001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.model.impl;
016    
017    import com.liferay.portal.model.ResourceAction;
018    
019    /**
020     * Stores the actions a role has permission to perform on all resources of the
021     * type within the group/company.
022     *
023     * <p>
024     * Resource type permissions can exist at either company or group scope. They
025     * are roughly equivalent to resource permissions with company, group, or
026     * group-template scope. However, resource type permissions make no distinction
027     * between company and group-template scope, storing both as company scope
028     * permissions. The reason for this simplification is that regular roles cannot
029     * have group-template scope permissions, and site/organization roles can only
030     * have group-template scope permissions. Therefore, resource type permissions
031     * depend on the type of their associated role to distinguish between the two
032     * scopes.
033     * </p>
034     *
035     * <p>
036     * Do not confuse resource type permissions with resource block permissions;
037     * they serve very different purposes. Resource block permissions store the
038     * permissions on a single resource block, and are simply a representation of
039     * who can do what to the resources within the block. Resource type permissions
040     * grant permissions to perform actions on all resources of a type within a
041     * group or company. Any permissions granted to a role with a resource type
042     * permission are automatically added to all the resource blocks for that
043     * resource type within the group/company.
044     * </p>
045     *
046     * <p>
047     * For example, if a company scope resource type permission is granted to a role
048     * to edit blog entries, all the resource blocks within the company for blog
049     * entries are modified to grant the role permission to edit the blog entries
050     * they contain. Thus, granting and revoking resource type permissions will also
051     * cause those same permissions to be granted/revoked at the resource block
052     * permission level.
053     * </p>
054     *
055     * <p>
056     * Copying permissions from the company and group scope to the resource block
057     * scope eliminates the need to check multiple scopes when determining if a role
058     * has permission to perform an action on a resource. All the necessary
059     * information is cached at the most granular level.
060     * </p>
061     *
062     * <p>
063     * Rather than using a separate &quot;scope&quot; attribute as {@linkplain
064     * ResourcePermissionImpl resource permissions} do, company scope resource type
065     * permissions simply have a <code>groupId</code> of <code>0</code>
066     * </p>
067     *
068     * <p>
069     * The type of resource the permission grants access to is specified by the
070     * <code>name</code> attribute, which must be the fully qualified class name of
071     * a model (such as a blog entry).
072     * </p>
073     *
074     * <p>
075     * The <code>actionIds</code> attribute stores the bitwise IDs of all the
076     * actions allowed by this permission.
077     * </p>
078     *
079     * @author Connor McKay
080     */
081    public class ResourceTypePermissionImpl extends ResourceTypePermissionBaseImpl {
082    
083            @Override
084            public boolean hasAction(ResourceAction resourceAction) {
085                    if ((resourceAction != null) &&
086                            ((getActionIds() & resourceAction.getBitwiseValue()) != 0)) {
087    
088                            return true;
089                    }
090    
091                    return false;
092            }
093    
094            @Override
095            public boolean isCompanyScope() {
096                    if (getGroupId() == 0) {
097                            return true;
098                    }
099                    else {
100                            return false;
101                    }
102            }
103    
104            @Override
105            public boolean isGroupScope() {
106                    return !isCompanyScope();
107            }
108    
109    }