public LinkedHashMap<String, Object> getGroupParams() throws PortalException { if (_groupParams != null) { return _groupParams; } long groupId = ParamUtil.getLong(_request, "groupId"); boolean includeCurrentGroup = ParamUtil.getBoolean(_request, "includeCurrentGroup", true); String type = getType(); ThemeDisplay themeDisplay = (ThemeDisplay) _request.getAttribute(WebKeys.THEME_DISPLAY); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); User user = themeDisplay.getUser(); boolean filterManageableGroups = true; if (permissionChecker.isCompanyAdmin()) { filterManageableGroups = false; } _groupParams = new LinkedHashMap<>(); _groupParams.put("active", Boolean.TRUE); if (isManualMembership()) { _groupParams.put("manualMembership", Boolean.TRUE); } if (type.equals("child-sites")) { Group parentGroup = GroupLocalServiceUtil.getGroup(groupId); List<Group> parentGroups = new ArrayList<>(); parentGroups.add(parentGroup); _groupParams.put("groupsTree", parentGroups); } else if (filterManageableGroups) { _groupParams.put("usersGroups", user.getUserId()); } _groupParams.put("site", Boolean.TRUE); if (!includeCurrentGroup && (groupId > 0)) { List<Long> excludedGroupIds = new ArrayList<>(); Group group = GroupLocalServiceUtil.getGroup(groupId); if (group.isStagingGroup()) { excludedGroupIds.add(group.getLiveGroupId()); } else { excludedGroupIds.add(groupId); } _groupParams.put("excludedGroupIds", excludedGroupIds); } return _groupParams; }
/** * Returns a range of all the site groups for which the user has control panel access. * * @param portlets the portlets to manage * @param max the upper bound of the range of groups to consider (not inclusive) * @return the range of site groups for which the user has Control Panel access * @throws PortalException if a portal exception occurred */ @Override public List<Group> getManageableSiteGroups(Collection<Portlet> portlets, int max) throws PortalException { PermissionChecker permissionChecker = getPermissionChecker(); if (permissionChecker.isCompanyAdmin()) { LinkedHashMap<String, Object> params = new LinkedHashMap<>(); params.put("site", Boolean.TRUE); return ListUtil.unique( groupLocalService.search( permissionChecker.getCompanyId(), null, null, null, params, true, 0, max)); } Set<Group> groups = new LinkedHashSet<>(); List<Group> userSitesGroups = getUserSitesGroups(null, max); Iterator<Group> itr = userSitesGroups.iterator(); while (itr.hasNext()) { Group group = itr.next(); if (group.isSite() && PortletPermissionUtil.hasControlPanelAccessPermission( permissionChecker, group.getGroupId(), portlets)) { groups.add(group); } } return new ArrayList<>(groups); }
protected boolean isFilterManageableGroups(PortletRequest portletRequest) { ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); if (permissionChecker.isCompanyAdmin()) { return false; } if (GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) { return false; } return true; }
@Override protected boolean isProcessPortletRequest(PortletRequest portletRequest) { ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); if (permissionChecker.isCompanyAdmin()) { return true; } Group group = themeDisplay.getScopeGroup(); if (group.isSite() && permissionChecker.isGroupAdmin(themeDisplay.getScopeGroupId())) { return true; } return false; }
protected LinkedHashMap<String, Object> getGroupParams( PortletRequest portletRequest, GroupSearchTerms searchTerms, long parentGroupId) throws PortalException { ThemeDisplay themeDisplay = (ThemeDisplay) portletRequest.getAttribute(WebKeys.THEME_DISPLAY); LinkedHashMap<String, Object> groupParams = new LinkedHashMap<>(); groupParams.put("site", Boolean.TRUE); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); User user = themeDisplay.getUser(); if (searchTerms.hasSearchTerms()) { if (isFilterManageableGroups(portletRequest)) { groupParams.put("groupsTree", getAllGroups(portletRequest)); } else if (parentGroupId > 0) { List<Group> groupsTree = new ArrayList<>(); Group parentGroup = _groupLocalService.getGroup(parentGroupId); groupsTree.add(parentGroup); groupParams.put("groupsTree", groupsTree); } if (!permissionChecker.isCompanyAdmin() && !GroupPermissionUtil.contains(permissionChecker, ActionKeys.VIEW)) { groupParams.put("usersGroups", Long.valueOf(user.getUserId())); } } return groupParams; }
@Override public boolean contains( PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) { try { User user = null; if (userId != ResourceConstants.PRIMKEY_DNE) { user = UserLocalServiceUtil.getUserById(userId); if ((actionId.equals(ActionKeys.DELETE) || actionId.equals(ActionKeys.IMPERSONATE) || actionId.equals(ActionKeys.PERMISSIONS) || actionId.equals(ActionKeys.UPDATE) || actionId.equals(ActionKeys.VIEW)) && !permissionChecker.isOmniadmin() && (PortalUtil.isOmniadmin(user) || (!permissionChecker.isCompanyAdmin() && PortalUtil.isCompanyAdmin(user)))) { return false; } Contact contact = user.getContact(); if (permissionChecker.hasOwnerPermission( permissionChecker.getCompanyId(), User.class.getName(), userId, contact.getUserId(), actionId) || (permissionChecker.getUserId() == userId)) { return true; } } if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) { return true; } if (user == null) { return false; } if (organizationIds == null) { organizationIds = user.getOrganizationIds(); } for (long organizationId : organizationIds) { Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId); if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_USERS)) { if (permissionChecker.getUserId() == user.getUserId()) { return true; } Group organizationGroup = organization.getGroup(); // Organization administrators can only manage normal users. // Owners can only manage normal users and administrators. if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_ADMINISTRATOR, true) && !UserGroupRoleLocalServiceUtil.hasUserGroupRole( permissionChecker.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } return true; } } } catch (Exception e) { _log.error(e, e); } return false; }