@Override public boolean isChecked(Object obj) { User user = (User) obj; try { return UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), _organization.getGroupId(), _role.getRoleId()); } catch (Exception e) { _log.error(e, e); return false; } }
protected void addSearchByUserRolesCriterion( Criteria criteria, Boolean searchByUserRoles, ServiceContext serviceContext) throws SystemException { if (searchByUserRoles == null) { return; } Criteria assigneesCriteria = criteria.createCriteria("assignees"); if (!searchByUserRoles) { assigneesCriteria.add(Restrictions.eq("assigneeClassName", User.class.getName())); assigneesCriteria.add(Restrictions.eq("assigneeClassPK", serviceContext.getUserId())); return; } List<Long> roleIds = RoleRetrievalUtil.getRoleIds(serviceContext); List<UserGroupRole> userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(serviceContext.getUserId()); if (userGroupRoles.isEmpty()) { assigneesCriteria.add(Restrictions.eq("assigneeClassName", Role.class.getName())); assigneesCriteria.add( Restrictions.in("assigneeClassPK", roleIds.toArray(new Long[roleIds.size()]))); } else { Junction junction = Restrictions.disjunction(); junction.add( Restrictions.and( Restrictions.eq("assigneeClassName", Role.class.getName()), Restrictions.in("assigneeClassPK", roleIds.toArray(new Long[roleIds.size()])))); for (UserGroupRole userGroupRole : userGroupRoles) { junction.add( Restrictions.and( Restrictions.eq("groupId", userGroupRole.getGroupId()), Restrictions.and( Restrictions.eq("assigneeClassName", Role.class.getName()), Restrictions.eq("assigneeClassPK", userGroupRole.getRoleId())))); } assigneesCriteria.add(junction); } }
@Override protected boolean hasPermissionImplicitlyGranted( PermissionChecker permissionChecker, Group group, Portlet portlet) throws Exception { List<UserGroupRole> userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(permissionChecker.getUserId()); for (UserGroupRole userGroupRole : userGroupRoles) { Role role = userGroupRole.getRole(); String roleName = role.getName(); if (roleName.equals(RoleConstants.ORGANIZATION_ADMINISTRATOR) || roleName.equals(RoleConstants.ORGANIZATION_OWNER)) { return true; } } List<Organization> organizations = OrganizationLocalServiceUtil.getUserOrganizations(permissionChecker.getUserId()); for (Organization organization : organizations) { if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_USERS)) { return true; } if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_SUBORGANIZATIONS)) { return true; } /*if (OrganizationPermissionUtil.contains( permissionChecker, organization.getOrganizationId(), ActionKeys.VIEW)) { return true; }*/ } return false; }
private static boolean _isEntityRank( long companyId, MBStatsUser statsUser, String entityType, String entityValue) throws Exception { long groupId = statsUser.getGroupId(); long userId = statsUser.getUserId(); if (entityType.equals("organization-role") || entityType.equals("site-role")) { Role role = RoleLocalServiceUtil.getRole(companyId, entityValue); if (UserGroupRoleLocalServiceUtil.hasUserGroupRole(userId, groupId, role.getRoleId(), true)) { return true; } } else if (entityType.equals("organization")) { Organization organization = OrganizationLocalServiceUtil.getOrganization(companyId, entityValue); if (OrganizationLocalServiceUtil.hasUserOrganization( userId, organization.getOrganizationId(), false, false)) { return true; } } else if (entityType.equals("regular-role")) { if (RoleLocalServiceUtil.hasUserRole(userId, companyId, entityValue, true)) { return true; } } else if (entityType.equals("user-group")) { UserGroup userGroup = UserGroupLocalServiceUtil.getUserGroup(companyId, entityValue); if (UserLocalServiceUtil.hasUserGroupUser(userGroup.getUserGroupId(), userId)) { return true; } } return false; }
