroupRole.getGroupId()),
                Restrictions.and(
                    Restrictions.eq("assigneeClassName", Role.class.getName()),
                    Restrictions.eq("assigneeClassPK", userGroupRole.getRoleId()))));
      }

      assigneesCriteria.add(junction);
    }
  }
  @Override
  protected boolean hasPermissionImplicitlyGranted(
      PermissionChecker permissionChecker, Group group, Portlet portlet) throws Exception {

    List<UserGroupRole> userGroupRoles =
        UserGroupRoleLocalServiceUtil.getUserGroupRoles(permissionChecker.getUserId());

    for (UserGroupRole userGroupRole : userGroupRoles) {
      Role role = userGroupRole.getRole();

      String roleName = role.getName();

      if (roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR)
          || roleName.equals(RoleConstants.ORGANIZATION_OWNER)) {

        return true;
      }
    }

    List<Organization> organizations =
        OrganizationLocalServiceUtil.getUserOrganizations(permissionChecker.getUserId());

    for (Organization organization : organizations) {
      if (OrganizationPermissionUtil.contains(
          permissionChecker, organization, ActionKeys.MANAGE_USERS)) {

        return true;
      }

      if (OrganizationPermissionUtil.contains(
          permissionChecker, organization, ActionKeys.MANAGE_SUBORGANIZATIONS)) {

        return true;
      }

      /*if (OrganizationPermissionUtil.contains(
      		permissionChecker, organization.getOrganizationId(),
      		ActionKeys.VIEW)) {

      	return true;
      }*/
    }

    return false;
  }
Пример #4
0
  private static boolean _isEntityRank(
      long companyId, MBStatsUser statsUser, String entityType, String entityValue)
      throws Exception {

    long groupId = statsUser.getGroupId();
    long userId = statsUser.getUserId();

    if (entityType.equals("organization-role") || entityType.equals("site-role")) {

      Role role = RoleLocalServiceUtil.getRole(companyId, entityValue);

      if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(userId, groupId, role.getRoleId(), true)) {

        return true;
      }
    } else if (entityType.equals("organization")) {
      Organization organization =
          OrganizationLocalServiceUtil.getOrganization(companyId, entityValue);

      if (OrganizationLocalServiceUtil.hasUserOrganization(
          userId, organization.getOrganizationId(), false, false)) {

        return true;
      }
    } else if (entityType.equals("regular-role")) {
      if (RoleLocalServiceUtil.hasUserRole(userId, companyId, entityValue, true)) {

        return true;
      }
    } else if (entityType.equals("user-group")) {
      UserGroup userGroup = UserGroupLocalServiceUtil.getUserGroup(companyId, entityValue);

      if (UserLocalServiceUtil.hasUserGroupUser(userGroup.getUserGroupId(), userId)) {

        return true;
      }
    }

    return false;
  }
  @Override
  public long[] getPooledActorsIds(long companyId, long workflowTaskInstanceId)
      throws WorkflowException {

    try {
      KaleoTaskInstanceToken kaleoTaskInstanceToken =
          KaleoTaskInstanceTokenLocalServiceUtil.getKaleoTaskInstanceToken(workflowTaskInstanceId);

      List<KaleoTaskAssignment> calculatedKaleoTaskAssignments =
          getCalculatedKaleoTaskAssignments(kaleoTaskInstanceToken);

      Map<String, Long> pooledActors = new TreeMap<>(new NaturalOrderStringComparator());

      for (KaleoTaskAssignment calculatedKaleoTaskAssignment : calculatedKaleoTaskAssignments) {

        String assigneeClassName = calculatedKaleoTaskAssignment.getAssigneeClassName();
        long assigneeClassPK = calculatedKaleoTaskAssignment.getAssigneeClassPK();

        if (assigneeClassName.equals(User.class.getName())) {
          User user = UserLocalServiceUtil.fetchUser(assigneeClassPK);

          if (user != null) {
            pooledActors.put(user.getFullName(), user.getUserId());
          }

          continue;
        }

        Role role =
            RoleLocalServiceUtil.getRole(calculatedKaleoTaskAssignment.getAssigneeClassPK());

        if ((role.getType() == RoleConstants.TYPE_SITE)
            || (role.getType() == RoleConstants.TYPE_ORGANIZATION)) {

