001 /** 002 * Copyright (c) 2000-present Liferay, Inc. All rights reserved. 003 * 004 * This library is free software; you can redistribute it and/or modify it under 005 * the terms of the GNU Lesser General Public License as published by the Free 006 * Software Foundation; either version 2.1 of the License, or (at your option) 007 * any later version. 008 * 009 * This library is distributed in the hope that it will be useful, but WITHOUT 010 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 011 * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 012 * details. 013 */ 014 015 package com.liferay.portal.service.impl; 016 017 import com.liferay.portal.kernel.exception.PortalException; 018 import com.liferay.portal.model.ResourceConstants; 019 import com.liferay.portal.model.Role; 020 import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl; 021 022 import java.util.Map; 023 024 /** 025 * Provides the remote service for adding, granting, and revoking resource 026 * permissions. Its methods include permission checks. 027 * 028 * <p> 029 * Before attempting to read any of the documentation for this class, first read 030 * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an 031 * explanation of scoping. 032 * </p> 033 * 034 * @author Brian Wing Shun Chan 035 */ 036 public class ResourcePermissionServiceImpl 037 extends ResourcePermissionServiceBaseImpl { 038 039 /** 040 * Grants the role permission at the scope to perform the action on 041 * resources of the type. Existing actions are retained. 042 * 043 * <p> 044 * This method cannot be used to grant individual scope permissions, but is 045 * only intended for adding permissions at the company, group, and 046 * group-template scopes. For example, this method could be used to grant a 047 * company scope permission to edit message board posts. 048 * </p> 049 * 050 * <p> 051 * If a company scope permission is granted to resources that the role 052 * already had group scope permissions to, the group scope permissions are 053 * deleted. Likewise, if a group scope permission is granted to resources 054 * that the role already had company scope permissions to, the company scope 055 * permissions are deleted. Be aware that this latter behavior can result in 056 * an overall reduction in permissions for the role. 057 * </p> 058 * 059 * <p> 060 * Depending on the scope, the value of <code>primKey</code> will have 061 * different meanings. For more information, see {@link 062 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 063 * </p> 064 * 065 * @param groupId the primary key of the group 066 * @param companyId the primary key of the company 067 * @param name the resource's name, which can be either a class name or a 068 * portlet ID 069 * @param scope the scope. This method only supports company, group, and 070 * group-template scope. 071 * @param primKey the primary key 072 * @param roleId the primary key of the role 073 * @param actionId the action ID 074 */ 075 @Override 076 public void addResourcePermission( 077 long groupId, long companyId, String name, int scope, 078 String primKey, long roleId, String actionId) 079 throws PortalException { 080 081 permissionService.checkPermission( 082 groupId, Role.class.getName(), roleId); 083 084 resourcePermissionLocalService.addResourcePermission( 085 companyId, name, scope, primKey, roleId, actionId); 086 } 087 088 /** 089 * Revokes permission at the scope from the role to perform the action on 090 * resources of the type. For example, this method could be used to revoke a 091 * group scope permission to edit blog posts. 092 * 093 * <p> 094 * Depending on the scope, the value of <code>primKey</code> will have 095 * different meanings. For more information, see {@link 096 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 097 * </p> 098 * 099 * @param groupId the primary key of the group 100 * @param companyId the primary key of the company 101 * @param name the resource's name, which can be either a class name or a 102 * portlet ID 103 * @param scope the scope 104 * @param primKey the primary key 105 * @param roleId the primary key of the role 106 * @param actionId the action ID 107 */ 108 @Override 109 public void removeResourcePermission( 110 long groupId, long companyId, String name, int scope, 111 String primKey, long roleId, String actionId) 112 throws PortalException { 113 114 permissionService.checkPermission( 115 groupId, Role.class.getName(), roleId); 116 117 resourcePermissionLocalService.removeResourcePermission( 118 companyId, name, scope, primKey, roleId, actionId); 119 } 120 121 /** 122 * Revokes all permissions at the scope from the role to perform the action 123 * on resources of the type. For example, this method could be used to 124 * revoke all individual scope permissions to edit blog posts from site 125 * members. 126 * 127 * @param groupId the primary key of the group 128 * @param companyId the primary key of the company 129 * @param name the resource's name, which can be either a class name or a 130 * portlet ID 131 * @param scope the scope 132 * @param roleId the primary key of the role 133 * @param actionId the action ID 134 */ 135 @Override 136 public void removeResourcePermissions( 137 long groupId, long companyId, String name, int scope, long roleId, 138 String actionId) 139 throws PortalException { 140 141 permissionService.checkPermission( 142 groupId, Role.class.getName(), roleId); 143 144 resourcePermissionLocalService.removeResourcePermissions( 145 companyId, name, scope, roleId, actionId); 146 } 147 148 /** 149 * Updates the role's permissions at the scope, setting the actions that can 150 * be performed on resources of the type. Existing actions are replaced. 151 * 152 * <p> 153 * This method can be used to set permissions at any scope, but it is 154 * generally only used at the individual scope. For example, it could be 155 * used to set the guest permissions on a blog post. 156 * </p> 157 * 158 * <p> 159 * Depending on the scope, the value of <code>primKey</code> will have 160 * different meanings. For more information, see {@link 161 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 162 * </p> 163 * 164 * @param groupId the primary key of the group 165 * @param companyId the primary key of the company 166 * @param name the resource's name, which can be either a class name or a 167 * portlet ID 168 * @param primKey the primary key 169 * @param roleId the primary key of the role 170 * @param actionIds the action IDs of the actions 171 */ 172 @Override 173 public void setIndividualResourcePermissions( 174 long groupId, long companyId, String name, String primKey, 175 long roleId, String[] actionIds) 176 throws PortalException { 177 178 permissionService.checkPermission(groupId, name, primKey); 179 180 resourcePermissionLocalService.setResourcePermissions( 181 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 182 roleId, actionIds); 183 } 184 185 /** 186 * Updates the role's permissions at the scope, setting the actions that can 187 * be performed on resources of the type. Existing actions are replaced. 188 * 189 * <p> 190 * This method can be used to set permissions at any scope, but it is 191 * generally only used at the individual scope. For example, it could be 192 * used to set the guest permissions on a blog post. 193 * </p> 194 * 195 * <p> 196 * Depending on the scope, the value of <code>primKey</code> will have 197 * different meanings. For more information, see {@link 198 * com.liferay.portal.model.impl.ResourcePermissionImpl}. 199 * </p> 200 * 201 * @param groupId the primary key of the group 202 * @param companyId the primary key of the company 203 * @param name the resource's name, which can be either a class name or a 204 * portlet ID 205 * @param primKey the primary key 206 * @param roleIdsToActionIds a map of role IDs to action IDs of the actions 207 */ 208 @Override 209 public void setIndividualResourcePermissions( 210 long groupId, long companyId, String name, String primKey, 211 Map<Long, String[]> roleIdsToActionIds) 212 throws PortalException { 213 214 permissionService.checkPermission(groupId, name, primKey); 215 216 resourcePermissionLocalService.setResourcePermissions( 217 companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey, 218 roleIdsToActionIds); 219 } 220 221 }