001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * The contents of this file are subject to the terms of the Liferay Enterprise
005     * Subscription License ("License"). You may not use this file except in
006     * compliance with the License. You can obtain a copy of the License by
007     * contacting Liferay, Inc. See the License for the specific language governing
008     * permissions and limitations under the License, including but not limited to
009     * distribution rights of the Software.
010     *
011     *
012     *
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.kernel.exception.SystemException;
019    import com.liferay.portal.model.ResourceConstants;
020    import com.liferay.portal.model.Role;
021    import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl;
022    
023    import java.util.Map;
024    
025    /**
026     * Manages the creation and upkeep of resource permissions, and provides
027     * methods for granting, revoking, and checking permissions.
028     *
029     * <p>
030     * Before attempting to read any of the documentation for this class, first
031     * read {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an
032     * explanation of scoping.
033     * </p>
034     *
035     * @author Brian Wing Shun Chan
036     */
037    public class ResourcePermissionServiceImpl
038            extends ResourcePermissionServiceBaseImpl {
039    
040            /**
041             * Grants the role permission at the scope to perform the action on
042             * resources of the type. Existing actions are retained.
043             *
044             * <p>
045             * This method cannot be used to grant individual scope permissions, but is
046             * only intended for adding permissions at the company, group, and
047             * group-template scopes. For example, this method could be used to grant a
048             * company scope permission to edit message board posts.
049             * </p>
050             *
051             * <p>
052             * If a company scope permission is granted to resources that the role
053             * already had group scope permissions to, the group scope permissions are
054             * deleted. Likewise, if a group scope permission is granted to resources
055             * that the role already had company scope permissions to, the company
056             * scope permissions are deleted. Be aware that this latter behavior can
057             * result in an overall reduction in permissions for the role.
058             * </p>
059             *
060             * <p>
061             * Depending on the scope, the value of <code>primKey</code> will have
062             * different meanings. For more information, see {@link
063             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
064             * </p>
065             *
066             * @param  groupId the primary key of the group
067             * @param  companyId the primary key of the company
068             * @param  name the resource's name, which can be either a class name or a
069             *         portlet ID
070             * @param  scope the scope. This method only supports company, group, and
071             *         group-template scope.
072             * @param  primKey the primary key
073             * @param  roleId the primary key of the role
074             * @param  actionId the action ID
075             * @throws PortalException if the user did not have permission to add
076             *         resource permissions, or if scope was set to individual scope or
077             *         if a role with the primary key or a resource action with the
078             *         name and action ID could not be found
079             * @throws SystemException if a system exception occurred
080             */
081            public void addResourcePermission(
082                            long groupId, long companyId, String name, int scope,
083                            String primKey, long roleId, String actionId)
084                    throws PortalException, SystemException {
085    
086                    permissionService.checkPermission(
087                            groupId, Role.class.getName(), roleId);
088    
089                    resourcePermissionLocalService.addResourcePermission(
090                            companyId, name, scope, primKey, roleId, actionId);
091            }
092    
093            /**
094             * Revokes permission at the scope from the role to perform the action on
095             * resources of the type. For example, this method could be used to revoke
096             * a group scope permission to edit blog posts.
097             *
098             * <p>
099             * Depending on the scope, the value of <code>primKey</code> will have
100             * different meanings. For more information, see {@link
101             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
102             * </p>
103             *
104             * @param  groupId the primary key of the group
105             * @param  companyId the primary key of the company
106             * @param  name the resource's name, which can be either a class name or a
107             *         portlet ID
108             * @param  scope the scope
109             * @param  primKey the primary key
110             * @param  roleId the primary key of the role
111             * @param  actionId the action ID
112             * @throws PortalException if the user did not have permission to remove
113             *         resource permissions, or if a role with the primary key or a
114             *         resource action with the name and action ID could not be found
115             * @throws SystemException if a system exception occurred
116             */
117            public void removeResourcePermission(
118                            long groupId, long companyId, String name, int scope,
119                            String primKey, long roleId, String actionId)
120                    throws PortalException, SystemException {
121    
122                    permissionService.checkPermission(
123                            groupId, Role.class.getName(), roleId);
124    
125                    resourcePermissionLocalService.removeResourcePermission(
126                            companyId, name, scope, primKey, roleId, actionId);
127            }
128    
129            /**
130             * Revokes all permissions at the scope from the role to perform the action
131             * on resources of the type. For example, this method could be used to
132             * revoke all individual scope permissions to edit blog posts from site
133             * members.
