001 /** 002 * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved. 003 * 004 * The contents of this file are subject to the terms of the Liferay Enterprise 005 * Subscription License ("License"). You may not use this file except in 006 * compliance with the License. You can obtain a copy of the License by 007 * contacting Liferay, Inc. See the License for the specific language governing 008 * permissions and limitations under the License, including but not limited to 009 * distribution rights of the Software. 010 * 011 * 012 * 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.kernel.exception.SystemException; 019 import com.liferay.portal.model.ResourceConstants; 020 import com.liferay.portal.model.Role; 021 import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl; 022 023 import java.util.Map; 024 025 /** 026 * Manages the creation and upkeep of resource permissions, and provides 027 * methods for granting, revoking, and checking permissions. 028 * 029 * <p> 030 * Before attempting to read any of the documentation for this class, first 031 * read {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an 032 * explanation of scoping. 033 * </p> 034 * 035 * @author Brian Wing Shun Chan 036 */ 037 public class ResourcePermissionServiceImpl 038 extends ResourcePermissionServiceBaseImpl { 039 040 /** 041 * Grants the role permission at the scope to perform the action on 042 * resources of the type. Existing actions are retained. 043 * 044 * <p> 045 * This method cannot be used to grant individual scope permissions, but is 046 * only intended for adding permissions at the company, group, and 047 * group-template scopes. For example, this method could be used to grant a 048 * company scope permission to edit message board posts. 049 * </p> 050 * 051 * <p> 052 * If a company scope permission is granted to resources that the role 053 * already had group scope permissions to, the group scope permissions are 054 * deleted. Likewise, if a group scope permission is granted to resources 055 * that the role already had company scope permissions to, the company 056 * scope permissions are deleted. Be aware that this latter behavior can 057 * result in an overall reduction in permissions for the role. 058 * </p> 059 * 060 * <p> 061 * Depending on the scope, the value of <code>primKey</code> will have 062 * different meanings. For more information, see {@link 063 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 064 * </p> 065 * 066 * @param groupId the primary key of the group 067 * @param companyId the primary key of the company 068 * @param name the resource's name, which can be either a class name or a 069 * portlet ID 070 * @param scope the scope. This method only supports company, group, and 071 * group-template scope. 072 * @param primKey the primary key 073 * @param roleId the primary key of the role 074 * @param actionId the action ID 075 * @throws PortalException if the user did not have permission to add 076 * resource permissions, or if scope was set to individual scope or 077 * if a role with the primary key or a resource action with the 078 * name and action ID could not be found 079 * @throws SystemException if a system exception occurred 080 */ 081 public void addResourcePermission( 082 long groupId, long companyId, String name, int scope, 083 String primKey, long roleId, String actionId) 084 throws PortalException, SystemException { 085 086 permissionService.checkPermission( 087 groupId, Role.class.getName(), roleId); 088 089 resourcePermissionLocalService.addResourcePermission( 090 companyId, name, scope, primKey, roleId, actionId); 091 } 092 093 /** 094 * Revokes permission at the scope from the role to perform the action on 095 * resources of the type. For example, this method could be used to revoke 096 * a group scope permission to edit blog posts. 097 * 098 * <p> 099 * Depending on the scope, the value of <code>primKey</code> will have 100 * different meanings. For more information, see {@link 101 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 102 * </p> 103 * 104 * @param groupId the primary key of the group 105 * @param companyId the primary key of the company 106 * @param name the resource's name, which can be either a class name or a 107 * portlet ID 108 * @param scope the scope 109 * @param primKey the primary key 110 * @param roleId the primary key of the role 111 * @param actionId the action ID 112 * @throws PortalException if the user did not have permission to remove 113 * resource permissions, or if a role with the primary key or a 114 * resource action with the name and action ID could not be found 115 * @throws SystemException if a system exception occurred 116 */ 117 public void removeResourcePermission( 118 long groupId, long companyId, String name, int scope, 119 String primKey, long roleId, String actionId) 120 throws PortalException, SystemException { 121 122 permissionService.checkPermission( 123 groupId, Role.class.getName(), roleId); 124 125 resourcePermissionLocalService.removeResourcePermission( 126 companyId, name, scope, primKey, roleId, actionId); 127 } 128 129 /** 130 * Revokes all permissions at the scope from the role to perform the action 131 * on resources of the type. For example, this method could be used to 132 * revoke all individual scope permissions to edit blog posts from site 133 * members. 