001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.ResourceConstants;
020    import com.liferay.portal.model.Role;
021    import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl;
022    
023    import java.util.Map;
024    
025    /**
026     * Manages the creation and upkeep of resource permissions, and provides methods
027     * for granting, revoking, and checking permissions.
028     *
029     * <p>
030     * Before attempting to read any of the documentation for this class, first read
031     * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an
032     * explanation of scoping.
033     * </p>
034     *
035     * @author Brian Wing Shun Chan
036     */
037    public class ResourcePermissionServiceImpl
038            extends ResourcePermissionServiceBaseImpl {
039    
040            /**
041             * Grants the role permission at the scope to perform the action on
042             * resources of the type. Existing actions are retained.
043             *
044             * <p>
045             * This method cannot be used to grant individual scope permissions, but is
046             * only intended for adding permissions at the company, group, and
047             * group-template scopes. For example, this method could be used to grant a
048             * company scope permission to edit message board posts.
049             * </p>
050             *
051             * <p>
052             * If a company scope permission is granted to resources that the role
053             * already had group scope permissions to, the group scope permissions are
054             * deleted. Likewise, if a group scope permission is granted to resources
055             * that the role already had company scope permissions to, the company scope
056             * permissions are deleted. Be aware that this latter behavior can result in
057             * an overall reduction in permissions for the role.
058             * </p>
059             *
060             * <p>
061             * Depending on the scope, the value of <code>primKey</code> will have
062             * different meanings. For more information, see {@link
063             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
064             * </p>
065             *
066             * @param  groupId the primary key of the group
067             * @param  companyId the primary key of the company
068             * @param  name the resource's name, which can be either a class name or a
069             *         portlet ID
070             * @param  scope the scope. This method only supports company, group, and
071             *         group-template scope.
072             * @param  primKey the primary key
073             * @param  roleId the primary key of the role
074             * @param  actionId the action ID
075             * @throws PortalException if the user did not have permission to add
076             *         resource permissions, or if scope was set to individual scope or
077             *         if a role with the primary key or a resource action with the name
078             *         and action ID could not be found
079             * @throws SystemException if a system exception occurred
080             */
081            public void addResourcePermission(
082                            long groupId, long companyId, String name, int scope,
083                            String primKey, long roleId, String actionId)
084                    throws PortalException, SystemException {
085    
086                    permissionService.checkPermission(
087                            groupId, Role.class.getName(), roleId);
088    
089                    resourcePermissionLocalService.addResourcePermission(
090                            companyId, name, scope, primKey, roleId, actionId);
091            }
092    
093            /**
094             * Revokes permission at the scope from the role to perform the action on
095             * resources of the type. For example, this method could be used to revoke a
096             * group scope permission to edit blog posts.
097             *
098             * <p>
099             * Depending on the scope, the value of <code>primKey</code> will have
100             * different meanings. For more information, see {@link
101             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
102             * </p>
103             *
104             * @param  groupId the primary key of the group
105             * @param  companyId the primary key of the company
106             * @param  name the resource's name, which can be either a class name or a
107             *         portlet ID
108             * @param  scope the scope
109             * @param  primKey the primary key
110             * @param  roleId the primary key of the role
111             * @param  actionId the action ID
112             * @throws PortalException if the user did not have permission to remove
113             *         resource permissions, or if a role with the primary key or a
114             *         resource action with the name and action ID could not be found
115             * @throws SystemException if a system exception occurred
116             */
117            public void removeResourcePermission(
118                            long groupId, long companyId, String name, int scope,
119                            String primKey, long roleId, String actionId)
120                    throws PortalException, SystemException {
121    
122                    permissionService.checkPermission(
123                            groupId, Role.class.getName(), roleId);
124    
125                    resourcePermissionLocalService.removeResourcePermission(
126                            companyId, name, scope, primKey, roleId, actionId);
127            }
128    
129            /**
130             * Revokes all permissions at the scope from the role to perform the action
131             * on resources of the type. For example, this method could be used to
132             * revoke all individual scope permissions to edit blog posts from site
133             * members.
