List of usage examples for com.liferay.portal.kernel.security.membershippolicy OrganizationMembershipPolicyUtil isRoleProtected
public static boolean isRoleProtected(PermissionChecker permissionChecker, long userId, long organizationId, long roleId) throws PortalException
From source file:eu.gerhards.liferay.services.angular.service.impl.AngularRoleServiceImpl.java
License:Open Source License
public List<UserGroupRole> checkUserGroupRoles(long userId, List<UserGroupRole> userGroupRoles) throws PortalException { List<UserGroupRole> oldUserGroupRoles = null; PermissionChecker permissionChecker = getPermissionChecker(); if (userId != CompanyConstants.SYSTEM) { // Add back any user group roles that the administrator does not // have the rights to remove or that have a mandatory membership User user = UserLocalServiceUtil.getUser(userId); List<UserGroup> userGroups = user.getUserGroups(); for (UserGroup userGroup : userGroups) { List<UserGroupRole> roles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId, userGroup.getUserGroupId()); oldUserGroupRoles.addAll(roles); }//from w w w.ja v a 2 s .c o m for (UserGroupRole oldUserGroupRole : oldUserGroupRoles) { Role role = oldUserGroupRole.getRole(); Group group = oldUserGroupRole.getGroup(); if (userGroupRoles.contains(oldUserGroupRole)) { continue; } if (role.getType() == RoleConstants.TYPE_ORGANIZATION) { Organization organization = OrganizationLocalServiceUtil .getOrganization(group.getOrganizationId()); if (!UserGroupRolePermissionUtil.contains(permissionChecker, group, role) || OrganizationMembershipPolicyUtil.isRoleProtected(getPermissionChecker(), userId, organization.getOrganizationId(), role.getRoleId()) || OrganizationMembershipPolicyUtil.isRoleRequired(userId, organization.getOrganizationId(), role.getRoleId())) { userGroupRoles.add(oldUserGroupRole); } } else if (role.getType() == RoleConstants.TYPE_SITE) { if (!userGroupRoles.contains(oldUserGroupRole) && (!UserGroupRolePermissionUtil.contains(permissionChecker, group, role) || SiteMembershipPolicyUtil.isRoleProtected(getPermissionChecker(), userId, group.getGroupId(), role.getRoleId()) || SiteMembershipPolicyUtil.isRoleRequired(userId, group.getGroupId(), role.getRoleId()))) { userGroupRoles.add(oldUserGroupRole); } } } } // Check that the administrator has the permission to add a new user // group role and that the user group role membership is allowed for (UserGroupRole userGroupRole : userGroupRoles) { if ((oldUserGroupRoles == null) || !oldUserGroupRoles.contains(userGroupRole)) { UserGroupRolePermissionUtil.check(permissionChecker, userGroupRole.getGroupId(), userGroupRole.getRoleId()); } } return userGroupRoles; }