001 /** 002 * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.kernel.exception.SystemException; 019 import com.liferay.portal.model.ResourceConstants; 020 import com.liferay.portal.model.Role; 021 import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl; 022 023 import java.util.Map; 024 025 /** 026 * Manages the creation and upkeep of resource permissions, and provides methods 027 * for granting, revoking, and checking permissions. 028 * 029 * <p> 030 * Before attempting to read any of the documentation for this class, first read 031 * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an 032 * explanation of scoping. 033 * </p> 034 * 035 * @author Brian Wing Shun Chan 036 */ 037 public class ResourcePermissionServiceImpl 038 extends ResourcePermissionServiceBaseImpl { 039 040 /** 041 * Grants the role permission at the scope to perform the action on 042 * resources of the type. Existing actions are retained. 043 * 044 * <p> 045 * This method cannot be used to grant individual scope permissions, but is 046 * only intended for adding permissions at the company, group, and 047 * group-template scopes. For example, this method could be used to grant a 048 * company scope permission to edit message board posts. 049 * </p> 050 * 051 * <p> 052 * If a company scope permission is granted to resources that the role 053 * already had group scope permissions to, the group scope permissions are 054 * deleted. Likewise, if a group scope permission is granted to resources 055 * that the role already had company scope permissions to, the company scope 056 * permissions are deleted. Be aware that this latter behavior can result in 057 * an overall reduction in permissions for the role. 058 * </p> 059 * 060 * <p> 061 * Depending on the scope, the value of <code>primKey</code> will have 062 * different meanings. For more information, see {@link 063 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 064 * </p> 065 * 066 * @param groupId the primary key of the group 067 * @param companyId the primary key of the company 068 * @param name the resource's name, which can be either a class name or a 069 * portlet ID 070 * @param scope the scope. This method only supports company, group, and 071 * group-template scope. 072 * @param primKey the primary key 073 * @param roleId the primary key of the role 074 * @param actionId the action ID 075 * @throws PortalException if the user did not have permission to add 076 * resource permissions, or if scope was set to individual scope or 077 * if a role with the primary key or a resource action with the name 078 * and action ID could not be found 079 * @throws SystemException if a system exception occurred 080 */ 081 public void addResourcePermission( 082 long groupId, long companyId, String name, int scope, 083 String primKey, long roleId, String actionId) 084 throws PortalException, SystemException { 085 086 permissionService.checkPermission( 087 groupId, Role.class.getName(), roleId); 088 089 resourcePermissionLocalService.addResourcePermission( 090 companyId, name, scope, primKey, roleId, actionId); 091 } 092 093 /** 094 * Revokes permission at the scope from the role to perform the action on 095 * resources of the type. For example, this method could be used to revoke a 096 * group scope permission to edit blog posts. 097 * 098 * <p> 099 * Depending on the scope, the value of <code>primKey</code> will have 100 * different meanings. For more information, see {@link 101 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 102 * </p> 103 * 104 * @param groupId the primary key of the group 105 * @param companyId the primary key of the company 106 * @param name the resource's name, which can be either a class name or a 107 * portlet ID 108 * @param scope the scope 109 * @param primKey the primary key 110 * @param roleId the primary key of the role 111 * @param actionId the action ID 112 * @throws PortalException if the user did not have permission to remove 113 * resource permissions, or if a role with the primary key or a 114 * resource action with the name and action ID could not be found 115 * @throws SystemException if a system exception occurred 116 */ 117 public void removeResourcePermission( 118 long groupId, long companyId, String name, int scope, 119 String primKey, long roleId, String actionId) 120 throws PortalException, SystemException { 121 122 permissionService.checkPermission( 123 groupId, Role.class.getName(), roleId); 124 125 resourcePermissionLocalService.removeResourcePermission( 126 companyId, name, scope, primKey, roleId, actionId); 127 } 128 129 /** 130 * Revokes all permissions at the scope from the role to perform the action 131 * on resources of the type. For example, this method could be used to 132 * revoke all individual scope permissions to edit blog posts from site 133 * members. 134 * 135 * @param groupId the primary key of the group 136 * @param companyId the primary key of the company 137 * @param name the resource's name, which can be either a class name or a 138 * portlet ID 139 * @param scope the scope 140 * @param roleId the primary key of the role 141 * @param actionId the action ID 142 * @throws PortalException if the user did not have permission to remove 143 * resource permissions, or if a role with the primary key or a 144 * resource action with the name and action ID could not be found 145 * @throws SystemException if a system exception occurred 146 */ 147 public void removeResourcePermissions( 148 long groupId, long companyId, String name, int scope, long roleId, 149 String actionId) 150 throws PortalException, SystemException { 151 152 permissionService.checkPermission( 153 groupId, Role.class.getName(), roleId); 154 155 resourcePermissionLocalService.removeResourcePermissions( 156 companyId, name, scope, roleId, actionId); 157 } 158 159 /** 160 * Updates the role's permissions at the scope, setting the actions that can 161 * be performed on resources of the type. Existing actions are replaced. 162 * 163 * <p> 164 * This method can be used to set permissions at any scope, but it is 165 * generally only used at the individual scope. For example, it could be 166 * used to set the guest permissions on a blog post. 167 * </p> 168 * 169 * <p> 170 * Depending on the scope, the value of <code>primKey</code> will have 171 * different meanings. For more information, see {@link 172 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 173 * </p> 174 * 175 * @param groupId the primary key of the group 176 * @param companyId the primary key of the company 177 * @param name the resource's name, which can be either a class name or a 178 * portlet ID 179 * @param primKey the primary key 180 * @param roleId the primary key of the role 181 * @param actionIds the action IDs of the actions 182 * @throws PortalException if the user did not have permission to set 183 * resource permissions, or if a role with the primary key or a 184 * resource action with the name and action ID could not be found 185 * @throws SystemException if a system exception occurred 186 */ 187 public void setIndividualResourcePermissions( 188 long groupId, long companyId, String name, String primKey, 189 long roleId, String[] actionIds) 190 throws PortalException, SystemException { 191 192 permissionService.checkPermission(groupId, name, primKey); 193 194 resourcePermissionLocalService.setResourcePermissions( 195 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 196 roleId, actionIds); 197 } 198 199 /** 200 * Updates the role's permissions at the scope, setting the actions that can 201 * be performed on resources of the type. Existing actions are replaced. 202 * 203 * <p> 204 * This method can be used to set permissions at any scope, but it is 205 * generally only used at the individual scope. For example, it could be 206 * used to set the guest permissions on a blog post. 207 * </p> 208 * 209 * <p> 210 * Depending on the scope, the value of <code>primKey</code> will have 211 * different meanings. For more information, see {@link 212 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 213 * </p> 214 * 215 * @param groupId the primary key of the group 216 * @param companyId the primary key of the company 217 * @param name the resource's name, which can be either a class name or a 218 * portlet ID 219 * @param primKey the primary key 220 * @param roleIdsToActionIds a map of role IDs to action IDs of the actions 221 * @throws PortalException if the user did not have permission to set 222 * resource permissions, or if a role with the primary key or a 223 * resource action with the name and action ID could not be found 224 * @throws SystemException if a system exception occurred 225 */ 226 public void setIndividualResourcePermissions( 227 long groupId, long companyId, String name, String primKey, 228 Map<Long, String[]> roleIdsToActionIds) 229 throws PortalException, SystemException { 230 231 permissionService.checkPermission(groupId, name, primKey); 232 233 resourcePermissionLocalService.setResourcePermissions( 234 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 235 roleIdsToActionIds); 236 } 237 238 }