134             *
135             * @param  groupId the primary key of the group
136             * @param  companyId the primary key of the company
137             * @param  name the resource's name, which can be either a class name or a
138             *         portlet ID
139             * @param  scope the scope
140             * @param  roleId the primary key of the role
141             * @param  actionId the action ID
142             * @throws PortalException if the user did not have permission to remove
143             *         resource permissions, or if a role with the primary key or a
144             *         resource action with the name and action ID could not be found
145             * @throws SystemException if a system exception occurred
146             */
147            public void removeResourcePermissions(
148                            long groupId, long companyId, String name, int scope, long roleId,
149                            String actionId)
150                    throws PortalException, SystemException {
151    
152                    permissionService.checkPermission(
153                            groupId, Role.class.getName(), roleId);
154    
155                    resourcePermissionLocalService.removeResourcePermissions(
156                            companyId, name, scope, roleId, actionId);
157            }
158    
159            /**
160             * Updates the role's permissions at the scope, setting the actions that
161             * can be performed on resources of the type. Existing actions are
162             * replaced.
163             *
164             * <p>
165             * This method can be used to set permissions at any scope, but it is
166             * generally only used at the individual scope. For example, it could be
167             * used to set the guest permissions on a blog post.
168             * </p>
169             *
170             * <p>
171             * Depending on the scope, the value of <code>primKey</code> will have
172             * different meanings. For more information, see {@link
173             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
174             * </p>
175             *
176             * @param  groupId the primary key of the group
177             * @param  companyId the primary key of the company
178             * @param  name the resource's name, which can be either a class name or a
179             *         portlet ID
180             * @param  primKey the primary key
181             * @param  roleId the primary key of the role
182             * @param  actionIds the action IDs of the actions
183             * @throws PortalException if the user did not have permission to set
184             *         resource permissions, or if a role with the primary key or a
185             *         resource action with the name and action ID could not be found
186             * @throws SystemException if a system exception occurred
187             */
188            public void setIndividualResourcePermissions(
189                            long groupId, long companyId, String name, String primKey,
190                            long roleId, String[] actionIds)
191                    throws PortalException, SystemException {
192    
193                    permissionService.checkPermission(groupId, name, primKey);
194    
195                    resourcePermissionLocalService.setResourcePermissions(
196                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
197                            roleId, actionIds);
198            }
199    
200            /**
201             * Updates the role's permissions at the scope, setting the actions that
202             * can be performed on resources of the type. Existing actions are
203             * replaced.
204             *
205             * <p>
206             * This method can be used to set permissions at any scope, but it is
207             * generally only used at the individual scope. For example, it could be
208             * used to set the guest permissions on a blog post.
209             * </p>
210             *
211             * <p>
212             * Depending on the scope, the value of <code>primKey</code> will have
213             * different meanings. For more information, see {@link
214             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
215             * </p>
216             *
217             * @param  groupId the primary key of the group
218             * @param  companyId the primary key of the company
219             * @param  name the resource's name, which can be either a class name or a
220             *         portlet ID
221             * @param  primKey the primary key
222             * @param  roleIdsToActionIds a map of role IDs to action IDs of the
223             *         actions
224             * @throws PortalException if the user did not have permission to set
225             *         resource permissions, or if a role with the primary key or a
226             *         resource action with the name and action ID could not be found
227             * @throws SystemException if a system exception occurred
228             */
229            public void setIndividualResourcePermissions(
230                            long groupId, long companyId, String name, String primKey,
231                            Map<Long, String[]> roleIdsToActionIds)
232                    throws PortalException, SystemException {
233    
234                    permissionService.checkPermission(groupId, name, primKey);
235    
236                    resourcePermissionLocalService.setResourcePermissions(
237                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
238                            roleIdsToActionIds);
239            }
240    
241    }