001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.model.ResourceConstants;
019    import com.liferay.portal.model.Role;
020    import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl;
021    
022    import java.util.Map;
023    
024    /**
025     * Provides the remote service for adding, granting, and revoking resource
026     * permissions. Its methods include permission checks.
027     *
028     * <p>
029     * Before attempting to read any of the documentation for this class, first read
030     * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an
031     * explanation of scoping.
032     * </p>
033     *
034     * @author Brian Wing Shun Chan
035     */
036    public class ResourcePermissionServiceImpl
037            extends ResourcePermissionServiceBaseImpl {
038    
039            /**
040             * Grants the role permission at the scope to perform the action on
041             * resources of the type. Existing actions are retained.
042             *
043             * <p>
044             * This method cannot be used to grant individual scope permissions, but is
045             * only intended for adding permissions at the company, group, and
046             * group-template scopes. For example, this method could be used to grant a
047             * company scope permission to edit message board posts.
048             * </p>
049             *
050             * <p>
051             * If a company scope permission is granted to resources that the role
052             * already had group scope permissions to, the group scope permissions are
053             * deleted. Likewise, if a group scope permission is granted to resources
054             * that the role already had company scope permissions to, the company scope
055             * permissions are deleted. Be aware that this latter behavior can result in
056             * an overall reduction in permissions for the role.
057             * </p>
058             *
059             * <p>
060             * Depending on the scope, the value of <code>primKey</code> will have
061             * different meanings. For more information, see {@link
062             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
063             * </p>
064             *
065             * @param groupId the primary key of the group
066             * @param companyId the primary key of the company
067             * @param name the resource's name, which can be either a class name or a
068             *        portlet ID
069             * @param scope the scope. This method only supports company, group, and
070             *        group-template scope.
071             * @param primKey the primary key
072             * @param roleId the primary key of the role
073             * @param actionId the action ID
074             */
075            @Override
076            public void addResourcePermission(
077                            long groupId, long companyId, String name, int scope,
078                            String primKey, long roleId, String actionId)
079                    throws PortalException {
080    
081                    permissionService.checkPermission(
082                            groupId, Role.class.getName(), roleId);
083    
084                    resourcePermissionLocalService.addResourcePermission(
085                            companyId, name, scope, primKey, roleId, actionId);
086            }
087    
088            /**
089             * Revokes permission at the scope from the role to perform the action on
090             * resources of the type. For example, this method could be used to revoke a
091             * group scope permission to edit blog posts.
092             *
093             * <p>
094             * Depending on the scope, the value of <code>primKey</code> will have
095             * different meanings. For more information, see {@link
096             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
097             * </p>
098             *
099             * @param groupId the primary key of the group
100             * @param companyId the primary key of the company
101             * @param name the resource's name, which can be either a class name or a
102             *        portlet ID
103             * @param scope the scope
104             * @param primKey the primary key
105             * @param roleId the primary key of the role
106             * @param actionId the action ID
107             */
108            @Override
109            public void removeResourcePermission(
110                            long groupId, long companyId, String name, int scope,
111                            String primKey, long roleId, String actionId)
112                    throws PortalException {
113    
114                    permissionService.checkPermission(
115                            groupId, Role.class.getName(), roleId);
116    
117                    resourcePermissionLocalService.removeResourcePermission(
118                            companyId, name, scope, primKey, roleId, actionId);
119            }
120    
121            /**
122             * Revokes all permissions at the scope from the role to perform the action
123             * on resources of the type. For example, this method could be used to
124             * revoke all individual scope permissions to edit blog posts from site
125             * members.
126             *
127             * @param groupId the primary key of the group
128             * @param companyId the primary key of the company
129             * @param name the resource's name, which can be either a class name or a
130             *        portlet ID
131             * @param scope the scope
132             * @param roleId the primary key of the role
133             * @param actionId the action ID
134             */
135            @Override
136            public void removeResourcePermissions(
137                            long groupId, long companyId, String name, int scope, long roleId,
138                            String actionId)
139                    throws PortalException {
140    
141                    permissionService.checkPermission(
142                            groupId, Role.class.getName(), roleId);
143    
144                    resourcePermissionLocalService.removeResourcePermissions(
145                            companyId, name, scope, roleId, actionId);
146            }
147    
148            /**
149             * Updates the role's permissions at the scope, setting the actions that can
150             * be performed on resources of the type. Existing actions are replaced.
151             *
152             * <p>
153             * This method can be used to set permissions at any scope, but it is
154             * generally only used at the individual scope. For example, it could be
155             * used to set the guest permissions on a blog post.
156             * </p>
157             *
158             * <p>
159             * Depending on the scope, the value of <code>primKey</code> will have
160             * different meanings. For more information, see {@link
161             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
162             * </p>
163             *
164             * @param groupId the primary key of the group
165             * @param companyId the primary key of the company
166             * @param name the resource's name, which can be either a class name or a
167             *        portlet ID
168             * @param primKey the primary key
169             * @param roleId the primary key of the role
170             * @param actionIds the action IDs of the actions
171             */
172            @Override
173            public void setIndividualResourcePermissions(
174                            long groupId, long companyId, String name, String primKey,
175                            long roleId, String[] actionIds)
176                    throws PortalException {
177    
178                    permissionService.checkPermission(groupId, name, primKey);
179    
180                    resourcePermissionLocalService.setResourcePermissions(
181                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
182                            roleId, actionIds);
183            }
184    
185            /**
186             * Updates the role's permissions at the scope, setting the actions that can
187             * be performed on resources of the type. Existing actions are replaced.
188             *
189             * <p>
190             * This method can be used to set permissions at any scope, but it is
191             * generally only used at the individual scope. For example, it could be
192             * used to set the guest permissions on a blog post.
193             * </p>
194             *
195             * <p>
196             * Depending on the scope, the value of <code>primKey</code> will have
197             * different meanings. For more information, see {@link
198             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
199             * </p>
200             *
201             * @param groupId the primary key of the group
202             * @param companyId the primary key of the company
203             * @param name the resource's name, which can be either a class name or a
204             *        portlet ID
205             * @param primKey the primary key
206             * @param roleIdsToActionIds a map of role IDs to action IDs of the actions
207             */
208            @Override
209            public void setIndividualResourcePermissions(
210                            long groupId, long companyId, String name, String primKey,
211                            Map<Long, String[]> roleIdsToActionIds)
212                    throws PortalException {
213    
214                    permissionService.checkPermission(groupId, name, primKey);
215    
216                    resourcePermissionLocalService.setResourcePermissions(
217                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
218                            roleIdsToActionIds);
219            }
220    
221    }