134             *
135             * @param  groupId the primary key of the group
136             * @param  companyId the primary key of the company
137             * @param  name the resource's name, which can be either a class name or a
138             *         portlet ID
139             * @param  scope the scope
140             * @param  roleId the primary key of the role
141             * @param  actionId the action ID
142             * @throws PortalException if the user did not have permission to remove
143             *         resource permissions, or if a role with the primary key or a
144             *         resource action with the name and action ID could not be found
145             * @throws SystemException if a system exception occurred
146             */
147            public void removeResourcePermissions(
148                            long groupId, long companyId, String name, int scope, long roleId,
149                            String actionId)
150                    throws PortalException, SystemException {
151    
152                    permissionService.checkPermission(
153                            groupId, Role.class.getName(), roleId);
154    
155                    resourcePermissionLocalService.removeResourcePermissions(
156                            companyId, name, scope, roleId, actionId);
157            }
158    
159            /**
160             * Updates the role's permissions at the scope, setting the actions that can
161             * be performed on resources of the type. Existing actions are replaced.
162             *
163             * <p>
164             * This method can be used to set permissions at any scope, but it is
165             * generally only used at the individual scope. For example, it could be
166             * used to set the guest permissions on a blog post.
167             * </p>
168             *
169             * <p>
170             * Depending on the scope, the value of <code>primKey</code> will have
171             * different meanings. For more information, see {@link
172             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
173             * </p>
174             *
175             * @param  groupId the primary key of the group
176             * @param  companyId the primary key of the company
177             * @param  name the resource's name, which can be either a class name or a
178             *         portlet ID
179             * @param  primKey the primary key
180             * @param  roleId the primary key of the role
181             * @param  actionIds the action IDs of the actions
182             * @throws PortalException if the user did not have permission to set
183             *         resource permissions, or if a role with the primary key or a
184             *         resource action with the name and action ID could not be found
185             * @throws SystemException if a system exception occurred
186             */
187            public void setIndividualResourcePermissions(
188                            long groupId, long companyId, String name, String primKey,
189                            long roleId, String[] actionIds)
190                    throws PortalException, SystemException {
191    
192                    permissionService.checkPermission(groupId, name, primKey);
193    
194                    resourcePermissionLocalService.setResourcePermissions(
195                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
196                            roleId, actionIds);
197            }
198    
199            /**
200             * Updates the role's permissions at the scope, setting the actions that can
201             * be performed on resources of the type. Existing actions are replaced.
202             *
203             * <p>
204             * This method can be used to set permissions at any scope, but it is
205             * generally only used at the individual scope. For example, it could be
206             * used to set the guest permissions on a blog post.
207             * </p>
208             *
209             * <p>
210             * Depending on the scope, the value of <code>primKey</code> will have
211             * different meanings. For more information, see {@link
212             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
213             * </p>
214             *
215             * @param  groupId the primary key of the group
216             * @param  companyId the primary key of the company
217             * @param  name the resource's name, which can be either a class name or a
218             *         portlet ID
219             * @param  primKey the primary key
220             * @param  roleIdsToActionIds a map of role IDs to action IDs of the actions
221             * @throws PortalException if the user did not have permission to set
222             *         resource permissions, or if a role with the primary key or a
223             *         resource action with the name and action ID could not be found
224             * @throws SystemException if a system exception occurred
225             */
226            public void setIndividualResourcePermissions(
227                            long groupId, long companyId, String name, String primKey,
228                            Map<Long, String[]> roleIdsToActionIds)
229                    throws PortalException, SystemException {
230    
231                    permissionService.checkPermission(groupId, name, primKey);
232    
233                    resourcePermissionLocalService.setResourcePermissions(
234                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
235                            roleIdsToActionIds);
236            }
237    
238    }