protected void initActionableDynamicQuery(ActionableDynamicQuery actionableDynamicQuery) {
    actionableDynamicQuery.setBaseLocalService(
        com.liferay.portal.kernel.service.UserGroupRoleLocalServiceUtil.getService());
    actionableDynamicQuery.setClassLoader(getClassLoader());
    actionableDynamicQuery.setModelClass(UserGroupRole.class);

    actionableDynamicQuery.setPrimaryKeyPropertyName("primaryKey.userId");

    actionableDynamicQuery.setGroupIdPropertyName("primaryKey.groupId");
  }
  @Override
  public ActionableDynamicQuery getActionableDynamicQuery() {
    ActionableDynamicQuery actionableDynamicQuery = new DefaultActionableDynamicQuery();

    actionableDynamicQuery.setBaseLocalService(
        com.liferay.portal.kernel.service.UserGroupRoleLocalServiceUtil.getService());
    actionableDynamicQuery.setClassLoader(getClassLoader());
    actionableDynamicQuery.setModelClass(UserGroupRole.class);

    actionableDynamicQuery.setPrimaryKeyPropertyName("primaryKey.userId");

    actionableDynamicQuery.setGroupIdPropertyName("primaryKey.groupId");

    return actionableDynamicQuery;
  }
  @Override
  public boolean contains(
      PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) {

    try {
      User user = null;

      if (userId != ResourceConstants.PRIMKEY_DNE) {
        user = UserLocalServiceUtil.getUserById(userId);

        if ((actionId.equals(ActionKeys.DELETE)
                || actionId.equals(ActionKeys.IMPERSONATE)
                || actionId.equals(ActionKeys.PERMISSIONS)
                || actionId.equals(ActionKeys.UPDATE)
                || actionId.equals(ActionKeys.VIEW))
            && !permissionChecker.isOmniadmin()
            && (PortalUtil.isOmniadmin(user)
                || (!permissionChecker.isCompanyAdmin() && PortalUtil.isCompanyAdmin(user)))) {

          return false;
        }

        Contact contact = user.getContact();

        if (permissionChecker.hasOwnerPermission(
                permissionChecker.getCompanyId(),
                User.class.getName(),
                userId,
                contact.getUserId(),
                actionId)
            || (permissionChecker.getUserId() == userId)) {

          return true;
        }
      }

      if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) {

        return true;
      }

      if (user == null) {
        return false;
      }

      if (organizationIds == null) {
        organizationIds = user.getOrganizationIds();
      }

      for (long organizationId : organizationIds) {
        Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId);

        if (OrganizationPermissionUtil.contains(
            permissionChecker, organization, ActionKeys.MANAGE_USERS)) {

          if (permissionChecker.getUserId() == user.getUserId()) {
            return true;
          }

          Group organizationGroup = organization.getGroup();

          // Organization administrators can only manage normal users.
          // Owners can only manage normal users and administrators.

          if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
              user.getUserId(),
              organizationGroup.getGroupId(),
              RoleConstants.ORGANIZATION_OWNER,
              true)) {

            continue;
          } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  user.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_ADMINISTRATOR,
                  true)
              && !UserGroupRoleLocalServiceUtil.hasUserGroupRole(
                  permissionChecker.getUserId(),
                  organizationGroup.getGroupId(),
                  RoleConstants.ORGANIZATION_OWNER,
                  true)) {

            continue;
          }

          return true;
        }
      }
    } catch (Exception e) {
      _log.error(e, e);
    }

    return false;
  }