Interface UserGroupMembershipPolicy

All Known Implementing Classes:
BaseUserGroupMembershipPolicy, DummyUserGroupMembershipPolicy

public interface UserGroupMembershipPolicy
Provides the User Group Membership Policy interface, allowing customization of user membership regarding user groups.

User Group Membership Policies define the user groups a user is allowed to be a member of and the user groups the user must be a member of.

An implementation may include any number of rules and actions to enforce those rules. The implementation may include rules and actions like the following:

  • If a user doesn't have the custom attribute A, he cannot be assigned to user group B.
  • If the user is added to user group A, he will automatically be added to user group B.
  • The user must have the Administrator Role in order to be added to user group "Admin User Group".

Liferay's core services invoke checkMembership(long[], long[], long[]) to detect policy violations before adding the users to and removing the users from the user groups. On passing the check, the service proceeds with the changes and propagates appropriate related actions in the portal by invoking propagateMembership(long[], long[], long[]). On failing the check, the service foregoes making the changes. For example, Liferay executes this logic when adding and updating user groups, adding and removing users with respect to user groups.

Liferay's UI calls the "is*" methods, such as isMembershipAllowed(long, long), to determine appropriate options to display to the user. For example, the UI calls isMembershipAllowed(long, long) to decide whether to enable the checkbox for adding the user to the user group.

Author:
Roberto Díaz, Sergio González
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    checkMembership(long[] userIds, long[] addUserGroupIds, long[] removeUserGroupIds)
    Checks if the users can be added to and removed from the respective user groups.
    boolean
    isMembershipAllowed(long userId, long userGroupId)
    Returns true if the user can be added to the user group.
    boolean
    isMembershipRequired(long userId, long userGroupId)
    Returns true if user group membership for the user is mandatory.
    void
    propagateMembership(long[] userIds, long[] addUserGroupIds, long[] removeUserGroupIds)
    Performs membership policy related actions after the users are added to and removed from the respective user groups.
    void
    Checks the integrity of the membership policy of each of the portal's user groups and performs operations necessary for the compliance of each user group.
    void
    Checks the integrity of the membership policy of the user group and performs operations necessary for the user group's compliance.
    void
    verifyPolicy(UserGroup userGroup, UserGroup oldUserGroup, Map<String,Serializable> oldExpandoAttributes)
    Checks the integrity of the membership policy of the user group, with respect to the user group's new attribute values and expando attributes, and performs operations necessary for the compliance of the user group.
  • Method Details

    • checkMembership

      void checkMembership(long[] userIds, long[] addUserGroupIds, long[] removeUserGroupIds) throws PortalException
      Checks if the users can be added to and removed from the respective user groups.

      Liferay's core services call this method before adding the users to and removing the users from the respective user groups. If this method throws an exception, the service foregoes making the changes.

      Parameters:
      userIds - the primary keys of the users to be added and removed from the user groups
      addUserGroupIds - the primary keys of the user groups to which the users are to be added (optionally null)
      removeUserGroupIds - the primary keys of the user groups from which the users are to be removed (optionally null)
      Throws:
      PortalException
    • isMembershipAllowed

      boolean isMembershipAllowed(long userId, long userGroupId) throws PortalException
      Returns true if the user can be added to the user group. Liferay's UI calls this method.
      Parameters:
      userId - the primary key of the user
      userGroupId - the primary key of the user group
      Returns:
      true if the user can be added to the user group; false otherwise
      Throws:
      PortalException
    • isMembershipRequired

      boolean isMembershipRequired(long userId, long userGroupId) throws PortalException
      Returns true if user group membership for the user is mandatory. Liferay's UI, for example, calls this method in deciding whether the checkbox to select the user group will be enable.
      Parameters:
      userId - the primary key of the user
      userGroupId - the primary key of the user group
      Returns:
      true if user group membership for the user is mandatory; false otherwise
      Throws:
      PortalException
    • propagateMembership

      void propagateMembership(long[] userIds, long[] addUserGroupIds, long[] removeUserGroupIds) throws PortalException
      Performs membership policy related actions after the users are added to and removed from the respective user groups. Liferay's core services call this method after adding and removing the users to and from the respective user groups.

      The actions must ensure the integrity of each user group's membership policy. For example, some actions for implementations to consider performing are:

      • If a user is added to user group A, he should be added to user group B too.
      • If a user is removed from user group A, he should be removed from user group B too.
      Parameters:
      userIds - the primary key of the users to be added or removed
      addUserGroupIds - the primary keys of the user groups to which the users were added (optionally null)
      removeUserGroupIds - the primary keys of the user groups from which the users were removed (optionally null)
      Throws:
      PortalException
    • verifyPolicy

      void verifyPolicy() throws PortalException
      Checks the integrity of the membership policy of each of the portal's user groups and performs operations necessary for the compliance of each user group. This method can be triggered manually from the Control Panel. If the membership.policy.auto.verify portal property is true this method is triggered when starting Liferay and every time a membership policy hook is deployed.
      Throws:
      PortalException
    • verifyPolicy

      void verifyPolicy(UserGroup userGroup) throws PortalException
      Checks the integrity of the membership policy of the user group and performs operations necessary for the user group's compliance.
      Parameters:
      userGroup - the user group to verify
      Throws:
      PortalException
    • verifyPolicy

      void verifyPolicy(UserGroup userGroup, UserGroup oldUserGroup, Map<String,Serializable> oldExpandoAttributes) throws PortalException
      Checks the integrity of the membership policy of the user group, with respect to the user group's new attribute values and expando attributes, and performs operations necessary for the compliance of the user group. Liferay calls this method when adding and updating user groups.

      The actions must ensure the integrity of the user group's membership policy based on what has changed in the user group's attribute values and expando attributes.

      For example, if the membership policy is that user groups with the expando attribute A should only allow administrators, then this method could enforce that policy using the following logic:

      • If the oldExpandoAttributes include the expando attribute A and the new expando attributes include it too, then no action needs to be performed regarding the policy. Note, the new expando attributes can be obtained by calling assetTagLocalService.getTags(Group.class.getName(), group.getGroupId());.
      • If the oldExpandoAttributes include the expando attribute A and the new expando attributes don't include it, then no action needs to be performed regarding the policy, as non-administrator users need not be removed.
      • However, if the oldExpandoAttributes don't include the expando attribute A and the new expando attributes include it, any user group user that does not have the Administrator role must be removed from the user group.
      Parameters:
      userGroup - the added or updated user group to verify
      oldUserGroup - the old user group
      oldExpandoAttributes - the old expando attributes
      Throws:
      PortalException