protected boolean isViewableGroup( PermissionChecker permissionChecker, Layout layout, String controlPanelCategory, boolean checkResourcePermission) throws PortalException, SystemException { Group group = GroupLocalServiceUtil.getGroup(layout.getGroupId()); // Inactive sites are not viewable if (!group.isActive()) { return false; } else if (group.isStagingGroup()) { Group liveGroup = group.getLiveGroup(); if (!liveGroup.isActive()) { return false; } } // User private layouts are only viewable by the user and anyone who can // update the user. The user must also be active. if (group.isUser()) { long groupUserId = group.getClassPK(); if (groupUserId == permissionChecker.getUserId()) { return true; } User groupUser = UserLocalServiceUtil.getUserById(groupUserId); if (!groupUser.isActive()) { return false; } if (layout.isPrivateLayout()) { if (GroupPermissionUtil.contains( permissionChecker, groupUser.getGroupId(), ActionKeys.MANAGE_LAYOUTS) || UserPermissionUtil.contains( permissionChecker, groupUserId, groupUser.getOrganizationIds(), ActionKeys.UPDATE)) { return true; } return false; } } // If the current group is staging, only users with editorial rights // can access it if (group.isStagingGroup()) { if (GroupPermissionUtil.contains( permissionChecker, group.getGroupId(), ActionKeys.VIEW_STAGING)) { return true; } return false; } // Control panel layouts are only viewable by authenticated users if (group.isControlPanel()) { if (!permissionChecker.isSignedIn()) { return false; } if (PortalPermissionUtil.contains(permissionChecker, ActionKeys.VIEW_CONTROL_PANEL)) { return true; } if (Validator.isNotNull(controlPanelCategory)) { return true; } return false; } // Site layouts are only viewable by users who are members of the site // or by users who can update the site if (group.isSite()) { if (GroupPermissionUtil.contains( permissionChecker, group.getGroupId(), ActionKeys.MANAGE_LAYOUTS) || GroupPermissionUtil.contains( permissionChecker, group.getGroupId(), ActionKeys.UPDATE)) { return true; } if (layout.isPrivateLayout() && !permissionChecker.isGroupMember(group.getGroupId())) { return false; } } // Organization site layouts are also viewable by users who belong to // the organization or by users who can update organization if (group.isCompany()) { return false; } else if (group.isLayoutPrototype()) { if (LayoutPrototypePermissionUtil.contains( permissionChecker, group.getClassPK(), ActionKeys.VIEW)) { return true; } return false; } else if (group.isLayoutSetPrototype()) { if (LayoutSetPrototypePermissionUtil.contains( permissionChecker, group.getClassPK(), ActionKeys.VIEW)) { return true; } return false; } else if (group.isOrganization()) { long organizationId = group.getOrganizationId(); if (OrganizationLocalServiceUtil.hasUserOrganization( permissionChecker.getUserId(), organizationId, false, false)) { return true; } else if (OrganizationPermissionUtil.contains( permissionChecker, organizationId, ActionKeys.UPDATE)) { return true; } if (!PropsValues.ORGANIZATIONS_MEMBERSHIP_STRICT) { List<Organization> userOrgs = OrganizationLocalServiceUtil.getUserOrganizations(permissionChecker.getUserId()); for (Organization organization : userOrgs) { for (Organization ancestorOrganization : organization.getAncestors()) { if (organizationId == ancestorOrganization.getOrganizationId()) { return true; } } } } } else if (group.isUserGroup()) { if (UserGroupPermissionUtil.contains( permissionChecker, group.getClassPK(), ActionKeys.UPDATE)) { return true; } } // Only check the actual Layout if all of the above failed if (containsWithoutViewableGroup( permissionChecker, layout, controlPanelCategory, ActionKeys.VIEW)) { return true; } // As a last resort, check if any top level pages are viewable by the // user List<Layout> layouts = LayoutLocalServiceUtil.getLayouts( layout.getGroupId(), layout.isPrivateLayout(), LayoutConstants.DEFAULT_PARENT_LAYOUT_ID); for (Layout curLayout : layouts) { if (!curLayout.isHidden() && containsWithoutViewableGroup( permissionChecker, curLayout, controlPanelCategory, ActionKeys.VIEW)) { return true; } } return false; }
@Override public boolean contains( PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) { if ((actionId.equals(ActionKeys.DELETE) || actionId.equals(ActionKeys.IMPERSONATE) || actionId.equals(ActionKeys.PERMISSIONS) || actionId.equals(ActionKeys.UPDATE)) && PortalUtil.isOmniadmin(userId) && !permissionChecker.isOmniadmin()) { return false; } try { User user = null; if (userId != ResourceConstants.PRIMKEY_DNE) { user = UserLocalServiceUtil.getUserById(userId); Contact contact = user.getContact(); if (permissionChecker.hasOwnerPermission( permissionChecker.getCompanyId(), User.class.getName(), userId, contact.getUserId(), actionId) || (permissionChecker.getUserId() == userId)) { return true; } } if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) { return true; } if (user == null) { return false; } if (organizationIds == null) { organizationIds = user.getOrganizationIds(); } for (long organizationId : organizationIds) { Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId); if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_USERS)) { if (permissionChecker.getUserId() == user.getUserId()) { return true; } Group organizationGroup = organization.getGroup(); // Organization administrators can only manage normal users. // Owners can only manage normal users and administrators. if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_ADMINISTRATOR, true) && !UserGroupRoleLocalServiceUtil.hasUserGroupRole( permissionChecker.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } return true; } } } catch (Exception e) { _log.error(e, e); } return false; }