@Override public long[] getPooledActorsIds(long companyId, long workflowTaskInstanceId) throws WorkflowException { try { KaleoTaskInstanceToken kaleoTaskInstanceToken = KaleoTaskInstanceTokenLocalServiceUtil.getKaleoTaskInstanceToken(workflowTaskInstanceId); List<KaleoTaskAssignment> calculatedKaleoTaskAssignments = getCalculatedKaleoTaskAssignments(kaleoTaskInstanceToken); Map<String, Long> pooledActors = new TreeMap<>(new NaturalOrderStringComparator()); for (KaleoTaskAssignment calculatedKaleoTaskAssignment : calculatedKaleoTaskAssignments) { String assigneeClassName = calculatedKaleoTaskAssignment.getAssigneeClassName(); long assigneeClassPK = calculatedKaleoTaskAssignment.getAssigneeClassPK(); if (assigneeClassName.equals(User.class.getName())) { User user = UserLocalServiceUtil.fetchUser(assigneeClassPK); if (user != null) { pooledActors.put(user.getFullName(), user.getUserId()); } continue; } Role role = RoleLocalServiceUtil.getRole(calculatedKaleoTaskAssignment.getAssigneeClassPK()); if ((role.getType() == RoleConstants.TYPE_SITE) || (role.getType() == RoleConstants.TYPE_ORGANIZATION)) { List<UserGroupRole> userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRolesByGroupAndRole( kaleoTaskInstanceToken.getGroupId(), assigneeClassPK); for (UserGroupRole userGroupRole : userGroupRoles) { User user = userGroupRole.getUser(); pooledActors.put(user.getFullName(), user.getUserId()); } List<UserGroupGroupRole> userGroupGroupRoles = UserGroupGroupRoleLocalServiceUtil.getUserGroupGroupRolesByGroupAndRole( kaleoTaskInstanceToken.getGroupId(), assigneeClassPK); for (UserGroupGroupRole userGroupGroupRole : userGroupGroupRoles) { List<User> userGroupUsers = UserLocalServiceUtil.getUserGroupUsers(userGroupGroupRole.getUserGroupId()); for (User user : userGroupUsers) { pooledActors.put(user.getFullName(), user.getUserId()); } } } else { List<User> inheritedRoleUsers = UserLocalServiceUtil.getInheritedRoleUsers( assigneeClassPK, QueryUtil.ALL_POS, QueryUtil.ALL_POS, null); for (User user : inheritedRoleUsers) { pooledActors.put(user.getFullName(), user.getUserId()); } } } return ArrayUtil.toLongArray(pooledActors.values()); } catch (Exception e) { throw new WorkflowException(e); } }
protected Query doGetPermissionQuery( long companyId, long[] groupIds, long userId, String className, Query query, SearchContext searchContext) throws Exception { Indexer indexer = IndexerRegistryUtil.getIndexer(className); if (!indexer.isPermissionAware()) { return query; } PermissionChecker permissionChecker = PermissionThreadLocal.getPermissionChecker(); AdvancedPermissionChecker advancedPermissionChecker = null; if ((permissionChecker != null) && (permissionChecker instanceof AdvancedPermissionChecker)) { advancedPermissionChecker = (AdvancedPermissionChecker) permissionChecker; } if (advancedPermissionChecker == null) { return query; } PermissionCheckerBag permissionCheckerBag = getPermissionCheckerBag(advancedPermissionChecker, userId); if (permissionCheckerBag == null) { return query; } List<Group> groups = new UniqueList<Group>(); List<Role> roles = new UniqueList<Role>(); List<UserGroupRole> userGroupRoles = new UniqueList<UserGroupRole>(); Map<Long, List<Role>> groupIdsToRoles = new HashMap<Long, List<Role>>(); roles.addAll(permissionCheckerBag.getRoles()); if (ArrayUtil.isEmpty(groupIds)) { groups.addAll(GroupLocalServiceUtil.getUserGroups(userId, true)); groups.addAll(permissionCheckerBag.getGroups()); userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId); } else { groups.addAll(permissionCheckerBag.getGroups()); for (long groupId : groupIds) { if (GroupLocalServiceUtil.hasUserGroup(userId, groupId)) { Group group = GroupLocalServiceUtil.getGroup(groupId); groups.add(group); } userGroupRoles.addAll(UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId, groupId)); userGroupRoles.addAll( UserGroupRoleLocalServiceUtil.getUserGroupRolesByUserUserGroupAndGroup( userId, groupId)); } } if (advancedPermissionChecker.isSignedIn()) { roles.add(RoleLocalServiceUtil.getRole(companyId, RoleConstants.GUEST)); } for (Group group : groups) { PermissionCheckerBag userBag = advancedPermissionChecker.getUserBag(userId, group.getGroupId()); List<Role> groupRoles = userBag.getRoles(); groupIdsToRoles.put(group.getGroupId(), groupRoles); roles.addAll(groupRoles); } return doGetPermissionQuery_6( companyId, groupIds, userId, className, query, searchContext, advancedPermissionChecker, groups, roles, userGroupRoles, groupIdsToRoles); }
