/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/
package com.liferay.portal.workflow.task.web.internal.permission;
import com.liferay.asset.kernel.model.AssetRenderer;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.Group;
import com.liferay.portal.kernel.model.Role;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.permission.PermissionChecker;
import com.liferay.portal.kernel.service.GroupLocalServiceUtil;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.MapUtil;
import com.liferay.portal.kernel.workflow.WorkflowConstants;
import com.liferay.portal.kernel.workflow.WorkflowHandler;
import com.liferay.portal.kernel.workflow.WorkflowHandlerRegistryUtil;
import com.liferay.portal.kernel.workflow.WorkflowTask;
import com.liferay.portal.kernel.workflow.WorkflowTaskAssignee;
import java.io.Serializable;
import java.util.Map;
/**
* @author Adam Brandizzi
*/
public class WorkflowTaskPermissionChecker {
public boolean hasPermission(
long groupId, WorkflowTask workflowTask,
PermissionChecker permissionChecker) {
if (permissionChecker.isOmniadmin() ||
permissionChecker.isCompanyAdmin() ||
(workflowTask.isCompleted() &&
hasAssetViewPermission(workflowTask, permissionChecker))) {
return true;
}
if (!hasAssetViewPermission(workflowTask, permissionChecker) &&
!permissionChecker.isContentReviewer(
permissionChecker.getCompanyId(), groupId)) {
return false;
}
long[] roleIds = getRoleIds(groupId, permissionChecker);
for (WorkflowTaskAssignee workflowTaskAssignee :
workflowTask.getWorkflowTaskAssignees()) {
if (isWorkflowTaskAssignableToRoles(
workflowTaskAssignee, roleIds) ||
isWorkflowTaskAssignableToUser(
workflowTaskAssignee, permissionChecker.getUserId())) {
return true;
}
}
return false;
}
protected long[] getRoleIds(
long groupId, PermissionChecker permissionChecker) {
long[] roleIds = permissionChecker.getRoleIds(
permissionChecker.getUserId(), groupId);
try {
Group group = GroupLocalServiceUtil.getGroup(groupId);
for (Group ancestorGroup : group.getAncestors()) {
long[] ancestorRoleIds = permissionChecker.getRoleIds(
permissionChecker.getUserId(), ancestorGroup.getGroupId());
roleIds = ArrayUtil.append(roleIds, ancestorRoleIds);
}
}
catch (PortalException pe) {
_log.error(pe, pe);
}
return roleIds;
}
protected boolean hasAssetViewPermission(
WorkflowTask workflowTask, PermissionChecker permissionChecker) {
Map<String, Serializable> optionalAttributes =
workflowTask.getOptionalAttributes();
String className = MapUtil.getString(
optionalAttributes, WorkflowConstants.CONTEXT_ENTRY_CLASS_NAME);
long classPK = MapUtil.getLong(
optionalAttributes, WorkflowConstants.CONTEXT_ENTRY_CLASS_PK);
WorkflowHandler<?> workflowHandler =
WorkflowHandlerRegistryUtil.getWorkflowHandler(className);
if (workflowHandler == null) {
return false;
}
try {
AssetRenderer<?> assetRenderer = workflowHandler.getAssetRenderer(
classPK);
return assetRenderer.hasViewPermission(permissionChecker);
}
catch (PortalException pe) {
_log.error(pe, pe);
}
return false;
}
protected boolean isWorkflowTaskAssignableToRoles(
WorkflowTaskAssignee workflowTaskAssignee, long[] roleIds) {
String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
if (!assigneeClassName.equals(Role.class.getName())) {
return false;
}
if (ArrayUtil.contains(
roleIds, workflowTaskAssignee.getAssigneeClassPK())) {
return true;
}
return false;
}
protected boolean isWorkflowTaskAssignableToUser(
WorkflowTaskAssignee workflowTaskAssignee, long userId) {
String assigneeClassName = workflowTaskAssignee.getAssigneeClassName();
if (!assigneeClassName.equals(User.class.getName())) {
return false;
}
if (workflowTaskAssignee.getAssigneeClassPK() == userId) {
return true;
}
return false;
}
private static final Log _log = LogFactoryUtil.getLog(
WorkflowTaskPermissionChecker.class);
}