          List<UserGroupRole> userGroupRoles =
              UserGroupRoleLocalServiceUtil.getUserGroupRolesByGroupAndRole(
                  kaleoTaskInstanceToken.getGroupId(), assigneeClassPK);

          for (UserGroupRole userGroupRole : userGroupRoles) {
            User user = userGroupRole.getUser();

            pooledActors.put(user.getFullName(), user.getUserId());
          }

          List<UserGroupGroupRole> userGroupGroupRoles =
              UserGroupGroupRoleLocalServiceUtil.getUserGroupGroupRolesByGroupAndRole(
                  kaleoTaskInstanceToken.getGroupId(), assigneeClassPK);

          for (UserGroupGroupRole userGroupGroupRole : userGroupGroupRoles) {

            List<User> userGroupUsers =
                UserLocalServiceUtil.getUserGroupUsers(userGroupGroupRole.getUserGroupId());

            for (User user : userGroupUsers) {
              pooledActors.put(user.getFullName(), user.getUserId());
            }
          }
        } else {
          List<User> inheritedRoleUsers =
              UserLocalServiceUtil.getInheritedRoleUsers(
                  assigneeClassPK, QueryUtil.ALL_POS, QueryUtil.ALL_POS, null);

          for (User user : inheritedRoleUsers) {
            pooledActors.put(user.getFullName(), user.getUserId());
          }
        }
      }

      return ArrayUtil.toLongArray(pooledActors.values());
    } catch (Exception e) {
      throw new WorkflowException(e);
    }
  }
  protected Query doGetPermissionQuery(
      long companyId,
      long[] groupIds,
      long userId,
      String className,
      Query query,
      SearchContext searchContext)
      throws Exception {

    Indexer indexer = IndexerRegistryUtil.getIndexer(className);

    if (!indexer.isPermissionAware()) {
      return query;
    }

    PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker();

    AdvancedPermissionChecker advancedPermissionChecker = null;

    if ((permissionChecker != null) && (permissionChecker instanceof AdvancedPermissionChecker)) {

      advancedPermissionChecker = (AdvancedPermissionChecker) permissionChecker;
    }

    if (advancedPermissionChecker == null) {
      return query;
    }

    PermissionCheckerBag permissionCheckerBag =
        getPermissionCheckerBag(advancedPermissionChecker, userId);

    if (permissionCheckerBag == null) {
      return query;
    }

    List<Group> groups = new UniqueList<Group>();
    List<Role> roles = new UniqueList<Role>();
    List<UserGroupRole> userGroupRoles = new UniqueList<UserGroupRole>();
    Map<Long, List<Role>> groupIdsToRoles = new HashMap<Long, List<Role>>();

    roles.addAll(permissionCheckerBag.getRoles());

    if (ArrayUtil.isEmpty(groupIds)) {
      groups.addAll(GroupLocalServiceUtil.getUserGroups(userId, true));
      groups.addAll(permissionCheckerBag.getGroups());

      userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId);
    } else {
      groups.addAll(permissionCheckerBag.getGroups());

      for (long groupId : groupIds) {
        if (GroupLocalServiceUtil.hasUserGroup(userId, groupId)) {
          Group group = GroupLocalServiceUtil.getGroup(groupId);

          groups.add(group);
        }

        userGroupRoles.addAll(UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId, groupId));
        userGroupRoles.addAll(
            UserGroupRoleLocalServiceUtil.getUserGroupRolesByUserUserGroupAndGroup(
                userId, groupId));
      }
    }

    if (advancedPermissionChecker.isSignedIn()) {
      roles.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST));
    }

    for (Group group : groups) {
      PermissionCheckerBag userBag =
          advancedPermissionChecker.getUserBag(userId, group.getGroupId());

      List<Role> groupRoles = userBag.getRoles();

      groupIdsToRoles.put(group.getGroupId(), groupRoles);

      roles.addAll(groupRoles);
    }

    return doGetPermissionQuery_6(
        companyId,
        groupIds,
        userId,
        className,
        query,
        searchContext,
        advancedPermissionChecker,
        groups,
        roles,
        userGroupRoles,
        groupIdsToRoles);
  }
Пример #7
0
  public static void getRole(HttpServletRequest request) throws Exception {
    ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY);