public static void getRole(HttpServletRequest request) throws Exception { ThemeDisplay themeDisplay = (ThemeDisplay) request.getAttribute(WebKeys.THEME_DISPLAY); PermissionChecker permissionChecker = themeDisplay.getPermissionChecker(); long roleId = ParamUtil.getLong(request, "roleId"); Role role = null; Group group = (Group) request.getAttribute(WebKeys.GROUP); if ((group != null) && group.isOrganization()) { long organizationId = group.getOrganizationId(); while (organizationId != OrganizationConstants.DEFAULT_PARENT_ORGANIZATION_ID) { Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId); long organizationGroupId = organization.getGroupId(); if (GroupPermissionUtil.contains( permissionChecker, organizationGroupId, ActionKeys.ASSIGN_USER_ROLES) || OrganizationPermissionUtil.contains( permissionChecker, organizationId, ActionKeys.ASSIGN_USER_ROLES) || UserGroupRoleLocalServiceUtil.hasUserGroupRole( themeDisplay.getUserId(), organizationGroupId, RoleConstants.ORGANIZATION_ADMINISTRATOR, true) || UserGroupRoleLocalServiceUtil.hasUserGroupRole( themeDisplay.getUserId(), organizationGroupId, RoleConstants.ORGANIZATION_OWNER, true)) { if (roleId > 0) { role = RoleLocalServiceUtil.getRole(roleId); } break; } organizationId = organization.getParentOrganizationId(); } if ((roleId > 0) && (role == null)) { role = RoleServiceUtil.getRole(roleId); } } else if ((group != null) && group.isRegularSite()) { if (GroupPermissionUtil.contains(permissionChecker, group, ActionKeys.ASSIGN_USER_ROLES) || UserGroupRoleLocalServiceUtil.hasUserGroupRole( themeDisplay.getUserId(), group.getGroupId(), RoleConstants.SITE_ADMINISTRATOR, true) || UserGroupRoleLocalServiceUtil.hasUserGroupRole( themeDisplay.getUserId(), group.getGroupId(), RoleConstants.SITE_OWNER, true)) { if (roleId > 0) { role = RoleLocalServiceUtil.getRole(roleId); } } else { if (roleId > 0) { role = RoleServiceUtil.getRole(roleId); } } } else { if (roleId > 0) { role = RoleServiceUtil.getRole(roleId); } } request.setAttribute(WebKeys.ROLE, role); }
@Override public boolean contains( PermissionChecker permissionChecker, long userId, long[] organizationIds, String actionId) { if ((actionId.equals(ActionKeys.DELETE) || actionId.equals(ActionKeys.IMPERSONATE) || actionId.equals(ActionKeys.PERMISSIONS) || actionId.equals(ActionKeys.UPDATE)) && PortalUtil.isOmniadmin(userId) && !permissionChecker.isOmniadmin()) { return false; } try { User user = null; if (userId != ResourceConstants.PRIMKEY_DNE) { user = UserLocalServiceUtil.getUserById(userId); Contact contact = user.getContact(); if (permissionChecker.hasOwnerPermission( permissionChecker.getCompanyId(), User.class.getName(), userId, contact.getUserId(), actionId) || (permissionChecker.getUserId() == userId)) { return true; } } if (permissionChecker.hasPermission(0, User.class.getName(), userId, actionId)) { return true; } if (user == null) { return false; } if (organizationIds == null) { organizationIds = user.getOrganizationIds(); } for (long organizationId : organizationIds) { Organization organization = OrganizationLocalServiceUtil.getOrganization(organizationId); if (OrganizationPermissionUtil.contains( permissionChecker, organization, ActionKeys.MANAGE_USERS)) { if (permissionChecker.getUserId() == user.getUserId()) { return true; } Group organizationGroup = organization.getGroup(); // Organization administrators can only manage normal users. // Owners can only manage normal users and administrators. if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } else if (UserGroupRoleLocalServiceUtil.hasUserGroupRole( user.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_ADMINISTRATOR, true) && !UserGroupRoleLocalServiceUtil.hasUserGroupRole( permissionChecker.getUserId(), organizationGroup.getGroupId(), RoleConstants.ORGANIZATION_OWNER, true)) { continue; } return true; } } } catch (Exception e) { _log.error(e, e); } return false; }