001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.service.impl;
016    
017    import com.liferay.portal.kernel.exception.PortalException;
018    import com.liferay.portal.model.ResourceConstants;
019    import com.liferay.portal.model.Role;
020    import com.liferay.portal.service.base.ResourcePermissionServiceBaseImpl;
021    
022    import java.util.Map;
023    
024    /**
025     * Provides the remote service for adding, granting, and revoking resource
026     * permissions. Its methods include permission checks.
027     *
028     * <p>
029     * Before attempting to read any of the documentation for this class, first read
030     * {@link com.liferay.portal.model.impl.ResourcePermissionImpl} for an
031     * explanation of scoping.
032     * </p>
033     *
034     * @author Brian Wing Shun Chan
035     */
036    public class ResourcePermissionServiceImpl
037            extends ResourcePermissionServiceBaseImpl {
038    
039            /**
040             * Grants the role permission at the scope to perform the action on
041             * resources of the type. Existing actions are retained.
042             *
043             * <p>
044             * This method cannot be used to grant individual scope permissions, but is
045             * only intended for adding permissions at the company, group, and
046             * group-template scopes. For example, this method could be used to grant a
047             * company scope permission to edit message board posts.
048             * </p>
049             *
050             * <p>
051             * If a company scope permission is granted to resources that the role
052             * already had group scope permissions to, the group scope permissions are
053             * deleted. Likewise, if a group scope permission is granted to resources
054             * that the role already had company scope permissions to, the company scope
055             * permissions are deleted. Be aware that this latter behavior can result in
056             * an overall reduction in permissions for the role.
057             * </p>
058             *
059             * <p>
060             * Depending on the scope, the value of <code>primKey</code> will have
061             * different meanings. For more information, see {@link
062             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
063             * </p>
064             *
065             * @param  groupId the primary key of the group
066             * @param  companyId the primary key of the company
067             * @param  name the resource's name, which can be either a class name or a
068             *         portlet ID
069             * @param  scope the scope. This method only supports company, group, and
070             *         group-template scope.
071             * @param  primKey the primary key
072             * @param  roleId the primary key of the role
073             * @param  actionId the action ID
074             * @throws PortalException if the user did not have permission to add
075             *         resource permissions, or if scope was set to individual scope or
076             *         if a role with the primary key or a resource action with the name
077             *         and action ID could not be found
078             */
079            @Override
080            public void addResourcePermission(
081                            long groupId, long companyId, String name, int scope,
082                            String primKey, long roleId, String actionId)
083                    throws PortalException {
084    
085                    permissionService.checkPermission(
086                            groupId, Role.class.getName(), roleId);
087    
088                    resourcePermissionLocalService.addResourcePermission(
089                            companyId, name, scope, primKey, roleId, actionId);
090            }
091    
092            /**
093             * Revokes permission at the scope from the role to perform the action on
094             * resources of the type. For example, this method could be used to revoke a
095             * group scope permission to edit blog posts.
096             *
097             * <p>
098             * Depending on the scope, the value of <code>primKey</code> will have
099             * different meanings. For more information, see {@link
100             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
101             * </p>
102             *
103             * @param  groupId the primary key of the group
104             * @param  companyId the primary key of the company
105             * @param  name the resource's name, which can be either a class name or a
106             *         portlet ID
107             * @param  scope the scope
108             * @param  primKey the primary key
109             * @param  roleId the primary key of the role
110             * @param  actionId the action ID
111             * @throws PortalException if the user did not have permission to remove
112             *         resource permissions, or if a role with the primary key or a
113             *         resource action with the name and action ID could not be found
114             */
115            @Override
116            public void removeResourcePermission(
117                            long groupId, long companyId, String name, int scope,
118                            String primKey, long roleId, String actionId)
119                    throws PortalException {
120    
121                    permissionService.checkPermission(
122                            groupId, Role.class.getName(), roleId);
123    
124                    resourcePermissionLocalService.removeResourcePermission(
125                            companyId, name, scope, primKey, roleId, actionId);
126            }
127    
128            /**
129             * Revokes all permissions at the scope from the role to perform the action
130             * on resources of the type. For example, this method could be used to
131             * revoke all individual scope permissions to edit blog posts from site
132             * members.