    PermissionChecker permissionChecker = themeDisplay.getPermissionChecker();

    long roleId = ParamUtil.getLong(request, "roleId");

    Role role = null;

    Group group = (Group) request.getAttribute(WebKeys.GROUP);

    if ((group != null) && group.isOrganization()) {
      long organizationId = group.getOrganizationId();

      while (organizationId != OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) {

        Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);

        long organizationGroupId = organization.getGroupId();

        if (GroupPermissionUtil.contains(
                permissionChecker, organizationGroupId, ActionKeys.ASSIGN_USER_ROLES)
            || OrganizationPermissionUtil.contains(
                permissionChecker, organizationId, ActionKeys.ASSIGN_USER_ROLES)
            || UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                themeDisplay.getUserId(),
                organizationGroupId,
                RoleConstants.ORGANIZATION_ADMINISTRATOR,
                true)
            || UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                themeDisplay.getUserId(),
                organizationGroupId,
                RoleConstants.ORGANIZATION_OWNER,
                true)) {

          if (roleId > 0) {
            role = RoleLocalServiceUtil.getRole(roleId);
          }

          break;
        }

        organizationId = organization.getParentOrganizationId();
      }

      if ((roleId > 0) && (role == null)) {
        role = RoleServiceUtil.getRole(roleId);
      }
    } else if ((group != null) && group.isRegularSite()) {
      if (GroupPermissionUtil.contains(permissionChecker, group, ActionKeys.ASSIGN_USER_ROLES)
          || UserGroupRoleLocalServiceUtil.hasUserGroupRole(
              themeDisplay.getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR, true)
          || UserGroupRoleLocalServiceUtil.hasUserGroupRole(
              themeDisplay.getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER, true)) {

        if (roleId > 0) {
          role = RoleLocalServiceUtil.getRole(roleId);
        }
      } else {
        if (roleId > 0) {
          role = RoleServiceUtil.getRole(roleId);
        }
      }
    } else {
      if (roleId > 0) {
        role = RoleServiceUtil.getRole(roleId);
      }
    }

    request.setAttribute(WebKeys.ROLE, role);
  }
  @Override
  public boolean contains(
      PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {

    if ((actionId.equals(ActionKeys.DELETE)
            || actionId.equals(ActionKeys.IMPERSONATE)
            || actionId.equals(ActionKeys.PERMISSIONS)
            || actionId.equals(ActionKeys.UPDATE))
        && PortalUtil.isOmniadmin(userId)
        && !permissionChecker.isOmniadmin()) {

      return false;
    }

    try {
      User user = null;

      if (userId != ResourceConstants.PRIMKEY_DNE) {
        user = UserLocalServiceUtil.getUserById(userId);

        Contact contact = user.getContact();

        if (permissionChecker.hasOwnerPermission(
                permissionChecker.getCompanyId(),
                User.class.getName(),
                userId,
                contact.getUserId(),
                actionId)
            || (permissionChecker.getUserId() == userId)) {

          return true;
        }
      }

      if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {

        return true;
      }

      if (user == null) {
        return false;
      }

      if (organizationIds == null) {
        organizationIds = user.getOrganizationIds();
      }

      for (long organizationId : organizationIds) {
        Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);

        if (OrganizationPermissionUtil.contains(
            permissionChecker, organization, ActionKeys.MANAGE_USERS)) {

          if (permissionChecker.getUserId() == user.getUserId()) {
            return true;
          }

          Group organizationGroup = organization.getGroup();

          // Organization administrators can only manage normal users.
          // Owners can only manage normal users and administrators.

          if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
              user.getUserId(),
              organizationGroup.getGroupId(),
              RoleConstants.ORGANIZATION_OWNER,
              true)) {

            continue;
          } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  user.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_ADMINISTRATOR,
                  true)
              && !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  permissionChecker.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_OWNER,
                  true)) {

            continue;
          }

          return true;
        }
      }
    } catch (Exception e) {
      _log.error(e, e);
    }

    return false;
  }