134 * 135 * @param groupId the primary key of the group 136 * @param companyId the primary key of the company 137 * @param name the resource's name, which can be either a class name or a 138 * portlet ID 139 * @param scope the scope 140 * @param roleId the primary key of the role 141 * @param actionId the action ID 142 * @throws PortalException if the user did not have permission to remove 143 * resource permissions, or if a role with the primary key or a 144 * resource action with the name and action ID could not be found 145 * @throws SystemException if a system exception occurred 146 */ 147 public void removeResourcePermissions( 148 long groupId, long companyId, String name, int scope, long roleId, 149 String actionId) 150 throws PortalException, SystemException { 151 152 permissionService.checkPermission( 153 groupId, Role.class.getName(), roleId); 154 155 resourcePermissionLocalService.removeResourcePermissions( 156 companyId, name, scope, roleId, actionId); 157 } 158 159 /** 160 * Updates the role's permissions at the scope, setting the actions that 161 * can be performed on resources of the type. Existing actions are 162 * replaced. 163 * 164 * <p> 165 * This method can be used to set permissions at any scope, but it is 166 * generally only used at the individual scope. For example, it could be 167 * used to set the guest permissions on a blog post. 168 * </p> 169 * 170 * <p> 171 * Depending on the scope, the value of <code>primKey</code> will have 172 * different meanings. For more information, see {@link 173 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 174 * </p> 175 * 176 * @param groupId the primary key of the group 177 * @param companyId the primary key of the company 178 * @param name the resource's name, which can be either a class name or a 179 * portlet ID 180 * @param primKey the primary key 181 * @param roleId the primary key of the role 182 * @param actionIds the action IDs of the actions 183 * @throws PortalException if the user did not have permission to set 184 * resource permissions, or if a role with the primary key or a 185 * resource action with the name and action ID could not be found 186 * @throws SystemException if a system exception occurred 187 */ 188 public void setIndividualResourcePermissions( 189 long groupId, long companyId, String name, String primKey, 190 long roleId, String[] actionIds) 191 throws PortalException, SystemException { 192 193 permissionService.checkPermission(groupId, name, primKey); 194 195 resourcePermissionLocalService.setResourcePermissions( 196 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 197 roleId, actionIds); 198 } 199 200 /** 201 * Updates the role's permissions at the scope, setting the actions that 202 * can be performed on resources of the type. Existing actions are 203 * replaced. 204 * 205 * <p> 206 * This method can be used to set permissions at any scope, but it is 207 * generally only used at the individual scope. For example, it could be 208 * used to set the guest permissions on a blog post. 209 * </p> 210 * 211 * <p> 212 * Depending on the scope, the value of <code>primKey</code> will have 213 * different meanings. For more information, see {@link 214 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 215 * </p> 216 * 217 * @param groupId the primary key of the group 218 * @param companyId the primary key of the company 219 * @param name the resource's name, which can be either a class name or a 220 * portlet ID 221 * @param primKey the primary key 222 * @param roleIdsToActionIds a map of role IDs to action IDs of the 223 * actions 224 * @throws PortalException if the user did not have permission to set 225 * resource permissions, or if a role with the primary key or a 226 * resource action with the name and action ID could not be found 227 * @throws SystemException if a system exception occurred 228 */ 229 public void setIndividualResourcePermissions( 230 long groupId, long companyId, String name, String primKey, 231 Map<Long, String[]> roleIdsToActionIds) 232 throws PortalException, SystemException { 233 234 permissionService.checkPermission(groupId, name, primKey); 235 236 resourcePermissionLocalService.setResourcePermissions( 237 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 238 roleIdsToActionIds); 239 } 240 241 }