133             *
134             * @param  groupId the primary key of the group
135             * @param  companyId the primary key of the company
136             * @param  name the resource's name, which can be either a class name or a
137             *         portlet ID
138             * @param  scope the scope
139             * @param  roleId the primary key of the role
140             * @param  actionId the action ID
141             * @throws PortalException if the user did not have permission to remove
142             *         resource permissions, or if a role with the primary key or a
143             *         resource action with the name and action ID could not be found
144             */
145            @Override
146            public void removeResourcePermissions(
147                            long groupId, long companyId, String name, int scope, long roleId,
148                            String actionId)
149                    throws PortalException {
150    
151                    permissionService.checkPermission(
152                            groupId, Role.class.getName(), roleId);
153    
154                    resourcePermissionLocalService.removeResourcePermissions(
155                            companyId, name, scope, roleId, actionId);
156            }
157    
158            /**
159             * Updates the role's permissions at the scope, setting the actions that can
160             * be performed on resources of the type. Existing actions are replaced.
161             *
162             * <p>
163             * This method can be used to set permissions at any scope, but it is
164             * generally only used at the individual scope. For example, it could be
165             * used to set the guest permissions on a blog post.
166             * </p>
167             *
168             * <p>
169             * Depending on the scope, the value of <code>primKey</code> will have
170             * different meanings. For more information, see {@link
171             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
172             * </p>
173             *
174             * @param  groupId the primary key of the group
175             * @param  companyId the primary key of the company
176             * @param  name the resource's name, which can be either a class name or a
177             *         portlet ID
178             * @param  primKey the primary key
179             * @param  roleId the primary key of the role
180             * @param  actionIds the action IDs of the actions
181             * @throws PortalException if the user did not have permission to set
182             *         resource permissions, or if a role with the primary key or a
183             *         resource action with the name and action ID could not be found
184             */
185            @Override
186            public void setIndividualResourcePermissions(
187                            long groupId, long companyId, String name, String primKey,
188                            long roleId, String[] actionIds)
189                    throws PortalException {
190    
191                    permissionService.checkPermission(groupId, name, primKey);
192    
193                    resourcePermissionLocalService.setResourcePermissions(
194                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
195                            roleId, actionIds);
196            }
197    
198            /**
199             * Updates the role's permissions at the scope, setting the actions that can
200             * be performed on resources of the type. Existing actions are replaced.
201             *
202             * <p>
203             * This method can be used to set permissions at any scope, but it is
204             * generally only used at the individual scope. For example, it could be
205             * used to set the guest permissions on a blog post.
206             * </p>
207             *
208             * <p>
209             * Depending on the scope, the value of <code>primKey</code> will have
210             * different meanings. For more information, see {@link
211             * com.liferay.portal.model.impl.ResourcePermissionImpl}.
212             * </p>
213             *
214             * @param  groupId the primary key of the group
215             * @param  companyId the primary key of the company
216             * @param  name the resource's name, which can be either a class name or a
217             *         portlet ID
218             * @param  primKey the primary key
219             * @param  roleIdsToActionIds a map of role IDs to action IDs of the actions
220             * @throws PortalException if the user did not have permission to set
221             *         resource permissions, or if a role with the primary key or a
222             *         resource action with the name and action ID could not be found
223             */
224            @Override
225            public void setIndividualResourcePermissions(
226                            long groupId, long companyId, String name, String primKey,
227                            Map<Long, String[]> roleIdsToActionIds)
228                    throws PortalException {
229    
230                    permissionService.checkPermission(groupId, name, primKey);
231    
232                    resourcePermissionLocalService.setResourcePermissions(
233                            companyId, name, ResourceConstants.SCOPE_INDIVIDUAL, primKey,
234                            roleIdsToActionIds);
235            }
236    
237    }